search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fire an error if a pref used in the UI is missing once all prefs are fetched.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_database.cc
blob7448e3b073a42dbb6089e0a210240aef435aec39
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
6
7 #include <algorithm>
8 #include <iterator>
9
10 #include "base/bind.h"
11 #include "base/files/file_util.h"
12 #include "base/macros.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/metrics/histogram.h"
15 #include "base/process/process_handle.h"
16 #include "base/process/process_metrics.h"
17 #include "base/sha1.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/time/time.h"
22 #include "chrome/browser/safe_browsing/prefix_set.h"
23 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h"
24 #include "content/public/browser/browser_thread.h"
25 #include "crypto/sha2.h"
26 #include "net/base/net_util.h"
27 #include "url/gurl.h"
28
29 #if defined(OS_MACOSX)
30 #include "base/mac/mac_util.h"
31 #endif
32
33 using content::BrowserThread;
34 using safe_browsing::PrefixSet;
35 using safe_browsing::PrefixSetBuilder;
36
37 namespace {
38
39 // Filename suffix for the bloom filter.
40 const base::FilePath::CharType kBloomFilterFileSuffix[] =
41 FILE_PATH_LITERAL(" Filter 2");
42 // Filename suffix for the prefix set.
43 const base::FilePath::CharType kPrefixSetFileSuffix[] =
44 FILE_PATH_LITERAL(" Prefix Set");
45 // Filename suffix for download store.
46 const base::FilePath::CharType kDownloadDBFile[] =
47 FILE_PATH_LITERAL(" Download");
48 // Filename suffix for client-side phishing detection whitelist store.
49 const base::FilePath::CharType kCsdWhitelistDBFile[] =
50 FILE_PATH_LITERAL(" Csd Whitelist");
51 // Filename suffix for the download whitelist store.
52 const base::FilePath::CharType kDownloadWhitelistDBFile[] =
53 FILE_PATH_LITERAL(" Download Whitelist");
54 // Filename suffix for the off-domain inclusion whitelist store.
55 const base::FilePath::CharType kInclusionWhitelistDBFile[] =
56 FILE_PATH_LITERAL(" Inclusion Whitelist");
57 // Filename suffix for the extension blacklist store.
58 const base::FilePath::CharType kExtensionBlacklistDBFile[] =
59 FILE_PATH_LITERAL(" Extension Blacklist");
60 // Filename suffix for the side-effect free whitelist store.
61 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] =
62 FILE_PATH_LITERAL(" Side-Effect Free Whitelist");
63 // Filename suffix for the csd malware IP blacklist store.
64 const base::FilePath::CharType kIPBlacklistDBFile[] =
65 FILE_PATH_LITERAL(" IP Blacklist");
66 // Filename suffix for the unwanted software blacklist store.
67 const base::FilePath::CharType kUnwantedSoftwareDBFile[] =
68 FILE_PATH_LITERAL(" UwS List");
69
70 // Filename suffix for browse store.
71 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
72 // Unfortunately, to change the name implies lots of transition code
73 // for little benefit. If/when file formats change (say to put all
74 // the data in one file), that would be a convenient point to rectify
75 // this.
76 // TODO(shess): This shouldn't be OS-driven <http://crbug.com/394379>
77 #if defined(OS_ANDROID)
78 // NOTE(shess): This difference is also reflected in the list name in
79 // safe_browsing_util.cc.
80 // TODO(shess): Spin up an alternate list id which can be persisted in the
81 // store. Then if a mistake is made, it won't cause confusion between
82 // incompatible lists.
83 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Mobile");
84 #else
85 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
86 #endif
87
88 // Maximum number of entries we allow in any of the whitelists.
89 // If a whitelist on disk contains more entries then all lookups to
90 // the whitelist will be considered a match.
91 const size_t kMaxWhitelistSize = 5000;
92
93 // If the hash of this exact expression is on a whitelist then all
94 // lookups to this whitelist will be considered a match.
95 const char kWhitelistKillSwitchUrl[] =
96 "sb-ssl.google.com/safebrowsing/csd/killswitch"; // Don't change this!
97
98 // If the hash of this exact expression is on a whitelist then the
99 // malware IP blacklisting feature will be disabled in csd.
100 // Don't change this!
101 const char kMalwareIPKillSwitchUrl[] =
102 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware";
103
104 const size_t kMaxIpPrefixSize = 128;
105 const size_t kMinIpPrefixSize = 1;
106
107 // To save space, the incoming |chunk_id| and |list_id| are combined
108 // into an |encoded_chunk_id| for storage by shifting the |list_id|
109 // into the low-order bits. These functions decode that information.
110 // TODO(lzheng): It was reasonable when database is saved in sqlite, but
111 // there should be better ways to save chunk_id and list_id after we use
112 // SafeBrowsingStoreFile.
113 int GetListIdBit(const int encoded_chunk_id) {
114 return encoded_chunk_id & 1;
115 }
116 int DecodeChunkId(int encoded_chunk_id) {
117 return encoded_chunk_id >> 1;
118 }
119 int EncodeChunkId(const int chunk, const int list_id) {
120 DCHECK_NE(list_id, safe_browsing_util::INVALID);
121 return chunk << 1 | list_id % 2;
122 }
123
124 // Generate the set of full hashes to check for |url|. If
125 // |include_whitelist_hashes| is true we will generate additional path-prefixes
126 // to match against the csd whitelist. E.g., if the path-prefix /foo is on the
127 // whitelist it should also match /foo/bar which is not the case for all the
128 // other lists. We'll also always add a pattern for the empty path.
129 // TODO(shess): This function is almost the same as
130 // |CompareFullHashes()| in safe_browsing_util.cc, except that code
131 // does an early exit on match. Since match should be the infrequent
132 // case (phishing or malware found), consider combining this function
133 // with that one.
134 void UrlToFullHashes(const GURL& url,
135 bool include_whitelist_hashes,
136 std::vector<SBFullHash>* full_hashes) {
137 std::vector<std::string> hosts;
138 if (url.HostIsIPAddress()) {
139 hosts.push_back(url.host());
140 } else {
141 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
142 }
143
144 std::vector<std::string> paths;
145 safe_browsing_util::GeneratePathsToCheck(url, &paths);
146
147 for (size_t i = 0; i < hosts.size(); ++i) {
148 for (size_t j = 0; j < paths.size(); ++j) {
149 const std::string& path = paths[j];
150 full_hashes->push_back(SBFullHashForString(hosts[i] + path));
151
152 // We may have /foo as path-prefix in the whitelist which should
153 // also match with /foo/bar and /foo?bar. Hence, for every path
154 // that ends in '/' we also add the path without the slash.
155 if (include_whitelist_hashes &&
156 path.size() > 1 &&
157 path[path.size() - 1] == '/') {
158 full_hashes->push_back(
159 SBFullHashForString(hosts[i] + path.substr(0, path.size() - 1)));
160 }
161 }
162 }
163 }
164
165 // Helper function to compare addprefixes in |store| with |prefixes|.
166 // The |list_bit| indicates which list (url or hash) to compare.
167 //
168 // Returns true if there is a match, |*prefix_hits| (if non-NULL) will contain
169 // the actual matching prefixes.
170 bool MatchAddPrefixes(SafeBrowsingStore* store,
171 int list_bit,
172 const std::vector<SBPrefix>& prefixes,
173 std::vector<SBPrefix>* prefix_hits) {
174 prefix_hits->clear();
175 bool found_match = false;
176
177 SBAddPrefixes add_prefixes;
178 store->GetAddPrefixes(&add_prefixes);
179 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin();
180 iter != add_prefixes.end(); ++iter) {
181 for (size_t j = 0; j < prefixes.size(); ++j) {
182 const SBPrefix& prefix = prefixes[j];
183 if (prefix == iter->prefix &&
184 GetListIdBit(iter->chunk_id) == list_bit) {
185 prefix_hits->push_back(prefix);
186 found_match = true;
187 }
188 }
189 }
190 return found_match;
191 }
192
193 // This function generates a chunk range string for |chunks|. It
194 // outputs one chunk range string per list and writes it to the
195 // |list_ranges| vector. We expect |list_ranges| to already be of the
196 // right size. E.g., if |chunks| contains chunks with two different
197 // list ids then |list_ranges| must contain two elements.
198 void GetChunkRanges(const std::vector<int>& chunks,
199 std::vector<std::string>* list_ranges) {
200 // Since there are 2 possible list ids, there must be exactly two
201 // list ranges. Even if the chunk data should only contain one
202 // line, this code has to somehow handle corruption.
203 DCHECK_EQ(2U, list_ranges->size());
204
205 std::vector<std::vector<int> > decoded_chunks(list_ranges->size());
206 for (std::vector<int>::const_iterator iter = chunks.begin();
207 iter != chunks.end(); ++iter) {
208 int mod_list_id = GetListIdBit(*iter);
209 DCHECK_GE(mod_list_id, 0);
210 DCHECK_LT(static_cast<size_t>(mod_list_id), decoded_chunks.size());
211 decoded_chunks[mod_list_id].push_back(DecodeChunkId(*iter));
212 }
213 for (size_t i = 0; i < decoded_chunks.size(); ++i) {
214 ChunksToRangeString(decoded_chunks[i], &((*list_ranges)[i]));
215 }
216 }
217
218 // Helper function to create chunk range lists for Browse related
219 // lists.
220 void UpdateChunkRanges(SafeBrowsingStore* store,
221 const std::vector<std::string>& listnames,
222 std::vector<SBListChunkRanges>* lists) {
223 if (!store)
224 return;
225
226 DCHECK_GT(listnames.size(), 0U);
227 DCHECK_LE(listnames.size(), 2U);
228 std::vector<int> add_chunks;
229 std::vector<int> sub_chunks;
230 store->GetAddChunks(&add_chunks);
231 store->GetSubChunks(&sub_chunks);
232
233 // Always decode 2 ranges, even if only the first one is expected.
234 // The loop below will only load as many into |lists| as |listnames|
235 // indicates.
236 std::vector<std::string> adds(2);
237 std::vector<std::string> subs(2);
238 GetChunkRanges(add_chunks, &adds);
239 GetChunkRanges(sub_chunks, &subs);
240
241 for (size_t i = 0; i < listnames.size(); ++i) {
242 const std::string& listname = listnames[i];
243 DCHECK_EQ(safe_browsing_util::GetListId(listname) % 2,
244 static_cast<int>(i % 2));
245 DCHECK_NE(safe_browsing_util::GetListId(listname),
246 safe_browsing_util::INVALID);
247 lists->push_back(SBListChunkRanges(listname));
248 lists->back().adds.swap(adds[i]);
249 lists->back().subs.swap(subs[i]);
250 }
251 }
252
253 void UpdateChunkRangesForLists(SafeBrowsingStore* store,
254 const std::string& listname0,
255 const std::string& listname1,
256 std::vector<SBListChunkRanges>* lists) {
257 std::vector<std::string> listnames;
258 listnames.push_back(listname0);
259 listnames.push_back(listname1);
260 UpdateChunkRanges(store, listnames, lists);
261 }
262
263 void UpdateChunkRangesForList(SafeBrowsingStore* store,
264 const std::string& listname,
265 std::vector<SBListChunkRanges>* lists) {
266 UpdateChunkRanges(store, std::vector<std::string>(1, listname), lists);
267 }
268
269 // This code always checks for non-zero file size. This helper makes
270 // that less verbose.
271 int64 GetFileSizeOrZero(const base::FilePath& file_path) {
272 int64 size_64;
273 if (!base::GetFileSize(file_path, &size_64))
274 return 0;
275 return size_64;
276 }
277
278 // Helper for PrefixSetContainsUrlHashes(). Returns true if an un-expired match
279 // for |full_hash| is found in |cache|, with any matches appended to |results|
280 // (true can be returned with zero matches). |expire_base| is used to check the
281 // cache lifetime of matches, expired matches will be discarded from |cache|.
282 bool GetCachedFullHash(std::map<SBPrefix, SBCachedFullHashResult>* cache,
283 const SBFullHash& full_hash,
284 const base::Time& expire_base,
285 std::vector<SBFullHashResult>* results) {
286 // First check if there is a valid cached result for this prefix.
287 std::map<SBPrefix, SBCachedFullHashResult>::iterator
288 citer = cache->find(full_hash.prefix);
289 if (citer == cache->end())
290 return false;
291
292 // Remove expired entries.
293 SBCachedFullHashResult& cached_result = citer->second;
294 if (cached_result.expire_after <= expire_base) {
295 cache->erase(citer);
296 return false;
297 }
298
299 // Find full-hash matches.
300 std::vector<SBFullHashResult>& cached_hashes = cached_result.full_hashes;
301 for (size_t i = 0; i < cached_hashes.size(); ++i) {
302 if (SBFullHashEqual(full_hash, cached_hashes[i].hash))
303 results->push_back(cached_hashes[i]);
304 }
305
306 return true;
307 }
308
309 SafeBrowsingStoreFile* CreateStore(
310 bool enable,
311 const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
312 if (!enable)
313 return nullptr;
314 return new SafeBrowsingStoreFile(task_runner);
315 }
316
317 } // namespace
318
319 // The default SafeBrowsingDatabaseFactory.
320 class SafeBrowsingDatabaseFactoryImpl : public SafeBrowsingDatabaseFactory {
321 public:
322 SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
323 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
324 bool enable_download_protection,
325 bool enable_client_side_whitelist,
326 bool enable_download_whitelist,
327 bool enable_extension_blacklist,
328 bool enable_side_effect_free_whitelist,
329 bool enable_ip_blacklist,
330 bool enable_unwanted_software_list) override {
331 return new SafeBrowsingDatabaseNew(
332 db_task_runner, CreateStore(true, db_task_runner), // browse_store
333 CreateStore(enable_download_protection, db_task_runner),
334 CreateStore(enable_client_side_whitelist, db_task_runner),
335 CreateStore(enable_download_whitelist, db_task_runner),
336 CreateStore(true, db_task_runner), // inclusion_whitelist_store
337 CreateStore(enable_extension_blacklist, db_task_runner),
338 CreateStore(enable_side_effect_free_whitelist, db_task_runner),
339 CreateStore(enable_ip_blacklist, db_task_runner),
340 CreateStore(enable_unwanted_software_list, db_task_runner));
341 }
342
343 SafeBrowsingDatabaseFactoryImpl() { }
344
345 private:
346 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl);
347 };
348
349 // static
350 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL;
351
352 // Factory method, should be called on the Safe Browsing sequenced task runner,
353 // which is also passed to the function as |current_task_runner|.
354 // TODO(shess): There's no need for a factory any longer. Convert
355 // SafeBrowsingDatabaseNew to SafeBrowsingDatabase, and have Create()
356 // callers just construct things directly.
357 SafeBrowsingDatabase* SafeBrowsingDatabase::Create(
358 const scoped_refptr<base::SequencedTaskRunner>& current_task_runner,
359 bool enable_download_protection,
360 bool enable_client_side_whitelist,
361 bool enable_download_whitelist,
362 bool enable_extension_blacklist,
363 bool enable_side_effect_free_whitelist,
364 bool enable_ip_blacklist,
365 bool enable_unwanted_software_list) {
366 DCHECK(current_task_runner->RunsTasksOnCurrentThread());
367 if (!factory_)
368 factory_ = new SafeBrowsingDatabaseFactoryImpl();
369 return factory_->CreateSafeBrowsingDatabase(
370 current_task_runner, enable_download_protection,
371 enable_client_side_whitelist, enable_download_whitelist,
372 enable_extension_blacklist, enable_side_effect_free_whitelist,
373 enable_ip_blacklist, enable_unwanted_software_list);
374 }
375
376 SafeBrowsingDatabase::~SafeBrowsingDatabase() {
377 }
378
379 // static
380 base::FilePath SafeBrowsingDatabase::BrowseDBFilename(
381 const base::FilePath& db_base_filename) {
382 return base::FilePath(db_base_filename.value() + kBrowseDBFile);
383 }
384
385 // static
386 base::FilePath SafeBrowsingDatabase::DownloadDBFilename(
387 const base::FilePath& db_base_filename) {
388 return base::FilePath(db_base_filename.value() + kDownloadDBFile);
389 }
390
391 // static
392 base::FilePath SafeBrowsingDatabase::BloomFilterForFilename(
393 const base::FilePath& db_filename) {
394 return base::FilePath(db_filename.value() + kBloomFilterFileSuffix);
395 }
396
397 // static
398 base::FilePath SafeBrowsingDatabase::PrefixSetForFilename(
399 const base::FilePath& db_filename) {
400 return base::FilePath(db_filename.value() + kPrefixSetFileSuffix);
401 }
402
403 // static
404 base::FilePath SafeBrowsingDatabase::CsdWhitelistDBFilename(
405 const base::FilePath& db_filename) {
406 return base::FilePath(db_filename.value() + kCsdWhitelistDBFile);
407 }
408
409 // static
410 base::FilePath SafeBrowsingDatabase::DownloadWhitelistDBFilename(
411 const base::FilePath& db_filename) {
412 return base::FilePath(db_filename.value() + kDownloadWhitelistDBFile);
413 }
414
415 // static
416 base::FilePath SafeBrowsingDatabase::InclusionWhitelistDBFilename(
417 const base::FilePath& db_filename) {
418 return base::FilePath(db_filename.value() + kInclusionWhitelistDBFile);
419 }
420
421 // static
422 base::FilePath SafeBrowsingDatabase::ExtensionBlacklistDBFilename(
423 const base::FilePath& db_filename) {
424 return base::FilePath(db_filename.value() + kExtensionBlacklistDBFile);
425 }
426
427 // static
428 base::FilePath SafeBrowsingDatabase::SideEffectFreeWhitelistDBFilename(
429 const base::FilePath& db_filename) {
430 return base::FilePath(db_filename.value() + kSideEffectFreeWhitelistDBFile);
431 }
432
433 // static
434 base::FilePath SafeBrowsingDatabase::IpBlacklistDBFilename(
435 const base::FilePath& db_filename) {
436 return base::FilePath(db_filename.value() + kIPBlacklistDBFile);
437 }
438
439 // static
440 base::FilePath SafeBrowsingDatabase::UnwantedSoftwareDBFilename(
441 const base::FilePath& db_filename) {
442 return base::FilePath(db_filename.value() + kUnwantedSoftwareDBFile);
443 }
444
445 // static
446 void SafeBrowsingDatabase::GetDownloadUrlPrefixes(
447 const std::vector<GURL>& urls,
448 std::vector<SBPrefix>* prefixes) {
449 std::vector<SBFullHash> full_hashes;
450 for (size_t i = 0; i < urls.size(); ++i)
451 UrlToFullHashes(urls[i], false, &full_hashes);
452
453 for (size_t i = 0; i < full_hashes.size(); ++i)
454 prefixes->push_back(full_hashes[i].prefix);
455 }
456
457 SafeBrowsingStore* SafeBrowsingDatabaseNew::GetStore(const int list_id) {
458 // Stores are not thread safe.
459 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
460
461 if (list_id == safe_browsing_util::PHISH ||
462 list_id == safe_browsing_util::MALWARE) {
463 return browse_store_.get();
464 } else if (list_id == safe_browsing_util::BINURL) {
465 return download_store_.get();
466 } else if (list_id == safe_browsing_util::CSDWHITELIST) {
467 return csd_whitelist_store_.get();
468 } else if (list_id == safe_browsing_util::DOWNLOADWHITELIST) {
469 return download_whitelist_store_.get();
470 } else if (list_id == safe_browsing_util::INCLUSIONWHITELIST) {
471 return inclusion_whitelist_store_.get();
472 } else if (list_id == safe_browsing_util::EXTENSIONBLACKLIST) {
473 return extension_blacklist_store_.get();
474 } else if (list_id == safe_browsing_util::SIDEEFFECTFREEWHITELIST) {
475 return side_effect_free_whitelist_store_.get();
476 } else if (list_id == safe_browsing_util::IPBLACKLIST) {
477 return ip_blacklist_store_.get();
478 } else if (list_id == safe_browsing_util::UNWANTEDURL) {
479 return unwanted_software_store_.get();
480 }
481 return NULL;
482 }
483
484 // static
485 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) {
486 UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
487 FAILURE_DATABASE_MAX);
488 }
489
490 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::ReadTransaction {
491 public:
492 const SBWhitelist* GetSBWhitelist(SBWhitelistId id) {
493 switch (id) {
494 case SBWhitelistId::CSD:
495 return &outer_->csd_whitelist_;
496 case SBWhitelistId::DOWNLOAD:
497 return &outer_->download_whitelist_;
498 case SBWhitelistId::INCLUSION:
499 return &outer_->inclusion_whitelist_;
500 }
501 NOTREACHED();
502 return nullptr;
503 }
504
505 const IPBlacklist* ip_blacklist() { return &outer_->ip_blacklist_; }
506
507 const PrefixSet* GetPrefixSet(PrefixSetId id) {
508 switch (id) {
509 case PrefixSetId::BROWSE:
510 return outer_->browse_prefix_set_.get();
511 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
512 return outer_->side_effect_free_whitelist_prefix_set_.get();
513 case PrefixSetId::UNWANTED_SOFTWARE:
514 return outer_->unwanted_software_prefix_set_.get();
515 }
516 NOTREACHED();
517 return nullptr;
518 }
519
520 PrefixGetHashCache* prefix_gethash_cache() {
521 // The cache is special: it is read/write on all threads. Access to it
522 // therefore requires a LOCK'ed transaction (i.e. it can't benefit from
523 // DONT_LOCK_ON_MAIN_THREAD).
524 DCHECK(transaction_lock_);
525 return &outer_->prefix_gethash_cache_;
526 }
527
528 private:
529 // Only ThreadSafeStateManager is allowed to build a ReadTransaction.
530 friend class ThreadSafeStateManager;
531
532 enum class AutoLockRequirement {
533 LOCK,
534 // SBWhitelist's, IPBlacklist's, and PrefixSet's (not caches) are only
535 // ever written to on the main task runner (as enforced by
536 // ThreadSafeStateManager) and can therefore be read on the main task
537 // runner without first acquiring |lock_|.
538 DONT_LOCK_ON_MAIN_TASK_RUNNER
539 };
540
541 ReadTransaction(const ThreadSafeStateManager* outer,
542 AutoLockRequirement auto_lock_requirement)
543 : outer_(outer) {
544 DCHECK(outer_);
545 if (auto_lock_requirement == AutoLockRequirement::LOCK)
546 transaction_lock_.reset(new base::AutoLock(outer_->lock_));
547 else
548 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
549 }
550
551 const ThreadSafeStateManager* outer_;
552 scoped_ptr<base::AutoLock> transaction_lock_;
553
554 DISALLOW_COPY_AND_ASSIGN(ReadTransaction);
555 };
556
557 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::WriteTransaction {
558 public:
559 // Call this method if an error occured with the given whitelist. This will
560 // result in all lookups to the whitelist to return true.
561 void WhitelistEverything(SBWhitelistId id) {
562 SBWhitelist* whitelist = SBWhitelistForId(id);
563 whitelist->second = true;
564 whitelist->first.clear();
565 }
566
567 void SwapSBWhitelist(SBWhitelistId id,
568 std::vector<SBFullHash>* new_whitelist) {
569 SBWhitelist* whitelist = SBWhitelistForId(id);
570 whitelist->second = false;
571 whitelist->first.swap(*new_whitelist);
572 }
573
574 void clear_ip_blacklist() { outer_->ip_blacklist_.clear(); }
575
576 void swap_ip_blacklist(IPBlacklist* new_blacklist) {
577 outer_->ip_blacklist_.swap(*new_blacklist);
578 }
579
580 void SwapPrefixSet(PrefixSetId id,
581 scoped_ptr<const PrefixSet> new_prefix_set) {
582 switch (id) {
583 case PrefixSetId::BROWSE:
584 outer_->browse_prefix_set_.swap(new_prefix_set);
585 break;
586 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
587 outer_->side_effect_free_whitelist_prefix_set_.swap(new_prefix_set);
588 break;
589 case PrefixSetId::UNWANTED_SOFTWARE:
590 outer_->unwanted_software_prefix_set_.swap(new_prefix_set);
591 break;
592 }
593 }
594
595 void clear_prefix_gethash_cache() { outer_->prefix_gethash_cache_.clear(); }
596
597 private:
598 // Only ThreadSafeStateManager is allowed to build a WriteTransaction.
599 friend class ThreadSafeStateManager;
600
601 explicit WriteTransaction(ThreadSafeStateManager* outer)
602 : outer_(outer), transaction_lock_(outer_->lock_) {
603 DCHECK(outer_);
604 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
605 }
606
607 SBWhitelist* SBWhitelistForId(SBWhitelistId id) {
608 switch (id) {
609 case SBWhitelistId::CSD:
610 return &outer_->csd_whitelist_;
611 case SBWhitelistId::DOWNLOAD:
612 return &outer_->download_whitelist_;
613 case SBWhitelistId::INCLUSION:
614 return &outer_->inclusion_whitelist_;
615 }
616 NOTREACHED();
617 return nullptr;
618 }
619
620 ThreadSafeStateManager* outer_;
621 base::AutoLock transaction_lock_;
622
623 DISALLOW_COPY_AND_ASSIGN(WriteTransaction);
624 };
625
626 SafeBrowsingDatabaseNew::ThreadSafeStateManager::ThreadSafeStateManager(
627 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
628 : db_task_runner_(db_task_runner) {
629 }
630
631 SafeBrowsingDatabaseNew::ThreadSafeStateManager::~ThreadSafeStateManager() {
632 }
633
634 SafeBrowsingDatabaseNew::DatabaseStateManager::DatabaseStateManager(
635 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
636 : db_task_runner_(db_task_runner),
637 corruption_detected_(false),
638 change_detected_(false) {
639 }
640
641 SafeBrowsingDatabaseNew::DatabaseStateManager::~DatabaseStateManager() {
642 }
643
644 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction>
645 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginReadTransaction() {
646 return make_scoped_ptr(
647 new ReadTransaction(this, ReadTransaction::AutoLockRequirement::LOCK));
648 }
649
650 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction> SafeBrowsingDatabaseNew::
651 ThreadSafeStateManager::BeginReadTransactionNoLockOnMainTaskRunner() {
652 return make_scoped_ptr(new ReadTransaction(
653 this,
654 ReadTransaction::AutoLockRequirement::DONT_LOCK_ON_MAIN_TASK_RUNNER));
655 }
656
657 scoped_ptr<SafeBrowsingDatabaseNew::WriteTransaction>
658 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginWriteTransaction() {
659 return make_scoped_ptr(new WriteTransaction(this));
660 }
661
662 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew(
663 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
664 SafeBrowsingStore* browse_store,
665 SafeBrowsingStore* download_store,
666 SafeBrowsingStore* csd_whitelist_store,
667 SafeBrowsingStore* download_whitelist_store,
668 SafeBrowsingStore* inclusion_whitelist_store,
669 SafeBrowsingStore* extension_blacklist_store,
670 SafeBrowsingStore* side_effect_free_whitelist_store,
671 SafeBrowsingStore* ip_blacklist_store,
672 SafeBrowsingStore* unwanted_software_store)
673 : db_task_runner_(db_task_runner),
674 state_manager_(db_task_runner_),
675 db_state_manager_(db_task_runner_),
676 browse_store_(browse_store),
677 download_store_(download_store),
678 csd_whitelist_store_(csd_whitelist_store),
679 download_whitelist_store_(download_whitelist_store),
680 inclusion_whitelist_store_(inclusion_whitelist_store),
681 extension_blacklist_store_(extension_blacklist_store),
682 side_effect_free_whitelist_store_(side_effect_free_whitelist_store),
683 ip_blacklist_store_(ip_blacklist_store),
684 unwanted_software_store_(unwanted_software_store),
685 reset_factory_(this) {
686 DCHECK(browse_store_.get());
687 }
688
689 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() {
690 // The DCHECK is disabled due to crbug.com/338486 .
691 // DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
692 }
693
694 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) {
695 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
696
697 db_state_manager_.init_filename_base(filename_base);
698
699 // TODO(shess): The various stores are really only necessary while doing
700 // updates (see |UpdateFinished()|) or when querying a store directly (see
701 // |ContainsDownloadUrl()|).
702 // The store variables are also tested to see if a list is enabled. Perhaps
703 // the stores could be refactored into an update object so that they are only
704 // live in memory while being actively used. The sense of enabled probably
705 // belongs in protocol_manager or database_manager.
706
707 {
708 // NOTE: A transaction here is overkill as there are no pointers to this
709 // class on other threads until this function returns, but it's also
710 // harmless as that also means there is no possibility of contention on the
711 // lock.
712 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
713
714 txn->clear_prefix_gethash_cache();
715
716 browse_store_->Init(
717 BrowseDBFilename(db_state_manager_.filename_base()),
718 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
719 base::Unretained(this)));
720
721 if (unwanted_software_store_.get()) {
722 unwanted_software_store_->Init(
723 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
724 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
725 base::Unretained(this)));
726 }
727 LoadPrefixSet(BrowseDBFilename(db_state_manager_.filename_base()),
728 txn.get(), PrefixSetId::BROWSE,
729 FAILURE_BROWSE_PREFIX_SET_READ);
730 if (unwanted_software_store_.get()) {
731 LoadPrefixSet(
732 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
733 txn.get(), PrefixSetId::UNWANTED_SOFTWARE,
734 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ);
735 }
736
737 if (side_effect_free_whitelist_store_.get()) {
738 const base::FilePath side_effect_free_whitelist_filename =
739 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
740 side_effect_free_whitelist_store_->Init(
741 side_effect_free_whitelist_filename,
742 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
743 base::Unretained(this)));
744
745 LoadPrefixSet(side_effect_free_whitelist_filename, txn.get(),
746 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
747 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ);
748 } else {
749 // Delete any files of the side-effect free sidelist that may be around
750 // from when it was previously enabled.
751 SafeBrowsingStoreFile::DeleteStore(
752 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()));
753 base::DeleteFile(PrefixSetForFilename(SideEffectFreeWhitelistDBFilename(
754 db_state_manager_.filename_base())),
755 false);
756 }
757 }
758 // Note: End the transaction early because LoadWhiteList() and
759 // WhitelistEverything() manage their own transactions.
760
761 if (download_store_.get()) {
762 download_store_->Init(
763 DownloadDBFilename(db_state_manager_.filename_base()),
764 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
765 base::Unretained(this)));
766 }
767
768 if (csd_whitelist_store_.get()) {
769 csd_whitelist_store_->Init(
770 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
771 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
772 base::Unretained(this)));
773
774 std::vector<SBAddFullHash> full_hashes;
775 if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) {
776 LoadWhitelist(full_hashes, SBWhitelistId::CSD);
777 } else {
778 state_manager_.BeginWriteTransaction()->WhitelistEverything(
779 SBWhitelistId::CSD);
780 }
781 } else {
782 state_manager_.BeginWriteTransaction()->WhitelistEverything(
783 SBWhitelistId::CSD); // Just to be safe.
784 }
785
786 if (download_whitelist_store_.get()) {
787 download_whitelist_store_->Init(
788 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
789 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
790 base::Unretained(this)));
791
792 std::vector<SBAddFullHash> full_hashes;
793 if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) {
794 LoadWhitelist(full_hashes, SBWhitelistId::DOWNLOAD);
795 } else {
796 state_manager_.BeginWriteTransaction()->WhitelistEverything(
797 SBWhitelistId::DOWNLOAD);
798 }
799 } else {
800 state_manager_.BeginWriteTransaction()->WhitelistEverything(
801 SBWhitelistId::DOWNLOAD); // Just to be safe.
802 }
803
804 if (inclusion_whitelist_store_.get()) {
805 inclusion_whitelist_store_->Init(
806 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
807 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
808 base::Unretained(this)));
809
810 std::vector<SBAddFullHash> full_hashes;
811 if (inclusion_whitelist_store_->GetAddFullHashes(&full_hashes)) {
812 LoadWhitelist(full_hashes, SBWhitelistId::INCLUSION);
813 } else {
814 state_manager_.BeginWriteTransaction()->WhitelistEverything(
815 SBWhitelistId::INCLUSION);
816 }
817 } else {
818 state_manager_.BeginWriteTransaction()->WhitelistEverything(
819 SBWhitelistId::INCLUSION); // Just to be safe.
820 }
821
822 if (extension_blacklist_store_.get()) {
823 extension_blacklist_store_->Init(
824 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
825 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
826 base::Unretained(this)));
827 }
828
829 if (ip_blacklist_store_.get()) {
830 ip_blacklist_store_->Init(
831 IpBlacklistDBFilename(db_state_manager_.filename_base()),
832 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
833 base::Unretained(this)));
834
835 std::vector<SBAddFullHash> full_hashes;
836 if (ip_blacklist_store_->GetAddFullHashes(&full_hashes)) {
837 LoadIpBlacklist(full_hashes);
838 } else {
839 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
840 }
841 }
842 }
843
844 bool SafeBrowsingDatabaseNew::ResetDatabase() {
845 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
846
847 // Delete files on disk.
848 // TODO(shess): Hard to see where one might want to delete without a
849 // reset. Perhaps inline |Delete()|?
850 if (!Delete())
851 return false;
852
853 // Reset objects in memory.
854 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
855 txn->clear_prefix_gethash_cache();
856 txn->SwapPrefixSet(PrefixSetId::BROWSE, nullptr);
857 txn->SwapPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST, nullptr);
858 txn->SwapPrefixSet(PrefixSetId::UNWANTED_SOFTWARE, nullptr);
859 txn->clear_ip_blacklist();
860 txn->WhitelistEverything(SBWhitelistId::CSD);
861 txn->WhitelistEverything(SBWhitelistId::DOWNLOAD);
862 return true;
863 }
864
865 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl(
866 const GURL& url,
867 std::vector<SBPrefix>* prefix_hits,
868 std::vector<SBFullHashResult>* cache_hits) {
869 return PrefixSetContainsUrl(url, PrefixSetId::BROWSE, prefix_hits,
870 cache_hits);
871 }
872
873 bool SafeBrowsingDatabaseNew::ContainsUnwantedSoftwareUrl(
874 const GURL& url,
875 std::vector<SBPrefix>* prefix_hits,
876 std::vector<SBFullHashResult>* cache_hits) {
877 return PrefixSetContainsUrl(url, PrefixSetId::UNWANTED_SOFTWARE, prefix_hits,
878 cache_hits);
879 }
880
881 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrl(
882 const GURL& url,
883 PrefixSetId prefix_set_id,
884 std::vector<SBPrefix>* prefix_hits,
885 std::vector<SBFullHashResult>* cache_hits) {
886 // Clear the results first.
887 prefix_hits->clear();
888 cache_hits->clear();
889
890 std::vector<SBFullHash> full_hashes;
891 UrlToFullHashes(url, false, &full_hashes);
892 if (full_hashes.empty())
893 return false;
894
895 return PrefixSetContainsUrlHashes(full_hashes, prefix_set_id, prefix_hits,
896 cache_hits);
897 }
898
899 bool SafeBrowsingDatabaseNew::ContainsBrowseUrlHashesForTesting(
900 const std::vector<SBFullHash>& full_hashes,
901 std::vector<SBPrefix>* prefix_hits,
902 std::vector<SBFullHashResult>* cache_hits) {
903 return PrefixSetContainsUrlHashes(full_hashes, PrefixSetId::BROWSE,
904 prefix_hits, cache_hits);
905 }
906
907 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrlHashes(
908 const std::vector<SBFullHash>& full_hashes,
909 PrefixSetId prefix_set_id,
910 std::vector<SBPrefix>* prefix_hits,
911 std::vector<SBFullHashResult>* cache_hits) {
912 // Used to determine cache expiration.
913 const base::Time now = base::Time::Now();
914
915 {
916 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
917
918 // |prefix_set| is empty until it is either read from disk, or the first
919 // update populates it. Bail out without a hit if not yet available.
920 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
921 if (!prefix_set)
922 return false;
923
924 for (size_t i = 0; i < full_hashes.size(); ++i) {
925 if (!GetCachedFullHash(txn->prefix_gethash_cache(), full_hashes[i], now,
926 cache_hits)) {
927 // No valid cached result, check the database.
928 if (prefix_set->Exists(full_hashes[i]))
929 prefix_hits->push_back(full_hashes[i].prefix);
930 }
931 }
932 }
933
934 // Multiple full hashes could share prefix, remove duplicates.
935 std::sort(prefix_hits->begin(), prefix_hits->end());
936 prefix_hits->erase(std::unique(prefix_hits->begin(), prefix_hits->end()),
937 prefix_hits->end());
938
939 return !prefix_hits->empty() || !cache_hits->empty();
940 }
941
942 bool SafeBrowsingDatabaseNew::ContainsDownloadUrlPrefixes(
943 const std::vector<SBPrefix>& prefixes,
944 std::vector<SBPrefix>* prefix_hits) {
945 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
946
947 // Ignore this check when download checking is not enabled.
948 if (!download_store_.get())
949 return false;
950
951 return MatchAddPrefixes(download_store_.get(),
952 safe_browsing_util::BINURL % 2,
953 prefixes,
954 prefix_hits);
955 }
956
957 bool SafeBrowsingDatabaseNew::ContainsCsdWhitelistedUrl(const GURL& url) {
958 std::vector<SBFullHash> full_hashes;
959 UrlToFullHashes(url, true, &full_hashes);
960 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
961 }
962
963 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedUrl(const GURL& url) {
964 std::vector<SBFullHash> full_hashes;
965 UrlToFullHashes(url, true, &full_hashes);
966 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, full_hashes);
967 }
968
969 bool SafeBrowsingDatabaseNew::ContainsInclusionWhitelistedUrl(const GURL& url) {
970 std::vector<SBFullHash> full_hashes;
971 UrlToFullHashes(url, true, &full_hashes);
972 return ContainsWhitelistedHashes(SBWhitelistId::INCLUSION, full_hashes);
973 }
974
975 bool SafeBrowsingDatabaseNew::ContainsExtensionPrefixes(
976 const std::vector<SBPrefix>& prefixes,
977 std::vector<SBPrefix>* prefix_hits) {
978 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
979
980 if (!extension_blacklist_store_)
981 return false;
982
983 return MatchAddPrefixes(extension_blacklist_store_.get(),
984 safe_browsing_util::EXTENSIONBLACKLIST % 2,
985 prefixes,
986 prefix_hits);
987 }
988
989 bool SafeBrowsingDatabaseNew::ContainsSideEffectFreeWhitelistUrl(
990 const GURL& url) {
991 std::string host;
992 std::string path;
993 std::string query;
994 safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query);
995 std::string url_to_check = host + path;
996 if (!query.empty())
997 url_to_check += "?" + query;
998 SBFullHash full_hash = SBFullHashForString(url_to_check);
999
1000 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1001
1002 const PrefixSet* side_effect_free_whitelist_prefix_set =
1003 txn->GetPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST);
1004
1005 // |side_effect_free_whitelist_prefix_set_| is empty until it is either read
1006 // from disk, or the first update populates it. Bail out without a hit if
1007 // not yet available.
1008 if (!side_effect_free_whitelist_prefix_set)
1009 return false;
1010
1011 return side_effect_free_whitelist_prefix_set->Exists(full_hash);
1012 }
1013
1014 bool SafeBrowsingDatabaseNew::ContainsMalwareIP(const std::string& ip_address) {
1015 net::IPAddressNumber ip_number;
1016 if (!net::ParseIPLiteralToNumber(ip_address, &ip_number))
1017 return false;
1018 if (ip_number.size() == net::kIPv4AddressSize)
1019 ip_number = net::ConvertIPv4NumberToIPv6Number(ip_number);
1020 if (ip_number.size() != net::kIPv6AddressSize)
1021 return false; // better safe than sorry.
1022
1023 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1024 const IPBlacklist* ip_blacklist = txn->ip_blacklist();
1025 for (IPBlacklist::const_iterator it = ip_blacklist->begin();
1026 it != ip_blacklist->end(); ++it) {
1027 const std::string& mask = it->first;
1028 DCHECK_EQ(mask.size(), ip_number.size());
1029 std::string subnet(net::kIPv6AddressSize, '\0');
1030 for (size_t i = 0; i < net::kIPv6AddressSize; ++i) {
1031 subnet[i] = ip_number[i] & mask[i];
1032 }
1033 const std::string hash = base::SHA1HashString(subnet);
1034 DVLOG(2) << "Lookup Malware IP: "
1035 << " ip:" << ip_address
1036 << " mask:" << base::HexEncode(mask.data(), mask.size())
1037 << " subnet:" << base::HexEncode(subnet.data(), subnet.size())
1038 << " hash:" << base::HexEncode(hash.data(), hash.size());
1039 if (it->second.count(hash) > 0) {
1040 return true;
1041 }
1042 }
1043 return false;
1044 }
1045
1046 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString(
1047 const std::string& str) {
1048 std::vector<SBFullHash> hashes;
1049 hashes.push_back(SBFullHashForString(str));
1050 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, hashes);
1051 }
1052
1053 bool SafeBrowsingDatabaseNew::ContainsWhitelistedHashes(
1054 SBWhitelistId whitelist_id,
1055 const std::vector<SBFullHash>& hashes) {
1056 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1057 const SBWhitelist* whitelist = txn->GetSBWhitelist(whitelist_id);
1058 if (whitelist->second)
1059 return true;
1060 for (std::vector<SBFullHash>::const_iterator it = hashes.begin();
1061 it != hashes.end(); ++it) {
1062 if (std::binary_search(whitelist->first.begin(), whitelist->first.end(),
1063 *it, SBFullHashLess)) {
1064 return true;
1065 }
1066 }
1067 return false;
1068 }
1069
1070 // Helper to insert add-chunk entries.
1071 void SafeBrowsingDatabaseNew::InsertAddChunk(
1072 SafeBrowsingStore* store,
1073 const safe_browsing_util::ListType list_id,
1074 const SBChunkData& chunk_data) {
1075 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1076 DCHECK(store);
1077
1078 // The server can give us a chunk that we already have because
1079 // it's part of a range. Don't add it again.
1080 const int chunk_id = chunk_data.ChunkNumber();
1081 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1082 if (store->CheckAddChunk(encoded_chunk_id))
1083 return;
1084
1085 store->SetAddChunk(encoded_chunk_id);
1086 if (chunk_data.IsPrefix()) {
1087 const size_t c = chunk_data.PrefixCount();
1088 for (size_t i = 0; i < c; ++i) {
1089 store->WriteAddPrefix(encoded_chunk_id, chunk_data.PrefixAt(i));
1090 }
1091 } else {
1092 const size_t c = chunk_data.FullHashCount();
1093 for (size_t i = 0; i < c; ++i) {
1094 store->WriteAddHash(encoded_chunk_id, chunk_data.FullHashAt(i));
1095 }
1096 }
1097 }
1098
1099 // Helper to insert sub-chunk entries.
1100 void SafeBrowsingDatabaseNew::InsertSubChunk(
1101 SafeBrowsingStore* store,
1102 const safe_browsing_util::ListType list_id,
1103 const SBChunkData& chunk_data) {
1104 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1105 DCHECK(store);
1106
1107 // The server can give us a chunk that we already have because
1108 // it's part of a range. Don't add it again.
1109 const int chunk_id = chunk_data.ChunkNumber();
1110 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1111 if (store->CheckSubChunk(encoded_chunk_id))
1112 return;
1113
1114 store->SetSubChunk(encoded_chunk_id);
1115 if (chunk_data.IsPrefix()) {
1116 const size_t c = chunk_data.PrefixCount();
1117 for (size_t i = 0; i < c; ++i) {
1118 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1119 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1120 store->WriteSubPrefix(encoded_chunk_id, encoded_add_chunk_id,
1121 chunk_data.PrefixAt(i));
1122 }
1123 } else {
1124 const size_t c = chunk_data.FullHashCount();
1125 for (size_t i = 0; i < c; ++i) {
1126 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1127 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1128 store->WriteSubHash(encoded_chunk_id, encoded_add_chunk_id,
1129 chunk_data.FullHashAt(i));
1130 }
1131 }
1132 }
1133
1134 void SafeBrowsingDatabaseNew::InsertChunks(
1135 const std::string& list_name,
1136 const std::vector<SBChunkData*>& chunks) {
1137 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1138
1139 if (db_state_manager_.corruption_detected() || chunks.empty())
1140 return;
1141
1142 const base::TimeTicks before = base::TimeTicks::Now();
1143
1144 // TODO(shess): The caller should just pass list_id.
1145 const safe_browsing_util::ListType list_id =
1146 safe_browsing_util::GetListId(list_name);
1147
1148 SafeBrowsingStore* store = GetStore(list_id);
1149 if (!store) return;
1150
1151 db_state_manager_.set_change_detected();
1152
1153 // TODO(shess): I believe that the list is always add or sub. Can this use
1154 // that productively?
1155 store->BeginChunk();
1156 for (size_t i = 0; i < chunks.size(); ++i) {
1157 if (chunks[i]->IsAdd()) {
1158 InsertAddChunk(store, list_id, *chunks[i]);
1159 } else if (chunks[i]->IsSub()) {
1160 InsertSubChunk(store, list_id, *chunks[i]);
1161 } else {
1162 NOTREACHED();
1163 }
1164 }
1165 store->FinishChunk();
1166
1167 UMA_HISTOGRAM_TIMES("SB2.ChunkInsert", base::TimeTicks::Now() - before);
1168 }
1169
1170 void SafeBrowsingDatabaseNew::DeleteChunks(
1171 const std::vector<SBChunkDelete>& chunk_deletes) {
1172 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1173
1174 if (db_state_manager_.corruption_detected() || chunk_deletes.empty())
1175 return;
1176
1177 const std::string& list_name = chunk_deletes.front().list_name;
1178 const safe_browsing_util::ListType list_id =
1179 safe_browsing_util::GetListId(list_name);
1180
1181 SafeBrowsingStore* store = GetStore(list_id);
1182 if (!store) return;
1183
1184 db_state_manager_.set_change_detected();
1185
1186 for (size_t i = 0; i < chunk_deletes.size(); ++i) {
1187 std::vector<int> chunk_numbers;
1188 RangesToChunks(chunk_deletes[i].chunk_del, &chunk_numbers);
1189 for (size_t j = 0; j < chunk_numbers.size(); ++j) {
1190 const int encoded_chunk_id = EncodeChunkId(chunk_numbers[j], list_id);
1191 if (chunk_deletes[i].is_sub_del)
1192 store->DeleteSubChunk(encoded_chunk_id);
1193 else
1194 store->DeleteAddChunk(encoded_chunk_id);
1195 }
1196 }
1197 }
1198
1199 void SafeBrowsingDatabaseNew::CacheHashResults(
1200 const std::vector<SBPrefix>& prefixes,
1201 const std::vector<SBFullHashResult>& full_hits,
1202 const base::TimeDelta& cache_lifetime) {
1203 const base::Time expire_after = base::Time::Now() + cache_lifetime;
1204
1205 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1206 PrefixGetHashCache* prefix_gethash_cache = txn->prefix_gethash_cache();
1207
1208 // Create or reset all cached results for these prefixes.
1209 for (size_t i = 0; i < prefixes.size(); ++i) {
1210 (*prefix_gethash_cache)[prefixes[i]] = SBCachedFullHashResult(expire_after);
1211 }
1212
1213 // Insert any fullhash hits. Note that there may be one, multiple, or no
1214 // fullhashes for any given entry in |prefixes|.
1215 for (size_t i = 0; i < full_hits.size(); ++i) {
1216 const SBPrefix prefix = full_hits[i].hash.prefix;
1217 (*prefix_gethash_cache)[prefix].full_hashes.push_back(full_hits[i]);
1218 }
1219 }
1220
1221 bool SafeBrowsingDatabaseNew::UpdateStarted(
1222 std::vector<SBListChunkRanges>* lists) {
1223 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1224 DCHECK(lists);
1225
1226 // If |BeginUpdate()| fails, reset the database.
1227 if (!browse_store_->BeginUpdate()) {
1228 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_BEGIN);
1229 HandleCorruptDatabase();
1230 return false;
1231 }
1232
1233 if (download_store_.get() && !download_store_->BeginUpdate()) {
1234 RecordFailure(FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN);
1235 HandleCorruptDatabase();
1236 return false;
1237 }
1238
1239 if (csd_whitelist_store_.get() && !csd_whitelist_store_->BeginUpdate()) {
1240 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1241 HandleCorruptDatabase();
1242 return false;
1243 }
1244
1245 if (download_whitelist_store_.get() &&
1246 !download_whitelist_store_->BeginUpdate()) {
1247 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1248 HandleCorruptDatabase();
1249 return false;
1250 }
1251
1252 if (inclusion_whitelist_store_.get() &&
1253 !inclusion_whitelist_store_->BeginUpdate()) {
1254 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1255 HandleCorruptDatabase();
1256 return false;
1257 }
1258
1259 if (extension_blacklist_store_ &&
1260 !extension_blacklist_store_->BeginUpdate()) {
1261 RecordFailure(FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN);
1262 HandleCorruptDatabase();
1263 return false;
1264 }
1265
1266 if (side_effect_free_whitelist_store_ &&
1267 !side_effect_free_whitelist_store_->BeginUpdate()) {
1268 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN);
1269 HandleCorruptDatabase();
1270 return false;
1271 }
1272
1273 if (ip_blacklist_store_ && !ip_blacklist_store_->BeginUpdate()) {
1274 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_BEGIN);
1275 HandleCorruptDatabase();
1276 return false;
1277 }
1278
1279 if (unwanted_software_store_ && !unwanted_software_store_->BeginUpdate()) {
1280 RecordFailure(FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN);
1281 HandleCorruptDatabase();
1282 return false;
1283 }
1284
1285 // Cached fullhash results must be cleared on every database update (whether
1286 // successful or not).
1287 state_manager_.BeginWriteTransaction()->clear_prefix_gethash_cache();
1288
1289 UpdateChunkRangesForLists(browse_store_.get(),
1290 safe_browsing_util::kMalwareList,
1291 safe_browsing_util::kPhishingList,
1292 lists);
1293
1294 // NOTE(shess): |download_store_| used to contain kBinHashList, which has been
1295 // deprecated. Code to delete the list from the store shows ~15k hits/day as
1296 // of Feb 2014, so it has been removed. Everything _should_ be resilient to
1297 // extra data of that sort.
1298 UpdateChunkRangesForList(download_store_.get(),
1299 safe_browsing_util::kBinUrlList, lists);
1300
1301 UpdateChunkRangesForList(csd_whitelist_store_.get(),
1302 safe_browsing_util::kCsdWhiteList, lists);
1303
1304 UpdateChunkRangesForList(download_whitelist_store_.get(),
1305 safe_browsing_util::kDownloadWhiteList, lists);
1306
1307 UpdateChunkRangesForList(inclusion_whitelist_store_.get(),
1308 safe_browsing_util::kInclusionWhitelist, lists);
1309
1310 UpdateChunkRangesForList(extension_blacklist_store_.get(),
1311 safe_browsing_util::kExtensionBlacklist, lists);
1312
1313 UpdateChunkRangesForList(side_effect_free_whitelist_store_.get(),
1314 safe_browsing_util::kSideEffectFreeWhitelist, lists);
1315
1316 UpdateChunkRangesForList(ip_blacklist_store_.get(),
1317 safe_browsing_util::kIPBlacklist, lists);
1318
1319 UpdateChunkRangesForList(unwanted_software_store_.get(),
1320 safe_browsing_util::kUnwantedUrlList,
1321 lists);
1322
1323 db_state_manager_.reset_corruption_detected();
1324 db_state_manager_.reset_change_detected();
1325 return true;
1326 }
1327
1328 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
1329 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1330
1331 // The update may have failed due to corrupt storage (for instance,
1332 // an excessive number of invalid add_chunks and sub_chunks).
1333 // Double-check that the databases are valid.
1334 // TODO(shess): Providing a checksum for the add_chunk and sub_chunk
1335 // sections would allow throwing a corruption error in
1336 // UpdateStarted().
1337 if (!update_succeeded) {
1338 if (!browse_store_->CheckValidity())
1339 DLOG(ERROR) << "Safe-browsing browse database corrupt.";
1340
1341 if (download_store_.get() && !download_store_->CheckValidity())
1342 DLOG(ERROR) << "Safe-browsing download database corrupt.";
1343
1344 if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity())
1345 DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt.";
1346
1347 if (download_whitelist_store_.get() &&
1348 !download_whitelist_store_->CheckValidity()) {
1349 DLOG(ERROR) << "Safe-browsing download whitelist database corrupt.";
1350 }
1351
1352 if (inclusion_whitelist_store_.get() &&
1353 !inclusion_whitelist_store_->CheckValidity()) {
1354 DLOG(ERROR) << "Safe-browsing inclusion whitelist database corrupt.";
1355 }
1356
1357 if (extension_blacklist_store_ &&
1358 !extension_blacklist_store_->CheckValidity()) {
1359 DLOG(ERROR) << "Safe-browsing extension blacklist database corrupt.";
1360 }
1361
1362 if (side_effect_free_whitelist_store_ &&
1363 !side_effect_free_whitelist_store_->CheckValidity()) {
1364 DLOG(ERROR) << "Safe-browsing side-effect free whitelist database "
1365 << "corrupt.";
1366 }
1367
1368 if (ip_blacklist_store_ && !ip_blacklist_store_->CheckValidity()) {
1369 DLOG(ERROR) << "Safe-browsing IP blacklist database corrupt.";
1370 }
1371
1372 if (unwanted_software_store_ &&
1373 !unwanted_software_store_->CheckValidity()) {
1374 DLOG(ERROR) << "Unwanted software url list database corrupt.";
1375 }
1376 }
1377
1378 if (db_state_manager_.corruption_detected())
1379 return;
1380
1381 // Unroll the transaction if there was a protocol error or if the
1382 // transaction was empty. This will leave the prefix set, the
1383 // pending hashes, and the prefix miss cache in place.
1384 if (!update_succeeded || !db_state_manager_.change_detected()) {
1385 // Track empty updates to answer questions at http://crbug.com/72216 .
1386 if (update_succeeded && !db_state_manager_.change_detected())
1387 UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
1388 browse_store_->CancelUpdate();
1389 if (download_store_.get())
1390 download_store_->CancelUpdate();
1391 if (csd_whitelist_store_.get())
1392 csd_whitelist_store_->CancelUpdate();
1393 if (download_whitelist_store_.get())
1394 download_whitelist_store_->CancelUpdate();
1395 if (inclusion_whitelist_store_.get())
1396 inclusion_whitelist_store_->CancelUpdate();
1397 if (extension_blacklist_store_)
1398 extension_blacklist_store_->CancelUpdate();
1399 if (side_effect_free_whitelist_store_)
1400 side_effect_free_whitelist_store_->CancelUpdate();
1401 if (ip_blacklist_store_)
1402 ip_blacklist_store_->CancelUpdate();
1403 if (unwanted_software_store_)
1404 unwanted_software_store_->CancelUpdate();
1405 return;
1406 }
1407
1408 if (download_store_) {
1409 UpdateHashPrefixStore(DownloadDBFilename(db_state_manager_.filename_base()),
1410 download_store_.get(),
1411 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
1412 }
1413
1414 UpdatePrefixSetUrlStore(BrowseDBFilename(db_state_manager_.filename_base()),
1415 browse_store_.get(), PrefixSetId::BROWSE,
1416 FAILURE_BROWSE_DATABASE_UPDATE_FINISH,
1417 FAILURE_BROWSE_PREFIX_SET_WRITE, true);
1418
1419 UpdateWhitelistStore(
1420 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
1421 csd_whitelist_store_.get(), SBWhitelistId::CSD);
1422 UpdateWhitelistStore(
1423 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
1424 download_whitelist_store_.get(), SBWhitelistId::DOWNLOAD);
1425 UpdateWhitelistStore(
1426 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
1427 inclusion_whitelist_store_.get(), SBWhitelistId::INCLUSION);
1428
1429 if (extension_blacklist_store_) {
1430 UpdateHashPrefixStore(
1431 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
1432 extension_blacklist_store_.get(),
1433 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH);
1434 }
1435
1436 if (side_effect_free_whitelist_store_) {
1437 UpdatePrefixSetUrlStore(
1438 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()),
1439 side_effect_free_whitelist_store_.get(),
1440 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
1441 FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH,
1442 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE, false);
1443 }
1444
1445 if (ip_blacklist_store_)
1446 UpdateIpBlacklistStore();
1447
1448 if (unwanted_software_store_) {
1449 UpdatePrefixSetUrlStore(
1450 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
1451 unwanted_software_store_.get(), PrefixSetId::UNWANTED_SOFTWARE,
1452 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH,
1453 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE, true);
1454 }
1455 }
1456
1457 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
1458 const base::FilePath& store_filename,
1459 SafeBrowsingStore* store,
1460 SBWhitelistId whitelist_id) {
1461 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1462
1463 if (!store)
1464 return;
1465
1466 // Note: |builder| will not be empty. The current data store implementation
1467 // stores all full-length hashes as both full and prefix hashes.
1468 PrefixSetBuilder builder;
1469 std::vector<SBAddFullHash> full_hashes;
1470 if (!store->FinishUpdate(&builder, &full_hashes)) {
1471 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH);
1472 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1473 return;
1474 }
1475
1476 RecordFileSizeHistogram(store_filename);
1477
1478 #if defined(OS_MACOSX)
1479 base::mac::SetFileBackupExclusion(store_filename);
1480 #endif
1481
1482 LoadWhitelist(full_hashes, whitelist_id);
1483 }
1484
1485 void SafeBrowsingDatabaseNew::UpdateHashPrefixStore(
1486 const base::FilePath& store_filename,
1487 SafeBrowsingStore* store,
1488 FailureType failure_type) {
1489 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1490
1491 // These results are not used after this call. Simply ignore the
1492 // returned value after FinishUpdate(...).
1493 PrefixSetBuilder builder;
1494 std::vector<SBAddFullHash> add_full_hashes_result;
1495
1496 if (!store->FinishUpdate(&builder, &add_full_hashes_result))
1497 RecordFailure(failure_type);
1498
1499 RecordFileSizeHistogram(store_filename);
1500
1501 #if defined(OS_MACOSX)
1502 base::mac::SetFileBackupExclusion(store_filename);
1503 #endif
1504 }
1505
1506 void SafeBrowsingDatabaseNew::UpdatePrefixSetUrlStore(
1507 const base::FilePath& db_filename,
1508 SafeBrowsingStore* url_store,
1509 PrefixSetId prefix_set_id,
1510 FailureType finish_failure_type,
1511 FailureType write_failure_type,
1512 bool store_full_hashes_in_prefix_set) {
1513 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1514 DCHECK(url_store);
1515
1516 // Measure the amount of IO during the filter build.
1517 base::IoCounters io_before, io_after;
1518 base::ProcessHandle handle = base::GetCurrentProcessHandle();
1519 scoped_ptr<base::ProcessMetrics> metric(
1520 #if !defined(OS_MACOSX)
1521 base::ProcessMetrics::CreateProcessMetrics(handle)
1522 #else
1523 // Getting stats only for the current process is enough, so NULL is fine.
1524 base::ProcessMetrics::CreateProcessMetrics(handle, NULL)
1525 #endif
1526 );
1527
1528 // IoCounters are currently not supported on Mac, and may not be
1529 // available for Linux, so we check the result and only show IO
1530 // stats if they are available.
1531 const bool got_counters = metric->GetIOCounters(&io_before);
1532
1533 const base::TimeTicks before = base::TimeTicks::Now();
1534
1535 // TODO(shess): Perhaps refactor to let builder accumulate full hashes on the
1536 // fly? Other clients use the SBAddFullHash vector, but AFAICT they only use
1537 // the SBFullHash portion. It would need an accessor on PrefixSet.
1538 PrefixSetBuilder builder;
1539 std::vector<SBAddFullHash> add_full_hashes;
1540 if (!url_store->FinishUpdate(&builder, &add_full_hashes)) {
1541 RecordFailure(finish_failure_type);
1542 return;
1543 }
1544
1545 scoped_ptr<const PrefixSet> new_prefix_set;
1546 if (store_full_hashes_in_prefix_set) {
1547 std::vector<SBFullHash> full_hash_results;
1548 for (size_t i = 0; i < add_full_hashes.size(); ++i) {
1549 full_hash_results.push_back(add_full_hashes[i].full_hash);
1550 }
1551
1552 new_prefix_set = builder.GetPrefixSet(full_hash_results);
1553 } else {
1554 // TODO(gab): Ensure that stores which do not want full hashes just don't
1555 // have full hashes in the first place and remove
1556 // |store_full_hashes_in_prefix_set| and the code specialization incurred
1557 // here.
1558 new_prefix_set = builder.GetPrefixSetNoHashes();
1559 }
1560
1561 // Swap in the newly built filter.
1562 state_manager_.BeginWriteTransaction()->SwapPrefixSet(prefix_set_id,
1563 new_prefix_set.Pass());
1564
1565 UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before);
1566
1567 WritePrefixSet(db_filename, prefix_set_id, write_failure_type);
1568
1569 // Gather statistics.
1570 if (got_counters && metric->GetIOCounters(&io_after)) {
1571 UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes",
1572 static_cast<int>(io_after.ReadTransferCount -
1573 io_before.ReadTransferCount) / 1024);
1574 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes",
1575 static_cast<int>(io_after.WriteTransferCount -
1576 io_before.WriteTransferCount) / 1024);
1577 UMA_HISTOGRAM_COUNTS("SB2.BuildReadOperations",
1578 static_cast<int>(io_after.ReadOperationCount -
1579 io_before.ReadOperationCount));
1580 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteOperations",
1581 static_cast<int>(io_after.WriteOperationCount -
1582 io_before.WriteOperationCount));
1583 }
1584
1585 RecordFileSizeHistogram(db_filename);
1586
1587 #if defined(OS_MACOSX)
1588 base::mac::SetFileBackupExclusion(db_filename);
1589 #endif
1590 }
1591
1592 void SafeBrowsingDatabaseNew::UpdateIpBlacklistStore() {
1593 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1594
1595 // Note: prefixes will not be empty. The current data store implementation
1596 // stores all full-length hashes as both full and prefix hashes.
1597 PrefixSetBuilder builder;
1598 std::vector<SBAddFullHash> full_hashes;
1599 if (!ip_blacklist_store_->FinishUpdate(&builder, &full_hashes)) {
1600 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_FINISH);
1601 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
1602 return;
1603 }
1604
1605 const base::FilePath ip_blacklist_filename =
1606 IpBlacklistDBFilename(db_state_manager_.filename_base());
1607
1608 RecordFileSizeHistogram(ip_blacklist_filename);
1609
1610 #if defined(OS_MACOSX)
1611 base::mac::SetFileBackupExclusion(ip_blacklist_filename);
1612 #endif
1613
1614 LoadIpBlacklist(full_hashes);
1615 }
1616
1617 void SafeBrowsingDatabaseNew::HandleCorruptDatabase() {
1618 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1619
1620 // Reset the database after the current task has unwound (but only
1621 // reset once within the scope of a given task).
1622 if (!reset_factory_.HasWeakPtrs()) {
1623 RecordFailure(FAILURE_DATABASE_CORRUPT);
1624 db_task_runner_->PostTask(
1625 FROM_HERE, base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase,
1626 reset_factory_.GetWeakPtr()));
1627 }
1628 }
1629
1630 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() {
1631 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1632
1633 RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER);
1634 db_state_manager_.set_corruption_detected(); // Stop updating the database.
1635 ResetDatabase();
1636
1637 // NOTE(shess): ResetDatabase() should remove the corruption, so this should
1638 // only happen once. If you are here because you are hitting this after a
1639 // restart, then I would be very interested in working with you to figure out
1640 // what is happening, since it may affect real users.
1641 DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
1642 }
1643
1644 // TODO(shess): I'm not clear why this code doesn't have any
1645 // real error-handling.
1646 void SafeBrowsingDatabaseNew::LoadPrefixSet(const base::FilePath& db_filename,
1647 WriteTransaction* txn,
1648 PrefixSetId prefix_set_id,
1649 FailureType read_failure_type) {
1650 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1651 DCHECK(txn);
1652 DCHECK(!db_state_manager_.filename_base().empty());
1653
1654 // Only use the prefix set if database is present and non-empty.
1655 if (!GetFileSizeOrZero(db_filename))
1656 return;
1657
1658 // Cleanup any stale bloom filter (no longer used).
1659 // TODO(shess): Track existence to drive removal of this code?
1660 const base::FilePath bloom_filter_filename =
1661 BloomFilterForFilename(db_filename);
1662 base::DeleteFile(bloom_filter_filename, false);
1663
1664 const base::TimeTicks before = base::TimeTicks::Now();
1665 scoped_ptr<const PrefixSet> new_prefix_set =
1666 PrefixSet::LoadFile(PrefixSetForFilename(db_filename));
1667 if (!new_prefix_set.get())
1668 RecordFailure(read_failure_type);
1669 txn->SwapPrefixSet(prefix_set_id, new_prefix_set.Pass());
1670 UMA_HISTOGRAM_TIMES("SB2.PrefixSetLoad", base::TimeTicks::Now() - before);
1671 }
1672
1673 bool SafeBrowsingDatabaseNew::Delete() {
1674 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1675 DCHECK(!db_state_manager_.filename_base().empty());
1676
1677 // TODO(shess): This is a mess. SafeBrowsingFileStore::Delete() closes the
1678 // store before calling DeleteStore(). DeleteStore() deletes transient files
1679 // in addition to the main file. Probably all of these should be converted to
1680 // a helper which calls Delete() if the store exists, else DeleteStore() on
1681 // the generated filename.
1682
1683 // TODO(shess): Determine if the histograms are useful in any way. I cannot
1684 // recall any action taken as a result of their values, in which case it might
1685 // make more sense to histogram an overall thumbs-up/-down and just dig deeper
1686 // if something looks wrong.
1687
1688 const bool r1 = browse_store_->Delete();
1689 if (!r1)
1690 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1691
1692 const bool r2 = download_store_.get() ? download_store_->Delete() : true;
1693 if (!r2)
1694 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1695
1696 const bool r3 = csd_whitelist_store_.get() ?
1697 csd_whitelist_store_->Delete() : true;
1698 if (!r3)
1699 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1700
1701 const bool r4 = download_whitelist_store_.get() ?
1702 download_whitelist_store_->Delete() : true;
1703 if (!r4)
1704 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1705
1706 const bool r5 = inclusion_whitelist_store_.get() ?
1707 inclusion_whitelist_store_->Delete() : true;
1708 if (!r5)
1709 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1710
1711 const base::FilePath browse_filename =
1712 BrowseDBFilename(db_state_manager_.filename_base());
1713 const base::FilePath bloom_filter_filename =
1714 BloomFilterForFilename(browse_filename);
1715 const bool r6 = base::DeleteFile(bloom_filter_filename, false);
1716 if (!r6)
1717 RecordFailure(FAILURE_DATABASE_FILTER_DELETE);
1718
1719 const base::FilePath browse_prefix_set_filename =
1720 PrefixSetForFilename(browse_filename);
1721 const bool r7 = base::DeleteFile(browse_prefix_set_filename, false);
1722 if (!r7)
1723 RecordFailure(FAILURE_BROWSE_PREFIX_SET_DELETE);
1724
1725 const base::FilePath extension_blacklist_filename =
1726 ExtensionBlacklistDBFilename(db_state_manager_.filename_base());
1727 const bool r8 = base::DeleteFile(extension_blacklist_filename, false);
1728 if (!r8)
1729 RecordFailure(FAILURE_EXTENSION_BLACKLIST_DELETE);
1730
1731 const base::FilePath side_effect_free_whitelist_filename =
1732 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
1733 const bool r9 = base::DeleteFile(side_effect_free_whitelist_filename,
1734 false);
1735 if (!r9)
1736 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE);
1737
1738 const base::FilePath side_effect_free_whitelist_prefix_set_filename =
1739 PrefixSetForFilename(side_effect_free_whitelist_filename);
1740 const bool r10 = base::DeleteFile(
1741 side_effect_free_whitelist_prefix_set_filename,
1742 false);
1743 if (!r10)
1744 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE);
1745
1746 const bool r11 = base::DeleteFile(
1747 IpBlacklistDBFilename(db_state_manager_.filename_base()), false);
1748 if (!r11)
1749 RecordFailure(FAILURE_IP_BLACKLIST_DELETE);
1750
1751 const bool r12 = base::DeleteFile(
1752 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()), false);
1753 if (!r12)
1754 RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
1755
1756 return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10 && r11 &&
1757 r12;
1758 }
1759
1760 void SafeBrowsingDatabaseNew::WritePrefixSet(const base::FilePath& db_filename,
1761 PrefixSetId prefix_set_id,
1762 FailureType write_failure_type) {
1763 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1764
1765 // Do not grab the lock to avoid contention while writing to disk. This is
1766 // safe as only this task runner can ever modify |state_manager_|'s prefix
1767 // sets anyways.
1768 scoped_ptr<ReadTransaction> txn =
1769 state_manager_.BeginReadTransactionNoLockOnMainTaskRunner();
1770 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
1771
1772 if (!prefix_set)
1773 return;
1774
1775 const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
1776
1777 const base::TimeTicks before = base::TimeTicks::Now();
1778 const bool write_ok = prefix_set->WriteFile(prefix_set_filename);
1779 UMA_HISTOGRAM_TIMES("SB2.PrefixSetWrite", base::TimeTicks::Now() - before);
1780
1781 RecordFileSizeHistogram(prefix_set_filename);
1782
1783 if (!write_ok)
1784 RecordFailure(write_failure_type);
1785
1786 #if defined(OS_MACOSX)
1787 base::mac::SetFileBackupExclusion(prefix_set_filename);
1788 #endif
1789 }
1790
1791 void SafeBrowsingDatabaseNew::LoadWhitelist(
1792 const std::vector<SBAddFullHash>& full_hashes,
1793 SBWhitelistId whitelist_id) {
1794 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1795
1796 if (full_hashes.size() > kMaxWhitelistSize) {
1797 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1798 return;
1799 }
1800
1801 std::vector<SBFullHash> new_whitelist;
1802 new_whitelist.reserve(full_hashes.size());
1803 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1804 it != full_hashes.end(); ++it) {
1805 new_whitelist.push_back(it->full_hash);
1806 }
1807 std::sort(new_whitelist.begin(), new_whitelist.end(), SBFullHashLess);
1808
1809 SBFullHash kill_switch = SBFullHashForString(kWhitelistKillSwitchUrl);
1810 if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
1811 kill_switch, SBFullHashLess)) {
1812 // The kill switch is whitelisted hence we whitelist all URLs.
1813 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1814 } else {
1815 state_manager_.BeginWriteTransaction()->SwapSBWhitelist(whitelist_id,
1816 &new_whitelist);
1817 }
1818 }
1819
1820 void SafeBrowsingDatabaseNew::LoadIpBlacklist(
1821 const std::vector<SBAddFullHash>& full_hashes) {
1822 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1823
1824 IPBlacklist new_blacklist;
1825 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1826 it != full_hashes.end();
1827 ++it) {
1828 const char* full_hash = it->full_hash.full_hash;
1829 DCHECK_EQ(crypto::kSHA256Length, arraysize(it->full_hash.full_hash));
1830 // The format of the IP blacklist is:
1831 // SHA-1(IPv6 prefix) + uint8(prefix size) + 11 unused bytes.
1832 std::string hashed_ip_prefix(full_hash, base::kSHA1Length);
1833 size_t prefix_size = static_cast<uint8>(full_hash[base::kSHA1Length]);
1834 if (prefix_size > kMaxIpPrefixSize || prefix_size < kMinIpPrefixSize) {
1835 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_INVALID);
1836 new_blacklist.clear(); // Load empty blacklist.
1837 break;
1838 }
1839
1840 // We precompute the mask for the given subnet size to speed up lookups.
1841 // Basically we need to create a 16B long string which has the highest
1842 // |size| bits sets to one.
1843 std::string mask(net::kIPv6AddressSize, '\0');
1844 mask.replace(0, prefix_size / 8, prefix_size / 8, '\xFF');
1845 if ((prefix_size % 8) != 0) {
1846 mask[prefix_size / 8] = 0xFF << (8 - (prefix_size % 8));
1847 }
1848 DVLOG(2) << "Inserting malicious IP: "
1849 << " raw:" << base::HexEncode(full_hash, crypto::kSHA256Length)
1850 << " mask:" << base::HexEncode(mask.data(), mask.size())
1851 << " prefix_size:" << prefix_size
1852 << " hashed_ip:" << base::HexEncode(hashed_ip_prefix.data(),
1853 hashed_ip_prefix.size());
1854 new_blacklist[mask].insert(hashed_ip_prefix);
1855 }
1856
1857 state_manager_.BeginWriteTransaction()->swap_ip_blacklist(&new_blacklist);
1858 }
1859
1860 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() {
1861 SBFullHash malware_kill_switch = SBFullHashForString(kMalwareIPKillSwitchUrl);
1862 std::vector<SBFullHash> full_hashes;
1863 full_hashes.push_back(malware_kill_switch);
1864 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
1865 }
1866
1867 bool SafeBrowsingDatabaseNew::IsCsdWhitelistKillSwitchOn() {
1868 return state_manager_.BeginReadTransaction()
1869 ->GetSBWhitelist(SBWhitelistId::CSD)
1870 ->second;
1871 }
1872
1873 SafeBrowsingDatabaseNew::PrefixGetHashCache*
1874 SafeBrowsingDatabaseNew::GetUnsynchronizedPrefixGetHashCacheForTesting() {
1875 return state_manager_.BeginReadTransaction()->prefix_gethash_cache();
1876 }
1877
1878 void SafeBrowsingDatabaseNew::RecordFileSizeHistogram(
1879 const base::FilePath& file_path) {
1880 const int64 file_size = GetFileSizeOrZero(file_path);
1881 const int file_size_kilobytes = static_cast<int>(file_size / 1024);
1882
1883 base::FilePath::StringType filename = file_path.BaseName().value();
1884
1885 // Default to logging DB sizes unless |file_path| points at PrefixSet storage.
1886 std::string histogram_name("SB2.DatabaseSizeKilobytes");
1887 if (EndsWith(filename, kPrefixSetFileSuffix, true)) {
1888 histogram_name = "SB2.PrefixSetSizeKilobytes";
1889 // Clear the PrefixSet suffix to have the histogram suffix selector below
1890 // work the same for PrefixSet-based storage as it does for simple safe
1891 // browsing stores.
1892 // The size of the kPrefixSetFileSuffix is the size of its array minus 1 as
1893 // the array includes the terminating '\0'.
1894 const size_t kPrefixSetSuffixSize = arraysize(kPrefixSetFileSuffix) - 1;
1895 filename.erase(filename.size() - kPrefixSetSuffixSize);
1896 }
1897
1898 // Changes to histogram suffixes below need to be mirrored in the
1899 // SafeBrowsingLists suffix enum in histograms.xml.
1900 if (EndsWith(filename, kBrowseDBFile, true))
1901 histogram_name.append(".Browse");
1902 else if (EndsWith(filename, kDownloadDBFile, true))
1903 histogram_name.append(".Download");
1904 else if (EndsWith(filename, kCsdWhitelistDBFile, true))
1905 histogram_name.append(".CsdWhitelist");
1906 else if (EndsWith(filename, kDownloadWhitelistDBFile, true))
1907 histogram_name.append(".DownloadWhitelist");
1908 else if (EndsWith(filename, kInclusionWhitelistDBFile, true))
1909 histogram_name.append(".InclusionWhitelist");
1910 else if (EndsWith(filename, kExtensionBlacklistDBFile, true))
1911 histogram_name.append(".ExtensionBlacklist");
1912 else if (EndsWith(filename, kSideEffectFreeWhitelistDBFile, true))
1913 histogram_name.append(".SideEffectFreeWhitelist");
1914 else if (EndsWith(filename, kIPBlacklistDBFile, true))
1915 histogram_name.append(".IPBlacklist");
1916 else if (EndsWith(filename, kUnwantedSoftwareDBFile, true))
1917 histogram_name.append(".UnwantedSoftware");
1918 else
1919 NOTREACHED(); // Add support for new lists above.
1920
1921 // Histogram properties as in UMA_HISTOGRAM_COUNTS macro.
1922 base::HistogramBase* histogram_pointer = base::Histogram::FactoryGet(
1923 histogram_name, 1, 1000000, 50,
1924 base::HistogramBase::kUmaTargetedHistogramFlag);
1925
1926 histogram_pointer->Add(file_size_kilobytes);
1927 }