Add support for goog-csdinclusionwhite-sha256 in SafeBrowsingDatabase.

chrome/browser/safe_browsing/safe_browsing_database.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
 
 #include <map>
 #include <set>
 #include <string>
@@ skipping 39 matching lines @@
 // four databases: browse, download, download whitelist and
 // client-side detection (csd) whitelist databases. The browse database contains
 // information about phishing and malware urls. The download database contains
 // URLs for bad binaries (e.g: those containing virus) and hash of
 // these downloaded contents. The download whitelist contains whitelisted
 // download hosting sites as well as whitelisted binary signing certificates
 // etc.  The csd whitelist database contains URLs that will never be considered
 // as phishing by the client-side phishing detection. These on-disk databases
 // are shared among all profiles, as it doesn't contain user-specific data. This
 // object is not thread-safe, i.e. all its methods should be used on the same
-// thread that it was created on.
+// thread that it was created on, unless specified otherwise.
 class SafeBrowsingDatabase {
  public:
   // Factory method for obtaining a SafeBrowsingDatabase implementation.
   // It is not thread safe.
-  // |enable_download_protection| is used to control the download database
-  // feature.
-  // |enable_client_side_whitelist| is used to control the csd whitelist
-  // database feature.
-  // |enable_download_whitelist| is used to control the download whitelist
-  // database feature.
-  // |enable_ip_blacklist| is used to control the csd malware IP blacklist
-  // database feature.
-  // |enable_unwanted_software_list| is used to control the unwanted software
-  // list database feature.
+  // The browse list and off-domain inclusion whitelist are always on;
+  // availability of other lists is controlled by the flags on this method.
   static SafeBrowsingDatabase* Create(bool enable_download_protection,
                                       bool enable_client_side_whitelist,
                                       bool enable_download_whitelist,
                                       bool enable_extension_blacklist,
                                       bool side_effect_free_whitelist,
                                       bool enable_ip_blacklist,
                                       bool enable_unwanted_software_list);
 
   // Makes the passed |factory| the factory used to instantiate
   // a SafeBrowsingDatabase. This is used for tests.
@@ skipping 45 matching lines @@
   // The download whitelist is used for two purposes: a white-domain list of
   // sites that are considered to host only harmless binaries as well as a
   // whitelist of arbitrary strings such as hashed certificate authorities that
   // are considered to be trusted.  The two methods below let you lookup the
   // whitelist either for a URL or an arbitrary string.  These methods will
   // return false if no match is found and true otherwise. This function is safe
   // to call from any thread.
   virtual bool ContainsDownloadWhitelistedUrl(const GURL& url) = 0;
   virtual bool ContainsDownloadWhitelistedString(const std::string& str) = 0;
 
+  // Returns true if |url| is on the off-domain inclusion whitelist.
+  virtual bool ContainsInclusionWhitelistedUrl(const GURL& url) = 0;
+
   // Populates |prefix_hits| with any prefixes in |prefixes| that have matches
   // in the database.
   //
   // This function can ONLY be accessed from the creation thread.
   virtual bool ContainsExtensionPrefixes(
       const std::vector<SBPrefix>& prefixes,
       std::vector<SBPrefix>* prefix_hits) = 0;
 
   // Returns false unless the hash of |url| is on the side-effect free
   // whitelist. This function is safe to call from any thread.
@@ skipping 65 matching lines @@
       const base::FilePath& db_base_filename);
 
   // Filename for client-side phishing detection whitelist databsae.
   static base::FilePath CsdWhitelistDBFilename(
       const base::FilePath& csd_whitelist_base_filename);
 
   // Filename for download whitelist databsae.
   static base::FilePath DownloadWhitelistDBFilename(
       const base::FilePath& download_whitelist_base_filename);
 
+  // Filename for the off-domain inclusion whitelist databsae.
+  static base::FilePath InclusionWhitelistDBFilename(
+      const base::FilePath& inclusion_whitelist_base_filename);
+
   // Filename for extension blacklist database.
   static base::FilePath ExtensionBlacklistDBFilename(
       const base::FilePath& extension_blacklist_base_filename);
 
   // Filename for side-effect free whitelist database.
   static base::FilePath SideEffectFreeWhitelistDBFilename(
       const base::FilePath& side_effect_free_whitelist_base_filename);
 
   // Filename for the csd malware IP blacklist database.
   static base::FilePath IpBlacklistDBFilename(
@@ skipping 51 matching lines @@
 
  private:
   // The factory used to instantiate a SafeBrowsingDatabase object.
   // Useful for tests, so they can provide their own implementation of
   // SafeBrowsingDatabase.
   static SafeBrowsingDatabaseFactory* factory_;
 };
 
 class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
  public:
-  // Create a database with a browse, download, download whitelist and
-  // csd whitelist store objects. Takes ownership of all the store objects.
-  // When |download_store| is NULL, the database will ignore any operations
-  // related download (url hashes and binary hashes).  The same is true for
-  // the |csd_whitelist_store|, |download_whitelist_store| and
-  // |ip_blacklist_store|.
+  // Create a database with the stores below. Takes ownership of all store
+  // objects handed to this constructor. Ignores all future operations on lists
+  // for which the store is initialized to NULL.
   SafeBrowsingDatabaseNew(SafeBrowsingStore* browse_store,
                           SafeBrowsingStore* download_store,
                           SafeBrowsingStore* csd_whitelist_store,
                           SafeBrowsingStore* download_whitelist_store,
+                          SafeBrowsingStore* inclusion_whitelist_store,
                           SafeBrowsingStore* extension_blacklist_store,
                           SafeBrowsingStore* side_effect_free_whitelist_store,
                           SafeBrowsingStore* ip_blacklist_store,
                           SafeBrowsingStore* unwanted_software_store);
 
   // Create a database with a browse store. This is a legacy interface that
   // useds Sqlite.
   SafeBrowsingDatabaseNew();
 
   ~SafeBrowsingDatabaseNew() override;
 
   // Implement SafeBrowsingDatabase interface.
   void Init(const base::FilePath& filename) override;
   bool ResetDatabase() override;
   bool ContainsBrowseUrl(const GURL& url,
                          std::vector<SBPrefix>* prefix_hits,
                          std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsUnwantedSoftwareUrl(
       const GURL& url,
       std::vector<SBPrefix>* prefix_hits,
       std::vector<SBFullHashResult>* cache_hits) override;
   bool ContainsDownloadUrl(const std::vector<GURL>& urls,
                            std::vector<SBPrefix>* prefix_hits) override;
   bool ContainsCsdWhitelistedUrl(const GURL& url) override;
   bool ContainsDownloadWhitelistedUrl(const GURL& url) override;
   bool ContainsDownloadWhitelistedString(const std::string& str) override;
+  bool ContainsInclusionWhitelistedUrl(const GURL& url) override;
   bool ContainsExtensionPrefixes(const std::vector<SBPrefix>& prefixes,
                                  std::vector<SBPrefix>* prefix_hits) override;
   bool ContainsSideEffectFreeWhitelistUrl(const GURL& url) override;
   bool ContainsMalwareIP(const std::string& ip_address) override;
   bool UpdateStarted(std::vector<SBListChunkRanges>* lists) override;
   void InsertChunks(const std::string& list_name,
                     const std::vector<SBChunkData*>& chunks) override;
   void DeleteChunks(const std::vector<SBChunkDelete>& chunk_deletes) override;
   void UpdateFinished(bool update_succeeded) override;
   void CacheHashResults(const std::vector<SBPrefix>& prefixes,
@@ skipping 37 matching lines @@
   // will automatically handle thread-safety.
   class ThreadSafeStateManager {
    public:
     // Identifiers for stores held by the ThreadSafeStateManager. Allows helper
     // methods to start a transaction themselves and keep it as short as
     // possible rather than force callers to start the transaction early to pass
     // a store pointer to the said helper methods.
     enum class SBWhitelistId {
       CSD,
       DOWNLOAD,
+      INCLUSION,
     };
     enum class PrefixSetId {
       BROWSE,
       SIDE_EFFECT_FREE_WHITELIST,
       UNWANTED_SOFTWARE,
     };
 
     // Obtained through BeginReadTransaction(NoLockOnMainThread)?(): a
     // ReadTransaction allows read-only observations of the
     // ThreadSafeStateManager's state. The |prefix_gethash_cache_| has a special
@@ skipping 20 matching lines @@
     // The SafeBrowsingDatabase's ThreadChecker, used to verify that writes are
     // only made on its main thread. This is important as it allows reading from
     // the main thread without holding the lock.
     const base::ThreadChecker& thread_checker_;
 
     // Lock for protecting access to this class' state.
     mutable base::Lock lock_;
 
     SBWhitelist csd_whitelist_;
     SBWhitelist download_whitelist_;
+    SBWhitelist inclusion_whitelist_;
 
     // The IP blacklist should be small.  At most a couple hundred IPs.
     IPBlacklist ip_blacklist_;
 
     // PrefixSets to speed up lookups for particularly large lists. The
     // PrefixSet themselves are never modified, instead a new one is swapped in
     // on update.
     scoped_ptr<const safe_browsing::PrefixSet> browse_prefix_set_;
     scoped_ptr<const safe_browsing::PrefixSet>
         side_effect_free_whitelist_prefix_set_;
@@ skipping 31 matching lines @@
   bool PrefixSetContainsUrlHashes(const std::vector<SBFullHash>& full_hashes,
                                   PrefixSetId prefix_set_id,
                                   std::vector<SBPrefix>* prefix_hits,
                                   std::vector<SBFullHashResult>* cache_hits);
 
   // Returns true if the whitelist is disabled or if any of the given hashes
   // matches the whitelist.
   bool ContainsWhitelistedHashes(SBWhitelistId whitelist_id,
                                  const std::vector<SBFullHash>& hashes);
 
-  // Return the browse_store_, download_store_, download_whitelist_store or
-  // csd_whitelist_store_ based on list_id.
+  // Return the store matching |list_id|.
   SafeBrowsingStore* GetStore(int list_id);
 
   // Deletes the files on disk.
   bool Delete();
 
   // Load the prefix set in "|db_filename| Prefix Set" off disk, if available,
   // and stores it in the PrefixSet identified by |prefix_set_id|.
   // |read_failure_type| provides a caller-specific error code to be used on
   // failure.  This method should only ever be called during initialization as
   // it performs some disk IO while holding a transaction (for the sake of
@@ skipping 89 matching lines @@
   scoped_ptr<SafeBrowsingStore> download_store_;
 
   // For the client-side phishing detection whitelist chunks and full-length
   // hashes.  This list only contains 256 bit hashes.
   scoped_ptr<SafeBrowsingStore> csd_whitelist_store_;
 
   // For the download whitelist chunks and full-length hashes.  This list only
   // contains 256 bit hashes.
   scoped_ptr<SafeBrowsingStore> download_whitelist_store_;
 
+  // For the off-domain inclusion whitelist chunks and full-length hashes.  This
+  // list only contains 256 bit hashes.
+  scoped_ptr<SafeBrowsingStore> inclusion_whitelist_store_;
+
   // For extension IDs.
   scoped_ptr<SafeBrowsingStore> extension_blacklist_store_;
 
   // For side-effect free whitelist.
   scoped_ptr<SafeBrowsingStore> side_effect_free_whitelist_store_;
 
   // For IP blacklist.
   scoped_ptr<SafeBrowsingStore> ip_blacklist_store_;
 
   // For unwanted software list.
   scoped_ptr<SafeBrowsingStore> unwanted_software_store_;
 
   // Set if corruption is detected during the course of an update.
   // Causes the update functions to fail with no side effects, until
   // the next call to |UpdateStarted()|.
   bool corruption_detected_;
 
   // Set to true if any chunks are added or deleted during an update.
   // Used to optimize away database update.
   bool change_detected_;
 
   // Used to schedule resetting the database because of corruption.
   base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_;
 };
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_