GoogleChrome · brendankenny · Oct 19, 2018 · Oct 17, 2018 · Oct 17, 2018 · Oct 17, 2018
diff --git a/lighthouse-core/gather/driver.js b/lighthouse-core/gather/driver.js
@@ -849,6 +849,21 @@ class Driver {
     });
   }
 
+  async listenForSecurityStateChanges() {
+    this.on('Security.securityStateChanged', state => {
+      this.lastSecurityState = state;
+    });
+    await this.sendCommand('Security.enable');
+  }
+
+  /**
+   * @return {LH.Crdp.Security.SecurityStateChangedEvent}
+   */
+  getSecurityState() {
+    // @ts-ignore
+    return this.lastSecurityState;
+  }
+
   /**
    * @param {string} name The name of API whose permission you wish to query
    * @return {Promise<string>} The state of permissions, resolved in a promise.

diff --git a/lighthouse-core/gather/gather-runner.js b/lighthouse-core/gather/gather-runner.js
@@ -112,6 +112,7 @@ class GatherRunner {
     await driver.cacheNatives();
     await driver.registerPerformanceObserver();
     await driver.dismissJavaScriptDialogs();
+    await driver.listenForSecurityStateChanges();
     if (resetStorage) await driver.clearDataForOrigin(options.requestedUrl);
   }
 
@@ -172,6 +173,22 @@ class GatherRunner {
     }
   }
 
+  /**
+   * Returns an error if the original network request failed or wasn't found.
+   * @param {LH.Crdp.Security.SecurityStateChangedEvent} securityState
+   * @return {LHError|undefined}
+   */
+  static checkForSecurityIssue({securityState, explanations}) {
+    if (securityState === 'insecure') {
+      const errorDef = {...LHError.errors.INSECURE_DOCUMENT_REQUEST};
+      const insecureDescriptions = explanations
+        .filter(exp => exp.securityState === 'insecure')
+        .map(exp => exp.description);
+      errorDef.message += ` ${insecureDescriptions.join(' ')}`;
+      return new LHError(errorDef, {fatal: true});
+    }
+  }
+
   /**
    * Navigates to about:blank and calls beforePass() on gatherers before tracing
    * has started and before navigation to the target page.
@@ -280,6 +297,11 @@ class GatherRunner {
       passContext.LighthouseRunWarnings.push(pageLoadError.friendlyMessage);
     }
 
+    const securityError = this.checkForSecurityIssue(driver.getSecurityState());
+    if (securityError) {
+      throw securityError;
+    }
+
     // Expose devtoolsLog, networkRecords, and trace (if present) to gatherers
     /** @type {LH.Gatherer.LoadData} */
     const passData = {
@@ -288,7 +310,6 @@ class GatherRunner {
       trace,
     };
 
-    // Disable throttling so the afterPass analysis isn't throttled
     await driver.setThrottling(passContext.settings, {useThrottling: false});
 
     for (const gathererDefn of gatherers) {

diff --git a/lighthouse-core/lib/lh-error.js b/lighthouse-core/lib/lh-error.js
@@ -142,6 +142,12 @@ const ERRORS = {
     message: strings.pageLoadFailed,
     lhrRuntimeError: true,
   },
+  /* Used when security error prevents page load. */
+  INSECURE_DOCUMENT_REQUEST: {
+    code: 'INSECURE_DOCUMENT_REQUEST',
+    message: strings.pageLoadFailedInsecure,
+    lhrRuntimeError: true,
+  },
 
   // Protocol internal failures
   TRACING_ALREADY_STARTED: {
@@ -169,6 +175,12 @@ const ERRORS = {
     message: strings.requestContentTimeout,
   },
 
+  // Protocol timeout failures
+  SECURITY_STATE_TIMEOUT: {
+    code: 'SECURITY_STATE_TIMEOUT',
+    message: strings.securityStateTimeout,
+  },
+
   // URL parsing failures
   INVALID_URL: {
     code: 'INVALID_URL',

diff --git a/lighthouse-core/lib/strings.js b/lighthouse-core/lib/strings.js
@@ -11,7 +11,9 @@ module.exports = {
   badTraceRecording: `Something went wrong with recording the trace over your page load. Please run Lighthouse again.`,
   pageLoadTookTooLong: `Your page took too long to load. Please follow the opportunities in the report to reduce your page load time, and then try re-running Lighthouse.`,
   pageLoadFailed: `Lighthouse was unable to reliably load the page you requested. Make sure you are testing the correct URL and that the server is properly responding to all requests.`,
+  pageLoadFailedInsecure: `The URL you have provided does not have valid security credentials.`,
   internalChromeError: `An internal Chrome error occurred. Please restart Chrome and try re-running Lighthouse.`,
   requestContentTimeout: 'Fetching resource content has exceeded the allotted time',
+  securityStateTimeout: 'Fetching security state has exceeded the allotted time',
   urlInvalid: `The URL you have provided appears to be invalid.`,
 };
diff --git a/lighthouse-core/test/gather/fake-driver.js b/lighthouse-core/test/gather/fake-driver.js
@@ -81,6 +81,14 @@ const fakeDriver = {
   setExtraHTTPHeaders() {
     return Promise.resolve();
   },
+  listenForSecurityStateChanges() {
+    return Promise.resolve();
+  },
+  getSecurityState() {
+    return Promise.resolve({
+      securityState: 'secure',
+    });
+  },
 };
 
 module.exports = fakeDriver;

diff --git a/lighthouse-core/test/gather/gather-runner-test.js b/lighthouse-core/test/gather/gather-runner-test.js
@@ -321,6 +321,7 @@ describe('GatherRunner', function() {
       clearDataForOrigin: createCheck('calledClearStorage'),
       blockUrlPatterns: asyncFunc,
       setExtraHTTPHeaders: asyncFunc,
+      listenForSecurityStateChanges: asyncFunc,
     };
 
     return GatherRunner.setupDriver(driver, {settings: {}}).then(_ => {
@@ -379,6 +380,7 @@ describe('GatherRunner', function() {
       clearDataForOrigin: createCheck('calledClearStorage'),
       blockUrlPatterns: asyncFunc,
       setExtraHTTPHeaders: asyncFunc,
+      listenForSecurityStateChanges: asyncFunc,
     };
 
     return GatherRunner.setupDriver(driver, {
@@ -543,9 +545,9 @@ describe('GatherRunner', function() {
       ],
     };
 
-    return GatherRunner.afterPass({url, driver, passConfig}, {TestGatherer: []}).then(vals => {
+    return GatherRunner.afterPass({url, driver, passConfig}, {TestGatherer: []}).then(passData => {
       assert.equal(calledDevtoolsLogCollect, true);
-      assert.strictEqual(vals.devtoolsLog[0], fakeDevtoolsMessage);
+      assert.strictEqual(passData.devtoolsLog[0], fakeDevtoolsMessage);
     });
   });
 
@@ -679,6 +681,39 @@ describe('GatherRunner', function() {
     });
   });
 
+  describe('#checkForSecurityIssue', () => {
+    it('succeeds when page is secure', () => {
+      const secureSecurityState = {
+        securityState: 'secure',
+      };
+      assert.ok(!GatherRunner.checkForSecurityIssue(secureSecurityState));
+    });
+
+    it('fails when page is insecure', () => {
+      const insecureSecurityState = {
+        explanations: [
+          {
+            description: 'reason 1.',
+            securityState: 'insecure',
+          },
+          {
+            description: 'blah.',
+            securityState: 'info',
+          },
+          {
+            description: 'reason 2.',
+            securityState: 'insecure',
+          },
+        ],
+        securityState: 'insecure',
+      };
+      const error = GatherRunner.checkForSecurityIssue(insecureSecurityState);
+      assert.equal(error.message, 'INSECURE_DOCUMENT_REQUEST');
+      /* eslint-disable-next-line max-len */
+      assert.equal(error.friendlyMessage, 'The URL you have provided does not have valid security credentials. reason 1. reason 2.');
+    });
+  });
+
   describe('artifact collection', () => {
     // Make sure our gatherers never execute in parallel
     it('runs gatherer lifecycle methods strictly in sequence', async () => {