Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_database.h
blob4d57ea31ac1084b9f5eab1f60e85c025526d701b
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
6 #define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <vector>
13 #include "base/containers/hash_tables.h"
14 #include "base/files/file_path.h"
15 #include "base/gtest_prod_util.h"
16 #include "base/memory/scoped_ptr.h"
17 #include "base/memory/weak_ptr.h"
18 #include "base/sequenced_task_runner.h"
19 #include "base/synchronization/lock.h"
20 #include "base/time/time.h"
21 #include "chrome/browser/safe_browsing/safe_browsing_store.h"
23 namespace safe_browsing {
24 class PrefixSet;
27 class GURL;
28 class SafeBrowsingDatabase;
30 // Factory for creating SafeBrowsingDatabase. Tests implement this factory
31 // to create fake Databases for testing.
32 class SafeBrowsingDatabaseFactory {
33 public:
34 SafeBrowsingDatabaseFactory() { }
35 virtual ~SafeBrowsingDatabaseFactory() { }
36 virtual SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
37 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
38 bool enable_download_protection,
39 bool enable_client_side_whitelist,
40 bool enable_download_whitelist,
41 bool enable_extension_blacklist,
42 bool enable_ip_blacklist,
43 bool enable_unwanted_software_list) = 0;
45 private:
46 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactory);
49 // Encapsulates on-disk databases that for safebrowsing. There are
50 // four databases: browse, download, download whitelist and
51 // client-side detection (csd) whitelist databases. The browse database contains
52 // information about phishing and malware urls. The download database contains
53 // URLs for bad binaries (e.g: those containing virus) and hash of
54 // these downloaded contents. The download whitelist contains whitelisted
55 // download hosting sites as well as whitelisted binary signing certificates
56 // etc. The csd whitelist database contains URLs that will never be considered
57 // as phishing by the client-side phishing detection. These on-disk databases
58 // are shared among all profiles, as it doesn't contain user-specific data. This
59 // object is not thread-safe, i.e. all its methods should be used on the same
60 // thread that it was created on, unless specified otherwise.
61 class SafeBrowsingDatabase {
62 public:
63 // Factory method for obtaining a SafeBrowsingDatabase implementation.
64 // It is not thread safe.
65 // The browse list and off-domain inclusion whitelist are always on;
66 // availability of other lists is controlled by the flags on this method.
67 static SafeBrowsingDatabase* Create(
68 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
69 bool enable_download_protection,
70 bool enable_client_side_whitelist,
71 bool enable_download_whitelist,
72 bool enable_extension_blacklist,
73 bool enable_ip_blacklist,
74 bool enable_unwanted_software_list);
76 // Makes the passed |factory| the factory used to instantiate
77 // a SafeBrowsingDatabase. This is used for tests.
78 static void RegisterFactory(SafeBrowsingDatabaseFactory* factory) {
79 factory_ = factory;
82 virtual ~SafeBrowsingDatabase();
84 // Initializes the database with the given filename.
85 virtual void Init(const base::FilePath& filename) = 0;
87 // Deletes the current database and creates a new one.
88 virtual bool ResetDatabase() = 0;
90 // Returns false if |url| is not in the browse database or already was cached
91 // as a miss. If it returns true, |prefix_hits| contains sorted unique
92 // matching hash prefixes which had no cached results and |cache_hits|
93 // contains any matching cached gethash results. This function is safe to
94 // call from any thread.
95 virtual bool ContainsBrowseUrl(
96 const GURL& url,
97 std::vector<SBPrefix>* prefix_hits,
98 std::vector<SBFullHashResult>* cache_hits) = 0;
100 // Returns true iff the given url is on the unwanted software blacklist.
101 // Returns false if |url| is not in the browse database or already was cached
102 // as a miss. If it returns true, |prefix_hits| contains sorted unique
103 // matching hash prefixes which had no cached results and |cache_hits|
104 // contains any matching cached gethash results. This function is safe to
105 // call from any thread.
106 virtual bool ContainsUnwantedSoftwareUrl(
107 const GURL& url,
108 std::vector<SBPrefix>* prefix_hits,
109 std::vector<SBFullHashResult>* cache_hits) = 0;
111 // Returns false if none of |prefixes| are in Download database. If it returns
112 // true, |prefix_hits| should contain the prefixes for the URLs that were in
113 // the database. This function can ONLY be accessed from creation thread.
114 virtual bool ContainsDownloadUrlPrefixes(
115 const std::vector<SBPrefix>& prefixes,
116 std::vector<SBPrefix>* prefix_hits) = 0;
118 // Returns false if |url| is not on the client-side phishing detection
119 // whitelist. Otherwise, this function returns true. Note: the whitelist
120 // only contains full-length hashes so we don't return any prefix hit. This
121 // function is safe to call from any thread.
122 virtual bool ContainsCsdWhitelistedUrl(const GURL& url) = 0;
124 // The download whitelist is used for two purposes: a white-domain list of
125 // sites that are considered to host only harmless binaries as well as a
126 // whitelist of arbitrary strings such as hashed certificate authorities that
127 // are considered to be trusted. The two methods below let you lookup the
128 // whitelist either for a URL or an arbitrary string. These methods will
129 // return false if no match is found and true otherwise. This function is safe
130 // to call from any thread.
131 virtual bool ContainsDownloadWhitelistedUrl(const GURL& url) = 0;
132 virtual bool ContainsDownloadWhitelistedString(const std::string& str) = 0;
134 // Returns true if |url| is on the off-domain inclusion whitelist.
135 virtual bool ContainsInclusionWhitelistedUrl(const GURL& url) = 0;
137 // Populates |prefix_hits| with any prefixes in |prefixes| that have matches
138 // in the database, returning true if there were any matches.
140 // This function can ONLY be accessed from the creation thread.
141 virtual bool ContainsExtensionPrefixes(
142 const std::vector<SBPrefix>& prefixes,
143 std::vector<SBPrefix>* prefix_hits) = 0;
145 // Returns true iff the given IP is currently on the csd malware IP blacklist.
146 // This function is safe to call from any thread.
147 virtual bool ContainsMalwareIP(const std::string& ip_address) = 0;
149 // A database transaction should look like:
151 // std::vector<SBListChunkRanges> lists;
152 // if (db.UpdateStarted(&lists)) {
153 // // Do something with |lists|.
155 // // Process add/sub commands.
156 // db.InsertChunks(list_name, chunks);
158 // // Process adddel/subdel commands.
159 // db.DeleteChunks(chunks_deletes);
161 // // If passed true, processes the collected chunk info and
162 // // rebuilds the filter. If passed false, rolls everything
163 // // back.
164 // db.UpdateFinished(success);
165 // }
167 // If UpdateStarted() returns true, the caller MUST eventually call
168 // UpdateFinished(). If it returns false, the caller MUST NOT call
169 // the other functions.
170 virtual bool UpdateStarted(std::vector<SBListChunkRanges>* lists) = 0;
171 virtual void InsertChunks(const std::string& list_name,
172 const std::vector<SBChunkData*>& chunks) = 0;
173 virtual void DeleteChunks(
174 const std::vector<SBChunkDelete>& chunk_deletes) = 0;
175 virtual void UpdateFinished(bool update_succeeded) = 0;
177 // Store the results of a GetHash response. In the case of empty results, we
178 // cache the prefixes until the next update so that we don't have to issue
179 // further GetHash requests we know will be empty. This function is safe to
180 // call from any thread.
181 virtual void CacheHashResults(
182 const std::vector<SBPrefix>& prefixes,
183 const std::vector<SBFullHashResult>& full_hits,
184 const base::TimeDelta& cache_lifetime) = 0;
186 // Returns true if the malware IP blacklisting killswitch URL is present
187 // in the csd whitelist. This function is safe to call from any thread.
188 virtual bool IsMalwareIPMatchKillSwitchOn() = 0;
190 // Returns true if the whitelist killswitch URL is present in the csd
191 // whitelist. This function is safe to call from any thread.
192 virtual bool IsCsdWhitelistKillSwitchOn() = 0;
194 // The name of the bloom-filter file for the given database file.
195 // NOTE(shess): OBSOLETE. Present for deleting stale files.
196 static base::FilePath BloomFilterForFilename(
197 const base::FilePath& db_filename);
199 // The name of the prefix set file for the given database file.
200 static base::FilePath PrefixSetForFilename(const base::FilePath& db_filename);
202 // Filename for malware and phishing URL database.
203 static base::FilePath BrowseDBFilename(
204 const base::FilePath& db_base_filename);
206 // Filename for download URL and download binary hash database.
207 static base::FilePath DownloadDBFilename(
208 const base::FilePath& db_base_filename);
210 // Filename for client-side phishing detection whitelist databsae.
211 static base::FilePath CsdWhitelistDBFilename(
212 const base::FilePath& csd_whitelist_base_filename);
214 // Filename for download whitelist databsae.
215 static base::FilePath DownloadWhitelistDBFilename(
216 const base::FilePath& download_whitelist_base_filename);
218 // Filename for the off-domain inclusion whitelist databsae.
219 static base::FilePath InclusionWhitelistDBFilename(
220 const base::FilePath& inclusion_whitelist_base_filename);
222 // Filename for extension blacklist database.
223 static base::FilePath ExtensionBlacklistDBFilename(
224 const base::FilePath& extension_blacklist_base_filename);
226 // Filename for side-effect free whitelist database. This database no longer
227 // exists, but the filename is retained so the database may be deleted.
228 static base::FilePath SideEffectFreeWhitelistDBFilename(
229 const base::FilePath& side_effect_free_whitelist_base_filename);
231 // Filename for the csd malware IP blacklist database.
232 static base::FilePath IpBlacklistDBFilename(
233 const base::FilePath& ip_blacklist_base_filename);
235 // Filename for the unwanted software blacklist database.
236 static base::FilePath UnwantedSoftwareDBFilename(
237 const base::FilePath& db_filename);
239 // Get the prefixes matching the download |urls|.
240 static void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
241 std::vector<SBPrefix>* prefixes);
243 // SafeBrowsing Database failure types for histogramming purposes. Explicitly
244 // label new values and do not re-use old values. Also make sure to reflect
245 // modifications made below in the SB2DatabaseFailure histogram enum.
246 enum FailureType {
247 FAILURE_DATABASE_CORRUPT = 0,
248 FAILURE_DATABASE_CORRUPT_HANDLER = 1,
249 FAILURE_BROWSE_DATABASE_UPDATE_BEGIN = 2,
250 FAILURE_BROWSE_DATABASE_UPDATE_FINISH = 3,
251 FAILURE_DATABASE_FILTER_MISSING_OBSOLETE = 4,
252 FAILURE_DATABASE_FILTER_READ_OBSOLETE = 5,
253 FAILURE_DATABASE_FILTER_WRITE_OBSOLETE = 6,
254 FAILURE_DATABASE_FILTER_DELETE = 7,
255 FAILURE_DATABASE_STORE_MISSING = 8,
256 FAILURE_DATABASE_STORE_DELETE = 9,
257 FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN = 10,
258 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH = 11,
259 FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN = 12,
260 FAILURE_WHITELIST_DATABASE_UPDATE_FINISH = 13,
261 FAILURE_BROWSE_PREFIX_SET_READ = 14,
262 FAILURE_BROWSE_PREFIX_SET_WRITE = 15,
263 FAILURE_BROWSE_PREFIX_SET_DELETE = 16,
264 FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN = 17,
265 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH = 18,
266 FAILURE_EXTENSION_BLACKLIST_DELETE = 19,
267 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN = 20,
268 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH = 21,
269 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE = 22,
270 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ = 23,
271 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE = 24,
272 // Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE = 25,
273 FAILURE_IP_BLACKLIST_UPDATE_BEGIN = 26,
274 FAILURE_IP_BLACKLIST_UPDATE_FINISH = 27,
275 FAILURE_IP_BLACKLIST_UPDATE_INVALID = 28,
276 FAILURE_IP_BLACKLIST_DELETE = 29,
277 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN = 30,
278 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH = 31,
279 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ = 32,
280 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE = 33,
281 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE = 34,
283 // Memory space for histograms is determined by the max. ALWAYS
284 // ADD NEW VALUES BEFORE THIS ONE.
285 FAILURE_DATABASE_MAX
288 static void RecordFailure(FailureType failure_type);
290 private:
291 // The factory used to instantiate a SafeBrowsingDatabase object.
292 // Useful for tests, so they can provide their own implementation of
293 // SafeBrowsingDatabase.
294 static SafeBrowsingDatabaseFactory* factory_;
297 class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
298 public:
299 // Create a database with the stores below. Takes ownership of all store
300 // objects handed to this constructor. Ignores all future operations on lists
301 // for which the store is initialized to NULL.
302 SafeBrowsingDatabaseNew(
303 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
304 SafeBrowsingStore* browse_store,
305 SafeBrowsingStore* download_store,
306 SafeBrowsingStore* csd_whitelist_store,
307 SafeBrowsingStore* download_whitelist_store,
308 SafeBrowsingStore* inclusion_whitelist_store,
309 SafeBrowsingStore* extension_blacklist_store,
310 SafeBrowsingStore* ip_blacklist_store,
311 SafeBrowsingStore* unwanted_software_store);
313 ~SafeBrowsingDatabaseNew() override;
315 // Implement SafeBrowsingDatabase interface.
316 void Init(const base::FilePath& filename) override;
317 bool ResetDatabase() override;
318 bool ContainsBrowseUrl(const GURL& url,
319 std::vector<SBPrefix>* prefix_hits,
320 std::vector<SBFullHashResult>* cache_hits) override;
321 bool ContainsUnwantedSoftwareUrl(
322 const GURL& url,
323 std::vector<SBPrefix>* prefix_hits,
324 std::vector<SBFullHashResult>* cache_hits) override;
325 bool ContainsDownloadUrlPrefixes(const std::vector<SBPrefix>& prefixes,
326 std::vector<SBPrefix>* prefix_hits) override;
327 bool ContainsCsdWhitelistedUrl(const GURL& url) override;
328 bool ContainsDownloadWhitelistedUrl(const GURL& url) override;
329 bool ContainsDownloadWhitelistedString(const std::string& str) override;
330 bool ContainsInclusionWhitelistedUrl(const GURL& url) override;
331 bool ContainsExtensionPrefixes(const std::vector<SBPrefix>& prefixes,
332 std::vector<SBPrefix>* prefix_hits) override;
333 bool ContainsMalwareIP(const std::string& ip_address) override;
334 bool UpdateStarted(std::vector<SBListChunkRanges>* lists) override;
335 void InsertChunks(const std::string& list_name,
336 const std::vector<SBChunkData*>& chunks) override;
337 void DeleteChunks(const std::vector<SBChunkDelete>& chunk_deletes) override;
338 void UpdateFinished(bool update_succeeded) override;
339 void CacheHashResults(const std::vector<SBPrefix>& prefixes,
340 const std::vector<SBFullHashResult>& full_hits,
341 const base::TimeDelta& cache_lifetime) override;
343 // Returns the value of malware_kill_switch_;
344 bool IsMalwareIPMatchKillSwitchOn() override;
346 // Returns true if the CSD whitelist has everything whitelisted.
347 bool IsCsdWhitelistKillSwitchOn() override;
349 private:
350 friend class SafeBrowsingDatabaseTest;
351 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, HashCaching);
352 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, CachedFullMiss);
353 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, CachedPrefixHitFullMiss);
354 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, BrowseFullHashMatching);
355 FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest,
356 BrowseFullHashAndPrefixMatching);
358 // A SafeBrowsing whitelist contains a list of whitelisted full-hashes (stored
359 // in a sorted vector) as well as a boolean flag indicating whether all
360 // lookups in the whitelist should be considered matches for safety.
361 typedef std::pair<std::vector<SBFullHash>, bool> SBWhitelist;
363 // This map holds a csd malware IP blacklist which maps a prefix mask
364 // to a set of hashed blacklisted IP prefixes. Each IP prefix is a hashed
365 // IPv6 IP prefix using SHA-1.
366 typedef std::map<std::string, base::hash_set<std::string> > IPBlacklist;
368 typedef std::map<SBPrefix, SBCachedFullHashResult> PrefixGetHashCache;
370 // The ThreadSafeStateManager holds the SafeBrowsingDatabase's state which
371 // must be accessed in a thread-safe fashion. It must be constructed on the
372 // SafeBrowsingDatabaseManager's main thread. The main thread will then be the
373 // only thread on which this state can be modified; allowing for unlocked
374 // reads on the main thread and thus avoiding contention while performing
375 // intensive operations such as writing that state to disk. The state can only
376 // be accessed via (Read|Write)Transactions obtained through this class which
377 // will automatically handle thread-safety.
378 class ThreadSafeStateManager {
379 public:
380 // Identifiers for stores held by the ThreadSafeStateManager. Allows helper
381 // methods to start a transaction themselves and keep it as short as
382 // possible rather than force callers to start the transaction early to pass
383 // a store pointer to the said helper methods.
384 enum class SBWhitelistId {
385 CSD,
386 DOWNLOAD,
387 INCLUSION,
389 enum class PrefixSetId {
390 BROWSE,
391 UNWANTED_SOFTWARE,
394 // Obtained through BeginReadTransaction(NoLockOnMainTaskRunner)?(): a
395 // ReadTransaction allows read-only observations of the
396 // ThreadSafeStateManager's state. The |prefix_gethash_cache_| has a special
397 // allowance to be writable from a ReadTransaction but can't benefit from
398 // unlocked ReadTransactions. ReadTransaction should be held for the
399 // shortest amount of time possible (e.g., release it before computing final
400 // results if possible).
401 class ReadTransaction;
403 // Obtained through BeginWriteTransaction(): a WriteTransaction allows
404 // modification of the ThreadSafeStateManager's state. It should be used for
405 // the shortest amount of time possible (e.g., pre-compute the new state
406 // before grabbing a WriteTransaction to swap it in atomically).
407 class WriteTransaction;
409 explicit ThreadSafeStateManager(
410 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner);
411 ~ThreadSafeStateManager();
413 scoped_ptr<ReadTransaction> BeginReadTransaction();
414 scoped_ptr<ReadTransaction> BeginReadTransactionNoLockOnMainTaskRunner();
415 scoped_ptr<WriteTransaction> BeginWriteTransaction();
417 private:
418 // The sequenced task runner for this object, used to verify that its state
419 // is only ever accessed from the runner.
420 scoped_refptr<const base::SequencedTaskRunner> db_task_runner_;
422 // Lock for protecting access to this class' state.
423 mutable base::Lock lock_;
425 SBWhitelist csd_whitelist_;
426 SBWhitelist download_whitelist_;
427 SBWhitelist inclusion_whitelist_;
429 // The IP blacklist should be small. At most a couple hundred IPs.
430 IPBlacklist ip_blacklist_;
432 // PrefixSets to speed up lookups for particularly large lists. The
433 // PrefixSet themselves are never modified, instead a new one is swapped in
434 // on update.
435 scoped_ptr<const safe_browsing::PrefixSet> browse_prefix_set_;
436 scoped_ptr<const safe_browsing::PrefixSet> unwanted_software_prefix_set_;
438 // Cache of gethash results for prefix stores. Entries should not be used if
439 // they are older than their expire_after field. Cached misses will have
440 // empty full_hashes field. Cleared on each update. The cache is "mutable"
441 // as it can be written to from any transaction holding the lock, including
442 // ReadTransactions.
443 mutable PrefixGetHashCache prefix_gethash_cache_;
445 DISALLOW_COPY_AND_ASSIGN(ThreadSafeStateManager);
448 // Forward the above inner-definitions to alleviate some verbosity in the
449 // impl.
450 using SBWhitelistId = ThreadSafeStateManager::SBWhitelistId;
451 using PrefixSetId = ThreadSafeStateManager::PrefixSetId;
452 using ReadTransaction = ThreadSafeStateManager::ReadTransaction;
453 using WriteTransaction = ThreadSafeStateManager::WriteTransaction;
455 // Manages the non-thread safe (i.e. only to be accessed to the database's
456 // main thread) state of this class.
457 class DatabaseStateManager {
458 public:
459 explicit DatabaseStateManager(
460 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner);
461 ~DatabaseStateManager();
463 void init_filename_base(const base::FilePath& filename_base) {
464 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
465 DCHECK(filename_base_.empty()) << "filename already initialized";
466 filename_base_ = filename_base;
469 const base::FilePath& filename_base() {
470 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
471 return filename_base_;
474 void set_corruption_detected() {
475 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
476 corruption_detected_ = true;
479 void reset_corruption_detected() {
480 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
481 corruption_detected_ = false;
484 bool corruption_detected() {
485 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
486 return corruption_detected_;
489 void set_change_detected() {
490 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
491 change_detected_ = true;
494 void reset_change_detected() {
495 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
496 change_detected_ = false;
499 bool change_detected() {
500 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
501 return change_detected_;
504 private:
505 // The sequenced task runner for this object, used to verify that its state
506 // is only ever accessed from the runner.
507 scoped_refptr<const base::SequencedTaskRunner> db_task_runner_;
509 // The base filename passed to Init(), used to generate the store and prefix
510 // set filenames used to store data on disk.
511 base::FilePath filename_base_;
513 // Set if corruption is detected during the course of an update.
514 // Causes the update functions to fail with no side effects, until
515 // the next call to |UpdateStarted()|.
516 bool corruption_detected_;
518 // Set to true if any chunks are added or deleted during an update.
519 // Used to optimize away database update.
520 bool change_detected_;
522 DISALLOW_COPY_AND_ASSIGN(DatabaseStateManager);
525 bool PrefixSetContainsUrl(const GURL& url,
526 PrefixSetId prefix_set_id,
527 std::vector<SBPrefix>* prefix_hits,
528 std::vector<SBFullHashResult>* cache_hits);
530 // Exposed for testing of PrefixSetContainsUrlHashes() on the
531 // PrefixSet backing kMalwareList.
532 bool ContainsBrowseUrlHashesForTesting(
533 const std::vector<SBFullHash>& full_hashes,
534 std::vector<SBPrefix>* prefix_hits,
535 std::vector<SBFullHashResult>* cache_hits);
537 bool PrefixSetContainsUrlHashes(const std::vector<SBFullHash>& full_hashes,
538 PrefixSetId prefix_set_id,
539 std::vector<SBPrefix>* prefix_hits,
540 std::vector<SBFullHashResult>* cache_hits);
542 // Returns true if the whitelist is disabled or if any of the given hashes
543 // matches the whitelist.
544 bool ContainsWhitelistedHashes(SBWhitelistId whitelist_id,
545 const std::vector<SBFullHash>& hashes);
547 // Return the store matching |list_id|.
548 SafeBrowsingStore* GetStore(int list_id);
550 // Deletes the files on disk.
551 bool Delete();
553 // Load the prefix set in "|db_filename| Prefix Set" off disk, if available,
554 // and stores it in the PrefixSet identified by |prefix_set_id|.
555 // |read_failure_type| provides a caller-specific error code to be used on
556 // failure. This method should only ever be called during initialization as
557 // it performs some disk IO while holding a transaction (for the sake of
558 // avoiding uncessary back-and-forth interactions with the lock during
559 // Init()).
560 void LoadPrefixSet(const base::FilePath& db_filename,
561 ThreadSafeStateManager::WriteTransaction* txn,
562 PrefixSetId prefix_set_id,
563 FailureType read_failure_type);
565 // Writes the current prefix set "|db_filename| Prefix Set" on disk.
566 // |write_failure_type| provides a caller-specific error code to be used on
567 // failure.
568 void WritePrefixSet(const base::FilePath& db_filename,
569 PrefixSetId prefix_set_id,
570 FailureType write_failure_type);
572 // Loads the given full-length hashes to the given whitelist. If the number
573 // of hashes is too large or if the kill switch URL is on the whitelist
574 // we will whitelist everything.
575 void LoadWhitelist(const std::vector<SBAddFullHash>& full_hashes,
576 SBWhitelistId whitelist_id);
578 // Parses the IP blacklist from the given full-length hashes.
579 void LoadIpBlacklist(const std::vector<SBAddFullHash>& full_hashes);
581 // Helpers for handling database corruption.
582 // |OnHandleCorruptDatabase()| runs |ResetDatabase()| and sets
583 // |corruption_detected_|, |HandleCorruptDatabase()| posts
584 // |OnHandleCorruptDatabase()| to the current thread, to be run
585 // after the current task completes.
586 // TODO(shess): Wire things up to entirely abort the update
587 // transaction when this happens.
588 void HandleCorruptDatabase();
589 void OnHandleCorruptDatabase();
591 // Helpers for InsertChunks().
592 void InsertAddChunk(SafeBrowsingStore* store,
593 safe_browsing_util::ListType list_id,
594 const SBChunkData& chunk);
595 void InsertSubChunk(SafeBrowsingStore* store,
596 safe_browsing_util::ListType list_id,
597 const SBChunkData& chunk);
599 // Updates the |store| and stores the result on disk under |store_filename|.
600 void UpdateHashPrefixStore(const base::FilePath& store_filename,
601 SafeBrowsingStore* store,
602 FailureType failure_type);
604 // Updates a PrefixStore store for URLs (|url_store|) which is backed on disk
605 // by a "|db_filename| Prefix Set" file. Specific failure types are provided
606 // to highlight the specific store who made the initial request on failure.
607 // |store_full_hashes_in_prefix_set| dictates whether full_hashes from the
608 // |url_store| should be cached in the |prefix_set| as well.
609 void UpdatePrefixSetUrlStore(const base::FilePath& db_filename,
610 SafeBrowsingStore* url_store,
611 PrefixSetId prefix_set_id,
612 FailureType finish_failure_type,
613 FailureType write_failure_type,
614 bool store_full_hashes_in_prefix_set);
616 void UpdateUrlStore(SafeBrowsingStore* url_store,
617 PrefixSetId prefix_set_id,
618 FailureType failure_type);
620 void UpdateWhitelistStore(const base::FilePath& store_filename,
621 SafeBrowsingStore* store,
622 SBWhitelistId whitelist_id);
623 void UpdateIpBlacklistStore();
625 // Returns a raw pointer to ThreadSafeStateManager's PrefixGetHashCache for
626 // testing. This should only be used in unit tests (where multi-threading and
627 // synchronization are not problematic).
628 PrefixGetHashCache* GetUnsynchronizedPrefixGetHashCacheForTesting();
630 // Records a file size histogram for the database or PrefixSet backed by
631 // |filename|.
632 void RecordFileSizeHistogram(const base::FilePath& file_path);
634 // The sequenced task runner for this object, used to verify that its state
635 // is only ever accessed from the runner and post some tasks to it.
636 scoped_refptr<base::SequencedTaskRunner> db_task_runner_;
638 ThreadSafeStateManager state_manager_;
640 DatabaseStateManager db_state_manager_;
642 // Underlying persistent stores for chunk data:
643 // - |browse_store_|: For browsing related (phishing and malware URLs)
644 // chunks and prefixes.
645 // - |download_store_|: For download related (download URL and binary hash)
646 // chunks and prefixes.
647 // - |csd_whitelist_store_|: For the client-side phishing detection
648 // whitelist chunks and full-length hashes. This list only contains 256
649 // bit hashes.
650 // - |download_whitelist_store_|: For the download whitelist chunks and
651 // full-length hashes. This list only contains 256 bit hashes.
652 // - |inclusion_whitelist_store_|: For the inclusion whitelist. Same format
653 // as |download_whitelist_store_|.
654 // - |extension_blacklist_store_|: For extension IDs.
655 // - |ip_blacklist_store_|: For IP blacklist.
656 // - |unwanted_software_store_|: For unwanted software list (format
657 // identical to browsing lists).
659 // The stores themselves will be modified throughout the existence of this
660 // database, but shouldn't ever be swapped out (hence the const scoped_ptr --
661 // which could be swapped for C++11's std::optional when that's available).
662 // They are NonThreadSafe and should thus only be accessed on the database's
663 // main thread as enforced by SafeBrowsingStoreFile's implementation.
664 const scoped_ptr<SafeBrowsingStore> browse_store_;
665 const scoped_ptr<SafeBrowsingStore> download_store_;
666 const scoped_ptr<SafeBrowsingStore> csd_whitelist_store_;
667 const scoped_ptr<SafeBrowsingStore> download_whitelist_store_;
668 const scoped_ptr<SafeBrowsingStore> inclusion_whitelist_store_;
669 const scoped_ptr<SafeBrowsingStore> extension_blacklist_store_;
670 const scoped_ptr<SafeBrowsingStore> ip_blacklist_store_;
671 const scoped_ptr<SafeBrowsingStore> unwanted_software_store_;
673 // Used to schedule resetting the database because of corruption. This factory
674 // and the WeakPtrs it issues should only be used on the database's main
675 // thread.
676 base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_;
679 #endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_