Chromium Code Reviews Chromium Code Reviews
Issue 323953002:
Support for recording registered LSPs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@grt| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/environment_data_collection_win.h" | 5 #include "chrome/browser/safe_browsing/environment_data_collection_win.h" |
| 6 | 6 |
| 7 #include <windows.h> | |
| 8 #include <set> | |
| 9 | |
| 10 #include "base/strings/string_util.h" | |
| 11 #include "base/strings/utf_string_conversions.h" | |
| 12 #include "chrome/browser/install_verification/win/module_info.h" | |
| 13 #include "chrome/browser/install_verification/win/module_verification_common.h" | |
| 14 #include "chrome/browser/net/service_providers_win.h" | |
| 15 #include "chrome/browser/safe_browsing/path_sanitizer.h" | |
| 7 #include "chrome/common/safe_browsing/csd.pb.h" | 16 #include "chrome/common/safe_browsing/csd.pb.h" |
| 8 | 17 |
| 9 namespace safe_browsing { | 18 namespace safe_browsing { |
| 10 | 19 |
| 20 namespace { | |
| 21 | |
| 22 // Helper function for expanding all environment variables in |path|. | |
| 23 std::wstring ExpandEnvironmentVariables(const std::wstring& path) { | |
| 24 static const DWORD kMaxBuffer = 32 * 1024; // Max according to MSDN. | |
| 25 std::wstring path_expanded; | |
| 26 DWORD path_len = MAX_PATH; | |
| 27 do { | |
| 28 DWORD result = ExpandEnvironmentStrings( | |
| 29 path.c_str(), WriteInto(&path_expanded, path_len), path_len); | |
| 30 if (!result) { | |
| 31 // Failed to expand variables. Return the original string. | |
| 32 DPLOG(ERROR) << path; | |
| 33 break; | |
| 34 } | |
| 35 if (result <= path_len) | |
| 36 return path_expanded.substr(0, result - 1); | |
| 37 path_len = result; | |
| 38 } while (path_len < kMaxBuffer); | |
| 39 | |
| 40 return path; | |
| 41 } | |
| 42 | |
| 43 } // namespace | |
| 44 | |
| 45 bool CollectDlls(ClientIncidentReport_EnvironmentData_Process* process) { | |
| 46 // Retrieve the module list. | |
| 47 std::set<ModuleInfo> loaded_modules; | |
| 48 if (!GetLoadedModules(&loaded_modules)) | |
| 49 return false; | |
| 50 | |
| 51 // Sanitize path of each module and add it to the incident report. | |
| 52 PathSanitizer path_sanitizer; | |
| 53 for (std::set<ModuleInfo>::const_iterator it = loaded_modules.begin(); | |
| 54 it != loaded_modules.end(); | |
| 55 ++it) { | |
| 56 base::FilePath dll_path(it->name); | |
| 57 path_sanitizer.StripHomeDirectory(&dll_path); | |
| 58 | |
| 59 ClientIncidentReport_EnvironmentData_Process_Dll* dll = process->add_dll(); | |
| 60 dll->set_path(base::WideToUTF8(dll_path.value())); | |
| 61 dll->set_base_address(it->base_address); | |
| 62 dll->set_length(it->size); | |
| 63 } | |
| 64 | |
| 65 return true; | |
| 66 } | |
| 67 | |
| 68 void RecordLspFeature(ClientIncidentReport_EnvironmentData_Process* process) { | |
| 69 WinsockLayeredServiceProviderList lsp_list; | |
| 70 GetWinsockLayeredServiceProviders(&lsp_list); | |
| 71 | |
| 72 // For each LSP, we extract and sanitize the path. | |
| 73 PathSanitizer path_sanitizer; | |
| 74 std::set<std::wstring> lsp_paths; | |
| 75 for (size_t i = 0; i < lsp_list.size(); ++i) { | |
| 76 base::FilePath lsp_path(ExpandEnvironmentVariables(lsp_list[i].path)); | |
| 77 path_sanitizer.StripHomeDirectory(&lsp_path); | |
| 78 lsp_paths.insert(lsp_path.value()); | |
| 79 } | |
| 80 | |
| 81 // Look for a match between LSPs and loaded dlls. | |
| 82 for (int i = 0; i < process->dll_size(); ++i) { | |
| 83 std::wstring dll_path = base::UTF8ToWide(process->dll(i).path()); | |
| 84 for (std::set<std::wstring>::const_iterator iter = lsp_paths.begin(); | |
|
mattm
2014/06/23 22:23:16
How many entries are in these lists? Is it worth w
grt (UTC plus 2)
2014/06/24 13:48:15
I like Matt's suggestion: drop the case on lsp_pat
pmonette_google.com
2014/06/25 14:29:12
Done. But I figured that doing the case convertion
| |
| 85 iter != lsp_paths.end(); | |
| 86 iter++) { | |
| 87 if (_wcsicmp(dll_path.c_str(), iter->c_str()) == 0) { | |
| 88 process->mutable_dll(i)->add_feature( | |
| 89 ClientIncidentReport_EnvironmentData_Process_Dll::LSP); | |
| 90 break; | |
| 91 } | |
| 92 } | |
| 93 } | |
| 94 } | |
| 95 | |
| 11 void CollectPlatformProcessData( | 96 void CollectPlatformProcessData( |
| 12 ClientIncidentReport_EnvironmentData_Process* process) { | 97 ClientIncidentReport_EnvironmentData_Process* process) { |
| 13 // TODO(pmonette): collect dlls and lsps. | 98 CollectDlls(process); |
| 99 RecordLspFeature(process); | |
| 14 } | 100 } |
| 15 | 101 |
| 16 } // namespace safe_browsing | 102 } // namespace safe_browsing |
| OLD | NEW |
