[safe browsing] Switch to independent cache lifetimes for gethash items.

chrome/browser/safe_browsing/safe_browsing_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include <algorithm>
 #include <iterator>
 
 #include "base/bind.h"
@@ skipping 48 matching lines @@
     FILE_PATH_LITERAL(" IP Blacklist");
 
 // Filename suffix for browse store.
 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
 // Unfortunately, to change the name implies lots of transition code
 // for little benefit.  If/when file formats change (say to put all
 // the data in one file), that would be a convenient point to rectify
 // this.
 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
 
-// The maximum staleness for a cached entry.
-const int kMaxStalenessMinutes = 45;
-
 // Maximum number of entries we allow in any of the whitelists.
 // If a whitelist on disk contains more entries then all lookups to
 // the whitelist will be considered a match.
 const size_t kMaxWhitelistSize = 5000;
 
 // If the hash of this exact expression is on a whitelist then all
 // lookups to this whitelist will be considered a match.
 const char kWhitelistKillSwitchUrl[] =
     "sb-ssl.google.com/safebrowsing/csd/killswitch";  // Don't change this!
 
@@ skipping 107 matching lines @@
 // add them to |full_hits| if not expired.  "Not expired" is when
 // either |last_update| was recent enough, or the item has been
 // received recently enough.  Expired items are not deleted because a
 // future update may make them acceptable again.
 //
 // For efficiency reasons the code walks |prefix_hits| and
 // |full_hashes| in parallel, so they must be sorted by prefix.
 void GetCachedFullHashesForBrowse(
     const std::vector<SBPrefix>& prefix_hits,
     const std::vector<SBFullHashCached>& full_hashes,
-    std::vector<SBFullHashResult>* full_hits,
-    base::Time last_update) {
-  const base::Time expire_time =
-      base::Time::Now() - base::TimeDelta::FromMinutes(kMaxStalenessMinutes);
+    std::vector<SBFullHashResult>* full_hits) {
+  const base::Time now = base::Time::Now();
 
   std::vector<SBPrefix>::const_iterator piter = prefix_hits.begin();
   std::vector<SBFullHashCached>::const_iterator hiter = full_hashes.begin();
 
   while (piter != prefix_hits.end() && hiter != full_hashes.end()) {
     if (*piter < hiter->hash.prefix) {
       ++piter;
     } else if (hiter->hash.prefix < *piter) {
       ++hiter;
     } else {
-      if (expire_time < last_update ||
-          expire_time.ToTimeT() < hiter->received) {
+      if (now <= hiter->expire_after) {
         SBFullHashResult result;
         result.list_id = hiter->list_id;
         result.hash = hiter->hash;
         full_hits->push_back(result);
       }
 
       // Only increment |hiter|, |piter| might have multiple hits.
       ++hiter;
     }
   }
@@ skipping 425 matching lines @@
   }
   // Wants to acquire the lock itself.
   WhitelistEverything(&csd_whitelist_);
   WhitelistEverything(&download_whitelist_);
   return true;
 }
 
 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl(
     const GURL& url,
     std::vector<SBPrefix>* prefix_hits,
-    std::vector<SBFullHashResult>* cached_hits,
-    base::Time last_update) {
+    std::vector<SBFullHashResult>* cached_hits) {
   // Clear the results first.
   prefix_hits->clear();
   cached_hits->clear();
 
   std::vector<SBFullHash> full_hashes;
   BrowseFullHashesToCheck(url, false, &full_hashes);
   if (full_hashes.empty())
     return false;
 
   // This function is called on the I/O thread, prevent changes to
@@ skipping 16 matching lines @@
     }
   }
 
   // If all the prefixes are cached as 'misses', don't issue a GetHash.
   if (miss_count == prefix_hits->size())
     return false;
 
   // Find matching cached gethash responses.
   std::sort(prefix_hits->begin(), prefix_hits->end());
   GetCachedFullHashesForBrowse(*prefix_hits, cached_browse_hashes_,
-                               cached_hits, last_update);
+                               cached_hits);
 
   return true;
 }
 
 bool SafeBrowsingDatabaseNew::ContainsDownloadUrl(
     const std::vector<GURL>& urls,
     std::vector<SBPrefix>* prefix_hits) {
   DCHECK_EQ(creation_loop_, base::MessageLoop::current());
 
   // Ignore this check when download checking is not enabled.
@@ skipping 309 matching lines @@
       if (chunk_deletes[i].is_sub_del)
         store->DeleteSubChunk(encoded_chunk_id);
       else
         store->DeleteAddChunk(encoded_chunk_id);
     }
   }
 }
 
 void SafeBrowsingDatabaseNew::CacheHashResults(
     const std::vector<SBPrefix>& prefixes,
-    const std::vector<SBFullHashResult>& full_hits) {
+    const std::vector<SBFullHashResult>& full_hits,
+    const base::TimeDelta& cache_lifetime) {
+  const base::Time expire_after = base::Time::Now() + cache_lifetime;
+
   // This is called on the I/O thread, lock against updates.
   base::AutoLock locked(lookup_lock_);
 
   if (full_hits.empty()) {
     prefix_miss_cache_.insert(prefixes.begin(), prefixes.end());
     return;
   }
 
-  const base::Time now = base::Time::Now();
   const size_t orig_size = cached_browse_hashes_.size();
   for (std::vector<SBFullHashResult>::const_iterator iter = full_hits.begin();
        iter != full_hits.end(); ++iter) {
     if (iter->list_id == safe_browsing_util::MALWARE ||
         iter->list_id == safe_browsing_util::PHISH) {
       SBFullHashCached cached_hash;
       cached_hash.hash = iter->hash;
       cached_hash.list_id = iter->list_id;
-      cached_hash.received = static_cast<int>(now.ToTimeT());
+      cached_hash.expire_after = expire_after;
       cached_browse_hashes_.push_back(cached_hash);
     }
   }
 
   // Sort new entries then merge with the previously-sorted entries.
   std::vector<SBFullHashCached>::iterator
       orig_end = cached_browse_hashes_.begin() + orig_size;
   std::sort(orig_end, cached_browse_hashes_.end(), SBFullHashCachedPrefixLess);
   std::inplace_merge(cached_browse_hashes_.begin(),
                      orig_end, cached_browse_hashes_.end(),
@@ skipping 574 matching lines @@
   base::AutoLock locked(lookup_lock_);
   ip_blacklist_.swap(new_blacklist);
 }
 
 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() {
   SBFullHash malware_kill_switch = SBFullHashForString(kMalwareIPKillSwitchUrl);
   std::vector<SBFullHash> full_hashes;
   full_hashes.push_back(malware_kill_switch);
   return ContainsWhitelistedHashes(csd_whitelist_, full_hashes);
 }