Changeset 252641 in webkit


Ignore:
Timestamp:
Nov 19, 2019 12:35:21 PM (4 years ago)
Author:
wilander@apple.com
Message:

Resource Load Statistics: Count third-party script loads under top frame
https://bugs.webkit.org/show_bug.cgi?id=204262
<rdar://problem/57244945>

Reviewed by Alex Christensen.

Source/WebCore:

Third-party scripts running in the first-party context are a significant privacy
and security risk. This change captures the number of such script loads which will
allow ITP to take action.

Tests: http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database.html

http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker.html
http/tests/resourceLoadStatistics/count-third-party-script-loads-database.html
http/tests/resourceLoadStatistics/count-third-party-script-loads.html

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadResourceSynchronously):

Now sends the ResourceLoadObserver::FetchDestinationIsScriptLike parameter to
ResourceLoadObserver::logSubresourceLoading().

  • loader/ResourceLoadObserver.h:

(WebCore::ResourceLoadObserver::logSubresourceLoading):

Now takes a FetchDestinationIsScriptLike parameter.

  • loader/ResourceLoadStatistics.cpp:

(WebCore::ResourceLoadStatistics::encode const):
(WebCore::ResourceLoadStatistics::decode):
(WebCore::ResourceLoadStatistics::toString const):

Output of the new topFrameLoadedThirdPartyScripts category.
Removed the lastSeen output since it may differ between test runs.

(WebCore::ResourceLoadStatistics::merge):

Handling of the new topFrameLoadedThirdPartyScripts category.

  • loader/ResourceLoadStatistics.h:

Added the new topFrameLoadedThirdPartyScripts category.

  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

Now sends the ResourceLoadObserver::FetchDestinationIsScriptLike parameter to
ResourceLoadObserver::logSubresourceLoading().

Source/WebKit:

Third-party scripts running in the first-party context are a significant privacy
and security risk. This change captures the number of such script loads which will
allow ITP to take action.

  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:

(WebKit::ResourceLoadStatisticsDatabaseStore::ResourceLoadStatisticsDatabaseStore):
(WebKit::ResourceLoadStatisticsDatabaseStore::createUniqueIndices):
(WebKit::ResourceLoadStatisticsDatabaseStore::createSchema):
(WebKit::ResourceLoadStatisticsDatabaseStore::prepareStatements):
(WebKit::ResourceLoadStatisticsDatabaseStore::insertDomainRelationships):
(WebKit::ResourceLoadStatisticsDatabaseStore::getSubStatisticStatement):

Addition of the new category TopFrameLoadedThirdPartyScripts.

(WebKit::ResourceLoadStatisticsDatabaseStore::resourceToString):

Removed the lastSeen output since it may differ between test runs.

  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
  • NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:

Bumped statisticsModelVersion to 17.

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<ResourceLoadStatistics>::encode):
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode):

Encoding and decoding of the new category topFrameLoadedThirdPartyScripts.

  • WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp:

(WebKit::WebResourceLoadObserver::logSubresourceLoading):

Now takes an additional enum parameter FetchDestinationIsScriptLike which
is used to detect third-party script-like loads (script, worker, or
service worker) from third-parties. If one is detected, it is stored
in the new topFrameLoadedThirdPartyScripts category.

  • WebProcess/WebCoreSupport/WebResourceLoadObserver.h:

LayoutTests:

  • http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database-expected.txt: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database.html: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-expected.txt: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker.html: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-loads-database-expected.txt: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-loads-database.html: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-loads-expected.txt: Added.
  • http/tests/resourceLoadStatistics/count-third-party-script-loads.html: Added.
  • http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-database-expected.txt: Added.
  • http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-database.html: Added.
  • http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-expected.txt: Added.
  • http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script.html: Added.
  • http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-database-expected.txt:

Removed the lastSeen output since it may differ between test runs.

  • http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-expected.txt:

Removed the lastSeen output since it may differ between test runs.

  • http/tests/resourceLoadStatistics/resources/dummy.js: Added.
  • http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-database-expected.txt:

Removed the lastSeen output since it may differ between test runs.

  • http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-expected.txt:

Removed the lastSeen output since it may differ between test runs.

Location:
trunk
Files:
8 added
18 edited
5 copied

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r252633 r252641  
     12019-11-19  John Wilander  <wilander@apple.com>
     2
     3        Resource Load Statistics: Count third-party script loads under top frame
     4        https://bugs.webkit.org/show_bug.cgi?id=204262
     5        <rdar://problem/57244945>
     6
     7        Reviewed by Alex Christensen.
     8
     9        * http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database-expected.txt: Added.
     10        * http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database.html: Added.
     11        * http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-expected.txt: Added.
     12        * http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker.html: Added.
     13        * http/tests/resourceLoadStatistics/count-third-party-script-loads-database-expected.txt: Added.
     14        * http/tests/resourceLoadStatistics/count-third-party-script-loads-database.html: Added.
     15        * http/tests/resourceLoadStatistics/count-third-party-script-loads-expected.txt: Added.
     16        * http/tests/resourceLoadStatistics/count-third-party-script-loads.html: Added.
     17        * http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-database-expected.txt: Added.
     18        * http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-database.html: Added.
     19        * http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-expected.txt: Added.
     20        * http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script.html: Added.
     21        * http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-database-expected.txt:
     22            Removed the lastSeen output since it may differ between test runs.
     23        * http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-expected.txt:
     24            Removed the lastSeen output since it may differ between test runs.
     25        * http/tests/resourceLoadStatistics/resources/dummy.js: Added.
     26        * http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-database-expected.txt:
     27            Removed the lastSeen output since it may differ between test runs.
     28        * http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-expected.txt:
     29            Removed the lastSeen output since it may differ between test runs.
     30
    1312019-11-19  Sihui Liu  <sihui_liu@apple.com>
    232
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database-expected.txt

    r252640 r252641  
    1 Test logging of link decorated cross-site navigations from a prevalent resource.
     1PASS successfullyParsed is true
     2
     3TEST COMPLETE
    24
    35Resource load statistics:
    46
    5 Registrable domain: localhost
    6     lastSeen: 0
     7Registrable domain: 127.0.0.1
    78    hadUserInteraction: No
    89    mostRecentUserInteraction: -1
    910    grandfathered: No
    10     topFrameLinkDecorationsFrom:
    11         127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     11    TopFrameLoadedThirdPartyScripts:
     12        localhost
     13    IsScheduledForAllButCookieDataRemoval: No
     14    isPrevalentResource: No
    1315    isVeryPrevalentResource: No
    1416    dataRecordsRemoved: 0
    15 Registrable domain: 127.0.0.1
    16     lastSeen: 0
     17Registrable domain: localhost
    1718    hadUserInteraction: No
    1819    mostRecentUserInteraction: -1
    1920    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     21    IsScheduledForAllButCookieDataRemoval: No
     22    SubresourceUnderTopFrameDomains:
     23        127.0.0.1
     24    isPrevalentResource: No
    2125    isVeryPrevalentResource: No
    2226    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-expected.txt

    r252640 r252641  
    1 Test logging of link decorated cross-site navigations from a prevalent resource.
     1PASS successfullyParsed is true
     2
     3TEST COMPLETE
    24
    35Resource load statistics:
    46
    57Registrable domain: localhost
    6     lastSeen: 0
    78    hadUserInteraction: No
    89    mostRecentUserInteraction: -1
    910    grandfathered: No
    10     topFrameLinkDecorationsFrom:
     11    gotLinkDecorationFromPrevalentResource: No
     12    subresourceUnderTopFrameDomains:
    1113        127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     14    isPrevalentResource: No
    1315    isVeryPrevalentResource: No
    1416    dataRecordsRemoved: 0
    1517Registrable domain: 127.0.0.1
    16     lastSeen: 0
    1718    hadUserInteraction: No
    1819    mostRecentUserInteraction: -1
    1920    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     21    gotLinkDecorationFromPrevalentResource: No
     22    topFrameLoadedThirdPartyScripts:
     23        localhost
     24    isPrevalentResource: No
    2125    isVeryPrevalentResource: No
    2226    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/count-third-party-script-loads-database-expected.txt

    r252640 r252641  
    1 Test logging of link decorated cross-site navigations from a prevalent resource.
     1PASS successfullyParsed is true
     2
     3TEST COMPLETE
    24
    35Resource load statistics:
    46
    5 Registrable domain: localhost
    6     lastSeen: 0
     7Registrable domain: 127.0.0.1
    78    hadUserInteraction: No
    89    mostRecentUserInteraction: -1
    910    grandfathered: No
    10     topFrameLinkDecorationsFrom:
    11         127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     11    TopFrameLoadedThirdPartyScripts:
     12        localhost
     13    IsScheduledForAllButCookieDataRemoval: No
     14    isPrevalentResource: No
    1315    isVeryPrevalentResource: No
    1416    dataRecordsRemoved: 0
    15 Registrable domain: 127.0.0.1
    16     lastSeen: 0
     17Registrable domain: localhost
    1718    hadUserInteraction: No
    1819    mostRecentUserInteraction: -1
    1920    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     21    IsScheduledForAllButCookieDataRemoval: No
     22    SubresourceUnderTopFrameDomains:
     23        127.0.0.1
     24    isPrevalentResource: No
    2125    isVeryPrevalentResource: No
    2226    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/count-third-party-script-loads-expected.txt

    r252640 r252641  
    1 Test logging of link decorated cross-site navigations from a prevalent resource.
     1PASS successfullyParsed is true
     2
     3TEST COMPLETE
    24
    35Resource load statistics:
    46
    57Registrable domain: localhost
    6     lastSeen: 0
    78    hadUserInteraction: No
    89    mostRecentUserInteraction: -1
    910    grandfathered: No
    10     topFrameLinkDecorationsFrom:
     11    gotLinkDecorationFromPrevalentResource: No
     12    subresourceUnderTopFrameDomains:
    1113        127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     14    isPrevalentResource: No
    1315    isVeryPrevalentResource: No
    1416    dataRecordsRemoved: 0
    1517Registrable domain: 127.0.0.1
    16     lastSeen: 0
    1718    hadUserInteraction: No
    1819    mostRecentUserInteraction: -1
    1920    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     21    gotLinkDecorationFromPrevalentResource: No
     22    topFrameLoadedThirdPartyScripts:
     23        localhost
     24    isPrevalentResource: No
    2125    isVeryPrevalentResource: No
    2226    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/dont-count-third-party-image-as-third-party-script-database-expected.txt

    r252640 r252641  
    1 Test logging of link decorated cross-site navigations from a prevalent resource.
     1PASS successfullyParsed is true
     2
     3TEST COMPLETE
    24
    35Resource load statistics:
    46
    5 Registrable domain: localhost
    6     lastSeen: 0
     7Registrable domain: 127.0.0.1
    78    hadUserInteraction: No
    89    mostRecentUserInteraction: -1
    910    grandfathered: No
    10     topFrameLinkDecorationsFrom:
    11         127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     11    IsScheduledForAllButCookieDataRemoval: No
     12    isPrevalentResource: No
    1313    isVeryPrevalentResource: No
    1414    dataRecordsRemoved: 0
    15 Registrable domain: 127.0.0.1
    16     lastSeen: 0
     15Registrable domain: localhost
    1716    hadUserInteraction: No
    1817    mostRecentUserInteraction: -1
    1918    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     19    IsScheduledForAllButCookieDataRemoval: No
     20    SubresourceUnderTopFrameDomains:
     21        127.0.0.1
     22    isPrevalentResource: No
    2123    isVeryPrevalentResource: No
    2224    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-database-expected.txt

    r251501 r252641  
    44
    55Registrable domain: 127.0.0.1
    6     lastSeen: 0
    76    hadUserInteraction: No
    87    mostRecentUserInteraction: -1
    98    grandfathered: No
    10     IsScheduledForAllButCookieDataRemoval: No    isPrevalentResource: Yes
     9    IsScheduledForAllButCookieDataRemoval: No
     10    isPrevalentResource: Yes
    1111    isVeryPrevalentResource: No
    1212    dataRecordsRemoved: 0
    1313Registrable domain: 127.0.0.2
    14     lastSeen: 0
    1514    hadUserInteraction: No
    1615    mostRecentUserInteraction: -1
    1716    grandfathered: No
    18     IsScheduledForAllButCookieDataRemoval: No    isPrevalentResource: No
     17    IsScheduledForAllButCookieDataRemoval: No
     18    isPrevalentResource: No
    1919    isVeryPrevalentResource: No
    2020    dataRecordsRemoved: 0
    2121Registrable domain: localhost
    22     lastSeen: 0
    2322    hadUserInteraction: No
    2423    mostRecentUserInteraction: -1
     
    2726        127.0.0.1
    2827        127.0.0.2
    29     IsScheduledForAllButCookieDataRemoval: Yes    isPrevalentResource: No
     28    IsScheduledForAllButCookieDataRemoval: Yes
     29    isPrevalentResource: No
    3030    isVeryPrevalentResource: No
    3131    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-expected.txt

    r242603 r252641  
    44
    55Registrable domain: localhost
    6     lastSeen: 0
    76    hadUserInteraction: No
    87    mostRecentUserInteraction: -1
     
    109    topFrameLinkDecorationsFrom:
    1110        127.0.0.1
    12     gotLinkDecorationFromPrevalentResource: Yes    isPrevalentResource: No
     11    gotLinkDecorationFromPrevalentResource: Yes
     12    isPrevalentResource: No
    1313    isVeryPrevalentResource: No
    1414    dataRecordsRemoved: 0
    1515Registrable domain: 127.0.0.1
    16     lastSeen: 0
    1716    hadUserInteraction: No
    1817    mostRecentUserInteraction: -1
    1918    grandfathered: No
    20     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     19    gotLinkDecorationFromPrevalentResource: No
     20    isPrevalentResource: Yes
    2121    isVeryPrevalentResource: No
    2222    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-database-expected.txt

    r251501 r252641  
    1717
    1818Registrable domain: 127.0.0.1
    19     lastSeen: 0
    2019    hadUserInteraction: No
    2120    mostRecentUserInteraction: -1
     
    2322    TopFrameLinkDecorationsFrom:
    2423        localhost
    25     IsScheduledForAllButCookieDataRemoval: No    isPrevalentResource: No
     24    IsScheduledForAllButCookieDataRemoval: No
     25    isPrevalentResource: No
    2626    isVeryPrevalentResource: No
    2727    dataRecordsRemoved: 1
    2828Registrable domain: localhost
    29     lastSeen: 0
    3029    hadUserInteraction: No
    3130    mostRecentUserInteraction: -1
    3231    grandfathered: No
    33     IsScheduledForAllButCookieDataRemoval: No    isPrevalentResource: Yes
     32    IsScheduledForAllButCookieDataRemoval: No
     33    isPrevalentResource: Yes
    3434    isVeryPrevalentResource: No
    3535    dataRecordsRemoved: 0
  • trunk/LayoutTests/http/tests/resourceLoadStatistics/website-data-removal-for-site-navigated-to-with-link-decoration-expected.txt

    r243632 r252641  
    1717
    1818Registrable domain: localhost
    19     lastSeen: 0
    2019    hadUserInteraction: No
    2120    mostRecentUserInteraction: -1
    2221    grandfathered: No
    23     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: Yes
     22    gotLinkDecorationFromPrevalentResource: No
     23    isPrevalentResource: Yes
    2424    isVeryPrevalentResource: No
    2525    dataRecordsRemoved: 0
    2626Registrable domain: 127.0.0.1
    27     lastSeen: 0
    2827    hadUserInteraction: No
    2928    mostRecentUserInteraction: -1
     
    3130    topFrameLinkDecorationsFrom:
    3231        localhost
    33     gotLinkDecorationFromPrevalentResource: No    isPrevalentResource: No
     32    gotLinkDecorationFromPrevalentResource: No
     33    isPrevalentResource: No
    3434    isVeryPrevalentResource: No
    3535    dataRecordsRemoved: 1
  • trunk/Source/WebCore/ChangeLog

    r252640 r252641  
     12019-11-19  John Wilander  <wilander@apple.com>
     2
     3        Resource Load Statistics: Count third-party script loads under top frame
     4        https://bugs.webkit.org/show_bug.cgi?id=204262
     5        <rdar://problem/57244945>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Third-party scripts running in the first-party context are a significant privacy
     10        and security risk. This change captures the number of such script loads which will
     11        allow ITP to take action.
     12
     13        Tests: http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker-database.html
     14               http/tests/resourceLoadStatistics/count-third-party-script-import-in-worker.html
     15               http/tests/resourceLoadStatistics/count-third-party-script-loads-database.html
     16               http/tests/resourceLoadStatistics/count-third-party-script-loads.html
     17
     18        * loader/FrameLoader.cpp:
     19        (WebCore::FrameLoader::loadResourceSynchronously):
     20            Now sends the ResourceLoadObserver::FetchDestinationIsScriptLike parameter to
     21            ResourceLoadObserver::logSubresourceLoading().
     22        * loader/ResourceLoadObserver.h:
     23        (WebCore::ResourceLoadObserver::logSubresourceLoading):
     24            Now takes a FetchDestinationIsScriptLike parameter.
     25        * loader/ResourceLoadStatistics.cpp:
     26        (WebCore::ResourceLoadStatistics::encode const):
     27        (WebCore::ResourceLoadStatistics::decode):
     28        (WebCore::ResourceLoadStatistics::toString const):
     29            Output of the new topFrameLoadedThirdPartyScripts category.
     30            Removed the lastSeen output since it may differ between test runs.
     31        (WebCore::ResourceLoadStatistics::merge):
     32            Handling of the new topFrameLoadedThirdPartyScripts category.
     33        * loader/ResourceLoadStatistics.h:
     34            Added the new topFrameLoadedThirdPartyScripts category.
     35        * loader/SubresourceLoader.cpp:
     36        (WebCore::SubresourceLoader::willSendRequestInternal):
     37            Now sends the ResourceLoadObserver::FetchDestinationIsScriptLike parameter to
     38            ResourceLoadObserver::logSubresourceLoading().
     39
    1402019-11-19  Zalan Bujtas  <zalan@apple.com>
    241
  • trunk/Source/WebCore/loader/FrameLoader.cpp

    r252077 r252641  
    31513151            data = SharedBuffer::create(WTFMove(buffer));
    31523152            documentLoader()->applicationCacheHost().maybeLoadFallbackSynchronously(newRequest, error, response, data);
    3153             ResourceLoadObserver::shared().logSubresourceLoading(&m_frame, newRequest, response);
     3153            ResourceLoadObserver::shared().logSubresourceLoading(&m_frame, newRequest, response,
     3154                (isScriptLikeDestination(options.destination) ? ResourceLoadObserver::FetchDestinationIsScriptLike::Yes : ResourceLoadObserver::FetchDestinationIsScriptLike::No));
    31543155        }
    31553156    }
  • trunk/Source/WebCore/loader/ResourceLoadObserver.h

    r252014 r252641  
    3939    WTF_MAKE_FAST_ALLOCATED;
    4040public:
     41    // https://fetch.spec.whatwg.org/#request-destination-script-like
     42    enum class FetchDestinationIsScriptLike : bool { Yes, No };
     43
    4144    WEBCORE_EXPORT static ResourceLoadObserver& shared();
    4245    WEBCORE_EXPORT static ResourceLoadObserver* sharedIfExists();
     
    4548    virtual ~ResourceLoadObserver() { }
    4649
    47     virtual void logSubresourceLoading(const Frame*, const ResourceRequest& /* newRequest */, const ResourceResponse& /* redirectResponse */) { }
     50    virtual void logSubresourceLoading(const Frame*, const ResourceRequest& /* newRequest */, const ResourceResponse& /* redirectResponse */, FetchDestinationIsScriptLike) { }
    4851    virtual void logWebSocketLoading(const URL& /* targetURL */, const URL& /* mainFrameURL */) { }
    4952    virtual void logUserInteractionWithReducedTimeResolution(const Document&) { }
  • trunk/Source/WebCore/loader/ResourceLoadStatistics.cpp

    r242713 r252641  
    9696    encodeHashSet(encoder, "topFrameLinkDecorationsFrom"_s, "domain", topFrameLinkDecorationsFrom);
    9797    encoder.encodeBool("gotLinkDecorationFromPrevalentResource"_s, gotLinkDecorationFromPrevalentResource);
     98    encodeHashSet(encoder, "topFrameLoadedThirdPartyScripts"_s, "domain", topFrameLoadedThirdPartyScripts);
    9899
    99100    // Subframe stats
     
    224225        if (!decoder.decodeBool("gotLinkDecorationFromPrevalentResource", gotLinkDecorationFromPrevalentResource))
    225226            return false;
     227    }
     228
     229    if (modelVersion >= 17) {
     230        HashCountedSet<RegistrableDomain> topFrameLoadedThirdPartyScriptsCounted;
     231        decodeHashCountedSet(decoder, "topFrameLoadedThirdPartyScripts", topFrameLoadedThirdPartyScriptsCounted);
     232        for (auto& domain : topFrameLoadedThirdPartyScriptsCounted.values())
     233            topFrameLoadedThirdPartyScripts.add(domain);
    226234    }
    227235
     
    412420    builder.append(registrableDomain.string());
    413421    builder.append('\n');
    414     builder.appendLiteral("    lastSeen: ");
    415     builder.appendFixedPrecisionNumber(lastSeen.secondsSinceEpoch().value());
    416     builder.append('\n');
    417    
     422
    418423    // User interaction
    419424    appendBoolean(builder, "hadUserInteraction", hadUserInteraction);
     
    433438    appendHashSet(builder, "topFrameLinkDecorationsFrom", topFrameLinkDecorationsFrom);
    434439    appendBoolean(builder, "gotLinkDecorationFromPrevalentResource", gotLinkDecorationFromPrevalentResource);
     440    builder.append('\n');
     441    appendHashSet(builder, "topFrameLoadedThirdPartyScripts", topFrameLoadedThirdPartyScripts);
    435442
    436443    // Subframe stats
     
    509516    mergeHashSet(topFrameLinkDecorationsFrom, other.topFrameLinkDecorationsFrom);
    510517    gotLinkDecorationFromPrevalentResource |= other.gotLinkDecorationFromPrevalentResource;
     518    mergeHashSet(topFrameLoadedThirdPartyScripts, other.topFrameLoadedThirdPartyScripts);
    511519
    512520    // Subframe stats
  • trunk/Source/WebCore/loader/ResourceLoadStatistics.h

    r242603 r252641  
    8181    HashSet<RegistrableDomain> topFrameLinkDecorationsFrom;
    8282    bool gotLinkDecorationFromPrevalentResource { false };
     83    HashSet<RegistrableDomain> topFrameLoadedThirdPartyScripts;
    8384
    8485    // Subframe stats
  • trunk/Source/WebCore/loader/SubresourceLoader.cpp

    r252348 r252641  
    196196    if (newRequest.requester() != ResourceRequestBase::Requester::Main) {
    197197        tracePoint(SubresourceLoadWillStart);
    198         ResourceLoadObserver::shared().logSubresourceLoading(m_frame.get(), newRequest, redirectResponse);
     198        ResourceLoadObserver::shared().logSubresourceLoading(m_frame.get(), newRequest, redirectResponse,
     199            (isScriptLikeDestination(options().destination) ? ResourceLoadObserver::FetchDestinationIsScriptLike::Yes : ResourceLoadObserver::FetchDestinationIsScriptLike::No));
    199200    }
    200201
  • trunk/Source/WebKit/ChangeLog

    r252637 r252641  
     12019-11-19  John Wilander  <wilander@apple.com>
     2
     3        Resource Load Statistics: Count third-party script loads under top frame
     4        https://bugs.webkit.org/show_bug.cgi?id=204262
     5        <rdar://problem/57244945>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Third-party scripts running in the first-party context are a significant privacy
     10        and security risk. This change captures the number of such script loads which will
     11        allow ITP to take action.
     12
     13        * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
     14        (WebKit::ResourceLoadStatisticsDatabaseStore::ResourceLoadStatisticsDatabaseStore):
     15        (WebKit::ResourceLoadStatisticsDatabaseStore::createUniqueIndices):
     16        (WebKit::ResourceLoadStatisticsDatabaseStore::createSchema):
     17        (WebKit::ResourceLoadStatisticsDatabaseStore::prepareStatements):
     18        (WebKit::ResourceLoadStatisticsDatabaseStore::insertDomainRelationships):
     19        (WebKit::ResourceLoadStatisticsDatabaseStore::getSubStatisticStatement):
     20            Addition of the new category TopFrameLoadedThirdPartyScripts.
     21        (WebKit::ResourceLoadStatisticsDatabaseStore::resourceToString):
     22            Removed the lastSeen output since it may differ between test runs.
     23        * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
     24        * NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:
     25            Bumped statisticsModelVersion to 17.
     26        * Shared/WebCoreArgumentCoders.cpp:
     27        (IPC::ArgumentCoder<ResourceLoadStatistics>::encode):
     28        (IPC::ArgumentCoder<ResourceLoadStatistics>::decode):
     29            Encoding and decoding of the new category topFrameLoadedThirdPartyScripts.
     30        * WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp:
     31        (WebKit::WebResourceLoadObserver::logSubresourceLoading):
     32            Now takes an additional enum parameter FetchDestinationIsScriptLike which
     33            is used to detect third-party script-like loads (script, worker, or
     34            service worker) from third-parties. If one is detected, it is stored
     35            in the new topFrameLoadedThirdPartyScripts category.
     36        * WebProcess/WebCoreSupport/WebResourceLoadObserver.h:
     37
    1382019-11-19  Brian Burg  <bburg@apple.com>
    239
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp

    r252030 r252641  
    8484constexpr auto topFrameUniqueRedirectsFromQuery = "INSERT OR IGNORE INTO TopFrameUniqueRedirectsFrom (targetDomainID, fromDomainID) SELECT ?, domainID FROM ObservedDomains WHERE registrableDomain in ( "_s;
    8585constexpr auto topFrameLinkDecorationsFromQuery = "INSERT OR IGNORE INTO TopFrameLinkDecorationsFrom (toDomainID, fromDomainID) SELECT ?, domainID FROM ObservedDomains WHERE registrableDomain in ( "_s;
     86constexpr auto topFrameLoadedThirdPartyScriptsQuery = "INSERT OR IGNORE into TopFrameLoadedThirdPartyScripts (topFrameDomainID, subresourceDomainID) SELECT ?, domainID FROM ObservedDomains where registrableDomain in ( "_s;
    8687constexpr auto subresourceUnderTopFrameDomainsQuery = "INSERT OR IGNORE INTO SubresourceUnderTopFrameDomains (subresourceDomainID, topFrameDomainID) SELECT ?, domainID FROM ObservedDomains WHERE registrableDomain in ( "_s;
    8788constexpr auto subresourceUniqueRedirectsToQuery = "INSERT OR IGNORE INTO SubresourceUniqueRedirectsTo (subresourceDomainID, toDomainID) SELECT ?, domainID FROM ObservedDomains WHERE registrableDomain in ( "_s;
     
    9697    "AND toDomainID = (SELECT domainID FROM ObservedDomains WHERE registrableDomain = ?))"_s;
    9798constexpr auto topFrameLinkDecorationsFromExistsQuery = "SELECT EXISTS (SELECT 1 FROM TopFrameLinkDecorationsFrom WHERE toDomainID = ? "
    98 "AND fromDomainID = (SELECT domainID FROM ObservedDomains WHERE registrableDomain = ?))"_s;
     99    "AND fromDomainID = (SELECT domainID FROM ObservedDomains WHERE registrableDomain = ?))"_s;
     100constexpr auto topFrameLoadedThirdPartyScriptsExistsQuery = "SELECT EXISTS (SELECT 1 FROM TopFrameLoadedThirdPartyScripts WHERE topFrameDomainID = ? "
     101    "AND subresourceDomainID = (SELECT domainID FROM ObservedDomains WHERE registrableDomain = ?))"_s;
    99102
    100103// UPDATE Queries
     
    167170    "FOREIGN KEY(fromDomainID) REFERENCES TopLevelDomains(topLevelDomainID) ON DELETE CASCADE);"_s;
    168171
     172constexpr auto createTopFrameLoadedThirdPartyScripts = "CREATE TABLE TopFrameLoadedThirdPartyScripts ("
     173    "topFrameDomainID INTEGER NOT NULL, subresourceDomainID INTEGER NOT NULL, "
     174    "FOREIGN KEY(topFrameDomainID) REFERENCES ObservedDomains(domainID) ON DELETE CASCADE, "
     175    "FOREIGN KEY(subresourceDomainID) REFERENCES ObservedDomains(domainID) ON DELETE CASCADE);"_s;
     176
    169177constexpr auto createSubframeUnderTopFrameDomains = "CREATE TABLE SubframeUnderTopFrameDomains ("
    170178    "subFrameDomainID INTEGER NOT NULL, topFrameDomainID INTEGER NOT NULL, "
     
    192200constexpr auto createUniqueIndexTopFrameUniqueRedirectsFrom = "CREATE UNIQUE INDEX IF NOT EXISTS TopFrameUniqueRedirectsFrom_targetDomainID_fromDomainID on TopFrameUniqueRedirectsFrom ( targetDomainID, fromDomainID );"_s;
    193201constexpr auto createUniqueIndexTopFrameLinkDecorationsFrom = "CREATE UNIQUE INDEX IF NOT EXISTS TopFrameLinkDecorationsFrom_toDomainID_fromDomainID on TopFrameLinkDecorationsFrom ( toDomainID, fromDomainID );"_s;
     202constexpr auto createUniqueIndexTopFrameLoadedThirdPartyScripts = "CREATE UNIQUE INDEX IF NOT EXISTS TopFrameLoadedThirdPartyScripts_topFrameDomainID_subresourceDomainID on TopFrameLoadedThirdPartyScripts ( topFrameDomainID, subresourceDomainID );"_s;
    194203constexpr auto createUniqueIndexSubframeUnderTopFrameDomains = "CREATE UNIQUE INDEX IF NOT EXISTS SubframeUnderTopFrameDomains_subFrameDomainID_topFrameDomainID on SubframeUnderTopFrameDomains ( subFrameDomainID, topFrameDomainID );"_s;
    195204constexpr auto createUniqueIndexSubresourceUnderTopFrameDomains = "CREATE UNIQUE INDEX IF NOT EXISTS SubresourceUnderTopFrameDomains_subresourceDomainID_topFrameDomainID on SubresourceUnderTopFrameDomains ( subresourceDomainID, topFrameDomainID );"_s;
     
    217226    , m_domainIDFromStringStatement(m_database, domainIDFromStringQuery)
    218227    , m_topFrameLinkDecorationsFromExists(m_database, topFrameLinkDecorationsFromExistsQuery)
     228    , m_topFrameLoadedThirdPartyScriptsExists(m_database, topFrameLoadedThirdPartyScriptsExistsQuery)
    219229    , m_subframeUnderTopFrameDomainExists(m_database, subframeUnderTopFrameDomainExistsQuery)
    220230    , m_subresourceUnderTopFrameDomainExists(m_database, subresourceUnderTopFrameDomainExistsQuery)
     
    341351        || !m_database.executeCommand(createUniqueIndexTopFrameUniqueRedirectsFrom)
    342352        || !m_database.executeCommand(createUniqueIndexTopFrameLinkDecorationsFrom)
     353        || !m_database.executeCommand(createUniqueIndexTopFrameLoadedThirdPartyScripts)
    343354        || !m_database.executeCommand(createUniqueIndexSubframeUnderTopFrameDomains)
    344355        || !m_database.executeCommand(createUniqueIndexSubresourceUnderTopFrameDomains)
     
    382393    if (!m_database.executeCommand(createTopFrameLinkDecorationsFrom)) {
    383394        LOG_ERROR("Could not create TopFrameLinkDecorationsFrom table in database (%i) - %s", m_database.lastError(), m_database.lastErrorMsg());
     395        return false;
     396    }
     397   
     398    if (!m_database.executeCommand(createTopFrameLoadedThirdPartyScripts)) {
     399        LOG_ERROR("Could not create TopFrameLoadedThirdPartyScripts table in database (%i) - %s", m_database.lastError(), m_database.lastErrorMsg());
    384400        return false;
    385401    }
     
    436452        || m_findExpiredUserInteractionStatement.prepare() != SQLITE_OK
    437453        || m_topFrameLinkDecorationsFromExists.prepare() != SQLITE_OK
     454        || m_topFrameLoadedThirdPartyScriptsExists.prepare() != SQLITE_OK
    438455        || m_countPrevalentResourcesStatement.prepare() != SQLITE_OK
    439456        || m_countPrevalentResourcesWithUserInteractionStatement.prepare() != SQLITE_OK
     
    601618    insertDomainRelationshipList(subresourceUniqueRedirectsFromQuery, loadStatistics.subresourceUniqueRedirectsFrom, registrableDomainID.value());
    602619    insertDomainRelationshipList(topFrameLinkDecorationsFromQuery, loadStatistics.topFrameLinkDecorationsFrom, registrableDomainID.value());
     620    insertDomainRelationshipList(topFrameLoadedThirdPartyScriptsQuery, loadStatistics.topFrameLoadedThirdPartyScripts, registrableDomainID.value());
    603621}
    604622
     
    22282246    if (tableName == "TopFrameLinkDecorationsFrom")
    22292247        return "SELECT fromDomainID from TopFrameLinkDecorationsFrom WHERE toDomainID = ?";
     2248    if (tableName == "TopFrameLoadedThirdPartyScripts")
     2249        return "SELECT subresourceDomainID from TopFrameLoadedThirdPartyScripts WHERE topFrameDomainID = ?";
    22302250    if (tableName == "SubframeUnderTopFrameDomains")
    22312251        return "SELECT topFrameDomainID from SubframeUnderTopFrameDomains WHERE subFrameDomainID = ?";
     
    22842304    builder.append(domain);
    22852305    builder.append('\n');
    2286     builder.appendLiteral("    lastSeen: ");
    2287     builder.appendFixedPrecisionNumber(m_getResourceDataByDomainNameStatement.getColumnDouble(LastSeenIndex));
    2288     builder.append('\n');
    22892306   
    22902307    // User interaction
     
    23042321    appendSubStatisticList(builder, "TopFrameUniqueRedirectsFrom", domain);
    23052322    appendSubStatisticList(builder, "TopFrameLinkDecorationsFrom", domain);
     2323    appendSubStatisticList(builder, "TopFrameLoadedThirdPartyScripts", domain);
    23062324
    23072325    appendBoolean(builder, "IsScheduledForAllButCookieDataRemoval", m_getResourceDataByDomainNameStatement.getColumnInt(IsScheduledForAllButCookieDataRemovalIndex));
     2326    builder.append('\n');
    23082327
    23092328    // Subframe stats
     
    23272346}
    23282347
    2329 
    23302348} // namespace WebKit
    23312349
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h

    r251663 r252641  
    224224    mutable WebCore::SQLiteStatement m_domainIDFromStringStatement;
    225225    mutable WebCore::SQLiteStatement m_topFrameLinkDecorationsFromExists;
     226    mutable WebCore::SQLiteStatement m_topFrameLoadedThirdPartyScriptsExists;
    226227    mutable WebCore::SQLiteStatement m_subframeUnderTopFrameDomainExists;
    227228    mutable WebCore::SQLiteStatement m_subresourceUnderTopFrameDomainExists;
  • trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp

    r251663 r252641  
    5252using namespace WebCore;
    5353
    54 constexpr unsigned statisticsModelVersion { 16 };
     54constexpr unsigned statisticsModelVersion { 17 };
    5555
    5656struct StatisticsLastSeen {
  • trunk/Source/WebKit/Shared/WebCoreArgumentCoders.cpp

    r251361 r252641  
    26852685    encoder << statistics.topFrameUniqueRedirectsTo;
    26862686    encoder << statistics.topFrameUniqueRedirectsFrom;
     2687    encoder << statistics.topFrameLoadedThirdPartyScripts;
    26872688
    26882689    // Subframe stats
     
    27562757        return WTF::nullopt;
    27572758    statistics.topFrameUniqueRedirectsFrom = WTFMove(*topFrameUniqueRedirectsFrom);
     2759
     2760    Optional<HashSet<RegistrableDomain>> topFrameLoadedThirdPartyScripts;
     2761    decoder >> topFrameLoadedThirdPartyScripts;
     2762    if (!topFrameLoadedThirdPartyScripts)
     2763        return WTF::nullopt;
     2764    statistics.topFrameLoadedThirdPartyScripts = WTFMove(*topFrameLoadedThirdPartyScripts);
    27582765
    27592766    // Subframe stats
  • trunk/Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp

    r252014 r252641  
    236236}
    237237
    238 void WebResourceLoadObserver::logSubresourceLoading(const Frame* frame, const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
     238void WebResourceLoadObserver::logSubresourceLoading(const Frame* frame, const ResourceRequest& newRequest, const ResourceResponse& redirectResponse, FetchDestinationIsScriptLike isScriptLike)
    239239{
    240240    ASSERT(frame->page());
     
    270270        targetStatistics.lastSeen = lastSeen;
    271271        targetStatistics.subresourceUnderTopFrameDomains.add(topFrameDomain);
     272
     273        scheduleNotificationIfNeeded();
     274    }
     275
     276    if (frame->isMainFrame() && isScriptLike == FetchDestinationIsScriptLike::Yes) {
     277        auto& topFrameStatistics = ensureResourceStatisticsForRegistrableDomain(topFrameDomain);
     278        topFrameStatistics.topFrameLoadedThirdPartyScripts.add(targetDomain);
    272279
    273280        scheduleNotificationIfNeeded();
  • trunk/Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.h

    r252014 r252641  
    4040    ~WebResourceLoadObserver();
    4141
    42     void logSubresourceLoading(const WebCore::Frame*, const WebCore::ResourceRequest& newRequest, const WebCore::ResourceResponse& redirectResponse) final;
     42    void logSubresourceLoading(const WebCore::Frame*, const WebCore::ResourceRequest& newRequest, const WebCore::ResourceResponse& redirectResponse, FetchDestinationIsScriptLike) final;
    4343    void logWebSocketLoading(const URL& targetURL, const URL& mainFrameURL) final;
    4444    void logUserInteractionWithReducedTimeResolution(const WebCore::Document&) final;
Note: See TracChangeset for help on using the changeset viewer.