| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/download_protection_service.h" | 5 #include "chrome/browser/safe_browsing/download_protection_service.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 #if defined(OS_MACOSX) | 69 #if defined(OS_MACOSX) |
| 70 #include "chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac.h" | 70 #include "chrome/browser/safe_browsing/sandboxed_dmg_analyzer_mac.h" |
| 71 #endif | 71 #endif |
| 72 | 72 |
| 73 using content::BrowserThread; | 73 using content::BrowserThread; |
| 74 | 74 |
| 75 namespace { | 75 namespace { |
| 76 static const int64_t kDownloadRequestTimeoutMs = 7000; | 76 static const int64_t kDownloadRequestTimeoutMs = 7000; |
| 77 // We sample 1% of whitelisted downloads to still send out download pings. | 77 // We sample 1% of whitelisted downloads to still send out download pings. |
| 78 static const double kWhitelistDownloadSampleRate = 0.01; | 78 static const double kWhitelistDownloadSampleRate = 0.01; |
| 79 |
| 80 enum WhitelistType { |
| 81 NO_WHITELIST_MATCH, |
| 82 URL_WHITELIST, |
| 83 SIGNATURE_WHITELIST, |
| 84 WHITELIST_TYPE_MAX |
| 85 }; |
| 86 |
| 87 static void RecordCountOfWhitelistedDownload(WhitelistType type) { |
| 88 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.CheckWhitelistResult", type, |
| 89 WHITELIST_TYPE_MAX); |
| 90 } |
| 79 } // namespace | 91 } // namespace |
| 80 | 92 |
| 81 namespace safe_browsing { | 93 namespace safe_browsing { |
| 82 | 94 |
| 83 const char DownloadProtectionService::kDownloadRequestUrl[] = | 95 const char DownloadProtectionService::kDownloadRequestUrl[] = |
| 84 "https://sb-ssl.google.com/safebrowsing/clientreport/download"; | 96 "https://sb-ssl.google.com/safebrowsing/clientreport/download"; |
| 85 | 97 |
| 86 const void* const DownloadProtectionService::kDownloadPingTokenKey | 98 const void* const DownloadProtectionService::kDownloadPingTokenKey |
| 87 = &kDownloadPingTokenKey; | 99 = &kDownloadPingTokenKey; |
| 88 | 100 |
| (...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 746 } else { | 758 } else { |
| 747 PostFinishTask(UNKNOWN, REASON_ARCHIVE_WITHOUT_BINARIES); | 759 PostFinishTask(UNKNOWN, REASON_ARCHIVE_WITHOUT_BINARIES); |
| 748 return; | 760 return; |
| 749 } | 761 } |
| 750 } | 762 } |
| 751 | 763 |
| 752 OnFileFeatureExtractionDone(); | 764 OnFileFeatureExtractionDone(); |
| 753 } | 765 } |
| 754 #endif // defined(OS_MACOSX) | 766 #endif // defined(OS_MACOSX) |
| 755 | 767 |
| 756 enum WhitelistType { | 768 bool ShouldSampleWhitelistedDownload() { |
| 757 NO_WHITELIST_MATCH, | |
| 758 URL_WHITELIST, | |
| 759 SIGNATURE_WHITELIST, | |
| 760 WHITELIST_TYPE_MAX | |
| 761 }; | |
| 762 | |
| 763 static void RecordCountOfWhitelistedDownload(WhitelistType type) { | |
| 764 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.CheckWhitelistResult", | |
| 765 type, | |
| 766 WHITELIST_TYPE_MAX); | |
| 767 } | |
| 768 | |
| 769 virtual bool ShouldSampleWhitelistedDownload() { | |
| 770 // We currently sample 1% whitelisted downloads from users who opted | 769 // We currently sample 1% whitelisted downloads from users who opted |
| 771 // in extended reporting and are not in incognito mode. | 770 // in extended reporting and are not in incognito mode. |
| 772 return service_ && is_extended_reporting_ && !is_incognito_ && | 771 return service_ && is_extended_reporting_ && !is_incognito_ && |
| 773 base::RandDouble() < service_->whitelist_sample_rate(); | 772 base::RandDouble() < service_->whitelist_sample_rate(); |
| 774 } | 773 } |
| 775 | 774 |
| 776 void CheckWhitelists() { | 775 void CheckWhitelists() { |
| 777 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 776 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 778 | 777 |
| 779 if (!database_manager_.get()) { | 778 if (!database_manager_.get()) { |
| (...skipping 406 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1186 REQUEST_MALFORMED, | 1185 REQUEST_MALFORMED, |
| 1187 FETCH_FAILED, | 1186 FETCH_FAILED, |
| 1188 RESPONSE_MALFORMED, | 1187 RESPONSE_MALFORMED, |
| 1189 SUCCEEDED | 1188 SUCCEEDED |
| 1190 }; | 1189 }; |
| 1191 | 1190 |
| 1192 PPAPIDownloadRequest( | 1191 PPAPIDownloadRequest( |
| 1193 const GURL& requestor_url, | 1192 const GURL& requestor_url, |
| 1194 const base::FilePath& default_file_path, | 1193 const base::FilePath& default_file_path, |
| 1195 const std::vector<base::FilePath::StringType>& alternate_extensions, | 1194 const std::vector<base::FilePath::StringType>& alternate_extensions, |
| 1195 bool is_extended_reporting, |
| 1196 bool is_incognito, |
| 1196 const CheckDownloadCallback& callback, | 1197 const CheckDownloadCallback& callback, |
| 1197 DownloadProtectionService* service, | 1198 DownloadProtectionService* service, |
| 1198 scoped_refptr<SafeBrowsingDatabaseManager> database_manager) | 1199 scoped_refptr<SafeBrowsingDatabaseManager> database_manager) |
| 1199 : requestor_url_(requestor_url), | 1200 : requestor_url_(requestor_url), |
| 1200 default_file_path_(default_file_path), | 1201 default_file_path_(default_file_path), |
| 1201 alternate_extensions_(alternate_extensions), | 1202 alternate_extensions_(alternate_extensions), |
| 1202 callback_(callback), | 1203 callback_(callback), |
| 1203 service_(service), | 1204 service_(service), |
| 1204 database_manager_(database_manager), | 1205 database_manager_(database_manager), |
| 1205 start_time_(base::TimeTicks::Now()), | 1206 start_time_(base::TimeTicks::Now()), |
| 1206 supported_path_( | 1207 supported_path_( |
| 1207 GetSupportedFilePath(default_file_path, alternate_extensions)), | 1208 GetSupportedFilePath(default_file_path, alternate_extensions)), |
| 1209 is_extended_reporting_(is_extended_reporting), |
| 1210 is_incognito_(is_incognito), |
| 1211 sample_url_whitelist_(false), |
| 1208 weakptr_factory_(this) {} | 1212 weakptr_factory_(this) {} |
| 1209 | 1213 |
| 1210 ~PPAPIDownloadRequest() override { | 1214 ~PPAPIDownloadRequest() override { |
| 1211 if (fetcher_ && !callback_.is_null()) | 1215 if (fetcher_ && !callback_.is_null()) |
| 1212 Finish(RequestOutcome::REQUEST_DESTROYED, UNKNOWN); | 1216 Finish(RequestOutcome::REQUEST_DESTROYED, UNKNOWN); |
| 1213 } | 1217 } |
| 1214 | 1218 |
| 1215 // Start the process of checking the download request. The callback passed as | 1219 // Start the process of checking the download request. The callback passed as |
| 1216 // the |callback| parameter to the constructor will be invoked with the result | 1220 // the |callback| parameter to the constructor will be invoked with the result |
| 1217 // of the check at some point in the future. | 1221 // of the check at some point in the future. |
| (...skipping 30 matching lines...) Expand all Loading... |
| 1248 service_->download_request_timeout_ms())); | 1252 service_->download_request_timeout_ms())); |
| 1249 | 1253 |
| 1250 BrowserThread::PostTask( | 1254 BrowserThread::PostTask( |
| 1251 BrowserThread::IO, FROM_HERE, | 1255 BrowserThread::IO, FROM_HERE, |
| 1252 base::Bind(&PPAPIDownloadRequest::CheckWhitelistsOnIOThread, | 1256 base::Bind(&PPAPIDownloadRequest::CheckWhitelistsOnIOThread, |
| 1253 requestor_url_, database_manager_, | 1257 requestor_url_, database_manager_, |
| 1254 weakptr_factory_.GetWeakPtr())); | 1258 weakptr_factory_.GetWeakPtr())); |
| 1255 } | 1259 } |
| 1256 | 1260 |
| 1257 private: | 1261 private: |
| 1262 bool ShouldSampleWhitelistedDownload() { |
| 1263 // We currently sample 1% whitelisted downloads from users who opted |
| 1264 // in extended reporting and are not in incognito mode. |
| 1265 return service_ && !is_incognito_ && is_extended_reporting_ && |
| 1266 base::RandDouble() < service_->whitelist_sample_rate(); |
| 1267 } |
| 1268 |
| 1258 // Whitelist checking needs to the done on the IO thread. | 1269 // Whitelist checking needs to the done on the IO thread. |
| 1259 static void CheckWhitelistsOnIOThread( | 1270 static void CheckWhitelistsOnIOThread( |
| 1260 const GURL& requestor_url, | 1271 const GURL& requestor_url, |
| 1261 scoped_refptr<SafeBrowsingDatabaseManager> database_manager, | 1272 scoped_refptr<SafeBrowsingDatabaseManager> database_manager, |
| 1262 base::WeakPtr<PPAPIDownloadRequest> download_request) { | 1273 base::WeakPtr<PPAPIDownloadRequest> download_request) { |
| 1263 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 1274 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 1264 DVLOG(2) << " checking whitelists for requestor URL:" << requestor_url; | 1275 DVLOG(2) << " checking whitelists for requestor URL:" << requestor_url; |
| 1265 | 1276 |
| 1266 bool url_was_whitelisted = | 1277 bool url_was_whitelisted = |
| 1267 requestor_url.is_valid() && database_manager && | 1278 requestor_url.is_valid() && database_manager && |
| 1268 database_manager->MatchDownloadWhitelistUrl(requestor_url); | 1279 database_manager->MatchDownloadWhitelistUrl(requestor_url); |
| 1269 BrowserThread::PostTask( | 1280 BrowserThread::PostTask( |
| 1270 BrowserThread::UI, FROM_HERE, | 1281 BrowserThread::UI, FROM_HERE, |
| 1271 base::Bind(&PPAPIDownloadRequest::WhitelistCheckComplete, | 1282 base::Bind(&PPAPIDownloadRequest::WhitelistCheckComplete, |
| 1272 download_request, url_was_whitelisted)); | 1283 download_request, url_was_whitelisted)); |
| 1273 } | 1284 } |
| 1274 | 1285 |
| 1275 void WhitelistCheckComplete(bool was_on_whitelist) { | 1286 void WhitelistCheckComplete(bool was_on_whitelist) { |
| 1276 DVLOG(2) << __FUNCTION__ << " was_on_whitelist:" << was_on_whitelist; | 1287 DVLOG(2) << __FUNCTION__ << " was_on_whitelist:" << was_on_whitelist; |
| 1277 if (was_on_whitelist) { | 1288 if (was_on_whitelist) { |
| 1278 // TODO(asanka): Should sample whitelisted downloads based on | 1289 if (ShouldSampleWhitelistedDownload()) { |
| 1279 // service_->whitelist_sample_rate(). http://crbug.com/610924 | 1290 RecordCountOfWhitelistedDownload(URL_WHITELIST); |
| 1280 Finish(RequestOutcome::WHITELIST_HIT, SAFE); | 1291 sample_url_whitelist_ = true; |
| 1281 return; | 1292 } else { |
| 1293 Finish(RequestOutcome::WHITELIST_HIT, SAFE); |
| 1294 return; |
| 1295 } |
| 1282 } | 1296 } |
| 1283 | 1297 |
| 1284 // Not on whitelist, so we are going to check with the SafeBrowsing | 1298 // Not on whitelist, so we are going to check with the SafeBrowsing |
| 1285 // backend. | 1299 // backend. |
| 1286 SendRequest(); | 1300 SendRequest(); |
| 1287 } | 1301 } |
| 1288 | 1302 |
| 1289 void SendRequest() { | 1303 void SendRequest() { |
| 1290 DVLOG(2) << __FUNCTION__; | 1304 DVLOG(2) << __FUNCTION__; |
| 1291 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 1305 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 1292 | 1306 |
| 1293 ClientDownloadRequest request; | 1307 ClientDownloadRequest request; |
| 1294 request.set_download_type(ClientDownloadRequest::PPAPI_SAVE_REQUEST); | 1308 request.set_download_type(ClientDownloadRequest::PPAPI_SAVE_REQUEST); |
| 1295 ClientDownloadRequest::Resource* resource = request.add_resources(); | 1309 ClientDownloadRequest::Resource* resource = request.add_resources(); |
| 1296 resource->set_type(ClientDownloadRequest::PPAPI_DOCUMENT); | 1310 resource->set_type(ClientDownloadRequest::PPAPI_DOCUMENT); |
| 1297 resource->set_url(requestor_url_.spec()); | 1311 resource->set_url(requestor_url_.spec()); |
| 1298 request.set_url(requestor_url_.spec()); | 1312 request.set_url(requestor_url_.spec()); |
| 1299 request.set_file_basename(supported_path_.BaseName().AsUTF8Unsafe()); | 1313 request.set_file_basename(supported_path_.BaseName().AsUTF8Unsafe()); |
| 1300 request.set_length(0); | 1314 request.set_length(0); |
| 1301 request.mutable_digests()->set_md5(std::string()); | 1315 request.mutable_digests()->set_md5(std::string()); |
| 1316 request.set_skipped_url_whitelist(sample_url_whitelist_); |
| 1317 // Download protection does not check certificate whitelist for PPAPI |
| 1318 // downloads. |
| 1319 request.set_skipped_certificate_whitelist(false); |
| 1302 for (const auto& alternate_extension : alternate_extensions_) { | 1320 for (const auto& alternate_extension : alternate_extensions_) { |
| 1303 if (alternate_extension.empty()) | 1321 if (alternate_extension.empty()) |
| 1304 continue; | 1322 continue; |
| 1305 DCHECK_EQ(base::FilePath::kExtensionSeparator, alternate_extension[0]); | 1323 DCHECK_EQ(base::FilePath::kExtensionSeparator, alternate_extension[0]); |
| 1306 *(request.add_alternate_extensions()) = | 1324 *(request.add_alternate_extensions()) = |
| 1307 base::FilePath(alternate_extension).AsUTF8Unsafe(); | 1325 base::FilePath(alternate_extension).AsUTF8Unsafe(); |
| 1308 } | 1326 } |
| 1309 if (supported_path_ != default_file_path_) { | 1327 if (supported_path_ != default_file_path_) { |
| 1310 *(request.add_alternate_extensions()) = | 1328 *(request.add_alternate_extensions()) = |
| 1311 base::FilePath(default_file_path_.FinalExtension()).AsUTF8Unsafe(); | 1329 base::FilePath(default_file_path_.FinalExtension()).AsUTF8Unsafe(); |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1442 // Time request was started. | 1460 // Time request was started. |
| 1443 const base::TimeTicks start_time_; | 1461 const base::TimeTicks start_time_; |
| 1444 | 1462 |
| 1445 // A download path that is supported by SafeBrowsing. This is determined by | 1463 // A download path that is supported by SafeBrowsing. This is determined by |
| 1446 // invoking GetSupportedFilePath(). If non-empty, | 1464 // invoking GetSupportedFilePath(). If non-empty, |
| 1447 // IsCheckedBinaryFile(supported_path_) is always true. This | 1465 // IsCheckedBinaryFile(supported_path_) is always true. This |
| 1448 // path is therefore used as the download target when sending the SafeBrowsing | 1466 // path is therefore used as the download target when sending the SafeBrowsing |
| 1449 // ping. | 1467 // ping. |
| 1450 const base::FilePath supported_path_; | 1468 const base::FilePath supported_path_; |
| 1451 | 1469 |
| 1470 bool is_extended_reporting_; |
| 1471 bool is_incognito_; |
| 1472 bool sample_url_whitelist_; |
| 1473 |
| 1452 base::WeakPtrFactory<PPAPIDownloadRequest> weakptr_factory_; | 1474 base::WeakPtrFactory<PPAPIDownloadRequest> weakptr_factory_; |
| 1453 | 1475 |
| 1454 DISALLOW_COPY_AND_ASSIGN(PPAPIDownloadRequest); | 1476 DISALLOW_COPY_AND_ASSIGN(PPAPIDownloadRequest); |
| 1455 }; | 1477 }; |
| 1456 | 1478 |
| 1457 DownloadProtectionService::DownloadProtectionService( | 1479 DownloadProtectionService::DownloadProtectionService( |
| 1458 SafeBrowsingService* sb_service) | 1480 SafeBrowsingService* sb_service) |
| 1459 : request_context_getter_(sb_service ? sb_service->url_request_context() | 1481 : request_context_getter_(sb_service ? sb_service->url_request_context() |
| 1460 : nullptr), | 1482 : nullptr), |
| 1461 enabled_(false), | 1483 enabled_(false), |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1547 // UNKNOWN types properly. http://crbug.com/581044 | 1569 // UNKNOWN types properly. http://crbug.com/581044 |
| 1548 return (CheckClientDownloadRequest::IsSupportedDownload( | 1570 return (CheckClientDownloadRequest::IsSupportedDownload( |
| 1549 item, target_path, &reason, &type) && | 1571 item, target_path, &reason, &type) && |
| 1550 (ClientDownloadRequest::CHROME_EXTENSION != type)); | 1572 (ClientDownloadRequest::CHROME_EXTENSION != type)); |
| 1551 } | 1573 } |
| 1552 | 1574 |
| 1553 void DownloadProtectionService::CheckPPAPIDownloadRequest( | 1575 void DownloadProtectionService::CheckPPAPIDownloadRequest( |
| 1554 const GURL& requestor_url, | 1576 const GURL& requestor_url, |
| 1555 const base::FilePath& default_file_path, | 1577 const base::FilePath& default_file_path, |
| 1556 const std::vector<base::FilePath::StringType>& alternate_extensions, | 1578 const std::vector<base::FilePath::StringType>& alternate_extensions, |
| 1579 bool is_extended_reporting, |
| 1580 bool is_incognito, |
| 1557 const CheckDownloadCallback& callback) { | 1581 const CheckDownloadCallback& callback) { |
| 1558 DVLOG(1) << __FUNCTION__ << " url:" << requestor_url | 1582 DVLOG(1) << __FUNCTION__ << " url:" << requestor_url |
| 1559 << " default_file_path:" << default_file_path.value(); | 1583 << " default_file_path:" << default_file_path.value(); |
| 1560 std::unique_ptr<PPAPIDownloadRequest> request(new PPAPIDownloadRequest( | 1584 std::unique_ptr<PPAPIDownloadRequest> request(new PPAPIDownloadRequest( |
| 1561 requestor_url, default_file_path, alternate_extensions, callback, this, | 1585 requestor_url, default_file_path, alternate_extensions, |
| 1562 database_manager_)); | 1586 is_extended_reporting, is_incognito, callback, this, database_manager_)); |
| 1563 PPAPIDownloadRequest* request_copy = request.get(); | 1587 PPAPIDownloadRequest* request_copy = request.get(); |
| 1564 auto insertion_result = ppapi_download_requests_.insert( | 1588 auto insertion_result = ppapi_download_requests_.insert( |
| 1565 std::make_pair(request_copy, std::move(request))); | 1589 std::make_pair(request_copy, std::move(request))); |
| 1566 DCHECK(insertion_result.second); | 1590 DCHECK(insertion_result.second); |
| 1567 insertion_result.first->second->Start(); | 1591 insertion_result.first->second->Start(); |
| 1568 } | 1592 } |
| 1569 | 1593 |
| 1570 DownloadProtectionService::ClientDownloadRequestSubscription | 1594 DownloadProtectionService::ClientDownloadRequestSubscription |
| 1571 DownloadProtectionService::RegisterClientDownloadRequestCallback( | 1595 DownloadProtectionService::RegisterClientDownloadRequestCallback( |
| 1572 const ClientDownloadRequestCallback& callback) { | 1596 const ClientDownloadRequestCallback& callback) { |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1718 GURL DownloadProtectionService::GetDownloadRequestUrl() { | 1742 GURL DownloadProtectionService::GetDownloadRequestUrl() { |
| 1719 GURL url(kDownloadRequestUrl); | 1743 GURL url(kDownloadRequestUrl); |
| 1720 std::string api_key = google_apis::GetAPIKey(); | 1744 std::string api_key = google_apis::GetAPIKey(); |
| 1721 if (!api_key.empty()) | 1745 if (!api_key.empty()) |
| 1722 url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true)); | 1746 url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true)); |
| 1723 | 1747 |
| 1724 return url; | 1748 return url; |
| 1725 } | 1749 } |
| 1726 | 1750 |
| 1727 } // namespace safe_browsing | 1751 } // namespace safe_browsing |
| OLD | NEW |