Polish the Enumerate Modules implementation a bit....

chrome/browser/enumerate_modules_model_win.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/enumerate_modules_model_win.h"
 
 #include <Tlhelp32.h>
 #include <wintrust.h>
 
 #include "app/l10n_util.h"
 #include "app/win_util.h"
 #include "base/command_line.h"
 #include "base/environment.h"
 #include "base/file_path.h"
 #include "base/file_version_info_win.h"
+#include "base/metrics/histogram.h"
 #include "base/scoped_handle.h"
 #include "base/sha2.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
+#include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "base/version.h"
 #include "base/win/registry.h"
 #include "chrome/browser/net/service_providers_win.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/notification_service.h"
 #include "grit/generated_resources.h"
 
@@ skipping 16 matching lines @@
 
   return a.location < b.location;
 }
 
 namespace {
 
 // Used to protect the LoadedModuleVector which is accessed
 // from both the UI thread and the FILE thread.
 Lock* lock = NULL;
 
+// A struct to help de-duping modules before adding them to the enumerated
+// modules vector.
+struct FindModule {
+ public:
+  explicit FindModule(const ModuleEnumerator::Module& x)
+    : module(x) {}
+  bool operator()(ModuleEnumerator::Module module_in) const {
+    return (module.type == module_in.type) &&
+      (module.location == module_in.location) &&
+      (module.name == module_in.name);
+  }
+
+  const ModuleEnumerator::Module& module;
+};
+
 }
 
 // The browser process module blacklist. This lists all modules that are known
 // to cause compatibility issues within the browser process. When adding to this
 // list, make sure that all paths are lower-case, in long pathname form, end
 // with a slash and use environments variables (or just look at one of the
 // comments below and keep it consistent with that). When adding an entry with
 // an environment variable not currently used in the list below, make sure to
 // update the list in PreparePathMappings. Filename, Description/Signer, and
 // Location must be entered as hashes (see GenerateHash). Filename is mandatory.
@@ skipping 153 matching lines @@
 
 void ModuleEnumerator::ScanNow(ModulesVector* list) {
   DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::FILE));
   enumerated_modules_ = list;
   BrowserThread::PostTask(
       BrowserThread::FILE, FROM_HERE,
           NewRunnableMethod(this, &ModuleEnumerator::ScanOnFileThread));
 }
 
 void ModuleEnumerator::ScanOnFileThread() {
+  base::TimeTicks start_time = base::TimeTicks::Now();
+
   enumerated_modules_->clear();
 
   // Make sure the path mapping vector is setup so we can collapse paths.
   PreparePathMappings();
 
+  base::TimeTicks checkpoint = base::TimeTicks::Now();
   EnumerateLoadedModules();
+  HISTOGRAM_TIMES("Conflicts.EnumerateLoadedModules",
+                  base::TimeTicks::Now() - checkpoint);
+
+  checkpoint = base::TimeTicks::Now();
   EnumerateShellExtensions();
-  EnumerateWinsockModule();
+  HISTOGRAM_TIMES("Conflicts.EnumerateShellExtensions",
+                  base::TimeTicks::Now() - checkpoint);
+
+  checkpoint = base::TimeTicks::Now();
+  EnumerateWinsockModules();
+  HISTOGRAM_TIMES("Conflicts.EnumerateWinsockModules",
+                  base::TimeTicks::Now() - checkpoint);
 
   MatchAgainstBlacklist();
 
   std::sort(enumerated_modules_->begin(),
             enumerated_modules_->end(), ModuleSort);
 
   // Send a reply back on the UI thread.
   BrowserThread::PostTask(
       callback_thread_id_, FROM_HERE,
       NewRunnableMethod(this, &ModuleEnumerator::ReportBack));
+
+  HISTOGRAM_TIMES("Conflicts.EnumerationTotalTime",
+                  base::TimeTicks::Now() - start_time);
 }
 
 void ModuleEnumerator::EnumerateLoadedModules() {
   // Get all modules in the current process.
   ScopedHandle snap(::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
                     ::GetCurrentProcessId()));
   if (!snap.Get())
     return;
 
   // Walk the module list.
@@ skipping 39 matching lines @@
     }
     clsid.Close();
 
     Module entry;
     entry.type = SHELL_EXTENSION;
     entry.location = dll;
     PopulateModuleInformation(&entry);
 
     NormalizeModule(&entry);
     CollapsePath(&entry);
-    enumerated_modules_->push_back(entry);
+    AddToListWithoutDuplicating(entry);
 
     ++registration;
   }
 }
 
-void ModuleEnumerator::EnumerateWinsockModule() {
+void ModuleEnumerator::EnumerateWinsockModules() {
   // Add to this list the Winsock LSP DLLs.
   WinsockLayeredServiceProviderList layered_providers;
   GetWinsockLayeredServiceProviders(&layered_providers);
   for (size_t i = 0; i < layered_providers.size(); ++i) {
     Module entry;
     entry.type = WINSOCK_MODULE_REGISTRATION;
     entry.status = NOT_MATCHED;
     entry.normalized = false;
     entry.location = layered_providers[i].path;
     entry.description = layered_providers[i].name;
     entry.recommended_action = NONE;
+    entry.duplicate_count = 0;
 
     wchar_t expanded[MAX_PATH];
     DWORD size = ExpandEnvironmentStrings(
         entry.location.c_str(), expanded, MAX_PATH);
     if (size != 0 && size <= MAX_PATH) {
       entry.digital_signer =
           GetSubjectNameFromDigitalSignature(FilePath(expanded));
     }
     entry.version = base::IntToString16(layered_providers[i].version);
 
     // Paths have already been collapsed.
     NormalizeModule(&entry);
-    enumerated_modules_->push_back(entry);
+    AddToListWithoutDuplicating(entry);
   }
 }
 
 void ModuleEnumerator::PopulateModuleInformation(Module* module) {
   module->status = NOT_MATCHED;
+  module->duplicate_count = 0;
   module->normalized = false;
   module->digital_signer =
       GetSubjectNameFromDigitalSignature(FilePath(module->location));
   module->recommended_action = NONE;
   scoped_ptr<FileVersionInfo> version_info(
       FileVersionInfo::CreateFileVersionInfo(FilePath(module->location)));
   if (version_info.get()) {
     FileVersionInfoWin* version_info_win =
         static_cast<FileVersionInfoWin*>(version_info.get());
 
     VS_FIXEDFILEINFO* fixed_file_info = version_info_win->fixed_file_info();
     if (fixed_file_info) {
       module->description = version_info_win->file_description();
       module->version = version_info_win->file_version();
       module->product_name = version_info_win->product_name();
     }
   }
 }
 
+void ModuleEnumerator::AddToListWithoutDuplicating(const Module& module) {
+  DCHECK(module.normalized);
+  // These are registered modules, not loaded modules so the same module
+  // can be registered multiple times, often dozens of times. There is no need
+  // to list each registration, so we just increment the count for each module
+  // that is counted multiple times.
+  ModulesVector::iterator iter;
+  iter = std::find_if(enumerated_modules_->begin(),
+                      enumerated_modules_->end(),
+                      FindModule(module));
+  if (iter != enumerated_modules_->end())
+    iter->duplicate_count++;
+  else
+    enumerated_modules_->push_back(module);
+}
+
 void ModuleEnumerator::PreparePathMappings() {
   path_mapping_.clear();
 
   scoped_ptr<base::Environment> environment(base::Environment::Create());
   std::vector<string16> env_vars;
   env_vars.push_back(L"LOCALAPPDATA");
   env_vars.push_back(L"ProgramFiles");
   env_vars.push_back(L"USERPROFILE");
   env_vars.push_back(L"SystemRoot");
   env_vars.push_back(L"TEMP");
+  env_vars.push_back(L"TMP");
   for (std::vector<string16>::const_iterator variable = env_vars.begin();
        variable != env_vars.end(); ++variable) {
     std::string path;
     if (environment->GetVar(WideToASCII(*variable).c_str(), &path)) {
       path_mapping_.push_back(
           std::make_pair(l10n_util::ToLower(UTF8ToWide(path)) + L"\\",
                          L"%" + l10n_util::ToLower(*variable) + L"%"));
     }
   }
 }
@@ skipping 32 matching lines @@
       #endif
 
       ModuleStatus status = Match(*module, kModuleBlacklist[i]);
       if (status != NOT_MATCHED) {
         // We have a match against the blacklist. Mark it as such.
         module->status = status;
         module->recommended_action = kModuleBlacklist[i].help_tip;
         break;
       }
     }
+
+    // Modules loaded from these locations are frequently malicious
+    // and notorious for changing frequently so they are not good candidates
+    // for blacklising individually. Mark them as suspicious if we haven't
+    // classified them as bad yet.
+    if (module->status == NOT_MATCHED || module->status == GOOD) {
+      if (StartsWith(module->location, L"%temp%", false) ||
+          StartsWith(module->location, L"%tmp%", false)) {
+        module->status = SUSPECTED_BAD;
+      }
+    }
   }
 }
 
 void ModuleEnumerator::ReportBack() {
   DCHECK(BrowserThread::CurrentlyOn(callback_thread_id_));
   observer_->DoneScanning();
 }
 
 string16 ModuleEnumerator::GetSubjectNameFromDigitalSignature(
     const FilePath& filename) {
@@ skipping 206 matching lines @@
     module != enumerated_modules_.end(); ++module) {
       if (module->status == ModuleEnumerator::CONFIRMED_BAD)
         ++confirmed_bad_modules_detected_;
       if (module->status == ModuleEnumerator::SUSPECTED_BAD)
         ++suspected_bad_modules_detected_;
   }
 
   scanning_ = false;
   lock->Release();
 
+  HISTOGRAM_COUNTS_100("Conflicts.SuspectedBadModules",
+                       suspected_bad_modules_detected_);
+  HISTOGRAM_COUNTS_100("Conflicts.ConfirmedBadModules",
+                       confirmed_bad_modules_detected_);
+
   NotificationService::current()->Notify(
       NotificationType::MODULE_LIST_ENUMERATED,
       Source<EnumerateModulesModel>(this),
       NotificationService::NoDetails());
 
   if (suspected_bad_modules_detected_ || confirmed_bad_modules_detected_) {
     bool found_confirmed_bad_modules = confirmed_bad_modules_detected_  > 0;
     NotificationService::current()->Notify(
         NotificationType::MODULE_INCOMPATIBILITY_DETECTED,
         Source<EnumerateModulesModel>(this),
@@ skipping 11 matching lines @@
   GenerateHash(WideToUTF8(module.name), &filename);
   GenerateHash(WideToUTF8(module.location), &location);
   GenerateHash(WideToUTF8(module.description), &description);
   GenerateHash(WideToUTF8(module.digital_signer), &signer);
 
   string16 url = l10n_util::GetStringF(IDS_HELP_CENTER_VIEW_CONFLICTS,
       ASCIIToWide(filename), ASCIIToWide(location),
       ASCIIToWide(description), ASCIIToWide(signer));
   return GURL(WideToUTF8(url));
 }