OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h
" | 5 #include "chrome/browser/safe_browsing/incident_reporting/module_load_analyzer.h
" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/file_version_info.h" | 10 #include "base/file_version_info.h" |
11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
12 #include "base/i18n/case_conversion.h" | 12 #include "base/i18n/case_conversion.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/memory/ptr_util.h" |
14 #include "base/metrics/histogram_macros.h" | 15 #include "base/metrics/histogram_macros.h" |
15 #include "base/strings/string16.h" | 16 #include "base/strings/string16.h" |
16 #include "base/strings/utf_string_conversions.h" | 17 #include "base/strings/utf_string_conversions.h" |
17 #include "chrome/browser/install_verification/win/module_info.h" | 18 #include "chrome/browser/install_verification/win/module_info.h" |
18 #include "chrome/browser/install_verification/win/module_verification_common.h" | 19 #include "chrome/browser/install_verification/win/module_verification_common.h" |
19 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" | 20 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" |
20 #include "chrome/browser/safe_browsing/incident_reporting/suspicious_module_inci
dent.h" | 21 #include "chrome/browser/safe_browsing/incident_reporting/suspicious_module_inci
dent.h" |
21 #include "chrome/browser/safe_browsing/path_sanitizer.h" | 22 #include "chrome/browser/safe_browsing/path_sanitizer.h" |
22 #include "chrome/common/safe_browsing/binary_feature_extractor.h" | 23 #include "chrome/common/safe_browsing/binary_feature_extractor.h" |
23 #include "chrome/common/safe_browsing/csd.pb.h" | 24 #include "chrome/common/safe_browsing/csd.pb.h" |
24 #include "content/public/browser/browser_thread.h" | 25 #include "content/public/browser/browser_thread.h" |
25 | 26 |
26 #if defined(SAFE_BROWSING_DB_LOCAL) | 27 #if defined(SAFE_BROWSING_DB_LOCAL) |
27 #include "chrome/browser/safe_browsing/local_database_manager.h" | 28 #include "chrome/browser/safe_browsing/local_database_manager.h" |
28 #elif defined(SAFE_BROWSING_DB_REMOTE) | 29 #elif defined(SAFE_BROWSING_DB_REMOTE) |
29 #include "chrome/browser/safe_browsing/remote_database_manager.h" | 30 #include "chrome/browser/safe_browsing/remote_database_manager.h" |
30 #endif | 31 #endif |
31 | 32 |
32 namespace safe_browsing { | 33 namespace safe_browsing { |
33 | 34 |
34 namespace { | 35 namespace { |
35 | 36 |
36 void ReportIncidentsForSuspiciousModules( | 37 void ReportIncidentsForSuspiciousModules( |
37 scoped_ptr<std::set<base::FilePath>> module_paths, | 38 std::unique_ptr<std::set<base::FilePath>> module_paths, |
38 scoped_ptr<IncidentReceiver> incident_receiver) { | 39 std::unique_ptr<IncidentReceiver> incident_receiver) { |
39 PathSanitizer path_sanitizer; | 40 PathSanitizer path_sanitizer; |
40 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor( | 41 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor( |
41 new BinaryFeatureExtractor()); | 42 new BinaryFeatureExtractor()); |
42 SCOPED_UMA_HISTOGRAM_TIMER("SBIRS.SuspiciousModuleReportingTime"); | 43 SCOPED_UMA_HISTOGRAM_TIMER("SBIRS.SuspiciousModuleReportingTime"); |
43 | 44 |
44 for (const auto& module_path : *module_paths) { | 45 for (const auto& module_path : *module_paths) { |
45 // TODO(proberge): Skip over modules that have already been reported. | 46 // TODO(proberge): Skip over modules that have already been reported. |
46 | 47 |
47 scoped_ptr<ClientIncidentReport_IncidentData_SuspiciousModuleIncident> | 48 std::unique_ptr<ClientIncidentReport_IncidentData_SuspiciousModuleIncident> |
48 suspicious_module( | 49 suspicious_module( |
49 new ClientIncidentReport_IncidentData_SuspiciousModuleIncident()); | 50 new ClientIncidentReport_IncidentData_SuspiciousModuleIncident()); |
50 | 51 |
51 // Sanitized path. | 52 // Sanitized path. |
52 base::FilePath sanitized_path(module_path); | 53 base::FilePath sanitized_path(module_path); |
53 path_sanitizer.StripHomeDirectory(&sanitized_path); | 54 path_sanitizer.StripHomeDirectory(&sanitized_path); |
54 suspicious_module->set_path(sanitized_path.AsUTF8Unsafe()); | 55 suspicious_module->set_path(sanitized_path.AsUTF8Unsafe()); |
55 | 56 |
56 // Digest. | 57 // Digest. |
57 binary_feature_extractor->ExtractDigest( | 58 binary_feature_extractor->ExtractDigest( |
58 module_path, suspicious_module->mutable_digest()); | 59 module_path, suspicious_module->mutable_digest()); |
59 | 60 |
60 // Version. | 61 // Version. |
61 scoped_ptr<FileVersionInfo> version_info( | 62 std::unique_ptr<FileVersionInfo> version_info( |
62 FileVersionInfo::CreateFileVersionInfo(module_path)); | 63 FileVersionInfo::CreateFileVersionInfo(module_path)); |
63 if (version_info) { | 64 if (version_info) { |
64 base::string16 file_version = version_info->file_version(); | 65 base::string16 file_version = version_info->file_version(); |
65 if (!file_version.empty()) | 66 if (!file_version.empty()) |
66 suspicious_module->set_version(base::UTF16ToUTF8(file_version)); | 67 suspicious_module->set_version(base::UTF16ToUTF8(file_version)); |
67 } | 68 } |
68 | 69 |
69 // Signature. | 70 // Signature. |
70 binary_feature_extractor->CheckSignature( | 71 binary_feature_extractor->CheckSignature( |
71 module_path, suspicious_module->mutable_signature()); | 72 module_path, suspicious_module->mutable_signature()); |
72 | 73 |
73 // Image headers. | 74 // Image headers. |
74 if (!binary_feature_extractor->ExtractImageFeatures( | 75 if (!binary_feature_extractor->ExtractImageFeatures( |
75 module_path, BinaryFeatureExtractor::kDefaultOptions, | 76 module_path, BinaryFeatureExtractor::kDefaultOptions, |
76 suspicious_module->mutable_image_headers(), | 77 suspicious_module->mutable_image_headers(), |
77 nullptr /* signed_data */)) { | 78 nullptr /* signed_data */)) { |
78 suspicious_module->clear_image_headers(); | 79 suspicious_module->clear_image_headers(); |
79 } | 80 } |
80 | 81 |
81 // Send the incident to the reporting service. | 82 // Send the incident to the reporting service. |
82 incident_receiver->AddIncidentForProcess(make_scoped_ptr( | 83 incident_receiver->AddIncidentForProcess(base::WrapUnique( |
83 new SuspiciousModuleIncident(std::move(suspicious_module)))); | 84 new SuspiciousModuleIncident(std::move(suspicious_module)))); |
84 } | 85 } |
85 } | 86 } |
86 | 87 |
87 void CheckModuleWhitelistOnIOThread( | 88 void CheckModuleWhitelistOnIOThread( |
88 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager, | 89 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager, |
89 scoped_ptr<IncidentReceiver> incident_receiver, | 90 std::unique_ptr<IncidentReceiver> incident_receiver, |
90 scoped_ptr<std::set<ModuleInfo>> module_info_set) { | 91 std::unique_ptr<std::set<ModuleInfo>> module_info_set) { |
91 SCOPED_UMA_HISTOGRAM_TIMER("SBIRS.SuspiciousModuleDetectionTime"); | 92 SCOPED_UMA_HISTOGRAM_TIMER("SBIRS.SuspiciousModuleDetectionTime"); |
92 scoped_ptr<std::set<base::FilePath>> suspicious_paths( | 93 std::unique_ptr<std::set<base::FilePath>> suspicious_paths( |
93 new std::set<base::FilePath>); | 94 new std::set<base::FilePath>); |
94 | 95 |
95 base::FilePath file_path; | 96 base::FilePath file_path; |
96 for (const ModuleInfo& module_info : *module_info_set) { | 97 for (const ModuleInfo& module_info : *module_info_set) { |
97 file_path = base::FilePath(module_info.name); | 98 file_path = base::FilePath(module_info.name); |
98 base::string16 module_file_name( | 99 base::string16 module_file_name( |
99 base::i18n::FoldCase(file_path.BaseName().AsUTF16Unsafe())); | 100 base::i18n::FoldCase(file_path.BaseName().AsUTF16Unsafe())); |
100 | 101 |
101 // If not whitelisted. | 102 // If not whitelisted. |
102 if (!database_manager->MatchModuleWhitelistString( | 103 if (!database_manager->MatchModuleWhitelistString( |
(...skipping 11 matching lines...) Expand all Loading... |
114 base::Passed(std::move(suspicious_paths)), | 115 base::Passed(std::move(suspicious_paths)), |
115 base::Passed(std::move(incident_receiver))), | 116 base::Passed(std::move(incident_receiver))), |
116 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN); | 117 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN); |
117 } | 118 } |
118 } | 119 } |
119 | 120 |
120 } // namespace | 121 } // namespace |
121 | 122 |
122 void VerifyModuleLoadState( | 123 void VerifyModuleLoadState( |
123 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager, | 124 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager, |
124 scoped_ptr<IncidentReceiver> incident_receiver) { | 125 std::unique_ptr<IncidentReceiver> incident_receiver) { |
125 scoped_ptr<std::set<ModuleInfo>> module_info_set(new std::set<ModuleInfo>); | 126 std::unique_ptr<std::set<ModuleInfo>> module_info_set( |
| 127 new std::set<ModuleInfo>); |
126 if (!GetLoadedModules(module_info_set.get())) | 128 if (!GetLoadedModules(module_info_set.get())) |
127 return; | 129 return; |
128 | 130 |
129 // PostTaskAndReply doesn't work here because we're in a sequenced blocking | 131 // PostTaskAndReply doesn't work here because we're in a sequenced blocking |
130 // thread pool. | 132 // thread pool. |
131 content::BrowserThread::PostTask( | 133 content::BrowserThread::PostTask( |
132 content::BrowserThread::IO, FROM_HERE, | 134 content::BrowserThread::IO, FROM_HERE, |
133 base::Bind(&CheckModuleWhitelistOnIOThread, database_manager, | 135 base::Bind(&CheckModuleWhitelistOnIOThread, database_manager, |
134 base::Passed(std::move(incident_receiver)), | 136 base::Passed(std::move(incident_receiver)), |
135 base::Passed(std::move(module_info_set)))); | 137 base::Passed(std::move(module_info_set)))); |
136 } | 138 } |
137 | 139 |
138 } // namespace safe_browsing | 140 } // namespace safe_browsing |
OLD | NEW |