| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/client_side_detection_host.h" | 5 #include "chrome/browser/safe_browsing/client_side_detection_host.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/metrics/histogram.h" | 12 #include "base/metrics/histogram.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/sequenced_task_runner_helpers.h" | 14 #include "base/sequenced_task_runner_helpers.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "chrome/browser/browser_process.h" | 16 #include "chrome/browser/browser_process.h" |
| 17 #include "chrome/browser/profiles/profile.h" | 17 #include "chrome/browser/profiles/profile.h" |
| 18 #include "chrome/browser/safe_browsing/browser_feature_extractor.h" | 18 #include "chrome/browser/safe_browsing/browser_feature_extractor.h" |
| 19 #include "chrome/browser/safe_browsing/client_side_detection_service.h" | 19 #include "chrome/browser/safe_browsing/client_side_detection_service.h" |
| 20 #include "chrome/browser/safe_browsing/database_manager.h" | 20 #include "chrome/browser/safe_browsing/database_manager.h" |
| 21 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 21 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 22 #include "chrome/common/chrome_switches.h" | |
| 23 #include "chrome/common/chrome_version_info.h" | |
| 24 #include "chrome/common/pref_names.h" | 22 #include "chrome/common/pref_names.h" |
| 25 #include "chrome/common/safe_browsing/csd.pb.h" | 23 #include "chrome/common/safe_browsing/csd.pb.h" |
| 26 #include "chrome/common/safe_browsing/safebrowsing_messages.h" | 24 #include "chrome/common/safe_browsing/safebrowsing_messages.h" |
| 27 #include "content/public/browser/browser_thread.h" | 25 #include "content/public/browser/browser_thread.h" |
| 28 #include "content/public/browser/navigation_controller.h" | 26 #include "content/public/browser/navigation_controller.h" |
| 29 #include "content/public/browser/navigation_details.h" | 27 #include "content/public/browser/navigation_details.h" |
| 30 #include "content/public/browser/navigation_entry.h" | 28 #include "content/public/browser/navigation_entry.h" |
| 31 #include "content/public/browser/notification_details.h" | 29 #include "content/public/browser/notification_details.h" |
| 32 #include "content/public/browser/notification_source.h" | 30 #include "content/public/browser/notification_source.h" |
| 33 #include "content/public/browser/notification_types.h" | 31 #include "content/public/browser/notification_types.h" |
| 34 #include "content/public/browser/render_process_host.h" | 32 #include "content/public/browser/render_process_host.h" |
| 35 #include "content/public/browser/render_view_host.h" | 33 #include "content/public/browser/render_view_host.h" |
| 36 #include "content/public/browser/resource_request_details.h" | 34 #include "content/public/browser/resource_request_details.h" |
| 37 #include "content/public/browser/web_contents.h" | 35 #include "content/public/browser/web_contents.h" |
| 38 #include "content/public/common/frame_navigate_params.h" | 36 #include "content/public/common/frame_navigate_params.h" |
| 39 #include "url/gurl.h" | 37 #include "url/gurl.h" |
| 40 | 38 |
| 41 using content::BrowserThread; | 39 using content::BrowserThread; |
| 42 using content::NavigationEntry; | 40 using content::NavigationEntry; |
| 43 using content::ResourceRequestDetails; | 41 using content::ResourceRequestDetails; |
| 44 using content::WebContents; | 42 using content::WebContents; |
| 45 | 43 |
| 46 namespace safe_browsing { | 44 namespace safe_browsing { |
| 47 | 45 |
| 48 const int ClientSideDetectionHost::kMaxUrlsPerIP = 20; | 46 const int ClientSideDetectionHost::kMaxUrlsPerIP = 20; |
| 49 const int ClientSideDetectionHost::kMaxIPsPerBrowse = 200; | 47 const int ClientSideDetectionHost::kMaxIPsPerBrowse = 200; |
| 50 | 48 |
| 51 const char kSafeBrowsingMatchKey[] = "safe_browsing_match"; | 49 const char kSafeBrowsingMatchKey[] = "safe_browsing_match"; |
| 52 | 50 |
| 51 typedef base::Callback<void(bool)> ShouldClassifyUrlCallback; |
| 52 |
| 53 // This class is instantiated each time a new toplevel URL loads, and | 53 // This class is instantiated each time a new toplevel URL loads, and |
| 54 // asynchronously checks whether the phishing classifier should run for this | 54 // asynchronously checks whether the malware and phishing classifiers should run |
| 55 // URL. If so, it notifies the renderer with a StartPhishingDetection IPC. | 55 // for this URL. If so, it notifies the host class by calling the provided |
| 56 // Objects of this class are ref-counted and will be destroyed once nobody | 56 // callback form the UI thread. Objects of this class are ref-counted and will |
| 57 // uses it anymore. If |web_contents|, |csd_service| or |host| go away you need | 57 // be destroyed once nobody uses it anymore. If |web_contents|, |csd_service| |
| 58 // to call Cancel(). We keep the |database_manager| alive in a ref pointer for | 58 // or |host| go away you need to call Cancel(). We keep the |database_manager| |
| 59 // as long as it takes. | 59 // alive in a ref pointer for as long as it takes. |
| 60 class ClientSideDetectionHost::ShouldClassifyUrlRequest | 60 class ClientSideDetectionHost::ShouldClassifyUrlRequest |
| 61 : public base::RefCountedThreadSafe< | 61 : public base::RefCountedThreadSafe< |
| 62 ClientSideDetectionHost::ShouldClassifyUrlRequest> { | 62 ClientSideDetectionHost::ShouldClassifyUrlRequest> { |
| 63 public: | 63 public: |
| 64 ShouldClassifyUrlRequest(const content::FrameNavigateParams& params, | 64 ShouldClassifyUrlRequest( |
| 65 WebContents* web_contents, | 65 const content::FrameNavigateParams& params, |
| 66 ClientSideDetectionService* csd_service, | 66 const ShouldClassifyUrlCallback& start_phishing_classification, |
| 67 SafeBrowsingDatabaseManager* database_manager, | 67 const ShouldClassifyUrlCallback& start_malware_classification, |
| 68 ClientSideDetectionHost* host) | 68 WebContents* web_contents, |
| 69 : canceled_(false), | 69 ClientSideDetectionService* csd_service, |
| 70 params_(params), | 70 SafeBrowsingDatabaseManager* database_manager, |
| 71 ClientSideDetectionHost* host) |
| 72 : params_(params), |
| 71 web_contents_(web_contents), | 73 web_contents_(web_contents), |
| 72 csd_service_(csd_service), | 74 csd_service_(csd_service), |
| 73 database_manager_(database_manager), | 75 database_manager_(database_manager), |
| 74 host_(host) { | 76 host_(host), |
| 77 start_phishing_classification_cb_(start_phishing_classification), |
| 78 start_malware_classification_cb_(start_malware_classification) { |
| 75 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 79 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 76 DCHECK(web_contents_); | 80 DCHECK(web_contents_); |
| 77 DCHECK(csd_service_); | 81 DCHECK(csd_service_); |
| 78 DCHECK(database_manager_.get()); | 82 DCHECK(database_manager_.get()); |
| 79 DCHECK(host_); | 83 DCHECK(host_); |
| 80 } | 84 } |
| 81 | 85 |
| 82 void Start() { | 86 void Start() { |
| 83 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 87 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 84 | 88 |
| 85 // We start by doing some simple checks that can run on the UI thread. | 89 // We start by doing some simple checks that can run on the UI thread. |
| 86 UMA_HISTOGRAM_COUNTS("SBClientPhishing.ClassificationStart", 1); | 90 UMA_HISTOGRAM_COUNTS("SBClientPhishing.ClassificationStart", 1); |
| 91 UMA_HISTOGRAM_COUNTS("SBClientMalware.ClassificationStart", 1); |
| 87 | 92 |
| 88 // Only classify [X]HTML documents. | 93 // Only classify [X]HTML documents. |
| 89 if (params_.contents_mime_type != "text/html" && | 94 if (params_.contents_mime_type != "text/html" && |
| 90 params_.contents_mime_type != "application/xhtml+xml") { | 95 params_.contents_mime_type != "application/xhtml+xml") { |
| 91 VLOG(1) << "Skipping phishing classification for URL: " << params_.url | 96 VLOG(1) << "Skipping phishing classification for URL: " << params_.url |
| 92 << " because it has an unsupported MIME type: " | 97 << " because it has an unsupported MIME type: " |
| 93 << params_.contents_mime_type; | 98 << params_.contents_mime_type; |
| 94 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", | 99 DontClassifyForPhishing(NO_CLASSIFY_UNSUPPORTED_MIME_TYPE); |
| 95 NO_CLASSIFY_UNSUPPORTED_MIME_TYPE, | |
| 96 NO_CLASSIFY_MAX); | |
| 97 return; | |
| 98 } | 100 } |
| 99 | 101 |
| 100 if (csd_service_->IsPrivateIPAddress(params_.socket_address.host())) { | 102 if (csd_service_->IsPrivateIPAddress(params_.socket_address.host())) { |
| 101 VLOG(1) << "Skipping phishing classification for URL: " << params_.url | 103 VLOG(1) << "Skipping phishing classification for URL: " << params_.url |
| 102 << " because of hosting on private IP: " | 104 << " because of hosting on private IP: " |
| 103 << params_.socket_address.host(); | 105 << params_.socket_address.host(); |
| 104 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", | 106 DontClassifyForPhishing(NO_CLASSIFY_PRIVATE_IP); |
| 105 NO_CLASSIFY_PRIVATE_IP, | 107 DontClassifyForMalware(NO_CLASSIFY_PRIVATE_IP); |
| 106 NO_CLASSIFY_MAX); | |
| 107 return; | |
| 108 } | 108 } |
| 109 | 109 |
| 110 // Don't run the phishing classifier if the tab is incognito. | 110 // Don't run any classifier if the tab is incognito. |
| 111 if (web_contents_->GetBrowserContext()->IsOffTheRecord()) { | 111 if (web_contents_->GetBrowserContext()->IsOffTheRecord()) { |
| 112 VLOG(1) << "Skipping phishing classification for URL: " << params_.url | 112 VLOG(1) << "Skipping phishing and malware classification for URL: " |
| 113 << " because we're browsing incognito."; | 113 << params_.url << " because we're browsing incognito."; |
| 114 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", | 114 DontClassifyForPhishing(NO_CLASSIFY_OFF_THE_RECORD); |
| 115 NO_CLASSIFY_OFF_THE_RECORD, | 115 DontClassifyForMalware(NO_CLASSIFY_OFF_THE_RECORD); |
| 116 NO_CLASSIFY_MAX); | |
| 117 | |
| 118 return; | |
| 119 } | 116 } |
| 120 | 117 |
| 121 // We lookup the csd-whitelist before we lookup the cache because | 118 // We lookup the csd-whitelist before we lookup the cache because |
| 122 // a URL may have recently been whitelisted. If the URL matches | 119 // a URL may have recently been whitelisted. If the URL matches |
| 123 // the csd-whitelist we won't start classification. The | 120 // the csd-whitelist we won't start phishing classification. The |
| 124 // csd-whitelist check has to be done on the IO thread because it | 121 // csd-whitelist check has to be done on the IO thread because it |
| 125 // uses the SafeBrowsing service class. | 122 // uses the SafeBrowsing service class. |
| 126 BrowserThread::PostTask( | 123 if (ShouldClassifyForPhishing() || ShouldClassifyForMalware()) { |
| 127 BrowserThread::IO, | 124 BrowserThread::PostTask( |
| 128 FROM_HERE, | 125 BrowserThread::IO, |
| 129 base::Bind(&ShouldClassifyUrlRequest::CheckCsdWhitelist, | 126 FROM_HERE, |
| 130 this, params_.url)); | 127 base::Bind(&ShouldClassifyUrlRequest::CheckSafeBrowsingDatabase, |
| 128 this, params_.url)); |
| 129 } |
| 131 } | 130 } |
| 132 | 131 |
| 133 void Cancel() { | 132 void Cancel() { |
| 134 canceled_ = true; | 133 DontClassifyForPhishing(NO_CLASSIFY_CANCEL); |
| 134 DontClassifyForMalware(NO_CLASSIFY_CANCEL); |
| 135 // Just to make sure we don't do anything stupid we reset all these | 135 // Just to make sure we don't do anything stupid we reset all these |
| 136 // pointers except for the safebrowsing service class which may be | 136 // pointers except for the safebrowsing service class which may be |
| 137 // accessed by CheckCsdWhitelist(). | 137 // accessed by CheckSafeBrowsingDatabase(). |
| 138 web_contents_ = NULL; | 138 web_contents_ = NULL; |
| 139 csd_service_ = NULL; | 139 csd_service_ = NULL; |
| 140 host_ = NULL; | 140 host_ = NULL; |
| 141 } | 141 } |
| 142 | 142 |
| 143 private: | 143 private: |
| 144 friend class base::RefCountedThreadSafe< | 144 friend class base::RefCountedThreadSafe< |
| 145 ClientSideDetectionHost::ShouldClassifyUrlRequest>; | 145 ClientSideDetectionHost::ShouldClassifyUrlRequest>; |
| 146 | 146 |
| 147 // Enum used to keep stats about why the pre-classification check failed. | 147 // Enum used to keep stats about why the pre-classification check failed. |
| 148 enum PreClassificationCheckFailures { | 148 enum PreClassificationCheckFailures { |
| 149 OBSOLETE_NO_CLASSIFY_PROXY_FETCH, | 149 OBSOLETE_NO_CLASSIFY_PROXY_FETCH, |
| 150 NO_CLASSIFY_PRIVATE_IP, | 150 NO_CLASSIFY_PRIVATE_IP, |
| 151 NO_CLASSIFY_OFF_THE_RECORD, | 151 NO_CLASSIFY_OFF_THE_RECORD, |
| 152 NO_CLASSIFY_MATCH_CSD_WHITELIST, | 152 NO_CLASSIFY_MATCH_CSD_WHITELIST, |
| 153 NO_CLASSIFY_TOO_MANY_REPORTS, | 153 NO_CLASSIFY_TOO_MANY_REPORTS, |
| 154 NO_CLASSIFY_UNSUPPORTED_MIME_TYPE, | 154 NO_CLASSIFY_UNSUPPORTED_MIME_TYPE, |
| 155 NO_CLASSIFY_NO_DATABASE_MANAGER, |
| 156 NO_CLASSIFY_KILLSWITCH, |
| 157 NO_CLASSIFY_CANCEL, |
| 158 NO_CLASSIFY_RESULT_FROM_CACHE, |
| 155 | 159 |
| 156 NO_CLASSIFY_MAX // Always add new values before this one. | 160 NO_CLASSIFY_MAX // Always add new values before this one. |
| 157 }; | 161 }; |
| 158 | 162 |
| 159 // The destructor can be called either from the UI or the IO thread. | 163 // The destructor can be called either from the UI or the IO thread. |
| 160 virtual ~ShouldClassifyUrlRequest() { } | 164 virtual ~ShouldClassifyUrlRequest() { } |
| 161 | 165 |
| 162 void CheckCsdWhitelist(const GURL& url) { | 166 bool ShouldClassifyForPhishing() const { |
| 167 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 168 return !start_phishing_classification_cb_.is_null(); |
| 169 } |
| 170 |
| 171 bool ShouldClassifyForMalware() const { |
| 172 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 173 return !start_malware_classification_cb_.is_null(); |
| 174 } |
| 175 |
| 176 void DontClassifyForPhishing(PreClassificationCheckFailures reason) { |
| 177 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 178 if (ShouldClassifyForPhishing()) { |
| 179 // Track the first reason why we stopped classifying for phishing. |
| 180 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", |
| 181 reason, NO_CLASSIFY_MAX); |
| 182 DVLOG(2) << "Failed phishing pre-classification checks. Reason: " |
| 183 << reason; |
| 184 start_phishing_classification_cb_.Run(false); |
| 185 } |
| 186 start_phishing_classification_cb_.Reset(); |
| 187 } |
| 188 |
| 189 void DontClassifyForMalware(PreClassificationCheckFailures reason) { |
| 190 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 191 if (ShouldClassifyForMalware()) { |
| 192 // Track the first reason why we stopped classifying for malware. |
| 193 UMA_HISTOGRAM_ENUMERATION("SBClientMalware.PreClassificationCheckFail", |
| 194 reason, NO_CLASSIFY_MAX); |
| 195 DVLOG(2) << "Failed malware pre-classification checks. Reason: " |
| 196 << reason; |
| 197 start_malware_classification_cb_.Run(false); |
| 198 } |
| 199 start_malware_classification_cb_.Reset(); |
| 200 } |
| 201 |
| 202 void CheckSafeBrowsingDatabase(const GURL& url) { |
| 163 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 203 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 164 if (!database_manager_.get() || | 204 // We don't want to call the classification callbacks from the IO |
| 165 database_manager_->MatchCsdWhitelistUrl(url)) { | 205 // thread so we simply pass the results of this method to CheckCache() |
| 166 // We're done. There is no point in going back to the UI thread. | 206 // which is called on the UI thread; |
| 167 VLOG(1) << "Skipping phishing classification for URL: " << url | 207 PreClassificationCheckFailures phishing_reason = NO_CLASSIFY_MAX; |
| 168 << " because it matches the csd whitelist"; | 208 PreClassificationCheckFailures malware_reason = NO_CLASSIFY_MAX; |
| 169 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", | 209 if (!database_manager_.get()) { |
| 170 NO_CLASSIFY_MATCH_CSD_WHITELIST, | 210 // We cannot check the Safe Browsing whitelists so we stop here |
| 171 NO_CLASSIFY_MAX); | 211 // for safety. |
| 172 return; | 212 malware_reason = phishing_reason = NO_CLASSIFY_NO_DATABASE_MANAGER; |
| 213 } else { |
| 214 if (database_manager_->MatchCsdWhitelistUrl(url)) { |
| 215 VLOG(1) << "Skipping phishing classification for URL: " << url |
| 216 << " because it matches the csd whitelist"; |
| 217 phishing_reason = NO_CLASSIFY_MATCH_CSD_WHITELIST; |
| 218 } |
| 219 if (database_manager_->IsMalwareKillSwitchOn()) { |
| 220 malware_reason = NO_CLASSIFY_KILLSWITCH; |
| 221 } |
| 173 } | 222 } |
| 174 | |
| 175 bool malware_killswitch_on = database_manager_->IsMalwareKillSwitchOn(); | |
| 176 | |
| 177 BrowserThread::PostTask( | 223 BrowserThread::PostTask( |
| 178 BrowserThread::UI, | 224 BrowserThread::UI, |
| 179 FROM_HERE, | 225 FROM_HERE, |
| 180 base::Bind(&ShouldClassifyUrlRequest::CheckCache, this, | 226 base::Bind(&ShouldClassifyUrlRequest::CheckCache, |
| 181 malware_killswitch_on)); | 227 this, |
| 228 phishing_reason, |
| 229 malware_reason)); |
| 182 } | 230 } |
| 183 | 231 |
| 184 void CheckCache(bool malware_killswitch_on) { | 232 void CheckCache(PreClassificationCheckFailures phishing_reason, |
| 233 PreClassificationCheckFailures malware_reason) { |
| 185 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 234 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 186 if (canceled_) { | 235 if (phishing_reason != NO_CLASSIFY_MAX) |
| 187 return; | 236 DontClassifyForPhishing(phishing_reason); |
| 237 if (malware_reason != NO_CLASSIFY_MAX) |
| 238 DontClassifyForMalware(malware_reason); |
| 239 if (!ShouldClassifyForMalware() && !ShouldClassifyForPhishing()) { |
| 240 return; // No point in doing anything else. |
| 188 } | 241 } |
| 189 | 242 // If result is cached, we don't want to run classification again. |
| 190 host_->SetMalwareKillSwitch(malware_killswitch_on); | 243 // In that case we're just trying to show the warning. |
| 191 // If result is cached, we don't want to run classification again | |
| 192 bool is_phishing; | 244 bool is_phishing; |
| 193 if (csd_service_->GetValidCachedResult(params_.url, &is_phishing)) { | 245 if (csd_service_->GetValidCachedResult(params_.url, &is_phishing)) { |
| 194 VLOG(1) << "Satisfying request for " << params_.url << " from cache"; | 246 VLOG(1) << "Satisfying request for " << params_.url << " from cache"; |
| 195 UMA_HISTOGRAM_COUNTS("SBClientPhishing.RequestSatisfiedFromCache", 1); | 247 UMA_HISTOGRAM_COUNTS("SBClientPhishing.RequestSatisfiedFromCache", 1); |
| 196 // Since we are already on the UI thread, this is safe. | 248 // Since we are already on the UI thread, this is safe. |
| 197 host_->MaybeShowPhishingWarning(params_.url, is_phishing); | 249 host_->MaybeShowPhishingWarning(params_.url, is_phishing); |
| 198 return; | 250 DontClassifyForPhishing(NO_CLASSIFY_RESULT_FROM_CACHE); |
| 199 } | 251 } |
| 200 | 252 |
| 201 // We want to limit the number of requests, though we will ignore the | 253 // We want to limit the number of requests, though we will ignore the |
| 202 // limit for urls in the cache. We don't want to start classifying | 254 // limit for urls in the cache. We don't want to start classifying |
| 203 // too many pages as phishing, but for those that we already think are | 255 // too many pages as phishing, but for those that we already think are |
| 204 // phishing we want to give ourselves a chance to fix false positives. | 256 // phishing we want to send a request to the server to give ourselves |
| 257 // a chance to fix misclassifications. |
| 205 if (csd_service_->IsInCache(params_.url)) { | 258 if (csd_service_->IsInCache(params_.url)) { |
| 206 VLOG(1) << "Reporting limit skipped for " << params_.url | 259 VLOG(1) << "Reporting limit skipped for " << params_.url |
| 207 << " as it was in the cache."; | 260 << " as it was in the cache."; |
| 208 UMA_HISTOGRAM_COUNTS("SBClientPhishing.ReportLimitSkipped", 1); | 261 UMA_HISTOGRAM_COUNTS("SBClientPhishing.ReportLimitSkipped", 1); |
| 209 } else if (csd_service_->OverPhishingReportLimit()) { | 262 } else if (csd_service_->OverPhishingReportLimit()) { |
| 210 VLOG(1) << "Too many report phishing requests sent recently, " | 263 VLOG(1) << "Too many report phishing requests sent recently, " |
| 211 << "not running classification for " << params_.url; | 264 << "not running classification for " << params_.url; |
| 212 UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail", | 265 DontClassifyForPhishing(NO_CLASSIFY_TOO_MANY_REPORTS); |
| 213 NO_CLASSIFY_TOO_MANY_REPORTS, | 266 } |
| 214 NO_CLASSIFY_MAX); | 267 if (csd_service_->OverMalwareReportLimit()) { |
| 215 return; | 268 DontClassifyForMalware(NO_CLASSIFY_TOO_MANY_REPORTS); |
| 216 } | 269 } |
| 217 | 270 |
| 218 // Everything checks out, so start classification. | 271 // Everything checks out, so start classification. |
| 219 // |web_contents_| is safe to call as we will be destructed | 272 // |web_contents_| is safe to call as we will be destructed |
| 220 // before it is. | 273 // before it is. |
| 221 VLOG(1) << "Instruct renderer to start phishing detection for URL: " | 274 if (ShouldClassifyForPhishing()) |
| 222 << params_.url; | 275 start_phishing_classification_cb_.Run(true); |
| 223 content::RenderViewHost* rvh = web_contents_->GetRenderViewHost(); | 276 if (ShouldClassifyForMalware()) |
| 224 rvh->Send(new SafeBrowsingMsg_StartPhishingDetection( | 277 start_malware_classification_cb_.Run(true); |
| 225 rvh->GetRoutingID(), params_.url)); | |
| 226 } | 278 } |
| 227 | 279 |
| 228 // No need to protect |canceled_| with a lock because it is only read and | |
| 229 // written by the UI thread. | |
| 230 bool canceled_; | |
| 231 content::FrameNavigateParams params_; | 280 content::FrameNavigateParams params_; |
| 232 WebContents* web_contents_; | 281 WebContents* web_contents_; |
| 233 ClientSideDetectionService* csd_service_; | 282 ClientSideDetectionService* csd_service_; |
| 234 // We keep a ref pointer here just to make sure the safe browsing | 283 // We keep a ref pointer here just to make sure the safe browsing |
| 235 // database manager stays alive long enough. | 284 // database manager stays alive long enough. |
| 236 scoped_refptr<SafeBrowsingDatabaseManager> database_manager_; | 285 scoped_refptr<SafeBrowsingDatabaseManager> database_manager_; |
| 237 ClientSideDetectionHost* host_; | 286 ClientSideDetectionHost* host_; |
| 238 | 287 |
| 288 ShouldClassifyUrlCallback start_phishing_classification_cb_; |
| 289 ShouldClassifyUrlCallback start_malware_classification_cb_; |
| 290 |
| 239 DISALLOW_COPY_AND_ASSIGN(ShouldClassifyUrlRequest); | 291 DISALLOW_COPY_AND_ASSIGN(ShouldClassifyUrlRequest); |
| 240 }; | 292 }; |
| 241 | 293 |
| 242 // static | 294 // static |
| 243 ClientSideDetectionHost* ClientSideDetectionHost::Create( | 295 ClientSideDetectionHost* ClientSideDetectionHost::Create( |
| 244 WebContents* tab) { | 296 WebContents* tab) { |
| 245 return new ClientSideDetectionHost(tab); | 297 return new ClientSideDetectionHost(tab); |
| 246 } | 298 } |
| 247 | 299 |
| 248 ClientSideDetectionHost::ClientSideDetectionHost(WebContents* tab) | 300 ClientSideDetectionHost::ClientSideDetectionHost(WebContents* tab) |
| 249 : content::WebContentsObserver(tab), | 301 : content::WebContentsObserver(tab), |
| 250 csd_service_(NULL), | 302 csd_service_(NULL), |
| 303 classification_request_(NULL), |
| 304 should_extract_malware_features_(true), |
| 305 should_classify_for_malware_(false), |
| 306 onload_complete_(false), |
| 251 weak_factory_(this), | 307 weak_factory_(this), |
| 252 unsafe_unique_page_id_(-1), | 308 unsafe_unique_page_id_(-1) { |
| 253 malware_killswitch_on_(false), | |
| 254 malware_report_enabled_(false) { | |
| 255 DCHECK(tab); | 309 DCHECK(tab); |
| 256 // Note: csd_service_ and sb_service will be NULL here in testing. | 310 // Note: csd_service_ and sb_service will be NULL here in testing. |
| 257 csd_service_ = g_browser_process->safe_browsing_detection_service(); | 311 csd_service_ = g_browser_process->safe_browsing_detection_service(); |
| 258 feature_extractor_.reset(new BrowserFeatureExtractor(tab, this)); | 312 feature_extractor_.reset(new BrowserFeatureExtractor(tab, this)); |
| 259 registrar_.Add(this, content::NOTIFICATION_RESOURCE_RESPONSE_STARTED, | 313 registrar_.Add(this, content::NOTIFICATION_RESOURCE_RESPONSE_STARTED, |
| 260 content::Source<WebContents>(tab)); | 314 content::Source<WebContents>(tab)); |
| 261 | 315 |
| 262 scoped_refptr<SafeBrowsingService> sb_service = | 316 scoped_refptr<SafeBrowsingService> sb_service = |
| 263 g_browser_process->safe_browsing_service(); | 317 g_browser_process->safe_browsing_service(); |
| 264 if (sb_service.get()) { | 318 if (sb_service.get()) { |
| 265 ui_manager_ = sb_service->ui_manager(); | 319 ui_manager_ = sb_service->ui_manager(); |
| 266 database_manager_ = sb_service->database_manager(); | 320 database_manager_ = sb_service->database_manager(); |
| 267 ui_manager_->AddObserver(this); | 321 ui_manager_->AddObserver(this); |
| 268 } | 322 } |
| 269 | |
| 270 // Only enable the malware bad IP matching and report feature for canary | |
| 271 // and dev channel. | |
| 272 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel(); | |
| 273 malware_report_enabled_ = ( | |
| 274 channel == chrome::VersionInfo::CHANNEL_DEV || | |
| 275 channel == chrome::VersionInfo::CHANNEL_CANARY); | |
| 276 } | 323 } |
| 277 | 324 |
| 278 ClientSideDetectionHost::~ClientSideDetectionHost() { | 325 ClientSideDetectionHost::~ClientSideDetectionHost() { |
| 279 if (ui_manager_.get()) | 326 if (ui_manager_.get()) |
| 280 ui_manager_->RemoveObserver(this); | 327 ui_manager_->RemoveObserver(this); |
| 281 } | 328 } |
| 282 | 329 |
| 283 bool ClientSideDetectionHost::OnMessageReceived(const IPC::Message& message) { | 330 bool ClientSideDetectionHost::OnMessageReceived(const IPC::Message& message) { |
| 284 bool handled = true; | 331 bool handled = true; |
| 285 IPC_BEGIN_MESSAGE_MAP(ClientSideDetectionHost, message) | 332 IPC_BEGIN_MESSAGE_MAP(ClientSideDetectionHost, message) |
| 286 IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_PhishingDetectionDone, | 333 IPC_MESSAGE_HANDLER(SafeBrowsingHostMsg_PhishingDetectionDone, |
| 287 OnPhishingDetectionDone) | 334 OnPhishingDetectionDone) |
| 288 IPC_MESSAGE_UNHANDLED(handled = false) | 335 IPC_MESSAGE_UNHANDLED(handled = false) |
| 289 IPC_END_MESSAGE_MAP() | 336 IPC_END_MESSAGE_MAP() |
| 290 return handled; | 337 return handled; |
| 291 } | 338 } |
| 292 | 339 |
| 293 void ClientSideDetectionHost::DidNavigateMainFrame( | 340 void ClientSideDetectionHost::DidNavigateMainFrame( |
| 294 const content::LoadCommittedDetails& details, | 341 const content::LoadCommittedDetails& details, |
| 295 const content::FrameNavigateParams& params) { | 342 const content::FrameNavigateParams& params) { |
| 296 // TODO(noelutz): move this DCHECK to WebContents and fix all the unit tests | 343 // TODO(noelutz): move this DCHECK to WebContents and fix all the unit tests |
| 297 // that don't call this method on the UI thread. | 344 // that don't call this method on the UI thread. |
| 298 // DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 345 // DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 299 if (details.is_in_page) { | 346 if (details.is_in_page) { |
| 300 // If the navigation is within the same page, the user isn't really | 347 // If the navigation is within the same page, the user isn't really |
| 301 // navigating away. We don't need to cancel a pending callback or | 348 // navigating away. We don't need to cancel a pending callback or |
| 302 // begin a new classification. | 349 // begin a new classification. |
| 303 return; | 350 return; |
| 304 } | 351 } |
| 352 // Cancel any pending classification request. |
| 353 if (classification_request_.get()) { |
| 354 classification_request_->Cancel(); |
| 355 } |
| 305 // If we navigate away and there currently is a pending phishing | 356 // If we navigate away and there currently is a pending phishing |
| 306 // report request we have to cancel it to make sure we don't display | 357 // report request we have to cancel it to make sure we don't display |
| 307 // an interstitial for the wrong page. Note that this won't cancel | 358 // an interstitial for the wrong page. Note that this won't cancel |
| 308 // the server ping back but only cancel the showing of the | 359 // the server ping back but only cancel the showing of the |
| 309 // interstial. | 360 // interstial. |
| 310 weak_factory_.InvalidateWeakPtrs(); | 361 weak_factory_.InvalidateWeakPtrs(); |
| 311 | 362 |
| 312 if (!csd_service_) { | 363 if (!csd_service_) { |
| 313 return; | 364 return; |
| 314 } | 365 } |
| 315 | |
| 316 // Cancel any pending classification request. | |
| 317 if (classification_request_.get()) { | |
| 318 classification_request_->Cancel(); | |
| 319 } | |
| 320 browse_info_.reset(new BrowseInfo); | 366 browse_info_.reset(new BrowseInfo); |
| 321 | 367 |
| 322 // Store redirect chain information. | 368 // Store redirect chain information. |
| 323 if (params.url.host() != cur_host_) { | 369 if (params.url.host() != cur_host_) { |
| 324 cur_host_ = params.url.host(); | 370 cur_host_ = params.url.host(); |
| 325 cur_host_redirects_ = params.redirects; | 371 cur_host_redirects_ = params.redirects; |
| 326 } | 372 } |
| 373 browse_info_->url = params.url; |
| 327 browse_info_->host_redirects = cur_host_redirects_; | 374 browse_info_->host_redirects = cur_host_redirects_; |
| 328 browse_info_->url_redirects = params.redirects; | 375 browse_info_->url_redirects = params.redirects; |
| 329 browse_info_->referrer = params.referrer.url; | 376 browse_info_->referrer = params.referrer.url; |
| 330 browse_info_->http_status_code = details.http_status_code; | 377 browse_info_->http_status_code = details.http_status_code; |
| 378 browse_info_->page_id = params.page_id; |
| 331 | 379 |
| 332 // Notify the renderer if it should classify this URL. | 380 should_extract_malware_features_ = true; |
| 381 should_classify_for_malware_ = false; |
| 382 onload_complete_ = false; |
| 383 |
| 384 // Check whether we can cassify the current URL for phishing or malware. |
| 333 classification_request_ = new ShouldClassifyUrlRequest( | 385 classification_request_ = new ShouldClassifyUrlRequest( |
| 334 params, web_contents(), csd_service_, database_manager_.get(), this); | 386 params, |
| 387 base::Bind(&ClientSideDetectionHost::OnPhishingPreClassificationDone, |
| 388 weak_factory_.GetWeakPtr()), |
| 389 base::Bind(&ClientSideDetectionHost::OnMalwarePreClassificationDone, |
| 390 weak_factory_.GetWeakPtr()), |
| 391 web_contents(), csd_service_, database_manager_.get(), this); |
| 335 classification_request_->Start(); | 392 classification_request_->Start(); |
| 336 } | 393 } |
| 337 | 394 |
| 338 void ClientSideDetectionHost::OnSafeBrowsingHit( | 395 void ClientSideDetectionHost::OnSafeBrowsingHit( |
| 339 const SafeBrowsingUIManager::UnsafeResource& resource) { | 396 const SafeBrowsingUIManager::UnsafeResource& resource) { |
| 340 if (!web_contents() || !web_contents()->GetController().GetActiveEntry()) | 397 if (!web_contents() || !web_contents()->GetController().GetActiveEntry()) |
| 341 return; | 398 return; |
| 342 | 399 |
| 343 // Check that the hit is either malware or phishing. | 400 // Check that the hit is either malware or phishing. |
| 344 if (resource.threat_type != SB_THREAT_TYPE_URL_PHISHING && | 401 if (resource.threat_type != SB_THREAT_TYPE_URL_PHISHING && |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 407 void ClientSideDetectionHost::WebContentsDestroyed(WebContents* tab) { | 464 void ClientSideDetectionHost::WebContentsDestroyed(WebContents* tab) { |
| 408 DCHECK(tab); | 465 DCHECK(tab); |
| 409 // Tell any pending classification request that it is being canceled. | 466 // Tell any pending classification request that it is being canceled. |
| 410 if (classification_request_.get()) { | 467 if (classification_request_.get()) { |
| 411 classification_request_->Cancel(); | 468 classification_request_->Cancel(); |
| 412 } | 469 } |
| 413 // Cancel all pending feature extractions. | 470 // Cancel all pending feature extractions. |
| 414 feature_extractor_.reset(); | 471 feature_extractor_.reset(); |
| 415 } | 472 } |
| 416 | 473 |
| 474 void ClientSideDetectionHost::OnPhishingPreClassificationDone( |
| 475 bool should_classify) { |
| 476 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 477 if (browse_info_.get() && should_classify) { |
| 478 VLOG(1) << "Instruct renderer to start phishing detection for URL: " |
| 479 << browse_info_->url; |
| 480 content::RenderViewHost* rvh = web_contents()->GetRenderViewHost(); |
| 481 rvh->Send(new SafeBrowsingMsg_StartPhishingDetection( |
| 482 rvh->GetRoutingID(), browse_info_->url)); |
| 483 } |
| 484 } |
| 485 |
| 486 void ClientSideDetectionHost::OnMalwarePreClassificationDone( |
| 487 bool should_classify) { |
| 488 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 489 // If classification checks failed we should stop extracting malware features. |
| 490 DVLOG(2) << "Malware pre-classification checks done. Should classify: " |
| 491 << should_classify; |
| 492 should_extract_malware_features_ = should_classify; |
| 493 should_classify_for_malware_ = should_classify; |
| 494 MaybeStartMalwareFeatureExtraction(); |
| 495 } |
| 496 |
| 497 void ClientSideDetectionHost::DocumentOnLoadCompletedInMainFrame( |
| 498 int32 page_id) { |
| 499 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 500 if (!csd_service_ || !browse_info_.get()) |
| 501 return; |
| 502 DVLOG(2) << "Main frame onload hander called."; |
| 503 if (browse_info_->page_id != page_id) { |
| 504 // Something weird is happening here. The BrowseInfo page ID |
| 505 // should always be the same as the most recent load. |
| 506 UMA_HISTOGRAM_COUNTS("SBClientMalware.UnexpectedPageId", 1); |
| 507 return; |
| 508 } |
| 509 onload_complete_ = true; |
| 510 MaybeStartMalwareFeatureExtraction(); |
| 511 } |
| 512 |
| 513 void ClientSideDetectionHost::MaybeStartMalwareFeatureExtraction() { |
| 514 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 515 if (csd_service_ && browse_info_.get() && |
| 516 should_classify_for_malware_ && |
| 517 onload_complete_) { |
| 518 scoped_ptr<ClientMalwareRequest> malware_request( |
| 519 new ClientMalwareRequest); |
| 520 // Start browser-side malware feature extraction. Once we're done it will |
| 521 // send the malware client verdict request. |
| 522 malware_request->set_url(browse_info_->url.spec()); |
| 523 const GURL& referrer = browse_info_->referrer; |
| 524 if (referrer.SchemeIs("http")) { // Only send http urls. |
| 525 malware_request->set_referrer_url(referrer.spec()); |
| 526 } |
| 527 // This function doesn't expect browse_info_ to stay around after this |
| 528 // function returns. |
| 529 feature_extractor_->ExtractMalwareFeatures( |
| 530 browse_info_.get(), |
| 531 malware_request.release(), |
| 532 base::Bind(&ClientSideDetectionHost::MalwareFeatureExtractionDone, |
| 533 weak_factory_.GetWeakPtr())); |
| 534 should_classify_for_malware_ = false; |
| 535 } |
| 536 } |
| 537 |
| 417 void ClientSideDetectionHost::OnPhishingDetectionDone( | 538 void ClientSideDetectionHost::OnPhishingDetectionDone( |
| 418 const std::string& verdict_str) { | 539 const std::string& verdict_str) { |
| 419 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 540 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 420 // There is something seriously wrong if there is no service class but | 541 // There is something seriously wrong if there is no service class but |
| 421 // this method is called. The renderer should not start phishing detection | 542 // this method is called. The renderer should not start phishing detection |
| 422 // if there isn't any service class in the browser. | 543 // if there isn't any service class in the browser. |
| 423 DCHECK(csd_service_); | 544 DCHECK(csd_service_); |
| 424 // There shouldn't be any pending requests because we revoke them everytime | |
| 425 // we navigate away. | |
| 426 DCHECK(!weak_factory_.HasWeakPtrs()); | |
| 427 DCHECK(browse_info_.get()); | 545 DCHECK(browse_info_.get()); |
| 428 | 546 |
| 429 // We parse the protocol buffer here. If we're unable to parse it we won't | 547 // We parse the protocol buffer here. If we're unable to parse it we won't |
| 430 // send the verdict further. | 548 // send the verdict further. |
| 431 scoped_ptr<ClientPhishingRequest> verdict(new ClientPhishingRequest); | 549 scoped_ptr<ClientPhishingRequest> verdict(new ClientPhishingRequest); |
| 432 if (csd_service_ && | 550 if (csd_service_ && |
| 433 !weak_factory_.HasWeakPtrs() && | |
| 434 browse_info_.get() && | 551 browse_info_.get() && |
| 435 verdict->ParseFromString(verdict_str) && | 552 verdict->ParseFromString(verdict_str) && |
| 436 verdict->IsInitialized()) { | 553 verdict->IsInitialized()) { |
| 437 // We do the malware IP matching and request sending if the feature | |
| 438 // is enabled. | |
| 439 if (malware_report_enabled_ && !MalwareKillSwitchIsOn()) { | |
| 440 scoped_ptr<ClientMalwareRequest> malware_verdict( | |
| 441 new ClientMalwareRequest); | |
| 442 // Start browser-side malware feature extraction. Once we're done it will | |
| 443 // send the malware client verdict request. | |
| 444 malware_verdict->set_url(verdict->url()); | |
| 445 const GURL& referrer = browse_info_->referrer; | |
| 446 if (referrer.SchemeIs("http")) { // Only send http urls. | |
| 447 malware_verdict->set_referrer_url(referrer.spec()); | |
| 448 } | |
| 449 // This function doesn't expect browse_info_ to stay around after this | |
| 450 // function returns. | |
| 451 feature_extractor_->ExtractMalwareFeatures( | |
| 452 browse_info_.get(), | |
| 453 malware_verdict.release(), | |
| 454 base::Bind(&ClientSideDetectionHost::MalwareFeatureExtractionDone, | |
| 455 weak_factory_.GetWeakPtr())); | |
| 456 } | |
| 457 | |
| 458 // We only send phishing verdict to the server if the verdict is phishing or | 554 // We only send phishing verdict to the server if the verdict is phishing or |
| 459 // if a SafeBrowsing interstitial was already shown for this site. E.g., a | 555 // if a SafeBrowsing interstitial was already shown for this site. E.g., a |
| 460 // malware or phishing interstitial was shown but the user clicked | 556 // malware or phishing interstitial was shown but the user clicked |
| 461 // through. | 557 // through. |
| 462 if (verdict->is_phishing() || DidShowSBInterstitial()) { | 558 if (verdict->is_phishing() || DidShowSBInterstitial()) { |
| 463 if (DidShowSBInterstitial()) { | 559 if (DidShowSBInterstitial()) { |
| 464 browse_info_->unsafe_resource.reset(unsafe_resource_.release()); | 560 browse_info_->unsafe_resource.reset(unsafe_resource_.release()); |
| 465 } | 561 } |
| 466 // Start browser-side feature extraction. Once we're done it will send | 562 // Start browser-side feature extraction. Once we're done it will send |
| 467 // the client verdict request. | 563 // the client verdict request. |
| 468 feature_extractor_->ExtractFeatures( | 564 feature_extractor_->ExtractFeatures( |
| 469 browse_info_.get(), | 565 browse_info_.get(), |
| 470 verdict.release(), | 566 verdict.release(), |
| 471 base::Bind(&ClientSideDetectionHost::FeatureExtractionDone, | 567 base::Bind(&ClientSideDetectionHost::FeatureExtractionDone, |
| 472 weak_factory_.GetWeakPtr())); | 568 weak_factory_.GetWeakPtr())); |
| 473 } | 569 } |
| 474 } | 570 } |
| 475 browse_info_.reset(); | |
| 476 } | 571 } |
| 477 | 572 |
| 478 void ClientSideDetectionHost::MaybeShowPhishingWarning(GURL phishing_url, | 573 void ClientSideDetectionHost::MaybeShowPhishingWarning(GURL phishing_url, |
| 479 bool is_phishing) { | 574 bool is_phishing) { |
| 480 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 575 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 481 VLOG(2) << "Received server phishing verdict for URL:" << phishing_url | 576 DVLOG(2) << "Received server phishing verdict for URL:" << phishing_url |
| 482 << " is_phishing:" << is_phishing; | 577 << " is_phishing:" << is_phishing; |
| 483 if (is_phishing) { | 578 if (is_phishing) { |
| 484 DCHECK(web_contents()); | 579 DCHECK(web_contents()); |
| 485 if (ui_manager_.get()) { | 580 if (ui_manager_.get()) { |
| 486 SafeBrowsingUIManager::UnsafeResource resource; | 581 SafeBrowsingUIManager::UnsafeResource resource; |
| 487 resource.url = phishing_url; | 582 resource.url = phishing_url; |
| 488 resource.original_url = phishing_url; | 583 resource.original_url = phishing_url; |
| 489 resource.is_subresource = false; | 584 resource.is_subresource = false; |
| 490 resource.threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; | 585 resource.threat_type = SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; |
| 491 resource.render_process_host_id = | 586 resource.render_process_host_id = |
| 492 web_contents()->GetRenderProcessHost()->GetID(); | 587 web_contents()->GetRenderProcessHost()->GetID(); |
| 493 resource.render_view_id = | 588 resource.render_view_id = |
| 494 web_contents()->GetRenderViewHost()->GetRoutingID(); | 589 web_contents()->GetRenderViewHost()->GetRoutingID(); |
| 495 if (!ui_manager_->IsWhitelisted(resource)) { | 590 if (!ui_manager_->IsWhitelisted(resource)) { |
| 496 // We need to stop any pending navigations, otherwise the interstital | 591 // We need to stop any pending navigations, otherwise the interstital |
| 497 // might not get created properly. | 592 // might not get created properly. |
| 498 web_contents()->GetController().DiscardNonCommittedEntries(); | 593 web_contents()->GetController().DiscardNonCommittedEntries(); |
| 499 } | 594 } |
| 500 ui_manager_->DisplayBlockingPage(resource); | 595 ui_manager_->DisplayBlockingPage(resource); |
| 501 } | 596 } |
| 502 // If there is true phishing verdict, invalidate weakptr so that no longer | 597 // If there is true phishing verdict, invalidate weakptr so that no longer |
| 503 // consider the malware vedict. | 598 // consider the malware vedict. |
| 504 weak_factory_.InvalidateWeakPtrs(); | 599 weak_factory_.InvalidateWeakPtrs(); |
| 505 } | 600 } |
| 506 } | 601 } |
| 507 | 602 |
| 508 void ClientSideDetectionHost::MaybeShowMalwareWarning(GURL original_url, | 603 void ClientSideDetectionHost::MaybeShowMalwareWarning(GURL original_url, |
| 509 GURL malware_url, | 604 GURL malware_url, |
| 510 bool is_malware) { | 605 bool is_malware) { |
| 511 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 606 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 512 VLOG(2) << "Received server malawre IP verdict for URL:" << malware_url | 607 DVLOG(2) << "Received server malawre IP verdict for URL:" << malware_url |
| 513 << " is_malware:" << is_malware; | 608 << " is_malware:" << is_malware; |
| 514 if (is_malware && malware_url.is_valid() && original_url.is_valid()) { | 609 if (is_malware && malware_url.is_valid() && original_url.is_valid()) { |
| 515 DCHECK(web_contents()); | 610 DCHECK(web_contents()); |
| 516 if (ui_manager_.get()) { | 611 if (ui_manager_.get()) { |
| 517 SafeBrowsingUIManager::UnsafeResource resource; | 612 SafeBrowsingUIManager::UnsafeResource resource; |
| 518 resource.url = malware_url; | 613 resource.url = malware_url; |
| 519 resource.original_url = original_url; | 614 resource.original_url = original_url; |
| 520 resource.is_subresource = (malware_url.host() != original_url.host()); | 615 resource.is_subresource = (malware_url.host() != original_url.host()); |
| 521 resource.threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; | 616 resource.threat_type = SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; |
| 522 resource.render_process_host_id = | 617 resource.render_process_host_id = |
| 523 web_contents()->GetRenderProcessHost()->GetID(); | 618 web_contents()->GetRenderProcessHost()->GetID(); |
| 524 resource.render_view_id = | 619 resource.render_view_id = |
| 525 web_contents()->GetRenderViewHost()->GetRoutingID(); | 620 web_contents()->GetRenderViewHost()->GetRoutingID(); |
| 526 if (!ui_manager_->IsWhitelisted(resource)) { | 621 if (!ui_manager_->IsWhitelisted(resource)) { |
| 527 // We need to stop any pending navigations, otherwise the interstital | 622 // We need to stop any pending navigations, otherwise the interstital |
| 528 // might not get created properly. | 623 // might not get created properly. |
| 529 web_contents()->GetController().DiscardNonCommittedEntries(); | 624 web_contents()->GetController().DiscardNonCommittedEntries(); |
| 530 } | 625 } |
| 531 ui_manager_->DisplayBlockingPage(resource); | 626 ui_manager_->DisplayBlockingPage(resource); |
| 532 } | 627 } |
| 533 // If there is true malware verdict, invalidate weakptr so that no longer | 628 // If there is true malware verdict, invalidate weakptr so that no longer |
| 534 // consider the phishing vedict. | 629 // consider the phishing vedict. |
| 535 weak_factory_.InvalidateWeakPtrs(); | 630 weak_factory_.InvalidateWeakPtrs(); |
| 536 } | 631 } |
| 537 } | 632 } |
| 538 | 633 |
| 539 void ClientSideDetectionHost::FeatureExtractionDone( | 634 void ClientSideDetectionHost::FeatureExtractionDone( |
| 540 bool success, | 635 bool success, |
| 541 ClientPhishingRequest* request) { | 636 ClientPhishingRequest* request) { |
| 542 DCHECK(request); | 637 DCHECK(request); |
| 543 VLOG(2) << "Feature extraction done (success:" << success << ") for URL: " | 638 DVLOG(2) << "Feature extraction done (success:" << success << ") for URL: " |
| 544 << request->url() << ". Start sending client phishing request."; | 639 << request->url() << ". Start sending client phishing request."; |
| 545 ClientSideDetectionService::ClientReportPhishingRequestCallback callback; | 640 ClientSideDetectionService::ClientReportPhishingRequestCallback callback; |
| 546 // If the client-side verdict isn't phishing we don't care about the server | 641 // If the client-side verdict isn't phishing we don't care about the server |
| 547 // response because we aren't going to display a warning. | 642 // response because we aren't going to display a warning. |
| 548 if (request->is_phishing()) { | 643 if (request->is_phishing()) { |
| 549 callback = base::Bind(&ClientSideDetectionHost::MaybeShowPhishingWarning, | 644 callback = base::Bind(&ClientSideDetectionHost::MaybeShowPhishingWarning, |
| 550 weak_factory_.GetWeakPtr()); | 645 weak_factory_.GetWeakPtr()); |
| 551 } | 646 } |
| 552 // Send ping even if the browser feature extraction failed. | 647 // Send ping even if the browser feature extraction failed. |
| 553 csd_service_->SendClientReportPhishingRequest( | 648 csd_service_->SendClientReportPhishingRequest( |
| 554 request, // The service takes ownership of the request object. | 649 request, // The service takes ownership of the request object. |
| 555 callback); | 650 callback); |
| 556 } | 651 } |
| 557 | 652 |
| 558 void ClientSideDetectionHost::MalwareFeatureExtractionDone( | 653 void ClientSideDetectionHost::MalwareFeatureExtractionDone( |
| 559 bool feature_extraction_success, | 654 bool feature_extraction_success, |
| 560 scoped_ptr<ClientMalwareRequest> request) { | 655 scoped_ptr<ClientMalwareRequest> request) { |
| 561 DCHECK(request.get()); | 656 DCHECK(request.get()); |
| 562 VLOG(2) << "Malware Feature extraction done for URL: " << request->url() | 657 DVLOG(2) << "Malware Feature extraction done for URL: " << request->url() |
| 563 << ", with badip url count:" << request->bad_ip_url_info_size(); | 658 << ", with badip url count:" << request->bad_ip_url_info_size(); |
| 564 | 659 |
| 565 // Send ping if there is matching features. | 660 // Send ping if there is matching features. |
| 566 if (feature_extraction_success && request->bad_ip_url_info_size() > 0) { | 661 if (feature_extraction_success && request->bad_ip_url_info_size() > 0) { |
| 567 VLOG(1) << "Start sending client malware request."; | 662 VLOG(1) << "Start sending client malware request."; |
| 568 ClientSideDetectionService::ClientReportMalwareRequestCallback callback; | 663 ClientSideDetectionService::ClientReportMalwareRequestCallback callback; |
| 569 callback = base::Bind(&ClientSideDetectionHost::MaybeShowMalwareWarning, | 664 callback = base::Bind(&ClientSideDetectionHost::MaybeShowMalwareWarning, |
| 570 weak_factory_.GetWeakPtr()); | 665 weak_factory_.GetWeakPtr()); |
| 571 csd_service_->SendClientReportMalwareRequest(request.release(), callback); | 666 csd_service_->SendClientReportMalwareRequest(request.release(), callback); |
| 572 } | 667 } |
| 573 } | 668 } |
| (...skipping 20 matching lines...) Expand all Loading... |
| 594 } | 689 } |
| 595 | 690 |
| 596 void ClientSideDetectionHost::Observe( | 691 void ClientSideDetectionHost::Observe( |
| 597 int type, | 692 int type, |
| 598 const content::NotificationSource& source, | 693 const content::NotificationSource& source, |
| 599 const content::NotificationDetails& details) { | 694 const content::NotificationDetails& details) { |
| 600 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 695 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 601 DCHECK_EQ(type, content::NOTIFICATION_RESOURCE_RESPONSE_STARTED); | 696 DCHECK_EQ(type, content::NOTIFICATION_RESOURCE_RESPONSE_STARTED); |
| 602 const ResourceRequestDetails* req = content::Details<ResourceRequestDetails>( | 697 const ResourceRequestDetails* req = content::Details<ResourceRequestDetails>( |
| 603 details).ptr(); | 698 details).ptr(); |
| 604 if (req && browse_info_.get() && malware_report_enabled_ && | 699 if (req && browse_info_.get() && |
| 605 !MalwareKillSwitchIsOn()) { | 700 should_extract_malware_features_ && req->url.is_valid()) { |
| 606 if (req->url.is_valid()) { | 701 UpdateIPUrlMap(req->socket_address.host() /* ip */, |
| 607 UpdateIPUrlMap(req->socket_address.host() /* ip */, | 702 req->url.spec() /* url */, |
| 608 req->url.spec() /* url */, | 703 req->method, |
| 609 req->method, | 704 req->referrer, |
| 610 req->referrer, | 705 req->resource_type); |
| 611 req->resource_type); | |
| 612 } | |
| 613 } | 706 } |
| 614 } | 707 } |
| 615 | 708 |
| 616 bool ClientSideDetectionHost::DidShowSBInterstitial() const { | 709 bool ClientSideDetectionHost::DidShowSBInterstitial() const { |
| 617 if (unsafe_unique_page_id_ <= 0 || !web_contents()) { | 710 if (unsafe_unique_page_id_ <= 0 || !web_contents()) { |
| 618 return false; | 711 return false; |
| 619 } | 712 } |
| 620 const NavigationEntry* nav_entry = | 713 const NavigationEntry* nav_entry = |
| 621 web_contents()->GetController().GetActiveEntry(); | 714 web_contents()->GetController().GetActiveEntry(); |
| 622 return (nav_entry && nav_entry->GetUniqueID() == unsafe_unique_page_id_); | 715 return (nav_entry && nav_entry->GetUniqueID() == unsafe_unique_page_id_); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 633 if (ui_manager_.get()) | 726 if (ui_manager_.get()) |
| 634 ui_manager_->RemoveObserver(this); | 727 ui_manager_->RemoveObserver(this); |
| 635 | 728 |
| 636 ui_manager_ = ui_manager; | 729 ui_manager_ = ui_manager; |
| 637 if (ui_manager) | 730 if (ui_manager) |
| 638 ui_manager_->AddObserver(this); | 731 ui_manager_->AddObserver(this); |
| 639 | 732 |
| 640 database_manager_ = database_manager; | 733 database_manager_ = database_manager; |
| 641 } | 734 } |
| 642 | 735 |
| 643 bool ClientSideDetectionHost::MalwareKillSwitchIsOn() { | |
| 644 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 645 return malware_killswitch_on_; | |
| 646 } | |
| 647 | |
| 648 void ClientSideDetectionHost::SetMalwareKillSwitch(bool killswitch_on) { | |
| 649 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 650 malware_killswitch_on_ = killswitch_on; | |
| 651 } | |
| 652 | |
| 653 } // namespace safe_browsing | 736 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 173133004:
Separate pre-classification checks for client-side malware and phishing (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src