1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_ENTERPRISE_CONNECTORS_ANALYSIS_ANALYSIS_SERVICE_SETTINGS_H_
#define CHROME_BROWSER_ENTERPRISE_CONNECTORS_ANALYSIS_ANALYSIS_SERVICE_SETTINGS_H_
#include <memory>
#include <optional>
#include <string>
#include "base/logging.h"
#include "base/memory/raw_ptr.h"
#include "base/values.h"
#include "build/build_config.h"
#include "components/enterprise/connectors/core/analysis_settings.h"
#include "components/enterprise/connectors/core/common.h"
#include "components/enterprise/connectors/core/service_provider_config.h"
#include "components/url_matcher/url_matcher.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "content/public/browser/browser_context.h"
#endif
namespace storage {
class FileSystemURL;
}
namespace enterprise_connectors {
#if BUILDFLAG(IS_CHROMEOS)
class SourceDestinationMatcherAsh;
#endif
// The settings for an analysis service obtained from a connector policy.
class AnalysisServiceSettings {
public:
explicit AnalysisServiceSettings(
const base::Value& settings_value,
const ServiceProviderConfig& service_provider_config);
AnalysisServiceSettings(AnalysisServiceSettings&&);
~AnalysisServiceSettings();
// Get the settings to apply to a specific analysis. std::nullopt implies no
// analysis should take place.
std::optional<AnalysisSettings> GetAnalysisSettings(
const GURL& url,
DataRegion data_region) const;
#if BUILDFLAG(IS_CHROMEOS)
std::optional<AnalysisSettings> GetAnalysisSettings(
content::BrowserContext* context,
const storage::FileSystemURL& source_url,
const storage::FileSystemURL& destination_url,
DataRegion data_region) const;
#endif
// Get the block_until_verdict setting if the settings are valid.
bool ShouldBlockUntilVerdict() const;
// Get the default_action setting if the settings are valid.
bool ShouldBlockByDefault() const;
// Get the custom message/learn more URL. Returns std::nullopt if the
// settings are invalid or if the message/URL are empty.
std::optional<std::u16string> GetCustomMessage(const std::string& tag);
std::optional<GURL> GetLearnMoreUrl(const std::string& tag);
bool GetBypassJustificationRequired(const std::string& tag);
std::string service_provider_name() const { return service_provider_name_; }
// Helpers for convenient check of the underlying variant.
bool is_cloud_analysis() const;
bool is_local_analysis() const;
const AnalysisConfig* GetAnalysisConfig() const { return analysis_config_; }
private:
// The setting to apply when a specific URL pattern is matched.
struct URLPatternSettings {
URLPatternSettings();
URLPatternSettings(const URLPatternSettings&);
URLPatternSettings(URLPatternSettings&&);
URLPatternSettings& operator=(const URLPatternSettings&);
URLPatternSettings& operator=(URLPatternSettings&&);
~URLPatternSettings();
// Tags that correspond to the pattern.
std::set<std::string> tags;
};
// Map from an ID representing a specific matched pattern to its settings.
using PatternSettings =
std::map<base::MatcherStringPattern::ID, URLPatternSettings>;
// Accessors for the pattern setting maps.
static std::optional<URLPatternSettings> GetPatternSettings(
const PatternSettings& patterns,
base::MatcherStringPattern::ID match);
// Returns the analysis settings with the specified tags.
AnalysisSettings GetAnalysisSettingsWithTags(
std::map<std::string, TagSettings> tags,
DataRegion data_region) const;
// Returns true if the settings were initialized correctly. If this returns
// false, then GetAnalysisSettings will always return std::nullopt.
bool IsValid() const;
// Updates the states of `matcher_`, `enabled_patterns_settings_` and/or
// `disabled_patterns_settings_` from a policy value.
void AddUrlPatternSettings(const base::Value::Dict& url_settings_dict,
bool enabled,
base::MatcherStringPattern::ID* id);
#if BUILDFLAG(IS_CHROMEOS)
// Updates the states of `source_destination_matcher_`,
// `enabled_patterns_settings_` and/or `disabled_patterns_settings_` from a
// policy value.
void AddSourceDestinationSettings(
const base::Value::Dict& source_destination_settings_value,
bool enabled,
base::MatcherStringPattern::ID* id);
#endif // BUILDFLAG(IS_CHROMEOS)
// Return tags found in |enabled_patterns_settings| corresponding to the
// matches while excluding the ones in |disable_patterns_settings|.
std::map<std::string, TagSettings> GetTags(
const std::set<base::MatcherStringPattern::ID>& matches) const;
// The service provider matching the name given in a Connector policy. nullptr
// implies that a corresponding service provider doesn't exist and that these
// settings are not valid.
raw_ptr<const AnalysisConfig> analysis_config_ = nullptr;
// The URL matcher created from the patterns set in the analysis policy. The
// condition set IDs returned after matching against a URL can be used to
// check |enabled_patterns_settings| and |disable_patterns_settings| to
// obtain URL-specific settings.
std::unique_ptr<url_matcher::URLMatcher> matcher_;
#if BUILDFLAG(IS_CHROMEOS)
// A matcher to identify matching pairs of sources and destinations.
// Set for ChromeOS' OnFileTransferEnterpriseConnector.
std::unique_ptr<SourceDestinationMatcherAsh> source_destination_matcher_;
#endif // BUILDFLAG(IS_CHROMEOS)
// These members map URL patterns to corresponding settings. If an entry in
// the "enabled" or "disabled" lists contains more than one pattern in its
// "url_list" property, only the last pattern's matcher ID will be added the
// map. This keeps the count of these maps smaller and keeps the code from
// duplicating memory for the settings, which are the same for all URL
// patterns in a given entry. This optimization works by using
// std::map::upper_bound to access these maps. The IDs in the disabled
// settings must be greater than the ones in the enabled settings for this to
// work and avoid having the two maps cover an overlap of matches.
PatternSettings enabled_patterns_settings_;
PatternSettings disabled_patterns_settings_;
BlockUntilVerdict block_until_verdict_ = BlockUntilVerdict::kNoBlock;
DefaultAction default_action_ = DefaultAction::kAllow;
bool block_password_protected_files_ = false;
bool block_large_files_ = false;
size_t minimum_data_size_ = 100;
// A map from tag (dlp, malware, etc) to the custom message, "learn more" link
// and other settings associated to a specific tag.
std::map<std::string, TagSettings> tags_;
std::string service_provider_name_;
// Arrays of base64 encoded signing key signatures used to verify the
// authenticity of the service provider.
std::vector<std::string> verification_signatures_;
};
} // namespace enterprise_connectors
#endif // CHROME_BROWSER_ENTERPRISE_CONNECTORS_ANALYSIS_ANALYSIS_SERVICE_SETTINGS_H_
|
