| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/safe_browsing/remote_database_manager.h" | |
| 6 | |
| 7 #include <vector> | |
| 8 | |
| 9 #include "base/metrics/histogram_macros.h" | |
| 10 #include "base/strings/string_number_conversions.h" | |
| 11 #include "base/strings/string_split.h" | |
| 12 #include "base/timer/elapsed_timer.h" | |
| 13 #include "chrome/browser/safe_browsing/safe_browsing_api_handler.h" | |
| 14 #include "components/variations/variations_associated_data.h" | |
| 15 #include "content/public/browser/browser_thread.h" | |
| 16 | |
| 17 using content::BrowserThread; | |
| 18 | |
| 19 namespace { | |
| 20 | |
| 21 // Android field trial for controlling types_to_check. | |
| 22 const char kAndroidFieldExperiment[] = "SafeBrowsingAndroid"; | |
| 23 const char kAndroidTypesToCheckParam[] = "types_to_check"; | |
| 24 | |
| 25 } // namespace | |
| 26 | |
| 27 namespace safe_browsing { | |
| 28 | |
| 29 // | |
| 30 // RemoteSafeBrowsingDatabaseManager::ClientRequest methods | |
| 31 // | |
| 32 class RemoteSafeBrowsingDatabaseManager::ClientRequest { | |
| 33 public: | |
| 34 ClientRequest(Client* client, | |
| 35 RemoteSafeBrowsingDatabaseManager* db_manager, | |
| 36 const GURL& url); | |
| 37 | |
| 38 static void OnRequestDoneWeak(const base::WeakPtr<ClientRequest>& req, | |
| 39 SBThreatType matched_threat_type, | |
| 40 const std::string& metadata); | |
| 41 void OnRequestDone(SBThreatType matched_threat_type, | |
| 42 const std::string& metadata); | |
| 43 | |
| 44 // Accessors | |
| 45 Client* client() const { return client_; } | |
| 46 const GURL& url() const { return url_; } | |
| 47 base::WeakPtr<ClientRequest> GetWeakPtr() { | |
| 48 return weak_factory_.GetWeakPtr(); | |
| 49 } | |
| 50 | |
| 51 private: | |
| 52 Client* client_; | |
| 53 RemoteSafeBrowsingDatabaseManager* db_manager_; | |
| 54 GURL url_; | |
| 55 base::ElapsedTimer timer_; | |
| 56 base::WeakPtrFactory<ClientRequest> weak_factory_; | |
| 57 }; | |
| 58 | |
| 59 RemoteSafeBrowsingDatabaseManager::ClientRequest::ClientRequest( | |
| 60 Client* client, | |
| 61 RemoteSafeBrowsingDatabaseManager* db_manager, | |
| 62 const GURL& url) | |
| 63 : client_(client), db_manager_(db_manager), url_(url), weak_factory_(this) { | |
| 64 } | |
| 65 | |
| 66 // Static | |
| 67 void RemoteSafeBrowsingDatabaseManager::ClientRequest::OnRequestDoneWeak( | |
| 68 const base::WeakPtr<ClientRequest>& req, | |
| 69 SBThreatType matched_threat_type, | |
| 70 const std::string& metadata) { | |
| 71 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 72 if (!req) | |
| 73 return; // Previously canceled | |
| 74 req->OnRequestDone(matched_threat_type, metadata); | |
| 75 } | |
| 76 | |
| 77 void RemoteSafeBrowsingDatabaseManager::ClientRequest::OnRequestDone( | |
| 78 SBThreatType matched_threat_type, | |
| 79 const std::string& metadata) { | |
| 80 DVLOG(1) << "OnRequestDone took " << timer_.Elapsed().InMilliseconds() | |
| 81 << " ms for client " << client_ << " and URL " << url_; | |
| 82 client_->OnCheckBrowseUrlResult(url_, matched_threat_type, metadata); | |
| 83 UMA_HISTOGRAM_TIMES("SB2.RemoteCall.Elapsed", timer_.Elapsed()); | |
| 84 // CancelCheck() will delete *this. | |
| 85 db_manager_->CancelCheck(client_); | |
| 86 } | |
| 87 | |
| 88 // | |
| 89 // RemoteSafeBrowsingDatabaseManager methods | |
| 90 // | |
| 91 | |
| 92 // TODO(nparker): Add more tests for this class | |
| 93 RemoteSafeBrowsingDatabaseManager::RemoteSafeBrowsingDatabaseManager() | |
| 94 : enabled_(false) { | |
| 95 // Decide which resource types to check. These two are the minimum. | |
| 96 resource_types_to_check_.insert(content::RESOURCE_TYPE_MAIN_FRAME); | |
| 97 resource_types_to_check_.insert(content::RESOURCE_TYPE_SUB_FRAME); | |
| 98 | |
| 99 // The param is expected to be a comma-separated list of ints | |
| 100 // corresponding to the enum types. We're keeping this finch | |
| 101 // control around so we can add back types if they later become dangerous. | |
| 102 const std::string ints_str = variations::GetVariationParamValue( | |
| 103 kAndroidFieldExperiment, kAndroidTypesToCheckParam); | |
| 104 if (ints_str.empty()) { | |
| 105 // By default, we check all types except a few. | |
| 106 static_assert(content::RESOURCE_TYPE_LAST_TYPE == | |
| 107 content::RESOURCE_TYPE_PLUGIN_RESOURCE + 1, | |
| 108 "Decide if new resource type should be skipped on mobile."); | |
| 109 for (int t_int = 0; t_int < content::RESOURCE_TYPE_LAST_TYPE; t_int++) { | |
| 110 content::ResourceType t = static_cast<content::ResourceType>(t_int); | |
| 111 switch (t) { | |
| 112 case content::RESOURCE_TYPE_STYLESHEET: | |
| 113 case content::RESOURCE_TYPE_IMAGE: | |
| 114 case content::RESOURCE_TYPE_FONT_RESOURCE: | |
| 115 case content::RESOURCE_TYPE_FAVICON: | |
| 116 break; | |
| 117 default: | |
| 118 resource_types_to_check_.insert(t); | |
| 119 } | |
| 120 } | |
| 121 } else { | |
| 122 // Use the finch param. | |
| 123 for (const std::string& val_str : base::SplitString( | |
| 124 ints_str, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { | |
| 125 int i; | |
| 126 if (base::StringToInt(val_str, &i) && i >= 0 && | |
| 127 i < content::RESOURCE_TYPE_LAST_TYPE) { | |
| 128 resource_types_to_check_.insert(static_cast<content::ResourceType>(i)); | |
| 129 } | |
| 130 } | |
| 131 } | |
| 132 } | |
| 133 | |
| 134 RemoteSafeBrowsingDatabaseManager::~RemoteSafeBrowsingDatabaseManager() { | |
| 135 DCHECK(!enabled_); | |
| 136 } | |
| 137 | |
| 138 bool RemoteSafeBrowsingDatabaseManager::IsSupported() const { | |
| 139 return SafeBrowsingApiHandler::GetInstance() != nullptr; | |
| 140 } | |
| 141 | |
| 142 safe_browsing::ThreatSource RemoteSafeBrowsingDatabaseManager::GetThreatSource() | |
| 143 const { | |
| 144 return safe_browsing::ThreatSource::REMOTE; | |
| 145 } | |
| 146 | |
| 147 bool RemoteSafeBrowsingDatabaseManager::ChecksAreAlwaysAsync() const { | |
| 148 return true; | |
| 149 } | |
| 150 | |
| 151 bool RemoteSafeBrowsingDatabaseManager::CanCheckResourceType( | |
| 152 content::ResourceType resource_type) const { | |
| 153 return resource_types_to_check_.count(resource_type) > 0; | |
| 154 } | |
| 155 | |
| 156 bool RemoteSafeBrowsingDatabaseManager::CanCheckUrl(const GURL& url) const { | |
| 157 return url.SchemeIs(url::kHttpsScheme) || url.SchemeIs(url::kHttpScheme) || | |
| 158 url.SchemeIs(url::kFtpScheme); | |
| 159 } | |
| 160 | |
| 161 bool RemoteSafeBrowsingDatabaseManager::download_protection_enabled() | |
| 162 const { | |
| 163 return false; | |
| 164 } | |
| 165 | |
| 166 bool RemoteSafeBrowsingDatabaseManager::CheckDownloadUrl( | |
| 167 const std::vector<GURL>& url_chain, | |
| 168 Client* client) { | |
| 169 NOTREACHED(); | |
| 170 return true; | |
| 171 } | |
| 172 | |
| 173 bool RemoteSafeBrowsingDatabaseManager::CheckExtensionIDs( | |
| 174 const std::set<std::string>& extension_ids, | |
| 175 Client* client) { | |
| 176 NOTREACHED(); | |
| 177 return true; | |
| 178 } | |
| 179 | |
| 180 bool RemoteSafeBrowsingDatabaseManager::MatchMalwareIP( | |
| 181 const std::string& ip_address) { | |
| 182 NOTREACHED(); | |
| 183 return false; | |
| 184 } | |
| 185 | |
| 186 bool RemoteSafeBrowsingDatabaseManager::MatchCsdWhitelistUrl(const GURL& url) { | |
| 187 NOTREACHED(); | |
| 188 return true; | |
| 189 } | |
| 190 | |
| 191 bool RemoteSafeBrowsingDatabaseManager::MatchDownloadWhitelistUrl( | |
| 192 const GURL& url) { | |
| 193 NOTREACHED(); | |
| 194 return true; | |
| 195 } | |
| 196 | |
| 197 bool RemoteSafeBrowsingDatabaseManager::MatchDownloadWhitelistString( | |
| 198 const std::string& str) { | |
| 199 NOTREACHED(); | |
| 200 return true; | |
| 201 } | |
| 202 | |
| 203 bool RemoteSafeBrowsingDatabaseManager::MatchInclusionWhitelistUrl( | |
| 204 const GURL& url) { | |
| 205 NOTREACHED(); | |
| 206 return true; | |
| 207 } | |
| 208 | |
| 209 bool RemoteSafeBrowsingDatabaseManager::IsMalwareKillSwitchOn() { | |
| 210 NOTREACHED(); | |
| 211 return true; | |
| 212 } | |
| 213 | |
| 214 bool RemoteSafeBrowsingDatabaseManager::IsCsdWhitelistKillSwitchOn() { | |
| 215 NOTREACHED(); | |
| 216 return true; | |
| 217 } | |
| 218 | |
| 219 bool RemoteSafeBrowsingDatabaseManager::CheckBrowseUrl(const GURL& url, | |
| 220 Client* client) { | |
| 221 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 222 if (!enabled_) | |
| 223 return true; | |
| 224 | |
| 225 bool can_check_url = CanCheckUrl(url); | |
| 226 UMA_HISTOGRAM_BOOLEAN("SB2.RemoteCall.CanCheckUrl", can_check_url); | |
| 227 if (!can_check_url) | |
| 228 return true; // Safe, continue right away. | |
| 229 | |
| 230 scoped_ptr<ClientRequest> req(new ClientRequest(client, this, url)); | |
| 231 std::vector<SBThreatType> threat_types; // Not currently used. | |
| 232 | |
| 233 DVLOG(1) << "Checking for client " << client << " and URL " << url; | |
| 234 SafeBrowsingApiHandler* api_handler = SafeBrowsingApiHandler::GetInstance(); | |
| 235 // This shouldn't happen since SafeBrowsingResourceThrottle checks | |
| 236 // IsSupported() ealier. | |
| 237 DCHECK(api_handler) << "SafeBrowsingApiHandler was never constructed"; | |
| 238 api_handler->StartURLCheck( | |
| 239 base::Bind(&ClientRequest::OnRequestDoneWeak, req->GetWeakPtr()), url, | |
| 240 threat_types); | |
| 241 | |
| 242 UMA_HISTOGRAM_COUNTS_10000("SB2.RemoteCall.ChecksPending", | |
| 243 current_requests_.size()); | |
| 244 current_requests_.push_back(req.release()); | |
| 245 | |
| 246 // Defer the resource load. | |
| 247 return false; | |
| 248 } | |
| 249 | |
| 250 void RemoteSafeBrowsingDatabaseManager::CancelCheck(Client* client) { | |
| 251 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 252 DCHECK(enabled_); | |
| 253 for (auto itr = current_requests_.begin(); itr != current_requests_.end(); | |
| 254 ++itr) { | |
| 255 if ((*itr)->client() == client) { | |
| 256 DVLOG(2) << "Canceling check for URL " << (*itr)->url(); | |
| 257 delete *itr; | |
| 258 current_requests_.erase(itr); | |
| 259 return; | |
| 260 } | |
| 261 } | |
| 262 NOTREACHED(); | |
| 263 } | |
| 264 | |
| 265 void RemoteSafeBrowsingDatabaseManager::StartOnIOThread() { | |
| 266 VLOG(1) << "RemoteSafeBrowsingDatabaseManager starting"; | |
| 267 enabled_ = true; | |
| 268 } | |
| 269 | |
| 270 void RemoteSafeBrowsingDatabaseManager::StopOnIOThread(bool shutdown) { | |
| 271 // |shutdown| is not used. | |
| 272 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 273 DVLOG(1) << "RemoteSafeBrowsingDatabaseManager stopping"; | |
| 274 | |
| 275 // Call back and delete any remaining clients. OnRequestDone() modifies | |
| 276 // |current_requests_|, so we make a copy first. | |
| 277 std::vector<ClientRequest*> to_callback(current_requests_); | |
| 278 for (auto req : to_callback) { | |
| 279 DVLOG(1) << "Stopping: Invoking unfinished req for URL " << req->url(); | |
| 280 req->OnRequestDone(SB_THREAT_TYPE_SAFE, std::string()); | |
| 281 } | |
| 282 enabled_ = false; | |
| 283 } | |
| 284 | |
| 285 } // namespace safe_browsing | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1579403002:
Move remote_db_manager into the safe_browsing_db component. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master