Chromium Code Reviews Chromium Code Reviews
Issue 845663004:
Initial script request detector. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
here, too
robertshield
2015/01/28 22:20:32
It's 2015 you say, that's just like your opinion m
| |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/safe_browsing/incident_reporting/script_request_detecto r.h" | |
| 6 | |
| 7 #include "base/base64.h" | |
| 8 #include "chrome/browser/profiles/profile.h" | |
| 9 #include "chrome/browser/safe_browsing/incident_reporting/script_request_inciden t.h" | |
| 10 #include "chrome/common/safe_browsing/csd.pb.h" | |
| 11 #include "content/public/browser/browser_thread.h" | |
| 12 #include "content/public/browser/render_process_host.h" | |
| 13 #include "content/public/browser/resource_request_info.h" | |
| 14 #include "crypto/sha2.h" | |
| 15 #include "net/url_request/url_request.h" | |
| 16 #include "url/gurl.h" | |
| 17 | |
| 18 namespace { | |
| 19 const char* kBase64Hashes[] = { | |
|
grt (UTC plus 2)
2015/01/28 14:49:04
hex-encode these (and make it "const char* const k
robertshield
2015/01/28 22:20:32
Done.
| |
| 20 "K0XA2nlMZRlNeJiFbOi9lfWaWvRO+Z9PkzU7qFLAAvs=", | |
| 21 "Bc5b2v8oF/nJOGJqORt2VuPv7Ugf466TT9PSlodTRfA=", | |
| 22 "OmU9cS06xDUQ1wG2u/tJ2hLOCf1IRXZkEv/UfGFHPAs=", | |
| 23 "lY5NZazqluUR2frMzLfNs8uPTfD4cqDFhwKt5B89+vI=", | |
| 24 "K49YOOuHXaAUkJWJBNPlicXXerZIUxj+cTpq/fCzbqg=", | |
| 25 "qRhlTdP13wn25/4hDxE1mlO/tKheI7EMPGSU9QibKRU=", | |
| 26 "WiubRYFcS6X1m1R4IXN5hzfbiJfZdtkhgPxUg3fbF38=", | |
| 27 "1auT3DrSQO53ghJc93+RXFZiF7tOarg4Yp0KvtOPUNs=", | |
| 28 "23NQ01hQLvwAyu+daPS1dysA+X34iZZuNSIXNU2yibM=", | |
| 29 "3PELsymYrEAkFglLUDzip3/eX992SilUvEnWZxGSFt8=", | |
| 30 "mCgmeqnJi6vWZOTWiXBnl4Q3kosbpN9PSckKEhX/bpE=", | |
| 31 "MKVlQa9gnSqEOJjwQalPl705IK2UOgs+Q6ThkZCf3yU=", | |
| 32 "e0hybUDBL6z3n3OExSp6mG6Yh7fgZb0SxieJVoc9Nkc=", | |
| 33 "e1dI3gh+jrrpYajsqRRw629wPde3c0ueHAGAOWRqHu4=", | |
| 34 "HYa4Wg4iQay/ezUmiZhGHp3CWWwz47dj7Sn5SSzsk7U=", | |
| 35 "LvME011LWMcvi7jpdwGoeBtO6hbKhtt2BI7GhBAVPOY=", | |
| 36 "7AYWqtyW5Lv5drRMbhx6VcZvFQAux12+gWt0AOYpjk4=", | |
| 37 "ukvOtVIrCsYTh1bSLYBvd1qdfSQE/UHkOhrTz3b1IUs=", | |
| 38 "qqv9jYpDm5mYrQHsxbtAgHhE5OxElF/issLTh+Eh0B8=", | |
| 39 "eGSDgcqPCJLSlTard//L9LlcwKHX+vJubKDF++FJSn4=", | |
| 40 "kR4ruWsSMsN0q/Frr/pAHCVQPy9uJZUJX37EkVZWvTQ=", | |
| 41 "oa9o+NwtUmro0hPNcwX3PrGLUrFp6mQkLHl2gRGdoHE=", | |
| 42 "jjzmL8vqehoxEadS/T9oynvwItlv1yFi5LkFhZPQ6vs=", | |
| 43 "qxP8KGcmsDWTgrpw2i3MqY4L7tjRk4mbU5/4EoMTlX0=", | |
| 44 "6XogyJgENOk2m5s8GSvg9d/Hf06UG4oK9jW677wYeSY=", | |
| 45 "JBVCdk0prk4bK9WK24V36ubEISaDFz5/4fTc6NHuOKw=", | |
| 46 "u0T+dus3T07SmXCeIH8IMOx76TpZgYI+RQFBjeUydGg=", | |
| 47 "WhgIubjDFl9LlmqBT+vB4EQF9eqpNOuqfpfR8dTTnDA=", | |
| 48 "rJPqDdXbpOkvot0aSUvbVIqwky9tSFQ5MPGMiYfyS5c=", | |
| 49 "kFVN58yPbzql+ZC3Ivjm+TOeti1Hl0I811+JHjK5zFk=", | |
| 50 "37Dgg/3RPwut1gidR5EQulnch9No8VzcZPnd8OjV3QI=", | |
| 51 "OqCTjHx/m5oqh2Bt1XNtpMashAdoukOUJB+cXxuHVII=", | |
| 52 "dl+tybYA8Cg3Pr77NSuVrMNUCSsEcpK7Om5ceLSoh1g=", | |
| 53 "7DPxOIXwHB7uygUtm9NPilRrkTYQZPZkvh30paEijpc=", | |
| 54 "daPTU7BXvpKc9fnBMJUQ7pPATkidSqGNQOWiQtfywnc=", | |
| 55 "IWYz/8P64XqhBvKeL8bMkx5iF/HMAi85gO40SoXIme0=", | |
| 56 "m2LGK8mw+b2TGv3t+2igwhX+NOrEiXOecJPhH0p1vgk=", | |
| 57 "ueRmROp34XQ9ks9sIH6/Rv1PToIXqH09GdTa3nV08RM=", | |
| 58 "iy4w+i7hoY62ALnjwsmkrXADcuqoaNyVQ23fQCZY3uY=", | |
| 59 }; | |
| 60 | |
| 61 Profile* GetProfileForRenderProcessId(int render_process_id) { | |
| 62 // How to get a profile from a RenderProcess id: | |
| 63 // 1) Get the RenderProcessHost | |
| 64 // 2) From 1) Get the BrowserContext | |
| 65 // 3) From 2) Get the Profile. | |
| 66 Profile* profile = nullptr; | |
| 67 content::RenderProcessHost* render_process_host = | |
| 68 content::RenderProcessHost::FromID(render_process_id); | |
| 69 if (render_process_host) { | |
| 70 content::BrowserContext* browser_context = | |
| 71 render_process_host->GetBrowserContext(); | |
| 72 if (browser_context) { | |
| 73 profile = Profile::FromBrowserContext(browser_context); | |
| 74 } | |
| 75 } | |
| 76 | |
| 77 return profile; | |
| 78 } | |
| 79 | |
| 80 } // namespace | |
| 81 | |
| 82 namespace safe_browsing { | |
| 83 | |
| 84 ScriptRequestDetector::ScriptRequestDetector( | |
| 85 IncidentReportingService* incident_reporting_service) | |
| 86 : incident_reporting_service_(incident_reporting_service), | |
| 87 weak_ptr_factory_(this) { | |
| 88 InitializeScriptSet(); | |
| 89 } | |
| 90 | |
| 91 ScriptRequestDetector::~ScriptRequestDetector() { | |
| 92 } | |
| 93 | |
| 94 void ScriptRequestDetector::OnResourceRequest(const net::URLRequest* request) { | |
| 95 // Only look at actual net requests (e.g., not chrome-extensions://id/foo.js). | |
| 96 if (!request->url().SchemeIsHTTPOrHTTPS()) | |
| 97 return; | |
| 98 | |
| 99 const content::ResourceRequestInfo* request_info = | |
| 100 content::ResourceRequestInfo::ForRequest(request); | |
| 101 const content::ResourceType resource_type = request_info->GetResourceType(); | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
only used once, remove
robertshield
2015/01/28 22:20:32
Done.
| |
| 102 | |
| 103 if (resource_type == content::RESOURCE_TYPE_SCRIPT) { | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
to reduce indentation below, how about:
if (requ
robertshield
2015/01/28 22:20:32
Done.
| |
| 104 VLOG(1) << "Script request: " << request->url().spec(); | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
DVLOG
robertshield
2015/01/28 22:20:32
Done.
| |
| 105 | |
| 106 std::string url(request->url().host() + request->url().path()); | |
| 107 std::string raw_hash; | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
std::string raw_hash(crypto::kSHA256Length, '\0');
robertshield
2015/01/28 22:20:32
Done.
| |
| 108 raw_hash.resize(crypto::kSHA256Length); | |
| 109 crypto::SHA256HashString(url.c_str(), &raw_hash[0], crypto::kSHA256Length); | |
| 110 | |
| 111 if (script_set_.find(raw_hash) != script_set_.end()) { | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
if (script_set_.count(raw_hash)) {
robertshield
2015/01/28 22:20:32
Done.
| |
| 112 VLOG(1) << "Script detector match found."; | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
DVLOG
robertshield
2015/01/28 22:20:32
Done.
| |
| 113 | |
| 114 scoped_ptr<ClientIncidentReport_IncidentData_ScriptRequestIncident> | |
| 115 incident_data( | |
| 116 new ClientIncidentReport_IncidentData_ScriptRequestIncident()); | |
| 117 incident_data->set_script_hash(raw_hash); | |
| 118 // TODO(robertshield): Set the domain of the parent frame: | |
| 119 // incident_data->set_inclusion_domain(<something>); | |
| 120 | |
| 121 // This next bit of work needs a profile, so has to happen on the UI | |
| 122 // thread. | |
| 123 int render_frame_id = 0; | |
| 124 int render_process_id = 0; | |
| 125 content::ResourceRequestInfo::GetRenderFrameForRequest( | |
| 126 request, &render_frame_id, &render_process_id); | |
| 127 | |
| 128 content::BrowserThread::PostTask( | |
| 129 content::BrowserThread::UI, FROM_HERE, | |
| 130 base::Bind(&ScriptRequestDetector::ReportIncidentOnUIThread, | |
| 131 weak_ptr_factory_.GetWeakPtr(), render_process_id, | |
| 132 base::Passed(incident_data.Pass()))); | |
| 133 } | |
| 134 } | |
| 135 } | |
| 136 | |
| 137 void ScriptRequestDetector::AddScriptHashForTesting( | |
| 138 const std::string& raw_hash) { | |
| 139 script_set_.insert(raw_hash); | |
| 140 } | |
| 141 | |
| 142 bool ScriptRequestDetector::ContainsScriptHashForTesting( | |
| 143 const std::string& raw_hash) { | |
| 144 return script_set_.find(raw_hash) != script_set_.end(); | |
| 145 } | |
| 146 | |
| 147 bool ScriptRequestDetector::AllowNullProfileForTesting() { | |
| 148 return false; | |
| 149 } | |
| 150 | |
| 151 void ScriptRequestDetector::InitializeScriptSet() { | |
| 152 // Store a hashed set of decoded string hashes. Probably slower than a linear | |
| 153 // search for this size list, but this is only temporary. | |
| 154 for (int i = 0; i < arraysize(kBase64Hashes); ++i) { | |
| 155 std::string raw_hash; | |
|
grt (UTC plus 2)
2015/01/28 14:49:05
move this out of the loop (as above)
robertshield
2015/01/28 22:20:32
Done.
| |
| 156 if (base::Base64Decode(kBase64Hashes[i], &raw_hash)) | |
| 157 script_set_.insert(raw_hash); | |
| 158 } | |
| 159 } | |
| 160 | |
| 161 void ScriptRequestDetector::ReportIncidentOnUIThread( | |
| 162 int render_process_id, | |
| 163 scoped_ptr<ClientIncidentReport_IncidentData_ScriptRequestIncident> | |
| 164 incident_data) { | |
| 165 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
| 166 | |
| 167 Profile* profile = GetProfileForRenderProcessId(render_process_id); | |
| 168 if (profile || AllowNullProfileForTesting()) { | |
| 169 AddIncidentCallback incident_callback = | |
| 170 incident_reporting_service_->GetAddIncidentCallback(profile); | |
| 171 incident_callback.Run( | |
| 172 make_scoped_ptr(new ScriptRequestIncident(incident_data.Pass()))); | |
| 173 } | |
| 174 } | |
| 175 | |
| 176 } // namespace safe_browsing | |
| OLD | NEW |
