Issue 645698 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	elawrence@chromium.org
Closed:	Aug 2017
Cc:	█ lgar...@chromium.org est...@chromium.org rsleevi@chromium.org
Components:	Internals>PageSecurityState
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Team-Security-UX

Remove WARNING security levels.

Project Member Reported by lgar...@chromium.org, Sep 10 2016

Issue description

Almost all of its uses are dead code paths since we shunted it to neutral a year ago [1].

Manifestations:

- content::SECURITY_STYLE_WARNING
- SecurityStateModel::SECURITY_WARNING
  - Generated for Android: ConnectionSecurityLevel.SECURITY_WARNING
- Security[Agent].SecurityState.warning (DevTools)
  - Generated for the browser process: content::devtools::security::kSecurityStateWarning

After looking at all uses of these constants, I saw only one potential non-dead code path [2]:

    case SecurityStateModel::SECURITY_POLICY_WARNING:
      return content::SECURITY_STYLE_WARNING;

I believe the right thing to do in that case is to map SECURITY_POLICY_WARNING it to SECURITY_STYLE_UNAUTHENTICATED instead.

I'm going to try uploading a CL with all the removed values and see if it still passes all tests.

[1] https://security.googleblog.com/2015/10/simplifying-page-security-icon-in-chrome.html
[2] https://chromium.googlesource.com/chromium/src/+blame/master/chrome/browser/ssl/chrome_security_state_model_client.cc#77

Comment 1 by lgar...@chromium.org, Sep 10 2016

CL is at https://codereview.chromium.org/2329153002

Comment 2 by lgar...@chromium.org, Nov 22 2016

Components: -Security>UX Internals>PageSecurityState

Comment 3 by lgar...@chromium.org, Nov 22 2016

Components: Internals>Permissions>CrowdConsent

Comment 4 by lgar...@chromium.org, Nov 22 2016

Components: -Internals>Permissions>CrowdConsent

Project Member

Comment 5 by bugdroid1@chromium.org, Aug 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ec1bba9ca0f2e6d210af6f93948708a95c406ce7

commit ec1bba9ca0f2e6d210af6f93948708a95c406ce7
Author: Eric Lawrence <elawrence@chromium.org>
Date: Fri Aug 25 17:28:59 2017

Remove obsolete SECURITY_WARNING security level

The SECURITY_WARNING state has been deprecated for some time and no
longer has any legitimate uses. Remove it entirely from the code.
Update handling of SECURE_WITH_POLICY_INSTALLED_CERT as appropriate,
although this state is currently only present on ChromeOS devices.

TBR: pkasting@chromium.org
Bug:  645698 ,  297249 
Change-Id: I273b2a025ae3ecc1d0f8ad06ae423cd2efea942c
Reviewed-on: https://chromium-review.googlesource.com/613806
Commit-Queue: Eric Lawrence <elawrence@chromium.org>
Reviewed-by: Ted Choc (OOO 8.21-25) <tedchoc@chromium.org>
Reviewed-by: Michael Thiessen <mthiesse@chromium.org>
Reviewed-by: Rohit Rao (OOO until 8-30) <rohitrao@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#497452}
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/ActivityTabTaskDescriptionHelper.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/omnibox/LocationBarLayout.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/omnibox/OmniboxUrlEmphasizer.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/tab/Tab.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/tab/TabStateBrowserControlsVisibilityDelegate.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappBrowserControlsDelegate.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/javatests/src/org/chromium/chrome/browser/omnibox/OmniboxUrlEmphasizerTest.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/javatests/src/org/chromium/chrome/browser/webapps/WebappUrlBarTest.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/javatests/src/org/chromium/chrome/browser/webapps/WebappVisibilityTest.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/android/junit/src/org/chromium/chrome/browser/omnibox/LocationBarLayoutTest.java
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/browser/ui/cocoa/omnibox/omnibox_view_mac.mm
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/chrome/browser/vr/elements/url_bar_texture.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/components/security_state/content/content_utils.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/components/security_state/core/security_state.h
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/components/security_state/core/security_state_ui.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/components/toolbar/toolbar_model_impl.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/content/browser/devtools/protocol/security_handler.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/ios/chrome/browser/ui/omnibox/omnibox_util.cc
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/ios/chrome/browser/ui/omnibox/omnibox_view_ios.mm
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/ios/web/net/request_tracker_impl.mm
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/ios/web/public/security_style.h
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-state-comparator-expected.txt
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/LayoutTests/http/tests/inspector/security/security-state-comparator.html
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/Source/core/inspector/browser_protocol-1.2.json
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/Source/core/inspector/browser_protocol.json
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/Source/platform/loader/fetch/ResourceResponse.h
[modify] https://crrev.com/ec1bba9ca0f2e6d210af6f93948708a95c406ce7/third_party/WebKit/public/platform/WebSecurityStyle.h

Comment 6 by lgar...@chromium.org, Aug 28 2017

Cc: lgar...@chromium.org
Owner: elawrence@chromium.org
Status: Fixed (was: Assigned)

🎉🎉🎉

►

Issue 645698 link

Issue metadata

Remove WARNING security levels.

Issue description

Comment 1 by lgar...@chromium.org, Sep 10 2016

Comment 1 Deleted

Comment 2 by lgar...@chromium.org, Nov 22 2016

Comment 2 Deleted

Comment 3 by lgar...@chromium.org, Nov 22 2016

Comment 3 Deleted

Comment 4 by lgar...@chromium.org, Nov 22 2016

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Aug 25 2017

Comment 5 Deleted

Comment 6 by lgar...@chromium.org, Aug 28 2017

Comment 6 Deleted

Sign in to add a comment