chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h - Issue 1643573002: Add a ModuleLoadAnalyzer which checks modules against a whitelist

Unified Diff: chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h

Issue 1643573002: Add a ModuleLoadAnalyzer which checks modules against a whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Only enable for extended reporting AND feature flag. Add unit test. Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/safe_browsing/incident_reporting/incident_reporting_service.h ('K') | « chrome/browser/safe_browsing/incident_reporting/incident_reporting_service.cc ('k') | chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.cc » ('j') | chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h

diff --git a/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h b/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h

new file mode 100644

index 0000000000000000000000000000000000000000..7ceed178ab69c8c506be0290062fee265e6ef26f

--- /dev/null

+++ b/chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h

@@ -0,0 +1,55 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_

+#define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_

+#include <vector>

+#include "base/feature_list.h"

+#include "base/memory/ref_counted.h"

+#include "base/memory/scoped_ptr.h"

+#include "base/memory/weak_ptr.h"

+#include "base/strings/string16.h"

+#include "components/safe_browsing_db/database_manager.h"

+namespace safe_browsing {

+class IncidentReceiver;

+#if defined(OS_WIN)

+extern const base::Feature kIncidentReportingModuleLoadAnalysis;

+#endif // defined(OS_WIN)

+class ModuleLoadAnalyzer {

+ public:

+ // Constructs an ModuleLoadAnalyzer which will use |database_manager|

+ // over the course of its lifetime. The ModuleLoadAnalyzer will check for

+ // suspicious modules loaded in Chrome.

+ explicit ModuleLoadAnalyzer(

+ const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager);

+ ~ModuleLoadAnalyzer();

+ // Callback to pass to the incident reporting service. The incident reporting

+ // service will decide when to start the analysis.

+ void VerifyModuleLoadState(scoped_ptr<IncidentReceiver> incident_receiver);

+ private:

+ // Returns the names of suspicious modules that are loaded in the process.

+ void GetLoadedSuspiciousModulesOnIOThread();

+ // Creates and reports |SuspiciousModuleIncident| to the incident_receiver_.

+ void ReportIncidentsForSuspiciousModules(

+ scoped_ptr<std::set<base::string16>> module_names);

+ scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;

+ scoped_ptr<IncidentReceiver> incident_receiver_;

+ bool abort_reporting_;

+ DISALLOW_COPY_AND_ASSIGN(ModuleLoadAnalyzer);

+};

+} // namespace safe_browsing

+#endif // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_LOAD_ANALYZER_H_