Chromium Code Reviews Chromium Code Reviews
Issue 7792004:
Parse the whitelist expressions from the phishing verdict response if (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/safe_browsing/client_side_detection_service.cc |
| diff --git a/chrome/browser/safe_browsing/client_side_detection_service.cc b/chrome/browser/safe_browsing/client_side_detection_service.cc |
| index 30c5deed7a63ff498b95fbba06ce7952c8286bb6..bd5632121a203a25804ddb81428c73b951aadfbf 100644 |
| --- a/chrome/browser/safe_browsing/client_side_detection_service.cc |
| +++ b/chrome/browser/safe_browsing/client_side_detection_service.cc |
| @@ -414,7 +414,8 @@ void ClientSideDetectionService::HandlePhishingVerdict( |
| // Cache response, possibly flushing an old one. |
| cache_[info->phishing_url] = |
| make_linked_ptr(new CacheState(response.phishy(), base::Time::Now())); |
| - is_phishing = response.phishy(); |
| + is_phishing = (response.phishy() && |
| + !IsFalsePositiveResponse(info->phishing_url, response)); |
| } else { |
| DLOG(ERROR) << "Unable to get the server verdict for URL: " |
| << info->phishing_url << " status: " << status.status() << " " |
| @@ -608,4 +609,49 @@ bool ClientSideDetectionService::ModelHasValidHashIds( |
| } |
| return true; |
| } |
| + |
| +// static |
| +bool ClientSideDetectionService::IsFalsePositiveResponse( |
| + const GURL& url, |
| + const ClientPhishingResponse& response) { |
| + if (!response.phishy() || response.whitelist_expression_size() == 0) { |
| + return false; |
| + } |
| + // This whitelist is special. A particular URL gets whitelisted if it |
| + // matches any of the expressions on the whitelist or if any of the whitelist |
| + // entries matches the URL. |
| + |
| + std::string host, path, query; |
| + safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query); |
| + std::string canonical_url = host + path + query; |
|
Brian Ryner
2011/08/31 00:16:33
Maybe call this canonical_url_as_pattern or someth
noelutz
2011/08/31 00:53:50
Done.
|
| + |
| + std::vector<std::string> url_patterns; |
| + safe_browsing_util::GeneratePatternsToCheck(url, &url_patterns); |
| + |
| + for (int i = 0; i < response.whitelist_expression_size(); ++i) { |
| + GURL whitelisted_url = GURL(std::string("http://") + |
|
Brian Ryner
2011/08/31 00:16:33
Can't you just do:
GURL whitelisted_url(std::stri
noelutz
2011/08/31 00:53:50
Done.
|
| + response.whitelist_expression(i)); |
| + if (!whitelisted_url.is_valid()) { |
| + continue; // Skip invalid whitelist expressions. |
|
Brian Ryner
2011/08/31 00:16:33
We never expect this to happen, right? I wonder i
noelutz
2011/08/31 00:53:50
Done.
|
| + } |
| + // First, we check whether the canonical URL matches any of the whitelisted |
| + // expressions. |
| + for (size_t j = 0; j < url_patterns.size(); ++j) { |
| + if (url_patterns[j] == response.whitelist_expression(i)) { |
| + return true; |
| + } |
| + } |
| + // Second, we consider the canonical URL as an expression and we check |
| + // whether any of the whitelist entries matches that expression. |
| + std::vector<std::string> whitelist_patterns; |
| + safe_browsing_util::GeneratePatternsToCheck(whitelisted_url, |
| + &whitelist_patterns); |
| + for (size_t j = 0; j < whitelist_patterns.size(); ++j) { |
| + if (whitelist_patterns[j] == canonical_url) { |
| + return true; |
| + } |
| + } |
| + } |
| + return false; |
| +} |
| } // namespace safe_browsing |
