Chromium Code Reviews Chromium Code Reviews
Issue 611603002:
Add the goog-unwanted-shavar list to a new SafeBrowsing PrefixSet. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/safe_browsing/database_manager.cc |
| diff --git a/chrome/browser/safe_browsing/database_manager.cc b/chrome/browser/safe_browsing/database_manager.cc |
| index 712271ba657f0c31e19fc9bbd71aed6ef6fae19d..3c2b7759ded257ad2abe46497b4ed8dcaad8dc75 100644 |
| --- a/chrome/browser/safe_browsing/database_manager.cc |
| +++ b/chrome/browser/safe_browsing/database_manager.cc |
| @@ -112,6 +112,8 @@ SBThreatType GetThreatTypeFromListType(safe_browsing_util::ListType list_type) { |
| return SB_THREAT_TYPE_URL_PHISHING; |
| case safe_browsing_util::MALWARE: |
| return SB_THREAT_TYPE_URL_MALWARE; |
| + case safe_browsing_util::UNWANTEDURL: |
| + return SB_THREAT_TYPE_URL_UNWANTED; |
| case safe_browsing_util::BINURL: |
| return SB_THREAT_TYPE_BINARY_MALWARE_URL; |
| case safe_browsing_util::EXTENSIONBLACKLIST: |
| @@ -171,6 +173,7 @@ void SafeBrowsingDatabaseManager::Client::OnSafeBrowsingResult( |
| switch (check.check_type) { |
| case safe_browsing_util::MALWARE: |
| case safe_browsing_util::PHISH: |
| + case safe_browsing_util::UNWANTEDURL: |
| DCHECK_EQ(1u, check.urls.size()); |
| OnCheckBrowseUrlResult( |
| check.urls[0], check.url_results[0], check.url_metadata[0]); |
| @@ -217,6 +220,7 @@ SafeBrowsingDatabaseManager::SafeBrowsingDatabaseManager( |
| enable_extension_blacklist_(false), |
| enable_side_effect_free_whitelist_(false), |
| enable_ip_blacklist_(false), |
| + enable_unwanted_software_blacklist_(false), |
| update_in_progress_(false), |
| database_update_in_progress_(false), |
| closing_database_(false), |
| @@ -253,6 +257,10 @@ SafeBrowsingDatabaseManager::SafeBrowsingDatabaseManager( |
| // phishing protection for now. |
| enable_ip_blacklist_ = enable_csd_whitelist_; |
| + // TODO(gab): Gate this on the same experiment that will soon control the UwS |
| + // URL UI. |
| + enable_unwanted_software_blacklist_ = true; |
| + |
| enum SideEffectFreeWhitelistStatus { |
| SIDE_EFFECT_FREE_WHITELIST_ENABLED, |
| SIDE_EFFECT_FREE_WHITELIST_DISABLED, |
| @@ -409,6 +417,7 @@ bool SafeBrowsingDatabaseManager::CheckBrowseUrl(const GURL& url, |
| std::vector<SBThreatType> expected_threats; |
| expected_threats.push_back(SB_THREAT_TYPE_URL_MALWARE); |
| expected_threats.push_back(SB_THREAT_TYPE_URL_PHISHING); |
| + expected_threats.push_back(SB_THREAT_TYPE_URL_UNWANTED); |
| const base::TimeTicks start = base::TimeTicks::Now(); |
| if (!MakeDatabaseAvailable()) { |
| @@ -421,24 +430,47 @@ bool SafeBrowsingDatabaseManager::CheckBrowseUrl(const GURL& url, |
| return false; |
| } |
| + std::vector<SBPrefix> browse_prefix_hits; |
| + std::vector<SBFullHashResult> browse_cache_hits; |
| + bool browse_prefix_match = database_->ContainsBrowseUrl( |
| + url, &browse_prefix_hits, &browse_cache_hits); |
| + |
| + std::vector<SBPrefix> unwanted_prefix_hits; |
| + std::vector<SBFullHashResult> unwanted_cache_hits; |
| + bool unwanted_prefix_match = database_->ContainsUnwantedSoftwareUrl( |
| + url, &unwanted_prefix_hits, &unwanted_cache_hits); |
| + |
| + // The merge below could be smarter but these vectors should be fairly small |
| + // so it doesn't matter much. |
| std::vector<SBPrefix> prefix_hits; |
| - std::vector<SBFullHashResult> cache_hits; |
| + prefix_hits.insert(prefix_hits.end(), browse_prefix_hits.begin(), |
| + browse_prefix_hits.end()); |
| + prefix_hits.insert(prefix_hits.end(), unwanted_prefix_hits.begin(), |
| + unwanted_prefix_hits.end()); |
| - bool prefix_match = |
| - database_->ContainsBrowseUrl(url, &prefix_hits, &cache_hits); |
| + std::vector<SBFullHashResult> cache_hits; |
| + cache_hits.insert(cache_hits.end(), browse_cache_hits.begin(), |
| + browse_cache_hits.end()); |
| + cache_hits.insert(cache_hits.end(), unwanted_cache_hits.begin(), |
| + unwanted_cache_hits.end()); |
|
mattm
2014/11/11 01:29:10
should avoid duplicates in the merged lists
gab
2014/11/11 23:39:11
Done, added STL logic and added API requirements w
|
| UMA_HISTOGRAM_TIMES("SB2.FilterCheck", base::TimeTicks::Now() - start); |
| - if (!prefix_match) |
| + if (!browse_prefix_match && !unwanted_prefix_match) |
| return true; // URL is okay. |
| // Needs to be asynchronous, since we could be in the constructor of a |
| // ResourceDispatcherHost event handler which can't pause there. |
| - SafeBrowsingCheck* check = new SafeBrowsingCheck(std::vector<GURL>(1, url), |
| - std::vector<SBFullHash>(), |
| - client, |
| - safe_browsing_util::MALWARE, |
| - expected_threats); |
| + // This check will ping the Safe Browsing servers and get all lists which it |
| + // matches. These lists will then be filtered against the |expected_threats| |
| + // and the result callback for MALWARE (which is the same as for PHISH and |
| + // UNWANTEDURL) will eventually be invoked with the final decision. |
| + SafeBrowsingCheck* check = |
| + new SafeBrowsingCheck(std::vector<GURL>(1, url), |
| + std::vector<SBFullHash>(), |
| + client, |
| + safe_browsing_util::MALWARE, |
| + expected_threats); |
| check->need_get_hash = cache_hits.empty(); |
| check->prefix_hits.swap(prefix_hits); |
| check->cache_hits.swap(cache_hits); |
| @@ -705,7 +737,8 @@ SafeBrowsingDatabase* SafeBrowsingDatabaseManager::GetDatabase() { |
| enable_download_whitelist_, |
| enable_extension_blacklist_, |
| enable_side_effect_free_whitelist_, |
| - enable_ip_blacklist_); |
| + enable_ip_blacklist_, |
| + enable_unwanted_software_blacklist_); |
| database->Init(SafeBrowsingService::GetBaseFilename()); |
| { |
| @@ -771,10 +804,7 @@ void SafeBrowsingDatabaseManager::OnCheckDone(SafeBrowsingCheck* check) { |
| } else { |
| // We may have cached results for previous GetHash queries. Since |
| // this data comes from cache, don't histogram hits. |
| - bool is_threat = HandleOneCheck(check, check->cache_hits); |
| - // cache_hits should only contain hits for a fullhash we searched for, so if |
| - // we got to this point it should always result in a threat match. |
| - DCHECK(is_threat); |
| + HandleOneCheck(check, check->cache_hits); |
| } |
| } |
