chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h"
   6
   7 #include <string>
   8
   9 #include "base/bind.h"
  10 #include "base/callback.h"
  11 #include "base/files/file_util.h"
  12 #include "base/metrics/histogram.h"
  13 #include "base/strings/string_number_conversions.h"
  14 #include "base/strings/string_util.h"
  15 #include "base/strings/stringprintf.h"
  16 #include "base/time/time.h"
  17 #include "chrome/browser/browser_process.h"
  18 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incident.h"
  19 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
  20 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
  21 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
  22 #include "chrome/common/safe_browsing/csd.pb.h"
  23
  24 namespace safe_browsing {
  25
  26 namespace {
  27
  28 void RecordSignatureVerificationTime(size_t file_index,
  29     const base::TimeDelta& verification_time) {
  30   static const char kHistogramName[] = "SBIRS.VerifyBinaryIntegrity.";
  31
  32   base::HistogramBase* signature_verification_time_histogram =
  33       base::Histogram::FactoryTimeGet(
  34           std::string(kHistogramName) + base::IntToString(file_index),
  35           base::TimeDelta::FromMilliseconds(1),
  36           base::TimeDelta::FromSeconds(20),
  37           50,
  38           base::Histogram::kUmaTargetedHistogramFlag);
  39
  40     signature_verification_time_histogram->AddTime(verification_time);
  41 }
  42
  43 }  // namespace
  44
  45 void RegisterBinaryIntegrityAnalysis() {
  46 #if defined(OS_WIN)
  47   scoped_refptr<SafeBrowsingService> safe_browsing_service(
  48       g_browser_process->safe_browsing_service());
  49
  50   safe_browsing_service->RegisterDelayedAnalysisCallback(
  51       base::Bind(&VerifyBinaryIntegrity));
  52 #endif
  53 }
  54
  55 void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) {
  56   scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor(
  57       new BinaryFeatureExtractor());
  58
  59   std::vector<base::FilePath> critical_binaries = GetCriticalBinariesPath();
  60   for (size_t i = 0; i < critical_binaries.size(); ++i) {
  61     base::FilePath binary_path(critical_binaries[i]);
  62     if (!base::PathExists(binary_path))
  63       continue;
  64
  65     scoped_ptr<ClientDownloadRequest_SignatureInfo> signature_info(
  66         new ClientDownloadRequest_SignatureInfo());
  67
  68     base::TimeTicks time_before = base::TimeTicks::Now();
  69     binary_feature_extractor->CheckSignature(binary_path, signature_info.get());
  70     RecordSignatureVerificationTime(i, base::TimeTicks::Now() - time_before);
  71
  72     // Only create a report if the signature is untrusted.
  73     if (!signature_info->trusted()) {
  74       scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>
  75           incident(
  76               new ClientIncidentReport_IncidentData_BinaryIntegrityIncident());
  77
  78       incident->set_file_basename(binary_path.BaseName().AsUTF8Unsafe());
  79       incident->set_allocated_signature(signature_info.release());
  80
  81       // Send the report.
  82       incident_receiver->AddIncidentForProcess(
  83           make_scoped_ptr(new BinaryIntegrityIncident(incident.Pass())));
  84     }
  85   }
  86 }
  87
  88 #if !defined(OS_WIN)
  89 std::vector<base::FilePath> GetCriticalBinariesPath() {
  90   return std::vector<base::FilePath>();
  91 }
  92 #endif  // !defined(OS_WIN)
  93
  94 }  // namespace safe_browsing