chrome/browser/safe_browsing/database_manager.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 //
   5 // The Safe Browsing service is responsible for downloading anti-phishing and
   6 // anti-malware tables and checking urls against them.
   7
   8 #ifndef CHROME_BROWSER_SAFE_BROWSING_DATABASE_MANAGER_H_
   9 #define CHROME_BROWSER_SAFE_BROWSING_DATABASE_MANAGER_H_
  10
  11 #include <deque>
  12 #include <map>
  13 #include <set>
  14 #include <string>
  15 #include <vector>
  16
  17 #include "base/callback.h"
  18 #include "base/containers/hash_tables.h"
  19 #include "base/memory/ref_counted.h"
  20 #include "base/memory/scoped_ptr.h"
  21 #include "base/synchronization/lock.h"
  22 #include "base/time/time.h"
  23 #include "chrome/browser/safe_browsing/protocol_manager.h"
  24 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
  25 #include "url/gurl.h"
  26
  27 class SafeBrowsingService;
  28 class SafeBrowsingDatabase;
  29
  30 namespace base {
  31 class Thread;
  32 }
  33
  34 namespace net {
  35 class URLRequestContext;
  36 class URLRequestContextGetter;
  37 }
  38
  39 namespace safe_browsing {
  40 class ClientSideDetectionService;
  41 class DownloadProtectionService;
  42 }
  43
  44 // Construction needs to happen on the main thread.
  45 class SafeBrowsingDatabaseManager
  46     : public base::RefCountedThreadSafe<SafeBrowsingDatabaseManager>,
  47       public SafeBrowsingProtocolManagerDelegate {
  48  public:
  49   class Client;
  50
  51   // Bundle of SafeBrowsing state while performing a URL or hash prefix check.
  52   struct SafeBrowsingCheck {
  53     // |check_type| should correspond to the type of item that is being
  54     // checked, either a URL or a binary hash/URL. We store this for two
  55     // purposes: to know which of Client's methods to call when a result is
  56     // known, and for logging purposes. It *isn't* used to predict the response
  57     // list type, that is information that the server gives us.
  58     SafeBrowsingCheck(const std::vector<GURL>& urls,
  59                       const std::vector<SBFullHash>& full_hashes,
  60                       Client* client,
  61                       safe_browsing_util::ListType check_type,
  62                       const std::vector<SBThreatType>& expected_threats);
  63     ~SafeBrowsingCheck();
  64
  65     // Either |urls| or |full_hashes| is used to lookup database. |*_results|
  66     // are parallel vectors containing the results. They are initialized to
  67     // contain SB_THREAT_TYPE_SAFE.
  68     std::vector<GURL> urls;
  69     std::vector<SBThreatType> url_results;
  70     std::vector<SBFullHash> full_hashes;
  71     std::vector<SBThreatType> full_hash_results;
  72
  73     Client* client;
  74     bool need_get_hash;
  75     base::TimeTicks start;  // When check was sent to SB service.
  76     safe_browsing_util::ListType check_type;  // See comment in constructor.
  77     std::vector<SBThreatType> expected_threats;
  78     std::vector<SBPrefix> prefix_hits;
  79     std::vector<SBFullHashResult> cache_hits;
  80
  81     // Vends weak pointers for TimeoutCallback().  If the response is
  82     // received before the timeout fires, factory is destructed and
  83     // the timeout won't be fired.
  84     // TODO(lzheng): We should consider to use this time out check
  85     // for browsing too (instead of implementin in
  86     // safe_browsing_resource_handler.cc).
  87     scoped_ptr<base::WeakPtrFactory<
  88         SafeBrowsingDatabaseManager> > timeout_factory_;
  89
  90    private:
  91     DISALLOW_COPY_AND_ASSIGN(SafeBrowsingCheck);
  92   };
  93
  94   class Client {
  95    public:
  96     void OnSafeBrowsingResult(const SafeBrowsingCheck& check);
  97
  98    protected:
  99     virtual ~Client() {}
 100
 101     // Called when the result of checking a browse URL is known.
 102     virtual void OnCheckBrowseUrlResult(const GURL& url,
 103                                         SBThreatType threat_type) {}
 104
 105     // Called when the result of checking a download URL is known.
 106     virtual void OnCheckDownloadUrlResult(const std::vector<GURL>& url_chain,
 107                                           SBThreatType threat_type) {}
 108
 109     // Called when the result of checking a set of extensions is known.
 110     virtual void OnCheckExtensionsResult(
 111         const std::set<std::string>& threats) {}
 112   };
 113
 114   // Creates the safe browsing service.  Need to initialize before using.
 115   explicit SafeBrowsingDatabaseManager(
 116       const scoped_refptr<SafeBrowsingService>& service);
 117
 118   // Returns true if the url's scheme can be checked.
 119   bool CanCheckUrl(const GURL& url) const;
 120
 121   // Returns whether download protection is enabled.
 122   bool download_protection_enabled() const {
 123     return enable_download_protection_;
 124   }
 125
 126   // Called on the IO thread to check if the given url is safe or not.  If we
 127   // can synchronously determine that the url is safe, CheckUrl returns true.
 128   // Otherwise it returns false, and "client" is called asynchronously with the
 129   // result when it is ready.
 130   virtual bool CheckBrowseUrl(const GURL& url, Client* client);
 131
 132   // Check if the prefix for |url| is in safebrowsing download add lists.
 133   // Result will be passed to callback in |client|.
 134   virtual bool CheckDownloadUrl(const std::vector<GURL>& url_chain,
 135                                 Client* client);
 136
 137   // Check which prefixes in |extension_ids| are in the safebrowsing blacklist.
 138   // Returns true if not, false if further checks need to be made in which case
 139   // the result will be passed to |client|.
 140   virtual bool CheckExtensionIDs(const std::set<std::string>& extension_ids,
 141                                  Client* client);
 142
 143   // Check if the given url is on the side-effect free whitelist.
 144   // Can be called on any thread. Returns false if the check cannot be performed
 145   // (e.g. because we are disabled or because of an invalid scheme in the URL).
 146   // Otherwise, returns true if the URL is on the whitelist based on matching
 147   // the hash prefix only (so there may be false positives).
 148   virtual bool CheckSideEffectFreeWhitelistUrl(const GURL& url);
 149
 150   // Check if the |url| matches any of the full-length hashes from the
 151   // client-side phishing detection whitelist.  Returns true if there was a
 152   // match and false otherwise.  To make sure we are conservative we will return
 153   // true if an error occurs. This method is expected to be called on the IO
 154   // thread.
 155   virtual bool MatchCsdWhitelistUrl(const GURL& url);
 156
 157   // Check if the given IP address (either IPv4 or IPv6) matches the malware
 158   // IP blacklist.
 159   virtual bool MatchMalwareIP(const std::string& ip_address);
 160
 161   // Check if the |url| matches any of the full-length hashes from the
 162   // download whitelist.  Returns true if there was a match and false otherwise.
 163   // To make sure we are conservative we will return true if an error occurs.
 164   // This method is expected to be called on the IO thread.
 165   virtual bool MatchDownloadWhitelistUrl(const GURL& url);
 166
 167   // Check if |str| matches any of the full-length hashes from the download
 168   // whitelist.  Returns true if there was a match and false otherwise.
 169   // To make sure we are conservative we will return true if an error occurs.
 170   // This method is expected to be called on the IO thread.
 171   virtual bool MatchDownloadWhitelistString(const std::string& str);
 172
 173   // Check if the CSD malware IP matching kill switch is turned on.
 174   virtual bool IsMalwareKillSwitchOn();
 175
 176   // Check if the CSD whitelist kill switch is turned on.
 177   virtual bool IsCsdWhitelistKillSwitchOn();
 178
 179   // Called on the IO thread to cancel a pending check if the result is no
 180   // longer needed.
 181   void CancelCheck(Client* client);
 182
 183   // Called on the IO thread when the SafeBrowsingProtocolManager has received
 184   // the full hash results for prefix hits detected in the database.
 185   void HandleGetHashResults(SafeBrowsingCheck* check,
 186                             const std::vector<SBFullHashResult>& full_hashes,
 187                             const base::TimeDelta& cache_lifetime);
 188
 189   // Log the user perceived delay caused by SafeBrowsing. This delay is the time
 190   // delta starting from when we would have started reading data from the
 191   // network, and ending when the SafeBrowsing check completes indicating that
 192   // the current page is 'safe'.
 193   void LogPauseDelay(base::TimeDelta time);
 194
 195   // Called to initialize objects that are used on the io_thread.  This may be
 196   // called multiple times during the life of the DatabaseManager. Should be
 197   // called on IO thread.
 198   void StartOnIOThread();
 199
 200   // Called to stop or shutdown operations on the io_thread. This may be called
 201   // multiple times during the life of the DatabaseManager. Should be called
 202   // on IO thread. If shutdown is true, the manager is disabled permanently.
 203   void StopOnIOThread(bool shutdown);
 204
 205  protected:
 206   virtual ~SafeBrowsingDatabaseManager();
 207
 208   // protected for tests.
 209   void NotifyDatabaseUpdateFinished(bool update_succeeded);
 210
 211  private:
 212   friend class base::RefCountedThreadSafe<SafeBrowsingDatabaseManager>;
 213   friend class SafeBrowsingServerTest;
 214   friend class SafeBrowsingServiceTest;
 215   friend class SafeBrowsingServiceTestHelper;
 216   friend class SafeBrowsingDatabaseManagerTest;
 217
 218   typedef std::set<SafeBrowsingCheck*> CurrentChecks;
 219   typedef std::vector<SafeBrowsingCheck*> GetHashRequestors;
 220   typedef base::hash_map<SBPrefix, GetHashRequestors> GetHashRequests;
 221
 222   // Clients that we've queued up for checking later once the database is ready.
 223   struct QueuedCheck {
 224     QueuedCheck(const safe_browsing_util::ListType check_type,
 225                 Client* client,
 226                 const GURL& url,
 227                 const std::vector<SBThreatType>& expected_threats,
 228                 const base::TimeTicks& start);
 229     ~QueuedCheck();
 230     safe_browsing_util::ListType check_type;
 231     Client* client;
 232     GURL url;
 233     std::vector<SBThreatType> expected_threats;
 234     base::TimeTicks start;  // When check was queued.
 235   };
 236
 237   // Called to stop operations on the io_thread. This may be called multiple
 238   // times during the life of the DatabaseManager. Should be called on IO
 239   // thread.
 240   void DoStopOnIOThread();
 241
 242   // Returns whether |database_| exists and is accessible.
 243   bool DatabaseAvailable() const;
 244
 245   // Called on the IO thread.  If the database does not exist, queues up a call
 246   // on the db thread to create it.  Returns whether the database is available.
 247   //
 248   // Note that this is only needed outside the db thread, since functions on the
 249   // db thread can call GetDatabase() directly.
 250   bool MakeDatabaseAvailable();
 251
 252   // Should only be called on db thread as SafeBrowsingDatabase is not
 253   // threadsafe.
 254   SafeBrowsingDatabase* GetDatabase();
 255
 256   // Called on the IO thread with the check result.
 257   void OnCheckDone(SafeBrowsingCheck* info);
 258
 259   // Called on the database thread to retrieve chunks.
 260   void GetAllChunksFromDatabase(GetChunksCallback callback);
 261
 262   // Called on the IO thread with the results of all chunks.
 263   void OnGetAllChunksFromDatabase(const std::vector<SBListChunkRanges>& lists,
 264                                   bool database_error,
 265                                   GetChunksCallback callback);
 266
 267   // Called on the IO thread after the database reports that it added a chunk.
 268   void OnAddChunksComplete(AddChunksCallback callback);
 269
 270   // Notification that the database is done loading its bloom filter.  We may
 271   // have had to queue checks until the database is ready, and if so, this
 272   // checks them.
 273   void DatabaseLoadComplete();
 274
 275   // Called on the database thread to add/remove chunks and host keys.
 276   // Callee will free the data when it's done.
 277   void AddDatabaseChunks(const std::string& list, SBChunkList* chunks,
 278                          AddChunksCallback callback);
 279
 280   void DeleteDatabaseChunks(std::vector<SBChunkDelete>* chunk_deletes);
 281
 282   void NotifyClientBlockingComplete(Client* client, bool proceed);
 283
 284   void DatabaseUpdateFinished(bool update_succeeded);
 285
 286   // Called on the db thread to close the database.  See CloseDatabase().
 287   void OnCloseDatabase();
 288
 289   // Runs on the db thread to reset the database. We assume that resetting the
 290   // database is a synchronous operation.
 291   void OnResetDatabase();
 292
 293   // Internal worker function for processing full hashes.
 294   void OnHandleGetHashResults(SafeBrowsingCheck* check,
 295                               const std::vector<SBFullHashResult>& full_hashes);
 296
 297   // Run one check against |full_hashes|.  Returns |true| if the check
 298   // finds a match in |full_hashes|.
 299   bool HandleOneCheck(SafeBrowsingCheck* check,
 300                       const std::vector<SBFullHashResult>& full_hashes);
 301
 302   // Invoked by CheckDownloadUrl. It checks the download URL on
 303   // safe_browsing_thread_.
 304   void CheckDownloadUrlOnSBThread(SafeBrowsingCheck* check);
 305
 306   // The callback function when a safebrowsing check is timed out. Client will
 307   // be notified that the safebrowsing check is SAFE when this happens.
 308   void TimeoutCallback(SafeBrowsingCheck* check);
 309
 310   // Calls the Client's callback on IO thread after CheckDownloadUrl finishes.
 311   void CheckDownloadUrlDone(SafeBrowsingCheck* check);
 312
 313   // Checks all extension ID hashes on safe_browsing_thread_.
 314   void CheckExtensionIDsOnSBThread(SafeBrowsingCheck* check);
 315
 316   // Helper function that calls safe browsing client and cleans up |checks_|.
 317   void SafeBrowsingCheckDone(SafeBrowsingCheck* check);
 318
 319   // Helper function to set |check| with default values and start a safe
 320   // browsing check with timeout of |timeout|. |task| will be called on
 321   // success, otherwise TimeoutCallback will be called.
 322   void StartSafeBrowsingCheck(SafeBrowsingCheck* check,
 323                               const base::Closure& task);
 324
 325   // SafeBrowsingProtocolManageDelegate override
 326   virtual void ResetDatabase() OVERRIDE;
 327   virtual void UpdateStarted() OVERRIDE;
 328   virtual void UpdateFinished(bool success) OVERRIDE;
 329   virtual void GetChunks(GetChunksCallback callback) OVERRIDE;
 330   virtual void AddChunks(const std::string& list, SBChunkList* chunks,
 331                          AddChunksCallback callback) OVERRIDE;
 332   virtual void DeleteChunks(
 333       std::vector<SBChunkDelete>* delete_chunks) OVERRIDE;
 334
 335   scoped_refptr<SafeBrowsingService> sb_service_;
 336
 337   CurrentChecks checks_;
 338
 339   // Used for issuing only one GetHash request for a given prefix.
 340   GetHashRequests gethash_requests_;
 341
 342   // The persistent database.  We don't use a scoped_ptr because it
 343   // needs to be destroyed on a different thread than this object.
 344   SafeBrowsingDatabase* database_;
 345
 346   // Lock used to prevent possible data races due to compiler optimizations.
 347   mutable base::Lock database_lock_;
 348
 349   // Whether the service is running. 'enabled_' is used by the
 350   // SafeBrowsingDatabaseManager on the IO thread during normal operations.
 351   bool enabled_;
 352
 353   // Indicate if download_protection is enabled by command switch
 354   // so we allow this feature to be exersized.
 355   bool enable_download_protection_;
 356
 357   // Indicate if client-side phishing detection whitelist should be enabled
 358   // or not.
 359   bool enable_csd_whitelist_;
 360
 361   // Indicate if the download whitelist should be enabled or not.
 362   bool enable_download_whitelist_;
 363
 364   // Indicate if the extension blacklist should be enabled.
 365   bool enable_extension_blacklist_;
 366
 367   // Indicate if the side effect free whitelist should be enabled.
 368   bool enable_side_effect_free_whitelist_;
 369
 370   // Indicate if the csd malware IP blacklist should be enabled.
 371   bool enable_ip_blacklist_;
 372
 373   // The SafeBrowsing thread that runs database operations.
 374   //
 375   // Note: Functions that run on this thread should run synchronously and return
 376   // to the IO thread, not post additional tasks back to this thread, lest we
 377   // cause a race condition at shutdown time that leads to a database leak.
 378   scoped_ptr<base::Thread> safe_browsing_thread_;
 379
 380   // Indicates if we're currently in an update cycle.
 381   bool update_in_progress_;
 382
 383   // When true, newly fetched chunks may not in the database yet since the
 384   // database is still updating.
 385   bool database_update_in_progress_;
 386
 387   // Indicates if we're in the midst of trying to close the database.  If this
 388   // is true, nothing on the IO thread should access the database.
 389   bool closing_database_;
 390
 391   std::deque<QueuedCheck> queued_checks_;
 392
 393   // Timeout to use for safe browsing checks.
 394   base::TimeDelta check_timeout_;
 395
 396   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseManager);
 397 };
 398
 399 #endif  // CHROME_BROWSER_SAFE_BROWSING_DATABASE_MANAGER_H_