| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ | 5 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ |
| 6 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ | 6 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 360 // lookups in the whitelist should be considered matches for safety. | 360 // lookups in the whitelist should be considered matches for safety. |
| 361 typedef std::pair<std::vector<SBFullHash>, bool> SBWhitelist; | 361 typedef std::pair<std::vector<SBFullHash>, bool> SBWhitelist; |
| 362 | 362 |
| 363 // This map holds a csd malware IP blacklist which maps a prefix mask | 363 // This map holds a csd malware IP blacklist which maps a prefix mask |
| 364 // to a set of hashed blacklisted IP prefixes. Each IP prefix is a hashed | 364 // to a set of hashed blacklisted IP prefixes. Each IP prefix is a hashed |
| 365 // IPv6 IP prefix using SHA-1. | 365 // IPv6 IP prefix using SHA-1. |
| 366 typedef std::map<std::string, base::hash_set<std::string> > IPBlacklist; | 366 typedef std::map<std::string, base::hash_set<std::string> > IPBlacklist; |
| 367 | 367 |
| 368 bool PrefixSetContainsUrl( | 368 bool PrefixSetContainsUrl( |
| 369 const GURL& url, | 369 const GURL& url, |
| 370 scoped_ptr<safe_browsing::PrefixSet>* prefix_set_getter, | 370 scoped_ptr<const safe_browsing::PrefixSet>* prefix_set_getter, |
| 371 std::vector<SBPrefix>* prefix_hits, | 371 std::vector<SBPrefix>* prefix_hits, |
| 372 std::vector<SBFullHashResult>* cache_hits); | 372 std::vector<SBFullHashResult>* cache_hits); |
| 373 | 373 |
| 374 // Exposed for testing of PrefixSetContainsUrlHashes() on the | 374 // Exposed for testing of PrefixSetContainsUrlHashes() on the |
| 375 // PrefixSet backing kMalwareList. | 375 // PrefixSet backing kMalwareList. |
| 376 bool ContainsBrowseUrlHashesForTesting( | 376 bool ContainsBrowseUrlHashesForTesting( |
| 377 const std::vector<SBFullHash>& full_hashes, | 377 const std::vector<SBFullHash>& full_hashes, |
| 378 std::vector<SBPrefix>* prefix_hits, | 378 std::vector<SBPrefix>* prefix_hits, |
| 379 std::vector<SBFullHashResult>* cache_hits); | 379 std::vector<SBFullHashResult>* cache_hits); |
| 380 | 380 |
| 381 bool PrefixSetContainsUrlHashes( | 381 bool PrefixSetContainsUrlHashes( |
| 382 const std::vector<SBFullHash>& full_hashes, | 382 const std::vector<SBFullHash>& full_hashes, |
| 383 scoped_ptr<safe_browsing::PrefixSet>* prefix_set_getter, | 383 scoped_ptr<const safe_browsing::PrefixSet>* prefix_set_getter, |
| 384 std::vector<SBPrefix>* prefix_hits, | 384 std::vector<SBPrefix>* prefix_hits, |
| 385 std::vector<SBFullHashResult>* cache_hits); | 385 std::vector<SBFullHashResult>* cache_hits); |
| 386 | 386 |
| 387 // Returns true if the whitelist is disabled or if any of the given hashes | 387 // Returns true if the whitelist is disabled or if any of the given hashes |
| 388 // matches the whitelist. | 388 // matches the whitelist. |
| 389 bool ContainsWhitelistedHashes(const SBWhitelist& whitelist, | 389 bool ContainsWhitelistedHashes(const SBWhitelist& whitelist, |
| 390 const std::vector<SBFullHash>& hashes); | 390 const std::vector<SBFullHash>& hashes); |
| 391 | 391 |
| 392 // Return the browse_store_, download_store_, download_whitelist_store or | 392 // Return the browse_store_, download_store_, download_whitelist_store or |
| 393 // csd_whitelist_store_ based on list_id. | 393 // csd_whitelist_store_ based on list_id. |
| 394 SafeBrowsingStore* GetStore(int list_id); | 394 SafeBrowsingStore* GetStore(int list_id); |
| 395 | 395 |
| 396 // Deletes the files on disk. | 396 // Deletes the files on disk. |
| 397 bool Delete(); | 397 bool Delete(); |
| 398 | 398 |
| 399 // Load the prefix set in "|db_filename| Prefix Set" off disk, if available, | 399 // Load the prefix set in "|db_filename| Prefix Set" off disk, if available, |
| 400 // and stores it in |prefix_set|. |read_failure_type| provides a | 400 // and stores it in |prefix_set|. |read_failure_type| provides a |
| 401 // caller-specific error code to be used on failure. | 401 // caller-specific error code to be used on failure. |
| 402 void LoadPrefixSet(const base::FilePath& db_filename, | 402 void LoadPrefixSet(const base::FilePath& db_filename, |
| 403 scoped_ptr<safe_browsing::PrefixSet>* prefix_set, | 403 scoped_ptr<const safe_browsing::PrefixSet>* prefix_set, |
| 404 FailureType read_failure_type); | 404 FailureType read_failure_type); |
| 405 | 405 |
| 406 // Writes the current prefix set "|db_filename| Prefix Set" on disk. | 406 // Writes the current prefix set "|db_filename| Prefix Set" on disk. |
| 407 // |write_failure_type| provides a caller-specific error code to be used on | 407 // |write_failure_type| provides a caller-specific error code to be used on |
| 408 // failure. | 408 // failure. |
| 409 void WritePrefixSet(const base::FilePath& db_filename, | 409 void WritePrefixSet(const base::FilePath& db_filename, |
| 410 safe_browsing::PrefixSet* prefix_set, | 410 const safe_browsing::PrefixSet* prefix_set, |
| 411 FailureType write_failure_type); | 411 FailureType write_failure_type); |
| 412 | 412 |
| 413 // Loads the given full-length hashes to the given whitelist. If the number | 413 // Loads the given full-length hashes to the given whitelist. If the number |
| 414 // of hashes is too large or if the kill switch URL is on the whitelist | 414 // of hashes is too large or if the kill switch URL is on the whitelist |
| 415 // we will whitelist everything. | 415 // we will whitelist everything. |
| 416 void LoadWhitelist(const std::vector<SBAddFullHash>& full_hashes, | 416 void LoadWhitelist(const std::vector<SBAddFullHash>& full_hashes, |
| 417 SBWhitelist* whitelist); | 417 SBWhitelist* whitelist); |
| 418 | 418 |
| 419 // Call this method if an error occured with the given whitelist. This will | 419 // Call this method if an error occured with the given whitelist. This will |
| 420 // result in all lookups to the whitelist to return true. | 420 // result in all lookups to the whitelist to return true. |
| (...skipping 21 matching lines...) Expand all Loading... |
| 442 const SBChunkData& chunk); | 442 const SBChunkData& chunk); |
| 443 | 443 |
| 444 // Returns the size in bytes of the store after the update. | 444 // Returns the size in bytes of the store after the update. |
| 445 int64 UpdateHashPrefixStore(const base::FilePath& store_filename, | 445 int64 UpdateHashPrefixStore(const base::FilePath& store_filename, |
| 446 SafeBrowsingStore* store, | 446 SafeBrowsingStore* store, |
| 447 FailureType failure_type); | 447 FailureType failure_type); |
| 448 | 448 |
| 449 // Updates a PrefixStore store for URLs (|url_store|) which is backed on disk | 449 // Updates a PrefixStore store for URLs (|url_store|) which is backed on disk |
| 450 // by a "|db_filename| Prefix Set" file. Specific failure types are provided | 450 // by a "|db_filename| Prefix Set" file. Specific failure types are provided |
| 451 // to highlight the specific store who made the initial request on failure. | 451 // to highlight the specific store who made the initial request on failure. |
| 452 void UpdatePrefixSetUrlStore(const base::FilePath& db_filename, | 452 void UpdatePrefixSetUrlStore( |
| 453 SafeBrowsingStore* url_store, | 453 const base::FilePath& db_filename, |
| 454 scoped_ptr<safe_browsing::PrefixSet>* prefix_set, | 454 SafeBrowsingStore* url_store, |
| 455 FailureType finish_failure_type, | 455 scoped_ptr<const safe_browsing::PrefixSet>* prefix_set, |
| 456 FailureType write_failure_type); | 456 FailureType finish_failure_type, |
| 457 FailureType write_failure_type); |
| 457 | 458 |
| 458 void UpdateUrlStore(SafeBrowsingStore* url_store, | 459 void UpdateUrlStore(SafeBrowsingStore* url_store, |
| 459 scoped_ptr<safe_browsing::PrefixSet>* prefix_set, | 460 scoped_ptr<const safe_browsing::PrefixSet>* prefix_set, |
| 460 FailureType failure_type); | 461 FailureType failure_type); |
| 461 | 462 |
| 462 void UpdateSideEffectFreeWhitelistStore(); | 463 void UpdateSideEffectFreeWhitelistStore(); |
| 463 void UpdateWhitelistStore(const base::FilePath& store_filename, | 464 void UpdateWhitelistStore(const base::FilePath& store_filename, |
| 464 SafeBrowsingStore* store, | 465 SafeBrowsingStore* store, |
| 465 SBWhitelist* whitelist); | 466 SBWhitelist* whitelist); |
| 466 void UpdateIpBlacklistStore(); | 467 void UpdateIpBlacklistStore(); |
| 467 | 468 |
| 468 // Used to verify that various calls are made from the thread the | 469 // Used to verify that various calls are made from the thread the |
| 469 // object was created on (i.e., the safe_browsing_thread). | 470 // object was created on (i.e., the safe_browsing_thread). |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 519 | 520 |
| 520 // Set if corruption is detected during the course of an update. | 521 // Set if corruption is detected during the course of an update. |
| 521 // Causes the update functions to fail with no side effects, until | 522 // Causes the update functions to fail with no side effects, until |
| 522 // the next call to |UpdateStarted()|. | 523 // the next call to |UpdateStarted()|. |
| 523 bool corruption_detected_; | 524 bool corruption_detected_; |
| 524 | 525 |
| 525 // Set to true if any chunks are added or deleted during an update. | 526 // Set to true if any chunks are added or deleted during an update. |
| 526 // Used to optimize away database update. | 527 // Used to optimize away database update. |
| 527 bool change_detected_; | 528 bool change_detected_; |
| 528 | 529 |
| 529 // Used to check if a prefix was in the browse database. | 530 // PrefixSets to speed up lookups for particularly large lists. The PrefixSet |
| 530 scoped_ptr<safe_browsing::PrefixSet> browse_prefix_set_; | 531 // themselves are never modified, instead a new one is swapped in on update |
| 531 | 532 // while holding |lookup_lock_|. Any thread other than this class' main thread |
| 532 // Used to check if a prefix was in the side-effect free whitelist database. | 533 // (which handles updates) must hold |lookup_lock_| before reading from these |
| 533 scoped_ptr<safe_browsing::PrefixSet> side_effect_free_whitelist_prefix_set_; | 534 // sets. |
| 534 | 535 // TODO(gab): Enforce this by design. |
| 535 // Used to check if a prexfix was in the unwanted software database. | 536 scoped_ptr<const safe_browsing::PrefixSet> browse_prefix_set_; |
| 536 scoped_ptr<safe_browsing::PrefixSet> unwanted_software_prefix_set_; | 537 scoped_ptr<const safe_browsing::PrefixSet> |
| 538 side_effect_free_whitelist_prefix_set_; |
| 539 scoped_ptr<const safe_browsing::PrefixSet> unwanted_software_prefix_set_; |
| 537 | 540 |
| 538 // Used to schedule resetting the database because of corruption. | 541 // Used to schedule resetting the database because of corruption. |
| 539 base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_; | 542 base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_; |
| 540 }; | 543 }; |
| 541 | 544 |
| 542 #endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ | 545 #endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 781613002:
Make SafeBrowsingDatabase's PrefixSets only updatable by swapping a new one in. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@a2_threadchecks