Support new Safe Browsing list "goog-badresource-shavar" in SafeBrowsingDatabase.

chrome/browser/safe_browsing/safe_browsing_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include <stddef.h>
 #include <stdint.h>
 #include <algorithm>
 #include <iterator>
@@ skipping 54 matching lines @@
 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] =
     FILE_PATH_LITERAL(" Side-Effect Free Whitelist");
 // Filename suffix for the csd malware IP blacklist store.
 const base::FilePath::CharType kIPBlacklistDBFile[] =
     FILE_PATH_LITERAL(" IP Blacklist");
 // Filename suffix for the unwanted software blacklist store.
 const base::FilePath::CharType kUnwantedSoftwareDBFile[] =
     FILE_PATH_LITERAL(" UwS List");
 const base::FilePath::CharType kModuleWhitelistDBFile[] =
     FILE_PATH_LITERAL(" Module Whitelist");
+// Filename suffix for the resource blacklist store.
+const base::FilePath::CharType kResourceBlacklistDBFile[] =
+    FILE_PATH_LITERAL(" Resource Blacklist");
 
 // Filename suffix for browse store.
 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
 // Unfortunately, to change the name implies lots of transition code
 // for little benefit.  If/when file formats change (say to put all
 // the data in one file), that would be a convenient point to rectify
 // this.
 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
 
 // Maximum number of entries we allow in any of the whitelists, excluding the
@@ skipping 201 matching lines @@
       bool enable_module_whitelist) override {
     return new SafeBrowsingDatabaseNew(
         db_task_runner, CreateStore(true, db_task_runner),  // browse_store
         CreateStore(enable_download_protection, db_task_runner),
         CreateStore(enable_client_side_whitelist, db_task_runner),
         CreateStore(enable_download_whitelist, db_task_runner),
         CreateStore(true, db_task_runner),  // inclusion_whitelist_store
         CreateStore(enable_extension_blacklist, db_task_runner),
         CreateStore(enable_ip_blacklist, db_task_runner),
         CreateStore(enable_unwanted_software_list, db_task_runner),
-        CreateStore(enable_module_whitelist, db_task_runner));
+        CreateStore(enable_module_whitelist, db_task_runner),
+        CreateStore(true, db_task_runner));  // resource_blacklist_store
   }
 
   SafeBrowsingDatabaseFactoryImpl() {}
 
  private:
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl);
 };
 
 // static
 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL;
@@ skipping 90 matching lines @@
   return base::FilePath(db_filename.value() + kUnwantedSoftwareDBFile);
 }
 
 // static
 base::FilePath SafeBrowsingDatabase::ModuleWhitelistDBFilename(
     const base::FilePath& db_filename) {
   return base::FilePath(db_filename.value() + kModuleWhitelistDBFile);
 }
 
 // static
+base::FilePath SafeBrowsingDatabase::ResourceBlacklistDBFilename(
+      const base::FilePath& db_filename) {
+  return base::FilePath(db_filename.value() + kResourceBlacklistDBFile);
+}
+
+// static
 void SafeBrowsingDatabase::GetDownloadUrlPrefixes(
     const std::vector<GURL>& urls,
     std::vector<SBPrefix>* prefixes) {
   std::vector<SBFullHash> full_hashes;
   for (size_t i = 0; i < urls.size(); ++i)
     UrlToFullHashes(urls[i], false, &full_hashes);
 
   for (size_t i = 0; i < full_hashes.size(); ++i)
     prefixes->push_back(full_hashes[i].prefix);
 }
@@ skipping 13 matching lines @@
   } else if (list_id == INCLUSIONWHITELIST) {
     return inclusion_whitelist_store_.get();
   } else if (list_id == EXTENSIONBLACKLIST) {
     return extension_blacklist_store_.get();
   } else if (list_id == IPBLACKLIST) {
     return ip_blacklist_store_.get();
   } else if (list_id == UNWANTEDURL) {
     return unwanted_software_store_.get();
   } else if (list_id == MODULEWHITELIST) {
     return module_whitelist_store_.get();
+  } else if (list_id == RESOURCEBLACKLIST) {
+    return resource_blacklist_store_.get();
   }
   return NULL;
 }
 
 // static
 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) {
   UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
                             FAILURE_DATABASE_MAX);
 }
 
@@ skipping 167 matching lines @@
 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew(
     const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
     SafeBrowsingStore* browse_store,
     SafeBrowsingStore* download_store,
     SafeBrowsingStore* csd_whitelist_store,
     SafeBrowsingStore* download_whitelist_store,
     SafeBrowsingStore* inclusion_whitelist_store,
     SafeBrowsingStore* extension_blacklist_store,
     SafeBrowsingStore* ip_blacklist_store,
     SafeBrowsingStore* unwanted_software_store,
-    SafeBrowsingStore* module_whitelist_store)
+    SafeBrowsingStore* module_whitelist_store,
+    SafeBrowsingStore* resource_blacklist_store)
     : db_task_runner_(db_task_runner),
       state_manager_(db_task_runner_),
       db_state_manager_(db_task_runner_),
       browse_store_(browse_store),
       download_store_(download_store),
       csd_whitelist_store_(csd_whitelist_store),
       download_whitelist_store_(download_whitelist_store),
       inclusion_whitelist_store_(inclusion_whitelist_store),
       extension_blacklist_store_(extension_blacklist_store),
       ip_blacklist_store_(ip_blacklist_store),
       unwanted_software_store_(unwanted_software_store),
       module_whitelist_store_(module_whitelist_store),
+      resource_blacklist_store_(resource_blacklist_store),
       reset_factory_(this) {
   DCHECK(browse_store_.get());
 }
 
 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() {
   // The DCHECK is disabled due to crbug.com/338486 .
   // DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
 }
 
 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) {
@@ skipping 144 matching lines @@
     if (module_whitelist_store_->GetAddFullHashes(&full_hashes)) {
       LoadWhitelist(full_hashes, SBWhitelistId::MODULE);
     } else {
       state_manager_.BeginWriteTransaction()->WhitelistEverything(
           SBWhitelistId::MODULE);
     }
   } else {
     state_manager_.BeginWriteTransaction()->WhitelistEverything(
         SBWhitelistId::MODULE);  // Just to be safe.
   }
+
+  if (resource_blacklist_store_.get()) {
+    resource_blacklist_store_->Init(
+        ResourceBlacklistDBFilename(db_state_manager_.filename_base()),
+        base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
+                   base::Unretained(this)));
+  }
 }
 
 bool SafeBrowsingDatabaseNew::ResetDatabase() {
   DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
 
   // Delete files on disk.
   // TODO(shess): Hard to see where one might want to delete without a
   // reset.  Perhaps inline |Delete()|?
   if (!Delete())
     return false;
@@ skipping 162 matching lines @@
              << " mask:" << base::HexEncode(mask.data(), mask.size())
              << " subnet:" << base::HexEncode(subnet.data(), subnet.size())
              << " hash:" << base::HexEncode(hash.data(), hash.size());
     if (it->second.count(hash) > 0) {
       return true;
     }
   }
   return false;
 }
 
+bool SafeBrowsingDatabaseNew::ContainsResourceUrlPrefixes(
+    const std::vector<SBPrefix>& prefixes,
+    std::vector<SBPrefix>* prefix_hits) {
+  DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
+
+  if (!resource_blacklist_store_)
+    return false;
+
+  return MatchAddPrefixes(resource_blacklist_store_.get(),
+                          RESOURCEBLACKLIST % 2, prefixes, prefix_hits);
+}
+
 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString(
     const std::string& str) {
   std::vector<SBFullHash> hashes;
   hashes.push_back(SBFullHashForString(str));
   return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, hashes);
 }
 
 bool SafeBrowsingDatabaseNew::ContainsModuleWhitelistedString(
     const std::string& str) {
   std::vector<SBFullHash> hashes;
@@ skipping 224 matching lines @@
     return false;
   }
 
   if (module_whitelist_store_.get() &&
       !module_whitelist_store_->BeginUpdate()) {
     RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
     HandleCorruptDatabase();
     return false;
   }
 
+  if (resource_blacklist_store_ && !resource_blacklist_store_->BeginUpdate()) {
+    RecordFailure(FAILURE_RESOURCE_BLACKLIST_UPDATE_BEGIN);
+    HandleCorruptDatabase();
+    return false;
+  }
+
   // Cached fullhash results must be cleared on every database update (whether
   // successful or not).
   state_manager_.BeginWriteTransaction()->clear_prefix_gethash_cache();
 
   UpdateChunkRangesForLists(browse_store_.get(), kMalwareList, kPhishingList,
                             lists);
 
   // NOTE(shess): |download_store_| used to contain kBinHashList, which has been
   // deprecated.  Code to delete the list from the store shows ~15k hits/day as
   // of Feb 2014, so it has been removed.  Everything _should_ be resilient to
@@ skipping 12 matching lines @@
                            kExtensionBlacklist, lists);
 
   UpdateChunkRangesForList(ip_blacklist_store_.get(), kIPBlacklist, lists);
 
   UpdateChunkRangesForList(unwanted_software_store_.get(), kUnwantedUrlList,
                            lists);
 
   UpdateChunkRangesForList(module_whitelist_store_.get(), kModuleWhitelist,
                            lists);
 
+  UpdateChunkRangesForList(resource_blacklist_store_.get(), kResourceBlacklist,
+                           lists);
+
   db_state_manager_.reset_corruption_detected();
   db_state_manager_.reset_change_detected();
   return true;
 }
 
 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
   DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
 
   // The update may have failed due to corrupt storage (for instance,
   // an excessive number of invalid add_chunks and sub_chunks).
@@ skipping 31 matching lines @@
     }
 
     if (unwanted_software_store_ &&
         !unwanted_software_store_->CheckValidity()) {
       DLOG(ERROR) << "Unwanted software url list database corrupt.";
     }
 
     if (module_whitelist_store_ && !module_whitelist_store_->CheckValidity()) {
       DLOG(ERROR) << "Module digest whitelist database corrupt.";
     }
+
+    if (resource_blacklist_store_ &&
+        !resource_blacklist_store_->CheckValidity()) {
+      DLOG(ERROR) << "Resources blacklist url list database corrupt.";
+    }
   }
 
   if (db_state_manager_.corruption_detected())
     return;
 
   // Unroll the transaction if there was a protocol error or if the
   // transaction was empty.  This will leave the prefix set, the
   // pending hashes, and the prefix miss cache in place.
   if (!update_succeeded || !db_state_manager_.change_detected()) {
     // Track empty updates to answer questions at http://crbug.com/72216 .
     if (update_succeeded && !db_state_manager_.change_detected())
       UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
     browse_store_->CancelUpdate();
     if (download_store_.get())
       download_store_->CancelUpdate();
     if (csd_whitelist_store_.get())
       csd_whitelist_store_->CancelUpdate();
     if (download_whitelist_store_.get())
       download_whitelist_store_->CancelUpdate();
     if (inclusion_whitelist_store_.get())
       inclusion_whitelist_store_->CancelUpdate();
     if (extension_blacklist_store_)
       extension_blacklist_store_->CancelUpdate();
     if (ip_blacklist_store_)
       ip_blacklist_store_->CancelUpdate();
     if (unwanted_software_store_)
       unwanted_software_store_->CancelUpdate();
     if (module_whitelist_store_)
       module_whitelist_store_->CancelUpdate();
+    if (resource_blacklist_store_)
+      resource_blacklist_store_->CancelUpdate();
     return;
   }
 
   if (download_store_) {
     UpdateHashPrefixStore(DownloadDBFilename(db_state_manager_.filename_base()),
                           download_store_.get(),
                           FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
   }
 
   UpdatePrefixSetUrlStore(BrowseDBFilename(db_state_manager_.filename_base()),
@@ skipping 27 matching lines @@
         unwanted_software_store_.get(), PrefixSetId::UNWANTED_SOFTWARE,
         FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH,
         FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE, true);
   }
 
   if (module_whitelist_store_) {
     UpdateWhitelistStore(
         ModuleWhitelistDBFilename(db_state_manager_.filename_base()),
         module_whitelist_store_.get(), SBWhitelistId::MODULE);
   }
+
+  if (resource_blacklist_store_) {
+    UpdateHashPrefixStore(
+        ResourceBlacklistDBFilename(db_state_manager_.filename_base()),
+        resource_blacklist_store_.get(),
+        FAILURE_RESOURCE_BLACKLIST_UPDATE_FINISH);
+  }
 }
 
 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
     const base::FilePath& store_filename,
     SafeBrowsingStore* store,
     SBWhitelistId whitelist_id) {
   DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
 
   if (!store)
     return;
@@ skipping 263 matching lines @@
   const bool r9 = base::DeleteFile(
       IpBlacklistDBFilename(db_state_manager_.filename_base()), false);
   if (!r9)
     RecordFailure(FAILURE_IP_BLACKLIST_DELETE);
 
   const bool r10 = base::DeleteFile(
       UnwantedSoftwareDBFilename(db_state_manager_.filename_base()), false);
   if (!r10)
     RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
 
-  return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10;
+  const bool r11 = base::DeleteFile(
+      ResourceBlacklistDBFilename(db_state_manager_.filename_base()), false);
+  if (!r11)
+    RecordFailure(FAILURE_RESOURCE_BLACKLIST_DELETE);
+
+  return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10 && r11;
 }
 
 void SafeBrowsingDatabaseNew::WritePrefixSet(const base::FilePath& db_filename,
                                              PrefixSetId prefix_set_id,
                                              FailureType write_failure_type) {
   DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
 
   // Do not grab the lock to avoid contention while writing to disk. This is
   // safe as only this task runner can ever modify |state_manager_|'s prefix
   // sets anyways.
@@ skipping 155 matching lines @@
     histogram_name.append(".ExtensionBlacklist");
   else if (base::EndsWith(filename, kIPBlacklistDBFile,
                           base::CompareCase::SENSITIVE))
     histogram_name.append(".IPBlacklist");
   else if (base::EndsWith(filename, kUnwantedSoftwareDBFile,
                           base::CompareCase::SENSITIVE))
     histogram_name.append(".UnwantedSoftware");
   else if (base::EndsWith(filename, kModuleWhitelistDBFile,
                           base::CompareCase::SENSITIVE))
     histogram_name.append(".ModuleWhitelist");
+  else if (base::EndsWith(filename, kResourceBlacklistDBFile,
+                          base::CompareCase::SENSITIVE))
+    histogram_name.append(".ResourceBlacklist");
   else
     NOTREACHED();  // Add support for new lists above.
 
   // Histogram properties as in UMA_HISTOGRAM_COUNTS macro.
   base::HistogramBase* histogram_pointer = base::Histogram::FactoryGet(
       histogram_name, 1, 1000000, 50,
       base::HistogramBase::kUmaTargetedHistogramFlag);
 
   histogram_pointer->Add(file_size_kilobytes);
 }
 
 }  // namespace safe_browsing