Add monitoring disclosure WebUI page

This adds a new chrome://connection-monitoring-detected page that gives greater detail when Chrome detects known network interception certificates. Screenshots: - Desktop: https://drive.google.com/file/d/14idB9uoKa4ezUqx-8VbtQJL0ayPWJwFJ/view - Android: https://drive.google.com/file/d/1H2JMlxNcT2XVjb_ug-hsIRySoaFRTvqE/view Bug: 1014711 Change-Id: Ic462a23c9d2e5fb3ca3ac4a1e6f1184d5d0ffc29 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1913715 Commit-Queue: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#718327}

Add monitoring disclosure WebUI page
This adds a new chrome://connection-monitoring-detected page that gives greater detail when Chrome detects known network interception certificates. Screenshots: - Desktop: https://drive.google.com/file/d/14idB9uoKa4ezUqx-8VbtQJL0ayPWJwFJ/view - Android: https://drive.google.com/file/d/1H2JMlxNcT2XVjb_ug-hsIRySoaFRTvqE/view Bug: 1014711 Change-Id: Ic462a23c9d2e5fb3ca3ac4a1e6f1184d5d0ffc29 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1913715 Commit-Queue: Christopher Thompson <cthomp@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#718327}
be7210f6 · Christopher Thompson · Commit Bot · 2a10ad6e · be7210f6 · be7210f6
Commit be7210f6 authored Nov 22, 2019 by Christopher Thompson Committed by Commit Bot Nov 22, 2019
13 changed files
--- a/chrome/browser/ssl/known_interception_disclosure_ui_browsertest.cc
+++ b/chrome/browser/ssl/known_interception_disclosure_ui_browsertest.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "components/security_interstitials/content/urls.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/test/test_utils.h"
+
+using KnownInterceptionDisclosureUITest = InProcessBrowserTest;
+
+// Tests that the chrome://connection-monitoring-detected WebUI page shows the
+// expected title and strings.
+IN_PROC_BROWSER_TEST_F(KnownInterceptionDisclosureUITest, PageDisplaysStrings) {
+  constexpr char kPageTitle[] = "Monitoring Detected";
+  constexpr char kBodyText[] =
+      "has detected that your connection is being monitored";
+
+  ui_test_utils::NavigateToURL(
+      browser(),
+      content::GetWebUIURL(
+          security_interstitials::kChromeUIConnectionMonitoringDetectedHost));
+  content::WebContents* contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+
+  EXPECT_EQ(base::ASCIIToUTF16(kPageTitle), contents->GetTitle());
+  EXPECT_GE(ui_test_utils::FindInPage(contents, base::ASCIIToUTF16(kBodyText),
+                                      true, true, nullptr, nullptr),
+            1);
+}
--- a/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc
+++ b/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc
@@ -81,6 +81,7 @@
 #include "components/safe_browsing/web_ui/constants.h"
 #include "components/safe_browsing/web_ui/safe_browsing_ui.h"
 #include "components/security_interstitials/content/connection_help_ui.h"
+#include "components/security_interstitials/content/known_interception_disclosure_ui.h"
 #include "components/security_interstitials/content/urls.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_ui.h"
@@ -373,6 +374,10 @@ WebUIFactoryFunction GetWebUIFactoryFunction(WebUI* web_ui,
    return &NewWebUI<InterventionsInternalsUI>;
  if (url.host_piece() == chrome::kChromeUIInvalidationsHost)
    return &NewWebUI<InvalidationsUI>;
+  if (url.host_piece() ==
+      security_interstitials::kChromeUIConnectionMonitoringDetectedHost) {
+    return &NewWebUI<security_interstitials::KnownInterceptionDisclosureUI>;
+  }
  if (url.host_piece() == chrome::kChromeUILocalStateHost)
    return &NewWebUI<LocalStateUI>;
  if (url.host_piece() == chrome::kChromeUIMemoryInternalsHost)

--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -1141,6 +1141,7 @@ if (!is_android) {
      "../browser/signin/e2e_tests/live_test.h",
      "../browser/site_isolation/chrome_site_per_process_browsertest.cc",
      "../browser/site_isolation/site_details_browsertest.cc",
+      "../browser/ssl/known_interception_disclosure_ui_browsertest.cc",
      "../browser/ui/blocked_content/popup_tracker_browsertest.cc",
      "../browser/ui/blocked_content/safe_browsing_triggered_popup_blocker_browsertest.cc",
      "../browser/ui/blocked_content/tab_under_blocker_browsertest.cc",

--- a/components/resources/security_interstitials_resources.grdp
+++ b/components/resources/security_interstitials_resources.grdp
@@ -8,4 +8,8 @@
  <include name="IDR_SECURITY_INTERSTITIAL_CONNECTION_HELP_HTML" file="../security_interstitials/content/resources/connection_help.html" compress="gzip" type="BINDATA" />
  <include name="IDR_SECURITY_INTERSTITIAL_CONNECTION_HELP_CSS" file="../security_interstitials/content/resources/connection_help.css" compress="gzip" type="BINDATA" />
  <include name="IDR_SECURITY_INTERSTITIAL_CONNECTION_HELP_JS" file="../security_interstitials/content/resources/connection_help.js" compress="gzip" type="BINDATA" />
+  <include name="IDR_KNOWN_INTERCEPTION_HTML" file="../security_interstitials/content/resources/known_interception_disclosure.html" compress="gzip" type="BINDATA" />
+  <include name="IDR_KNOWN_INTERCEPTION_CSS" file="../security_interstitials/content/resources/known_interception_disclosure.css" compress="gzip" type="BINDATA" />
+  <include name="IDR_KNOWN_INTERCEPTION_ICON_1X_PNG" file="../security_interstitials/core/browser/resources/images/1x/triangle_red.png" compress="gzip" type="BINDATA" />
+  <include name="IDR_KNOWN_INTERCEPTION_ICON_2X_PNG" file="../security_interstitials/core/browser/resources/images/2x/triangle_red.png" compress="gzip" type="BINDATA" />
 </grit-part>
--- a/components/security_interstitials/OWNERS
+++ b/components/security_interstitials/OWNERS
 carlosil@chromium.org
-cthomp@chromium.org
 drubery@chromium.org
 estark@chromium.org
 felt@chromium.org

--- a/components/security_interstitials/content/BUILD.gn
+++ b/components/security_interstitials/content/BUILD.gn
@@ -11,6 +11,8 @@ static_library("security_interstitial_page") {
    "certificate_error_report.h",
    "connection_help_ui.cc",
    "connection_help_ui.h",
+    "known_interception_disclosure_ui.cc",
+    "known_interception_disclosure_ui.h",
    "origin_policy_interstitial_page.cc",
    "origin_policy_interstitial_page.h",
    "origin_policy_ui.cc",

--- a/components/security_interstitials/content/known_interception_disclosure_ui.cc
+++ b/components/security_interstitials/content/known_interception_disclosure_ui.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/security_interstitials/content/known_interception_disclosure_ui.h"
+
+#include "build/build_config.h"
+#include "components/grit/components_resources.h"
+#include "components/security_interstitials/content/urls.h"
+#include "components/strings/grit/components_strings.h"
+#include "content/public/browser/browser_context.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/browser/web_ui.h"
+#include "content/public/browser/web_ui_data_source.h"
+#include "net/base/net_errors.h"
+#include "ui/base/l10n/l10n_util.h"
+
+namespace security_interstitials {
+
+KnownInterceptionDisclosureUI::KnownInterceptionDisclosureUI(
+    content::WebUI* web_ui)
+    : content::WebUIController(web_ui) {
+  content::WebUIDataSource* html_source = content::WebUIDataSource::Create(
+      kChromeUIConnectionMonitoringDetectedHost);
+
+  html_source->AddLocalizedString("title", IDS_KNOWN_INTERCEPTION_TITLE);
+  html_source->AddLocalizedString("pageSubtitle",
+                                  IDS_KNOWN_INTERCEPTION_SUBTITLE);
+  html_source->AddLocalizedString("pageDescription",
+                                  IDS_KNOWN_INTERCEPTION_DESCRIPTION);
+  html_source->AddLocalizedString("pageMeaningSubheading",
+                                  IDS_KNOWN_INTERCEPTION_MEANING_SUBHEADING);
+  html_source->AddLocalizedString("pageMeaningDescription",
+                                  IDS_KNOWN_INTERCEPTION_MEANING_DESCRIPTION);
+  html_source->AddLocalizedString("pageCauseSubheading",
+                                  IDS_KNOWN_INTERCEPTION_CAUSE_SUBHEADING);
+  html_source->AddLocalizedString("pageCauseDescription",
+                                  IDS_KNOWN_INTERCEPTION_CAUSE_DESCRIPTION);
+
+  html_source->AddResourcePath("interstitial_core.css",
+                               IDR_SECURITY_INTERSTITIAL_CORE_CSS);
+  html_source->AddResourcePath("interstitial_common.css",
+                               IDR_SECURITY_INTERSTITIAL_COMMON_CSS);
+  html_source->AddResourcePath("monitoring_disclosure.css",
+                               IDR_KNOWN_INTERCEPTION_CSS);
+  html_source->AddResourcePath("images/1x/triangle_red.png",
+                               IDR_KNOWN_INTERCEPTION_ICON_1X_PNG);
+  html_source->AddResourcePath("images/2x/triangle_red.png",
+                               IDR_KNOWN_INTERCEPTION_ICON_2X_PNG);
+  html_source->SetDefaultResource(IDR_KNOWN_INTERCEPTION_HTML);
+
+  content::BrowserContext* browser_context =
+      web_ui->GetWebContents()->GetBrowserContext();
+  content::WebUIDataSource::Add(browser_context, html_source);
+}
+
+KnownInterceptionDisclosureUI::~KnownInterceptionDisclosureUI() = default;
+
+}  // namespace security_interstitials
--- a/components/security_interstitials/content/known_interception_disclosure_ui.h
+++ b/components/security_interstitials/content/known_interception_disclosure_ui.h
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_KNOWN_INTERCEPTION_DISCLOSURE_UI_H_
+#define COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_KNOWN_INTERCEPTION_DISCLOSURE_UI_H_
+
+#include "content/public/browser/web_ui_controller.h"
+
+namespace content {
+class WebUI;
+}
+
+namespace security_interstitials {
+
+// The WebUI for chrome://connection-monitoring-detected, which provides details
+// to users when Chrome has detected known network interception.
+class KnownInterceptionDisclosureUI : public content::WebUIController {
+ public:
+  explicit KnownInterceptionDisclosureUI(content::WebUI* web_ui);
+  ~KnownInterceptionDisclosureUI() override;
+  KnownInterceptionDisclosureUI(const KnownInterceptionDisclosureUI&) = delete;
+  KnownInterceptionDisclosureUI& operator=(
+      const KnownInterceptionDisclosureUI&) = delete;
+};
+
+}  // namespace security_interstitials
+
+#endif  // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_KNOWN_INTERCEPTION_DISCLOSURE_UI_H_
--- a/components/security_interstitials/content/resources/known_interception_disclosure.css
+++ b/components/security_interstitials/content/resources/known_interception_disclosure.css
+/* Copyright 2019 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file. */
+
+ h2 {
+  margin-top: 2em;
+}
+
+.icon {
+  background-image: -webkit-image-set(
+    url(images/1x/triangle_red.png) 1x,
+    url(images/2x/triangle_red.png) 2x);
+  background-repeat: no-repeat;
+  background-size: 100%;
+  height: 72px;
+  width: 72px;
+}
--- a/components/security_interstitials/content/resources/known_interception_disclosure.html
+++ b/components/security_interstitials/content/resources/known_interception_disclosure.html
+<!DOCTYPE HTML>
+<html dir="$i18n{textdirection}">
+  <head>
+    <title>$i18n{title}</title>
+    <meta charset='utf-8'>
+    <meta name="viewport" content="initial-scale=1, minimum-scale=1, width=device-width">
+    <link rel="stylesheet" href="chrome://resources/css/text_defaults.css">
+    <link rel="stylesheet" href="interstitial_core.css">
+    <link rel="stylesheet" href="interstitial_common.css">
+    <link rel="stylesheet" href="monitoring_disclosure.css">
+  </head>
+  <body>
+    <div class="interstitial-wrapper">
+      <div class="icon"></div>
+      <h1>$i18n{pageSubtitle}</h1>
+      <div class="subtitle">$i18n{pageDescription}</div>
+      <h2>$i18n{pageMeaningSubheading}</h2>
+      <div class="subtitle">$i18n{pageMeaningDescription}</div>
+      <h2>$i18n{pageCauseSubheading}</h2>
+      <div class="subtitle">$i18n{pageCauseDescription}</div>
+    </div>
+  </body>
+</html>
--- a/components/security_interstitials/content/urls.cc
+++ b/components/security_interstitials/content/urls.cc
@@ -9,4 +9,7 @@ namespace security_interstitials {
 const char kChromeUIConnectionHelpHost[] = "connection-help";
 const char kChromeUIConnectionHelpURL[] = "chrome://connection-help";

+const char kChromeUIConnectionMonitoringDetectedHost[] =
+    "connection-monitoring-detected";
+
 }  // namespace security_interstitials
--- a/components/security_interstitials/content/urls.h
+++ b/components/security_interstitials/content/urls.h
@@ -10,6 +10,8 @@ namespace security_interstitials {
 extern const char kChromeUIConnectionHelpHost[];
 extern const char kChromeUIConnectionHelpURL[];

+extern const char kChromeUIConnectionMonitoringDetectedHost[];
+
 }  // namespace security_interstitials

 #endif  // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_URLS_H_
--- a/components/security_interstitials_strings.grdp
+++ b/components/security_interstitials_strings.grdp
@@ -487,4 +487,50 @@
  <message name="IDS_SAFETY_TIP_ANDROID_LOOKALIKE_DESCRIPTION" desc="Body of an infobar warning when the user visits a page that triggered a Safety Tip because the domain looked like another domain.">
    <ph name='LOOKALIKE_DOMAIN'>$1<ex>fake-google.com</ex></ph> looks similar to <ph name='SUGGESTED_DOMAIN'>$2<ex>google.com</ex></ph>. Attackers sometimes mimic sites by using similar URLs.
  </message>
+
+  <!-- Known interception disclosure WebUI strings -->
+  <if expr="not is_ios">
+    <!-- Title of the page -->
+    <message name="IDS_KNOWN_INTERCEPTION_TITLE" desc="Title of network interception disclosure page.">
+      Monitoring Detected
+    </message>
+
+    <!-- Main message title and description -->
+    <if expr="_google_chrome">
+      <message name="IDS_KNOWN_INTERCEPTION_SUBTITLE" desc="Title of chrome://connection-monitoring-detected/ page, shows when Chrome has detected known network monitoring activity">
+        Chrome has detected that your connection is being monitored
+      </message>
+    </if>
+    <if expr="not _google_chrome">
+      <message name="IDS_KNOWN_INTERCEPTION_SUBTITLE" desc="Title of chrome://connection-monitoring-detected/ page, shows when Chromium has detected known network monitoring activity">
+        Chromium has detected that your connection is being monitored
+      </message>
+    </if>
+    <message name="IDS_KNOWN_INTERCEPTION_DESCRIPTION" desc="Summary text for chrome://connection-monitoring-detected/ page">
+      Your activity on the web and any information you enter is being watched, and content may be changed without your knowledge.
+    </message>
+
+    <!-- Subsection on what this warning means -->
+    <message name="IDS_KNOWN_INTERCEPTION_MEANING_SUBHEADING" desc="Title for the subsection explaining the risks">
+      What this means
+    </message>
+    <message name="IDS_KNOWN_INTERCEPTION_MEANING_DESCRIPTION" desc="Description for the subsection explaining the risks">
+      The network monitor can pretend to be the sites you visit, and can see your activity and any information you enter (for example, passwords, messages, or credit cards). You should take care when doing anything sensitive online, as it will be visible to the network monitor, and the network monitor can change the content on the pages you visit. This includes activity in other browsers and programs that access the Internet.
+    </message>
+
+    <!-- Subsection on why we're showing the UI -->
+    <message name="IDS_KNOWN_INTERCEPTION_CAUSE_SUBHEADING" desc="Title for the subsection explaining why the warning is shown">
+      Why this is happening
+    </message>
+    <if expr="_google_chrome">
+      <message name="IDS_KNOWN_INTERCEPTION_CAUSE_DESCRIPTION" desc="Description for the subsection explaining why the warning is shown">
+        The certificate for this connection is not trusted by Chrome, because it is known to be used for network interception and monitoring. You may be seeing this error because of a certificate you installed on your device. When making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug their connections during website development, or for corporate environments to intercept and monitor internal traffic. For cases where this is being abused to intercept traffic on the public Internet, Chrome shows a warning.
+      </message>
+    </if>
+    <if expr="not _google_chrome">
+      <message name="IDS_KNOWN_INTERCEPTION_CAUSE_DESCRIPTION" desc="Description for the subsection explaining why the warning is shown">
+        The certificate for this connection is not trusted by Chromium, because it is known to be used for network interception and monitoring. You may be seeing this error because of a certificate you installed on your device. When making secure connections, Chromium trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug their connections during website development, or for corporate environments to intercept and monitor internal traffic. For cases where this is being abused to intercept traffic on the public Internet, Chromium shows a warning.
+      </message>
+    </if>
+  </if>
 </grit-part>