search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add domain request detection to incident reporting service.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / download_protection_service.cc
blobee01b97dc79e9be4adbeb683b4fe39c56270f830
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/download_protection_service.h"
6
7 #include "base/bind.h"
8 #include "base/compiler_specific.h"
9 #include "base/format_macros.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/memory/weak_ptr.h"
12 #include "base/metrics/field_trial.h"
13 #include "base/metrics/histogram.h"
14 #include "base/metrics/sparse_histogram.h"
15 #include "base/sequenced_task_runner_helpers.h"
16 #include "base/stl_util.h"
17 #include "base/strings/string_number_conversions.h"
18 #include "base/strings/string_util.h"
19 #include "base/strings/stringprintf.h"
20 #include "base/task/cancelable_task_tracker.h"
21 #include "base/threading/sequenced_worker_pool.h"
22 #include "base/time/time.h"
23 #include "chrome/browser/browser_process.h"
24 #include "chrome/browser/history/history_service_factory.h"
25 #include "chrome/browser/profiles/profile.h"
26 #include "chrome/browser/safe_browsing/download_feedback_service.h"
27 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
28 #include "chrome/browser/safe_browsing/sandboxed_zip_analyzer.h"
29 #include "chrome/browser/ui/browser.h"
30 #include "chrome/browser/ui/browser_list.h"
31 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
32 #include "chrome/common/safe_browsing/csd.pb.h"
33 #include "chrome/common/safe_browsing/download_protection_util.h"
34 #include "chrome/common/safe_browsing/zip_analyzer_results.h"
35 #include "chrome/common/url_constants.h"
36 #include "components/google/core/browser/google_util.h"
37 #include "components/history/core/browser/history_service.h"
38 #include "content/public/browser/browser_thread.h"
39 #include "content/public/browser/download_item.h"
40 #include "content/public/browser/page_navigator.h"
41 #include "crypto/sha2.h"
42 #include "google_apis/google_api_keys.h"
43 #include "net/base/escape.h"
44 #include "net/base/load_flags.h"
45 #include "net/cert/x509_cert_types.h"
46 #include "net/cert/x509_certificate.h"
47 #include "net/http/http_status_code.h"
48 #include "net/url_request/url_fetcher.h"
49 #include "net/url_request/url_fetcher_delegate.h"
50 #include "net/url_request/url_request_context_getter.h"
51 #include "net/url_request/url_request_status.h"
52
53 using content::BrowserThread;
54
55 namespace {
56 static const int64 kDownloadRequestTimeoutMs = 7000;
57 } // namespace
58
59 namespace safe_browsing {
60
61 const char DownloadProtectionService::kDownloadRequestUrl[] =
62 "https://sb-ssl.google.com/safebrowsing/clientreport/download";
63
64 namespace {
65 // List of extensions for which we track some UMA stats.
66 enum MaliciousExtensionType {
67 EXTENSION_EXE,
68 EXTENSION_MSI,
69 EXTENSION_CAB,
70 EXTENSION_SYS,
71 EXTENSION_SCR,
72 EXTENSION_DRV,
73 EXTENSION_BAT,
74 EXTENSION_ZIP,
75 EXTENSION_RAR,
76 EXTENSION_DLL,
77 EXTENSION_PIF,
78 EXTENSION_COM,
79 EXTENSION_JAR,
80 EXTENSION_CLASS,
81 EXTENSION_PDF,
82 EXTENSION_VB,
83 EXTENSION_REG,
84 EXTENSION_GRP,
85 EXTENSION_OTHER, // Groups all other extensions into one bucket.
86 EXTENSION_CRX,
87 EXTENSION_APK,
88 EXTENSION_DMG,
89 EXTENSION_PKG,
90 EXTENSION_TORRENT,
91 EXTENSION_MAX,
92 };
93
94 MaliciousExtensionType GetExtensionType(const base::FilePath& f) {
95 if (f.MatchesExtension(FILE_PATH_LITERAL(".exe"))) return EXTENSION_EXE;
96 if (f.MatchesExtension(FILE_PATH_LITERAL(".msi"))) return EXTENSION_MSI;
97 if (f.MatchesExtension(FILE_PATH_LITERAL(".cab"))) return EXTENSION_CAB;
98 if (f.MatchesExtension(FILE_PATH_LITERAL(".sys"))) return EXTENSION_SYS;
99 if (f.MatchesExtension(FILE_PATH_LITERAL(".scr"))) return EXTENSION_SCR;
100 if (f.MatchesExtension(FILE_PATH_LITERAL(".drv"))) return EXTENSION_DRV;
101 if (f.MatchesExtension(FILE_PATH_LITERAL(".bat"))) return EXTENSION_BAT;
102 if (f.MatchesExtension(FILE_PATH_LITERAL(".zip"))) return EXTENSION_ZIP;
103 if (f.MatchesExtension(FILE_PATH_LITERAL(".rar"))) return EXTENSION_RAR;
104 if (f.MatchesExtension(FILE_PATH_LITERAL(".dll"))) return EXTENSION_DLL;
105 if (f.MatchesExtension(FILE_PATH_LITERAL(".pif"))) return EXTENSION_PIF;
106 if (f.MatchesExtension(FILE_PATH_LITERAL(".com"))) return EXTENSION_COM;
107 if (f.MatchesExtension(FILE_PATH_LITERAL(".jar"))) return EXTENSION_JAR;
108 if (f.MatchesExtension(FILE_PATH_LITERAL(".class"))) return EXTENSION_CLASS;
109 if (f.MatchesExtension(FILE_PATH_LITERAL(".pdf"))) return EXTENSION_PDF;
110 if (f.MatchesExtension(FILE_PATH_LITERAL(".vb"))) return EXTENSION_VB;
111 if (f.MatchesExtension(FILE_PATH_LITERAL(".reg"))) return EXTENSION_REG;
112 if (f.MatchesExtension(FILE_PATH_LITERAL(".grp"))) return EXTENSION_GRP;
113 if (f.MatchesExtension(FILE_PATH_LITERAL(".crx"))) return EXTENSION_CRX;
114 if (f.MatchesExtension(FILE_PATH_LITERAL(".apk"))) return EXTENSION_APK;
115 if (f.MatchesExtension(FILE_PATH_LITERAL(".dmg"))) return EXTENSION_DMG;
116 if (f.MatchesExtension(FILE_PATH_LITERAL(".pkg"))) return EXTENSION_PKG;
117 if (f.MatchesExtension(FILE_PATH_LITERAL(".torrent")))
118 return EXTENSION_TORRENT;
119 return EXTENSION_OTHER;
120 }
121
122 void RecordFileExtensionType(const base::FilePath& file) {
123 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.DownloadExtensions",
124 GetExtensionType(file),
125 EXTENSION_MAX);
126 }
127
128 // Enumerate for histogramming purposes.
129 // DO NOT CHANGE THE ORDERING OF THESE VALUES (different histogram data will
130 // be mixed together based on their values).
131 enum SBStatsType {
132 DOWNLOAD_URL_CHECKS_TOTAL,
133 DOWNLOAD_URL_CHECKS_CANCELED,
134 DOWNLOAD_URL_CHECKS_MALWARE,
135
136 DOWNLOAD_HASH_CHECKS_TOTAL,
137 DOWNLOAD_HASH_CHECKS_MALWARE,
138
139 // Memory space for histograms is determined by the max.
140 // ALWAYS ADD NEW VALUES BEFORE THIS ONE.
141 DOWNLOAD_CHECKS_MAX
142 };
143
144 // Prepares URLs to be put into a ping message. Currently this just shortens
145 // data: URIs, other URLs are included verbatim.
146 std::string SanitizeUrl(const GURL& url) {
147 std::string spec = url.spec();
148 if (url.SchemeIs(url::kDataScheme)) {
149 size_t comma_pos = spec.find(',');
150 if (comma_pos != std::string::npos && comma_pos != spec.size() - 1) {
151 std::string hash_value = crypto::SHA256HashString(spec);
152 spec.erase(comma_pos + 1);
153 spec += base::HexEncode(hash_value.data(), hash_value.size());
154 }
155 }
156 return spec;
157 }
158
159 } // namespace
160
161 // Parent SafeBrowsing::Client class used to lookup the bad binary
162 // URL and digest list. There are two sub-classes (one for each list).
163 class DownloadSBClient
164 : public SafeBrowsingDatabaseManager::Client,
165 public base::RefCountedThreadSafe<DownloadSBClient> {
166 public:
167 DownloadSBClient(
168 const content::DownloadItem& item,
169 const DownloadProtectionService::CheckDownloadCallback& callback,
170 const scoped_refptr<SafeBrowsingUIManager>& ui_manager,
171 SBStatsType total_type,
172 SBStatsType dangerous_type)
173 : sha256_hash_(item.GetHash()),
174 url_chain_(item.GetUrlChain()),
175 referrer_url_(item.GetReferrerUrl()),
176 callback_(callback),
177 ui_manager_(ui_manager),
178 start_time_(base::TimeTicks::Now()),
179 total_type_(total_type),
180 dangerous_type_(dangerous_type) {}
181
182 virtual void StartCheck() = 0;
183 virtual bool IsDangerous(SBThreatType threat_type) const = 0;
184
185 protected:
186 friend class base::RefCountedThreadSafe<DownloadSBClient>;
187 ~DownloadSBClient() override {}
188
189 void CheckDone(SBThreatType threat_type) {
190 DownloadProtectionService::DownloadCheckResult result =
191 IsDangerous(threat_type) ?
192 DownloadProtectionService::DANGEROUS :
193 DownloadProtectionService::SAFE;
194 BrowserThread::PostTask(BrowserThread::UI,
195 FROM_HERE,
196 base::Bind(callback_, result));
197 UpdateDownloadCheckStats(total_type_);
198 if (threat_type != SB_THREAT_TYPE_SAFE) {
199 UpdateDownloadCheckStats(dangerous_type_);
200 BrowserThread::PostTask(
201 BrowserThread::UI,
202 FROM_HERE,
203 base::Bind(&DownloadSBClient::ReportMalware,
204 this, threat_type));
205 }
206 }
207
208 void ReportMalware(SBThreatType threat_type) {
209 std::string post_data;
210 if (!sha256_hash_.empty())
211 post_data += base::HexEncode(sha256_hash_.data(),
212 sha256_hash_.size()) + "\n";
213 for (size_t i = 0; i < url_chain_.size(); ++i) {
214 post_data += url_chain_[i].spec() + "\n";
215 }
216 ui_manager_->ReportSafeBrowsingHit(
217 url_chain_.back(), // malicious_url
218 url_chain_.front(), // page_url
219 referrer_url_,
220 true, // is_subresource
221 threat_type,
222 post_data);
223 }
224
225 void UpdateDownloadCheckStats(SBStatsType stat_type) {
226 UMA_HISTOGRAM_ENUMERATION("SB2.DownloadChecks",
227 stat_type,
228 DOWNLOAD_CHECKS_MAX);
229 }
230
231 std::string sha256_hash_;
232 std::vector<GURL> url_chain_;
233 GURL referrer_url_;
234 DownloadProtectionService::CheckDownloadCallback callback_;
235 scoped_refptr<SafeBrowsingUIManager> ui_manager_;
236 base::TimeTicks start_time_;
237
238 private:
239 const SBStatsType total_type_;
240 const SBStatsType dangerous_type_;
241
242 DISALLOW_COPY_AND_ASSIGN(DownloadSBClient);
243 };
244
245 class DownloadUrlSBClient : public DownloadSBClient {
246 public:
247 DownloadUrlSBClient(
248 const content::DownloadItem& item,
249 const DownloadProtectionService::CheckDownloadCallback& callback,
250 const scoped_refptr<SafeBrowsingUIManager>& ui_manager,
251 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager)
252 : DownloadSBClient(item, callback, ui_manager,
253 DOWNLOAD_URL_CHECKS_TOTAL,
254 DOWNLOAD_URL_CHECKS_MALWARE),
255 database_manager_(database_manager) { }
256
257 void StartCheck() override {
258 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
259 if (!database_manager_.get() ||
260 database_manager_->CheckDownloadUrl(url_chain_, this)) {
261 CheckDone(SB_THREAT_TYPE_SAFE);
262 } else {
263 AddRef(); // SafeBrowsingService takes a pointer not a scoped_refptr.
264 }
265 }
266
267 bool IsDangerous(SBThreatType threat_type) const override {
268 return threat_type == SB_THREAT_TYPE_BINARY_MALWARE_URL;
269 }
270
271 void OnCheckDownloadUrlResult(const std::vector<GURL>& url_chain,
272 SBThreatType threat_type) override {
273 CheckDone(threat_type);
274 UMA_HISTOGRAM_TIMES("SB2.DownloadUrlCheckDuration",
275 base::TimeTicks::Now() - start_time_);
276 Release();
277 }
278
279 protected:
280 ~DownloadUrlSBClient() override {}
281
282 private:
283 scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
284
285 DISALLOW_COPY_AND_ASSIGN(DownloadUrlSBClient);
286 };
287
288 class DownloadProtectionService::CheckClientDownloadRequest
289 : public base::RefCountedThreadSafe<
290 DownloadProtectionService::CheckClientDownloadRequest,
291 BrowserThread::DeleteOnUIThread>,
292 public net::URLFetcherDelegate,
293 public content::DownloadItem::Observer {
294 public:
295 CheckClientDownloadRequest(
296 content::DownloadItem* item,
297 const CheckDownloadCallback& callback,
298 DownloadProtectionService* service,
299 const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
300 BinaryFeatureExtractor* binary_feature_extractor)
301 : item_(item),
302 url_chain_(item->GetUrlChain()),
303 referrer_url_(item->GetReferrerUrl()),
304 tab_url_(item->GetTabUrl()),
305 tab_referrer_url_(item->GetTabReferrerUrl()),
306 zipped_executable_(false),
307 callback_(callback),
308 service_(service),
309 binary_feature_extractor_(binary_feature_extractor),
310 database_manager_(database_manager),
311 pingback_enabled_(service_->enabled()),
312 finished_(false),
313 type_(ClientDownloadRequest::WIN_EXECUTABLE),
314 start_time_(base::TimeTicks::Now()),
315 weakptr_factory_(this) {
316 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
317 item_->AddObserver(this);
318 }
319
320 void Start() {
321 DVLOG(2) << "Starting SafeBrowsing download check for: "
322 << item_->DebugString(true);
323 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
324 // TODO(noelutz): implement some cache to make sure we don't issue the same
325 // request over and over again if a user downloads the same binary multiple
326 // times.
327 DownloadCheckResultReason reason = REASON_MAX;
328 if (!IsSupportedDownload(
329 *item_, item_->GetTargetFilePath(), &reason, &type_)) {
330 switch (reason) {
331 case REASON_EMPTY_URL_CHAIN:
332 case REASON_INVALID_URL:
333 case REASON_UNSUPPORTED_URL_SCHEME:
334 PostFinishTask(UNKNOWN, reason);
335 return;
336
337 case REASON_NOT_BINARY_FILE:
338 RecordFileExtensionType(item_->GetTargetFilePath());
339 PostFinishTask(UNKNOWN, reason);
340 return;
341
342 default:
343 // We only expect the reasons explicitly handled above.
344 NOTREACHED();
345 }
346 }
347 RecordFileExtensionType(item_->GetTargetFilePath());
348
349 // Compute features from the file contents. Note that we record histograms
350 // based on the result, so this runs regardless of whether the pingbacks
351 // are enabled.
352 if (item_->GetTargetFilePath().MatchesExtension(
353 FILE_PATH_LITERAL(".zip"))) {
354 StartExtractZipFeatures();
355 } else {
356 DCHECK(!download_protection_util::IsArchiveFile(
357 item_->GetTargetFilePath()));
358 StartExtractFileFeatures();
359 }
360 }
361
362 // Start a timeout to cancel the request if it takes too long.
363 // This should only be called after we have finished accessing the file.
364 void StartTimeout() {
365 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
366 if (!service_) {
367 // Request has already been cancelled.
368 return;
369 }
370 timeout_start_time_ = base::TimeTicks::Now();
371 BrowserThread::PostDelayedTask(
372 BrowserThread::UI,
373 FROM_HERE,
374 base::Bind(&CheckClientDownloadRequest::Cancel,
375 weakptr_factory_.GetWeakPtr()),
376 base::TimeDelta::FromMilliseconds(
377 service_->download_request_timeout_ms()));
378 }
379
380 // Canceling a request will cause us to always report the result as UNKNOWN
381 // unless a pending request is about to call FinishRequest.
382 void Cancel() {
383 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
384 if (fetcher_.get()) {
385 // The DownloadProtectionService is going to release its reference, so we
386 // might be destroyed before the URLFetcher completes. Cancel the
387 // fetcher so it does not try to invoke OnURLFetchComplete.
388 fetcher_.reset();
389 }
390 // Note: If there is no fetcher, then some callback is still holding a
391 // reference to this object. We'll eventually wind up in some method on
392 // the UI thread that will call FinishRequest() again. If FinishRequest()
393 // is called a second time, it will be a no-op.
394 FinishRequest(UNKNOWN, REASON_REQUEST_CANCELED);
395 // Calling FinishRequest might delete this object, we may be deleted by
396 // this point.
397 }
398
399 // content::DownloadItem::Observer implementation.
400 void OnDownloadDestroyed(content::DownloadItem* download) override {
401 Cancel();
402 DCHECK(item_ == NULL);
403 }
404
405 // From the net::URLFetcherDelegate interface.
406 void OnURLFetchComplete(const net::URLFetcher* source) override {
407 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
408 DCHECK_EQ(source, fetcher_.get());
409 DVLOG(2) << "Received a response for URL: "
410 << item_->GetUrlChain().back() << ": success="
411 << source->GetStatus().is_success() << " response_code="
412 << source->GetResponseCode();
413 if (source->GetStatus().is_success()) {
414 UMA_HISTOGRAM_SPARSE_SLOWLY(
415 "SBClientDownload.DownloadRequestResponseCode",
416 source->GetResponseCode());
417 }
418 UMA_HISTOGRAM_SPARSE_SLOWLY(
419 "SBClientDownload.DownloadRequestNetError",
420 -source->GetStatus().error());
421 DownloadCheckResultReason reason = REASON_SERVER_PING_FAILED;
422 DownloadCheckResult result = UNKNOWN;
423 if (source->GetStatus().is_success() &&
424 net::HTTP_OK == source->GetResponseCode()) {
425 ClientDownloadResponse response;
426 std::string data;
427 bool got_data = source->GetResponseAsString(&data);
428 DCHECK(got_data);
429 if (!response.ParseFromString(data)) {
430 reason = REASON_INVALID_RESPONSE_PROTO;
431 result = UNKNOWN;
432 } else if (response.verdict() == ClientDownloadResponse::SAFE) {
433 reason = REASON_DOWNLOAD_SAFE;
434 result = SAFE;
435 } else if (service_ && !service_->IsSupportedDownload(
436 *item_, item_->GetTargetFilePath())) {
437 // The client of the download protection service assumes that we don't
438 // support this download so we cannot return any other verdict than
439 // UNKNOWN even if the server says it's dangerous to download this file.
440 // Note: if service_ is NULL we already cancelled the request and
441 // returned UNKNOWN.
442 reason = REASON_DOWNLOAD_NOT_SUPPORTED;
443 result = UNKNOWN;
444 } else if (response.verdict() == ClientDownloadResponse::DANGEROUS) {
445 reason = REASON_DOWNLOAD_DANGEROUS;
446 result = DANGEROUS;
447 } else if (response.verdict() == ClientDownloadResponse::UNCOMMON) {
448 reason = REASON_DOWNLOAD_UNCOMMON;
449 result = UNCOMMON;
450 } else if (response.verdict() == ClientDownloadResponse::DANGEROUS_HOST) {
451 reason = REASON_DOWNLOAD_DANGEROUS_HOST;
452 result = DANGEROUS_HOST;
453 } else if (
454 response.verdict() == ClientDownloadResponse::POTENTIALLY_UNWANTED) {
455 reason = REASON_DOWNLOAD_POTENTIALLY_UNWANTED;
456 result = POTENTIALLY_UNWANTED;
457 } else {
458 LOG(DFATAL) << "Unknown download response verdict: "
459 << response.verdict();
460 reason = REASON_INVALID_RESPONSE_VERDICT;
461 result = UNKNOWN;
462 }
463 DownloadFeedbackService::MaybeStorePingsForDownload(
464 result, item_, client_download_request_data_, data);
465 }
466 // We don't need the fetcher anymore.
467 fetcher_.reset();
468 UMA_HISTOGRAM_TIMES("SBClientDownload.DownloadRequestDuration",
469 base::TimeTicks::Now() - start_time_);
470 UMA_HISTOGRAM_TIMES("SBClientDownload.DownloadRequestNetworkDuration",
471 base::TimeTicks::Now() - request_start_time_);
472 FinishRequest(result, reason);
473 }
474
475 static bool IsSupportedDownload(const content::DownloadItem& item,
476 const base::FilePath& target_path,
477 DownloadCheckResultReason* reason,
478 ClientDownloadRequest::DownloadType* type) {
479 if (item.GetUrlChain().empty()) {
480 *reason = REASON_EMPTY_URL_CHAIN;
481 return false;
482 }
483 const GURL& final_url = item.GetUrlChain().back();
484 if (!final_url.is_valid() || final_url.is_empty()) {
485 *reason = REASON_INVALID_URL;
486 return false;
487 }
488 if (!download_protection_util::IsBinaryFile(target_path)) {
489 *reason = REASON_NOT_BINARY_FILE;
490 return false;
491 }
492 if ((!final_url.IsStandard() && !final_url.SchemeIsBlob() &&
493 !final_url.SchemeIs(url::kDataScheme)) ||
494 final_url.SchemeIsFile()) {
495 *reason = REASON_UNSUPPORTED_URL_SCHEME;
496 return false;
497 }
498 *type = download_protection_util::GetDownloadType(target_path);
499 return true;
500 }
501
502 private:
503 friend struct BrowserThread::DeleteOnThread<BrowserThread::UI>;
504 friend class base::DeleteHelper<CheckClientDownloadRequest>;
505
506 ~CheckClientDownloadRequest() override {
507 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
508 DCHECK(item_ == NULL);
509 }
510
511 void OnFileFeatureExtractionDone() {
512 // This can run in any thread, since it just posts more messages.
513
514 // TODO(noelutz): DownloadInfo should also contain the IP address of
515 // every URL in the redirect chain. We also should check whether the
516 // download URL is hosted on the internal network.
517 BrowserThread::PostTask(
518 BrowserThread::IO,
519 FROM_HERE,
520 base::Bind(&CheckClientDownloadRequest::CheckWhitelists, this));
521
522 // We wait until after the file checks finish to start the timeout, as
523 // windows can cause permissions errors if the timeout fired while we were
524 // checking the file signature and we tried to complete the download.
525 BrowserThread::PostTask(
526 BrowserThread::UI,
527 FROM_HERE,
528 base::Bind(&CheckClientDownloadRequest::StartTimeout, this));
529 }
530
531 void StartExtractFileFeatures() {
532 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
533 DCHECK(item_); // Called directly from Start(), item should still exist.
534 // Since we do blocking I/O, offload this to a worker thread.
535 // The task does not need to block shutdown.
536 BrowserThread::GetBlockingPool()->PostWorkerTaskWithShutdownBehavior(
537 FROM_HERE,
538 base::Bind(&CheckClientDownloadRequest::ExtractFileFeatures,
539 this, item_->GetFullPath()),
540 base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN);
541 }
542
543 void ExtractFileFeatures(const base::FilePath& file_path) {
544 base::TimeTicks start_time = base::TimeTicks::Now();
545 binary_feature_extractor_->CheckSignature(file_path, &signature_info_);
546 bool is_signed = (signature_info_.certificate_chain_size() > 0);
547 if (is_signed) {
548 DVLOG(2) << "Downloaded a signed binary: " << file_path.value();
549 } else {
550 DVLOG(2) << "Downloaded an unsigned binary: "
551 << file_path.value();
552 }
553 UMA_HISTOGRAM_BOOLEAN("SBClientDownload.SignedBinaryDownload", is_signed);
554 UMA_HISTOGRAM_TIMES("SBClientDownload.ExtractSignatureFeaturesTime",
555 base::TimeTicks::Now() - start_time);
556
557 start_time = base::TimeTicks::Now();
558 image_headers_.reset(new ClientDownloadRequest_ImageHeaders());
559 if (!binary_feature_extractor_->ExtractImageFeatures(
560 file_path,
561 BinaryFeatureExtractor::kDefaultOptions,
562 image_headers_.get(),
563 nullptr /* signed_data */)) {
564 image_headers_.reset();
565 }
566 UMA_HISTOGRAM_TIMES("SBClientDownload.ExtractImageHeadersTime",
567 base::TimeTicks::Now() - start_time);
568
569 OnFileFeatureExtractionDone();
570 }
571
572 void StartExtractZipFeatures() {
573 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
574 DCHECK(item_); // Called directly from Start(), item should still exist.
575 zip_analysis_start_time_ = base::TimeTicks::Now();
576 // We give the zip analyzer a weak pointer to this object. Since the
577 // analyzer is refcounted, it might outlive the request.
578 analyzer_ = new SandboxedZipAnalyzer(
579 item_->GetFullPath(),
580 base::Bind(&CheckClientDownloadRequest::OnZipAnalysisFinished,
581 weakptr_factory_.GetWeakPtr()));
582 analyzer_->Start();
583 }
584
585 void OnZipAnalysisFinished(const zip_analyzer::Results& results) {
586 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
587 if (!service_)
588 return;
589 if (results.success) {
590 zipped_executable_ = results.has_executable;
591 archived_binary_.CopyFrom(results.archived_binary);
592 DVLOG(1) << "Zip analysis finished for " << item_->GetFullPath().value()
593 << ", has_executable=" << results.has_executable
594 << " has_archive=" << results.has_archive;
595 } else {
596 DVLOG(1) << "Zip analysis failed for " << item_->GetFullPath().value();
597 }
598 UMA_HISTOGRAM_BOOLEAN("SBClientDownload.ZipFileHasExecutable",
599 zipped_executable_);
600 UMA_HISTOGRAM_BOOLEAN("SBClientDownload.ZipFileHasArchiveButNoExecutable",
601 results.has_archive && !zipped_executable_);
602 UMA_HISTOGRAM_TIMES("SBClientDownload.ExtractZipFeaturesTime",
603 base::TimeTicks::Now() - zip_analysis_start_time_);
604
605 if (!zipped_executable_) {
606 PostFinishTask(UNKNOWN, REASON_ARCHIVE_WITHOUT_BINARIES);
607 return;
608 }
609 OnFileFeatureExtractionDone();
610 }
611
612 static void RecordCountOfSignedOrWhitelistedDownload() {
613 UMA_HISTOGRAM_COUNTS("SBClientDownload.SignedOrWhitelistedDownload", 1);
614 }
615
616 void CheckWhitelists() {
617 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
618
619 if (!database_manager_.get()) {
620 PostFinishTask(UNKNOWN, REASON_SB_DISABLED);
621 return;
622 }
623
624 const GURL& url = url_chain_.back();
625 if (url.is_valid() && database_manager_->MatchDownloadWhitelistUrl(url)) {
626 DVLOG(2) << url << " is on the download whitelist.";
627 RecordCountOfSignedOrWhitelistedDownload();
628 // TODO(grt): Continue processing without uploading so that
629 // ClientDownloadRequest callbacks can be run even for this type of safe
630 // download.
631 PostFinishTask(SAFE, REASON_WHITELISTED_URL);
632 return;
633 }
634
635 if (signature_info_.trusted()) {
636 RecordCountOfSignedOrWhitelistedDownload();
637 for (int i = 0; i < signature_info_.certificate_chain_size(); ++i) {
638 if (CertificateChainIsWhitelisted(
639 signature_info_.certificate_chain(i))) {
640 // TODO(grt): Continue processing without uploading so that
641 // ClientDownloadRequest callbacks can be run even for this type of
642 // safe download.
643 PostFinishTask(SAFE, REASON_TRUSTED_EXECUTABLE);
644 return;
645 }
646 }
647 }
648
649 if (!pingback_enabled_) {
650 PostFinishTask(UNKNOWN, REASON_PING_DISABLED);
651 return;
652 }
653
654 // Currently, the UI only works on Windows so we don't even bother with
655 // pinging the server if we're not on Windows.
656 // TODO(noelutz): change this code once the UI is done for Linux and Mac.
657 #if defined(OS_MACOSX)
658 // TODO(mattm): remove this (see crbug.com/414834).
659 if (base::FieldTrialList::FindFullName("SafeBrowsingOSXClientDownloadPings")
660 != "Enabled") {
661 PostFinishTask(UNKNOWN, REASON_OS_NOT_SUPPORTED);
662 return;
663 }
664 #endif
665 #if defined(OS_WIN) || defined(OS_MACOSX)
666 // The URLFetcher is owned by the UI thread, so post a message to
667 // start the pingback.
668 BrowserThread::PostTask(
669 BrowserThread::UI,
670 FROM_HERE,
671 base::Bind(&CheckClientDownloadRequest::GetTabRedirects, this));
672 #else
673 PostFinishTask(UNKNOWN, REASON_OS_NOT_SUPPORTED);
674 #endif
675 }
676
677 void GetTabRedirects() {
678 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
679 if (!service_)
680 return;
681
682 if (!tab_url_.is_valid()) {
683 SendRequest();
684 return;
685 }
686
687 Profile* profile = Profile::FromBrowserContext(item_->GetBrowserContext());
688 history::HistoryService* history = HistoryServiceFactory::GetForProfile(
689 profile, ServiceAccessType::EXPLICIT_ACCESS);
690 if (!history) {
691 SendRequest();
692 return;
693 }
694
695 history->QueryRedirectsTo(
696 tab_url_,
697 base::Bind(&CheckClientDownloadRequest::OnGotTabRedirects,
698 base::Unretained(this),
699 tab_url_),
700 &request_tracker_);
701 }
702
703 void OnGotTabRedirects(const GURL& url,
704 const history::RedirectList* redirect_list) {
705 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
706 DCHECK_EQ(url, tab_url_);
707 if (!service_)
708 return;
709
710 if (!redirect_list->empty()) {
711 tab_redirects_.insert(
712 tab_redirects_.end(), redirect_list->rbegin(), redirect_list->rend());
713 }
714
715 SendRequest();
716 }
717
718 void SendRequest() {
719 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
720
721 // This is our last chance to check whether the request has been canceled
722 // before sending it.
723 if (!service_)
724 return;
725
726 ClientDownloadRequest request;
727 request.set_url(SanitizeUrl(item_->GetUrlChain().back()));
728 request.mutable_digests()->set_sha256(item_->GetHash());
729 request.set_length(item_->GetReceivedBytes());
730 for (size_t i = 0; i < item_->GetUrlChain().size(); ++i) {
731 ClientDownloadRequest::Resource* resource = request.add_resources();
732 resource->set_url(SanitizeUrl(item_->GetUrlChain()[i]));
733 if (i == item_->GetUrlChain().size() - 1) {
734 // The last URL in the chain is the download URL.
735 resource->set_type(ClientDownloadRequest::DOWNLOAD_URL);
736 resource->set_referrer(SanitizeUrl(item_->GetReferrerUrl()));
737 DVLOG(2) << "dl url " << resource->url();
738 if (!item_->GetRemoteAddress().empty()) {
739 resource->set_remote_ip(item_->GetRemoteAddress());
740 DVLOG(2) << " dl url remote addr: " << resource->remote_ip();
741 }
742 DVLOG(2) << "dl referrer " << resource->referrer();
743 } else {
744 DVLOG(2) << "dl redirect " << i << " " << resource->url();
745 resource->set_type(ClientDownloadRequest::DOWNLOAD_REDIRECT);
746 }
747 // TODO(noelutz): fill out the remote IP addresses.
748 }
749 // TODO(mattm): fill out the remote IP addresses for tab resources.
750 for (size_t i = 0; i < tab_redirects_.size(); ++i) {
751 ClientDownloadRequest::Resource* resource = request.add_resources();
752 DVLOG(2) << "tab redirect " << i << " " << tab_redirects_[i].spec();
753 resource->set_url(SanitizeUrl(tab_redirects_[i]));
754 resource->set_type(ClientDownloadRequest::TAB_REDIRECT);
755 }
756 if (tab_url_.is_valid()) {
757 ClientDownloadRequest::Resource* resource = request.add_resources();
758 resource->set_url(SanitizeUrl(tab_url_));
759 DVLOG(2) << "tab url " << resource->url();
760 resource->set_type(ClientDownloadRequest::TAB_URL);
761 if (tab_referrer_url_.is_valid()) {
762 resource->set_referrer(SanitizeUrl(tab_referrer_url_));
763 DVLOG(2) << "tab referrer " << resource->referrer();
764 }
765 }
766
767 request.set_user_initiated(item_->HasUserGesture());
768 request.set_file_basename(
769 item_->GetTargetFilePath().BaseName().AsUTF8Unsafe());
770 request.set_download_type(type_);
771 request.mutable_signature()->CopyFrom(signature_info_);
772 if (image_headers_)
773 request.set_allocated_image_headers(image_headers_.release());
774 if (!request.SerializeToString(&client_download_request_data_)) {
775 FinishRequest(UNKNOWN, REASON_INVALID_REQUEST_PROTO);
776 return;
777 }
778 if (zipped_executable_)
779 request.mutable_archived_binary()->Swap(&archived_binary_);
780 service_->client_download_request_callbacks_.Notify(item_, &request);
781
782 DVLOG(2) << "Sending a request for URL: "
783 << item_->GetUrlChain().back();
784 fetcher_.reset(net::URLFetcher::Create(0 /* ID used for testing */,
785 GetDownloadRequestUrl(),
786 net::URLFetcher::POST,
787 this));
788 fetcher_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
789 fetcher_->SetAutomaticallyRetryOn5xx(false); // Don't retry on error.
790 fetcher_->SetRequestContext(service_->request_context_getter_.get());
791 fetcher_->SetUploadData("application/octet-stream",
792 client_download_request_data_);
793 request_start_time_ = base::TimeTicks::Now();
794 UMA_HISTOGRAM_COUNTS("SBClientDownload.DownloadRequestPayloadSize",
795 client_download_request_data_.size());
796 fetcher_->Start();
797 }
798
799 void PostFinishTask(DownloadCheckResult result,
800 DownloadCheckResultReason reason) {
801 BrowserThread::PostTask(
802 BrowserThread::UI,
803 FROM_HERE,
804 base::Bind(&CheckClientDownloadRequest::FinishRequest, this, result,
805 reason));
806 }
807
808 void FinishRequest(DownloadCheckResult result,
809 DownloadCheckResultReason reason) {
810 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
811 if (finished_) {
812 return;
813 }
814 finished_ = true;
815 // Ensure the timeout task is cancelled while we still have a non-zero
816 // refcount. (crbug.com/240449)
817 weakptr_factory_.InvalidateWeakPtrs();
818 if (!request_start_time_.is_null()) {
819 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.DownloadRequestNetworkStats",
820 reason,
821 REASON_MAX);
822 }
823 if (!timeout_start_time_.is_null()) {
824 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.DownloadRequestTimeoutStats",
825 reason,
826 REASON_MAX);
827 if (reason != REASON_REQUEST_CANCELED) {
828 UMA_HISTOGRAM_TIMES("SBClientDownload.DownloadRequestTimeoutDuration",
829 base::TimeTicks::Now() - timeout_start_time_);
830 }
831 }
832 if (result == SAFE && (reason == REASON_WHITELISTED_URL ||
833 reason == REASON_TRUSTED_EXECUTABLE)) {
834 // Due to the short-circuit logic in CheckWhitelists (see TODOs there), a
835 // ClientDownloadRequest was not generated for this download and callbacks
836 // were not run. Run them now with null to indicate that a download has
837 // taken place.
838 // TODO(grt): persist metadata for these downloads as well.
839 service_->client_download_request_callbacks_.Notify(item_, nullptr);
840 }
841 if (service_) {
842 DVLOG(2) << "SafeBrowsing download verdict for: "
843 << item_->DebugString(true) << " verdict:" << reason
844 << " result:" << result;
845 UMA_HISTOGRAM_ENUMERATION("SBClientDownload.CheckDownloadStats",
846 reason,
847 REASON_MAX);
848 #if defined(OS_MACOSX)
849 // OSX is currently sending pings only for evaluation purposes, ignore
850 // the result for now.
851 // TODO(mattm): remove this and update the ifdef in
852 // DownloadItemImpl::IsDangerous (see crbug.com/413968).
853 result = UNKNOWN;
854 #endif
855 callback_.Run(result);
856 item_->RemoveObserver(this);
857 item_ = NULL;
858 DownloadProtectionService* service = service_;
859 service_ = NULL;
860 service->RequestFinished(this);
861 // DownloadProtectionService::RequestFinished will decrement our refcount,
862 // so we may be deleted now.
863 } else {
864 callback_.Run(UNKNOWN);
865 }
866 }
867
868 bool CertificateChainIsWhitelisted(
869 const ClientDownloadRequest_CertificateChain& chain) {
870 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
871 if (chain.element_size() < 2) {
872 // We need to have both a signing certificate and its issuer certificate
873 // present to construct a whitelist entry.
874 return false;
875 }
876 scoped_refptr<net::X509Certificate> cert =
877 net::X509Certificate::CreateFromBytes(
878 chain.element(0).certificate().data(),
879 chain.element(0).certificate().size());
880 if (!cert.get()) {
881 return false;
882 }
883
884 for (int i = 1; i < chain.element_size(); ++i) {
885 scoped_refptr<net::X509Certificate> issuer =
886 net::X509Certificate::CreateFromBytes(
887 chain.element(i).certificate().data(),
888 chain.element(i).certificate().size());
889 if (!issuer.get()) {
890 return false;
891 }
892 std::vector<std::string> whitelist_strings;
893 DownloadProtectionService::GetCertificateWhitelistStrings(
894 *cert.get(), *issuer.get(), &whitelist_strings);
895 for (size_t j = 0; j < whitelist_strings.size(); ++j) {
896 if (database_manager_->MatchDownloadWhitelistString(
897 whitelist_strings[j])) {
898 DVLOG(2) << "Certificate matched whitelist, cert="
899 << cert->subject().GetDisplayName()
900 << " issuer=" << issuer->subject().GetDisplayName();
901 return true;
902 }
903 }
904 cert = issuer;
905 }
906 return false;
907 }
908
909 // The DownloadItem we are checking. Will be NULL if the request has been
910 // canceled. Must be accessed only on UI thread.
911 content::DownloadItem* item_;
912 // Copies of data from |item_| for access on other threads.
913 std::vector<GURL> url_chain_;
914 GURL referrer_url_;
915 // URL chain of redirects leading to (but not including) |tab_url|.
916 std::vector<GURL> tab_redirects_;
917 // URL and referrer of the window the download was started from.
918 GURL tab_url_;
919 GURL tab_referrer_url_;
920
921 bool zipped_executable_;
922 ClientDownloadRequest_SignatureInfo signature_info_;
923 scoped_ptr<ClientDownloadRequest_ImageHeaders> image_headers_;
924 google::protobuf::RepeatedPtrField<ClientDownloadRequest_ArchivedBinary>
925 archived_binary_;
926 CheckDownloadCallback callback_;
927 // Will be NULL if the request has been canceled.
928 DownloadProtectionService* service_;
929 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_;
930 scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
931 const bool pingback_enabled_;
932 scoped_ptr<net::URLFetcher> fetcher_;
933 scoped_refptr<SandboxedZipAnalyzer> analyzer_;
934 base::TimeTicks zip_analysis_start_time_;
935 bool finished_;
936 ClientDownloadRequest::DownloadType type_;
937 std::string client_download_request_data_;
938 base::CancelableTaskTracker request_tracker_; // For HistoryService lookup.
939 base::TimeTicks start_time_; // Used for stats.
940 base::TimeTicks timeout_start_time_;
941 base::TimeTicks request_start_time_;
942 base::WeakPtrFactory<CheckClientDownloadRequest> weakptr_factory_;
943
944 DISALLOW_COPY_AND_ASSIGN(CheckClientDownloadRequest);
945 };
946
947 DownloadProtectionService::DownloadProtectionService(
948 SafeBrowsingService* sb_service,
949 net::URLRequestContextGetter* request_context_getter)
950 : request_context_getter_(request_context_getter),
951 enabled_(false),
952 binary_feature_extractor_(new BinaryFeatureExtractor()),
953 download_request_timeout_ms_(kDownloadRequestTimeoutMs),
954 feedback_service_(new DownloadFeedbackService(
955 request_context_getter, BrowserThread::GetBlockingPool())) {
956
957 if (sb_service) {
958 ui_manager_ = sb_service->ui_manager();
959 database_manager_ = sb_service->database_manager();
960 }
961 }
962
963 DownloadProtectionService::~DownloadProtectionService() {
964 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
965 CancelPendingRequests();
966 }
967
968 void DownloadProtectionService::SetEnabled(bool enabled) {
969 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
970 if (enabled == enabled_) {
971 return;
972 }
973 enabled_ = enabled;
974 if (!enabled_) {
975 CancelPendingRequests();
976 }
977 }
978
979 void DownloadProtectionService::CheckClientDownload(
980 content::DownloadItem* item,
981 const CheckDownloadCallback& callback) {
982 scoped_refptr<CheckClientDownloadRequest> request(
983 new CheckClientDownloadRequest(item, callback, this,
984 database_manager_,
985 binary_feature_extractor_.get()));
986 download_requests_.insert(request);
987 request->Start();
988 }
989
990 void DownloadProtectionService::CheckDownloadUrl(
991 const content::DownloadItem& item,
992 const CheckDownloadCallback& callback) {
993 DCHECK(!item.GetUrlChain().empty());
994 scoped_refptr<DownloadUrlSBClient> client(
995 new DownloadUrlSBClient(item, callback, ui_manager_, database_manager_));
996 // The client will release itself once it is done.
997 BrowserThread::PostTask(
998 BrowserThread::IO,
999 FROM_HERE,
1000 base::Bind(&DownloadUrlSBClient::StartCheck, client));
1001 }
1002
1003 bool DownloadProtectionService::IsSupportedDownload(
1004 const content::DownloadItem& item,
1005 const base::FilePath& target_path) const {
1006 // Currently, the UI is only enabled on Windows. On Mac we send the ping but
1007 // ignore the result (see ifdef in FinishRequest). On Linux we still
1008 // want to show the dangerous file type warning if the file is possibly
1009 // dangerous which means we have to always return false here.
1010 #if defined(OS_WIN)
1011 DownloadCheckResultReason reason = REASON_MAX;
1012 ClientDownloadRequest::DownloadType type =
1013 ClientDownloadRequest::WIN_EXECUTABLE;
1014 return (CheckClientDownloadRequest::IsSupportedDownload(
1015 item, target_path, &reason, &type) &&
1016 (ClientDownloadRequest::CHROME_EXTENSION != type));
1017 #else
1018 return false;
1019 #endif
1020 }
1021
1022 DownloadProtectionService::ClientDownloadRequestSubscription
1023 DownloadProtectionService::RegisterClientDownloadRequestCallback(
1024 const ClientDownloadRequestCallback& callback) {
1025 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
1026 return client_download_request_callbacks_.Add(callback);
1027 }
1028
1029 void DownloadProtectionService::CancelPendingRequests() {
1030 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
1031 for (std::set<scoped_refptr<CheckClientDownloadRequest> >::iterator it =
1032 download_requests_.begin();
1033 it != download_requests_.end();) {
1034 // We need to advance the iterator before we cancel because canceling
1035 // the request will invalidate it when RequestFinished is called below.
1036 scoped_refptr<CheckClientDownloadRequest> tmp = *it++;
1037 tmp->Cancel();
1038 }
1039 DCHECK(download_requests_.empty());
1040 }
1041
1042 void DownloadProtectionService::RequestFinished(
1043 CheckClientDownloadRequest* request) {
1044 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
1045 std::set<scoped_refptr<CheckClientDownloadRequest> >::iterator it =
1046 download_requests_.find(request);
1047 DCHECK(it != download_requests_.end());
1048 download_requests_.erase(*it);
1049 }
1050
1051 void DownloadProtectionService::ShowDetailsForDownload(
1052 const content::DownloadItem& item,
1053 content::PageNavigator* navigator) {
1054 GURL learn_more_url(chrome::kDownloadScanningLearnMoreURL);
1055 learn_more_url = google_util::AppendGoogleLocaleParam(
1056 learn_more_url, g_browser_process->GetApplicationLocale());
1057 navigator->OpenURL(
1058 content::OpenURLParams(learn_more_url,
1059 content::Referrer(),
1060 NEW_FOREGROUND_TAB,
1061 ui::PAGE_TRANSITION_LINK,
1062 false));
1063 }
1064
1065 namespace {
1066 // Escapes a certificate attribute so that it can be used in a whitelist
1067 // entry. Currently, we only escape slashes, since they are used as a
1068 // separator between attributes.
1069 std::string EscapeCertAttribute(const std::string& attribute) {
1070 std::string escaped;
1071 for (size_t i = 0; i < attribute.size(); ++i) {
1072 if (attribute[i] == '%') {
1073 escaped.append("%25");
1074 } else if (attribute[i] == '/') {
1075 escaped.append("%2F");
1076 } else {
1077 escaped.push_back(attribute[i]);
1078 }
1079 }
1080 return escaped;
1081 }
1082 } // namespace
1083
1084 // static
1085 void DownloadProtectionService::GetCertificateWhitelistStrings(
1086 const net::X509Certificate& certificate,
1087 const net::X509Certificate& issuer,
1088 std::vector<std::string>* whitelist_strings) {
1089 // The whitelist paths are in the format:
1090 // cert/<ascii issuer fingerprint>[/CN=common_name][/O=org][/OU=unit]
1091 //
1092 // Any of CN, O, or OU may be omitted from the whitelist entry, in which
1093 // case they match anything. However, the attributes that do appear will
1094 // always be in the order shown above. At least one attribute will always
1095 // be present.
1096
1097 const net::CertPrincipal& subject = certificate.subject();
1098 std::vector<std::string> ou_tokens;
1099 for (size_t i = 0; i < subject.organization_unit_names.size(); ++i) {
1100 ou_tokens.push_back(
1101 "/OU=" + EscapeCertAttribute(subject.organization_unit_names[i]));
1102 }
1103
1104 std::vector<std::string> o_tokens;
1105 for (size_t i = 0; i < subject.organization_names.size(); ++i) {
1106 o_tokens.push_back(
1107 "/O=" + EscapeCertAttribute(subject.organization_names[i]));
1108 }
1109
1110 std::string cn_token;
1111 if (!subject.common_name.empty()) {
1112 cn_token = "/CN=" + EscapeCertAttribute(subject.common_name);
1113 }
1114
1115 std::set<std::string> paths_to_check;
1116 if (!cn_token.empty()) {
1117 paths_to_check.insert(cn_token);
1118 }
1119 for (size_t i = 0; i < o_tokens.size(); ++i) {
1120 paths_to_check.insert(cn_token + o_tokens[i]);
1121 paths_to_check.insert(o_tokens[i]);
1122 for (size_t j = 0; j < ou_tokens.size(); ++j) {
1123 paths_to_check.insert(cn_token + o_tokens[i] + ou_tokens[j]);
1124 paths_to_check.insert(o_tokens[i] + ou_tokens[j]);
1125 }
1126 }
1127 for (size_t i = 0; i < ou_tokens.size(); ++i) {
1128 paths_to_check.insert(cn_token + ou_tokens[i]);
1129 paths_to_check.insert(ou_tokens[i]);
1130 }
1131
1132 std::string issuer_fp = base::HexEncode(issuer.fingerprint().data,
1133 sizeof(issuer.fingerprint().data));
1134 for (std::set<std::string>::iterator it = paths_to_check.begin();
1135 it != paths_to_check.end(); ++it) {
1136 whitelist_strings->push_back("cert/" + issuer_fp + *it);
1137 }
1138 }
1139
1140 // static
1141 GURL DownloadProtectionService::GetDownloadRequestUrl() {
1142 GURL url(kDownloadRequestUrl);
1143 std::string api_key = google_apis::GetAPIKey();
1144 if (!api_key.empty())
1145 url = url.Resolve("?key=" + net::EscapeQueryParamValue(api_key, true));
1146
1147 return url;
1148 }
1149
1150 } // namespace safe_browsing