| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/client_side_detection_service.h" | 5 #include "chrome/browser/safe_browsing/client_side_detection_service.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| 11 #include "base/message_loop.h" | 11 #include "base/message_loop.h" |
| 12 #include "base/metrics/histogram.h" | 12 #include "base/metrics/histogram.h" |
| 13 #include "base/stl_util.h" | 13 #include "base/stl_util.h" |
| 14 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 15 #include "base/task.h" | 15 #include "base/task.h" |
| 16 #include "base/time.h" | 16 #include "base/time.h" |
| 17 #include "base/time.h" | 17 #include "base/time.h" |
| 18 #include "chrome/browser/browser_process.h" | 18 #include "chrome/browser/browser_process.h" |
| 19 #include "chrome/browser/prefs/pref_service.h" | 19 #include "chrome/browser/prefs/pref_service.h" |
| 20 #include "chrome/browser/profiles/profile.h" | 20 #include "chrome/browser/profiles/profile.h" |
| 21 #include "chrome/browser/safe_browsing/safe_browsing_util.h" | |
| 22 #include "chrome/common/net/http_return.h" | 21 #include "chrome/common/net/http_return.h" |
| 23 #include "chrome/common/pref_names.h" | 22 #include "chrome/common/pref_names.h" |
| 24 #include "chrome/common/safe_browsing/client_model.pb.h" | 23 #include "chrome/common/safe_browsing/client_model.pb.h" |
| 25 #include "chrome/common/safe_browsing/csd.pb.h" | 24 #include "chrome/common/safe_browsing/csd.pb.h" |
| 26 #include "chrome/common/safe_browsing/safebrowsing_messages.h" | 25 #include "chrome/common/safe_browsing/safebrowsing_messages.h" |
| 27 #include "content/public/browser/browser_thread.h" | 26 #include "content/public/browser/browser_thread.h" |
| 28 #include "content/public/browser/notification_service.h" | 27 #include "content/public/browser/notification_service.h" |
| 29 #include "content/public/browser/notification_types.h" | 28 #include "content/public/browser/notification_types.h" |
| 30 #include "content/public/browser/render_process_host.h" | 29 #include "content/public/browser/render_process_host.h" |
| 31 #include "content/public/common/url_fetcher.h" | 30 #include "content/public/common/url_fetcher.h" |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 376 const net::ResponseCookies& cookies, | 375 const net::ResponseCookies& cookies, |
| 377 const std::string& data) { | 376 const std::string& data) { |
| 378 ClientPhishingResponse response; | 377 ClientPhishingResponse response; |
| 379 scoped_ptr<ClientReportInfo> info(client_phishing_reports_[source]); | 378 scoped_ptr<ClientReportInfo> info(client_phishing_reports_[source]); |
| 380 bool is_phishing = false; | 379 bool is_phishing = false; |
| 381 if (status.is_success() && RC_REQUEST_OK == response_code && | 380 if (status.is_success() && RC_REQUEST_OK == response_code && |
| 382 response.ParseFromString(data)) { | 381 response.ParseFromString(data)) { |
| 383 // Cache response, possibly flushing an old one. | 382 // Cache response, possibly flushing an old one. |
| 384 cache_[info->phishing_url] = | 383 cache_[info->phishing_url] = |
| 385 make_linked_ptr(new CacheState(response.phishy(), base::Time::Now())); | 384 make_linked_ptr(new CacheState(response.phishy(), base::Time::Now())); |
| 386 is_phishing = (response.phishy() && | 385 is_phishing = response.phishy(); |
| 387 !IsFalsePositiveResponse(info->phishing_url, response)); | |
| 388 } else { | 386 } else { |
| 389 DLOG(ERROR) << "Unable to get the server verdict for URL: " | 387 DLOG(ERROR) << "Unable to get the server verdict for URL: " |
| 390 << info->phishing_url << " status: " << status.status() << " " | 388 << info->phishing_url << " status: " << status.status() << " " |
| 391 << "response_code:" << response_code; | 389 << "response_code:" << response_code; |
| 392 } | 390 } |
| 393 if (!info->callback.is_null()) | 391 if (!info->callback.is_null()) |
| 394 info->callback.Run(info->phishing_url, is_phishing); | 392 info->callback.Run(info->phishing_url, is_phishing); |
| 395 client_phishing_reports_.erase(source); | 393 client_phishing_reports_.erase(source); |
| 396 delete source; | 394 delete source; |
| 397 } | 395 } |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 527 } | 525 } |
| 528 } | 526 } |
| 529 } | 527 } |
| 530 for (int i = 0; i < model.page_term_size(); ++i) { | 528 for (int i = 0; i < model.page_term_size(); ++i) { |
| 531 if (model.page_term(i) < 0 || model.page_term(i) > max_index) { | 529 if (model.page_term(i) < 0 || model.page_term(i) > max_index) { |
| 532 return false; | 530 return false; |
| 533 } | 531 } |
| 534 } | 532 } |
| 535 return true; | 533 return true; |
| 536 } | 534 } |
| 537 | |
| 538 // static | |
| 539 bool ClientSideDetectionService::IsFalsePositiveResponse( | |
| 540 const GURL& url, | |
| 541 const ClientPhishingResponse& response) { | |
| 542 if (!response.phishy() || response.whitelist_expression_size() == 0) { | |
| 543 return false; | |
| 544 } | |
| 545 // This whitelist is special. A particular URL gets whitelisted if it | |
| 546 // matches any of the expressions on the whitelist or if any of the whitelist | |
| 547 // entries matches the URL. | |
| 548 | |
| 549 std::string host, path, query; | |
| 550 safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query); | |
| 551 std::string canonical_url_as_pattern = host + path + query; | |
| 552 | |
| 553 std::vector<std::string> url_patterns; | |
| 554 safe_browsing_util::GeneratePatternsToCheck(url, &url_patterns); | |
| 555 | |
| 556 for (int i = 0; i < response.whitelist_expression_size(); ++i) { | |
| 557 GURL whitelisted_url(std::string("http://") + | |
| 558 response.whitelist_expression(i)); | |
| 559 if (!whitelisted_url.is_valid()) { | |
| 560 UMA_HISTOGRAM_COUNTS("SBClientPhishing.InvalidWhitelistExpression", 1); | |
| 561 continue; // Skip invalid whitelist expressions. | |
| 562 } | |
| 563 // First, we check whether the canonical URL matches any of the whitelisted | |
| 564 // expressions. | |
| 565 for (size_t j = 0; j < url_patterns.size(); ++j) { | |
| 566 if (url_patterns[j] == response.whitelist_expression(i)) { | |
| 567 return true; | |
| 568 } | |
| 569 } | |
| 570 // Second, we consider the canonical URL as an expression and we check | |
| 571 // whether any of the whitelist entries matches that expression. | |
| 572 std::vector<std::string> whitelist_patterns; | |
| 573 safe_browsing_util::GeneratePatternsToCheck(whitelisted_url, | |
| 574 &whitelist_patterns); | |
| 575 for (size_t j = 0; j < whitelist_patterns.size(); ++j) { | |
| 576 if (whitelist_patterns[j] == canonical_url_as_pattern) { | |
| 577 return true; | |
| 578 } | |
| 579 } | |
| 580 } | |
| 581 return false; | |
| 582 } | |
| 583 } // namespace safe_browsing | 535 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8854004:
Remove the check of the whitelist entries in ClientPhishingResponse. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src