Bug 1811076: Part 8 - Show content analysis WARN dialog and let user to choose allow/deny r=Gijs,fluent-reviewers,flod,rkraesig

gregstoll · gregstoll · commit 19759c691c1b · 2023-12-18T20:19:53.000Z
If a WARN response is returned from the content analysis agent, the browser displays a dialog box and lets the user choose whether to allow or deny the content. Differential Revision: https://phabricator.services.mozilla.com/D189581
diff --git a/browser/components/contentanalysis/content/ContentAnalysis.sys.mjs b/browser/components/contentanalysis/content/ContentAnalysis.sys.mjs
@@ -301,8 +301,8 @@ export const ContentAnalysis = {
           );
         }
         const responseResult =
-          request?.action ?? Ci.nsIContentAnalysisResponse.ACTION_UNSPECIFIED;
-        this._showCAResult(
+          request?.action ?? Ci.nsIContentAnalysisResponse.eUnspecified;
+        await this._showCAResult(
           windowAndResourceNameOrL10NId.resourceNameOrL10NId,
           windowAndResourceNameOrL10NId.browsingContext,
           request.requestToken,
@@ -395,8 +395,8 @@ export const ContentAnalysis = {
 
   _shouldShowBlockingNotification(aOperation) {
     return !(
-      aOperation == Ci.nsIContentAnalysisRequest.FILE_DOWNLOADED ||
-      aOperation == Ci.nsIContentAnalysisRequest.PRINT
+      aOperation == Ci.nsIContentAnalysisRequest.eFileDownloaded ||
+      aOperation == Ci.nsIContentAnalysisRequest.ePrint
     );
   },
 
@@ -413,16 +413,16 @@ export const ContentAnalysis = {
   _getResourceNameOrL10NIdFromRequest(aRequest) {
     if (
       aRequest.operationTypeForDisplay ==
-      Ci.nsIContentAnalysisRequest.OPERATION_CUSTOMDISPLAYSTRING
+      Ci.nsIContentAnalysisRequest.eCustomDisplayString
     ) {
       return { name: aRequest.operationDisplayString };
     }
     let l10nId;
     switch (aRequest.operationTypeForDisplay) {
-      case Ci.nsIContentAnalysisRequest.OPERATION_CLIPBOARD:
+      case Ci.nsIContentAnalysisRequest.eClipboard:
         l10nId = "contentanalysis-operationtype-clipboard";
         break;
-      case Ci.nsIContentAnalysisRequest.OPERATION_DROPPEDTEXT:
+      case Ci.nsIContentAnalysisRequest.eDroppedText:
         l10nId = "contentanalysis-operationtype-dropped-text";
         break;
     }
@@ -535,7 +535,7 @@ export const ContentAnalysis = {
    *
    * @returns {object} a notification object (if shown)
    */
-  _showCAResult(
+  async _showCAResult(
     aResourceNameOrL10NId,
     aBrowsingContext,
     aRequestToken,
@@ -545,11 +545,11 @@ export const ContentAnalysis = {
     let timeoutMs = 0;
 
     switch (aCAResult) {
-      case Ci.nsIContentAnalysisResponse.ALLOW:
+      case Ci.nsIContentAnalysisResponse.eAllow:
         // We don't need to show anything
         return null;
-      case Ci.nsIContentAnalysisResponse.REPORT_ONLY:
-        message = this.l10n.formatValueSync(
+      case Ci.nsIContentAnalysisResponse.eReportOnly:
+        message = await this.l10n.formatValue(
           "contentanalysis-genericresponse-message",
           {
             content: this._getResourceNameFromNameOrL10NId(
@@ -560,26 +560,42 @@ export const ContentAnalysis = {
         );
         timeoutMs = this._RESULT_NOTIFICATION_FAST_TIMEOUT_MS;
         break;
-      case Ci.nsIContentAnalysisResponse.WARN:
-        message = this.l10n.formatValueSync(
-          "contentanalysis-genericresponse-message",
-          {
+      case Ci.nsIContentAnalysisResponse.eWarn:
+        const result = await Services.prompt.asyncConfirmEx(
+          aBrowsingContext,
+          Ci.nsIPromptService.MODAL_TYPE_TAB,
+          await this.l10n.formatValue("contentanalysis-warndialogtitle"),
+          await this.l10n.formatValue("contentanalysis-warndialogtext", {
             content: this._getResourceNameFromNameOrL10NId(
               aResourceNameOrL10NId
             ),
-            response: "WARN",
-          }
+          }),
+          Ci.nsIPromptService.BUTTON_POS_0 *
+            Ci.nsIPromptService.BUTTON_TITLE_IS_STRING +
+            Ci.nsIPromptService.BUTTON_POS_1 *
+              Ci.nsIPromptService.BUTTON_TITLE_IS_STRING +
+            Ci.nsIPromptService.BUTTON_POS_1_DEFAULT,
+          await this.l10n.formatValue(
+            "contentanalysis-warndialog-response-allow"
+          ),
+          await this.l10n.formatValue(
+            "contentanalysis-warndialog-response-deny"
+          ),
+          null,
+          null,
+          {}
         );
-        timeoutMs = this._RESULT_NOTIFICATION_TIMEOUT_MS;
-        break;
-      case Ci.nsIContentAnalysisResponse.BLOCK:
-        message = this.l10n.formatValueSync("contentanalysis-block-message", {
+        const allow = result.get("buttonNumClicked") === 0;
+        lazy.gContentAnalysis.respondToWarnDialog(aRequestToken, allow);
+        return null;
+      case Ci.nsIContentAnalysisResponse.eBlock:
+        message = await this.l10n.formatValue("contentanalysis-block-message", {
           content: this._getResourceNameFromNameOrL10NId(aResourceNameOrL10NId),
         });
         timeoutMs = this._RESULT_NOTIFICATION_TIMEOUT_MS;
         break;
-      case Ci.nsIContentAnalysisResponse.ACTION_UNSPECIFIED:
-        message = this.l10n.formatValueSync("contentanalysis-error-message", {
+      case Ci.nsIContentAnalysisResponse.eUnspecified:
+        message = await this.l10n.formatValue("contentanalysis-error-message", {
           content: this._getResourceNameFromNameOrL10NId(aResourceNameOrL10NId),
         });
         timeoutMs = this._RESULT_NOTIFICATION_TIMEOUT_MS;
@@ -588,6 +604,14 @@ export const ContentAnalysis = {
         throw new Error("Unexpected CA result value: " + aCAResult);
     }
 
+    if (!message) {
+      console.error(
+        "_showCAResult did not get a message populated for result value " +
+          aCAResult
+      );
+      return null;
+    }
+
     return this._showMessage(message, aBrowsingContext, timeoutMs);
   },
 };
diff --git a/toolkit/components/contentanalysis/ContentAnalysis.cpp b/toolkit/components/contentanalysis/ContentAnalysis.cpp
@@ -557,6 +557,11 @@ void ContentAnalysisResponse::SetOwner(RefPtr<ContentAnalysis> aOwner) {
   mOwner = std::move(aOwner);
 }
 
+void ContentAnalysisResponse::ResolveWarnAction(bool aAllowContent) {
+  MOZ_ASSERT(mAction == Action::eWarn);
+  mAction = aAllowContent ? Action::eAllow : Action::eBlock;
+}
+
 ContentAnalysisAcknowledgement::ContentAnalysisAcknowledgement(
     Result aResult, FinalAction aFinalAction)
     : mResult(aResult), mFinalAction(aFinalAction) {}
@@ -616,7 +621,8 @@ ContentAnalysis::ContentAnalysis()
     : mCaClientPromise(
           new ClientPromise::Private("ContentAnalysis::ContentAnalysis")),
       mClientCreationAttempted(false),
-      mCallbackMap("ContentAnalysis::mCallbackMap") {}
+      mCallbackMap("ContentAnalysis::mCallbackMap"),
+      mWarnResponseDataMap("ContentAnalysis::mWarnResponseDataMap") {}
 
 ContentAnalysis::~ContentAnalysis() {
   // Accessing mClientCreationAttempted so need to be on the main thread
@@ -872,12 +878,22 @@ void ContentAnalysis::DoAnalyzeRequest(
             "Content analysis resolving response promise for "
             "token %s",
             responseRequestToken.get());
+        nsIContentAnalysisResponse::Action action = response->GetAction();
         nsCOMPtr<nsIObserverService> obsServ =
             mozilla::services::GetObserverService();
+        if (action == nsIContentAnalysisResponse::Action::eWarn) {
+          {
+            auto warnResponseDataMap = owner->mWarnResponseDataMap.Lock();
+            warnResponseDataMap->InsertOrUpdate(
+                responseRequestToken,
+                WarnResponseData(std::move(*maybeCallbackData), response));
+          }
+          obsServ->NotifyObservers(response, "dlp-response", nullptr);
+          return;
+        }
 
         obsServ->NotifyObservers(response, "dlp-response", nullptr);
         if (maybeCallbackData->AutoAcknowledge()) {
-          nsIContentAnalysisResponse::Action action = response->GetAction();
           auto acknowledgement = MakeRefPtr<ContentAnalysisAcknowledgement>(
               nsIContentAnalysisAcknowledgement::Result::eSuccess,
               ConvertResult(action));
@@ -962,6 +978,59 @@ ContentAnalysis::CancelContentAnalysisRequest(const nsACString& aRequestToken) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+ContentAnalysis::RespondToWarnDialog(const nsACString& aRequestToken,
+                                     bool aAllowContent) {
+  nsCString requestToken(aRequestToken);
+  NS_DispatchToMainThread(NS_NewCancelableRunnableFunction(
+      "RespondToWarnDialog",
+      [aAllowContent, requestToken = std::move(requestToken)]() {
+        RefPtr<ContentAnalysis> self = GetContentAnalysisFromService();
+        if (!self) {
+          // May be shutting down
+          return;
+        }
+
+        LOGD("Content analysis getting warn response %d for request %s",
+             aAllowContent ? 1 : 0, requestToken.get());
+        Maybe<WarnResponseData> entry;
+        {
+          auto warnResponseDataMap = self->mWarnResponseDataMap.Lock();
+          entry = warnResponseDataMap->Extract(requestToken);
+        }
+        if (!entry) {
+          LOGD(
+              "Content analysis request not found when trying to send warn "
+              "response for request %s",
+              requestToken.get());
+          return;
+        }
+        entry->mResponse->ResolveWarnAction(aAllowContent);
+        auto action = entry->mResponse->GetAction();
+        if (entry->mCallbackData.AutoAcknowledge()) {
+          RefPtr<ContentAnalysisAcknowledgement> acknowledgement =
+              new ContentAnalysisAcknowledgement(
+                  nsIContentAnalysisAcknowledgement::Result::eSuccess,
+                  ConvertResult(action));
+          entry->mResponse->Acknowledge(acknowledgement);
+        }
+        nsMainThreadPtrHandle<nsIContentAnalysisCallback> callbackHolder =
+            entry->mCallbackData.TakeCallbackHolder();
+        if (callbackHolder) {
+          RefPtr<ContentAnalysisResponse> response =
+              ContentAnalysisResponse::FromAction(action, requestToken);
+          response->SetOwner(self);
+          callbackHolder.get()->ContentResult(response.get());
+        } else {
+          LOGD(
+              "Content analysis had no callback to send warn final response "
+              "to for request %s",
+              requestToken.get());
+        }
+      }));
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 ContentAnalysisResponse::Acknowledge(
     nsIContentAnalysisAcknowledgement* aAcknowledgement) {
diff --git a/toolkit/components/contentanalysis/ContentAnalysis.h b/toolkit/components/contentanalysis/ContentAnalysis.h
@@ -138,6 +138,16 @@ class ContentAnalysis final : public nsIContentAnalysis {
     bool mAutoAcknowledge;
   };
   DataMutex<nsTHashMap<nsCString, CallbackData>> mCallbackMap;
+
+  struct WarnResponseData {
+    WarnResponseData(CallbackData&& aCallbackData,
+                     RefPtr<ContentAnalysisResponse> aResponse)
+        : mCallbackData(std::move(aCallbackData)), mResponse(aResponse) {}
+    ContentAnalysis::CallbackData mCallbackData;
+    RefPtr<ContentAnalysisResponse> mResponse;
+  };
+  DataMutex<nsTHashMap<nsCString, WarnResponseData>> mWarnResponseDataMap;
+
   friend class ContentAnalysisResponse;
 };
 
@@ -164,6 +174,8 @@ class ContentAnalysisResponse final : public nsIContentAnalysisResponse {
   static already_AddRefed<ContentAnalysisResponse> FromProtobuf(
       content_analysis::sdk::ContentAnalysisResponse&& aResponse);
 
+  void ResolveWarnAction(bool aAllowContent);
+
   // Action requested by the agent
   Action mAction;
 
diff --git a/toolkit/components/contentanalysis/nsIContentAnalysis.idl b/toolkit/components/contentanalysis/nsIContentAnalysis.idl
@@ -227,4 +227,10 @@ interface nsIContentAnalysis : nsISupports
    *        The token for the request to cancel.
    */
   void cancelContentAnalysisRequest(in ACString aRequestToken);
+
+  /**
+   * Indicates that the user has responded to a WARN dialog. aAllowContent represents
+   * whether the user wants to allow the request to go through.
+   */
+  void respondToWarnDialog(in ACString aRequestToken, in bool aAllowContent);
 };
diff --git a/toolkit/locales/en-US/toolkit/contentanalysis/contentanalysis.ftl b/toolkit/locales/en-US/toolkit/contentanalysis/contentanalysis.ftl
@@ -15,6 +15,14 @@ contentanalysis-slow-agent-dialog-body = Content Analysis is analyzing resource
 contentanalysis-operationtype-clipboard = clipboard
 contentanalysis-operationtype-dropped-text = dropped text
 
+contentanalysis-warndialogtitle = This content may be unsafe
+
+# Variables:
+#   $content - Description of the content being warned about, such as "clipboard" or "aFile.txt"
+contentanalysis-warndialogtext = Your organization uses data-loss prevention software that has flagged this content as unsafe: { $content }. Use it anyway?
+contentanalysis-warndialog-response-allow = Use content
+contentanalysis-warndialog-response-deny = Cancel
+
 contentanalysis-notification-title = Content Analysis
 # Variables:
 #   $content - Description of the content being reported, such as "clipboard" or "aFile.txt"
