Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / incident_reporting / environment_data_collection_win.cc
blob74b1b67282d248d8815c2c6cf3d2dedf5c77fb51
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/safe_browsing/incident_reporting/environment_data_collection_win.h"
7 #include <windows.h>
8 #include <set>
9 #include <string>
11 #include "base/i18n/case_conversion.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/metrics/histogram_macros.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/win/registry.h"
17 #include "chrome/browser/install_verification/win/module_info.h"
18 #include "chrome/browser/install_verification/win/module_verification_common.h"
19 #include "chrome/browser/net/service_providers_win.h"
20 #include "chrome/browser/safe_browsing/incident_reporting/module_integrity_verifier_win.h"
21 #include "chrome/browser/safe_browsing/path_sanitizer.h"
22 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
23 #include "chrome/common/safe_browsing/csd.pb.h"
24 #include "chrome_elf/chrome_elf_constants.h"
26 namespace safe_browsing {
28 namespace {
30 // The modules on which we will run VerifyModule.
31 const wchar_t* const kModulesToVerify[] = {
32 L"chrome.dll",
33 L"chrome_elf.dll",
34 L"ntdll.dll",
37 // Helper function for expanding all environment variables in |path|.
38 std::wstring ExpandEnvironmentVariables(const std::wstring& path) {
39 static const DWORD kMaxBuffer = 32 * 1024; // Max according to MSDN.
40 std::wstring path_expanded;
41 DWORD path_len = MAX_PATH;
42 do {
43 DWORD result = ExpandEnvironmentStrings(
44 path.c_str(), WriteInto(&path_expanded, path_len), path_len);
45 if (!result) {
46 // Failed to expand variables. Return the original string.
47 DPLOG(ERROR) << path;
48 break;
50 if (result <= path_len)
51 return path_expanded.substr(0, result - 1);
52 path_len = result;
53 } while (path_len < kMaxBuffer);
55 return path;
58 } // namespace
60 bool CollectDlls(ClientIncidentReport_EnvironmentData_Process* process) {
61 // Retrieve the module list.
62 std::set<ModuleInfo> loaded_modules;
63 if (!GetLoadedModules(&loaded_modules))
64 return false;
66 // Sanitize path of each module and add it to the incident report along with
67 // its headers.
68 PathSanitizer path_sanitizer;
69 scoped_refptr<BinaryFeatureExtractor> feature_extractor(
70 new BinaryFeatureExtractor());
71 for (const auto& module : loaded_modules) {
72 base::FilePath dll_path(module.name);
73 base::FilePath sanitized_path(dll_path);
74 path_sanitizer.StripHomeDirectory(&sanitized_path);
76 ClientIncidentReport_EnvironmentData_Process_Dll* dll = process->add_dll();
77 dll->set_path(
78 base::WideToUTF8(base::i18n::ToLower(sanitized_path.value())));
79 dll->set_base_address(module.base_address);
80 dll->set_length(module.size);
81 // TODO(grt): Consider skipping this for valid system modules.
82 if (!feature_extractor->ExtractImageFeatures(
83 dll_path,
84 BinaryFeatureExtractor::kOmitExports,
85 dll->mutable_image_headers(),
86 nullptr /* signed_data */)) {
87 dll->clear_image_headers();
91 return true;
94 void RecordLspFeature(ClientIncidentReport_EnvironmentData_Process* process) {
95 WinsockLayeredServiceProviderList lsp_list;
96 GetWinsockLayeredServiceProviders(&lsp_list);
98 // For each LSP, we extract and sanitize the path.
99 PathSanitizer path_sanitizer;
100 std::set<std::wstring> lsp_paths;
101 for (size_t i = 0; i < lsp_list.size(); ++i) {
102 base::FilePath lsp_path(ExpandEnvironmentVariables(lsp_list[i].path));
103 path_sanitizer.StripHomeDirectory(&lsp_path);
104 lsp_paths.insert(base::i18n::ToLower(lsp_path.value()));
107 // Look for a match between LSPs and loaded dlls.
108 for (int i = 0; i < process->dll_size(); ++i) {
109 if (lsp_paths.count(base::UTF8ToWide(process->dll(i).path()))) {
110 process->mutable_dll(i)
111 ->add_feature(ClientIncidentReport_EnvironmentData_Process_Dll::LSP);
116 void CollectDllBlacklistData(
117 ClientIncidentReport_EnvironmentData_Process* process) {
118 PathSanitizer path_sanitizer;
119 base::win::RegistryValueIterator iter(HKEY_CURRENT_USER,
120 blacklist::kRegistryFinchListPath);
121 for (; iter.Valid(); ++iter) {
122 base::FilePath dll_name(iter.Value());
123 path_sanitizer.StripHomeDirectory(&dll_name);
124 process->add_blacklisted_dll(dll_name.AsUTF8Unsafe());
128 void CollectModuleVerificationData(
129 const wchar_t* const modules_to_verify[],
130 size_t num_modules_to_verify,
131 ClientIncidentReport_EnvironmentData_Process* process) {
132 for (size_t i = 0; i < num_modules_to_verify; ++i) {
133 scoped_ptr<ClientIncidentReport_EnvironmentData_Process_ModuleState>
134 module_state(
135 new ClientIncidentReport_EnvironmentData_Process_ModuleState());
137 VerificationResult result = NewVerifyModule(modules_to_verify[i],
138 module_state.get());
140 std::set<std::string> modified_exports;
141 int num_bytes = 0;
142 int modified = VerifyModule(modules_to_verify[i],
143 &modified_exports,
144 &num_bytes);
146 if (result.state == MODULE_STATE_MODIFIED) {
147 UMA_HISTOGRAM_COUNTS_10000(
148 "ModuleIntegrityVerification.BytesModified.WithoutByteSet",
149 result.num_bytes_different);
152 if (modified == MODULE_STATE_MODIFIED) {
153 UMA_HISTOGRAM_COUNTS_10000(
154 "ModuleIntegrityVerification.BytesModified.WithByteSet",
155 num_bytes);
158 if (modified == MODULE_STATE_MODIFIED ||
159 result.state == MODULE_STATE_MODIFIED) {
160 int difference = abs(result.num_bytes_different - num_bytes);
162 if (result.num_bytes_different > num_bytes) {
163 UMA_HISTOGRAM_COUNTS_10000(
164 "ModuleIntegrityVerification.Difference.WithoutByteSet",
165 difference);
166 } else if (num_bytes > result.num_bytes_different) {
167 UMA_HISTOGRAM_COUNTS_10000(
168 "ModuleIntegrityVerification.Difference.WithByteSet",
169 difference);
173 if (!result.verification_completed) {
174 UMA_HISTOGRAM_COUNTS_100(
175 "ModuleIntegrityVerification.RelocationsUnorderedModuleIndex", i);
178 if (modified == MODULE_STATE_UNMODIFIED)
179 continue;
181 module_state->set_name(base::WideToUTF8(modules_to_verify[i]));
182 // Add 1 to the ModuleState enum to get the corresponding value in the
183 // protobuf's ModuleState enum.
184 module_state->set_modified_state(static_cast<
185 ClientIncidentReport_EnvironmentData_Process_ModuleState_ModifiedState>(
186 modified + 1));
187 for (std::set<std::string>::iterator it = modified_exports.begin();
188 it != modified_exports.end();
189 ++it) {
190 module_state->add_modified_export(*it);
192 process->mutable_module_state()->AddAllocated(module_state.release());
196 void CollectPlatformProcessData(
197 ClientIncidentReport_EnvironmentData_Process* process) {
198 CollectDlls(process);
199 RecordLspFeature(process);
200 CollectDllBlacklistData(process);
201 CollectModuleVerificationData(
202 kModulesToVerify, arraysize(kModulesToVerify), process);
205 } // namespace safe_browsing