Chromium Code Reviews Chromium Code Reviews
Issue 2495783003:
Implement support for checking bad IPs aka MatchMalwareIP (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/scoped_temp_dir.h" | 5 #include "base/files/scoped_temp_dir.h" |
| 6 #include "base/memory/ptr_util.h" | 6 #include "base/memory/ptr_util.h" |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/run_loop.h" | 8 #include "base/run_loop.h" |
| 9 #include "base/test/test_simple_task_runner.h" | 9 #include "base/test/test_simple_task_runner.h" |
| 10 #include "components/safe_browsing_db/v4_database.h" | 10 #include "components/safe_browsing_db/v4_database.h" |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 30 FROM_HERE, | 30 FROM_HERE, |
| 31 base::Bind(&FakeV4Database::CreateOnTaskRunner, db_task_runner, | 31 base::Bind(&FakeV4Database::CreateOnTaskRunner, db_task_runner, |
| 32 base::Passed(&store_map), store_and_hash_prefixes, | 32 base::Passed(&store_map), store_and_hash_prefixes, |
| 33 callback_task_runner, new_db_callback)); | 33 callback_task_runner, new_db_callback)); |
| 34 } | 34 } |
| 35 | 35 |
| 36 void GetStoresMatchingFullHash( | 36 void GetStoresMatchingFullHash( |
| 37 const FullHash& full_hash, | 37 const FullHash& full_hash, |
| 38 const StoresToCheck& stores_to_check, | 38 const StoresToCheck& stores_to_check, |
| 39 StoreAndHashPrefixes* store_and_hash_prefixes) override { | 39 StoreAndHashPrefixes* store_and_hash_prefixes) override { |
| 40 *store_and_hash_prefixes = store_and_hash_prefixes_; | 40 for (const StoreAndHashPrefix& stored_sahp : store_and_hash_prefixes_) { |
| 41 const PrefixSize& prefix_size = stored_sahp.hash_prefix.size(); | |
| 42 if (stored_sahp.hash_prefix == full_hash.substr(0, prefix_size)) { | |
|
Scott Hess - ex-Googler
2016/11/12 23:11:34
Could you phrase this in terms of std::string::com
vakh (use Gerrit instead)
2016/11/14 19:59:16
Done.
| |
| 43 store_and_hash_prefixes->push_back(stored_sahp); | |
|
Scott Hess - ex-Googler
2016/11/12 23:11:34
You should probably clear() things up front to rep
vakh (use Gerrit instead)
2016/11/14 19:59:16
Done.
| |
| 44 } | |
| 45 } | |
| 41 } | 46 } |
| 42 | 47 |
| 43 private: | 48 private: |
| 44 static void CreateOnTaskRunner( | 49 static void CreateOnTaskRunner( |
| 45 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner, | 50 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner, |
| 46 std::unique_ptr<StoreMap> store_map, | 51 std::unique_ptr<StoreMap> store_map, |
| 47 const StoreAndHashPrefixes& store_and_hash_prefixes, | 52 const StoreAndHashPrefixes& store_and_hash_prefixes, |
| 48 const scoped_refptr<base::SingleThreadTaskRunner>& callback_task_runner, | 53 const scoped_refptr<base::SingleThreadTaskRunner>& callback_task_runner, |
| 49 NewDatabaseReadyCallback new_db_callback) { | 54 NewDatabaseReadyCallback new_db_callback) { |
| 50 // Mimics the semantics of V4Database::CreateOnTaskRunner | 55 // Mimics the semantics of V4Database::CreateOnTaskRunner |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 182 WaitForTasksOnTaskRunner(); | 187 WaitForTasksOnTaskRunner(); |
| 183 } | 188 } |
| 184 | 189 |
| 185 void WaitForTasksOnTaskRunner() { | 190 void WaitForTasksOnTaskRunner() { |
| 186 // Wait for tasks on the task runner so we're sure that the | 191 // Wait for tasks on the task runner so we're sure that the |
| 187 // V4LocalDatabaseManager has read the data from disk. | 192 // V4LocalDatabaseManager has read the data from disk. |
| 188 task_runner_->RunPendingTasks(); | 193 task_runner_->RunPendingTasks(); |
| 189 base::RunLoop().RunUntilIdle(); | 194 base::RunLoop().RunUntilIdle(); |
| 190 } | 195 } |
| 191 | 196 |
| 197 bool IPAddressToEncodedIPV6(const std::string& ip_address, | |
| 198 std::string* encoded_ip) { | |
| 199 return V4LocalDatabaseManager::IPAddressToEncodedIPV6(ip_address, | |
| 200 encoded_ip); | |
| 201 } | |
| 202 | |
| 192 base::ScopedTempDir base_dir_; | 203 base::ScopedTempDir base_dir_; |
| 193 scoped_refptr<base::TestSimpleTaskRunner> task_runner_; | 204 scoped_refptr<base::TestSimpleTaskRunner> task_runner_; |
| 194 content::TestBrowserThreadBundle thread_bundle_; | 205 content::TestBrowserThreadBundle thread_bundle_; |
| 195 scoped_refptr<V4LocalDatabaseManager> v4_local_database_manager_; | 206 scoped_refptr<V4LocalDatabaseManager> v4_local_database_manager_; |
| 196 }; | 207 }; |
| 197 | 208 |
| 198 TEST_F(V4LocalDatabaseManagerTest, TestGetThreatSource) { | 209 TEST_F(V4LocalDatabaseManagerTest, TestGetThreatSource) { |
| 199 WaitForTasksOnTaskRunner(); | 210 WaitForTasksOnTaskRunner(); |
| 200 EXPECT_EQ(ThreatSource::LOCAL_PVER4, | 211 EXPECT_EQ(ThreatSource::LOCAL_PVER4, |
| 201 v4_local_database_manager_->GetThreatSource()); | 212 v4_local_database_manager_->GetThreatSource()); |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 224 // Both the stores are empty right now so CheckBrowseUrl should return true. | 235 // Both the stores are empty right now so CheckBrowseUrl should return true. |
| 225 EXPECT_TRUE(v4_local_database_manager_->CheckBrowseUrl( | 236 EXPECT_TRUE(v4_local_database_manager_->CheckBrowseUrl( |
| 226 GURL("http://example.com/a/"), nullptr)); | 237 GURL("http://example.com/a/"), nullptr)); |
| 227 } | 238 } |
| 228 | 239 |
| 229 TEST_F(V4LocalDatabaseManagerTest, TestCheckBrowseUrlWithFakeDbReturnsMatch) { | 240 TEST_F(V4LocalDatabaseManagerTest, TestCheckBrowseUrlWithFakeDbReturnsMatch) { |
| 230 WaitForTasksOnTaskRunner(); | 241 WaitForTasksOnTaskRunner(); |
| 231 net::TestURLFetcherFactory factory; | 242 net::TestURLFetcherFactory factory; |
| 232 | 243 |
| 233 StoreAndHashPrefixes store_and_hash_prefixes; | 244 StoreAndHashPrefixes store_and_hash_prefixes; |
| 234 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); | 245 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| 246 HashPrefix("eW\x1A\xF\xA9")); | |
| 235 ReplaceV4Database(store_and_hash_prefixes); | 247 ReplaceV4Database(store_and_hash_prefixes); |
| 236 | 248 |
| 237 // The fake database returns a matched hash prefix. | 249 // The fake database returns a matched hash prefix. |
| 238 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( | 250 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( |
| 239 GURL("http://example.com/a/"), nullptr)); | 251 GURL("http://example.com/a/"), nullptr)); |
| 240 | 252 |
| 241 // Wait for PerformFullHashCheck to complete. | 253 // Wait for PerformFullHashCheck to complete. |
| 242 WaitForTasksOnTaskRunner(); | 254 WaitForTasksOnTaskRunner(); |
| 243 } | 255 } |
| 244 | 256 |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 // ~V4LocalDatabaseManager expects. | 323 // ~V4LocalDatabaseManager expects. |
| 312 StopLocalDatabaseManager(); | 324 StopLocalDatabaseManager(); |
| 313 v4_local_database_manager_ = | 325 v4_local_database_manager_ = |
| 314 make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); | 326 make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); |
| 315 SetTaskRunnerForTest(); | 327 SetTaskRunnerForTest(); |
| 316 StartLocalDatabaseManager(); | 328 StartLocalDatabaseManager(); |
| 317 WaitForTasksOnTaskRunner(); | 329 WaitForTasksOnTaskRunner(); |
| 318 net::TestURLFetcherFactory factory; | 330 net::TestURLFetcherFactory factory; |
| 319 | 331 |
| 320 StoreAndHashPrefixes store_and_hash_prefixes; | 332 StoreAndHashPrefixes store_and_hash_prefixes; |
| 321 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); | 333 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| 334 HashPrefix("eW\x1A\xF\xA9")); | |
| 322 ReplaceV4Database(store_and_hash_prefixes); | 335 ReplaceV4Database(store_and_hash_prefixes); |
| 323 | 336 |
| 324 // The fake database returns a matched hash prefix. | 337 // The fake database returns a matched hash prefix. |
| 325 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( | 338 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( |
| 326 GURL("http://example.com/a/"), nullptr)); | 339 GURL("http://example.com/a/"), nullptr)); |
| 327 | 340 |
| 328 EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( | 341 EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( |
| 329 v4_local_database_manager_)); | 342 v4_local_database_manager_)); |
| 330 | 343 |
| 331 // Wait for PerformFullHashCheck to complete. | 344 // Wait for PerformFullHashCheck to complete. |
| 332 WaitForTasksOnTaskRunner(); | 345 WaitForTasksOnTaskRunner(); |
| 333 | 346 |
| 334 EXPECT_TRUE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( | 347 EXPECT_TRUE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( |
| 335 v4_local_database_manager_)); | 348 v4_local_database_manager_)); |
| 336 } | 349 } |
| 337 | 350 |
| 338 TEST_F(V4LocalDatabaseManagerTest, UsingWeakPtrDropsCallback) { | 351 TEST_F(V4LocalDatabaseManagerTest, UsingWeakPtrDropsCallback) { |
| 339 // StopLocalDatabaseManager before resetting it because that's what | 352 // StopLocalDatabaseManager before resetting it because that's what |
| 340 // ~V4LocalDatabaseManager expects. | 353 // ~V4LocalDatabaseManager expects. |
| 341 StopLocalDatabaseManager(); | 354 StopLocalDatabaseManager(); |
| 342 v4_local_database_manager_ = | 355 v4_local_database_manager_ = |
| 343 make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); | 356 make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); |
| 344 SetTaskRunnerForTest(); | 357 SetTaskRunnerForTest(); |
| 345 StartLocalDatabaseManager(); | 358 StartLocalDatabaseManager(); |
| 346 WaitForTasksOnTaskRunner(); | 359 WaitForTasksOnTaskRunner(); |
| 347 net::TestURLFetcherFactory factory; | 360 net::TestURLFetcherFactory factory; |
| 348 | 361 |
| 349 StoreAndHashPrefixes store_and_hash_prefixes; | 362 StoreAndHashPrefixes store_and_hash_prefixes; |
| 350 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), HashPrefix("aaaa")); | 363 store_and_hash_prefixes.emplace_back(GetUrlMalwareId(), |
| 364 HashPrefix("eW\x1A\xF\xA9")); | |
| 351 ReplaceV4Database(store_and_hash_prefixes); | 365 ReplaceV4Database(store_and_hash_prefixes); |
| 352 | 366 |
| 353 // The fake database returns a matched hash prefix. | 367 // The fake database returns a matched hash prefix. |
| 354 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( | 368 EXPECT_FALSE(v4_local_database_manager_->CheckBrowseUrl( |
| 355 GURL("http://example.com/a/"), nullptr)); | 369 GURL("http://example.com/a/"), nullptr)); |
| 356 v4_local_database_manager_->StopOnIOThread(true); | 370 v4_local_database_manager_->StopOnIOThread(true); |
| 357 | 371 |
| 358 // Release the V4LocalDatabaseManager object right away before the callback | 372 // Release the V4LocalDatabaseManager object right away before the callback |
| 359 // gets called. When the callback gets called, without using a weak-ptr | 373 // gets called. When the callback gets called, without using a weak-ptr |
| 360 // factory, this leads to a use after free. However, using the weak-ptr means | 374 // factory, this leads to a use after free. However, using the weak-ptr means |
| 361 // that the callback is simply dropped. | 375 // that the callback is simply dropped. |
| 362 v4_local_database_manager_ = nullptr; | 376 v4_local_database_manager_ = nullptr; |
| 363 | 377 |
| 364 // Wait for the tasks scheduled by StopOnIOThread to complete. | 378 // Wait for the tasks scheduled by StopOnIOThread to complete. |
| 365 WaitForTasksOnTaskRunner(); | 379 WaitForTasksOnTaskRunner(); |
| 366 } | 380 } |
| 367 | 381 |
| 382 TEST_F(V4LocalDatabaseManagerTest, TestIPAddressToEncodedIPV6) { | |
| 383 // To verify the test values, here's the python code: | |
| 384 // >> import socket, hashlib, binascii | |
| 385 // >> hashlib.sha1(socket.inet_pton(socket.AF_INET6, input)).digest() + | |
| 386 // chr(128) | |
| 387 // For example: | |
| 388 // >>> hashlib.sha1(socket.inet_pton(socket.AF_INET6, | |
| 389 // '::ffff:192.168.1.1')).digest() + chr(128) | |
| 390 // 'X\xf8\xa1\x17I\xe6Pl\xfd\xdb\xbb\xa0\x0c\x02\x9d#\n|\xe7\xcd\x80' | |
| 391 std::vector<std::tuple<bool, std::string, std::string>> test_cases = { | |
| 392 std::make_tuple(false, "", ""), | |
| 393 std::make_tuple( | |
| 394 true, "192.168.1.1", | |
| 395 "X\xF8\xA1\x17I\xE6Pl\xFD\xDB\xBB\xA0\f\x2\x9D#\n|\xE7\xCD\x80"), | |
| 396 std::make_tuple( | |
| 397 true, "::", | |
| 398 "\xE1)\xF2|Q\x3\xBC\\\xC4K\xCD\xF0\xA1^\x16\rDPf\xFF\x80")}; | |
| 399 for (size_t i = 0; i < test_cases.size(); i++) { | |
| 400 DVLOG(1) << "Running case: " << i; | |
| 401 bool success = std::get<0>(test_cases[i]); | |
| 402 const auto& input = std::get<1>(test_cases[i]); | |
| 403 const auto& expected_output = std::get<2>(test_cases[i]); | |
| 404 std::string encoded_ip; | |
| 405 ASSERT_EQ(success, IPAddressToEncodedIPV6(input, &encoded_ip)); | |
| 406 if (success) { | |
| 407 ASSERT_EQ(expected_output, encoded_ip); | |
| 408 } | |
| 409 } | |
| 410 } | |
| 411 | |
| 412 TEST_F(V4LocalDatabaseManagerTest, TestMatchMalwareIP) { | |
| 413 StopLocalDatabaseManager(); | |
| 414 v4_local_database_manager_ = | |
| 415 make_scoped_refptr(new FakeV4LocalDatabaseManager(base_dir_.GetPath())); | |
| 416 SetTaskRunnerForTest(); | |
| 417 StartLocalDatabaseManager(); | |
| 418 WaitForTasksOnTaskRunner(); | |
| 419 | |
| 420 // >>> hashlib.sha1(socket.inet_pton(socket.AF_INET6, | |
| 421 // '::ffff:192.168.1.2')).digest() + chr(128) | |
| 422 // '\xb3\xe0z\xafAv#h\x9a\xcf<\xf3ee\x94\xda\xf6y\xb1\xad\x80' | |
| 423 StoreAndHashPrefixes store_and_hash_prefixes; | |
| 424 store_and_hash_prefixes.emplace_back(GetAnyIpMalwareId(), | |
| 425 FullHash("\xB3\xE0z\xAF" | |
| 426 "Av#h\x9A\xCF<\xF3" | |
| 427 "ee\x94\xDA\xF6y\xB1\xAD\x80")); | |
| 428 ReplaceV4Database(store_and_hash_prefixes); | |
| 429 | |
| 430 EXPECT_FALSE(v4_local_database_manager_->MatchMalwareIP("")); | |
| 431 EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( | |
| 432 v4_local_database_manager_)); | |
| 433 | |
| 434 // The fake database returns no match. | |
| 435 EXPECT_FALSE(v4_local_database_manager_->MatchMalwareIP("192.168.1.1")); | |
| 436 EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( | |
| 437 v4_local_database_manager_)); | |
| 438 | |
| 439 // The fake database returns a matched hash prefix. | |
| 440 EXPECT_TRUE(v4_local_database_manager_->MatchMalwareIP("192.168.1.2")); | |
| 441 EXPECT_FALSE(FakeV4LocalDatabaseManager::PerformFullHashCheckCalled( | |
| 442 v4_local_database_manager_)); | |
| 443 } | |
| 444 | |
| 368 } // namespace safe_browsing | 445 } // namespace safe_browsing |
| OLD | NEW |
