chrome/common/safe_browsing/binary_feature_extractor.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 //
   5 // Utility functions to extract file features for malicious binary detection.
   6 // Each platform has its own implementation of this class.
   7
   8 #ifndef CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_
   9 #define CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_
  10
  11 #include <string>
  12
  13 #include "base/basictypes.h"
  14 #include "base/files/file.h"
  15 #include "base/memory/ref_counted.h"
  16 #include "third_party/protobuf/src/google/protobuf/repeated_field.h"
  17
  18 namespace base {
  19 class FilePath;
  20 }
  21
  22 namespace safe_browsing {
  23 class ClientDownloadRequest_Digests;
  24 class ClientDownloadRequest_ImageHeaders;
  25 class ClientDownloadRequest_SignatureInfo;
  26
  27 class BinaryFeatureExtractor
  28     : public base::RefCountedThreadSafe<BinaryFeatureExtractor> {
  29  public:
  30   // The type and defined values for a bitfield that controls aspects of image
  31   // header extraction.
  32   typedef uint32_t ExtractHeadersOption;
  33   static const ExtractHeadersOption kDefaultOptions = 0;
  34   static const ExtractHeadersOption kOmitExports = 1U << 0;
  35
  36   BinaryFeatureExtractor();
  37
  38   // Fills in the DownloadRequest_SignatureInfo for the given file path.
  39   // This method may be called on any thread.
  40   virtual void CheckSignature(
  41       const base::FilePath& file_path,
  42       ClientDownloadRequest_SignatureInfo* signature_info);
  43
  44   // Populates |image_headers| with the PE image headers of |file_path| and, if
  45   // non-null, |signed_data| with any PKCS#7 SignedData blobs found in the
  46   // image's attribute certificate table. |options| is a bitfield controlling
  47   // aspects of extraction. Returns true if |image_headers| is populated with
  48   // any information.
  49   virtual bool ExtractImageFeatures(
  50       const base::FilePath& file_path,
  51       ExtractHeadersOption options,
  52       ClientDownloadRequest_ImageHeaders* image_headers,
  53       google::protobuf::RepeatedPtrField<std::string>* signed_data);
  54
  55   // As above, but works with an already-opened file. BinaryFeatureExtractor
  56   // takes ownership of |file| and closes it when done.
  57   virtual bool ExtractImageFeaturesFromFile(
  58       base::File file,
  59       ExtractHeadersOption options,
  60       ClientDownloadRequest_ImageHeaders* image_headers,
  61       google::protobuf::RepeatedPtrField<std::string>* signed_data);
  62
  63   // As above, but works on a byte array containing image data. This does not
  64   // take ownership of the data.
  65   virtual bool ExtractImageFeaturesFromData(
  66       const uint8_t* data, size_t data_size,
  67       ExtractHeadersOption options,
  68       ClientDownloadRequest_ImageHeaders* image_headers,
  69       google::protobuf::RepeatedPtrField<std::string>* signed_data);
  70
  71   // Populates |digests.sha256| with the SHA256 digest of |file_path|.
  72   virtual void ExtractDigest(const base::FilePath& file_path,
  73                              ClientDownloadRequest_Digests* digests);
  74
  75  protected:
  76   friend class base::RefCountedThreadSafe<BinaryFeatureExtractor>;
  77   virtual ~BinaryFeatureExtractor();
  78
  79  private:
  80   DISALLOW_COPY_AND_ASSIGN(BinaryFeatureExtractor);
  81 };
  82 }  // namespace safe_browsing
  83
  84 #endif  // CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_