search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
base::Time multiplicative operator overloading
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_database.cc
blob4690bf37b5755d669ed1f72c740c200ba8c2a986
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
6
7 #include <algorithm>
8 #include <iterator>
9
10 #include "base/bind.h"
11 #include "base/files/file_util.h"
12 #include "base/macros.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/metrics/histogram.h"
15 #include "base/process/process_handle.h"
16 #include "base/process/process_metrics.h"
17 #include "base/sha1.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/time/time.h"
22 #include "chrome/browser/safe_browsing/prefix_set.h"
23 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h"
24 #include "content/public/browser/browser_thread.h"
25 #include "crypto/sha2.h"
26 #include "net/base/net_util.h"
27 #include "url/gurl.h"
28
29 #if defined(OS_MACOSX)
30 #include "base/mac/mac_util.h"
31 #endif
32
33 using content::BrowserThread;
34 using safe_browsing::PrefixSet;
35 using safe_browsing::PrefixSetBuilder;
36
37 namespace {
38
39 // Filename suffix for the bloom filter.
40 const base::FilePath::CharType kBloomFilterFileSuffix[] =
41 FILE_PATH_LITERAL(" Filter 2");
42 // Filename suffix for the prefix set.
43 const base::FilePath::CharType kPrefixSetFileSuffix[] =
44 FILE_PATH_LITERAL(" Prefix Set");
45 // Filename suffix for download store.
46 const base::FilePath::CharType kDownloadDBFile[] =
47 FILE_PATH_LITERAL(" Download");
48 // Filename suffix for client-side phishing detection whitelist store.
49 const base::FilePath::CharType kCsdWhitelistDBFile[] =
50 FILE_PATH_LITERAL(" Csd Whitelist");
51 // Filename suffix for the download whitelist store.
52 const base::FilePath::CharType kDownloadWhitelistDBFile[] =
53 FILE_PATH_LITERAL(" Download Whitelist");
54 // Filename suffix for the off-domain inclusion whitelist store.
55 const base::FilePath::CharType kInclusionWhitelistDBFile[] =
56 FILE_PATH_LITERAL(" Inclusion Whitelist");
57 // Filename suffix for the extension blacklist store.
58 const base::FilePath::CharType kExtensionBlacklistDBFile[] =
59 FILE_PATH_LITERAL(" Extension Blacklist");
60 // Filename suffix for the side-effect free whitelist store.
61 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] =
62 FILE_PATH_LITERAL(" Side-Effect Free Whitelist");
63 // Filename suffix for the csd malware IP blacklist store.
64 const base::FilePath::CharType kIPBlacklistDBFile[] =
65 FILE_PATH_LITERAL(" IP Blacklist");
66 // Filename suffix for the unwanted software blacklist store.
67 const base::FilePath::CharType kUnwantedSoftwareDBFile[] =
68 FILE_PATH_LITERAL(" UwS List");
69
70 // Filename suffix for browse store.
71 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
72 // Unfortunately, to change the name implies lots of transition code
73 // for little benefit. If/when file formats change (say to put all
74 // the data in one file), that would be a convenient point to rectify
75 // this.
76 // TODO(shess): This shouldn't be OS-driven <http://crbug.com/394379>
77 #if defined(OS_ANDROID)
78 // NOTE(shess): This difference is also reflected in the list name in
79 // safe_browsing_util.cc.
80 // TODO(shess): Spin up an alternate list id which can be persisted in the
81 // store. Then if a mistake is made, it won't cause confusion between
82 // incompatible lists.
83 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Mobile");
84 #else
85 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
86 #endif
87
88 // Maximum number of entries we allow in any of the whitelists.
89 // If a whitelist on disk contains more entries then all lookups to
90 // the whitelist will be considered a match.
91 const size_t kMaxWhitelistSize = 5000;
92
93 // If the hash of this exact expression is on a whitelist then all
94 // lookups to this whitelist will be considered a match.
95 const char kWhitelistKillSwitchUrl[] =
96 "sb-ssl.google.com/safebrowsing/csd/killswitch"; // Don't change this!
97
98 // If the hash of this exact expression is on a whitelist then the
99 // malware IP blacklisting feature will be disabled in csd.
100 // Don't change this!
101 const char kMalwareIPKillSwitchUrl[] =
102 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware";
103
104 const size_t kMaxIpPrefixSize = 128;
105 const size_t kMinIpPrefixSize = 1;
106
107 // To save space, the incoming |chunk_id| and |list_id| are combined
108 // into an |encoded_chunk_id| for storage by shifting the |list_id|
109 // into the low-order bits. These functions decode that information.
110 // TODO(lzheng): It was reasonable when database is saved in sqlite, but
111 // there should be better ways to save chunk_id and list_id after we use
112 // SafeBrowsingStoreFile.
113 int GetListIdBit(const int encoded_chunk_id) {
114 return encoded_chunk_id & 1;
115 }
116 int DecodeChunkId(int encoded_chunk_id) {
117 return encoded_chunk_id >> 1;
118 }
119 int EncodeChunkId(const int chunk, const int list_id) {
120 DCHECK_NE(list_id, safe_browsing_util::INVALID);
121 return chunk << 1 | list_id % 2;
122 }
123
124 // Generate the set of full hashes to check for |url|. If
125 // |include_whitelist_hashes| is true we will generate additional path-prefixes
126 // to match against the csd whitelist. E.g., if the path-prefix /foo is on the
127 // whitelist it should also match /foo/bar which is not the case for all the
128 // other lists. We'll also always add a pattern for the empty path.
129 // TODO(shess): This function is almost the same as
130 // |CompareFullHashes()| in safe_browsing_util.cc, except that code
131 // does an early exit on match. Since match should be the infrequent
132 // case (phishing or malware found), consider combining this function
133 // with that one.
134 void UrlToFullHashes(const GURL& url,
135 bool include_whitelist_hashes,
136 std::vector<SBFullHash>* full_hashes) {
137 std::vector<std::string> hosts;
138 if (url.HostIsIPAddress()) {
139 hosts.push_back(url.host());
140 } else {
141 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
142 }
143
144 std::vector<std::string> paths;
145 safe_browsing_util::GeneratePathsToCheck(url, &paths);
146
147 for (size_t i = 0; i < hosts.size(); ++i) {
148 for (size_t j = 0; j < paths.size(); ++j) {
149 const std::string& path = paths[j];
150 full_hashes->push_back(SBFullHashForString(hosts[i] + path));
151
152 // We may have /foo as path-prefix in the whitelist which should
153 // also match with /foo/bar and /foo?bar. Hence, for every path
154 // that ends in '/' we also add the path without the slash.
155 if (include_whitelist_hashes &&
156 path.size() > 1 &&
157 path[path.size() - 1] == '/') {
158 full_hashes->push_back(
159 SBFullHashForString(hosts[i] + path.substr(0, path.size() - 1)));
160 }
161 }
162 }
163 }
164
165 // Get the prefixes matching the download |urls|.
166 void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
167 std::vector<SBPrefix>* prefixes) {
168 std::vector<SBFullHash> full_hashes;
169 for (size_t i = 0; i < urls.size(); ++i)
170 UrlToFullHashes(urls[i], false, &full_hashes);
171
172 for (size_t i = 0; i < full_hashes.size(); ++i)
173 prefixes->push_back(full_hashes[i].prefix);
174 }
175
176 // Helper function to compare addprefixes in |store| with |prefixes|.
177 // The |list_bit| indicates which list (url or hash) to compare.
178 //
179 // Returns true if there is a match, |*prefix_hits| (if non-NULL) will contain
180 // the actual matching prefixes.
181 bool MatchAddPrefixes(SafeBrowsingStore* store,
182 int list_bit,
183 const std::vector<SBPrefix>& prefixes,
184 std::vector<SBPrefix>* prefix_hits) {
185 prefix_hits->clear();
186 bool found_match = false;
187
188 SBAddPrefixes add_prefixes;
189 store->GetAddPrefixes(&add_prefixes);
190 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin();
191 iter != add_prefixes.end(); ++iter) {
192 for (size_t j = 0; j < prefixes.size(); ++j) {
193 const SBPrefix& prefix = prefixes[j];
194 if (prefix == iter->prefix &&
195 GetListIdBit(iter->chunk_id) == list_bit) {
196 prefix_hits->push_back(prefix);
197 found_match = true;
198 }
199 }
200 }
201 return found_match;
202 }
203
204 // This function generates a chunk range string for |chunks|. It
205 // outputs one chunk range string per list and writes it to the
206 // |list_ranges| vector. We expect |list_ranges| to already be of the
207 // right size. E.g., if |chunks| contains chunks with two different
208 // list ids then |list_ranges| must contain two elements.
209 void GetChunkRanges(const std::vector<int>& chunks,
210 std::vector<std::string>* list_ranges) {
211 // Since there are 2 possible list ids, there must be exactly two
212 // list ranges. Even if the chunk data should only contain one
213 // line, this code has to somehow handle corruption.
214 DCHECK_EQ(2U, list_ranges->size());
215
216 std::vector<std::vector<int> > decoded_chunks(list_ranges->size());
217 for (std::vector<int>::const_iterator iter = chunks.begin();
218 iter != chunks.end(); ++iter) {
219 int mod_list_id = GetListIdBit(*iter);
220 DCHECK_GE(mod_list_id, 0);
221 DCHECK_LT(static_cast<size_t>(mod_list_id), decoded_chunks.size());
222 decoded_chunks[mod_list_id].push_back(DecodeChunkId(*iter));
223 }
224 for (size_t i = 0; i < decoded_chunks.size(); ++i) {
225 ChunksToRangeString(decoded_chunks[i], &((*list_ranges)[i]));
226 }
227 }
228
229 // Helper function to create chunk range lists for Browse related
230 // lists.
231 void UpdateChunkRanges(SafeBrowsingStore* store,
232 const std::vector<std::string>& listnames,
233 std::vector<SBListChunkRanges>* lists) {
234 if (!store)
235 return;
236
237 DCHECK_GT(listnames.size(), 0U);
238 DCHECK_LE(listnames.size(), 2U);
239 std::vector<int> add_chunks;
240 std::vector<int> sub_chunks;
241 store->GetAddChunks(&add_chunks);
242 store->GetSubChunks(&sub_chunks);
243
244 // Always decode 2 ranges, even if only the first one is expected.
245 // The loop below will only load as many into |lists| as |listnames|
246 // indicates.
247 std::vector<std::string> adds(2);
248 std::vector<std::string> subs(2);
249 GetChunkRanges(add_chunks, &adds);
250 GetChunkRanges(sub_chunks, &subs);
251
252 for (size_t i = 0; i < listnames.size(); ++i) {
253 const std::string& listname = listnames[i];
254 DCHECK_EQ(safe_browsing_util::GetListId(listname) % 2,
255 static_cast<int>(i % 2));
256 DCHECK_NE(safe_browsing_util::GetListId(listname),
257 safe_browsing_util::INVALID);
258 lists->push_back(SBListChunkRanges(listname));
259 lists->back().adds.swap(adds[i]);
260 lists->back().subs.swap(subs[i]);
261 }
262 }
263
264 void UpdateChunkRangesForLists(SafeBrowsingStore* store,
265 const std::string& listname0,
266 const std::string& listname1,
267 std::vector<SBListChunkRanges>* lists) {
268 std::vector<std::string> listnames;
269 listnames.push_back(listname0);
270 listnames.push_back(listname1);
271 UpdateChunkRanges(store, listnames, lists);
272 }
273
274 void UpdateChunkRangesForList(SafeBrowsingStore* store,
275 const std::string& listname,
276 std::vector<SBListChunkRanges>* lists) {
277 UpdateChunkRanges(store, std::vector<std::string>(1, listname), lists);
278 }
279
280 // This code always checks for non-zero file size. This helper makes
281 // that less verbose.
282 int64 GetFileSizeOrZero(const base::FilePath& file_path) {
283 int64 size_64;
284 if (!base::GetFileSize(file_path, &size_64))
285 return 0;
286 return size_64;
287 }
288
289 // Helper for PrefixSetContainsUrlHashes(). Returns true if an un-expired match
290 // for |full_hash| is found in |cache|, with any matches appended to |results|
291 // (true can be returned with zero matches). |expire_base| is used to check the
292 // cache lifetime of matches, expired matches will be discarded from |cache|.
293 bool GetCachedFullHash(std::map<SBPrefix, SBCachedFullHashResult>* cache,
294 const SBFullHash& full_hash,
295 const base::Time& expire_base,
296 std::vector<SBFullHashResult>* results) {
297 // First check if there is a valid cached result for this prefix.
298 std::map<SBPrefix, SBCachedFullHashResult>::iterator
299 citer = cache->find(full_hash.prefix);
300 if (citer == cache->end())
301 return false;
302
303 // Remove expired entries.
304 SBCachedFullHashResult& cached_result = citer->second;
305 if (cached_result.expire_after <= expire_base) {
306 cache->erase(citer);
307 return false;
308 }
309
310 // Find full-hash matches.
311 std::vector<SBFullHashResult>& cached_hashes = cached_result.full_hashes;
312 for (size_t i = 0; i < cached_hashes.size(); ++i) {
313 if (SBFullHashEqual(full_hash, cached_hashes[i].hash))
314 results->push_back(cached_hashes[i]);
315 }
316
317 return true;
318 }
319
320 } // namespace
321
322 // The default SafeBrowsingDatabaseFactory.
323 class SafeBrowsingDatabaseFactoryImpl : public SafeBrowsingDatabaseFactory {
324 public:
325 SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
326 bool enable_download_protection,
327 bool enable_client_side_whitelist,
328 bool enable_download_whitelist,
329 bool enable_extension_blacklist,
330 bool enable_side_effect_free_whitelist,
331 bool enable_ip_blacklist,
332 bool enable_unwanted_software_list) override {
333 return new SafeBrowsingDatabaseNew(
334 new SafeBrowsingStoreFile, // browse_store
335 enable_download_protection ? new SafeBrowsingStoreFile : NULL,
336 enable_client_side_whitelist ? new SafeBrowsingStoreFile : NULL,
337 enable_download_whitelist ? new SafeBrowsingStoreFile : NULL,
338 new SafeBrowsingStoreFile, // inclusion_whitelist_store
339 enable_extension_blacklist ? new SafeBrowsingStoreFile : NULL,
340 enable_side_effect_free_whitelist ? new SafeBrowsingStoreFile : NULL,
341 enable_ip_blacklist ? new SafeBrowsingStoreFile : NULL,
342 enable_unwanted_software_list ? new SafeBrowsingStoreFile : NULL);
343 }
344
345 SafeBrowsingDatabaseFactoryImpl() { }
346
347 private:
348 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl);
349 };
350
351 // static
352 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL;
353
354 // Factory method, non-thread safe. Caller has to make sure this is called
355 // on SafeBrowsing Thread.
356 // TODO(shess): There's no need for a factory any longer. Convert
357 // SafeBrowsingDatabaseNew to SafeBrowsingDatabase, and have Create()
358 // callers just construct things directly.
359 SafeBrowsingDatabase* SafeBrowsingDatabase::Create(
360 bool enable_download_protection,
361 bool enable_client_side_whitelist,
362 bool enable_download_whitelist,
363 bool enable_extension_blacklist,
364 bool enable_side_effect_free_whitelist,
365 bool enable_ip_blacklist,
366 bool enable_unwanted_software_list) {
367 if (!factory_)
368 factory_ = new SafeBrowsingDatabaseFactoryImpl();
369 return factory_->CreateSafeBrowsingDatabase(enable_download_protection,
370 enable_client_side_whitelist,
371 enable_download_whitelist,
372 enable_extension_blacklist,
373 enable_side_effect_free_whitelist,
374 enable_ip_blacklist,
375 enable_unwanted_software_list);
376 }
377
378 SafeBrowsingDatabase::~SafeBrowsingDatabase() {
379 }
380
381 // static
382 base::FilePath SafeBrowsingDatabase::BrowseDBFilename(
383 const base::FilePath& db_base_filename) {
384 return base::FilePath(db_base_filename.value() + kBrowseDBFile);
385 }
386
387 // static
388 base::FilePath SafeBrowsingDatabase::DownloadDBFilename(
389 const base::FilePath& db_base_filename) {
390 return base::FilePath(db_base_filename.value() + kDownloadDBFile);
391 }
392
393 // static
394 base::FilePath SafeBrowsingDatabase::BloomFilterForFilename(
395 const base::FilePath& db_filename) {
396 return base::FilePath(db_filename.value() + kBloomFilterFileSuffix);
397 }
398
399 // static
400 base::FilePath SafeBrowsingDatabase::PrefixSetForFilename(
401 const base::FilePath& db_filename) {
402 return base::FilePath(db_filename.value() + kPrefixSetFileSuffix);
403 }
404
405 // static
406 base::FilePath SafeBrowsingDatabase::CsdWhitelistDBFilename(
407 const base::FilePath& db_filename) {
408 return base::FilePath(db_filename.value() + kCsdWhitelistDBFile);
409 }
410
411 // static
412 base::FilePath SafeBrowsingDatabase::DownloadWhitelistDBFilename(
413 const base::FilePath& db_filename) {
414 return base::FilePath(db_filename.value() + kDownloadWhitelistDBFile);
415 }
416
417 // static
418 base::FilePath SafeBrowsingDatabase::InclusionWhitelistDBFilename(
419 const base::FilePath& db_filename) {
420 return base::FilePath(db_filename.value() + kInclusionWhitelistDBFile);
421 }
422
423 // static
424 base::FilePath SafeBrowsingDatabase::ExtensionBlacklistDBFilename(
425 const base::FilePath& db_filename) {
426 return base::FilePath(db_filename.value() + kExtensionBlacklistDBFile);
427 }
428
429 // static
430 base::FilePath SafeBrowsingDatabase::SideEffectFreeWhitelistDBFilename(
431 const base::FilePath& db_filename) {
432 return base::FilePath(db_filename.value() + kSideEffectFreeWhitelistDBFile);
433 }
434
435 // static
436 base::FilePath SafeBrowsingDatabase::IpBlacklistDBFilename(
437 const base::FilePath& db_filename) {
438 return base::FilePath(db_filename.value() + kIPBlacklistDBFile);
439 }
440
441 // static
442 base::FilePath SafeBrowsingDatabase::UnwantedSoftwareDBFilename(
443 const base::FilePath& db_filename) {
444 return base::FilePath(db_filename.value() + kUnwantedSoftwareDBFile);
445 }
446
447 SafeBrowsingStore* SafeBrowsingDatabaseNew::GetStore(const int list_id) {
448 // Stores are not thread safe.
449 DCHECK(thread_checker_.CalledOnValidThread());
450
451 if (list_id == safe_browsing_util::PHISH ||
452 list_id == safe_browsing_util::MALWARE) {
453 return browse_store_.get();
454 } else if (list_id == safe_browsing_util::BINURL) {
455 return download_store_.get();
456 } else if (list_id == safe_browsing_util::CSDWHITELIST) {
457 return csd_whitelist_store_.get();
458 } else if (list_id == safe_browsing_util::DOWNLOADWHITELIST) {
459 return download_whitelist_store_.get();
460 } else if (list_id == safe_browsing_util::INCLUSIONWHITELIST) {
461 return inclusion_whitelist_store_.get();
462 } else if (list_id == safe_browsing_util::EXTENSIONBLACKLIST) {
463 return extension_blacklist_store_.get();
464 } else if (list_id == safe_browsing_util::SIDEEFFECTFREEWHITELIST) {
465 return side_effect_free_whitelist_store_.get();
466 } else if (list_id == safe_browsing_util::IPBLACKLIST) {
467 return ip_blacklist_store_.get();
468 } else if (list_id == safe_browsing_util::UNWANTEDURL) {
469 return unwanted_software_store_.get();
470 }
471 return NULL;
472 }
473
474 // static
475 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) {
476 UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
477 FAILURE_DATABASE_MAX);
478 }
479
480 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::ReadTransaction {
481 public:
482 const SBWhitelist* GetSBWhitelist(SBWhitelistId id) {
483 switch (id) {
484 case SBWhitelistId::CSD:
485 return &outer_->csd_whitelist_;
486 case SBWhitelistId::DOWNLOAD:
487 return &outer_->download_whitelist_;
488 case SBWhitelistId::INCLUSION:
489 return &outer_->inclusion_whitelist_;
490 }
491 NOTREACHED();
492 return nullptr;
493 }
494
495 const IPBlacklist* ip_blacklist() { return &outer_->ip_blacklist_; }
496
497 const PrefixSet* GetPrefixSet(PrefixSetId id) {
498 switch (id) {
499 case PrefixSetId::BROWSE:
500 return outer_->browse_prefix_set_.get();
501 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
502 return outer_->side_effect_free_whitelist_prefix_set_.get();
503 case PrefixSetId::UNWANTED_SOFTWARE:
504 return outer_->unwanted_software_prefix_set_.get();
505 }
506 NOTREACHED();
507 return nullptr;
508 }
509
510 PrefixGetHashCache* prefix_gethash_cache() {
511 // The cache is special: it is read/write on all threads. Access to it
512 // therefore requires a LOCK'ed transaction (i.e. it can't benefit from
513 // DONT_LOCK_ON_MAIN_THREAD).
514 DCHECK(transaction_lock_);
515 return &outer_->prefix_gethash_cache_;
516 }
517
518 private:
519 // Only ThreadSafeStateManager is allowed to build a ReadTransaction.
520 friend class ThreadSafeStateManager;
521
522 enum class AutoLockRequirement {
523 LOCK,
524 // SBWhitelist's, IPBlacklist's, and PrefixSet's (not caches) are only
525 // ever written to on the main thread (as enforced by
526 // ThreadSafeStateManager) and can therefore be read on the main thread
527 // without first acquiring |lock_|.
528 DONT_LOCK_ON_MAIN_THREAD
529 };
530
531 ReadTransaction(const ThreadSafeStateManager* outer,
532 AutoLockRequirement auto_lock_requirement)
533 : outer_(outer) {
534 DCHECK(outer_);
535 if (auto_lock_requirement == AutoLockRequirement::LOCK)
536 transaction_lock_.reset(new base::AutoLock(outer_->lock_));
537 else
538 DCHECK(outer_->thread_checker_.CalledOnValidThread());
539 }
540
541 const ThreadSafeStateManager* outer_;
542 scoped_ptr<base::AutoLock> transaction_lock_;
543
544 DISALLOW_COPY_AND_ASSIGN(ReadTransaction);
545 };
546
547 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::WriteTransaction {
548 public:
549 // Call this method if an error occured with the given whitelist. This will
550 // result in all lookups to the whitelist to return true.
551 void WhitelistEverything(SBWhitelistId id) {
552 SBWhitelist* whitelist = SBWhitelistForId(id);
553 whitelist->second = true;
554 whitelist->first.clear();
555 }
556
557 void SwapSBWhitelist(SBWhitelistId id,
558 std::vector<SBFullHash>* new_whitelist) {
559 SBWhitelist* whitelist = SBWhitelistForId(id);
560 whitelist->second = false;
561 whitelist->first.swap(*new_whitelist);
562 }
563
564 void clear_ip_blacklist() { outer_->ip_blacklist_.clear(); }
565
566 void swap_ip_blacklist(IPBlacklist* new_blacklist) {
567 outer_->ip_blacklist_.swap(*new_blacklist);
568 }
569
570 void SwapPrefixSet(PrefixSetId id,
571 scoped_ptr<const PrefixSet> new_prefix_set) {
572 switch (id) {
573 case PrefixSetId::BROWSE:
574 outer_->browse_prefix_set_.swap(new_prefix_set);
575 break;
576 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
577 outer_->side_effect_free_whitelist_prefix_set_.swap(new_prefix_set);
578 break;
579 case PrefixSetId::UNWANTED_SOFTWARE:
580 outer_->unwanted_software_prefix_set_.swap(new_prefix_set);
581 break;
582 }
583 }
584
585 void clear_prefix_gethash_cache() { outer_->prefix_gethash_cache_.clear(); }
586
587 private:
588 // Only ThreadSafeStateManager is allowed to build a WriteTransaction.
589 friend class ThreadSafeStateManager;
590
591 explicit WriteTransaction(ThreadSafeStateManager* outer)
592 : outer_(outer), transaction_lock_(outer_->lock_) {
593 DCHECK(outer_);
594 DCHECK(outer_->thread_checker_.CalledOnValidThread());
595 }
596
597 SBWhitelist* SBWhitelistForId(SBWhitelistId id) {
598 switch (id) {
599 case SBWhitelistId::CSD:
600 return &outer_->csd_whitelist_;
601 case SBWhitelistId::DOWNLOAD:
602 return &outer_->download_whitelist_;
603 case SBWhitelistId::INCLUSION:
604 return &outer_->inclusion_whitelist_;
605 }
606 NOTREACHED();
607 return nullptr;
608 }
609
610 ThreadSafeStateManager* outer_;
611 base::AutoLock transaction_lock_;
612
613 DISALLOW_COPY_AND_ASSIGN(WriteTransaction);
614 };
615
616 SafeBrowsingDatabaseNew::ThreadSafeStateManager::ThreadSafeStateManager(
617 const base::ThreadChecker& thread_checker)
618 : thread_checker_(thread_checker) {
619 }
620
621 SafeBrowsingDatabaseNew::ThreadSafeStateManager::~ThreadSafeStateManager() {
622 }
623
624 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction>
625 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginReadTransaction() {
626 return make_scoped_ptr(
627 new ReadTransaction(this, ReadTransaction::AutoLockRequirement::LOCK));
628 }
629
630 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction> SafeBrowsingDatabaseNew::
631 ThreadSafeStateManager::BeginReadTransactionNoLockOnMainThread() {
632 return make_scoped_ptr(new ReadTransaction(
633 this, ReadTransaction::AutoLockRequirement::DONT_LOCK_ON_MAIN_THREAD));
634 }
635
636 scoped_ptr<SafeBrowsingDatabaseNew::WriteTransaction>
637 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginWriteTransaction() {
638 return make_scoped_ptr(new WriteTransaction(this));
639 }
640
641 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew()
642 : SafeBrowsingDatabaseNew(new SafeBrowsingStoreFile, // browse_store
643 NULL, // download_store
644 NULL, // csd_whitelist_store
645 NULL, // download_whitelist_store
646 NULL, // inclusion_whitelist_store
647 NULL, // extension_blacklist_store
648 NULL, // side_effect_free_whitelist_store
649 NULL, // ip_blacklist_store
650 NULL) { // unwanted_software_store
651 DCHECK(browse_store_.get());
652 DCHECK(!download_store_.get());
653 DCHECK(!csd_whitelist_store_.get());
654 DCHECK(!download_whitelist_store_.get());
655 DCHECK(!inclusion_whitelist_store_.get());
656 DCHECK(!extension_blacklist_store_.get());
657 DCHECK(!side_effect_free_whitelist_store_.get());
658 DCHECK(!ip_blacklist_store_.get());
659 DCHECK(!unwanted_software_store_.get());
660 }
661
662 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew(
663 SafeBrowsingStore* browse_store,
664 SafeBrowsingStore* download_store,
665 SafeBrowsingStore* csd_whitelist_store,
666 SafeBrowsingStore* download_whitelist_store,
667 SafeBrowsingStore* inclusion_whitelist_store,
668 SafeBrowsingStore* extension_blacklist_store,
669 SafeBrowsingStore* side_effect_free_whitelist_store,
670 SafeBrowsingStore* ip_blacklist_store,
671 SafeBrowsingStore* unwanted_software_store)
672 : state_manager_(thread_checker_),
673 db_state_manager_(thread_checker_),
674 browse_store_(browse_store),
675 download_store_(download_store),
676 csd_whitelist_store_(csd_whitelist_store),
677 download_whitelist_store_(download_whitelist_store),
678 inclusion_whitelist_store_(inclusion_whitelist_store),
679 extension_blacklist_store_(extension_blacklist_store),
680 side_effect_free_whitelist_store_(side_effect_free_whitelist_store),
681 ip_blacklist_store_(ip_blacklist_store),
682 unwanted_software_store_(unwanted_software_store),
683 reset_factory_(this) {
684 DCHECK(browse_store_.get());
685 }
686
687 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() {
688 // The DCHECK is disabled due to crbug.com/338486 .
689 // DCHECK(thread_checker_.CalledOnValidThread());
690 }
691
692 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) {
693 DCHECK(thread_checker_.CalledOnValidThread());
694
695 db_state_manager_.init_filename_base(filename_base);
696
697 // TODO(shess): The various stores are really only necessary while doing
698 // updates (see |UpdateFinished()|) or when querying a store directly (see
699 // |ContainsDownloadUrl()|).
700 // The store variables are also tested to see if a list is enabled. Perhaps
701 // the stores could be refactored into an update object so that they are only
702 // live in memory while being actively used. The sense of enabled probably
703 // belongs in protocol_manager or database_manager.
704
705 {
706 // NOTE: A transaction here is overkill as there are no pointers to this
707 // class on other threads until this function returns, but it's also
708 // harmless as that also means there is no possibility of contention on the
709 // lock.
710 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
711
712 txn->clear_prefix_gethash_cache();
713
714 browse_store_->Init(
715 BrowseDBFilename(db_state_manager_.filename_base()),
716 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
717 base::Unretained(this)));
718
719 if (unwanted_software_store_.get()) {
720 unwanted_software_store_->Init(
721 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
722 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
723 base::Unretained(this)));
724 }
725 LoadPrefixSet(BrowseDBFilename(db_state_manager_.filename_base()),
726 txn.get(), PrefixSetId::BROWSE,
727 FAILURE_BROWSE_PREFIX_SET_READ);
728 if (unwanted_software_store_.get()) {
729 LoadPrefixSet(
730 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
731 txn.get(), PrefixSetId::UNWANTED_SOFTWARE,
732 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ);
733 }
734
735 if (side_effect_free_whitelist_store_.get()) {
736 const base::FilePath side_effect_free_whitelist_filename =
737 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
738 side_effect_free_whitelist_store_->Init(
739 side_effect_free_whitelist_filename,
740 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
741 base::Unretained(this)));
742
743 LoadPrefixSet(side_effect_free_whitelist_filename, txn.get(),
744 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
745 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ);
746 } else {
747 // Delete any files of the side-effect free sidelist that may be around
748 // from when it was previously enabled.
749 SafeBrowsingStoreFile::DeleteStore(
750 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()));
751 base::DeleteFile(PrefixSetForFilename(SideEffectFreeWhitelistDBFilename(
752 db_state_manager_.filename_base())),
753 false);
754 }
755 }
756 // Note: End the transaction early because LoadWhiteList() and
757 // WhitelistEverything() manage their own transactions.
758
759 if (download_store_.get()) {
760 download_store_->Init(
761 DownloadDBFilename(db_state_manager_.filename_base()),
762 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
763 base::Unretained(this)));
764 }
765
766 if (csd_whitelist_store_.get()) {
767 csd_whitelist_store_->Init(
768 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
769 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
770 base::Unretained(this)));
771
772 std::vector<SBAddFullHash> full_hashes;
773 if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) {
774 LoadWhitelist(full_hashes, SBWhitelistId::CSD);
775 } else {
776 state_manager_.BeginWriteTransaction()->WhitelistEverything(
777 SBWhitelistId::CSD);
778 }
779 } else {
780 state_manager_.BeginWriteTransaction()->WhitelistEverything(
781 SBWhitelistId::CSD); // Just to be safe.
782 }
783
784 if (download_whitelist_store_.get()) {
785 download_whitelist_store_->Init(
786 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
787 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
788 base::Unretained(this)));
789
790 std::vector<SBAddFullHash> full_hashes;
791 if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) {
792 LoadWhitelist(full_hashes, SBWhitelistId::DOWNLOAD);
793 } else {
794 state_manager_.BeginWriteTransaction()->WhitelistEverything(
795 SBWhitelistId::DOWNLOAD);
796 }
797 } else {
798 state_manager_.BeginWriteTransaction()->WhitelistEverything(
799 SBWhitelistId::DOWNLOAD); // Just to be safe.
800 }
801
802 if (inclusion_whitelist_store_.get()) {
803 inclusion_whitelist_store_->Init(
804 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
805 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
806 base::Unretained(this)));
807
808 std::vector<SBAddFullHash> full_hashes;
809 if (inclusion_whitelist_store_->GetAddFullHashes(&full_hashes)) {
810 LoadWhitelist(full_hashes, SBWhitelistId::INCLUSION);
811 } else {
812 state_manager_.BeginWriteTransaction()->WhitelistEverything(
813 SBWhitelistId::INCLUSION);
814 }
815 } else {
816 state_manager_.BeginWriteTransaction()->WhitelistEverything(
817 SBWhitelistId::INCLUSION); // Just to be safe.
818 }
819
820 if (extension_blacklist_store_.get()) {
821 extension_blacklist_store_->Init(
822 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
823 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
824 base::Unretained(this)));
825 }
826
827 if (ip_blacklist_store_.get()) {
828 ip_blacklist_store_->Init(
829 IpBlacklistDBFilename(db_state_manager_.filename_base()),
830 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
831 base::Unretained(this)));
832
833 std::vector<SBAddFullHash> full_hashes;
834 if (ip_blacklist_store_->GetAddFullHashes(&full_hashes)) {
835 LoadIpBlacklist(full_hashes);
836 } else {
837 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
838 }
839 }
840 }
841
842 bool SafeBrowsingDatabaseNew::ResetDatabase() {
843 DCHECK(thread_checker_.CalledOnValidThread());
844
845 // Delete files on disk.
846 // TODO(shess): Hard to see where one might want to delete without a
847 // reset. Perhaps inline |Delete()|?
848 if (!Delete())
849 return false;
850
851 // Reset objects in memory.
852 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
853 txn->clear_prefix_gethash_cache();
854 txn->SwapPrefixSet(PrefixSetId::BROWSE, nullptr);
855 txn->SwapPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST, nullptr);
856 txn->SwapPrefixSet(PrefixSetId::UNWANTED_SOFTWARE, nullptr);
857 txn->clear_ip_blacklist();
858 txn->WhitelistEverything(SBWhitelistId::CSD);
859 txn->WhitelistEverything(SBWhitelistId::DOWNLOAD);
860 return true;
861 }
862
863 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl(
864 const GURL& url,
865 std::vector<SBPrefix>* prefix_hits,
866 std::vector<SBFullHashResult>* cache_hits) {
867 return PrefixSetContainsUrl(url, PrefixSetId::BROWSE, prefix_hits,
868 cache_hits);
869 }
870
871 bool SafeBrowsingDatabaseNew::ContainsUnwantedSoftwareUrl(
872 const GURL& url,
873 std::vector<SBPrefix>* prefix_hits,
874 std::vector<SBFullHashResult>* cache_hits) {
875 return PrefixSetContainsUrl(url, PrefixSetId::UNWANTED_SOFTWARE, prefix_hits,
876 cache_hits);
877 }
878
879 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrl(
880 const GURL& url,
881 PrefixSetId prefix_set_id,
882 std::vector<SBPrefix>* prefix_hits,
883 std::vector<SBFullHashResult>* cache_hits) {
884 // Clear the results first.
885 prefix_hits->clear();
886 cache_hits->clear();
887
888 std::vector<SBFullHash> full_hashes;
889 UrlToFullHashes(url, false, &full_hashes);
890 if (full_hashes.empty())
891 return false;
892
893 return PrefixSetContainsUrlHashes(full_hashes, prefix_set_id, prefix_hits,
894 cache_hits);
895 }
896
897 bool SafeBrowsingDatabaseNew::ContainsBrowseUrlHashesForTesting(
898 const std::vector<SBFullHash>& full_hashes,
899 std::vector<SBPrefix>* prefix_hits,
900 std::vector<SBFullHashResult>* cache_hits) {
901 return PrefixSetContainsUrlHashes(full_hashes, PrefixSetId::BROWSE,
902 prefix_hits, cache_hits);
903 }
904
905 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrlHashes(
906 const std::vector<SBFullHash>& full_hashes,
907 PrefixSetId prefix_set_id,
908 std::vector<SBPrefix>* prefix_hits,
909 std::vector<SBFullHashResult>* cache_hits) {
910 // Used to determine cache expiration.
911 const base::Time now = base::Time::Now();
912
913 {
914 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
915
916 // |prefix_set| is empty until it is either read from disk, or the first
917 // update populates it. Bail out without a hit if not yet available.
918 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
919 if (!prefix_set)
920 return false;
921
922 for (size_t i = 0; i < full_hashes.size(); ++i) {
923 if (!GetCachedFullHash(txn->prefix_gethash_cache(), full_hashes[i], now,
924 cache_hits)) {
925 // No valid cached result, check the database.
926 if (prefix_set->Exists(full_hashes[i]))
927 prefix_hits->push_back(full_hashes[i].prefix);
928 }
929 }
930 }
931
932 // Multiple full hashes could share prefix, remove duplicates.
933 std::sort(prefix_hits->begin(), prefix_hits->end());
934 prefix_hits->erase(std::unique(prefix_hits->begin(), prefix_hits->end()),
935 prefix_hits->end());
936
937 return !prefix_hits->empty() || !cache_hits->empty();
938 }
939
940 bool SafeBrowsingDatabaseNew::ContainsDownloadUrl(
941 const std::vector<GURL>& urls,
942 std::vector<SBPrefix>* prefix_hits) {
943 DCHECK(thread_checker_.CalledOnValidThread());
944
945 // Ignore this check when download checking is not enabled.
946 if (!download_store_.get())
947 return false;
948
949 std::vector<SBPrefix> prefixes;
950 GetDownloadUrlPrefixes(urls, &prefixes);
951 return MatchAddPrefixes(download_store_.get(),
952 safe_browsing_util::BINURL % 2,
953 prefixes,
954 prefix_hits);
955 }
956
957 bool SafeBrowsingDatabaseNew::ContainsCsdWhitelistedUrl(const GURL& url) {
958 std::vector<SBFullHash> full_hashes;
959 UrlToFullHashes(url, true, &full_hashes);
960 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
961 }
962
963 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedUrl(const GURL& url) {
964 std::vector<SBFullHash> full_hashes;
965 UrlToFullHashes(url, true, &full_hashes);
966 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, full_hashes);
967 }
968
969 bool SafeBrowsingDatabaseNew::ContainsInclusionWhitelistedUrl(const GURL& url) {
970 std::vector<SBFullHash> full_hashes;
971 UrlToFullHashes(url, true, &full_hashes);
972 return ContainsWhitelistedHashes(SBWhitelistId::INCLUSION, full_hashes);
973 }
974
975 bool SafeBrowsingDatabaseNew::ContainsExtensionPrefixes(
976 const std::vector<SBPrefix>& prefixes,
977 std::vector<SBPrefix>* prefix_hits) {
978 DCHECK(thread_checker_.CalledOnValidThread());
979
980 if (!extension_blacklist_store_)
981 return false;
982
983 return MatchAddPrefixes(extension_blacklist_store_.get(),
984 safe_browsing_util::EXTENSIONBLACKLIST % 2,
985 prefixes,
986 prefix_hits);
987 }
988
989 bool SafeBrowsingDatabaseNew::ContainsSideEffectFreeWhitelistUrl(
990 const GURL& url) {
991 std::string host;
992 std::string path;
993 std::string query;
994 safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query);
995 std::string url_to_check = host + path;
996 if (!query.empty())
997 url_to_check += "?" + query;
998 SBFullHash full_hash = SBFullHashForString(url_to_check);
999
1000 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1001
1002 const PrefixSet* side_effect_free_whitelist_prefix_set =
1003 txn->GetPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST);
1004
1005 // |side_effect_free_whitelist_prefix_set_| is empty until it is either read
1006 // from disk, or the first update populates it. Bail out without a hit if
1007 // not yet available.
1008 if (!side_effect_free_whitelist_prefix_set)
1009 return false;
1010
1011 return side_effect_free_whitelist_prefix_set->Exists(full_hash);
1012 }
1013
1014 bool SafeBrowsingDatabaseNew::ContainsMalwareIP(const std::string& ip_address) {
1015 net::IPAddressNumber ip_number;
1016 if (!net::ParseIPLiteralToNumber(ip_address, &ip_number))
1017 return false;
1018 if (ip_number.size() == net::kIPv4AddressSize)
1019 ip_number = net::ConvertIPv4NumberToIPv6Number(ip_number);
1020 if (ip_number.size() != net::kIPv6AddressSize)
1021 return false; // better safe than sorry.
1022
1023 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1024 const IPBlacklist* ip_blacklist = txn->ip_blacklist();
1025 for (IPBlacklist::const_iterator it = ip_blacklist->begin();
1026 it != ip_blacklist->end(); ++it) {
1027 const std::string& mask = it->first;
1028 DCHECK_EQ(mask.size(), ip_number.size());
1029 std::string subnet(net::kIPv6AddressSize, '\0');
1030 for (size_t i = 0; i < net::kIPv6AddressSize; ++i) {
1031 subnet[i] = ip_number[i] & mask[i];
1032 }
1033 const std::string hash = base::SHA1HashString(subnet);
1034 DVLOG(2) << "Lookup Malware IP: "
1035 << " ip:" << ip_address
1036 << " mask:" << base::HexEncode(mask.data(), mask.size())
1037 << " subnet:" << base::HexEncode(subnet.data(), subnet.size())
1038 << " hash:" << base::HexEncode(hash.data(), hash.size());
1039 if (it->second.count(hash) > 0) {
1040 return true;
1041 }
1042 }
1043 return false;
1044 }
1045
1046 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString(
1047 const std::string& str) {
1048 std::vector<SBFullHash> hashes;
1049 hashes.push_back(SBFullHashForString(str));
1050 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, hashes);
1051 }
1052
1053 bool SafeBrowsingDatabaseNew::ContainsWhitelistedHashes(
1054 SBWhitelistId whitelist_id,
1055 const std::vector<SBFullHash>& hashes) {
1056 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1057 const SBWhitelist* whitelist = txn->GetSBWhitelist(whitelist_id);
1058 if (whitelist->second)
1059 return true;
1060 for (std::vector<SBFullHash>::const_iterator it = hashes.begin();
1061 it != hashes.end(); ++it) {
1062 if (std::binary_search(whitelist->first.begin(), whitelist->first.end(),
1063 *it, SBFullHashLess)) {
1064 return true;
1065 }
1066 }
1067 return false;
1068 }
1069
1070 // Helper to insert add-chunk entries.
1071 void SafeBrowsingDatabaseNew::InsertAddChunk(
1072 SafeBrowsingStore* store,
1073 const safe_browsing_util::ListType list_id,
1074 const SBChunkData& chunk_data) {
1075 DCHECK(thread_checker_.CalledOnValidThread());
1076 DCHECK(store);
1077
1078 // The server can give us a chunk that we already have because
1079 // it's part of a range. Don't add it again.
1080 const int chunk_id = chunk_data.ChunkNumber();
1081 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1082 if (store->CheckAddChunk(encoded_chunk_id))
1083 return;
1084
1085 store->SetAddChunk(encoded_chunk_id);
1086 if (chunk_data.IsPrefix()) {
1087 const size_t c = chunk_data.PrefixCount();
1088 for (size_t i = 0; i < c; ++i) {
1089 store->WriteAddPrefix(encoded_chunk_id, chunk_data.PrefixAt(i));
1090 }
1091 } else {
1092 const size_t c = chunk_data.FullHashCount();
1093 for (size_t i = 0; i < c; ++i) {
1094 store->WriteAddHash(encoded_chunk_id, chunk_data.FullHashAt(i));
1095 }
1096 }
1097 }
1098
1099 // Helper to insert sub-chunk entries.
1100 void SafeBrowsingDatabaseNew::InsertSubChunk(
1101 SafeBrowsingStore* store,
1102 const safe_browsing_util::ListType list_id,
1103 const SBChunkData& chunk_data) {
1104 DCHECK(thread_checker_.CalledOnValidThread());
1105 DCHECK(store);
1106
1107 // The server can give us a chunk that we already have because
1108 // it's part of a range. Don't add it again.
1109 const int chunk_id = chunk_data.ChunkNumber();
1110 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1111 if (store->CheckSubChunk(encoded_chunk_id))
1112 return;
1113
1114 store->SetSubChunk(encoded_chunk_id);
1115 if (chunk_data.IsPrefix()) {
1116 const size_t c = chunk_data.PrefixCount();
1117 for (size_t i = 0; i < c; ++i) {
1118 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1119 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1120 store->WriteSubPrefix(encoded_chunk_id, encoded_add_chunk_id,
1121 chunk_data.PrefixAt(i));
1122 }
1123 } else {
1124 const size_t c = chunk_data.FullHashCount();
1125 for (size_t i = 0; i < c; ++i) {
1126 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1127 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1128 store->WriteSubHash(encoded_chunk_id, encoded_add_chunk_id,
1129 chunk_data.FullHashAt(i));
1130 }
1131 }
1132 }
1133
1134 void SafeBrowsingDatabaseNew::InsertChunks(
1135 const std::string& list_name,
1136 const std::vector<SBChunkData*>& chunks) {
1137 DCHECK(thread_checker_.CalledOnValidThread());
1138
1139 if (db_state_manager_.corruption_detected() || chunks.empty())
1140 return;
1141
1142 const base::TimeTicks before = base::TimeTicks::Now();
1143
1144 // TODO(shess): The caller should just pass list_id.
1145 const safe_browsing_util::ListType list_id =
1146 safe_browsing_util::GetListId(list_name);
1147
1148 SafeBrowsingStore* store = GetStore(list_id);
1149 if (!store) return;
1150
1151 db_state_manager_.set_change_detected();
1152
1153 // TODO(shess): I believe that the list is always add or sub. Can this use
1154 // that productively?
1155 store->BeginChunk();
1156 for (size_t i = 0; i < chunks.size(); ++i) {
1157 if (chunks[i]->IsAdd()) {
1158 InsertAddChunk(store, list_id, *chunks[i]);
1159 } else if (chunks[i]->IsSub()) {
1160 InsertSubChunk(store, list_id, *chunks[i]);
1161 } else {
1162 NOTREACHED();
1163 }
1164 }
1165 store->FinishChunk();
1166
1167 UMA_HISTOGRAM_TIMES("SB2.ChunkInsert", base::TimeTicks::Now() - before);
1168 }
1169
1170 void SafeBrowsingDatabaseNew::DeleteChunks(
1171 const std::vector<SBChunkDelete>& chunk_deletes) {
1172 DCHECK(thread_checker_.CalledOnValidThread());
1173
1174 if (db_state_manager_.corruption_detected() || chunk_deletes.empty())
1175 return;
1176
1177 const std::string& list_name = chunk_deletes.front().list_name;
1178 const safe_browsing_util::ListType list_id =
1179 safe_browsing_util::GetListId(list_name);
1180
1181 SafeBrowsingStore* store = GetStore(list_id);
1182 if (!store) return;
1183
1184 db_state_manager_.set_change_detected();
1185
1186 for (size_t i = 0; i < chunk_deletes.size(); ++i) {
1187 std::vector<int> chunk_numbers;
1188 RangesToChunks(chunk_deletes[i].chunk_del, &chunk_numbers);
1189 for (size_t j = 0; j < chunk_numbers.size(); ++j) {
1190 const int encoded_chunk_id = EncodeChunkId(chunk_numbers[j], list_id);
1191 if (chunk_deletes[i].is_sub_del)
1192 store->DeleteSubChunk(encoded_chunk_id);
1193 else
1194 store->DeleteAddChunk(encoded_chunk_id);
1195 }
1196 }
1197 }
1198
1199 void SafeBrowsingDatabaseNew::CacheHashResults(
1200 const std::vector<SBPrefix>& prefixes,
1201 const std::vector<SBFullHashResult>& full_hits,
1202 const base::TimeDelta& cache_lifetime) {
1203 const base::Time expire_after = base::Time::Now() + cache_lifetime;
1204
1205 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1206 PrefixGetHashCache* prefix_gethash_cache = txn->prefix_gethash_cache();
1207
1208 // Create or reset all cached results for these prefixes.
1209 for (size_t i = 0; i < prefixes.size(); ++i) {
1210 (*prefix_gethash_cache)[prefixes[i]] = SBCachedFullHashResult(expire_after);
1211 }
1212
1213 // Insert any fullhash hits. Note that there may be one, multiple, or no
1214 // fullhashes for any given entry in |prefixes|.
1215 for (size_t i = 0; i < full_hits.size(); ++i) {
1216 const SBPrefix prefix = full_hits[i].hash.prefix;
1217 (*prefix_gethash_cache)[prefix].full_hashes.push_back(full_hits[i]);
1218 }
1219 }
1220
1221 bool SafeBrowsingDatabaseNew::UpdateStarted(
1222 std::vector<SBListChunkRanges>* lists) {
1223 DCHECK(thread_checker_.CalledOnValidThread());
1224 DCHECK(lists);
1225
1226 // If |BeginUpdate()| fails, reset the database.
1227 if (!browse_store_->BeginUpdate()) {
1228 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_BEGIN);
1229 HandleCorruptDatabase();
1230 return false;
1231 }
1232
1233 if (download_store_.get() && !download_store_->BeginUpdate()) {
1234 RecordFailure(FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN);
1235 HandleCorruptDatabase();
1236 return false;
1237 }
1238
1239 if (csd_whitelist_store_.get() && !csd_whitelist_store_->BeginUpdate()) {
1240 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1241 HandleCorruptDatabase();
1242 return false;
1243 }
1244
1245 if (download_whitelist_store_.get() &&
1246 !download_whitelist_store_->BeginUpdate()) {
1247 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1248 HandleCorruptDatabase();
1249 return false;
1250 }
1251
1252 if (inclusion_whitelist_store_.get() &&
1253 !inclusion_whitelist_store_->BeginUpdate()) {
1254 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1255 HandleCorruptDatabase();
1256 return false;
1257 }
1258
1259 if (extension_blacklist_store_ &&
1260 !extension_blacklist_store_->BeginUpdate()) {
1261 RecordFailure(FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN);
1262 HandleCorruptDatabase();
1263 return false;
1264 }
1265
1266 if (side_effect_free_whitelist_store_ &&
1267 !side_effect_free_whitelist_store_->BeginUpdate()) {
1268 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN);
1269 HandleCorruptDatabase();
1270 return false;
1271 }
1272
1273 if (ip_blacklist_store_ && !ip_blacklist_store_->BeginUpdate()) {
1274 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_BEGIN);
1275 HandleCorruptDatabase();
1276 return false;
1277 }
1278
1279 if (unwanted_software_store_ && !unwanted_software_store_->BeginUpdate()) {
1280 RecordFailure(FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN);
1281 HandleCorruptDatabase();
1282 return false;
1283 }
1284
1285 // Cached fullhash results must be cleared on every database update (whether
1286 // successful or not).
1287 state_manager_.BeginWriteTransaction()->clear_prefix_gethash_cache();
1288
1289 UpdateChunkRangesForLists(browse_store_.get(),
1290 safe_browsing_util::kMalwareList,
1291 safe_browsing_util::kPhishingList,
1292 lists);
1293
1294 // NOTE(shess): |download_store_| used to contain kBinHashList, which has been
1295 // deprecated. Code to delete the list from the store shows ~15k hits/day as
1296 // of Feb 2014, so it has been removed. Everything _should_ be resilient to
1297 // extra data of that sort.
1298 UpdateChunkRangesForList(download_store_.get(),
1299 safe_browsing_util::kBinUrlList, lists);
1300
1301 UpdateChunkRangesForList(csd_whitelist_store_.get(),
1302 safe_browsing_util::kCsdWhiteList, lists);
1303
1304 UpdateChunkRangesForList(download_whitelist_store_.get(),
1305 safe_browsing_util::kDownloadWhiteList, lists);
1306
1307 UpdateChunkRangesForList(inclusion_whitelist_store_.get(),
1308 safe_browsing_util::kInclusionWhitelist, lists);
1309
1310 UpdateChunkRangesForList(extension_blacklist_store_.get(),
1311 safe_browsing_util::kExtensionBlacklist, lists);
1312
1313 UpdateChunkRangesForList(side_effect_free_whitelist_store_.get(),
1314 safe_browsing_util::kSideEffectFreeWhitelist, lists);
1315
1316 UpdateChunkRangesForList(ip_blacklist_store_.get(),
1317 safe_browsing_util::kIPBlacklist, lists);
1318
1319 UpdateChunkRangesForList(unwanted_software_store_.get(),
1320 safe_browsing_util::kUnwantedUrlList,
1321 lists);
1322
1323 db_state_manager_.reset_corruption_detected();
1324 db_state_manager_.reset_change_detected();
1325 return true;
1326 }
1327
1328 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
1329 DCHECK(thread_checker_.CalledOnValidThread());
1330
1331 // The update may have failed due to corrupt storage (for instance,
1332 // an excessive number of invalid add_chunks and sub_chunks).
1333 // Double-check that the databases are valid.
1334 // TODO(shess): Providing a checksum for the add_chunk and sub_chunk
1335 // sections would allow throwing a corruption error in
1336 // UpdateStarted().
1337 if (!update_succeeded) {
1338 if (!browse_store_->CheckValidity())
1339 DLOG(ERROR) << "Safe-browsing browse database corrupt.";
1340
1341 if (download_store_.get() && !download_store_->CheckValidity())
1342 DLOG(ERROR) << "Safe-browsing download database corrupt.";
1343
1344 if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity())
1345 DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt.";
1346
1347 if (download_whitelist_store_.get() &&
1348 !download_whitelist_store_->CheckValidity()) {
1349 DLOG(ERROR) << "Safe-browsing download whitelist database corrupt.";
1350 }
1351
1352 if (inclusion_whitelist_store_.get() &&
1353 !inclusion_whitelist_store_->CheckValidity()) {
1354 DLOG(ERROR) << "Safe-browsing inclusion whitelist database corrupt.";
1355 }
1356
1357 if (extension_blacklist_store_ &&
1358 !extension_blacklist_store_->CheckValidity()) {
1359 DLOG(ERROR) << "Safe-browsing extension blacklist database corrupt.";
1360 }
1361
1362 if (side_effect_free_whitelist_store_ &&
1363 !side_effect_free_whitelist_store_->CheckValidity()) {
1364 DLOG(ERROR) << "Safe-browsing side-effect free whitelist database "
1365 << "corrupt.";
1366 }
1367
1368 if (ip_blacklist_store_ && !ip_blacklist_store_->CheckValidity()) {
1369 DLOG(ERROR) << "Safe-browsing IP blacklist database corrupt.";
1370 }
1371
1372 if (unwanted_software_store_ &&
1373 !unwanted_software_store_->CheckValidity()) {
1374 DLOG(ERROR) << "Unwanted software url list database corrupt.";
1375 }
1376 }
1377
1378 if (db_state_manager_.corruption_detected())
1379 return;
1380
1381 // Unroll the transaction if there was a protocol error or if the
1382 // transaction was empty. This will leave the prefix set, the
1383 // pending hashes, and the prefix miss cache in place.
1384 if (!update_succeeded || !db_state_manager_.change_detected()) {
1385 // Track empty updates to answer questions at http://crbug.com/72216 .
1386 if (update_succeeded && !db_state_manager_.change_detected())
1387 UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
1388 browse_store_->CancelUpdate();
1389 if (download_store_.get())
1390 download_store_->CancelUpdate();
1391 if (csd_whitelist_store_.get())
1392 csd_whitelist_store_->CancelUpdate();
1393 if (download_whitelist_store_.get())
1394 download_whitelist_store_->CancelUpdate();
1395 if (inclusion_whitelist_store_.get())
1396 inclusion_whitelist_store_->CancelUpdate();
1397 if (extension_blacklist_store_)
1398 extension_blacklist_store_->CancelUpdate();
1399 if (side_effect_free_whitelist_store_)
1400 side_effect_free_whitelist_store_->CancelUpdate();
1401 if (ip_blacklist_store_)
1402 ip_blacklist_store_->CancelUpdate();
1403 if (unwanted_software_store_)
1404 unwanted_software_store_->CancelUpdate();
1405 return;
1406 }
1407
1408 if (download_store_) {
1409 UpdateHashPrefixStore(DownloadDBFilename(db_state_manager_.filename_base()),
1410 download_store_.get(),
1411 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
1412 }
1413
1414 UpdatePrefixSetUrlStore(BrowseDBFilename(db_state_manager_.filename_base()),
1415 browse_store_.get(), PrefixSetId::BROWSE,
1416 FAILURE_BROWSE_DATABASE_UPDATE_FINISH,
1417 FAILURE_BROWSE_PREFIX_SET_WRITE, true);
1418
1419 UpdateWhitelistStore(
1420 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
1421 csd_whitelist_store_.get(), SBWhitelistId::CSD);
1422 UpdateWhitelistStore(
1423 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
1424 download_whitelist_store_.get(), SBWhitelistId::DOWNLOAD);
1425 UpdateWhitelistStore(
1426 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
1427 inclusion_whitelist_store_.get(), SBWhitelistId::INCLUSION);
1428
1429 if (extension_blacklist_store_) {
1430 UpdateHashPrefixStore(
1431 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
1432 extension_blacklist_store_.get(),
1433 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH);
1434 }
1435
1436 if (side_effect_free_whitelist_store_) {
1437 UpdatePrefixSetUrlStore(
1438 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()),
1439 side_effect_free_whitelist_store_.get(),
1440 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
1441 FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH,
1442 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE, false);
1443 }
1444
1445 if (ip_blacklist_store_)
1446 UpdateIpBlacklistStore();
1447
1448 if (unwanted_software_store_) {
1449 UpdatePrefixSetUrlStore(
1450 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
1451 unwanted_software_store_.get(), PrefixSetId::UNWANTED_SOFTWARE,
1452 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH,
1453 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE, true);
1454 }
1455 }
1456
1457 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
1458 const base::FilePath& store_filename,
1459 SafeBrowsingStore* store,
1460 SBWhitelistId whitelist_id) {
1461 DCHECK(thread_checker_.CalledOnValidThread());
1462
1463 if (!store)
1464 return;
1465
1466 // Note: |builder| will not be empty. The current data store implementation
1467 // stores all full-length hashes as both full and prefix hashes.
1468 PrefixSetBuilder builder;
1469 std::vector<SBAddFullHash> full_hashes;
1470 if (!store->FinishUpdate(&builder, &full_hashes)) {
1471 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH);
1472 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1473 return;
1474 }
1475
1476 RecordFileSizeHistogram(store_filename);
1477
1478 #if defined(OS_MACOSX)
1479 base::mac::SetFileBackupExclusion(store_filename);
1480 #endif
1481
1482 LoadWhitelist(full_hashes, whitelist_id);
1483 }
1484
1485 void SafeBrowsingDatabaseNew::UpdateHashPrefixStore(
1486 const base::FilePath& store_filename,
1487 SafeBrowsingStore* store,
1488 FailureType failure_type) {
1489 DCHECK(thread_checker_.CalledOnValidThread());
1490
1491 // These results are not used after this call. Simply ignore the
1492 // returned value after FinishUpdate(...).
1493 PrefixSetBuilder builder;
1494 std::vector<SBAddFullHash> add_full_hashes_result;
1495
1496 if (!store->FinishUpdate(&builder, &add_full_hashes_result))
1497 RecordFailure(failure_type);
1498
1499 RecordFileSizeHistogram(store_filename);
1500
1501 #if defined(OS_MACOSX)
1502 base::mac::SetFileBackupExclusion(store_filename);
1503 #endif
1504 }
1505
1506 void SafeBrowsingDatabaseNew::UpdatePrefixSetUrlStore(
1507 const base::FilePath& db_filename,
1508 SafeBrowsingStore* url_store,
1509 PrefixSetId prefix_set_id,
1510 FailureType finish_failure_type,
1511 FailureType write_failure_type,
1512 bool store_full_hashes_in_prefix_set) {
1513 DCHECK(thread_checker_.CalledOnValidThread());
1514 DCHECK(url_store);
1515
1516 // Measure the amount of IO during the filter build.
1517 base::IoCounters io_before, io_after;
1518 base::ProcessHandle handle = base::GetCurrentProcessHandle();
1519 scoped_ptr<base::ProcessMetrics> metric(
1520 #if !defined(OS_MACOSX)
1521 base::ProcessMetrics::CreateProcessMetrics(handle)
1522 #else
1523 // Getting stats only for the current process is enough, so NULL is fine.
1524 base::ProcessMetrics::CreateProcessMetrics(handle, NULL)
1525 #endif
1526 );
1527
1528 // IoCounters are currently not supported on Mac, and may not be
1529 // available for Linux, so we check the result and only show IO
1530 // stats if they are available.
1531 const bool got_counters = metric->GetIOCounters(&io_before);
1532
1533 const base::TimeTicks before = base::TimeTicks::Now();
1534
1535 // TODO(shess): Perhaps refactor to let builder accumulate full hashes on the
1536 // fly? Other clients use the SBAddFullHash vector, but AFAICT they only use
1537 // the SBFullHash portion. It would need an accessor on PrefixSet.
1538 PrefixSetBuilder builder;
1539 std::vector<SBAddFullHash> add_full_hashes;
1540 if (!url_store->FinishUpdate(&builder, &add_full_hashes)) {
1541 RecordFailure(finish_failure_type);
1542 return;
1543 }
1544
1545 scoped_ptr<const PrefixSet> new_prefix_set;
1546 if (store_full_hashes_in_prefix_set) {
1547 std::vector<SBFullHash> full_hash_results;
1548 for (size_t i = 0; i < add_full_hashes.size(); ++i) {
1549 full_hash_results.push_back(add_full_hashes[i].full_hash);
1550 }
1551
1552 new_prefix_set = builder.GetPrefixSet(full_hash_results);
1553 } else {
1554 // TODO(gab): Ensure that stores which do not want full hashes just don't
1555 // have full hashes in the first place and remove
1556 // |store_full_hashes_in_prefix_set| and the code specialization incurred
1557 // here.
1558 new_prefix_set = builder.GetPrefixSetNoHashes();
1559 }
1560
1561 // Swap in the newly built filter.
1562 state_manager_.BeginWriteTransaction()->SwapPrefixSet(prefix_set_id,
1563 new_prefix_set.Pass());
1564
1565 UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before);
1566
1567 WritePrefixSet(db_filename, prefix_set_id, write_failure_type);
1568
1569 // Gather statistics.
1570 if (got_counters && metric->GetIOCounters(&io_after)) {
1571 UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes",
1572 static_cast<int>(io_after.ReadTransferCount -
1573 io_before.ReadTransferCount) / 1024);
1574 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes",
1575 static_cast<int>(io_after.WriteTransferCount -
1576 io_before.WriteTransferCount) / 1024);
1577 UMA_HISTOGRAM_COUNTS("SB2.BuildReadOperations",
1578 static_cast<int>(io_after.ReadOperationCount -
1579 io_before.ReadOperationCount));
1580 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteOperations",
1581 static_cast<int>(io_after.WriteOperationCount -
1582 io_before.WriteOperationCount));
1583 }
1584
1585 RecordFileSizeHistogram(db_filename);
1586
1587 #if defined(OS_MACOSX)
1588 base::mac::SetFileBackupExclusion(db_filename);
1589 #endif
1590 }
1591
1592 void SafeBrowsingDatabaseNew::UpdateIpBlacklistStore() {
1593 DCHECK(thread_checker_.CalledOnValidThread());
1594
1595 // Note: prefixes will not be empty. The current data store implementation
1596 // stores all full-length hashes as both full and prefix hashes.
1597 PrefixSetBuilder builder;
1598 std::vector<SBAddFullHash> full_hashes;
1599 if (!ip_blacklist_store_->FinishUpdate(&builder, &full_hashes)) {
1600 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_FINISH);
1601 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
1602 return;
1603 }
1604
1605 const base::FilePath ip_blacklist_filename =
1606 IpBlacklistDBFilename(db_state_manager_.filename_base());
1607
1608 RecordFileSizeHistogram(ip_blacklist_filename);
1609
1610 #if defined(OS_MACOSX)
1611 base::mac::SetFileBackupExclusion(ip_blacklist_filename);
1612 #endif
1613
1614 LoadIpBlacklist(full_hashes);
1615 }
1616
1617 void SafeBrowsingDatabaseNew::HandleCorruptDatabase() {
1618 DCHECK(thread_checker_.CalledOnValidThread());
1619
1620 // Reset the database after the current task has unwound (but only
1621 // reset once within the scope of a given task).
1622 if (!reset_factory_.HasWeakPtrs()) {
1623 RecordFailure(FAILURE_DATABASE_CORRUPT);
1624 base::MessageLoop::current()->PostTask(FROM_HERE,
1625 base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase,
1626 reset_factory_.GetWeakPtr()));
1627 }
1628 }
1629
1630 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() {
1631 DCHECK(thread_checker_.CalledOnValidThread());
1632
1633 RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER);
1634 db_state_manager_.set_corruption_detected(); // Stop updating the database.
1635 ResetDatabase();
1636
1637 // NOTE(shess): ResetDatabase() should remove the corruption, so this should
1638 // only happen once. If you are here because you are hitting this after a
1639 // restart, then I would be very interested in working with you to figure out
1640 // what is happening, since it may affect real users.
1641 DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
1642 }
1643
1644 // TODO(shess): I'm not clear why this code doesn't have any
1645 // real error-handling.
1646 void SafeBrowsingDatabaseNew::LoadPrefixSet(const base::FilePath& db_filename,
1647 WriteTransaction* txn,
1648 PrefixSetId prefix_set_id,
1649 FailureType read_failure_type) {
1650 DCHECK(thread_checker_.CalledOnValidThread());
1651 DCHECK(txn);
1652 DCHECK(!db_state_manager_.filename_base().empty());
1653
1654 // Only use the prefix set if database is present and non-empty.
1655 if (!GetFileSizeOrZero(db_filename))
1656 return;
1657
1658 // Cleanup any stale bloom filter (no longer used).
1659 // TODO(shess): Track existence to drive removal of this code?
1660 const base::FilePath bloom_filter_filename =
1661 BloomFilterForFilename(db_filename);
1662 base::DeleteFile(bloom_filter_filename, false);
1663
1664 const base::TimeTicks before = base::TimeTicks::Now();
1665 scoped_ptr<const PrefixSet> new_prefix_set =
1666 PrefixSet::LoadFile(PrefixSetForFilename(db_filename));
1667 if (!new_prefix_set.get())
1668 RecordFailure(read_failure_type);
1669 txn->SwapPrefixSet(prefix_set_id, new_prefix_set.Pass());
1670 UMA_HISTOGRAM_TIMES("SB2.PrefixSetLoad", base::TimeTicks::Now() - before);
1671 }
1672
1673 bool SafeBrowsingDatabaseNew::Delete() {
1674 DCHECK(thread_checker_.CalledOnValidThread());
1675 DCHECK(!db_state_manager_.filename_base().empty());
1676
1677 // TODO(shess): This is a mess. SafeBrowsingFileStore::Delete() closes the
1678 // store before calling DeleteStore(). DeleteStore() deletes transient files
1679 // in addition to the main file. Probably all of these should be converted to
1680 // a helper which calls Delete() if the store exists, else DeleteStore() on
1681 // the generated filename.
1682
1683 // TODO(shess): Determine if the histograms are useful in any way. I cannot
1684 // recall any action taken as a result of their values, in which case it might
1685 // make more sense to histogram an overall thumbs-up/-down and just dig deeper
1686 // if something looks wrong.
1687
1688 const bool r1 = browse_store_->Delete();
1689 if (!r1)
1690 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1691
1692 const bool r2 = download_store_.get() ? download_store_->Delete() : true;
1693 if (!r2)
1694 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1695
1696 const bool r3 = csd_whitelist_store_.get() ?
1697 csd_whitelist_store_->Delete() : true;
1698 if (!r3)
1699 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1700
1701 const bool r4 = download_whitelist_store_.get() ?
1702 download_whitelist_store_->Delete() : true;
1703 if (!r4)
1704 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1705
1706 const bool r5 = inclusion_whitelist_store_.get() ?
1707 inclusion_whitelist_store_->Delete() : true;
1708 if (!r5)
1709 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1710
1711 const base::FilePath browse_filename =
1712 BrowseDBFilename(db_state_manager_.filename_base());
1713 const base::FilePath bloom_filter_filename =
1714 BloomFilterForFilename(browse_filename);
1715 const bool r6 = base::DeleteFile(bloom_filter_filename, false);
1716 if (!r6)
1717 RecordFailure(FAILURE_DATABASE_FILTER_DELETE);
1718
1719 const base::FilePath browse_prefix_set_filename =
1720 PrefixSetForFilename(browse_filename);
1721 const bool r7 = base::DeleteFile(browse_prefix_set_filename, false);
1722 if (!r7)
1723 RecordFailure(FAILURE_BROWSE_PREFIX_SET_DELETE);
1724
1725 const base::FilePath extension_blacklist_filename =
1726 ExtensionBlacklistDBFilename(db_state_manager_.filename_base());
1727 const bool r8 = base::DeleteFile(extension_blacklist_filename, false);
1728 if (!r8)
1729 RecordFailure(FAILURE_EXTENSION_BLACKLIST_DELETE);
1730
1731 const base::FilePath side_effect_free_whitelist_filename =
1732 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
1733 const bool r9 = base::DeleteFile(side_effect_free_whitelist_filename,
1734 false);
1735 if (!r9)
1736 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE);
1737
1738 const base::FilePath side_effect_free_whitelist_prefix_set_filename =
1739 PrefixSetForFilename(side_effect_free_whitelist_filename);
1740 const bool r10 = base::DeleteFile(
1741 side_effect_free_whitelist_prefix_set_filename,
1742 false);
1743 if (!r10)
1744 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE);
1745
1746 const bool r11 = base::DeleteFile(
1747 IpBlacklistDBFilename(db_state_manager_.filename_base()), false);
1748 if (!r11)
1749 RecordFailure(FAILURE_IP_BLACKLIST_DELETE);
1750
1751 const bool r12 = base::DeleteFile(
1752 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()), false);
1753 if (!r12)
1754 RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
1755
1756 return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10 && r11 &&
1757 r12;
1758 }
1759
1760 void SafeBrowsingDatabaseNew::WritePrefixSet(const base::FilePath& db_filename,
1761 PrefixSetId prefix_set_id,
1762 FailureType write_failure_type) {
1763 DCHECK(thread_checker_.CalledOnValidThread());
1764
1765 // Do not grab the lock to avoid contention while writing to disk. This is
1766 // safe as only this thread can ever modify |state_manager_|'s prefix sets
1767 // anyways.
1768 scoped_ptr<ReadTransaction> txn =
1769 state_manager_.BeginReadTransactionNoLockOnMainThread();
1770 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
1771
1772 if (!prefix_set)
1773 return;
1774
1775 const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
1776
1777 const base::TimeTicks before = base::TimeTicks::Now();
1778 const bool write_ok = prefix_set->WriteFile(prefix_set_filename);
1779 UMA_HISTOGRAM_TIMES("SB2.PrefixSetWrite", base::TimeTicks::Now() - before);
1780
1781 RecordFileSizeHistogram(prefix_set_filename);
1782
1783 if (!write_ok)
1784 RecordFailure(write_failure_type);
1785
1786 #if defined(OS_MACOSX)
1787 base::mac::SetFileBackupExclusion(prefix_set_filename);
1788 #endif
1789 }
1790
1791 void SafeBrowsingDatabaseNew::LoadWhitelist(
1792 const std::vector<SBAddFullHash>& full_hashes,
1793 SBWhitelistId whitelist_id) {
1794 DCHECK(thread_checker_.CalledOnValidThread());
1795
1796 if (full_hashes.size() > kMaxWhitelistSize) {
1797 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1798 return;
1799 }
1800
1801 std::vector<SBFullHash> new_whitelist;
1802 new_whitelist.reserve(full_hashes.size());
1803 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1804 it != full_hashes.end(); ++it) {
1805 new_whitelist.push_back(it->full_hash);
1806 }
1807 std::sort(new_whitelist.begin(), new_whitelist.end(), SBFullHashLess);
1808
1809 SBFullHash kill_switch = SBFullHashForString(kWhitelistKillSwitchUrl);
1810 if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
1811 kill_switch, SBFullHashLess)) {
1812 // The kill switch is whitelisted hence we whitelist all URLs.
1813 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1814 } else {
1815 state_manager_.BeginWriteTransaction()->SwapSBWhitelist(whitelist_id,
1816 &new_whitelist);
1817 }
1818 }
1819
1820 void SafeBrowsingDatabaseNew::LoadIpBlacklist(
1821 const std::vector<SBAddFullHash>& full_hashes) {
1822 DCHECK(thread_checker_.CalledOnValidThread());
1823
1824 IPBlacklist new_blacklist;
1825 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1826 it != full_hashes.end();
1827 ++it) {
1828 const char* full_hash = it->full_hash.full_hash;
1829 DCHECK_EQ(crypto::kSHA256Length, arraysize(it->full_hash.full_hash));
1830 // The format of the IP blacklist is:
1831 // SHA-1(IPv6 prefix) + uint8(prefix size) + 11 unused bytes.
1832 std::string hashed_ip_prefix(full_hash, base::kSHA1Length);
1833 size_t prefix_size = static_cast<uint8>(full_hash[base::kSHA1Length]);
1834 if (prefix_size > kMaxIpPrefixSize || prefix_size < kMinIpPrefixSize) {
1835 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_INVALID);
1836 new_blacklist.clear(); // Load empty blacklist.
1837 break;
1838 }
1839
1840 // We precompute the mask for the given subnet size to speed up lookups.
1841 // Basically we need to create a 16B long string which has the highest
1842 // |size| bits sets to one.
1843 std::string mask(net::kIPv6AddressSize, '\0');
1844 mask.replace(0, prefix_size / 8, prefix_size / 8, '\xFF');
1845 if ((prefix_size % 8) != 0) {
1846 mask[prefix_size / 8] = 0xFF << (8 - (prefix_size % 8));
1847 }
1848 DVLOG(2) << "Inserting malicious IP: "
1849 << " raw:" << base::HexEncode(full_hash, crypto::kSHA256Length)
1850 << " mask:" << base::HexEncode(mask.data(), mask.size())
1851 << " prefix_size:" << prefix_size
1852 << " hashed_ip:" << base::HexEncode(hashed_ip_prefix.data(),
1853 hashed_ip_prefix.size());
1854 new_blacklist[mask].insert(hashed_ip_prefix);
1855 }
1856
1857 state_manager_.BeginWriteTransaction()->swap_ip_blacklist(&new_blacklist);
1858 }
1859
1860 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() {
1861 SBFullHash malware_kill_switch = SBFullHashForString(kMalwareIPKillSwitchUrl);
1862 std::vector<SBFullHash> full_hashes;
1863 full_hashes.push_back(malware_kill_switch);
1864 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
1865 }
1866
1867 bool SafeBrowsingDatabaseNew::IsCsdWhitelistKillSwitchOn() {
1868 return state_manager_.BeginReadTransaction()
1869 ->GetSBWhitelist(SBWhitelistId::CSD)
1870 ->second;
1871 }
1872
1873 SafeBrowsingDatabaseNew::PrefixGetHashCache*
1874 SafeBrowsingDatabaseNew::GetUnsynchronizedPrefixGetHashCacheForTesting() {
1875 return state_manager_.BeginReadTransaction()->prefix_gethash_cache();
1876 }
1877
1878 void SafeBrowsingDatabaseNew::RecordFileSizeHistogram(
1879 const base::FilePath& file_path) {
1880 const int64 file_size = GetFileSizeOrZero(file_path);
1881 const int file_size_kilobytes = static_cast<int>(file_size / 1024);
1882
1883 base::FilePath::StringType filename = file_path.BaseName().value();
1884
1885 // Default to logging DB sizes unless |file_path| points at PrefixSet storage.
1886 std::string histogram_name("SB2.DatabaseSizeKilobytes");
1887 if (EndsWith(filename, kPrefixSetFileSuffix, true)) {
1888 histogram_name = "SB2.PrefixSetSizeKilobytes";
1889 // Clear the PrefixSet suffix to have the histogram suffix selector below
1890 // work the same for PrefixSet-based storage as it does for simple safe
1891 // browsing stores.
1892 // The size of the kPrefixSetFileSuffix is the size of its array minus 1 as
1893 // the array includes the terminating '\0'.
1894 const size_t kPrefixSetSuffixSize = arraysize(kPrefixSetFileSuffix) - 1;
1895 filename.erase(filename.size() - kPrefixSetSuffixSize);
1896 }
1897
1898 // Changes to histogram suffixes below need to be mirrored in the
1899 // SafeBrowsingLists suffix enum in histograms.xml.
1900 if (EndsWith(filename, kBrowseDBFile, true))
1901 histogram_name.append(".Browse");
1902 else if (EndsWith(filename, kDownloadDBFile, true))
1903 histogram_name.append(".Download");
1904 else if (EndsWith(filename, kCsdWhitelistDBFile, true))
1905 histogram_name.append(".CsdWhitelist");
1906 else if (EndsWith(filename, kDownloadWhitelistDBFile, true))
1907 histogram_name.append(".DownloadWhitelist");
1908 else if (EndsWith(filename, kInclusionWhitelistDBFile, true))
1909 histogram_name.append(".InclusionWhitelist");
1910 else if (EndsWith(filename, kExtensionBlacklistDBFile, true))
1911 histogram_name.append(".ExtensionBlacklist");
1912 else if (EndsWith(filename, kSideEffectFreeWhitelistDBFile, true))
1913 histogram_name.append(".SideEffectFreeWhitelist");
1914 else if (EndsWith(filename, kIPBlacklistDBFile, true))
1915 histogram_name.append(".IPBlacklist");
1916 else if (EndsWith(filename, kUnwantedSoftwareDBFile, true))
1917 histogram_name.append(".UnwantedSoftware");
1918 else
1919 NOTREACHED(); // Add support for new lists above.
1920
1921 // Histogram properties as in UMA_HISTOGRAM_COUNTS macro.
1922 base::HistogramBase* histogram_pointer = base::Histogram::FactoryGet(
1923 histogram_name, 1, 1000000, 50,
1924 base::HistogramBase::kUmaTargetedHistogramFlag);
1925
1926 histogram_pointer->Add(file_size_kilobytes);
1927 }