Add a killswitch for CSD malware IP match and report feature. Use a new killswitch whitelist URL wh…

chrome/browser/safe_browsing/safe_browsing_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include <algorithm>
 #include <iterator>
 
 #include "base/bind.h"
@@ skipping 49 matching lines @@
 // Maximum number of entries we allow in any of the whitelists.
 // If a whitelist on disk contains more entries then all lookups to
 // the whitelist will be considered a match.
 const size_t kMaxWhitelistSize = 5000;
 
 // If the hash of this exact expression is on a whitelist then all
 // lookups to this whitelist will be considered a match.
 const char kWhitelistKillSwitchUrl[] =
     "sb-ssl.google.com/safebrowsing/csd/killswitch";  // Don't change this!
 
+// If the hash of this exact expression is on a whitelist then the
+// malware IP blacklisting feature will be disabled in csd.
+// Don't change this!
+const char kMalwareIPKillSwitchUrl[] =
+    "sb-ssl.google.com/safebrowsing/csd/killswitch_malware";
+
 // To save space, the incoming |chunk_id| and |list_id| are combined
 // into an |encoded_chunk_id| for storage by shifting the |list_id|
 // into the low-order bits.  These functions decode that information.
 // TODO(lzheng): It was reasonable when database is saved in sqlite, but
 // there should be better ways to save chunk_id and list_id after we use
 // SafeBrowsingStoreFile.
 int GetListIdBit(const int encoded_chunk_id) {
   return encoded_chunk_id & 1;
 }
 int DecodeChunkId(int encoded_chunk_id) {
@@ skipping 340 matching lines @@
   UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
                             FAILURE_DATABASE_MAX);
 }
 
 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew()
     : creation_loop_(MessageLoop::current()),
       browse_store_(new SafeBrowsingStoreFile),
       download_store_(NULL),
       csd_whitelist_store_(NULL),
       download_whitelist_store_(NULL),
+      csd_malware_ipmatch_killswitch_on_(false),
       reset_factory_(this),
       corruption_detected_(false),
       change_detected_(false) {
   DCHECK(browse_store_.get());
   DCHECK(!download_store_.get());
   DCHECK(!csd_whitelist_store_.get());
   DCHECK(!download_whitelist_store_.get());
   DCHECK(!extension_blacklist_store_.get());
 }
 
@@ skipping 58 matching lines @@
 
   if (csd_whitelist_store_.get()) {
     csd_whitelist_filename_ = CsdWhitelistDBFilename(filename_base);
     csd_whitelist_store_->Init(
         csd_whitelist_filename_,
         base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
                    base::Unretained(this)));
     DVLOG(1) << "Init csd whitelist store: " << csd_whitelist_filename_.value();
     std::vector<SBAddFullHash> full_hashes;
     if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) {
-      LoadWhitelist(full_hashes, &csd_whitelist_);
+      LoadWhitelist(full_hashes, &csd_whitelist_, true);
     } else {
       WhitelistEverything(&csd_whitelist_);
     }
   } else {
     WhitelistEverything(&csd_whitelist_);  // Just to be safe.
   }
 
   if (download_whitelist_store_.get()) {
     download_whitelist_filename_ = DownloadWhitelistDBFilename(filename_base);
     download_whitelist_store_->Init(
         download_whitelist_filename_,
         base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
                    base::Unretained(this)));
     DVLOG(1) << "Init download whitelist store: "
              << download_whitelist_filename_.value();
     std::vector<SBAddFullHash> full_hashes;
     if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) {
-      LoadWhitelist(full_hashes, &download_whitelist_);
+      LoadWhitelist(full_hashes, &download_whitelist_, false);
     } else {
       WhitelistEverything(&download_whitelist_);
     }
   } else {
     WhitelistEverything(&download_whitelist_);  // Just to be safe.
   }
 
   if (extension_blacklist_store_.get()) {
     extension_blacklist_filename_ = ExtensionBlacklistDBFilename(filename_base);
     extension_blacklist_store_->Init(
@@ skipping 557 matching lines @@
         download_filename_,
         download_store_.get(),
         FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
     UMA_HISTOGRAM_COUNTS("SB2.DownloadDatabaseKilobytes",
                          static_cast<int>(size_bytes / 1024));
   }
 
   UpdateBrowseStore();
   UpdateWhitelistStore(csd_whitelist_filename_,
                        csd_whitelist_store_.get(),
-                       &csd_whitelist_);
+                       &csd_whitelist_, true);
   UpdateWhitelistStore(download_whitelist_filename_,
                        download_whitelist_store_.get(),
-                       &download_whitelist_);
+                       &download_whitelist_, false);
 
   if (extension_blacklist_store_) {
     int64 size_bytes = UpdateHashPrefixStore(
         extension_blacklist_filename_,
         extension_blacklist_store_.get(),
         FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH);
     UMA_HISTOGRAM_COUNTS("SB2.ExtensionBlacklistKilobytes",
                          static_cast<int>(size_bytes / 1024));
   }
 }
 
 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
     const base::FilePath& store_filename,
     SafeBrowsingStore* store,
-    SBWhitelist* whitelist) {
+    SBWhitelist* whitelist,
+    bool check_malware_killswitch) {
   if (!store)
     return;
 
   // For the whitelists, we don't cache and save full hashes since all
   // hashes are already full.
   std::vector<SBAddFullHash> empty_add_hashes;
 
   // Not needed for the whitelists.
   std::set<SBPrefix> empty_miss_cache;
 
   // Note: prefixes will not be empty.  The current data store implementation
   // stores all full-length hashes as both full and prefix hashes.
   SBAddPrefixes prefixes;
   std::vector<SBAddFullHash> full_hashes;
   if (!store->FinishUpdate(empty_add_hashes, empty_miss_cache, &prefixes,
                            &full_hashes)) {
     RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH);
     WhitelistEverything(whitelist);
     return;
   }
 
 #if defined(OS_MACOSX)
   base::mac::SetFileBackupExclusion(store_filename);
 #endif
 
-  LoadWhitelist(full_hashes, whitelist);
+  LoadWhitelist(full_hashes, whitelist, check_malware_killswitch);
 }
 
 int64 SafeBrowsingDatabaseNew::UpdateHashPrefixStore(
     const base::FilePath& store_filename,
     SafeBrowsingStore* store,
     FailureType failure_type) {
   // We don't cache and save full hashes.
   std::vector<SBAddFullHash> empty_add_hashes;
 
   // Backend lookup happens only if a prefix is in add list.
@@ skipping 231 matching lines @@
 }
 
 void SafeBrowsingDatabaseNew::WhitelistEverything(SBWhitelist* whitelist) {
   base::AutoLock locked(lookup_lock_);
   whitelist->second = true;
   whitelist->first.clear();
 }
 
 void SafeBrowsingDatabaseNew::LoadWhitelist(
     const std::vector<SBAddFullHash>& full_hashes,
-    SBWhitelist* whitelist) {
+    SBWhitelist* whitelist,
+    bool check_malware_killswitch) {
   DCHECK_EQ(creation_loop_, MessageLoop::current());
   if (full_hashes.size() > kMaxWhitelistSize) {
     WhitelistEverything(whitelist);
     return;
   }
 
   std::vector<SBFullHash> new_whitelist;
   new_whitelist.reserve(full_hashes.size());
   for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
        it != full_hashes.end(); ++it) {
     new_whitelist.push_back(it->full_hash);
   }
   std::sort(new_whitelist.begin(), new_whitelist.end());
 
   SBFullHash kill_switch;
   crypto::SHA256HashString(kWhitelistKillSwitchUrl, &kill_switch,
                            sizeof(kill_switch));
   if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
                          kill_switch)) {
     // The kill switch is whitelisted hence we whitelist all URLs.
     WhitelistEverything(whitelist);
   } else {
     base::AutoLock locked(lookup_lock_);
     whitelist->second = false;
     whitelist->first.swap(new_whitelist);
   }
+
+  // The killswitch is only in csd_whitelist, not download_whitelist
+  if (!check_malware_killswitch) {

[mattm, 2013/05/21 02:14:09]

I tihnk it would be clearer to move the check into the calling function rather
than having this arg for this function to special case it.

Actually I wonder if it would be acceptable to just make
MalwareIPMatchKillSwitchOn itself do a search (just call
ContainsWhitelistedHashes?) rather than having the result stored as a bool
member of the class?

[kewang, 2013/05/22 10:14:00]

I think this is a good idea. changed to call ContainsWhitelistedHashes.

+    return;
+  }
+
+  SBFullHash malware_kill_switch;
+  crypto::SHA256HashString(kMalwareIPKillSwitchUrl, &malware_kill_switch,
+                           sizeof(malware_kill_switch));
+  if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),

[mattm, 2013/05/21 02:14:09]

I think this is a bug, new_whitelist here will actually be the old whitelist
unless the new whitelist also containts the CSD kill switch url ( due to
whitelist->first.swap(new_whitelist) above.)

I guses the unittest should also test the malware kill switch independently of
the csd whitelist killswitch.

[kewang, 2013/05/22 10:14:00]

removed this part totally.

+                         malware_kill_switch)) {
+    // Turn on the malware IP matching kill switch
+    base::AutoLock locked(lookup_lock_);
+    csd_malware_ipmatch_killswitch_on_ = true;
+  } else {
+    // Turn off the malware IP matching kill switch
+    base::AutoLock locked(lookup_lock_);
+    csd_malware_ipmatch_killswitch_on_ = false;
+  }
 }
+
+
+bool SafeBrowsingDatabaseNew::MalwareIPMatchKillSwitchOn() {
+  base::AutoLock locked(lookup_lock_);
+  return csd_malware_ipmatch_killswitch_on_;
+};