Add a ModuleLoadAnalyzer which checks modules against a whitelist

chrome/browser/safe_browsing/safe_browsing_database.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
 
 #include <map>
 #include <set>
 #include <string>
@@ skipping 24 matching lines @@
  public:
   SafeBrowsingDatabaseFactory() { }
   virtual ~SafeBrowsingDatabaseFactory() { }
   virtual SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
       const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
       bool enable_download_protection,
       bool enable_client_side_whitelist,
       bool enable_download_whitelist,
       bool enable_extension_blacklist,
       bool enable_ip_blacklist,
-      bool enable_unwanted_software_list) = 0;
+      bool enable_unwanted_software_list,
+      bool enable_module_whitelist) = 0;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactory);
 };
 
 // Encapsulates on-disk databases that for safebrowsing. There are
 // four databases: browse, download, download whitelist and
 // client-side detection (csd) whitelist databases. The browse database contains
 // information about phishing and malware urls. The download database contains
 // URLs for bad binaries (e.g: those containing virus) and hash of
@@ skipping 10 matching lines @@
   // It is not thread safe.
   // The browse list and off-domain inclusion whitelist are always on;
   // availability of other lists is controlled by the flags on this method.
   static SafeBrowsingDatabase* Create(
       const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
       bool enable_download_protection,
       bool enable_client_side_whitelist,
       bool enable_download_whitelist,
       bool enable_extension_blacklist,
       bool enable_ip_blacklist,
-      bool enable_unwanted_software_list);
+      bool enable_unwanted_software_list,
+      bool enable_module_whitelist);
 
   // Makes the passed |factory| the factory used to instantiate
   // a SafeBrowsingDatabase. This is used for tests.
   static void RegisterFactory(SafeBrowsingDatabaseFactory* factory) {
     factory_ = factory;
   }
 
   virtual ~SafeBrowsingDatabase();
 
   // Initializes the database with the given filename.
@@ skipping 64 matching lines @@
   // are considered to be trusted.  The two methods below let you lookup the
   // whitelist either for a URL or an arbitrary string.  These methods will
   // return false if no match is found and true otherwise. This function is safe
   // to call from any thread.
   virtual bool ContainsDownloadWhitelistedUrl(const GURL& url) = 0;
   virtual bool ContainsDownloadWhitelistedString(const std::string& str) = 0;
 
   // Returns true if |url| is on the off-domain inclusion whitelist.
   virtual bool ContainsInclusionWhitelistedUrl(const GURL& url) = 0;
 
+  // Returns true if the given module hash is in the module whitelist.
+  // Returns false otheriwse.
+  virtual bool ContainsModuleWhitelistedString(const std::string& str) = 0;
+
   // Populates |prefix_hits| with any prefixes in |prefixes| that have matches
   // in the database, returning true if there were any matches.
   //
   // This function can ONLY be accessed from the creation thread.
   virtual bool ContainsExtensionPrefixes(
       const std::vector<SBPrefix>& prefixes,
       std::vector<SBPrefix>* prefix_hits) = 0;
 
   // Returns true iff the given IP is currently on the csd malware IP blacklist.
   // This function is safe to call from any thread.
@@ skipping 83 matching lines @@
       const base::FilePath& side_effect_free_whitelist_base_filename);
 
   // Filename for the csd malware IP blacklist database.
   static base::FilePath IpBlacklistDBFilename(
       const base::FilePath& ip_blacklist_base_filename);
 
   // Filename for the unwanted software blacklist database.
   static base::FilePath UnwantedSoftwareDBFilename(
       const base::FilePath& db_filename);
 
+  // Filename for the module whitelist database.
+  static base::FilePath ModuleWhitelistDBFilename(
+      const base::FilePath& db_filename);
+
   // Get the prefixes matching the download |urls|.
   static void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
                                      std::vector<SBPrefix>* prefixes);
 
   // SafeBrowsing Database failure types for histogramming purposes.  Explicitly
   // label new values and do not re-use old values. Also make sure to reflect
   // modifications made below in the SB2DatabaseFailure histogram enum.
   enum FailureType {
     FAILURE_DATABASE_CORRUPT = 0,
     FAILURE_DATABASE_CORRUPT_HANDLER = 1,
@@ skipping 52 matching lines @@
   // for which the store is initialized to NULL.
   SafeBrowsingDatabaseNew(
       const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
       SafeBrowsingStore* browse_store,
       SafeBrowsingStore* download_store,
       SafeBrowsingStore* csd_whitelist_store,
       SafeBrowsingStore* download_whitelist_store,
       SafeBrowsingStore* inclusion_whitelist_store,
       SafeBrowsingStore* extension_blacklist_store,
       SafeBrowsingStore* ip_blacklist_store,
-      SafeBrowsingStore* unwanted_software_store);
+      SafeBrowsingStore* unwanted_software_store,
+      SafeBrowsingStore* module_whitelist_store);
 
   ~SafeBrowsingDatabaseNew() override;
 
   // Implement SafeBrowsingDatabase interface.
   void Init(const base::FilePath& filename) override;
   bool ResetDatabase() override;
   bool ContainsBrowseUrl(const GURL& url,
                          std::vector<SBPrefix>* prefix_hits,
                          std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsBrowseHashes(const std::vector<SBFullHash>& full_hashes,
                          std::vector<SBPrefix>* prefix_hits,
                          std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsUnwantedSoftwareUrl(
       const GURL& url,
       std::vector<SBPrefix>* prefix_hits,
       std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsUnwantedSoftwareHashes(
       const std::vector<SBFullHash>& full_hashes,
       std::vector<SBPrefix>* prefix_hits,
       std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsDownloadUrlPrefixes(const std::vector<SBPrefix>& prefixes,
                                    std::vector<SBPrefix>* prefix_hits) override;
   bool ContainsCsdWhitelistedUrl(const GURL& url) override;
   bool ContainsDownloadWhitelistedUrl(const GURL& url) override;
   bool ContainsDownloadWhitelistedString(const std::string& str) override;
   bool ContainsInclusionWhitelistedUrl(const GURL& url) override;
+  bool ContainsModuleWhitelistedString(const std::string& str) override;
   bool ContainsExtensionPrefixes(const std::vector<SBPrefix>& prefixes,
                                  std::vector<SBPrefix>* prefix_hits) override;
   bool ContainsMalwareIP(const std::string& ip_address) override;
   bool UpdateStarted(std::vector<SBListChunkRanges>* lists) override;
   void InsertChunks(
       const std::string& list_name,
       const std::vector<scoped_ptr<SBChunkData>>& chunks) override;
   void DeleteChunks(const std::vector<SBChunkDelete>& chunk_deletes) override;
   void UpdateFinished(bool update_succeeded) override;
   void CacheHashResults(const std::vector<SBPrefix>& prefixes,
@@ skipping 38 matching lines @@
   class ThreadSafeStateManager {
    public:
     // Identifiers for stores held by the ThreadSafeStateManager. Allows helper
     // methods to start a transaction themselves and keep it as short as
     // possible rather than force callers to start the transaction early to pass
     // a store pointer to the said helper methods.
     enum class SBWhitelistId {
       CSD,
       DOWNLOAD,
       INCLUSION,
+      MODULE,
     };
     enum class PrefixSetId {
       BROWSE,
       UNWANTED_SOFTWARE,
     };
 
     // Obtained through BeginReadTransaction(NoLockOnMainTaskRunner)?(): a
     // ReadTransaction allows read-only observations of the
     // ThreadSafeStateManager's state. The |prefix_gethash_cache_| has a special
     // allowance to be writable from a ReadTransaction but can't benefit from
@@ skipping 20 matching lines @@
     // The sequenced task runner for this object, used to verify that its state
     // is only ever accessed from the runner.
     scoped_refptr<const base::SequencedTaskRunner> db_task_runner_;
 
     // Lock for protecting access to this class' state.
     mutable base::Lock lock_;
 
     SBWhitelist csd_whitelist_;
     SBWhitelist download_whitelist_;
     SBWhitelist inclusion_whitelist_;
+    SBWhitelist module_whitelist_;
 
     // The IP blacklist should be small.  At most a couple hundred IPs.
     IPBlacklist ip_blacklist_;
 
     // PrefixSets to speed up lookups for particularly large lists. The
     // PrefixSet themselves are never modified, instead a new one is swapped in
     // on update.
     scoped_ptr<const PrefixSet> browse_prefix_set_;
     scoped_ptr<const PrefixSet> unwanted_software_prefix_set_;
 
@@ skipping 203 matching lines @@
   //     whitelist chunks and full-length hashes.  This list only contains 256
   //     bit hashes.
   //   - |download_whitelist_store_|: For the download whitelist chunks and
   //     full-length hashes.  This list only contains 256 bit hashes.
   //   - |inclusion_whitelist_store_|: For the inclusion whitelist. Same format
   //     as |download_whitelist_store_|.
   //   - |extension_blacklist_store_|: For extension IDs.
   //   - |ip_blacklist_store_|: For IP blacklist.
   //   - |unwanted_software_store_|: For unwanted software list (format
   //     identical to browsing lists).
+  //   - |module_whitelist_store_|: For module whitelist. This list only
+  //     contains 256 bit hashes.
   //
   // The stores themselves will be modified throughout the existence of this
   // database, but shouldn't ever be swapped out (hence the const scoped_ptr --
   // which could be swapped for C++11's std::optional when that's available).
   // They are NonThreadSafe and should thus only be accessed on the database's
   // main thread as enforced by SafeBrowsingStoreFile's implementation.
   const scoped_ptr<SafeBrowsingStore> browse_store_;
   const scoped_ptr<SafeBrowsingStore> download_store_;
   const scoped_ptr<SafeBrowsingStore> csd_whitelist_store_;
   const scoped_ptr<SafeBrowsingStore> download_whitelist_store_;
   const scoped_ptr<SafeBrowsingStore> inclusion_whitelist_store_;
   const scoped_ptr<SafeBrowsingStore> extension_blacklist_store_;
   const scoped_ptr<SafeBrowsingStore> ip_blacklist_store_;
   const scoped_ptr<SafeBrowsingStore> unwanted_software_store_;
+  const scoped_ptr<SafeBrowsingStore> module_whitelist_store_;
 
   // Used to schedule resetting the database because of corruption. This factory
   // and the WeakPtrs it issues should only be used on the database's main
   // thread.
   base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_;
 };
 
 }  // namespace safe_browsing
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_