1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// The Safe Browsing service is responsible for downloading anti-phishing and
// anti-malware tables and checking urls against them.
#ifndef COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
#define COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
#include <set>
#include <string>
#include <unordered_set>
#include <vector>
#include "base/gtest_prod_util.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "components/safe_browsing_db/hit_report.h"
#include "components/safe_browsing_db/util.h"
#include "content/public/common/resource_type.h"
#include "url/gurl.h"
namespace net {
class URLRequestContextGetter;
} // namespace net
namespace safe_browsing {
struct V4ProtocolConfig;
class V4GetHashProtocolManager;
// Base class to either the locally-managed or a remotely-managed database.
class SafeBrowsingDatabaseManager
: public base::RefCountedThreadSafe<SafeBrowsingDatabaseManager> {
public:
// Callers requesting a result should derive from this class.
// The destructor should call db_manager->CancelCheck(client) if a
// request is still pending.
class Client {
public:
virtual ~Client() {}
// Called when the result of checking the API blacklist is known.
// TODO(kcarattini): Consider if we need |url| passed here, remove if not.
virtual void OnCheckApiBlacklistUrlResult(const GURL& url,
const ThreatMetadata& metadata) {}
// Called when the result of checking a browse URL is known.
virtual void OnCheckBrowseUrlResult(const GURL& url,
SBThreatType threat_type,
const ThreatMetadata& metadata) {}
// Called when the result of checking a download URL is known.
virtual void OnCheckDownloadUrlResult(const std::vector<GURL>& url_chain,
SBThreatType threat_type) {}
// Called when the result of checking a set of extensions is known.
virtual void OnCheckExtensionsResult(
const std::set<std::string>& threats) {}
// Called when the result of checking the resource blacklist is known.
virtual void OnCheckResourceUrlResult(const GURL& url,
SBThreatType threat_type,
const std::string& threat_hash) {}
};
//
// Methods called by the client to cancel pending checks.
//
// Called on the IO thread to cancel a pending API check if the result is no
// longer needed. Returns true if the client was found and the check
// successfully cancelled.
virtual bool CancelApiCheck(Client* client);
// Called on the IO thread to cancel a pending check if the result is no
// longer needed. Also called after the result has been handled. Api checks
// are handled separately. To cancel an API check use CancelApiCheck.
virtual void CancelCheck(Client* client) = 0;
//
// Methods to check whether the database manager supports a certain feature.
//
// Returns true if this resource type should be checked.
virtual bool CanCheckResourceType(
content::ResourceType resource_type) const = 0;
// Returns true if the url's scheme can be checked.
virtual bool CanCheckUrl(const GURL& url) const = 0;
// Returns true if checks are never done synchronously, and therefore
// always have some latency.
virtual bool ChecksAreAlwaysAsync() const = 0;
//
// Methods to check (possibly asynchronously) whether a given resource is
// safe. If the database manager can't determine it synchronously, the
// appropriate method on the |client| is called back when the reputation of
// the resource is known.
//
// Called on the IO thread to check if the given url has blacklisted APIs.
// "client" is called asynchronously with the result when it is ready. Callers
// should wait for results before calling this method a second time with the
// same client. This method has the same implementation for both the local and
// remote database managers since it pings Safe Browsing servers directly
// without accessing the database at all. Returns true if we can
// synchronously determine that the url is safe. Otherwise it returns false,
// and "client" is called asynchronously with the result when it is ready.
virtual bool CheckApiBlacklistUrl(const GURL& url, Client* client);
// Called on the IO thread to check if the given url is safe or not. If we
// can synchronously determine that the url is safe, CheckUrl returns true.
// Otherwise it returns false, and "client" is called asynchronously with the
// result when it is ready.
virtual bool CheckBrowseUrl(const GURL& url, Client* client) = 0;
// Check if the prefix for |url| is in safebrowsing download add lists.
// Result will be passed to callback in |client|.
virtual bool CheckDownloadUrl(const std::vector<GURL>& url_chain,
Client* client) = 0;
// Check which prefixes in |extension_ids| are in the safebrowsing blacklist.
// Returns true if not, false if further checks need to be made in which case
// the result will be passed to |client|.
virtual bool CheckExtensionIDs(const std::set<std::string>& extension_ids,
Client* client) = 0;
// Check if |url| is in the resources blacklist. Returns true if not, false
// if further checks need to be made in which case the result will be passed
// to callback in |client|.
virtual bool CheckResourceUrl(const GURL& url, Client* client) = 0;
//
// Methods to synchronously check whether a URL, or full hash, or IP address
// or a DLL file is safe.
//
// Check if the |url| matches any of the full-length hashes from the client-
// side phishing detection whitelist. Returns true if there was a match and
// false otherwise. To make sure we are conservative we will return true if
// an error occurs. This method must be called on the IO thread.
virtual bool MatchCsdWhitelistUrl(const GURL& url) = 0;
// Check if |str| matches any of the full-length hashes from the download
// whitelist. Returns true if there was a match and false otherwise. To make
// sure we are conservative we will return true if an error occurs. This
// method must be called on the IO thread.
virtual bool MatchDownloadWhitelistString(const std::string& str) = 0;
// Check if the |url| matches any of the full-length hashes from the download
// whitelist. Returns true if there was a match and false otherwise. To make
// sure we are conservative we will return true if an error occurs. This
// method must be called on the IO thread.
virtual bool MatchDownloadWhitelistUrl(const GURL& url) = 0;
// Check if the given IP address (either IPv4 or IPv6) matches the malware
// IP blacklist.
virtual bool MatchMalwareIP(const std::string& ip_address) = 0;
// Check if |str|, a lowercase DLL file name, matches any of the full-length
// hashes from the module whitelist. Returns true if there was a match and
// false otherwise. To make sure we are conservative we will return true if
// an error occurs. This method must be called on the IO thread.
virtual bool MatchModuleWhitelistString(const std::string& str) = 0;
//
// Methods to check the config of the DatabaseManager.
//
// Returns the lists that this DatabaseManager should get full hashes for.
virtual StoresToCheck GetStoresForFullHashRequests();
// Returns the ThreatSource for this implementation.
virtual ThreatSource GetThreatSource() const = 0;
// Check if the CSD whitelist kill switch is turned on.
virtual bool IsCsdWhitelistKillSwitchOn() = 0;
// Returns whether download protection is enabled.
virtual bool IsDownloadProtectionEnabled() const = 0;
// Check if the CSD malware IP matching kill switch is turned on.
virtual bool IsMalwareKillSwitchOn() = 0;
// Returns true if URL-checking is supported on this build+device.
// If false, calls to CheckBrowseUrl may dcheck-fail.
virtual bool IsSupported() const = 0;
//
// Methods to indicate when to start or suspend the SafeBrowsing operations.
// These functions are always called on the IO thread.
//
// Called to initialize objects that are used on the io_thread, such as the
// v4 protocol manager. This may be called multiple times during the life of
// the DatabaseManager. Must be called on IO thread.
virtual void StartOnIOThread(
net::URLRequestContextGetter* request_context_getter,
const V4ProtocolConfig& config);
// Called to stop or shutdown operations on the io_thread.
virtual void StopOnIOThread(bool shutdown);
protected:
// Bundled client info for an API abuse hash prefix check.
class SafeBrowsingApiCheck {
public:
SafeBrowsingApiCheck(const GURL& url, Client* client);
~SafeBrowsingApiCheck();
const GURL& url() const { return url_; }
Client* client() const { return client_; }
private:
GURL url_;
// Not owned.
Client* client_;
DISALLOW_COPY_AND_ASSIGN(SafeBrowsingApiCheck);
};
SafeBrowsingDatabaseManager();
virtual ~SafeBrowsingDatabaseManager();
friend class base::RefCountedThreadSafe<SafeBrowsingDatabaseManager>;
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
CheckApiBlacklistUrlPrefixes);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
HandleGetHashesWithApisResults);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
HandleGetHashesWithApisResultsNoMatch);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
HandleGetHashesWithApisResultsMatches);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
CancelApiCheck);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
ResultsAreCached);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
ResultsAreNotCachedOnNull);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
GetCachedResults);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
CachedResultsMerged);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseManagerTest,
CachedResultsAreEvicted);
// Called on the IO thread when the SafeBrowsingProtocolManager has received
// the full hash and api results for prefixes of the |url| argument in
// CheckApiBlacklistUrl.
void OnThreatMetadataResponse(std::unique_ptr<SafeBrowsingApiCheck> check,
const ThreatMetadata& md);
typedef std::set<SafeBrowsingApiCheck*> ApiCheckSet;
// In-progress checks. This set owns the SafeBrowsingApiCheck pointers and is
// responsible for deleting them when removing from the set.
ApiCheckSet api_checks_;
// Created and destroyed via StartOnIOThread/StopOnIOThread.
std::unique_ptr<V4GetHashProtocolManager> v4_get_hash_protocol_manager_;
private:
// Returns an iterator to the pending API check with the given |client|.
ApiCheckSet::iterator FindClientApiCheck(Client* client);
}; // class SafeBrowsingDatabaseManager
} // namespace safe_browsing
#endif // COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
|
