corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1907590: Improve labels for https telemetry, r=freddyb,kershaw,necko-reviewers,maltejur

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D216675
This commit is contained in:
Christoph Kerschbaumer
2024-07-17 15:29:24 +00:00
parent 9582a78d91
commit 3063e2ccd1
9 changed files with 203 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docshell/base/nsDocShellLoadState.h
View File

@@ -633,7 +633,7 @@ class nsDocShellLoadState final {
// Solely for the use of collecting Telemetry for HTTPS upgrades.
nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
nsILoadInfo::NO_UPGRADE;
nsILoadInfo::NOT_INITIALIZED;
};
#endif /* nsDocShellLoadState_h__ */

4
dom/security/DomSecurityIPCUtils.h
View File

@@ -17,8 +17,8 @@ template <>
struct ParamTraits<nsILoadInfo::HTTPSUpgradeTelemetryType>
: public ContiguousEnumSerializerInclusive<
nsILoadInfo::HTTPSUpgradeTelemetryType,
nsILoadInfo::HTTPSUpgradeTelemetryType::NO_UPGRADE,
nsILoadInfo::HTTPSUpgradeTelemetryType::HTTPS_RR> {};
nsILoadInfo::HTTPSUpgradeTelemetryType::NOT_INITIALIZED,
nsILoadInfo::HTTPSUpgradeTelemetryType::UPGRADE_EXCEPTION> {};
} // namespace IPC

15
dom/security/nsHTTPSOnlyUtils.cpp
View File

@@ -764,6 +764,21 @@ void nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption(
httpsOnlyStatus |= nsILoadInfo::HTTPS_ONLY_EXEMPT;
}
loadInfo->SetHttpsOnlyStatus(httpsOnlyStatus);
// For the telemetry we do not want downgrade values to be overwritten
// in the loadinfo. We only want e.g. a reload() or a back() click
// to carry the upgrade exception.
if (httpsOnlyStatus & nsILoadInfo::HTTPS_ONLY_EXEMPT) {
nsILoadInfo::HTTPSUpgradeTelemetryType httpsTelemetry =
nsILoadInfo::NOT_INITIALIZED;
loadInfo->GetHttpsUpgradeTelemetry(&httpsTelemetry);
if (httpsTelemetry != nsILoadInfo::HTTPS_ONLY_UPGRADE_DOWNGRADE &&
httpsTelemetry != nsILoadInfo::HTTPS_FIRST_UPGRADE_DOWNGRADE &&
httpsTelemetry !=
nsILoadInfo::HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE) {
loadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::UPGRADE_EXCEPTION);
}
}
}
/* static */

163
dom/security/test/https-first/browser_https_telemetry.js
View File

@@ -6,7 +6,7 @@
// We explicitly need HTTP URLs in this test
/* eslint-disable @microsoft/sdl/no-insecure-url */
requestLongerTimeout(2);
requestLongerTimeout(3);
ChromeUtils.defineLazyGetter(this, "UrlbarTestUtils", () => {
const { UrlbarTestUtils: module } = ChromeUtils.importESModule(
@@ -53,6 +53,7 @@ async function setPrefsAndResetFog(
function verifyGleanValues(
aDescription,
aNotInitialized,
aNoUpgrade,
aAlreadyHTTPS,
aHSTS,
@@ -62,10 +63,17 @@ function verifyGleanValues(
aHttpsFirstUpgradeDowngrade,
aHttpsFirstSchemelessUpgrade,
aHttpsFirstSchemelessUpgradeDowngrade,
aHttpsRR
aHttpsRR,
aWebExtensionUpgrade,
aUpgradeException
) {
info(aDescription);
let glean = Glean.networking.httpToHttpsUpgradeReason;
is(
glean.not_initialized.testGetValue(),
aNotInitialized,
"verify not_initialized"
);
is(glean.no_upgrade.testGetValue(), aNoUpgrade, "verify no_upgrade");
is(glean.already_https.testGetValue(), aAlreadyHTTPS, "verify already_https");
is(glean.hsts.testGetValue(), aHSTS, "verify hsts");
@@ -100,6 +108,16 @@ function verifyGleanValues(
"verify https_first_schemeless_upgrade_downgrade"
);
is(glean.https_rr.testGetValue(), aHttpsRR, "verify https_rr");
is(
glean.web_extension_upgrade.testGetValue(),
aWebExtensionUpgrade,
"verify web_extension_upgrade"
);
is(
glean.upgrade_exception.testGetValue(),
aUpgradeException,
"verify upgrade_exception"
);
}
async function runUpgradeTest(aURI, aDesc, aAssertURLStartsWith) {
@@ -165,6 +183,7 @@ add_task(async function () {
);
verifyGleanValues(
"(0) exempt loopback addresses",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -174,7 +193,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -194,6 +215,7 @@ add_task(async function () {
);
verifyGleanValues(
"(1) no upgrade test",
null /* aNotInitialized */,
1 /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -203,7 +225,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -224,6 +248,7 @@ add_task(async function () {
verifyGleanValues(
"(2) already https test",
null /* aNotInitialized */,
null /* aNoUpgrade */,
1 /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -233,7 +258,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -254,6 +281,7 @@ add_task(async function () {
verifyGleanValues(
"(2b) already https test all prefs true",
null /* aNotInitialized */,
null /* aNoUpgrade */,
1 /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -263,7 +291,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -290,6 +320,7 @@ add_task(async function () {
verifyGleanValues(
"(3) hsts",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
1 /* aHSTS */,
@@ -299,7 +330,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
// finally we need to reset hsts
@@ -335,6 +368,7 @@ add_task(async function () {
verifyGleanValues(
"(3b) hsts with all prefs true",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
1 /* aHSTS */,
@@ -344,7 +378,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
// finally we need to reset the hsts host
@@ -372,6 +408,7 @@ add_task(async function () {
verifyGleanValues(
"(4) https-only upgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -381,7 +418,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
info("(4b) https-only upgrade downgrade");
@@ -421,7 +460,7 @@ add_task(async function () {
true
);
// click the 'contine to insecure page' button
// click the 'continue to insecure page' button
await SpecialPowers.spawn(browser, [], async function () {
let openInsecureButton = content.document.getElementById("openInsecure");
Assert.notEqual(
@@ -464,6 +503,7 @@ add_task(async function () {
verifyGleanValues(
"(4b) https-only upgrade downgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -473,7 +513,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -494,6 +536,7 @@ add_task(async function () {
verifyGleanValues(
"(5) https-first upgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -503,7 +546,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
info("(5b) https-first upgrade downgrade");
@@ -522,6 +567,7 @@ add_task(async function () {
verifyGleanValues(
"(5) https-first upgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -531,7 +577,9 @@ add_task(async function () {
1 /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -552,6 +600,7 @@ add_task(async function () {
verifyGleanValues(
"(6) schemeless https-first upgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -561,7 +610,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
1 /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
info("(6b) schemeless https-first upgrade downgrade");
@@ -580,6 +631,7 @@ add_task(async function () {
verifyGleanValues(
"(6b) schemeless https-first upgrade downgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -589,7 +641,9 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
1 /* aHttpsFirstSchemelessUpgrade */,
1 /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
@@ -616,6 +670,7 @@ add_task(async function () {
verifyGleanValues(
"(7) https-rr upgrade",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
@@ -625,6 +680,82 @@ add_task(async function () {
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
1 /* aHttpsRR */
1 /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
null /* aUpgradeException */
);
});
add_task(async function () {
info("(8) upgrade/downgrade/reload");
// This test performs an upgrade-downgrade and then reloads
// the document which then triggers an upgrade_exception.
await setPrefsAndResetFog(
false /* aHTTPSOnlyPref */,
true /* aHTTPSFirstPref */,
false /* aSchemeLessPref */
);
await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
// First, perform the upgrade/downgrade
const upgradeDowngradeLoaded = BrowserTestUtils.browserLoaded(
browser,
false,
null,
true
);
BrowserTestUtils.startLoadingURIString(
browser,
NO_HTTPS_SUPPORT_SITE + "?test8"
);
await upgradeDowngradeLoaded;
await SpecialPowers.spawn(browser, [], async function () {
ok(
content.document.location.href.startsWith("http://"),
"(8) upgrade/downgrade/reload"
);
});
// Before reloading the doc we have to reset the fog
Services.fog.testResetFOG();
const reloadLoaded = BrowserTestUtils.browserLoaded(
browser,
false,
null,
true
);
await SpecialPowers.spawn(browser, [], async function () {
content.location.reload();
});
await reloadLoaded;
await SpecialPowers.spawn(browser, [], async function () {
ok(
content.document.location.href.startsWith("http://"),
"(8) upgrade/downgrade/reload"
);
});
});
verifyGleanValues(
"(8) upgrade/downgrade/reload",
null /* aNotInitialized */,
null /* aNoUpgrade */,
null /* aAlreadyHTTPS */,
null /* aHSTS */,
null /* aHttpsOnlyUpgrade */,
null /* aHttpsOnlyUpgradeDowngrade */,
null /* aHttpsFirstUpgrade */,
null /* aHttpsFirstUpgradeDowngrade */,
null /* aHttpsFirstSchemelessUpgrade */,
null /* aHttpsFirstSchemelessUpgradeDowngrade */,
null /* aHttpsRR */,
null /* aWebExtensionUpgrade */,
1 /* aUpgradeException */
);
});

2
netwerk/base/LoadInfo.h
View File

@@ -415,7 +415,7 @@ class LoadInfo final : public nsILoadInfo {
bool mWasSchemelessInput = false;
nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
nsILoadInfo::NO_UPGRADE;
nsILoadInfo::NOT_INITIALIZED;
};
// This is exposed solely for testing purposes and should not be used outside of

23
netwerk/base/nsILoadInfo.idl
View File

@@ -1569,16 +1569,19 @@ interface nsILoadInfo : nsISupports
[infallible] attribute boolean wasSchemelessInput;
cenum HTTPSUpgradeTelemetryType : 32 {
NO_UPGRADE = 0,
ALREADY_HTTPS = (1 << 0),
HSTS = (1 << 1),
HTTPS_ONLY_UPGRADE = (1 << 2),
HTTPS_ONLY_UPGRADE_DOWNGRADE = (1 << 3),
HTTPS_FIRST_UPGRADE = (1 << 4),
HTTPS_FIRST_UPGRADE_DOWNGRADE = (1 << 5),
HTTPS_FIRST_SCHEMELESS_UPGRADE = (1 << 6),
HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE = (1 << 7),
HTTPS_RR = (1 << 8),
NOT_INITIALIZED = 0,
NO_UPGRADE = (1 << 0),
ALREADY_HTTPS = (1 << 1),
HSTS = (1 << 2),
HTTPS_ONLY_UPGRADE = (1 << 3),
HTTPS_ONLY_UPGRADE_DOWNGRADE = (1 << 4),
HTTPS_FIRST_UPGRADE = (1 << 5),
HTTPS_FIRST_UPGRADE_DOWNGRADE = (1 << 6),
HTTPS_FIRST_SCHEMELESS_UPGRADE = (1 << 7),
HTTPS_FIRST_SCHEMELESS_UPGRADE_DOWNGRADE = (1 << 8),
HTTPS_RR = (1 << 9),
WEB_EXTENSION_UPGRADE = (1 << 10),
UPGRADE_EXCEPTION = (1 << 11),
};
/**

3
netwerk/metrics.yaml
View File

@@ -1176,6 +1176,7 @@ networking:
- seceng-telemetry@mozilla.com
expires: never
labels:
- not_initialized
- no_upgrade
- already_https
- hsts
@@ -1186,6 +1187,8 @@ networking:
- https_first_schemeless_upgrade
- https_first_schemeless_upgrade_downgrade
- https_rr
- web_extension_upgrade
- upgrade_exception
http_channel_sub_open_to_first_sent_https_rr:
type: timing_distribution

5
netwerk/protocol/http/HttpBaseChannel.cpp
View File

@@ -2304,6 +2304,11 @@ HttpBaseChannel::UpgradeToSecure() {
NS_ENSURE_TRUE(LoadUpgradableToSecure(), NS_ERROR_NOT_AVAILABLE);
StoreUpgradeToSecure(true);
// todo: Currently UpgradeToSecure() is called only by web extensions, if
// that ever changes, we need to update the following telemetry collection
// to reflect any future changes.
mLoadInfo->SetHttpsUpgradeTelemetry(nsILoadInfo::WEB_EXTENSION_UPGRADE);
return NS_OK;
}

17
netwerk/protocol/http/nsHttpChannel.cpp
View File

@@ -8045,9 +8045,14 @@ static void RecordHTTPSUpgradeTelemetry(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
}
nsILoadInfo::HTTPSUpgradeTelemetryType httpsTelemetry =
nsILoadInfo::NO_UPGRADE;
nsILoadInfo::NOT_INITIALIZED;
aLoadInfo->GetHttpsUpgradeTelemetry(&httpsTelemetry);
switch (httpsTelemetry) {
case nsILoadInfo::NOT_INITIALIZED:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("not_initialized"_ns)
.Add(1);
break;
case nsILoadInfo::NO_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("no_upgrade"_ns)
@@ -8097,6 +8102,16 @@ static void RecordHTTPSUpgradeTelemetry(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
.Get("https_rr"_ns)
.Add(1);
break;
case nsILoadInfo::WEB_EXTENSION_UPGRADE:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("web_extension_upgrade"_ns)
.Add(1);
break;
case nsILoadInfo::UPGRADE_EXCEPTION:
mozilla::glean::networking::http_to_https_upgrade_reason
.Get("upgrade_exception"_ns)
.Add(1);
break;
default:
MOZ_ASSERT(false, "what telemetry flag is set to end up here?");
}