Chromium Code Reviews Chromium Code Reviews
Issue 7863006:
Add a whitelist for the new binary download protection. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/safe_browsing/safe_browsing_database.h |
| diff --git a/chrome/browser/safe_browsing/safe_browsing_database.h b/chrome/browser/safe_browsing/safe_browsing_database.h |
| index eeb83e021d9c25ec33b444968fc92d1349afa11b..3a885e889c3c5cfc837c728b043c9316bfc6c210 100644 |
| --- a/chrome/browser/safe_browsing/safe_browsing_database.h |
| +++ b/chrome/browser/safe_browsing/safe_browsing_database.h |
| @@ -37,22 +37,24 @@ class SafeBrowsingDatabaseFactory { |
| virtual ~SafeBrowsingDatabaseFactory() { } |
| virtual SafeBrowsingDatabase* CreateSafeBrowsingDatabase( |
| bool enable_download_protection, |
| - bool enable_client_side_whitelist) = 0; |
| + bool enable_client_side_whitelist, |
| + bool enable_download_whitelist) = 0; |
| private: |
| DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactory); |
| }; |
| // Encapsulates on-disk databases that for safebrowsing. There are |
| -// three databases: browse, download and client-side detection (csd) |
| -// whitelist databases. The browse database contains information |
| -// about phishing and malware urls. The download database contains |
| +// four databases: browse, download, download whitelist and |
| +// client-side detection (csd) whitelist databases. The browse database contains |
| +// information about phishing and malware urls. The download database contains |
| // URLs for bad binaries (e.g: those containing virus) and hash of |
| -// these downloaded contents. The csd whitelist database contains URLs |
| -// that will never be considered as phishing by the client-side |
| -// phishing detection. These on-disk databases are shared among all |
| -// profiles, as it doesn't contain user-specific data. This object is |
| -// not thread-safe, i.e. all its methods should be used on the same |
| +// these downloaded contents. The download whitelist contains whitelisted |
| +// download hosting sites as well as whitelisted binary signing certificates |
| +// etc. The csd whitelist database contains URLs that will never be considered |
| +// as phishing by the client-side phishing detection. These on-disk databases |
| +// are shared among all profiles, as it doesn't contain user-specific data. This |
| +// object is not thread-safe, i.e. all its methods should be used on the same |
| // thread that it was created on. |
| class SafeBrowsingDatabase { |
| public: |
| @@ -62,8 +64,11 @@ class SafeBrowsingDatabase { |
| // feature. |
| // |enable_client_side_whitelist| is used to control the csd whitelist |
| // database feature. |
| + // |enable_download_whitelist| is used to control the download whitelist |
| + // database feature. |
| static SafeBrowsingDatabase* Create(bool enable_download_protection, |
| - bool enable_client_side_whitelist); |
| + bool enable_client_side_whitelist, |
| + bool enable_download_whitelist); |
| // Makes the passed |factory| the factory used to instantiate |
| // a SafeBrowsingDatabase. This is used for tests. |
| @@ -106,6 +111,16 @@ class SafeBrowsingDatabase { |
| // This function should only be called from the IO thread. |
| virtual bool ContainsCsdWhitelistedUrl(const GURL& url) = 0; |
| + // The download whitelist is used for two purposes: a white-domain list of |
| + // sites that are considered to host only harmless binaries as well as a |
| + // whitelist of arbitrary strings such as hashed certificate authorities that |
| + // are considered to be trusted. The two methods below let you lookup |
| + // the whitelist either for a URL or an arbitrary string. These methods will |
| + // return false if no match is found and true otherwise. |
| + // This function could ONLY be accessed from the IO thread. |
| + virtual bool ContainsDownloadWhitelistedUrl(const GURL& url) = 0; |
| + virtual bool ContainsDownloadWhitelistedString(const std::string& str) = 0; |
| + |
| // A database transaction should look like: |
| // |
| // std::vector<SBListChunkRanges> lists; |
| @@ -154,6 +169,10 @@ class SafeBrowsingDatabase { |
| static FilePath CsdWhitelistDBFilename( |
| const FilePath& csd_whitelist_base_filename); |
| + // Filename for download whitelist databsae. |
| + static FilePath DownloadWhitelistDBFilename( |
| + const FilePath& download_whitelist_base_filename); |
| + |
| // Enumerate failures for histogramming purposes. DO NOT CHANGE THE |
| // ORDERING OF THESE VALUES. |
| enum FailureType { |
| @@ -169,9 +188,8 @@ class SafeBrowsingDatabase { |
| FAILURE_DATABASE_STORE_DELETE, |
| FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN, |
| FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH, |
| - FAILURE_CSD_WHITELIST_DATABASE_UPDATE_BEGIN, |
| - FAILURE_CSD_WHITELIST_DATABASE_UPDATE_FINISH, |
| - |
| + FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN, |
| + FAILURE_WHITELIST_DATABASE_UPDATE_FINISH, |
| // Memory space for histograms is determined by the max. ALWAYS |
| // ADD NEW VALUES BEFORE THIS ONE. |
| FAILURE_DATABASE_MAX |
| @@ -188,14 +206,15 @@ class SafeBrowsingDatabase { |
| class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| public: |
| - // Create a database with a browse store, download store and |
| - // csd_whitelist_store. Takes ownership of browse_store, download_store and |
| - // csd_whitelist_store. When |download_store| is NULL, the database |
| - // will ignore any operations related download (url hashes and |
| - // binary hashes). Same for the |csd_whitelist_store|. |
| + // Create a database with a browse, download, download whitelist and |
| + // csd whitelist store objects. Takes ownership of all the store objects. |
| + // When |download_store| is NULL, the database will ignore any operations |
| + // related download (url hashes and binary hashes). The same is true for |
| + // the |csd_whitelist_store| and |download_whitelist_store|. |
| SafeBrowsingDatabaseNew(SafeBrowsingStore* browse_store, |
| SafeBrowsingStore* download_store, |
| - SafeBrowsingStore* csd_whitelist_store); |
| + SafeBrowsingStore* csd_whitelist_store, |
| + SafeBrowsingStore* download_whitelist_store); |
| // Create a database with a browse store. This is a legacy interface that |
| // useds Sqlite. |
| @@ -215,6 +234,8 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| std::vector<SBPrefix>* prefix_hits); |
| virtual bool ContainsDownloadHashPrefix(const SBPrefix& prefix); |
| virtual bool ContainsCsdWhitelistedUrl(const GURL& url); |
| + virtual bool ContainsDownloadWhitelistedUrl(const GURL& url); |
| + virtual bool ContainsDownloadWhitelistedString(const std::string& str); |
| virtual bool UpdateStarted(std::vector<SBListChunkRanges>* lists); |
| virtual void InsertChunks(const std::string& list_name, |
| const SBChunkList& chunks); |
| @@ -227,8 +248,18 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| friend class SafeBrowsingDatabaseTest; |
| FRIEND_TEST(SafeBrowsingDatabaseTest, HashCaching); |
| - // Return the browse_store_, download_store_ or csd_whitelist_store_ |
| - // based on list_id. |
| + // A SafeBrowsing whitelist contains a list of whitelisted full-hashes (stored |
| + // in a sorted vector) as well as a boolean flag indicating whether all |
| + // lookups in the whitelist should be considered matches for safety. |
| + typedef std::pair<std::vector<SBFullHash>, bool> SBWhitelist; |
| + |
| + // Returns true if the whitelist is disabled or if any of the given hashes |
| + // matches the whitelist. |
| + bool ContainsWhitelistedHashes(const SBWhitelist& whitelist, |
| + const std::vector<SBFullHash>& hashes); |
| + |
| + // Return the browse_store_, download_store_, download_whitelist_store or |
| + // csd_whitelist_store_ based on list_id. |
| SafeBrowsingStore* GetStore(int list_id); |
| // Deletes the files on disk. |
| @@ -240,14 +271,15 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| // Writes the current bloom filter to disk. |
| void WriteBloomFilter(); |
| - // Loads the given full-length hashes to the csd whitelist. If the number |
| + // Loads the given full-length hashes to the given whitelist. If the number |
| // of hashes is too large or if the kill switch URL is on the whitelist |
| - // we will whitelist all URLs. |
| - void LoadCsdWhitelist(const std::vector<SBAddFullHash>& full_hashes); |
| + // we will whitelist everything. |
| + void LoadWhitelist(const std::vector<SBAddFullHash>& full_hashes, |
| + SBWhitelist* whitelist); |
| - // Call this method if an error occured with the csd whitelist. This will |
| - // result in all calls to ContainsCsdWhitelistedUrl() to returning true. |
| - void CsdWhitelistAllUrls(); |
| + // Call this method if an error occured with the given whitelist. This will |
| + // result in all lookups to the whitelist to return true. |
|
Brian Ryner
2011/09/12 21:45:18
result in -> cause
|
| + void WhitelistEverything(SBWhitelist* whitelist); |
| // Helpers for handling database corruption. |
| // |OnHandleCorruptDatabase()| runs |ResetDatabase()| and sets |
| @@ -267,7 +299,9 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| void UpdateDownloadStore(); |
| void UpdateBrowseStore(); |
| - void UpdateCsdWhitelistStore(); |
| + void UpdateWhitelistStore(const FilePath& store_filename, |
| + SafeBrowsingStore* store, |
| + SBWhitelist* whitelist); |
| // Helper function to compare addprefixes in download_store_ with |prefixes|. |
| // The |list_bit| indicates which list (download url or download hash) |
| @@ -302,15 +336,13 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase { |
| FilePath csd_whitelist_filename_; |
| scoped_ptr<SafeBrowsingStore> csd_whitelist_store_; |
| - // All the client-side phishing detection whitelist entries are loaded in |
| - // a sorted vector. |
| - std::vector<SBFullHash> csd_whitelist_; |
| + // For the download whitelist chunks and full-length hashes. This list only |
| + // contains 256 bit hashes. |
| + FilePath download_whitelist_filename_; |
| + scoped_ptr<SafeBrowsingStore> download_whitelist_store_; |
| - // If true, ContainsCsdWhitelistedUrl will always return true for all URLs. |
| - // This is set to true if the csd whitelist is too large to be stored in |
| - // memory, if the kill switch URL is on the csd whitelist or if there was |
| - // an error during the most recent update. |
| - bool csd_whitelist_all_urls_; |
| + SBWhitelist csd_whitelist_; |
| + SBWhitelist download_whitelist_; |
| // Bloom filter generated from the add-prefixes in |browse_store_|. |
| // Only browse_store_ requires the BloomFilter for fast query. |
