Add a ModuleLoadAnalyzer which checks modules against a whitelist

chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h

Index: chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h
diff --git a/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h b/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..a86b956b3bca4fe9c07281bae3902e86b8c8afca
--- /dev/null
+++ b/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h
@@ -0,0 +1,50 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_
+#define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_
+
+#include <vector>

[grt (UTC plus 2), 2016/02/11 15:55:00]

unused

[proberge, 2016/02/11 20:25:21]

Done.

+
+#include "base/feature_list.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/strings/string16.h"

[grt (UTC plus 2), 2016/02/11 15:55:00]

move to module_load_analyzer_win.cc

[proberge, 2016/02/11 20:25:21]

Done.

+#include "chrome/browser/install_verification/win/module_info.h"

[grt (UTC plus 2), 2016/02/11 15:55:00]

move to module_load_analyzer_win.cc

[proberge, 2016/02/11 20:25:21]

Done.

+#include "components/safe_browsing_db/database_manager.h"

[grt (UTC plus 2), 2016/02/11 15:55:00]

forward decl SafeBrowsingDatabaseManager rather than including this

[proberge, 2016/02/11 20:25:21]

Done; moved to module_load_analyzer.cc

+
+namespace safe_browsing {
+
+class IncidentReceiver;
+
+#if defined(OS_WIN)
+extern const base::Feature kIncidentReportingModuleLoadAnalysis;

[grt (UTC plus 2), 2016/02/11 15:55:00]

does this need to be in the public header? it seems to only be used in
module_load_analyzer_win.cc.

[proberge, 2016/02/11 20:25:21]

Done.

+#endif  // defined(OS_WIN)
+
+// Registers a process-wide analysis with the incident reporting service that
+// will examine modules loaded in the process.
+void RegisterModuleLoadAnalysis(
+    const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager);
+
+// Callback to pass to the incident reporting service. The incident reporting
+// service will decide when to start the analysis.
+void VerifyModuleLoadState(
+    const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
+    scoped_ptr<IncidentReceiver> incident_receiver);
+
+// Gets the names of suspicious modules that are loaded in the process and fires
+// |ReportIncidentsForSuspiciousModules|
+void GetLoadedSuspiciousModulesOnIOThread(

[grt (UTC plus 2), 2016/02/11 15:55:00]

remove these two from the public header -- they're implementation details.

[proberge, 2016/02/11 20:25:21]

Done.

+    const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
+    scoped_ptr<IncidentReceiver> incident_receiver,
+    scoped_ptr<std::set<ModuleInfo>> module_info_set);
+
+// Creates and reports |SuspiciousModuleIncident| to the incident_receiver.
+void ReportIncidentsForSuspiciousModules(
+    scoped_ptr<std::set<base::string16>> module_names,
+    scoped_ptr<IncidentReceiver> incident_receiver);
+
+}  // namespace safe_browsing
+
+#endif  // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_