search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cros: Remove default pinned apps trial.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / database_manager.cc
blobc0f5e355d100d17029ae48ab7413bc12e70cc4d6
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/database_manager.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/command_line.h"
13 #include "base/debug/leak_tracker.h"
14 #include "base/path_service.h"
15 #include "base/stl_util.h"
16 #include "base/strings/string_util.h"
17 #include "base/threading/thread.h"
18 #include "base/threading/thread_restrictions.h"
19 #include "chrome/browser/browser_process.h"
20 #include "chrome/browser/chrome_notification_types.h"
21 #include "chrome/browser/metrics/metrics_service.h"
22 #include "chrome/browser/prerender/prerender_field_trial.h"
23 #include "chrome/browser/safe_browsing/client_side_detection_service.h"
24 #include "chrome/browser/safe_browsing/download_protection_service.h"
25 #include "chrome/browser/safe_browsing/malware_details.h"
26 #include "chrome/browser/safe_browsing/protocol_manager.h"
27 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
28 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
29 #include "chrome/browser/safe_browsing/ui_manager.h"
30 #include "chrome/common/chrome_constants.h"
31 #include "chrome/common/chrome_paths.h"
32 #include "chrome/common/chrome_switches.h"
33 #include "chrome/common/url_constants.h"
34 #include "components/startup_metric_utils/startup_metric_utils.h"
35 #include "content/public/browser/browser_thread.h"
36 #include "content/public/browser/notification_service.h"
37
38 using content::BrowserThread;
39
40 namespace {
41
42 // Timeout for match checks, e.g. download URLs, hashes.
43 const int kCheckTimeoutMs = 10000;
44
45 // Records disposition information about the check. |hit| should be
46 // |true| if there were any prefix hits in |full_hashes|.
47 void RecordGetHashCheckStatus(
48 bool hit,
49 safe_browsing_util::ListType check_type,
50 const std::vector<SBFullHashResult>& full_hashes) {
51 SafeBrowsingProtocolManager::ResultType result;
52 if (full_hashes.empty()) {
53 result = SafeBrowsingProtocolManager::GET_HASH_FULL_HASH_EMPTY;
54 } else if (hit) {
55 result = SafeBrowsingProtocolManager::GET_HASH_FULL_HASH_HIT;
56 } else {
57 result = SafeBrowsingProtocolManager::GET_HASH_FULL_HASH_MISS;
58 }
59 bool is_download = check_type == safe_browsing_util::BINURL ||
60 check_type == safe_browsing_util::BINHASH;
61 SafeBrowsingProtocolManager::RecordGetHashResult(is_download, result);
62 }
63
64 bool IsExpectedThreat(
65 const SBThreatType threat_type,
66 const std::vector<SBThreatType>& expected_threats) {
67 return expected_threats.end() != std::find(expected_threats.begin(),
68 expected_threats.end(),
69 threat_type);
70 }
71
72 } // namespace
73
74 SafeBrowsingDatabaseManager::SafeBrowsingCheck::SafeBrowsingCheck(
75 const std::vector<GURL>& urls,
76 const std::vector<SBFullHash>& full_hashes,
77 Client* client,
78 safe_browsing_util::ListType check_type,
79 const std::vector<SBThreatType>& expected_threats)
80 : urls(urls),
81 url_results(urls.size(), SB_THREAT_TYPE_SAFE),
82 full_hashes(full_hashes),
83 full_hash_results(full_hashes.size(), SB_THREAT_TYPE_SAFE),
84 client(client),
85 need_get_hash(false),
86 check_type(check_type),
87 expected_threats(expected_threats) {
88 DCHECK_EQ(urls.empty(), !full_hashes.empty())
89 << "Exactly one of urls and full_hashes must be set";
90 }
91
92 SafeBrowsingDatabaseManager::SafeBrowsingCheck::~SafeBrowsingCheck() {}
93
94 void SafeBrowsingDatabaseManager::Client::OnSafeBrowsingResult(
95 const SafeBrowsingCheck& check) {
96 DCHECK_EQ(check.urls.size(), check.url_results.size());
97 DCHECK_EQ(check.full_hashes.size(), check.full_hash_results.size());
98 if (!check.urls.empty()) {
99 DCHECK(check.full_hashes.empty());
100 switch (check.check_type) {
101 case safe_browsing_util::MALWARE:
102 case safe_browsing_util::PHISH:
103 DCHECK_EQ(1u, check.urls.size());
104 OnCheckBrowseUrlResult(check.urls[0], check.url_results[0]);
105 break;
106 case safe_browsing_util::BINURL:
107 DCHECK_EQ(check.urls.size(), check.url_results.size());
108 OnCheckDownloadUrlResult(
109 check.urls,
110 *std::max_element(check.url_results.begin(),
111 check.url_results.end()));
112 break;
113 default:
114 NOTREACHED();
115 }
116 } else if (!check.full_hashes.empty()) {
117 switch (check.check_type) {
118 case safe_browsing_util::BINHASH:
119 DCHECK_EQ(1u, check.full_hashes.size());
120 OnCheckDownloadHashResult(
121 safe_browsing_util::SBFullHashToString(check.full_hashes[0]),
122 check.full_hash_results[0]);
123 break;
124 case safe_browsing_util::EXTENSIONBLACKLIST: {
125 std::set<std::string> unsafe_extension_ids;
126 for (size_t i = 0; i < check.full_hashes.size(); ++i) {
127 std::string extension_id =
128 safe_browsing_util::SBFullHashToString(check.full_hashes[i]);
129 if (check.full_hash_results[i] == SB_THREAT_TYPE_EXTENSION)
130 unsafe_extension_ids.insert(extension_id);
131 }
132 OnCheckExtensionsResult(unsafe_extension_ids);
133 break;
134 }
135 default:
136 NOTREACHED();
137 }
138 } else {
139 NOTREACHED();
140 }
141 }
142
143 SafeBrowsingDatabaseManager::SafeBrowsingDatabaseManager(
144 const scoped_refptr<SafeBrowsingService>& service)
145 : sb_service_(service),
146 database_(NULL),
147 enabled_(false),
148 enable_download_protection_(false),
149 enable_csd_whitelist_(false),
150 enable_download_whitelist_(false),
151 enable_extension_blacklist_(false),
152 enable_side_effect_free_whitelist_(false),
153 enable_ip_blacklist_(false),
154 update_in_progress_(false),
155 database_update_in_progress_(false),
156 closing_database_(false),
157 check_timeout_(base::TimeDelta::FromMilliseconds(kCheckTimeoutMs)) {
158 DCHECK(sb_service_.get() != NULL);
159
160 CommandLine* cmdline = CommandLine::ForCurrentProcess();
161 enable_download_protection_ =
162 !cmdline->HasSwitch(switches::kSbDisableDownloadProtection);
163
164 // We only download the csd-whitelist if client-side phishing detection is
165 // enabled.
166 enable_csd_whitelist_ =
167 !cmdline->HasSwitch(switches::kDisableClientSidePhishingDetection);
168
169 // TODO(noelutz): remove this boolean variable since it should always be true
170 // if SafeBrowsing is enabled. Unfortunately, we have no test data for this
171 // list right now. This means that we need to be able to disable this list
172 // for the SafeBrowsing test to pass.
173 enable_download_whitelist_ = enable_csd_whitelist_;
174
175 // TODO(kalman): there really shouldn't be a flag for this.
176 enable_extension_blacklist_ =
177 !cmdline->HasSwitch(switches::kSbDisableExtensionBlacklist);
178
179 enable_side_effect_free_whitelist_ =
180 prerender::IsSideEffectFreeWhitelistEnabled() &&
181 !cmdline->HasSwitch(switches::kSbDisableSideEffectFreeWhitelist);
182
183 // The client-side IP blacklist feature is tightly integrated with client-side
184 // phishing protection for now.
185 enable_ip_blacklist_ = enable_csd_whitelist_;
186
187 enum SideEffectFreeWhitelistStatus {
188 SIDE_EFFECT_FREE_WHITELIST_ENABLED,
189 SIDE_EFFECT_FREE_WHITELIST_DISABLED,
190 SIDE_EFFECT_FREE_WHITELIST_STATUS_MAX
191 };
192
193 SideEffectFreeWhitelistStatus side_effect_free_whitelist_status =
194 enable_side_effect_free_whitelist_ ? SIDE_EFFECT_FREE_WHITELIST_ENABLED :
195 SIDE_EFFECT_FREE_WHITELIST_DISABLED;
196
197 UMA_HISTOGRAM_ENUMERATION("SB2.SideEffectFreeWhitelistStatus",
198 side_effect_free_whitelist_status,
199 SIDE_EFFECT_FREE_WHITELIST_STATUS_MAX);
200 }
201
202 SafeBrowsingDatabaseManager::~SafeBrowsingDatabaseManager() {
203 // We should have already been shut down. If we're still enabled, then the
204 // database isn't going to be closed properly, which could lead to corruption.
205 DCHECK(!enabled_);
206 }
207
208 bool SafeBrowsingDatabaseManager::CanCheckUrl(const GURL& url) const {
209 return url.SchemeIs(content::kFtpScheme) ||
210 url.SchemeIs(content::kHttpScheme) ||
211 url.SchemeIs(content::kHttpsScheme);
212 }
213
214 bool SafeBrowsingDatabaseManager::CheckDownloadUrl(
215 const std::vector<GURL>& url_chain,
216 Client* client) {
217 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
218 if (!enabled_ || !enable_download_protection_)
219 return true;
220
221 // We need to check the database for url prefix, and later may fetch the url
222 // from the safebrowsing backends. These need to be asynchronous.
223 SafeBrowsingCheck* check =
224 new SafeBrowsingCheck(url_chain,
225 std::vector<SBFullHash>(),
226 client,
227 safe_browsing_util::BINURL,
228 std::vector<SBThreatType>(1,
229 SB_THREAT_TYPE_BINARY_MALWARE_URL));
230 StartSafeBrowsingCheck(
231 check,
232 base::Bind(&SafeBrowsingDatabaseManager::CheckDownloadUrlOnSBThread, this,
233 check));
234 return false;
235 }
236
237 bool SafeBrowsingDatabaseManager::CheckDownloadHash(
238 const std::string& full_hash,
239 Client* client) {
240 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
241 DCHECK(!full_hash.empty());
242 if (!enabled_ || !enable_download_protection_ || full_hash.empty())
243 return true;
244
245 // We need to check the database for url prefix, and later may fetch the url
246 // from the safebrowsing backends. These need to be asynchronous.
247 std::vector<SBFullHash> full_hashes(
248 1, safe_browsing_util::StringToSBFullHash(full_hash));
249 SafeBrowsingCheck* check =
250 new SafeBrowsingCheck(std::vector<GURL>(),
251 full_hashes,
252 client,
253 safe_browsing_util::BINHASH,
254 std::vector<SBThreatType>(1,
255 SB_THREAT_TYPE_BINARY_MALWARE_HASH));
256 StartSafeBrowsingCheck(
257 check,
258 base::Bind(&SafeBrowsingDatabaseManager::CheckDownloadHashOnSBThread,this,
259 check));
260 return false;
261 }
262
263 bool SafeBrowsingDatabaseManager::CheckExtensionIDs(
264 const std::set<std::string>& extension_ids,
265 Client* client) {
266 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
267
268 if (!enabled_ || !enable_extension_blacklist_)
269 return true;
270
271 std::vector<SBFullHash> extension_id_hashes;
272 std::transform(extension_ids.begin(), extension_ids.end(),
273 std::back_inserter(extension_id_hashes),
274 safe_browsing_util::StringToSBFullHash);
275
276 SafeBrowsingCheck* check = new SafeBrowsingCheck(
277 std::vector<GURL>(),
278 extension_id_hashes,
279 client,
280 safe_browsing_util::EXTENSIONBLACKLIST,
281 std::vector<SBThreatType>(1, SB_THREAT_TYPE_EXTENSION));
282
283 StartSafeBrowsingCheck(
284 check,
285 base::Bind(&SafeBrowsingDatabaseManager::CheckExtensionIDsOnSBThread,
286 this,
287 check));
288 return false;
289 }
290
291 bool SafeBrowsingDatabaseManager::CheckSideEffectFreeWhitelistUrl(
292 const GURL& url) {
293 if (!enabled_)
294 return false;
295
296 if (!CanCheckUrl(url))
297 return false;
298
299 return database_->ContainsSideEffectFreeWhitelistUrl(url);
300 }
301
302 bool SafeBrowsingDatabaseManager::MatchMalwareIP(
303 const std::string& ip_address) {
304 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
305 if (!enabled_ || !enable_ip_blacklist_ || !MakeDatabaseAvailable()) {
306 return false; // Fail open.
307 }
308 return database_->ContainsMalwareIP(ip_address);
309 }
310
311 bool SafeBrowsingDatabaseManager::MatchCsdWhitelistUrl(const GURL& url) {
312 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
313 if (!enabled_ || !enable_csd_whitelist_ || !MakeDatabaseAvailable()) {
314 // There is something funky going on here -- for example, perhaps the user
315 // has not restarted since enabling metrics reporting, so we haven't
316 // enabled the csd whitelist yet. Just to be safe we return true in this
317 // case.
318 return true;
319 }
320 return database_->ContainsCsdWhitelistedUrl(url);
321 }
322
323 bool SafeBrowsingDatabaseManager::MatchDownloadWhitelistUrl(const GURL& url) {
324 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
325 if (!enabled_ || !enable_download_whitelist_ || !MakeDatabaseAvailable()) {
326 return true;
327 }
328 return database_->ContainsDownloadWhitelistedUrl(url);
329 }
330
331 bool SafeBrowsingDatabaseManager::MatchDownloadWhitelistString(
332 const std::string& str) {
333 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
334 if (!enabled_ || !enable_download_whitelist_ || !MakeDatabaseAvailable()) {
335 return true;
336 }
337 return database_->ContainsDownloadWhitelistedString(str);
338 }
339
340 bool SafeBrowsingDatabaseManager::IsMalwareKillSwitchOn() {
341 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
342 if (!enabled_ || !MakeDatabaseAvailable()) {
343 return true;
344 }
345 return database_->IsMalwareIPMatchKillSwitchOn();
346 }
347
348 bool SafeBrowsingDatabaseManager::CheckBrowseUrl(const GURL& url,
349 Client* client) {
350 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
351 if (!enabled_)
352 return true;
353
354 if (!CanCheckUrl(url))
355 return true;
356
357 std::vector<SBThreatType> expected_threats;
358 expected_threats.push_back(SB_THREAT_TYPE_URL_MALWARE);
359 expected_threats.push_back(SB_THREAT_TYPE_URL_PHISHING);
360
361 const base::TimeTicks start = base::TimeTicks::Now();
362 if (!MakeDatabaseAvailable()) {
363 QueuedCheck queued_check(safe_browsing_util::MALWARE, // or PHISH
364 client,
365 url,
366 expected_threats,
367 start);
368 queued_checks_.push_back(queued_check);
369 return false;
370 }
371
372 std::string list;
373 std::vector<SBPrefix> prefix_hits;
374 std::vector<SBFullHashResult> full_hits;
375
376 bool prefix_match =
377 database_->ContainsBrowseUrl(url, &list, &prefix_hits, &full_hits,
378 sb_service_->protocol_manager()->last_update());
379
380 UMA_HISTOGRAM_TIMES("SB2.FilterCheck", base::TimeTicks::Now() - start);
381
382 if (!prefix_match)
383 return true; // URL is okay.
384
385 // Needs to be asynchronous, since we could be in the constructor of a
386 // ResourceDispatcherHost event handler which can't pause there.
387 SafeBrowsingCheck* check = new SafeBrowsingCheck(std::vector<GURL>(1, url),
388 std::vector<SBFullHash>(),
389 client,
390 safe_browsing_util::MALWARE,
391 expected_threats);
392 check->need_get_hash = full_hits.empty();
393 check->prefix_hits.swap(prefix_hits);
394 check->full_hits.swap(full_hits);
395 checks_.insert(check);
396
397 BrowserThread::PostTask(
398 BrowserThread::IO, FROM_HERE,
399 base::Bind(&SafeBrowsingDatabaseManager::OnCheckDone, this, check));
400
401 return false;
402 }
403
404 void SafeBrowsingDatabaseManager::CancelCheck(Client* client) {
405 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
406 for (CurrentChecks::iterator i = checks_.begin(); i != checks_.end(); ++i) {
407 // We can't delete matching checks here because the db thread has a copy of
408 // the pointer. Instead, we simply NULL out the client, and when the db
409 // thread calls us back, we'll clean up the check.
410 if ((*i)->client == client)
411 (*i)->client = NULL;
412 }
413
414 // Scan the queued clients store. Clients may be here if they requested a URL
415 // check before the database has finished loading.
416 for (std::deque<QueuedCheck>::iterator it(queued_checks_.begin());
417 it != queued_checks_.end(); ) {
418 // In this case it's safe to delete matches entirely since nothing has a
419 // pointer to them.
420 if (it->client == client)
421 it = queued_checks_.erase(it);
422 else
423 ++it;
424 }
425 }
426
427 void SafeBrowsingDatabaseManager::HandleGetHashResults(
428 SafeBrowsingCheck* check,
429 const std::vector<SBFullHashResult>& full_hashes,
430 bool can_cache) {
431 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
432
433 if (!enabled_)
434 return;
435
436 // If the service has been shut down, |check| should have been deleted.
437 DCHECK(checks_.find(check) != checks_.end());
438
439 // |start| is set before calling |GetFullHash()|, which should be
440 // the only path which gets to here.
441 DCHECK(!check->start.is_null());
442 UMA_HISTOGRAM_LONG_TIMES("SB2.Network",
443 base::TimeTicks::Now() - check->start);
444
445 std::vector<SBPrefix> prefixes = check->prefix_hits;
446 OnHandleGetHashResults(check, full_hashes); // 'check' is deleted here.
447
448 if (can_cache && MakeDatabaseAvailable()) {
449 // Cache the GetHash results in memory:
450 database_->CacheHashResults(prefixes, full_hashes);
451 }
452 }
453
454 void SafeBrowsingDatabaseManager::GetChunks(GetChunksCallback callback) {
455 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
456 DCHECK(enabled_);
457 DCHECK(!callback.is_null());
458 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE, base::Bind(
459 &SafeBrowsingDatabaseManager::GetAllChunksFromDatabase, this, callback));
460 }
461
462 void SafeBrowsingDatabaseManager::AddChunks(const std::string& list,
463 SBChunkList* chunks,
464 AddChunksCallback callback) {
465 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
466 DCHECK(enabled_);
467 DCHECK(!callback.is_null());
468 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE, base::Bind(
469 &SafeBrowsingDatabaseManager::AddDatabaseChunks, this, list,
470 chunks, callback));
471 }
472
473 void SafeBrowsingDatabaseManager::DeleteChunks(
474 std::vector<SBChunkDelete>* chunk_deletes) {
475 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
476 DCHECK(enabled_);
477 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE, base::Bind(
478 &SafeBrowsingDatabaseManager::DeleteDatabaseChunks, this, chunk_deletes));
479 }
480
481 void SafeBrowsingDatabaseManager::UpdateStarted() {
482 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
483 DCHECK(enabled_);
484 DCHECK(!update_in_progress_);
485 update_in_progress_ = true;
486 }
487
488 void SafeBrowsingDatabaseManager::UpdateFinished(bool update_succeeded) {
489 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
490 DCHECK(enabled_);
491 if (update_in_progress_) {
492 update_in_progress_ = false;
493 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE,
494 base::Bind(&SafeBrowsingDatabaseManager::DatabaseUpdateFinished,
495 this, update_succeeded));
496 }
497 }
498
499 void SafeBrowsingDatabaseManager::ResetDatabase() {
500 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
501 DCHECK(enabled_);
502 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE, base::Bind(
503 &SafeBrowsingDatabaseManager::OnResetDatabase, this));
504 }
505
506 void SafeBrowsingDatabaseManager::PurgeMemory() {
507 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
508 CloseDatabase();
509 }
510
511 void SafeBrowsingDatabaseManager::LogPauseDelay(base::TimeDelta time) {
512 UMA_HISTOGRAM_LONG_TIMES("SB2.Delay", time);
513 }
514
515 void SafeBrowsingDatabaseManager::StartOnIOThread() {
516 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
517 if (enabled_)
518 return;
519
520 DCHECK(!safe_browsing_thread_.get());
521 safe_browsing_thread_.reset(new base::Thread("Chrome_SafeBrowsingThread"));
522 if (!safe_browsing_thread_->Start())
523 return;
524 enabled_ = true;
525
526 MakeDatabaseAvailable();
527 }
528
529 void SafeBrowsingDatabaseManager::StopOnIOThread(bool shutdown) {
530 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
531
532 DoStopOnIOThread();
533 if (shutdown) {
534 sb_service_ = NULL;
535 }
536 }
537
538 void SafeBrowsingDatabaseManager::NotifyDatabaseUpdateFinished(
539 bool update_succeeded) {
540 content::NotificationService::current()->Notify(
541 chrome::NOTIFICATION_SAFE_BROWSING_UPDATE_COMPLETE,
542 content::Source<SafeBrowsingDatabaseManager>(this),
543 content::Details<bool>(&update_succeeded));
544 }
545
546 SafeBrowsingDatabaseManager::QueuedCheck::QueuedCheck(
547 const safe_browsing_util::ListType check_type,
548 Client* client,
549 const GURL& url,
550 const std::vector<SBThreatType>& expected_threats,
551 const base::TimeTicks& start)
552 : check_type(check_type),
553 client(client),
554 url(url),
555 expected_threats(expected_threats),
556 start(start) {
557 }
558
559 SafeBrowsingDatabaseManager::QueuedCheck::~QueuedCheck() {
560 }
561
562 void SafeBrowsingDatabaseManager::DoStopOnIOThread() {
563 if (!enabled_)
564 return;
565
566 enabled_ = false;
567
568 // Delete queued checks, calling back any clients with 'SB_THREAT_TYPE_SAFE'.
569 // If we don't do this here we may fail to close the database below.
570 while (!queued_checks_.empty()) {
571 QueuedCheck queued = queued_checks_.front();
572 if (queued.client) {
573 SafeBrowsingCheck sb_check(std::vector<GURL>(1, queued.url),
574 std::vector<SBFullHash>(),
575 queued.client,
576 queued.check_type,
577 queued.expected_threats);
578 queued.client->OnSafeBrowsingResult(sb_check);
579 }
580 queued_checks_.pop_front();
581 }
582
583 // Close the database. We don't simply DeleteSoon() because if a close is
584 // already pending, we'll double-free, and we don't set |database_| to NULL
585 // because if there is still anything running on the db thread, it could
586 // create a new database object (via GetDatabase()) that would then leak.
587 CloseDatabase();
588
589 // Flush the database thread. Any in-progress database check results will be
590 // ignored and cleaned up below.
591 //
592 // Note that to avoid leaking the database, we rely on the fact that no new
593 // tasks will be added to the db thread between the call above and this one.
594 // See comments on the declaration of |safe_browsing_thread_|.
595 {
596 // A ScopedAllowIO object is required to join the thread when calling Stop.
597 // See http://crbug.com/72696. Note that we call Stop() first to clear out
598 // any remaining tasks before clearing safe_browsing_thread_.
599 base::ThreadRestrictions::ScopedAllowIO allow_io_for_thread_join;
600 safe_browsing_thread_->Stop();
601 safe_browsing_thread_.reset();
602 }
603
604 // Delete pending checks, calling back any clients with 'SB_THREAT_TYPE_SAFE'.
605 // We have to do this after the db thread returns because methods on it can
606 // have copies of these pointers, so deleting them might lead to accessing
607 // garbage.
608 for (CurrentChecks::iterator it = checks_.begin();
609 it != checks_.end(); ++it) {
610 SafeBrowsingCheck* check = *it;
611 if (check->client)
612 check->client->OnSafeBrowsingResult(*check);
613 }
614 STLDeleteElements(&checks_);
615
616 gethash_requests_.clear();
617 }
618
619 bool SafeBrowsingDatabaseManager::DatabaseAvailable() const {
620 base::AutoLock lock(database_lock_);
621 return !closing_database_ && (database_ != NULL);
622 }
623
624 bool SafeBrowsingDatabaseManager::MakeDatabaseAvailable() {
625 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
626 DCHECK(enabled_);
627 if (DatabaseAvailable())
628 return true;
629 safe_browsing_thread_->message_loop()->PostTask(
630 FROM_HERE,
631 base::Bind(base::IgnoreResult(&SafeBrowsingDatabaseManager::GetDatabase),
632 this));
633 return false;
634 }
635
636 void SafeBrowsingDatabaseManager::CloseDatabase() {
637 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
638
639 // Cases to avoid:
640 // * If |closing_database_| is true, continuing will queue up a second
641 // request, |closing_database_| will be reset after handling the first
642 // request, and if any functions on the db thread recreate the database, we
643 // could start using it on the IO thread and then have the second request
644 // handler delete it out from under us.
645 // * If |database_| is NULL, then either no creation request is in flight, in
646 // which case we don't need to do anything, or one is in flight, in which
647 // case the database will be recreated before our deletion request is
648 // handled, and could be used on the IO thread in that time period, leading
649 // to the same problem as above.
650 // * If |queued_checks_| is non-empty and |database_| is non-NULL, we're
651 // about to be called back (in DatabaseLoadComplete()). This will call
652 // CheckUrl(), which will want the database. Closing the database here
653 // would lead to an infinite loop in DatabaseLoadComplete(), and even if it
654 // didn't, it would be pointless since we'd just want to recreate.
655 //
656 // The first two cases above are handled by checking DatabaseAvailable().
657 if (!DatabaseAvailable() || !queued_checks_.empty())
658 return;
659
660 closing_database_ = true;
661 if (safe_browsing_thread_.get()) {
662 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE,
663 base::Bind(&SafeBrowsingDatabaseManager::OnCloseDatabase, this));
664 }
665 }
666
667 SafeBrowsingDatabase* SafeBrowsingDatabaseManager::GetDatabase() {
668 DCHECK_EQ(base::MessageLoop::current(),
669 safe_browsing_thread_->message_loop());
670 if (database_)
671 return database_;
672 startup_metric_utils::ScopedSlowStartupUMA
673 scoped_timer("Startup.SlowStartupSafeBrowsingGetDatabase");
674 const base::TimeTicks before = base::TimeTicks::Now();
675
676 SafeBrowsingDatabase* database =
677 SafeBrowsingDatabase::Create(enable_download_protection_,
678 enable_csd_whitelist_,
679 enable_download_whitelist_,
680 enable_extension_blacklist_,
681 enable_side_effect_free_whitelist_,
682 enable_ip_blacklist_);
683
684 database->Init(SafeBrowsingService::GetBaseFilename());
685 {
686 // Acquiring the lock here guarantees correct ordering between the writes to
687 // the new database object above, and the setting of |databse_| below.
688 base::AutoLock lock(database_lock_);
689 database_ = database;
690 }
691
692 BrowserThread::PostTask(
693 BrowserThread::IO, FROM_HERE,
694 base::Bind(&SafeBrowsingDatabaseManager::DatabaseLoadComplete, this));
695
696 UMA_HISTOGRAM_TIMES("SB2.DatabaseOpen", base::TimeTicks::Now() - before);
697 return database_;
698 }
699
700 void SafeBrowsingDatabaseManager::OnCheckDone(SafeBrowsingCheck* check) {
701 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
702
703 if (!enabled_)
704 return;
705
706 // If the service has been shut down, |check| should have been deleted.
707 DCHECK(checks_.find(check) != checks_.end());
708
709 if (check->client && check->need_get_hash) {
710 // We have a partial match so we need to query Google for the full hash.
711 // Clean up will happen in HandleGetHashResults.
712
713 // See if we have a GetHash request already in progress for this particular
714 // prefix. If so, we just append ourselves to the list of interested parties
715 // when the results arrive. We only do this for checks involving one prefix,
716 // since that is the common case (multiple prefixes will issue the request
717 // as normal).
718 if (check->prefix_hits.size() == 1) {
719 SBPrefix prefix = check->prefix_hits[0];
720 GetHashRequests::iterator it = gethash_requests_.find(prefix);
721 if (it != gethash_requests_.end()) {
722 // There's already a request in progress.
723 it->second.push_back(check);
724 return;
725 }
726
727 // No request in progress, so we're the first for this prefix.
728 GetHashRequestors requestors;
729 requestors.push_back(check);
730 gethash_requests_[prefix] = requestors;
731 }
732
733 // Reset the start time so that we can measure the network time without the
734 // database time.
735 check->start = base::TimeTicks::Now();
736 // Note: If |this| is deleted or stopped, the protocol_manager will
737 // be destroyed as well - hence it's OK to do unretained in this case.
738 bool is_download = check->check_type == safe_browsing_util::BINURL ||
739 check->check_type == safe_browsing_util::BINHASH;
740 sb_service_->protocol_manager()->GetFullHash(
741 check->prefix_hits,
742 base::Bind(&SafeBrowsingDatabaseManager::HandleGetHashResults,
743 base::Unretained(this),
744 check),
745 is_download);
746 } else {
747 // We may have cached results for previous GetHash queries. Since
748 // this data comes from cache, don't histogram hits.
749 HandleOneCheck(check, check->full_hits);
750 }
751 }
752
753 void SafeBrowsingDatabaseManager::GetAllChunksFromDatabase(
754 GetChunksCallback callback) {
755 DCHECK_EQ(base::MessageLoop::current(),
756 safe_browsing_thread_->message_loop());
757
758 bool database_error = true;
759 std::vector<SBListChunkRanges> lists;
760 DCHECK(!database_update_in_progress_);
761 database_update_in_progress_ = true;
762 GetDatabase(); // This guarantees that |database_| is non-NULL.
763 if (database_->UpdateStarted(&lists)) {
764 database_error = false;
765 } else {
766 database_->UpdateFinished(false);
767 }
768
769 BrowserThread::PostTask(
770 BrowserThread::IO, FROM_HERE,
771 base::Bind(&SafeBrowsingDatabaseManager::OnGetAllChunksFromDatabase,
772 this, lists, database_error, callback));
773 }
774
775 void SafeBrowsingDatabaseManager::OnGetAllChunksFromDatabase(
776 const std::vector<SBListChunkRanges>& lists, bool database_error,
777 GetChunksCallback callback) {
778 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
779 if (enabled_)
780 callback.Run(lists, database_error);
781 }
782
783 void SafeBrowsingDatabaseManager::OnAddChunksComplete(
784 AddChunksCallback callback) {
785 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
786 if (enabled_)
787 callback.Run();
788 }
789
790 void SafeBrowsingDatabaseManager::DatabaseLoadComplete() {
791 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
792 if (!enabled_)
793 return;
794
795 HISTOGRAM_COUNTS("SB.QueueDepth", queued_checks_.size());
796 if (queued_checks_.empty())
797 return;
798
799 // If the database isn't already available, calling CheckUrl() in the loop
800 // below will add the check back to the queue, and we'll infinite-loop.
801 DCHECK(DatabaseAvailable());
802 while (!queued_checks_.empty()) {
803 QueuedCheck check = queued_checks_.front();
804 DCHECK(!check.start.is_null());
805 HISTOGRAM_TIMES("SB.QueueDelay", base::TimeTicks::Now() - check.start);
806 // If CheckUrl() determines the URL is safe immediately, it doesn't call the
807 // client's handler function (because normally it's being directly called by
808 // the client). Since we're not the client, we have to convey this result.
809 if (check.client && CheckBrowseUrl(check.url, check.client)) {
810 SafeBrowsingCheck sb_check(std::vector<GURL>(1, check.url),
811 std::vector<SBFullHash>(),
812 check.client,
813 check.check_type,
814 check.expected_threats);
815 check.client->OnSafeBrowsingResult(sb_check);
816 }
817 queued_checks_.pop_front();
818 }
819 }
820
821 void SafeBrowsingDatabaseManager::AddDatabaseChunks(
822 const std::string& list_name, SBChunkList* chunks,
823 AddChunksCallback callback) {
824 DCHECK_EQ(base::MessageLoop::current(),
825 safe_browsing_thread_->message_loop());
826 if (chunks) {
827 GetDatabase()->InsertChunks(list_name, *chunks);
828 delete chunks;
829 }
830 BrowserThread::PostTask(
831 BrowserThread::IO, FROM_HERE,
832 base::Bind(&SafeBrowsingDatabaseManager::OnAddChunksComplete, this,
833 callback));
834 }
835
836 void SafeBrowsingDatabaseManager::DeleteDatabaseChunks(
837 std::vector<SBChunkDelete>* chunk_deletes) {
838 DCHECK_EQ(base::MessageLoop::current(),
839 safe_browsing_thread_->message_loop());
840 if (chunk_deletes) {
841 GetDatabase()->DeleteChunks(*chunk_deletes);
842 delete chunk_deletes;
843 }
844 }
845
846 SBThreatType SafeBrowsingDatabaseManager::GetThreatTypeFromListname(
847 const std::string& list_name) {
848 if (safe_browsing_util::IsPhishingList(list_name)) {
849 return SB_THREAT_TYPE_URL_PHISHING;
850 }
851
852 if (safe_browsing_util::IsMalwareList(list_name)) {
853 return SB_THREAT_TYPE_URL_MALWARE;
854 }
855
856 if (safe_browsing_util::IsBadbinurlList(list_name)) {
857 return SB_THREAT_TYPE_BINARY_MALWARE_URL;
858 }
859
860 if (safe_browsing_util::IsBadbinhashList(list_name)) {
861 return SB_THREAT_TYPE_BINARY_MALWARE_HASH;
862 }
863
864 if (safe_browsing_util::IsExtensionList(list_name)) {
865 return SB_THREAT_TYPE_EXTENSION;
866 }
867
868 DVLOG(1) << "Unknown safe browsing list " << list_name;
869 return SB_THREAT_TYPE_SAFE;
870 }
871
872 void SafeBrowsingDatabaseManager::DatabaseUpdateFinished(
873 bool update_succeeded) {
874 DCHECK_EQ(base::MessageLoop::current(),
875 safe_browsing_thread_->message_loop());
876 GetDatabase()->UpdateFinished(update_succeeded);
877 DCHECK(database_update_in_progress_);
878 database_update_in_progress_ = false;
879 BrowserThread::PostTask(
880 BrowserThread::UI, FROM_HERE,
881 base::Bind(&SafeBrowsingDatabaseManager::NotifyDatabaseUpdateFinished,
882 this, update_succeeded));
883 }
884
885 void SafeBrowsingDatabaseManager::OnCloseDatabase() {
886 DCHECK_EQ(base::MessageLoop::current(),
887 safe_browsing_thread_->message_loop());
888 DCHECK(closing_database_);
889
890 // Because |closing_database_| is true, nothing on the IO thread will be
891 // accessing the database, so it's safe to delete and then NULL the pointer.
892 delete database_;
893 database_ = NULL;
894
895 // Acquiring the lock here guarantees correct ordering between the resetting
896 // of |database_| above and of |closing_database_| below, which ensures there
897 // won't be a window during which the IO thread falsely believes the database
898 // is available.
899 base::AutoLock lock(database_lock_);
900 closing_database_ = false;
901 }
902
903 void SafeBrowsingDatabaseManager::OnResetDatabase() {
904 DCHECK_EQ(base::MessageLoop::current(),
905 safe_browsing_thread_->message_loop());
906 GetDatabase()->ResetDatabase();
907 }
908
909 void SafeBrowsingDatabaseManager::CacheHashResults(
910 const std::vector<SBPrefix>& prefixes,
911 const std::vector<SBFullHashResult>& full_hashes) {
912 DCHECK_EQ(base::MessageLoop::current(),
913 safe_browsing_thread_->message_loop());
914 GetDatabase()->CacheHashResults(prefixes, full_hashes);
915 }
916
917 void SafeBrowsingDatabaseManager::OnHandleGetHashResults(
918 SafeBrowsingCheck* check,
919 const std::vector<SBFullHashResult>& full_hashes) {
920 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
921 safe_browsing_util::ListType check_type = check->check_type;
922 SBPrefix prefix = check->prefix_hits[0];
923 GetHashRequests::iterator it = gethash_requests_.find(prefix);
924 if (check->prefix_hits.size() > 1 || it == gethash_requests_.end()) {
925 const bool hit = HandleOneCheck(check, full_hashes);
926 RecordGetHashCheckStatus(hit, check_type, full_hashes);
927 return;
928 }
929
930 // Call back all interested parties, noting if any has a hit.
931 GetHashRequestors& requestors = it->second;
932 bool hit = false;
933 for (GetHashRequestors::iterator r = requestors.begin();
934 r != requestors.end(); ++r) {
935 if (HandleOneCheck(*r, full_hashes))
936 hit = true;
937 }
938 RecordGetHashCheckStatus(hit, check_type, full_hashes);
939
940 gethash_requests_.erase(it);
941 }
942
943 bool SafeBrowsingDatabaseManager::HandleOneCheck(
944 SafeBrowsingCheck* check,
945 const std::vector<SBFullHashResult>& full_hashes) {
946 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
947 DCHECK(check);
948
949 bool is_threat = false;
950
951 for (size_t i = 0; i < check->urls.size(); ++i) {
952 int index =
953 safe_browsing_util::GetUrlHashIndex(check->urls[i], full_hashes);
954 if (index == -1)
955 continue;
956 SBThreatType threat =
957 GetThreatTypeFromListname(full_hashes[index].list_name);
958 if (threat != SB_THREAT_TYPE_SAFE &&
959 IsExpectedThreat(threat, check->expected_threats)) {
960 check->url_results[i] = threat;
961 is_threat = true;
962 }
963 }
964
965 for (size_t i = 0; i < check->full_hashes.size(); ++i) {
966 int index =
967 safe_browsing_util::GetHashIndex(check->full_hashes[i], full_hashes);
968 if (index == -1)
969 continue;
970 SBThreatType threat =
971 GetThreatTypeFromListname(full_hashes[index].list_name);
972 if (threat != SB_THREAT_TYPE_SAFE &&
973 IsExpectedThreat(threat, check->expected_threats)) {
974 check->full_hash_results[i] = threat;
975 is_threat = true;
976 }
977 }
978
979 SafeBrowsingCheckDone(check);
980 return is_threat;
981 }
982
983 void SafeBrowsingDatabaseManager::CheckDownloadHashOnSBThread(
984 SafeBrowsingCheck* check) {
985 DCHECK_EQ(base::MessageLoop::current(),
986 safe_browsing_thread_->message_loop());
987 DCHECK(enable_download_protection_);
988
989 DCHECK_EQ(1u, check->full_hashes.size());
990 SBFullHash full_hash = check->full_hashes[0];
991
992 if (!database_->ContainsDownloadHashPrefix(full_hash.prefix)) {
993 // Good, we don't have hash for this url prefix.
994 BrowserThread::PostTask(
995 BrowserThread::IO, FROM_HERE,
996 base::Bind(&SafeBrowsingDatabaseManager::CheckDownloadHashDone, this,
997 check));
998 return;
999 }
1000
1001 check->need_get_hash = true;
1002 check->prefix_hits.push_back(full_hash.prefix);
1003 BrowserThread::PostTask(
1004 BrowserThread::IO, FROM_HERE,
1005 base::Bind(&SafeBrowsingDatabaseManager::OnCheckDone, this, check));
1006 }
1007
1008 void SafeBrowsingDatabaseManager::CheckDownloadUrlOnSBThread(
1009 SafeBrowsingCheck* check) {
1010 DCHECK_EQ(base::MessageLoop::current(),
1011 safe_browsing_thread_->message_loop());
1012 DCHECK(enable_download_protection_);
1013
1014 std::vector<SBPrefix> prefix_hits;
1015
1016 if (!database_->ContainsDownloadUrl(check->urls, &prefix_hits)) {
1017 // Good, we don't have hash for this url prefix.
1018 BrowserThread::PostTask(
1019 BrowserThread::IO, FROM_HERE,
1020 base::Bind(&SafeBrowsingDatabaseManager::CheckDownloadUrlDone, this,
1021 check));
1022 return;
1023 }
1024
1025 check->need_get_hash = true;
1026 check->prefix_hits.clear();
1027 check->prefix_hits = prefix_hits;
1028 BrowserThread::PostTask(
1029 BrowserThread::IO, FROM_HERE,
1030 base::Bind(&SafeBrowsingDatabaseManager::OnCheckDone, this, check));
1031 }
1032
1033 void SafeBrowsingDatabaseManager::CheckExtensionIDsOnSBThread(
1034 SafeBrowsingCheck* check) {
1035 DCHECK_EQ(base::MessageLoop::current(),
1036 safe_browsing_thread_->message_loop());
1037
1038 std::vector<SBPrefix> prefixes;
1039 for (std::vector<SBFullHash>::iterator it = check->full_hashes.begin();
1040 it != check->full_hashes.end(); ++it) {
1041 prefixes.push_back((*it).prefix);
1042 }
1043 database_->ContainsExtensionPrefixes(prefixes, &check->prefix_hits);
1044
1045 if (check->prefix_hits.empty()) {
1046 // No matches for any extensions.
1047 BrowserThread::PostTask(
1048 BrowserThread::IO,
1049 FROM_HERE,
1050 base::Bind(&SafeBrowsingDatabaseManager::SafeBrowsingCheckDone, this,
1051 check));
1052 } else {
1053 // Some prefixes matched, we need to ask Google whether they're legit.
1054 check->need_get_hash = true;
1055 BrowserThread::PostTask(
1056 BrowserThread::IO,
1057 FROM_HERE,
1058 base::Bind(&SafeBrowsingDatabaseManager::OnCheckDone, this, check));
1059 }
1060 }
1061
1062 void SafeBrowsingDatabaseManager::TimeoutCallback(SafeBrowsingCheck* check) {
1063 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1064 DCHECK(check);
1065
1066 if (!enabled_)
1067 return;
1068
1069 DCHECK(checks_.find(check) != checks_.end());
1070 if (check->client) {
1071 check->client->OnSafeBrowsingResult(*check);
1072 check->client = NULL;
1073 }
1074 }
1075
1076 void SafeBrowsingDatabaseManager::CheckDownloadUrlDone(
1077 SafeBrowsingCheck* check) {
1078 DCHECK(enable_download_protection_);
1079 SafeBrowsingCheckDone(check);
1080 }
1081
1082 void SafeBrowsingDatabaseManager::CheckDownloadHashDone(
1083 SafeBrowsingCheck* check) {
1084 DCHECK(enable_download_protection_);
1085 SafeBrowsingCheckDone(check);
1086 }
1087
1088 void SafeBrowsingDatabaseManager::SafeBrowsingCheckDone(
1089 SafeBrowsingCheck* check) {
1090 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1091 DCHECK(check);
1092
1093 if (!enabled_)
1094 return;
1095
1096 VLOG(1) << "SafeBrowsingCheckDone";
1097 DCHECK(checks_.find(check) != checks_.end());
1098 if (check->client)
1099 check->client->OnSafeBrowsingResult(*check);
1100 checks_.erase(check);
1101 delete check;
1102 }
1103
1104 void SafeBrowsingDatabaseManager::StartSafeBrowsingCheck(
1105 SafeBrowsingCheck* check,
1106 const base::Closure& task) {
1107 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
1108 check->timeout_factory_.reset(
1109 new base::WeakPtrFactory<SafeBrowsingDatabaseManager>(this));
1110 checks_.insert(check);
1111
1112 safe_browsing_thread_->message_loop()->PostTask(FROM_HERE, task);
1113
1114 base::MessageLoop::current()->PostDelayedTask(FROM_HERE,
1115 base::Bind(&SafeBrowsingDatabaseManager::TimeoutCallback,
1116 check->timeout_factory_->GetWeakPtr(), check),
1117 check_timeout_);
1118 }