Chromium Code Reviews Chromium Code Reviews
Issue 1613483003:
[SafeBrowsing] Alternate extensions should also be subject to block list. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/unverified_download_policy.h" | 5 #include "chrome/browser/safe_browsing/unverified_download_policy.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/metrics/sparse_histogram.h" | 10 #include "base/metrics/sparse_histogram.h" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 53 int uma_file_type = | 53 int uma_file_type = |
| 54 download_protection_util::GetSBClientDownloadExtensionValueForUMA(file); | 54 download_protection_util::GetSBClientDownloadExtensionValueForUMA(file); |
| 55 if (policy == UnverifiedDownloadPolicy::ALLOWED) { | 55 if (policy == UnverifiedDownloadPolicy::ALLOWED) { |
| 56 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Allowed", | 56 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Allowed", |
| 57 uma_file_type, requestor); | 57 uma_file_type, requestor); |
| 58 } else { | 58 } else { |
| 59 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Blocked", | 59 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Blocked", |
| 60 uma_file_type, requestor); | 60 uma_file_type, requestor); |
| 61 } | 61 } |
| 62 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, | 62 BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, |
| 63 base::Bind(callback, policy)); | 63 base::Bind(callback, policy)); |
| 64 } | 64 } |
| 65 | 65 |
| 66 void CheckFieldTrialOnAnyThread( | 66 void CheckFieldTrialOnAnyThread( |
| 67 const base::FilePath& file, | 67 const base::FilePath& file, |
| 68 const std::vector<base::FilePath::StringType>& alternate_extensions, | |
| 68 const GURL& requestor, | 69 const GURL& requestor, |
| 69 const UnverifiedDownloadCheckCompletionCallback& callback) { | 70 const UnverifiedDownloadCheckCompletionCallback& callback) { |
| 70 bool is_allowed = IsUnverifiedDownloadAllowedByFieldTrial(file); | 71 if (!IsUnverifiedDownloadAllowedByFieldTrial(file)) { |
| 71 RespondWithPolicy(file, callback, requestor, is_allowed | 72 RespondWithPolicy(file, callback, requestor, |
| 72 ? UnverifiedDownloadPolicy::ALLOWED | 73 UnverifiedDownloadPolicy::DISALLOWED); |
| 73 : UnverifiedDownloadPolicy::DISALLOWED); | 74 return; |
| 75 } | |
| 76 | |
| 77 for (const auto& extension : alternate_extensions) { | |
| 78 base::FilePath alternate_filename = file.AddExtension(extension); | |
| 79 if (!IsUnverifiedDownloadAllowedByFieldTrial(alternate_filename)) { | |
| 80 RespondWithPolicy(alternate_filename, callback, requestor, | |
| 81 UnverifiedDownloadPolicy::DISALLOWED); | |
| 82 return; | |
| 83 } | |
| 84 } | |
| 85 | |
| 86 RespondWithPolicy(file, callback, requestor, | |
| 87 UnverifiedDownloadPolicy::ALLOWED); | |
| 74 } | 88 } |
| 75 | 89 |
| 76 void CheckWhitelistOnIOThread( | 90 void CheckWhitelistOnIOThread( |
| 77 scoped_refptr<SafeBrowsingService> service, | 91 scoped_refptr<SafeBrowsingService> service, |
| 78 const GURL& requestor, | 92 const GURL& requestor, |
| 79 const base::FilePath& file, | 93 const base::FilePath& file, |
| 94 const std::vector<base::FilePath::StringType>& alternate_extensions, | |
| 80 const UnverifiedDownloadCheckCompletionCallback& callback) { | 95 const UnverifiedDownloadCheckCompletionCallback& callback) { |
| 81 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 96 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 82 int uma_file_type = | 97 int uma_file_type = |
| 83 download_protection_util::GetSBClientDownloadExtensionValueForUMA(file); | 98 download_protection_util::GetSBClientDownloadExtensionValueForUMA(file); |
| 84 | 99 |
| 85 if (!service || !service->enabled()) { | 100 if (!service || !service->enabled()) { |
| 86 // If the SafeBrowsing service was disabled, don't try to check against the | 101 // If the SafeBrowsing service was disabled, don't try to check against the |
| 87 // field trial list. Instead allow the download. We are assuming that if the | 102 // field trial list. Instead allow the download. We are assuming that if the |
| 88 // SafeBrowsing service was disabled for this user, then we shouldn't | 103 // SafeBrowsing service was disabled for this user, then we shouldn't |
| 89 // interefere with unverified downloads. | 104 // interefere with unverified downloads. |
| 90 RecordPolicyMetric( | 105 RecordPolicyMetric( |
| 91 "SafeBrowsing.UnverifiedDownloads.AllowedDueToDisabledService", | 106 "SafeBrowsing.UnverifiedDownloads.AllowedDueToDisabledService", |
| 92 uma_file_type, requestor); | 107 uma_file_type, requestor); |
| 93 RespondWithPolicy(file, callback, requestor, | 108 RespondWithPolicy(file, callback, requestor, |
| 94 UnverifiedDownloadPolicy::ALLOWED); | 109 UnverifiedDownloadPolicy::ALLOWED); |
| 95 return; | 110 return; |
| 96 } | 111 } |
| 97 | 112 |
| 98 if (service->database_manager() && | 113 if (service->database_manager() && |
| 99 service->database_manager()->MatchDownloadWhitelistUrl(requestor)) { | 114 service->database_manager()->MatchDownloadWhitelistUrl(requestor)) { |
| 100 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.AllowedByWhitelist", | 115 RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.AllowedByWhitelist", |
| 101 uma_file_type, requestor); | 116 uma_file_type, requestor); |
| 102 RespondWithPolicy(file, callback, requestor, | 117 RespondWithPolicy(file, callback, requestor, |
| 103 UnverifiedDownloadPolicy::ALLOWED); | 118 UnverifiedDownloadPolicy::ALLOWED); |
| 104 return; | 119 return; |
| 105 } | 120 } |
| 106 | 121 |
| 107 CheckFieldTrialOnAnyThread(file, requestor, callback); | 122 CheckFieldTrialOnAnyThread(file, alternate_extensions, requestor, callback); |
| 108 } | 123 } |
| 109 | 124 |
| 110 } // namespace | 125 } // namespace |
| 111 | 126 |
| 112 void CheckUnverifiedDownloadPolicy( | 127 void CheckUnverifiedDownloadPolicy( |
| 113 const GURL& requestor, | 128 const GURL& requestor, |
| 114 const base::FilePath& file, | 129 const base::FilePath& file, |
| 130 const std::vector<base::FilePath::StringType>& alternate_extensions, | |
| 115 const UnverifiedDownloadCheckCompletionCallback& callback) { | 131 const UnverifiedDownloadCheckCompletionCallback& callback) { |
| 132 UMA_HISTOGRAM_SPARSE_SLOWLY( | |
| 133 "SafeBrowsing.UnverifiedDownloads.AlternateExtensionCount", | |
| 134 alternate_extensions.size()); | |
|
Steven Holte
2016/01/25 18:57:29
Is there a hard limit somewhere on how large this
asanka
2016/01/25 19:53:42
Done. I added a limit of 16.
| |
| 116 if (requestor.is_valid()) { | 135 if (requestor.is_valid()) { |
| 117 scoped_refptr<SafeBrowsingService> service = | 136 scoped_refptr<SafeBrowsingService> service = |
| 118 g_browser_process->safe_browsing_service(); | 137 g_browser_process->safe_browsing_service(); |
| 119 BrowserThread::PostTask( | 138 BrowserThread::PostTask( |
| 120 BrowserThread::IO, FROM_HERE, | 139 BrowserThread::IO, FROM_HERE, |
| 121 base::Bind(&CheckWhitelistOnIOThread, service, requestor, file, | 140 base::Bind(&CheckWhitelistOnIOThread, service, requestor, file, |
| 122 callback)); | 141 alternate_extensions, callback)); |
| 123 return; | 142 return; |
| 124 } | 143 } |
| 125 | 144 |
| 126 CheckFieldTrialOnAnyThread(file, GURL(), callback); | 145 CheckFieldTrialOnAnyThread(file, alternate_extensions, GURL(), callback); |
| 127 } | 146 } |
| 128 | 147 |
| 129 } // namespace safe_browsing | 148 } // namespace safe_browsing |
| OLD | NEW |
