chrome/browser/safe_browsing/download_protection_service.cc - Issue 2128583005: DownloadProtection: Add more graceful handling of verdict=UNKNOWN

Side by Side Diff: chrome/browser/safe_browsing/download_protection_service.cc

Issue 2128583005: DownloadProtection: Add more graceful handling of verdict=UNKNOWN (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/safe_browsing/download_protection_service.h ('k') | chrome/browser/safe_browsing/download_protection_service_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/safe_browsing/download_protection_service.h"	5 #include "chrome/browser/safe_browsing/download_protection_service.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <memory>	9 #include <memory>

10	10

(...skipping 453 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
464 std::string data;	464 std::string data;

465 bool got_data = source->GetResponseAsString(&data);	465 bool got_data = source->GetResponseAsString(&data);

466 DCHECK(got_data);	466 DCHECK(got_data);

467 if (!response.ParseFromString(data)) {	467 if (!response.ParseFromString(data)) {

468 reason = REASON_INVALID_RESPONSE_PROTO;	468 reason = REASON_INVALID_RESPONSE_PROTO;

469 result = UNKNOWN;	469 result = UNKNOWN;

470 } else if (type_ == ClientDownloadRequest::SAMPLED_UNSUPPORTED_FILE) {	470 } else if (type_ == ClientDownloadRequest::SAMPLED_UNSUPPORTED_FILE) {

471 // Ignore the verdict because we were just reporting a sampled file.	471 // Ignore the verdict because we were just reporting a sampled file.

472 reason = REASON_SAMPLED_UNSUPPORTED_FILE;	472 reason = REASON_SAMPLED_UNSUPPORTED_FILE;

473 result = UNKNOWN;	473 result = UNKNOWN;

474 } else if (response.verdict() == ClientDownloadResponse::SAFE) {

475 reason = REASON_DOWNLOAD_SAFE;

476 result = SAFE;

477 } else if (service_ && !service_->IsSupportedDownload(

478 *item_, item_->GetTargetFilePath())) {

479 // TODO(nparker): Remove this check since it should be impossible.

480 reason = REASON_DOWNLOAD_NOT_SUPPORTED;

481 result = UNKNOWN;

482 } else if (response.verdict() == ClientDownloadResponse::DANGEROUS) {

483 reason = REASON_DOWNLOAD_DANGEROUS;

484 result = DANGEROUS;

485 token = response.token();

486 } else if (response.verdict() == ClientDownloadResponse::UNCOMMON) {

487 reason = REASON_DOWNLOAD_UNCOMMON;

488 result = UNCOMMON;

489 token = response.token();

490 } else if (response.verdict() == ClientDownloadResponse::DANGEROUS_HOST) {

491 reason = REASON_DOWNLOAD_DANGEROUS_HOST;

492 result = DANGEROUS_HOST;

493 token = response.token();

494 } else if (

495 response.verdict() == ClientDownloadResponse::POTENTIALLY_UNWANTED) {

496 reason = REASON_DOWNLOAD_POTENTIALLY_UNWANTED;

497 result = POTENTIALLY_UNWANTED;

498 token = response.token();

499 } else {	474 } else {

500 LOG(DFATAL) << "Unknown download response verdict: "	475 switch (response.verdict()) {

501 << response.verdict();	476 case ClientDownloadResponse::SAFE:

502 reason = REASON_INVALID_RESPONSE_VERDICT;	477 reason = REASON_DOWNLOAD_SAFE;

503 result = UNKNOWN;	478 result = SAFE;

	479 break;

	480 case ClientDownloadResponse::DANGEROUS:

	481 reason = REASON_DOWNLOAD_DANGEROUS;

	482 result = DANGEROUS;

	483 token = response.token();

	484 break;

	485 case ClientDownloadResponse::UNCOMMON:

	486 reason = REASON_DOWNLOAD_UNCOMMON;

	487 result = UNCOMMON;

	488 token = response.token();

	489 break;

	490 case ClientDownloadResponse::DANGEROUS_HOST:

	491 reason = REASON_DOWNLOAD_DANGEROUS_HOST;

	492 result = DANGEROUS_HOST;

	493 token = response.token();

	494 break;

	495 case ClientDownloadResponse::POTENTIALLY_UNWANTED:

	496 reason = REASON_DOWNLOAD_POTENTIALLY_UNWANTED;

	497 result = POTENTIALLY_UNWANTED;

	498 token = response.token();

	499 break;

	500 case ClientDownloadResponse::UNKNOWN:

	501 reason = REASON_VERDICT_UNKNOWN;

	502 result = UNKNOWN;

	503 break;

	504 default:
	asanka 2016/07/07 20:46:59 Nit: Shall we go the route of eliminating the defa Nit: Shall we go the route of eliminating the default label? That way the compiler will throw an error if a new verdict is added that's not handled here. If the incoming proto has an unrecognized verdict, it should fail to parse, right? Nathan Parker 2016/07/07 21:02:55 I don't think it'd fail to parse... hence I'm catc Show quoted text On 2016/07/07 20:46:59, asanka wrote: > Nit: Shall we go the route of eliminating the default label? That way the > compiler will throw an error if a new verdict is added that's not handled here. > If the incoming proto has an unrecognized verdict, it should fail to parse, > right? I don't think it'd fail to parse... hence I'm catching it here. Though I can't find docs to that effect. I think the no-default style works well only when the value is set solely within the same C++ binary, so the compiler can enforce the type. I was relying on it _not_ failing to parse, so existing chrome binaries will be able to handle the new "UNKNOWN" value with the old code that doesn't know about it. asanka 2016/07/07 21:15:11 Ah. TIL. Acknowledged. Show quoted text On 2016/07/07 at 21:02:55, Nathan Parker wrote: > On 2016/07/07 20:46:59, asanka wrote: > > Nit: Shall we go the route of eliminating the default label? That way the > > compiler will throw an error if a new verdict is added that's not handled here. > > If the incoming proto has an unrecognized verdict, it should fail to parse, > > right? > > I don't think it'd fail to parse... hence I'm catching it here. Though I can't find docs to that effect. > > I think the no-default style works well only when the value is set solely within the same C++ binary, so the compiler can enforce the type. > > I was relying on it _not_ failing to parse, so existing chrome binaries will be able to handle the new "UNKNOWN" value with the old code that doesn't know about it. Ah. TIL. Acknowledged. Nathan Parker 2016/07/11 20:26:22 Apparently I was wrong. The old code apparently c Show quoted text On 2016/07/07 21:15:11, asanka wrote: > On 2016/07/07 at 21:02:55, Nathan Parker wrote: > > On 2016/07/07 20:46:59, asanka wrote: > > > Nit: Shall we go the route of eliminating the default label? That way the > > > compiler will throw an error if a new verdict is added that's not handled > here. > > > If the incoming proto has an unrecognized verdict, it should fail to parse, > > > right? > > > > I don't think it'd fail to parse... hence I'm catching it here. Though I can't > find docs to that effect. > > > > I think the no-default style works well only when the value is set solely > within the same C++ binary, so the compiler can enforce the type. > > > > I was relying on it _not_ failing to parse, so existing chrome binaries will > be able to handle the new "UNKNOWN" value with the old code that doesn't know > about it. > > Ah. TIL. Acknowledged. Apparently I was wrong. The old code apparently can't parse the proto with the new enum value, so I'm seeing a histogram value of INVALID_RESPONSE_PROTO. The result (unknown) is the same.
	505 LOG(DFATAL) << "Unknown download response verdict: "

	506 << response.verdict();

	507 reason = REASON_INVALID_RESPONSE_VERDICT;

	508 result = UNKNOWN;

	509 }

504 }	510 }

	511

505 if (!token.empty())	512 if (!token.empty())

506 SetDownloadPingToken(item_, token);	513 SetDownloadPingToken(item_, token);

507	514

508 DownloadFeedbackService::MaybeStorePingsForDownload(	515 DownloadFeedbackService::MaybeStorePingsForDownload(

509 result, item_, client_download_request_data_, data);	516 result, item_, client_download_request_data_, data);

510 }	517 }

511 // We don't need the fetcher anymore.	518 // We don't need the fetcher anymore.

512 fetcher_.reset();	519 fetcher_.reset();

513 UMA_HISTOGRAM_TIMES("SBClientDownload.DownloadRequestDuration",	520 UMA_HISTOGRAM_TIMES("SBClientDownload.DownloadRequestDuration",

514 base::TimeTicks::Now() - start_time_);	521 base::TimeTicks::Now() - start_time_);

(...skipping 872 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1387 case ClientDownloadResponse::SAFE:	1394 case ClientDownloadResponse::SAFE:

1388 return SAFE;	1395 return SAFE;

1389 case ClientDownloadResponse::UNCOMMON:	1396 case ClientDownloadResponse::UNCOMMON:

1390 return UNCOMMON;	1397 return UNCOMMON;

1391 case ClientDownloadResponse::POTENTIALLY_UNWANTED:	1398 case ClientDownloadResponse::POTENTIALLY_UNWANTED:

1392 return POTENTIALLY_UNWANTED;	1399 return POTENTIALLY_UNWANTED;

1393 case ClientDownloadResponse::DANGEROUS:	1400 case ClientDownloadResponse::DANGEROUS:

1394 return DANGEROUS;	1401 return DANGEROUS;

1395 case ClientDownloadResponse::DANGEROUS_HOST:	1402 case ClientDownloadResponse::DANGEROUS_HOST:

1396 return DANGEROUS_HOST;	1403 return DANGEROUS_HOST;

	1404 case ClientDownloadResponse::UNKNOWN:

	1405 return UNKNOWN;

1397 }	1406 }

1398 return UNKNOWN;	1407 return UNKNOWN;

1399 }	1408 }

1400	1409

1401 // Given a \|default_file_path\| and a list of \|alternate_extensions\|,	1410 // Given a \|default_file_path\| and a list of \|alternate_extensions\|,

1402 // constructs a FilePath with each possible extension and returns one that	1411 // constructs a FilePath with each possible extension and returns one that

1403 // satisfies IsCheckedBinaryFile(). If none are supported, returns an	1412 // satisfies IsCheckedBinaryFile(). If none are supported, returns an

1404 // empty FilePath.	1413 // empty FilePath.

1405 static base::FilePath GetSupportedFilePath(	1414 static base::FilePath GetSupportedFilePath(

1406 const base::FilePath& default_file_path,	1415 const base::FilePath& default_file_path,

(...skipping 311 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1718 GURL DownloadProtectionService::GetDownloadRequestUrl() {	1727 GURL DownloadProtectionService::GetDownloadRequestUrl() {

1719 GURL url(kDownloadRequestUrl);	1728 GURL url(kDownloadRequestUrl);

1720 std::string api_key = google_apis::GetAPIKey();	1729 std::string api_key = google_apis::GetAPIKey();

1721 if (!api_key.empty())	1730 if (!api_key.empty())

1722 url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true));	1731 url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true));

1723	1732

1724 return url;	1733 return url;

1725 }	1734 }

1726	1735

1727 } // namespace safe_browsing	1736 } // namespace safe_browsing

OLD	NEW