Google Git
Sign in
chromium / chromium / src / e5ec77c5c2a65b2cad01506faecd9bca61f1dbc4
commite5ec77c5c2a65b2cad01506faecd9bca61f1dbc4[log] [tgz]
authorthefrog <thefrog@chromium.org>Thu Feb 02 01:09:00 2023
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Feb 02 01:09:00 2023
tree15f7c92dd99a6cb212304139d3c337ce54ad2016
parent89990a9ca8cb82e0eb990bca52900e1de2a705e1 [diff]
Filter out experiment results that wouldn't warn user even if unsafe

Even if the threat type of a lookup response is unsafe, a warning may
still not be shown (e.g. prefetch, already bypassed site, etc.). For
these cases, we generally avoid including them in the logged results of
the experiment. When there are redirects, we still log results if some
but not all of them match this case, but we do so under a different
histogram prefix to allow segmenting.

Implementation details:
 - The code refers to this case as whether a check is "eligible".
 - SafeBrowsingLookupMechanismExperimenter will not complete the
experiment until it has received information for every CheckToRun about
its eligibility.
 - These checks are performed after the experiment completes but before
a warning is shown (if relevant). This is because 1) we still want the
experiment to run so that the different mechanisms can cache the results
for later reuse, and 2) one of the criteria (IsAllowlisted) can be
modified once the warning is shown, so we must check it before that.
 - Most of the ineligibility matching criteria must be performed on the
UI thread, whereas the experiment runs on the IO thread.
 - When there are redirects, it is possible for some of the requests to
be eligible while some are not. This can happen if one of the requests
is for a site that was already bypassed, or if the tab disappears
partway through the experiment but late enough that it doesn’t cancel
it. In these cases, we still log the experiment results. We also add a
log to track how often this is occurring, since we expect it is
infrequent.

Bug: 1392144

Change-Id: I9a52c54504adb5b4e4403ac4eae510f1d8781c16
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4195319
Commit-Queue: thefrog <thefrog@chromium.org>
Reviewed-by: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Xinghui Lu <xinghuilu@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Ali Juma <ajuma@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1100212}
21 files changed
tree: 15f7c92dd99a6cb212304139d3c337ce54ad2016
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. weblayer/
  51. .clang-format
  52. .clang-tidy
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .mailmap
  59. .rustfmt.toml
  60. .vpython3
  61. .yapfignore
  62. ATL_OWNERS
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. LICENSE
  70. LICENSE.chromium_os
  71. OWNERS
  72. PRESUBMIT.py
  73. PRESUBMIT_test.py
  74. PRESUBMIT_test_mocks.py
  75. README.md
  76. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.