nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/toolkit/components/antitracking/ContentBlockingLog.cpp
Tim Huang ef2c6c9ebc Bug 1863280 - Part 2: Adding STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING to ContentBlockingLog. r=pbz,anti-tracking-reviewers 
To record whether we have detected suspicious fingerprinting activities
to the ContentBlockingLog, we introduce a new ContentBlockingLog event
called STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING.

Whenever a fingerprinting content blocking event gets recorded under an
origin, we check if this origin is conducting suspicious fingerprinting
activites. Then, we store this fact under the origin entry and notify
the STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING event to indicate that there
is a suspicous fingerprinitng activity happening.

I need to move ContentBlockingLog::RecordLogInternal() from header to
cpp file to avoid include file dependency issue.

Differential Revision: https://phabricator.services.mozilla.com/D193454
2023-11-16 00:22:46 +00:00

512 lines
18 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "AntiTrackingLog.h"
#include "ContentBlockingLog.h"
#include "nsIEffectiveTLDService.h"
#include "nsITrackingDBService.h"
#include "nsIWebProgressListener.h"
#include "nsNetCID.h"
#include "nsNetUtil.h"
#include "nsRFPService.h"
#include "nsServiceManagerUtils.h"
#include "nsTArray.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/HashFunctions.h"
#include "mozilla/Preferences.h"
#include "mozilla/RandomNum.h"
#include "mozilla/ReverseIterator.h"
#include "mozilla/StaticPrefs_browser.h"
#include "mozilla/StaticPrefs_privacy.h"
#include "mozilla/StaticPrefs_telemetry.h"
#include "mozilla/StaticPtr.h"
#include "mozilla/Telemetry.h"
#include "mozilla/XorShift128PlusRNG.h"
namespace mozilla {
namespace {
StaticAutoPtr<nsCString> gEmailWebAppDomainsPref;
static constexpr char kEmailWebAppDomainPrefName[] =
"privacy.trackingprotection.emailtracking.webapp.domains";
void EmailWebAppDomainPrefChangeCallback(const char* aPrefName, void*) {
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(!strcmp(aPrefName, kEmailWebAppDomainPrefName));
MOZ_ASSERT(gEmailWebAppDomainsPref);
Preferences::GetCString(kEmailWebAppDomainPrefName, *gEmailWebAppDomainsPref);
}
} // namespace
Maybe<uint32_t> ContentBlockingLog::RecordLogParent(
const nsACString& aOrigin, uint32_t aType, bool aBlocked,
const Maybe<ContentBlockingNotifier::StorageAccessPermissionGrantedReason>&
aReason,
const nsTArray<nsCString>& aTrackingFullHashes,
const Maybe<ContentBlockingNotifier::CanvasFingerprinter>&
aCanvasFingerprinter,
const Maybe<bool> aCanvasFingerprinterKnownText) {
MOZ_ASSERT(XRE_IsParentProcess());
uint32_t events = GetContentBlockingEventsInLog();
bool blockedValue = aBlocked;
bool unblocked = false;
OriginEntry* entry;
switch (aType) {
case nsIWebProgressListener::STATE_COOKIES_LOADED:
MOZ_ASSERT(!aBlocked,
"We don't expected to see blocked STATE_COOKIES_LOADED");
[[fallthrough]];
case nsIWebProgressListener::STATE_COOKIES_LOADED_TRACKER:
MOZ_ASSERT(
!aBlocked,
"We don't expected to see blocked STATE_COOKIES_LOADED_TRACKER");
[[fallthrough]];
case nsIWebProgressListener::STATE_COOKIES_LOADED_SOCIALTRACKER:
MOZ_ASSERT(!aBlocked,
"We don't expected to see blocked "
"STATE_COOKIES_LOADED_SOCIALTRACKER");
// Note that the logic in these branches are the logical negation of the
// logic in other branches, since the Document API we have is phrased
// in "loaded" terms as opposed to "blocked" terms.
blockedValue = !aBlocked;
[[fallthrough]];
case nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_LEVEL_1_TRACKING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_LEVEL_2_TRACKING_CONTENT:
case nsIWebProgressListener::STATE_BLOCKED_FINGERPRINTING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_FINGERPRINTING_CONTENT:
case nsIWebProgressListener::STATE_BLOCKED_CRYPTOMINING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_CRYPTOMINING_CONTENT:
case nsIWebProgressListener::STATE_BLOCKED_SOCIALTRACKING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_SOCIALTRACKING_CONTENT:
case nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION:
case nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL:
case nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN:
case nsIWebProgressListener::STATE_BLOCKED_EMAILTRACKING_CONTENT:
case nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_1_CONTENT:
case nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_2_CONTENT:
Unused << RecordLogInternal(aOrigin, aType, blockedValue);
break;
case nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER:
case nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER:
Unused << RecordLogInternal(aOrigin, aType, blockedValue, aReason,
aTrackingFullHashes);
break;
case nsIWebProgressListener::STATE_REPLACED_FINGERPRINTING_CONTENT:
case nsIWebProgressListener::STATE_ALLOWED_FINGERPRINTING_CONTENT:
case nsIWebProgressListener::STATE_REPLACED_TRACKING_CONTENT:
case nsIWebProgressListener::STATE_ALLOWED_TRACKING_CONTENT:
Unused << RecordLogInternal(aOrigin, aType, blockedValue, aReason,
aTrackingFullHashes);
break;
case nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING:
MOZ_ASSERT(!aBlocked,
"We don't expected to see blocked "
"STATE_ALLOWED_FONT_FINGERPRINTING");
entry = RecordLogInternal(aOrigin, aType, blockedValue);
// Replace the flag using the suspicious fingerprinting event so that we
// can report the event if we detect suspicious fingerprinting.
aType = nsIWebProgressListener::STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING;
// Report blocking if we detect suspicious fingerprinting activity.
if (entry && entry->mData->mHasSuspiciousFingerprintingActivity) {
blockedValue = true;
}
break;
case nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING:
MOZ_ASSERT(!aBlocked,
"We don't expected to see blocked "
"STATE_ALLOWED_CANVAS_FINGERPRINTING");
entry = RecordLogInternal(aOrigin, aType, blockedValue, Nothing(), {},
aCanvasFingerprinter,
aCanvasFingerprinterKnownText);
// Replace the flag using the suspicious fingerprinting event so that we
// can report the event if we detect suspicious fingerprinting.
aType = nsIWebProgressListener::STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING;
// Report blocking if we detect suspicious fingerprinting activity.
if (entry && entry->mData->mHasSuspiciousFingerprintingActivity) {
blockedValue = true;
}
break;
default:
// Ignore nsIWebProgressListener::STATE_BLOCKED_UNSAFE_CONTENT;
break;
}
if (!aBlocked) {
unblocked = (events & aType) != 0;
}
const uint32_t oldEvents = events;
if (blockedValue) {
events |= aType;
} else if (unblocked) {
events &= ~aType;
}
if (events == oldEvents
#ifdef ANDROID
// GeckoView always needs to notify about blocked trackers,
// since the GeckoView API always needs to report the URI and
// type of any blocked tracker. We use a platform-dependent code
// path here because reporting this notification on desktop
// platforms isn't necessary and doing so can have a big
// performance cost.
&& aType != nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT
#endif
) {
// Avoid dispatching repeated notifications when nothing has
// changed
return Nothing();
}
return Some(events);
}
void ContentBlockingLog::ReportLog(nsIPrincipal* aFirstPartyPrincipal) {
MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aFirstPartyPrincipal);
if (!StaticPrefs::browser_contentblocking_database_enabled()) {
return;
}
if (mLog.IsEmpty()) {
return;
}
nsCOMPtr<nsITrackingDBService> trackingDBService =
do_GetService("@mozilla.org/tracking-db-service;1");
if (NS_WARN_IF(!trackingDBService)) {
return;
}
trackingDBService->RecordContentBlockingLog(Stringify());
}
void ContentBlockingLog::ReportCanvasFingerprintingLog(
nsIPrincipal* aFirstPartyPrincipal) {
MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aFirstPartyPrincipal);
// We don't need to report if the first party is not a content.
if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
return;
}
bool hasCanvasFingerprinter = false;
bool canvasFingerprinterKnownText = false;
Maybe<ContentBlockingNotifier::CanvasFingerprinter> canvasFingerprinter;
for (const auto& originEntry : mLog) {
if (!originEntry.mData) {
continue;
}
for (const auto& logEntry : Reversed(originEntry.mData->mLogs)) {
if (logEntry.mType !=
nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING) {
continue;
}
// Select the log entry with the highest fingerprinting likelihood,
// that primarily means preferring those with a FingerprinterKnownText.
if (!hasCanvasFingerprinter ||
(!canvasFingerprinterKnownText &&
*logEntry.mCanvasFingerprinterKnownText) ||
(!canvasFingerprinterKnownText && canvasFingerprinter.isNothing() &&
logEntry.mCanvasFingerprinter.isSome())) {
hasCanvasFingerprinter = true;
canvasFingerprinterKnownText = *logEntry.mCanvasFingerprinterKnownText;
canvasFingerprinter = logEntry.mCanvasFingerprinter;
}
}
}
if (!hasCanvasFingerprinter) {
Telemetry::Accumulate(Telemetry::CANVAS_FINGERPRINTING_PER_TAB,
"unknown"_ns, 0);
} else {
int32_t fingerprinter =
canvasFingerprinter.isSome() ? (*canvasFingerprinter + 1) : 0;
Telemetry::Accumulate(
Telemetry::CANVAS_FINGERPRINTING_PER_TAB,
canvasFingerprinterKnownText ? "known_text"_ns : "unknown"_ns,
fingerprinter);
}
}
void ContentBlockingLog::ReportFontFingerprintingLog(
nsIPrincipal* aFirstPartyPrincipal) {
MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aFirstPartyPrincipal);
// We don't need to report if the first party is not a content.
if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
return;
}
bool hasFontFingerprinter = false;
for (const auto& originEntry : mLog) {
if (!originEntry.mData) {
continue;
}
for (const auto& logEntry : originEntry.mData->mLogs) {
if (logEntry.mType !=
nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) {
continue;
}
hasFontFingerprinter = true;
}
if (hasFontFingerprinter) {
break;
}
}
Telemetry::Accumulate(Telemetry::FONT_FINGERPRINTING_PER_TAB,
hasFontFingerprinter);
}
void ContentBlockingLog::ReportEmailTrackingLog(
nsIPrincipal* aFirstPartyPrincipal) {
MOZ_ASSERT(XRE_IsParentProcess());
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aFirstPartyPrincipal);
// We don't need to report if the first party is not a content.
if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
return;
}
nsCOMPtr<nsIEffectiveTLDService> tldService =
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
if (!tldService) {
return;
}
nsTHashtable<nsCStringHashKey> level1SiteSet;
nsTHashtable<nsCStringHashKey> level2SiteSet;
for (const auto& originEntry : mLog) {
if (!originEntry.mData) {
continue;
}
bool isLevel1EmailTracker = false;
bool isLevel2EmailTracker = false;
for (const auto& logEntry : Reversed(originEntry.mData->mLogs)) {
// Check if the email tracking related event had been filed for the given
// origin entry. Note that we currently only block level 1 email trackers,
// so blocking event represents the page has embedded a level 1 tracker.
if (logEntry.mType ==
nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_2_CONTENT) {
isLevel2EmailTracker = true;
break;
}
if (logEntry.mType ==
nsIWebProgressListener::STATE_BLOCKED_EMAILTRACKING_CONTENT ||
logEntry.mType == nsIWebProgressListener::
STATE_LOADED_EMAILTRACKING_LEVEL_1_CONTENT) {
isLevel1EmailTracker = true;
break;
}
}
if (isLevel1EmailTracker || isLevel2EmailTracker) {
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), originEntry.mOrigin);
if (NS_FAILED(rv)) {
continue;
}
nsAutoCString baseDomain;
rv = tldService->GetBaseDomain(uri, 0, baseDomain);
if (NS_FAILED(rv)) {
continue;
}
if (isLevel1EmailTracker) {
Unused << level1SiteSet.EnsureInserted(baseDomain);
} else {
Unused << level2SiteSet.EnsureInserted(baseDomain);
}
}
}
// Cache the email webapp domains pref value and register the callback
// function to update the cached value when the pref changes.
if (!gEmailWebAppDomainsPref) {
gEmailWebAppDomainsPref = new nsCString();
Preferences::RegisterCallbackAndCall(EmailWebAppDomainPrefChangeCallback,
kEmailWebAppDomainPrefName);
RunOnShutdown([]() {
Preferences::UnregisterCallback(EmailWebAppDomainPrefChangeCallback,
kEmailWebAppDomainPrefName);
gEmailWebAppDomainsPref = nullptr;
});
}
bool isTopEmailWebApp =
aFirstPartyPrincipal->IsURIInList(*gEmailWebAppDomainsPref);
uint32_t level1Count = level1SiteSet.Count();
uint32_t level2Count = level2SiteSet.Count();
Telemetry::Accumulate(
Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
isTopEmailWebApp ? "base_emailapp"_ns : "base_normal"_ns, level1Count);
Telemetry::Accumulate(
Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
isTopEmailWebApp ? "content_emailapp"_ns : "content_normal"_ns,
level2Count);
Telemetry::Accumulate(Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
isTopEmailWebApp ? "all_emailapp"_ns : "all_normal"_ns,
level1Count + level2Count);
}
ContentBlockingLog::OriginEntry* ContentBlockingLog::RecordLogInternal(
const nsACString& aOrigin, uint32_t aType, bool aBlocked,
const Maybe<ContentBlockingNotifier::StorageAccessPermissionGrantedReason>&
aReason,
const nsTArray<nsCString>& aTrackingFullHashes,
const Maybe<ContentBlockingNotifier::CanvasFingerprinter>&
aCanvasFingerprinter,
const Maybe<bool> aCanvasFingerprinterKnownText) {
DebugOnly<bool> isCookiesBlockedTracker =
aType == nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER ||
aType == nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER;
MOZ_ASSERT_IF(aBlocked, aReason.isNothing());
MOZ_ASSERT_IF(!isCookiesBlockedTracker, aReason.isNothing());
MOZ_ASSERT_IF(isCookiesBlockedTracker && !aBlocked, aReason.isSome());
if (aOrigin.IsVoid()) {
return nullptr;
}
auto index = mLog.IndexOf(aOrigin, 0, Comparator());
if (index != OriginDataTable::NoIndex) {
OriginEntry& entry = mLog[index];
if (!entry.mData) {
return nullptr;
}
if (RecordLogEntryInCustomField(aType, entry, aBlocked)) {
return &entry;
}
if (!entry.mData->mLogs.IsEmpty()) {
auto& last = entry.mData->mLogs.LastElement();
if (last.mType == aType && last.mBlocked == aBlocked &&
last.mCanvasFingerprinter == aCanvasFingerprinter &&
last.mCanvasFingerprinterKnownText == aCanvasFingerprinterKnownText) {
++last.mRepeatCount;
// Don't record recorded events. This helps compress our log.
// We don't care about if the the reason is the same, just keep the
// first one.
// Note: {aReason, aTrackingFullHashes} are not compared here and we
// simply keep the first for the reason, and merge hashes to make sure
// they can be correctly recorded.
for (const auto& hash : aTrackingFullHashes) {
if (!last.mTrackingFullHashes.Contains(hash)) {
last.mTrackingFullHashes.AppendElement(hash);
}
}
return &entry;
}
}
if (entry.mData->mLogs.Length() ==
std::max(1u, StaticPrefs::browser_contentblocking_originlog_length())) {
// Cap the size at the maximum length adjustable by the pref
entry.mData->mLogs.RemoveElementAt(0);
}
entry.mData->mLogs.AppendElement(
LogEntry{aType, 1u, aBlocked, aReason, aTrackingFullHashes.Clone(),
aCanvasFingerprinter, aCanvasFingerprinterKnownText});
// Check suspicious fingerprinting activities if the origin hasn't already
// been marked.
// TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
// out of here.
if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
!entry.mData->mHasSuspiciousFingerprintingActivity &&
nsRFPService::CheckSuspiciousFingerprintingActivity(
entry.mData->mLogs)) {
entry.mData->mHasSuspiciousFingerprintingActivity = true;
}
return &entry;
}
// The entry has not been found.
OriginEntry* entry = mLog.AppendElement();
if (NS_WARN_IF(!entry || !entry->mData)) {
return nullptr;
}
entry->mOrigin = aOrigin;
if (aType == nsIWebProgressListener::STATE_LOADED_LEVEL_1_TRACKING_CONTENT) {
entry->mData->mHasLevel1TrackingContentLoaded = aBlocked;
} else if (aType ==
nsIWebProgressListener::STATE_LOADED_LEVEL_2_TRACKING_CONTENT) {
entry->mData->mHasLevel2TrackingContentLoaded = aBlocked;
} else if (aType == nsIWebProgressListener::STATE_COOKIES_LOADED) {
MOZ_ASSERT(entry->mData->mHasCookiesLoaded.isNothing());
entry->mData->mHasCookiesLoaded.emplace(aBlocked);
} else if (aType == nsIWebProgressListener::STATE_COOKIES_LOADED_TRACKER) {
MOZ_ASSERT(entry->mData->mHasTrackerCookiesLoaded.isNothing());
entry->mData->mHasTrackerCookiesLoaded.emplace(aBlocked);
} else if (aType ==
nsIWebProgressListener::STATE_COOKIES_LOADED_SOCIALTRACKER) {
MOZ_ASSERT(entry->mData->mHasSocialTrackerCookiesLoaded.isNothing());
entry->mData->mHasSocialTrackerCookiesLoaded.emplace(aBlocked);
} else {
entry->mData->mLogs.AppendElement(
LogEntry{aType, 1u, aBlocked, aReason, aTrackingFullHashes.Clone(),
aCanvasFingerprinter, aCanvasFingerprinterKnownText});
// Check suspicious fingerprinting activities if the origin hasn't been
// marked.
// TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
// out of here.
if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
nsRFPService::CheckSuspiciousFingerprintingActivity(
entry->mData->mLogs)) {
entry->mData->mHasSuspiciousFingerprintingActivity = true;
}
}
return entry;
}
} // namespace mozilla
View git blame Copy permalink