Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2591)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/safe_browsing_database.h

Issue 1643573002: Add a ModuleLoadAnalyzer which checks modules against a whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Only enable for extended reporting AND feature flag. Add unit test. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/safe_browsing/incident_reporting/module_load_analyzer_win.cc ('K') | « chrome/browser/safe_browsing/local_database_manager.cc ('k') | chrome/browser/safe_browsing/safe_browsing_database.cc » ('j') | chrome/browser/safe_browsing/safe_browsing_database.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/safe_browsing_database.h
diff --git a/chrome/browser/safe_browsing/safe_browsing_database.h b/chrome/browser/safe_browsing/safe_browsing_database.h
index cae9129d7d8995d27269650390296d7ae0052963..5f8bae32edec742e9f2835d0af8ab2f0b43e389b 100644
--- a/chrome/browser/safe_browsing/safe_browsing_database.h
+++ b/chrome/browser/safe_browsing/safe_browsing_database.h
@@ -42,7 +42,8 @@ class SafeBrowsingDatabaseFactory {
bool enable_download_whitelist,
bool enable_extension_blacklist,
bool enable_ip_blacklist,
- bool enable_unwanted_software_list) = 0;
+ bool enable_unwanted_software_list,
+ bool enable_module_whitelist) = 0;
private:
DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactory);
@@ -73,7 +74,8 @@ class SafeBrowsingDatabase {
bool enable_download_whitelist,
bool enable_extension_blacklist,
bool enable_ip_blacklist,
- bool enable_unwanted_software_list);
+ bool enable_unwanted_software_list,
+ bool enable_module_whitelist);
// Makes the passed |factory| the factory used to instantiate
// a SafeBrowsingDatabase. This is used for tests.
@@ -158,6 +160,10 @@ class SafeBrowsingDatabase {
// Returns true if |url| is on the off-domain inclusion whitelist.
virtual bool ContainsInclusionWhitelistedUrl(const GURL& url) = 0;
+ // Returns true if the given module hash is in the module whitelist.
+ // Returns false otheriwse.
+ virtual bool ContainsModuleWhitelistedString(const std::string& str) = 0;
+
// Populates |prefix_hits| with any prefixes in |prefixes| that have matches
// in the database, returning true if there were any matches.
//
@@ -261,6 +267,10 @@ class SafeBrowsingDatabase {
static base::FilePath UnwantedSoftwareDBFilename(
const base::FilePath& db_filename);
+ // Filename for the module whitelist database.
+ static base::FilePath ModuleWhitelistDBFilename(
+ const base::FilePath& db_filename);
+
// Get the prefixes matching the download |urls|.
static void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
std::vector<SBPrefix>* prefixes);
@@ -333,7 +343,8 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
SafeBrowsingStore* inclusion_whitelist_store,
SafeBrowsingStore* extension_blacklist_store,
SafeBrowsingStore* ip_blacklist_store,
- SafeBrowsingStore* unwanted_software_store);
+ SafeBrowsingStore* unwanted_software_store,
+ SafeBrowsingStore* module_whitelist_store);
~SafeBrowsingDatabaseNew() override;
@@ -360,6 +371,7 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
bool ContainsDownloadWhitelistedUrl(const GURL& url) override;
bool ContainsDownloadWhitelistedString(const std::string& str) override;
bool ContainsInclusionWhitelistedUrl(const GURL& url) override;
+ bool ContainsModuleWhitelistedString(const std::string& str) override;
bool ContainsExtensionPrefixes(const std::vector<SBPrefix>& prefixes,
std::vector<SBPrefix>* prefix_hits) override;
bool ContainsMalwareIP(const std::string& ip_address) override;
@@ -418,6 +430,7 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
CSD,
DOWNLOAD,
INCLUSION,
+ MODULE,
};
enum class PrefixSetId {
BROWSE,
@@ -458,6 +471,7 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
SBWhitelist csd_whitelist_;
SBWhitelist download_whitelist_;
SBWhitelist inclusion_whitelist_;
+ SBWhitelist module_whitelist_;
// The IP blacklist should be small. At most a couple hundred IPs.
IPBlacklist ip_blacklist_;
@@ -681,6 +695,8 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
// - |ip_blacklist_store_|: For IP blacklist.
// - |unwanted_software_store_|: For unwanted software list (format
// identical to browsing lists).
+ // - |module_whitelist_store_|: For module whitelist. This list only
+ // contains 256 bit hashes.
//
// The stores themselves will be modified throughout the existence of this
// database, but shouldn't ever be swapped out (hence the const scoped_ptr --
@@ -695,6 +711,7 @@ class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
const scoped_ptr<SafeBrowsingStore> extension_blacklist_store_;
const scoped_ptr<SafeBrowsingStore> ip_blacklist_store_;
const scoped_ptr<SafeBrowsingStore> unwanted_software_store_;
+ const scoped_ptr<SafeBrowsingStore> module_whitelist_store_;
// Used to schedule resetting the database because of corruption. This factory
// and the WeakPtrs it issues should only be used on the database's main
« chrome/browser/safe_browsing/incident_reporting/module_load_analyzer_win.cc ('K') | « chrome/browser/safe_browsing/local_database_manager.cc ('k') | chrome/browser/safe_browsing/safe_browsing_database.cc » ('j') | chrome/browser/safe_browsing/safe_browsing_database.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698