Update Safe Browsing to use net::IsIPAddressReserved

chrome/browser/safe_browsing/client_side_detection_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/client_side_detection_service.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
@@ skipping 12 matching lines @@
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "chrome/common/safe_browsing/safebrowsing_messages.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host.h"
 #include "crypto/sha2.h"
 #include "google_apis/google_api_keys.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
+#include "net/base/net_util.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 
 namespace safe_browsing {
@@ skipping 67 matching lines @@
   client_phishing_reports_.clear();
   STLDeleteContainerPairPointers(client_malware_reports_.begin(),
                                  client_malware_reports_.end());
   client_malware_reports_.clear();
 }
 
 // static
 ClientSideDetectionService* ClientSideDetectionService::Create(
     net::URLRequestContextGetter* request_context_getter) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  scoped_ptr<ClientSideDetectionService> service(
-      new ClientSideDetectionService(request_context_getter));
-  if (!service->InitializePrivateNetworks()) {
-    UMA_HISTOGRAM_COUNTS("SBClientPhishing.InitPrivateNetworksFailed", 1);
-    return NULL;
-  }
-  return service.release();
+  return new ClientSideDetectionService(request_context_getter);
 }
 
 void ClientSideDetectionService::SetEnabledAndRefreshState(bool enabled) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   SendModelToRenderers();  // always refresh the renderer state
   if (enabled == enabled_)
     return;
   enabled_ = enabled;
   if (enabled_) {
     // Refresh the model when the service is enabled.  This can happen when the
@@ skipping 52 matching lines @@
 
 bool ClientSideDetectionService::IsPrivateIPAddress(
     const std::string& ip_address) const {
   net::IPAddressNumber ip_number;
   if (!net::ParseIPLiteralToNumber(ip_address, &ip_number)) {
     VLOG(2) << "Unable to parse IP address: '" << ip_address << "'";
     // Err on the side of safety and assume this might be private.
     return true;
   }
 
-  for (std::vector<AddressRange>::const_iterator it =
-           private_networks_.begin();
-       it != private_networks_.end(); ++it) {
-    if (net::IPNumberMatchesPrefix(ip_number, it->first, it->second)) {
-      return true;
-    }
-  }
-  return false;
+  return net::IsIPAddressReserved(ip_number);
 }
 
 void ClientSideDetectionService::OnURLFetchComplete(
     const net::URLFetcher* source) {
   std::string data;
   source->GetResponseAsString(&data);
   if (source == model_fetcher_.get()) {
     HandleModelResponse(
         source, source->GetURL(), source->GetStatus(),
         source->GetResponseCode(), source->GetCookies(), data);
@@ skipping 370 matching lines @@
   // Erase items older than cutoff because we will never care about them again.
   while (!report_times->empty() &&
          report_times->front() < cutoff) {
     report_times->pop();
   }
 
   // Return the number of elements that are above the cutoff.
   return report_times->size();
 }
 
-bool ClientSideDetectionService::InitializePrivateNetworks() {
-  static const char* const kPrivateNetworks[] = {
-    "10.0.0.0/8",
-    "127.0.0.0/8",
-    "172.16.0.0/12",
-    "192.168.0.0/16",
-    // IPv6 address ranges
-    "fc00::/7",
-    "fec0::/10",
-    "::1/128",
-  };
-
-  for (size_t i = 0; i < arraysize(kPrivateNetworks); ++i) {
-    net::IPAddressNumber ip_number;
-    size_t prefix_length;
-    if (net::ParseCIDRBlock(kPrivateNetworks[i], &ip_number, &prefix_length)) {
-      private_networks_.push_back(std::make_pair(ip_number, prefix_length));
-    } else {
-      DLOG(FATAL) << "Unable to parse IP address range: "
-                  << kPrivateNetworks[i];
-      return false;
-    }
-  }
-  return true;
-}
-
 // static
 void ClientSideDetectionService::SetBadSubnets(const ClientSideModel& model,
                                                BadSubnetMap* bad_subnets) {
   bad_subnets->clear();
   for (int i = 0; i < model.bad_subnet_size(); ++i) {
     int size = model.bad_subnet(i).size();
     if (size < 0 || size > static_cast<int>(net::kIPv6AddressSize) * 8) {
       DLOG(ERROR) << "Invalid bad subnet size: " << size;
       continue;
     }
@@ skipping 38 matching lines @@
 GURL ClientSideDetectionService::GetClientReportUrl(
     const std::string& report_url) {
   GURL url(report_url);
   std::string api_key = google_apis::GetAPIKey();
   if (!api_key.empty())
     url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true));
 
   return url;
 }
 }  // namespace safe_browsing