Add support for client-side phishing detection for non-UMA users.

chrome/browser/safe_browsing/client_side_detection_service.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Helper class which handles communication with the SafeBrowsing backends for
 // client-side phishing detection.  This class is used to fetch the client-side
 // model and send it to all renderers.  This class is also used to send a ping
 // back to Google to verify if a particular site is really phishing or not.
 //
 // This class is not thread-safe and expects all calls to be made on the UI
 // thread.  We also expect that the calling thread runs a message loop.
 
 #ifndef CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_SERVICE_H_
 #define CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_SERVICE_H_
 #pragma once
 
 #include <map>
 #include <queue>
 #include <set>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/callback_old.h"
 #include "base/gtest_prod_util.h"
+#include "base/hash_tables.h"
 #include "base/memory/linked_ptr.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/task.h"
 #include "base/time.h"
 #include "content/common/notification_observer.h"
 #include "content/common/notification_registrar.h"
 #include "content/common/url_fetcher.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/net_util.h"
 
 class RenderProcessHost;
+class SafeBrowsingService;
 
 namespace base {
 class TimeDelta;
 }
 
 namespace net {
 class URLRequestContextGetter;
 class URLRequestStatus;
 }  // namespace net
 
@@ skipping 110 matching lines @@
   virtual void EndFetchModel(ClientModelStatus status);  // Virtual for testing.
 
  private:
   friend class ClientSideDetectionServiceTest;
   FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest, FetchModelTest);
   FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest, SetBadSubnets);
   FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest, SetEnabled);
   FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest, IsBadIpAddress);
   FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest,
                            ModelHasValidHashIds);
+  FRIEND_TEST_ALL_PREFIXES(ClientSideDetectionServiceTest,
+                           SanitizeRequestForPingback);
 
   // CacheState holds all information necessary to respond to a caller without
   // actually making a HTTP request.
   struct CacheState {
     bool is_phishing;
     base::Time timestamp;
 
     CacheState(bool phish, base::Time time);
   };
   typedef std::map<GURL, linked_ptr<CacheState> > PhishingCache;
@@ skipping 10 matching lines @@
   static const char kClientReportPhishingUrl[];
   static const char kClientModelUrl[];
   static const size_t kMaxModelSizeBytes;
   static const int kMaxReportsPerInterval;
   static const int kClientModelFetchIntervalMs;
   static const int kInitialClientModelFetchDelayMs;
   static const base::TimeDelta kReportsInterval;
   static const base::TimeDelta kNegativeCacheInterval;
   static const base::TimeDelta kPositiveCacheInterval;
 
+  // Given a ClientSidePhishingRequest populated by the renderer and browser
+  // feature extractors, sanitizes it so that no data specifically identifying
+  // the URL or page content is included.  This is used when sending a pingback
+  // if the user is not opted in to UMA.
+  void SanitizeRequestForPingback(
+      const ClientPhishingRequest& original_request,
+      ClientPhishingRequest* sanitized_request);
+
   // Starts sending the request to the client-side detection frontends.
   // This method takes ownership of both pointers.
   void StartClientReportPhishingRequest(
       ClientPhishingRequest* verdict,
       ClientReportPhishingRequestCallback* callback);
 
   // Called by OnURLFetchComplete to handle the response from fetching the
   // model.
   void HandleModelResponse(const URLFetcher* source,
                            const GURL& url,
@@ skipping 14 matching lines @@
   // Invalidate cache results which are no longer useful.
   void UpdateCache();
 
   // Get the number of phishing reports that we have sent over kReportsInterval
   int GetNumReports();
 
   // Initializes the |private_networks_| vector with the network blocks
   // that we consider non-public IP addresses.  Returns true on success.
   bool InitializePrivateNetworks();
 
+  // Initializes the |allowed_features_| hash_set with the features that
+  // can be sent in sanitized pingbacks.
+  void InitializeAllowedFeatures();
+
   // Send the model to the given renderer.
   void SendModelToProcess(RenderProcessHost* process);
 
   // Same as above but sends the model to all rendereres.
   void SendModelToRenderers();
 
   // Reads the bad subnets from the client model and inserts them into
   // |bad_subnets| for faster lookups.  This method is static to simplify
   // testing.
   static void SetBadSubnets(const ClientSideModel& model,
                             BadSubnetMap* bad_subnets);
 
 
   // Returns true iff all the hash id's in the client-side model point to
   // valid hashes in the model.
   static bool ModelHasValidHashIds(const ClientSideModel& model);
 
   // Whether the service is running or not.  When the service is not running,
   // it won't download the model nor report detected phishing URLs.
   bool enabled_;
 
   std::string model_str_;
   scoped_ptr<ClientSideModel> model_;
   scoped_ptr<base::TimeDelta> model_max_age_;
   scoped_ptr<URLFetcher> model_fetcher_;
 
+  // This pointer may be NULL if SafeBrowsing is disabled.
+  scoped_refptr<SafeBrowsingService> sb_service_;
+
   // Map of client report phishing request to the corresponding callback that
   // has to be invoked when the request is done.
   struct ClientReportInfo;
   std::map<const URLFetcher*, ClientReportInfo*> client_phishing_reports_;
 
   // Cache of completed requests. Used to satisfy requests for the same urls
   // as long as the next request falls within our caching window (which is
   // determined by kNegativeCacheInterval and kPositiveCacheInterval). The
   // size of this cache is limited by kMaxReportsPerDay *
   // ceil(InDays(max(kNegativeCacheInterval, kPositiveCacheInterval))).
   // TODO(gcasto): Serialize this so that it doesn't reset on browser restart.
   PhishingCache cache_;
 
   // Timestamp of when we sent a phishing request. Used to limit the number
   // of phishing requests that we send in a day.
   // TODO(gcasto): Serialize this so that it doesn't reset on browser restart.
   std::queue<base::Time> phishing_report_times_;
 
   // Used to asynchronously call the callbacks for
   // SendClientReportPhishingRequest.
   ScopedRunnableMethodFactory<ClientSideDetectionService> method_factory_;
 
   // The context we use to issue network requests.
   scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
 
   // The network blocks that we consider private IP address ranges.
   std::vector<AddressRange> private_networks_;
 
+  // Features which are allowed to be sent in sanitized pingbacks.
+  base::hash_set<std::string> allowed_features_;
+
   // Map of bad subnets which are copied from the client model and put into
   // this map to speed up lookups.
   BadSubnetMap bad_subnets_;
 
   NotificationRegistrar registrar_;
 
   DISALLOW_COPY_AND_ASSIGN(ClientSideDetectionService);
 };
 }  // namepsace safe_browsing
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_SERVICE_H_