search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_database.cc
blob5a7929e17c12765db3631e4faa7efb8bfb5dc909
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
6
7 #include <algorithm>
8 #include <iterator>
9
10 #include "base/bind.h"
11 #include "base/files/file_util.h"
12 #include "base/macros.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/metrics/histogram.h"
15 #include "base/process/process_handle.h"
16 #include "base/process/process_metrics.h"
17 #include "base/sha1.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/time/time.h"
22 #include "chrome/browser/safe_browsing/prefix_set.h"
23 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h"
24 #include "content/public/browser/browser_thread.h"
25 #include "crypto/sha2.h"
26 #include "net/base/ip_address_number.h"
27 #include "url/gurl.h"
28
29 #if defined(OS_MACOSX)
30 #include "base/mac/mac_util.h"
31 #endif
32
33 using content::BrowserThread;
34 using safe_browsing::PrefixSet;
35 using safe_browsing::PrefixSetBuilder;
36
37 namespace {
38
39 // Filename suffix for the bloom filter.
40 const base::FilePath::CharType kBloomFilterFileSuffix[] =
41 FILE_PATH_LITERAL(" Filter 2");
42 // Filename suffix for the prefix set.
43 const base::FilePath::CharType kPrefixSetFileSuffix[] =
44 FILE_PATH_LITERAL(" Prefix Set");
45 // Filename suffix for download store.
46 const base::FilePath::CharType kDownloadDBFile[] =
47 FILE_PATH_LITERAL(" Download");
48 // Filename suffix for client-side phishing detection whitelist store.
49 const base::FilePath::CharType kCsdWhitelistDBFile[] =
50 FILE_PATH_LITERAL(" Csd Whitelist");
51 // Filename suffix for the download whitelist store.
52 const base::FilePath::CharType kDownloadWhitelistDBFile[] =
53 FILE_PATH_LITERAL(" Download Whitelist");
54 // Filename suffix for the off-domain inclusion whitelist store.
55 const base::FilePath::CharType kInclusionWhitelistDBFile[] =
56 FILE_PATH_LITERAL(" Inclusion Whitelist");
57 // Filename suffix for the extension blacklist store.
58 const base::FilePath::CharType kExtensionBlacklistDBFile[] =
59 FILE_PATH_LITERAL(" Extension Blacklist");
60 // Filename suffix for the side-effect free whitelist store.
61 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] =
62 FILE_PATH_LITERAL(" Side-Effect Free Whitelist");
63 // Filename suffix for the csd malware IP blacklist store.
64 const base::FilePath::CharType kIPBlacklistDBFile[] =
65 FILE_PATH_LITERAL(" IP Blacklist");
66 // Filename suffix for the unwanted software blacklist store.
67 const base::FilePath::CharType kUnwantedSoftwareDBFile[] =
68 FILE_PATH_LITERAL(" UwS List");
69
70 // Filename suffix for browse store.
71 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
72 // Unfortunately, to change the name implies lots of transition code
73 // for little benefit. If/when file formats change (say to put all
74 // the data in one file), that would be a convenient point to rectify
75 // this.
76 // TODO(shess): This shouldn't be OS-driven <http://crbug.com/394379>
77 #if defined(OS_ANDROID)
78 // NOTE(shess): This difference is also reflected in the list name in
79 // safe_browsing_util.cc.
80 // TODO(shess): Spin up an alternate list id which can be persisted in the
81 // store. Then if a mistake is made, it won't cause confusion between
82 // incompatible lists.
83 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Mobile");
84 #else
85 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
86 #endif
87
88 // Maximum number of entries we allow in any of the whitelists.
89 // If a whitelist on disk contains more entries then all lookups to
90 // the whitelist will be considered a match.
91 const size_t kMaxWhitelistSize = 5000;
92
93 // If the hash of this exact expression is on a whitelist then all
94 // lookups to this whitelist will be considered a match.
95 const char kWhitelistKillSwitchUrl[] =
96 "sb-ssl.google.com/safebrowsing/csd/killswitch"; // Don't change this!
97
98 // If the hash of this exact expression is on a whitelist then the
99 // malware IP blacklisting feature will be disabled in csd.
100 // Don't change this!
101 const char kMalwareIPKillSwitchUrl[] =
102 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware";
103
104 const size_t kMaxIpPrefixSize = 128;
105 const size_t kMinIpPrefixSize = 1;
106
107 // To save space, the incoming |chunk_id| and |list_id| are combined
108 // into an |encoded_chunk_id| for storage by shifting the |list_id|
109 // into the low-order bits. These functions decode that information.
110 // TODO(lzheng): It was reasonable when database is saved in sqlite, but
111 // there should be better ways to save chunk_id and list_id after we use
112 // SafeBrowsingStoreFile.
113 int GetListIdBit(const int encoded_chunk_id) {
114 return encoded_chunk_id & 1;
115 }
116 int DecodeChunkId(int encoded_chunk_id) {
117 return encoded_chunk_id >> 1;
118 }
119 int EncodeChunkId(const int chunk, const int list_id) {
120 DCHECK_NE(list_id, safe_browsing_util::INVALID);
121 return chunk << 1 | list_id % 2;
122 }
123
124 // Generate the set of full hashes to check for |url|. If
125 // |include_whitelist_hashes| is true we will generate additional path-prefixes
126 // to match against the csd whitelist. E.g., if the path-prefix /foo is on the
127 // whitelist it should also match /foo/bar which is not the case for all the
128 // other lists. We'll also always add a pattern for the empty path.
129 // TODO(shess): This function is almost the same as
130 // |CompareFullHashes()| in safe_browsing_util.cc, except that code
131 // does an early exit on match. Since match should be the infrequent
132 // case (phishing or malware found), consider combining this function
133 // with that one.
134 void UrlToFullHashes(const GURL& url,
135 bool include_whitelist_hashes,
136 std::vector<SBFullHash>* full_hashes) {
137 std::vector<std::string> hosts;
138 if (url.HostIsIPAddress()) {
139 hosts.push_back(url.host());
140 } else {
141 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
142 }
143
144 std::vector<std::string> paths;
145 safe_browsing_util::GeneratePathsToCheck(url, &paths);
146
147 for (size_t i = 0; i < hosts.size(); ++i) {
148 for (size_t j = 0; j < paths.size(); ++j) {
149 const std::string& path = paths[j];
150 full_hashes->push_back(SBFullHashForString(hosts[i] + path));
151
152 // We may have /foo as path-prefix in the whitelist which should
153 // also match with /foo/bar and /foo?bar. Hence, for every path
154 // that ends in '/' we also add the path without the slash.
155 if (include_whitelist_hashes &&
156 path.size() > 1 &&
157 path[path.size() - 1] == '/') {
158 full_hashes->push_back(
159 SBFullHashForString(hosts[i] + path.substr(0, path.size() - 1)));
160 }
161 }
162 }
163 }
164
165 // Helper function to compare addprefixes in |store| with |prefixes|.
166 // The |list_bit| indicates which list (url or hash) to compare.
167 //
168 // Returns true if there is a match, |*prefix_hits| (if non-NULL) will contain
169 // the actual matching prefixes.
170 bool MatchAddPrefixes(SafeBrowsingStore* store,
171 int list_bit,
172 const std::vector<SBPrefix>& prefixes,
173 std::vector<SBPrefix>* prefix_hits) {
174 prefix_hits->clear();
175 bool found_match = false;
176
177 SBAddPrefixes add_prefixes;
178 store->GetAddPrefixes(&add_prefixes);
179 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin();
180 iter != add_prefixes.end(); ++iter) {
181 for (size_t j = 0; j < prefixes.size(); ++j) {
182 const SBPrefix& prefix = prefixes[j];
183 if (prefix == iter->prefix &&
184 GetListIdBit(iter->chunk_id) == list_bit) {
185 prefix_hits->push_back(prefix);
186 found_match = true;
187 }
188 }
189 }
190 return found_match;
191 }
192
193 // This function generates a chunk range string for |chunks|. It
194 // outputs one chunk range string per list and writes it to the
195 // |list_ranges| vector. We expect |list_ranges| to already be of the
196 // right size. E.g., if |chunks| contains chunks with two different
197 // list ids then |list_ranges| must contain two elements.
198 void GetChunkRanges(const std::vector<int>& chunks,
199 std::vector<std::string>* list_ranges) {
200 // Since there are 2 possible list ids, there must be exactly two
201 // list ranges. Even if the chunk data should only contain one
202 // line, this code has to somehow handle corruption.
203 DCHECK_EQ(2U, list_ranges->size());
204
205 std::vector<std::vector<int> > decoded_chunks(list_ranges->size());
206 for (std::vector<int>::const_iterator iter = chunks.begin();
207 iter != chunks.end(); ++iter) {
208 int mod_list_id = GetListIdBit(*iter);
209 DCHECK_GE(mod_list_id, 0);
210 DCHECK_LT(static_cast<size_t>(mod_list_id), decoded_chunks.size());
211 decoded_chunks[mod_list_id].push_back(DecodeChunkId(*iter));
212 }
213 for (size_t i = 0; i < decoded_chunks.size(); ++i) {
214 ChunksToRangeString(decoded_chunks[i], &((*list_ranges)[i]));
215 }
216 }
217
218 // Helper function to create chunk range lists for Browse related
219 // lists.
220 void UpdateChunkRanges(SafeBrowsingStore* store,
221 const std::vector<std::string>& listnames,
222 std::vector<SBListChunkRanges>* lists) {
223 if (!store)
224 return;
225
226 DCHECK_GT(listnames.size(), 0U);
227 DCHECK_LE(listnames.size(), 2U);
228 std::vector<int> add_chunks;
229 std::vector<int> sub_chunks;
230 store->GetAddChunks(&add_chunks);
231 store->GetSubChunks(&sub_chunks);
232
233 // Always decode 2 ranges, even if only the first one is expected.
234 // The loop below will only load as many into |lists| as |listnames|
235 // indicates.
236 std::vector<std::string> adds(2);
237 std::vector<std::string> subs(2);
238 GetChunkRanges(add_chunks, &adds);
239 GetChunkRanges(sub_chunks, &subs);
240
241 for (size_t i = 0; i < listnames.size(); ++i) {
242 const std::string& listname = listnames[i];
243 DCHECK_EQ(safe_browsing_util::GetListId(listname) % 2,
244 static_cast<int>(i % 2));
245 DCHECK_NE(safe_browsing_util::GetListId(listname),
246 safe_browsing_util::INVALID);
247 lists->push_back(SBListChunkRanges(listname));
248 lists->back().adds.swap(adds[i]);
249 lists->back().subs.swap(subs[i]);
250 }
251 }
252
253 void UpdateChunkRangesForLists(SafeBrowsingStore* store,
254 const std::string& listname0,
255 const std::string& listname1,
256 std::vector<SBListChunkRanges>* lists) {
257 std::vector<std::string> listnames;
258 listnames.push_back(listname0);
259 listnames.push_back(listname1);
260 UpdateChunkRanges(store, listnames, lists);
261 }
262
263 void UpdateChunkRangesForList(SafeBrowsingStore* store,
264 const std::string& listname,
265 std::vector<SBListChunkRanges>* lists) {
266 UpdateChunkRanges(store, std::vector<std::string>(1, listname), lists);
267 }
268
269 // This code always checks for non-zero file size. This helper makes
270 // that less verbose.
271 int64 GetFileSizeOrZero(const base::FilePath& file_path) {
272 int64 size_64;
273 if (!base::GetFileSize(file_path, &size_64))
274 return 0;
275 return size_64;
276 }
277
278 // Helper for PrefixSetContainsUrlHashes(). Returns true if an un-expired match
279 // for |full_hash| is found in |cache|, with any matches appended to |results|
280 // (true can be returned with zero matches). |expire_base| is used to check the
281 // cache lifetime of matches, expired matches will be discarded from |cache|.
282 bool GetCachedFullHash(std::map<SBPrefix, SBCachedFullHashResult>* cache,
283 const SBFullHash& full_hash,
284 const base::Time& expire_base,
285 std::vector<SBFullHashResult>* results) {
286 // First check if there is a valid cached result for this prefix.
287 std::map<SBPrefix, SBCachedFullHashResult>::iterator
288 citer = cache->find(full_hash.prefix);
289 if (citer == cache->end())
290 return false;
291
292 // Remove expired entries.
293 SBCachedFullHashResult& cached_result = citer->second;
294 if (cached_result.expire_after <= expire_base) {
295 cache->erase(citer);
296 return false;
297 }
298
299 // Find full-hash matches.
300 std::vector<SBFullHashResult>& cached_hashes = cached_result.full_hashes;
301 for (size_t i = 0; i < cached_hashes.size(); ++i) {
302 if (SBFullHashEqual(full_hash, cached_hashes[i].hash))
303 results->push_back(cached_hashes[i]);
304 }
305
306 return true;
307 }
308
309 SafeBrowsingStoreFile* CreateStore(
310 bool enable,
311 const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
312 if (!enable)
313 return nullptr;
314 return new SafeBrowsingStoreFile(task_runner);
315 }
316
317 } // namespace
318
319 // The default SafeBrowsingDatabaseFactory.
320 class SafeBrowsingDatabaseFactoryImpl : public SafeBrowsingDatabaseFactory {
321 public:
322 SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
323 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
324 bool enable_download_protection,
325 bool enable_client_side_whitelist,
326 bool enable_download_whitelist,
327 bool enable_extension_blacklist,
328 bool enable_ip_blacklist,
329 bool enable_unwanted_software_list) override {
330 return new SafeBrowsingDatabaseNew(
331 db_task_runner, CreateStore(true, db_task_runner), // browse_store
332 CreateStore(enable_download_protection, db_task_runner),
333 CreateStore(enable_client_side_whitelist, db_task_runner),
334 CreateStore(enable_download_whitelist, db_task_runner),
335 CreateStore(true, db_task_runner), // inclusion_whitelist_store
336 CreateStore(enable_extension_blacklist, db_task_runner),
337 CreateStore(enable_ip_blacklist, db_task_runner),
338 CreateStore(enable_unwanted_software_list, db_task_runner));
339 }
340
341 SafeBrowsingDatabaseFactoryImpl() { }
342
343 private:
344 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl);
345 };
346
347 // static
348 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL;
349
350 // Factory method, should be called on the Safe Browsing sequenced task runner,
351 // which is also passed to the function as |current_task_runner|.
352 // TODO(shess): There's no need for a factory any longer. Convert
353 // SafeBrowsingDatabaseNew to SafeBrowsingDatabase, and have Create()
354 // callers just construct things directly.
355 SafeBrowsingDatabase* SafeBrowsingDatabase::Create(
356 const scoped_refptr<base::SequencedTaskRunner>& current_task_runner,
357 bool enable_download_protection,
358 bool enable_client_side_whitelist,
359 bool enable_download_whitelist,
360 bool enable_extension_blacklist,
361 bool enable_ip_blacklist,
362 bool enable_unwanted_software_list) {
363 DCHECK(current_task_runner->RunsTasksOnCurrentThread());
364 if (!factory_)
365 factory_ = new SafeBrowsingDatabaseFactoryImpl();
366 return factory_->CreateSafeBrowsingDatabase(
367 current_task_runner, enable_download_protection,
368 enable_client_side_whitelist, enable_download_whitelist,
369 enable_extension_blacklist, enable_ip_blacklist,
370 enable_unwanted_software_list);
371 }
372
373 SafeBrowsingDatabase::~SafeBrowsingDatabase() {
374 }
375
376 // static
377 base::FilePath SafeBrowsingDatabase::BrowseDBFilename(
378 const base::FilePath& db_base_filename) {
379 return base::FilePath(db_base_filename.value() + kBrowseDBFile);
380 }
381
382 // static
383 base::FilePath SafeBrowsingDatabase::DownloadDBFilename(
384 const base::FilePath& db_base_filename) {
385 return base::FilePath(db_base_filename.value() + kDownloadDBFile);
386 }
387
388 // static
389 base::FilePath SafeBrowsingDatabase::BloomFilterForFilename(
390 const base::FilePath& db_filename) {
391 return base::FilePath(db_filename.value() + kBloomFilterFileSuffix);
392 }
393
394 // static
395 base::FilePath SafeBrowsingDatabase::PrefixSetForFilename(
396 const base::FilePath& db_filename) {
397 return base::FilePath(db_filename.value() + kPrefixSetFileSuffix);
398 }
399
400 // static
401 base::FilePath SafeBrowsingDatabase::CsdWhitelistDBFilename(
402 const base::FilePath& db_filename) {
403 return base::FilePath(db_filename.value() + kCsdWhitelistDBFile);
404 }
405
406 // static
407 base::FilePath SafeBrowsingDatabase::DownloadWhitelistDBFilename(
408 const base::FilePath& db_filename) {
409 return base::FilePath(db_filename.value() + kDownloadWhitelistDBFile);
410 }
411
412 // static
413 base::FilePath SafeBrowsingDatabase::InclusionWhitelistDBFilename(
414 const base::FilePath& db_filename) {
415 return base::FilePath(db_filename.value() + kInclusionWhitelistDBFile);
416 }
417
418 // static
419 base::FilePath SafeBrowsingDatabase::ExtensionBlacklistDBFilename(
420 const base::FilePath& db_filename) {
421 return base::FilePath(db_filename.value() + kExtensionBlacklistDBFile);
422 }
423
424 // static
425 base::FilePath SafeBrowsingDatabase::SideEffectFreeWhitelistDBFilename(
426 const base::FilePath& db_filename) {
427 return base::FilePath(db_filename.value() + kSideEffectFreeWhitelistDBFile);
428 }
429
430 // static
431 base::FilePath SafeBrowsingDatabase::IpBlacklistDBFilename(
432 const base::FilePath& db_filename) {
433 return base::FilePath(db_filename.value() + kIPBlacklistDBFile);
434 }
435
436 // static
437 base::FilePath SafeBrowsingDatabase::UnwantedSoftwareDBFilename(
438 const base::FilePath& db_filename) {
439 return base::FilePath(db_filename.value() + kUnwantedSoftwareDBFile);
440 }
441
442 // static
443 void SafeBrowsingDatabase::GetDownloadUrlPrefixes(
444 const std::vector<GURL>& urls,
445 std::vector<SBPrefix>* prefixes) {
446 std::vector<SBFullHash> full_hashes;
447 for (size_t i = 0; i < urls.size(); ++i)
448 UrlToFullHashes(urls[i], false, &full_hashes);
449
450 for (size_t i = 0; i < full_hashes.size(); ++i)
451 prefixes->push_back(full_hashes[i].prefix);
452 }
453
454 SafeBrowsingStore* SafeBrowsingDatabaseNew::GetStore(const int list_id) {
455 // Stores are not thread safe.
456 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
457
458 if (list_id == safe_browsing_util::PHISH ||
459 list_id == safe_browsing_util::MALWARE) {
460 return browse_store_.get();
461 } else if (list_id == safe_browsing_util::BINURL) {
462 return download_store_.get();
463 } else if (list_id == safe_browsing_util::CSDWHITELIST) {
464 return csd_whitelist_store_.get();
465 } else if (list_id == safe_browsing_util::DOWNLOADWHITELIST) {
466 return download_whitelist_store_.get();
467 } else if (list_id == safe_browsing_util::INCLUSIONWHITELIST) {
468 return inclusion_whitelist_store_.get();
469 } else if (list_id == safe_browsing_util::EXTENSIONBLACKLIST) {
470 return extension_blacklist_store_.get();
471 } else if (list_id == safe_browsing_util::IPBLACKLIST) {
472 return ip_blacklist_store_.get();
473 } else if (list_id == safe_browsing_util::UNWANTEDURL) {
474 return unwanted_software_store_.get();
475 }
476 return NULL;
477 }
478
479 // static
480 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) {
481 UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
482 FAILURE_DATABASE_MAX);
483 }
484
485 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::ReadTransaction {
486 public:
487 const SBWhitelist* GetSBWhitelist(SBWhitelistId id) {
488 switch (id) {
489 case SBWhitelistId::CSD:
490 return &outer_->csd_whitelist_;
491 case SBWhitelistId::DOWNLOAD:
492 return &outer_->download_whitelist_;
493 case SBWhitelistId::INCLUSION:
494 return &outer_->inclusion_whitelist_;
495 }
496 NOTREACHED();
497 return nullptr;
498 }
499
500 const IPBlacklist* ip_blacklist() { return &outer_->ip_blacklist_; }
501
502 const PrefixSet* GetPrefixSet(PrefixSetId id) {
503 switch (id) {
504 case PrefixSetId::BROWSE:
505 return outer_->browse_prefix_set_.get();
506 case PrefixSetId::UNWANTED_SOFTWARE:
507 return outer_->unwanted_software_prefix_set_.get();
508 }
509 NOTREACHED();
510 return nullptr;
511 }
512
513 PrefixGetHashCache* prefix_gethash_cache() {
514 // The cache is special: it is read/write on all threads. Access to it
515 // therefore requires a LOCK'ed transaction (i.e. it can't benefit from
516 // DONT_LOCK_ON_MAIN_THREAD).
517 DCHECK(transaction_lock_);
518 return &outer_->prefix_gethash_cache_;
519 }
520
521 private:
522 // Only ThreadSafeStateManager is allowed to build a ReadTransaction.
523 friend class ThreadSafeStateManager;
524
525 enum class AutoLockRequirement {
526 LOCK,
527 // SBWhitelist's, IPBlacklist's, and PrefixSet's (not caches) are only
528 // ever written to on the main task runner (as enforced by
529 // ThreadSafeStateManager) and can therefore be read on the main task
530 // runner without first acquiring |lock_|.
531 DONT_LOCK_ON_MAIN_TASK_RUNNER
532 };
533
534 ReadTransaction(const ThreadSafeStateManager* outer,
535 AutoLockRequirement auto_lock_requirement)
536 : outer_(outer) {
537 DCHECK(outer_);
538 if (auto_lock_requirement == AutoLockRequirement::LOCK)
539 transaction_lock_.reset(new base::AutoLock(outer_->lock_));
540 else
541 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
542 }
543
544 const ThreadSafeStateManager* outer_;
545 scoped_ptr<base::AutoLock> transaction_lock_;
546
547 DISALLOW_COPY_AND_ASSIGN(ReadTransaction);
548 };
549
550 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::WriteTransaction {
551 public:
552 // Call this method if an error occured with the given whitelist. This will
553 // result in all lookups to the whitelist to return true.
554 void WhitelistEverything(SBWhitelistId id) {
555 SBWhitelist* whitelist = SBWhitelistForId(id);
556 whitelist->second = true;
557 whitelist->first.clear();
558 }
559
560 void SwapSBWhitelist(SBWhitelistId id,
561 std::vector<SBFullHash>* new_whitelist) {
562 SBWhitelist* whitelist = SBWhitelistForId(id);
563 whitelist->second = false;
564 whitelist->first.swap(*new_whitelist);
565 }
566
567 void clear_ip_blacklist() { outer_->ip_blacklist_.clear(); }
568
569 void swap_ip_blacklist(IPBlacklist* new_blacklist) {
570 outer_->ip_blacklist_.swap(*new_blacklist);
571 }
572
573 void SwapPrefixSet(PrefixSetId id,
574 scoped_ptr<const PrefixSet> new_prefix_set) {
575 switch (id) {
576 case PrefixSetId::BROWSE:
577 outer_->browse_prefix_set_.swap(new_prefix_set);
578 break;
579 case PrefixSetId::UNWANTED_SOFTWARE:
580 outer_->unwanted_software_prefix_set_.swap(new_prefix_set);
581 break;
582 }
583 }
584
585 void clear_prefix_gethash_cache() { outer_->prefix_gethash_cache_.clear(); }
586
587 private:
588 // Only ThreadSafeStateManager is allowed to build a WriteTransaction.
589 friend class ThreadSafeStateManager;
590
591 explicit WriteTransaction(ThreadSafeStateManager* outer)
592 : outer_(outer), transaction_lock_(outer_->lock_) {
593 DCHECK(outer_);
594 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
595 }
596
597 SBWhitelist* SBWhitelistForId(SBWhitelistId id) {
598 switch (id) {
599 case SBWhitelistId::CSD:
600 return &outer_->csd_whitelist_;
601 case SBWhitelistId::DOWNLOAD:
602 return &outer_->download_whitelist_;
603 case SBWhitelistId::INCLUSION:
604 return &outer_->inclusion_whitelist_;
605 }
606 NOTREACHED();
607 return nullptr;
608 }
609
610 ThreadSafeStateManager* outer_;
611 base::AutoLock transaction_lock_;
612
613 DISALLOW_COPY_AND_ASSIGN(WriteTransaction);
614 };
615
616 SafeBrowsingDatabaseNew::ThreadSafeStateManager::ThreadSafeStateManager(
617 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
618 : db_task_runner_(db_task_runner) {
619 }
620
621 SafeBrowsingDatabaseNew::ThreadSafeStateManager::~ThreadSafeStateManager() {
622 }
623
624 SafeBrowsingDatabaseNew::DatabaseStateManager::DatabaseStateManager(
625 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
626 : db_task_runner_(db_task_runner),
627 corruption_detected_(false),
628 change_detected_(false) {
629 }
630
631 SafeBrowsingDatabaseNew::DatabaseStateManager::~DatabaseStateManager() {
632 }
633
634 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction>
635 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginReadTransaction() {
636 return make_scoped_ptr(
637 new ReadTransaction(this, ReadTransaction::AutoLockRequirement::LOCK));
638 }
639
640 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction> SafeBrowsingDatabaseNew::
641 ThreadSafeStateManager::BeginReadTransactionNoLockOnMainTaskRunner() {
642 return make_scoped_ptr(new ReadTransaction(
643 this,
644 ReadTransaction::AutoLockRequirement::DONT_LOCK_ON_MAIN_TASK_RUNNER));
645 }
646
647 scoped_ptr<SafeBrowsingDatabaseNew::WriteTransaction>
648 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginWriteTransaction() {
649 return make_scoped_ptr(new WriteTransaction(this));
650 }
651
652 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew(
653 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
654 SafeBrowsingStore* browse_store,
655 SafeBrowsingStore* download_store,
656 SafeBrowsingStore* csd_whitelist_store,
657 SafeBrowsingStore* download_whitelist_store,
658 SafeBrowsingStore* inclusion_whitelist_store,
659 SafeBrowsingStore* extension_blacklist_store,
660 SafeBrowsingStore* ip_blacklist_store,
661 SafeBrowsingStore* unwanted_software_store)
662 : db_task_runner_(db_task_runner),
663 state_manager_(db_task_runner_),
664 db_state_manager_(db_task_runner_),
665 browse_store_(browse_store),
666 download_store_(download_store),
667 csd_whitelist_store_(csd_whitelist_store),
668 download_whitelist_store_(download_whitelist_store),
669 inclusion_whitelist_store_(inclusion_whitelist_store),
670 extension_blacklist_store_(extension_blacklist_store),
671 ip_blacklist_store_(ip_blacklist_store),
672 unwanted_software_store_(unwanted_software_store),
673 reset_factory_(this) {
674 DCHECK(browse_store_.get());
675 }
676
677 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() {
678 // The DCHECK is disabled due to crbug.com/338486 .
679 // DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
680 }
681
682 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) {
683 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
684
685 db_state_manager_.init_filename_base(filename_base);
686
687 // TODO(shess): The various stores are really only necessary while doing
688 // updates (see |UpdateFinished()|) or when querying a store directly (see
689 // |ContainsDownloadUrl()|).
690 // The store variables are also tested to see if a list is enabled. Perhaps
691 // the stores could be refactored into an update object so that they are only
692 // live in memory while being actively used. The sense of enabled probably
693 // belongs in protocol_manager or database_manager.
694
695 {
696 // NOTE: A transaction here is overkill as there are no pointers to this
697 // class on other threads until this function returns, but it's also
698 // harmless as that also means there is no possibility of contention on the
699 // lock.
700 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
701
702 txn->clear_prefix_gethash_cache();
703
704 browse_store_->Init(
705 BrowseDBFilename(db_state_manager_.filename_base()),
706 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
707 base::Unretained(this)));
708
709 if (unwanted_software_store_.get()) {
710 unwanted_software_store_->Init(
711 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
712 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
713 base::Unretained(this)));
714 }
715 LoadPrefixSet(BrowseDBFilename(db_state_manager_.filename_base()),
716 txn.get(), PrefixSetId::BROWSE,
717 FAILURE_BROWSE_PREFIX_SET_READ);
718 if (unwanted_software_store_.get()) {
719 LoadPrefixSet(
720 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
721 txn.get(), PrefixSetId::UNWANTED_SOFTWARE,
722 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ);
723 }
724
725 // Delete any files of the side-effect free sidelist that may be around
726 // from when it was previously enabled.
727 //
728 // TODO(davidben): Remove this after April 15, 2016.
729 SafeBrowsingStoreFile::DeleteStore(
730 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()));
731 base::DeleteFile(PrefixSetForFilename(SideEffectFreeWhitelistDBFilename(
732 db_state_manager_.filename_base())),
733 false);
734 }
735 // Note: End the transaction early because LoadWhiteList() and
736 // WhitelistEverything() manage their own transactions.
737
738 if (download_store_.get()) {
739 download_store_->Init(
740 DownloadDBFilename(db_state_manager_.filename_base()),
741 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
742 base::Unretained(this)));
743 }
744
745 if (csd_whitelist_store_.get()) {
746 csd_whitelist_store_->Init(
747 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
748 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
749 base::Unretained(this)));
750
751 std::vector<SBAddFullHash> full_hashes;
752 if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) {
753 LoadWhitelist(full_hashes, SBWhitelistId::CSD);
754 } else {
755 state_manager_.BeginWriteTransaction()->WhitelistEverything(
756 SBWhitelistId::CSD);
757 }
758 } else {
759 state_manager_.BeginWriteTransaction()->WhitelistEverything(
760 SBWhitelistId::CSD); // Just to be safe.
761 }
762
763 if (download_whitelist_store_.get()) {
764 download_whitelist_store_->Init(
765 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
766 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
767 base::Unretained(this)));
768
769 std::vector<SBAddFullHash> full_hashes;
770 if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) {
771 LoadWhitelist(full_hashes, SBWhitelistId::DOWNLOAD);
772 } else {
773 state_manager_.BeginWriteTransaction()->WhitelistEverything(
774 SBWhitelistId::DOWNLOAD);
775 }
776 } else {
777 state_manager_.BeginWriteTransaction()->WhitelistEverything(
778 SBWhitelistId::DOWNLOAD); // Just to be safe.
779 }
780
781 if (inclusion_whitelist_store_.get()) {
782 inclusion_whitelist_store_->Init(
783 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
784 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
785 base::Unretained(this)));
786
787 std::vector<SBAddFullHash> full_hashes;
788 if (inclusion_whitelist_store_->GetAddFullHashes(&full_hashes)) {
789 LoadWhitelist(full_hashes, SBWhitelistId::INCLUSION);
790 } else {
791 state_manager_.BeginWriteTransaction()->WhitelistEverything(
792 SBWhitelistId::INCLUSION);
793 }
794 } else {
795 state_manager_.BeginWriteTransaction()->WhitelistEverything(
796 SBWhitelistId::INCLUSION); // Just to be safe.
797 }
798
799 if (extension_blacklist_store_.get()) {
800 extension_blacklist_store_->Init(
801 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
802 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
803 base::Unretained(this)));
804 }
805
806 if (ip_blacklist_store_.get()) {
807 ip_blacklist_store_->Init(
808 IpBlacklistDBFilename(db_state_manager_.filename_base()),
809 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
810 base::Unretained(this)));
811
812 std::vector<SBAddFullHash> full_hashes;
813 if (ip_blacklist_store_->GetAddFullHashes(&full_hashes)) {
814 LoadIpBlacklist(full_hashes);
815 } else {
816 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
817 }
818 }
819 }
820
821 bool SafeBrowsingDatabaseNew::ResetDatabase() {
822 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
823
824 // Delete files on disk.
825 // TODO(shess): Hard to see where one might want to delete without a
826 // reset. Perhaps inline |Delete()|?
827 if (!Delete())
828 return false;
829
830 // Reset objects in memory.
831 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
832 txn->clear_prefix_gethash_cache();
833 txn->SwapPrefixSet(PrefixSetId::BROWSE, nullptr);
834 txn->SwapPrefixSet(PrefixSetId::UNWANTED_SOFTWARE, nullptr);
835 txn->clear_ip_blacklist();
836 txn->WhitelistEverything(SBWhitelistId::CSD);
837 txn->WhitelistEverything(SBWhitelistId::DOWNLOAD);
838 return true;
839 }
840
841 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl(
842 const GURL& url,
843 std::vector<SBPrefix>* prefix_hits,
844 std::vector<SBFullHashResult>* cache_hits) {
845 return PrefixSetContainsUrl(url, PrefixSetId::BROWSE, prefix_hits,
846 cache_hits);
847 }
848
849 bool SafeBrowsingDatabaseNew::ContainsUnwantedSoftwareUrl(
850 const GURL& url,
851 std::vector<SBPrefix>* prefix_hits,
852 std::vector<SBFullHashResult>* cache_hits) {
853 return PrefixSetContainsUrl(url, PrefixSetId::UNWANTED_SOFTWARE, prefix_hits,
854 cache_hits);
855 }
856
857 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrl(
858 const GURL& url,
859 PrefixSetId prefix_set_id,
860 std::vector<SBPrefix>* prefix_hits,
861 std::vector<SBFullHashResult>* cache_hits) {
862 // Clear the results first.
863 prefix_hits->clear();
864 cache_hits->clear();
865
866 std::vector<SBFullHash> full_hashes;
867 UrlToFullHashes(url, false, &full_hashes);
868 if (full_hashes.empty())
869 return false;
870
871 return PrefixSetContainsUrlHashes(full_hashes, prefix_set_id, prefix_hits,
872 cache_hits);
873 }
874
875 bool SafeBrowsingDatabaseNew::ContainsBrowseUrlHashesForTesting(
876 const std::vector<SBFullHash>& full_hashes,
877 std::vector<SBPrefix>* prefix_hits,
878 std::vector<SBFullHashResult>* cache_hits) {
879 return PrefixSetContainsUrlHashes(full_hashes, PrefixSetId::BROWSE,
880 prefix_hits, cache_hits);
881 }
882
883 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrlHashes(
884 const std::vector<SBFullHash>& full_hashes,
885 PrefixSetId prefix_set_id,
886 std::vector<SBPrefix>* prefix_hits,
887 std::vector<SBFullHashResult>* cache_hits) {
888 // Used to determine cache expiration.
889 const base::Time now = base::Time::Now();
890
891 {
892 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
893
894 // |prefix_set| is empty until it is either read from disk, or the first
895 // update populates it. Bail out without a hit if not yet available.
896 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
897 if (!prefix_set)
898 return false;
899
900 for (size_t i = 0; i < full_hashes.size(); ++i) {
901 if (!GetCachedFullHash(txn->prefix_gethash_cache(), full_hashes[i], now,
902 cache_hits)) {
903 // No valid cached result, check the database.
904 if (prefix_set->Exists(full_hashes[i]))
905 prefix_hits->push_back(full_hashes[i].prefix);
906 }
907 }
908 }
909
910 // Multiple full hashes could share prefix, remove duplicates.
911 std::sort(prefix_hits->begin(), prefix_hits->end());
912 prefix_hits->erase(std::unique(prefix_hits->begin(), prefix_hits->end()),
913 prefix_hits->end());
914
915 return !prefix_hits->empty() || !cache_hits->empty();
916 }
917
918 bool SafeBrowsingDatabaseNew::ContainsDownloadUrlPrefixes(
919 const std::vector<SBPrefix>& prefixes,
920 std::vector<SBPrefix>* prefix_hits) {
921 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
922
923 // Ignore this check when download checking is not enabled.
924 if (!download_store_.get())
925 return false;
926
927 return MatchAddPrefixes(download_store_.get(),
928 safe_browsing_util::BINURL % 2,
929 prefixes,
930 prefix_hits);
931 }
932
933 bool SafeBrowsingDatabaseNew::ContainsCsdWhitelistedUrl(const GURL& url) {
934 std::vector<SBFullHash> full_hashes;
935 UrlToFullHashes(url, true, &full_hashes);
936 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
937 }
938
939 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedUrl(const GURL& url) {
940 std::vector<SBFullHash> full_hashes;
941 UrlToFullHashes(url, true, &full_hashes);
942 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, full_hashes);
943 }
944
945 bool SafeBrowsingDatabaseNew::ContainsInclusionWhitelistedUrl(const GURL& url) {
946 std::vector<SBFullHash> full_hashes;
947 UrlToFullHashes(url, true, &full_hashes);
948 return ContainsWhitelistedHashes(SBWhitelistId::INCLUSION, full_hashes);
949 }
950
951 bool SafeBrowsingDatabaseNew::ContainsExtensionPrefixes(
952 const std::vector<SBPrefix>& prefixes,
953 std::vector<SBPrefix>* prefix_hits) {
954 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
955
956 if (!extension_blacklist_store_)
957 return false;
958
959 return MatchAddPrefixes(extension_blacklist_store_.get(),
960 safe_browsing_util::EXTENSIONBLACKLIST % 2,
961 prefixes,
962 prefix_hits);
963 }
964
965 bool SafeBrowsingDatabaseNew::ContainsMalwareIP(const std::string& ip_address) {
966 net::IPAddressNumber ip_number;
967 if (!net::ParseIPLiteralToNumber(ip_address, &ip_number))
968 return false;
969 if (ip_number.size() == net::kIPv4AddressSize)
970 ip_number = net::ConvertIPv4NumberToIPv6Number(ip_number);
971 if (ip_number.size() != net::kIPv6AddressSize)
972 return false; // better safe than sorry.
973
974 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
975 const IPBlacklist* ip_blacklist = txn->ip_blacklist();
976 for (IPBlacklist::const_iterator it = ip_blacklist->begin();
977 it != ip_blacklist->end(); ++it) {
978 const std::string& mask = it->first;
979 DCHECK_EQ(mask.size(), ip_number.size());
980 std::string subnet(net::kIPv6AddressSize, '\0');
981 for (size_t i = 0; i < net::kIPv6AddressSize; ++i) {
982 subnet[i] = ip_number[i] & mask[i];
983 }
984 const std::string hash = base::SHA1HashString(subnet);
985 DVLOG(2) << "Lookup Malware IP: "
986 << " ip:" << ip_address
987 << " mask:" << base::HexEncode(mask.data(), mask.size())
988 << " subnet:" << base::HexEncode(subnet.data(), subnet.size())
989 << " hash:" << base::HexEncode(hash.data(), hash.size());
990 if (it->second.count(hash) > 0) {
991 return true;
992 }
993 }
994 return false;
995 }
996
997 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString(
998 const std::string& str) {
999 std::vector<SBFullHash> hashes;
1000 hashes.push_back(SBFullHashForString(str));
1001 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, hashes);
1002 }
1003
1004 bool SafeBrowsingDatabaseNew::ContainsWhitelistedHashes(
1005 SBWhitelistId whitelist_id,
1006 const std::vector<SBFullHash>& hashes) {
1007 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1008 const SBWhitelist* whitelist = txn->GetSBWhitelist(whitelist_id);
1009 if (whitelist->second)
1010 return true;
1011 for (std::vector<SBFullHash>::const_iterator it = hashes.begin();
1012 it != hashes.end(); ++it) {
1013 if (std::binary_search(whitelist->first.begin(), whitelist->first.end(),
1014 *it, SBFullHashLess)) {
1015 return true;
1016 }
1017 }
1018 return false;
1019 }
1020
1021 // Helper to insert add-chunk entries.
1022 void SafeBrowsingDatabaseNew::InsertAddChunk(
1023 SafeBrowsingStore* store,
1024 const safe_browsing_util::ListType list_id,
1025 const SBChunkData& chunk_data) {
1026 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1027 DCHECK(store);
1028
1029 // The server can give us a chunk that we already have because
1030 // it's part of a range. Don't add it again.
1031 const int chunk_id = chunk_data.ChunkNumber();
1032 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1033 if (store->CheckAddChunk(encoded_chunk_id))
1034 return;
1035
1036 store->SetAddChunk(encoded_chunk_id);
1037 if (chunk_data.IsPrefix()) {
1038 const size_t c = chunk_data.PrefixCount();
1039 for (size_t i = 0; i < c; ++i) {
1040 store->WriteAddPrefix(encoded_chunk_id, chunk_data.PrefixAt(i));
1041 }
1042 } else {
1043 const size_t c = chunk_data.FullHashCount();
1044 for (size_t i = 0; i < c; ++i) {
1045 store->WriteAddHash(encoded_chunk_id, chunk_data.FullHashAt(i));
1046 }
1047 }
1048 }
1049
1050 // Helper to insert sub-chunk entries.
1051 void SafeBrowsingDatabaseNew::InsertSubChunk(
1052 SafeBrowsingStore* store,
1053 const safe_browsing_util::ListType list_id,
1054 const SBChunkData& chunk_data) {
1055 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1056 DCHECK(store);
1057
1058 // The server can give us a chunk that we already have because
1059 // it's part of a range. Don't add it again.
1060 const int chunk_id = chunk_data.ChunkNumber();
1061 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1062 if (store->CheckSubChunk(encoded_chunk_id))
1063 return;
1064
1065 store->SetSubChunk(encoded_chunk_id);
1066 if (chunk_data.IsPrefix()) {
1067 const size_t c = chunk_data.PrefixCount();
1068 for (size_t i = 0; i < c; ++i) {
1069 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1070 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1071 store->WriteSubPrefix(encoded_chunk_id, encoded_add_chunk_id,
1072 chunk_data.PrefixAt(i));
1073 }
1074 } else {
1075 const size_t c = chunk_data.FullHashCount();
1076 for (size_t i = 0; i < c; ++i) {
1077 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1078 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1079 store->WriteSubHash(encoded_chunk_id, encoded_add_chunk_id,
1080 chunk_data.FullHashAt(i));
1081 }
1082 }
1083 }
1084
1085 void SafeBrowsingDatabaseNew::InsertChunks(
1086 const std::string& list_name,
1087 const std::vector<SBChunkData*>& chunks) {
1088 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1089
1090 if (db_state_manager_.corruption_detected() || chunks.empty())
1091 return;
1092
1093 const base::TimeTicks before = base::TimeTicks::Now();
1094
1095 // TODO(shess): The caller should just pass list_id.
1096 const safe_browsing_util::ListType list_id =
1097 safe_browsing_util::GetListId(list_name);
1098
1099 SafeBrowsingStore* store = GetStore(list_id);
1100 if (!store) return;
1101
1102 db_state_manager_.set_change_detected();
1103
1104 // TODO(shess): I believe that the list is always add or sub. Can this use
1105 // that productively?
1106 store->BeginChunk();
1107 for (size_t i = 0; i < chunks.size(); ++i) {
1108 if (chunks[i]->IsAdd()) {
1109 InsertAddChunk(store, list_id, *chunks[i]);
1110 } else if (chunks[i]->IsSub()) {
1111 InsertSubChunk(store, list_id, *chunks[i]);
1112 } else {
1113 NOTREACHED();
1114 }
1115 }
1116 store->FinishChunk();
1117
1118 UMA_HISTOGRAM_TIMES("SB2.ChunkInsert", base::TimeTicks::Now() - before);
1119 }
1120
1121 void SafeBrowsingDatabaseNew::DeleteChunks(
1122 const std::vector<SBChunkDelete>& chunk_deletes) {
1123 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1124
1125 if (db_state_manager_.corruption_detected() || chunk_deletes.empty())
1126 return;
1127
1128 const std::string& list_name = chunk_deletes.front().list_name;
1129 const safe_browsing_util::ListType list_id =
1130 safe_browsing_util::GetListId(list_name);
1131
1132 SafeBrowsingStore* store = GetStore(list_id);
1133 if (!store) return;
1134
1135 db_state_manager_.set_change_detected();
1136
1137 for (size_t i = 0; i < chunk_deletes.size(); ++i) {
1138 std::vector<int> chunk_numbers;
1139 RangesToChunks(chunk_deletes[i].chunk_del, &chunk_numbers);
1140 for (size_t j = 0; j < chunk_numbers.size(); ++j) {
1141 const int encoded_chunk_id = EncodeChunkId(chunk_numbers[j], list_id);
1142 if (chunk_deletes[i].is_sub_del)
1143 store->DeleteSubChunk(encoded_chunk_id);
1144 else
1145 store->DeleteAddChunk(encoded_chunk_id);
1146 }
1147 }
1148 }
1149
1150 void SafeBrowsingDatabaseNew::CacheHashResults(
1151 const std::vector<SBPrefix>& prefixes,
1152 const std::vector<SBFullHashResult>& full_hits,
1153 const base::TimeDelta& cache_lifetime) {
1154 const base::Time expire_after = base::Time::Now() + cache_lifetime;
1155
1156 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1157 PrefixGetHashCache* prefix_gethash_cache = txn->prefix_gethash_cache();
1158
1159 // Create or reset all cached results for these prefixes.
1160 for (size_t i = 0; i < prefixes.size(); ++i) {
1161 (*prefix_gethash_cache)[prefixes[i]] = SBCachedFullHashResult(expire_after);
1162 }
1163
1164 // Insert any fullhash hits. Note that there may be one, multiple, or no
1165 // fullhashes for any given entry in |prefixes|.
1166 for (size_t i = 0; i < full_hits.size(); ++i) {
1167 const SBPrefix prefix = full_hits[i].hash.prefix;
1168 (*prefix_gethash_cache)[prefix].full_hashes.push_back(full_hits[i]);
1169 }
1170 }
1171
1172 bool SafeBrowsingDatabaseNew::UpdateStarted(
1173 std::vector<SBListChunkRanges>* lists) {
1174 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1175 DCHECK(lists);
1176
1177 // If |BeginUpdate()| fails, reset the database.
1178 if (!browse_store_->BeginUpdate()) {
1179 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_BEGIN);
1180 HandleCorruptDatabase();
1181 return false;
1182 }
1183
1184 if (download_store_.get() && !download_store_->BeginUpdate()) {
1185 RecordFailure(FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN);
1186 HandleCorruptDatabase();
1187 return false;
1188 }
1189
1190 if (csd_whitelist_store_.get() && !csd_whitelist_store_->BeginUpdate()) {
1191 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1192 HandleCorruptDatabase();
1193 return false;
1194 }
1195
1196 if (download_whitelist_store_.get() &&
1197 !download_whitelist_store_->BeginUpdate()) {
1198 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1199 HandleCorruptDatabase();
1200 return false;
1201 }
1202
1203 if (inclusion_whitelist_store_.get() &&
1204 !inclusion_whitelist_store_->BeginUpdate()) {
1205 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1206 HandleCorruptDatabase();
1207 return false;
1208 }
1209
1210 if (extension_blacklist_store_ &&
1211 !extension_blacklist_store_->BeginUpdate()) {
1212 RecordFailure(FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN);
1213 HandleCorruptDatabase();
1214 return false;
1215 }
1216
1217 if (ip_blacklist_store_ && !ip_blacklist_store_->BeginUpdate()) {
1218 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_BEGIN);
1219 HandleCorruptDatabase();
1220 return false;
1221 }
1222
1223 if (unwanted_software_store_ && !unwanted_software_store_->BeginUpdate()) {
1224 RecordFailure(FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN);
1225 HandleCorruptDatabase();
1226 return false;
1227 }
1228
1229 // Cached fullhash results must be cleared on every database update (whether
1230 // successful or not).
1231 state_manager_.BeginWriteTransaction()->clear_prefix_gethash_cache();
1232
1233 UpdateChunkRangesForLists(browse_store_.get(),
1234 safe_browsing_util::kMalwareList,
1235 safe_browsing_util::kPhishingList,
1236 lists);
1237
1238 // NOTE(shess): |download_store_| used to contain kBinHashList, which has been
1239 // deprecated. Code to delete the list from the store shows ~15k hits/day as
1240 // of Feb 2014, so it has been removed. Everything _should_ be resilient to
1241 // extra data of that sort.
1242 UpdateChunkRangesForList(download_store_.get(),
1243 safe_browsing_util::kBinUrlList, lists);
1244
1245 UpdateChunkRangesForList(csd_whitelist_store_.get(),
1246 safe_browsing_util::kCsdWhiteList, lists);
1247
1248 UpdateChunkRangesForList(download_whitelist_store_.get(),
1249 safe_browsing_util::kDownloadWhiteList, lists);
1250
1251 UpdateChunkRangesForList(inclusion_whitelist_store_.get(),
1252 safe_browsing_util::kInclusionWhitelist, lists);
1253
1254 UpdateChunkRangesForList(extension_blacklist_store_.get(),
1255 safe_browsing_util::kExtensionBlacklist, lists);
1256
1257 UpdateChunkRangesForList(ip_blacklist_store_.get(),
1258 safe_browsing_util::kIPBlacklist, lists);
1259
1260 UpdateChunkRangesForList(unwanted_software_store_.get(),
1261 safe_browsing_util::kUnwantedUrlList,
1262 lists);
1263
1264 db_state_manager_.reset_corruption_detected();
1265 db_state_manager_.reset_change_detected();
1266 return true;
1267 }
1268
1269 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
1270 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1271
1272 // The update may have failed due to corrupt storage (for instance,
1273 // an excessive number of invalid add_chunks and sub_chunks).
1274 // Double-check that the databases are valid.
1275 // TODO(shess): Providing a checksum for the add_chunk and sub_chunk
1276 // sections would allow throwing a corruption error in
1277 // UpdateStarted().
1278 if (!update_succeeded) {
1279 if (!browse_store_->CheckValidity())
1280 DLOG(ERROR) << "Safe-browsing browse database corrupt.";
1281
1282 if (download_store_.get() && !download_store_->CheckValidity())
1283 DLOG(ERROR) << "Safe-browsing download database corrupt.";
1284
1285 if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity())
1286 DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt.";
1287
1288 if (download_whitelist_store_.get() &&
1289 !download_whitelist_store_->CheckValidity()) {
1290 DLOG(ERROR) << "Safe-browsing download whitelist database corrupt.";
1291 }
1292
1293 if (inclusion_whitelist_store_.get() &&
1294 !inclusion_whitelist_store_->CheckValidity()) {
1295 DLOG(ERROR) << "Safe-browsing inclusion whitelist database corrupt.";
1296 }
1297
1298 if (extension_blacklist_store_ &&
1299 !extension_blacklist_store_->CheckValidity()) {
1300 DLOG(ERROR) << "Safe-browsing extension blacklist database corrupt.";
1301 }
1302
1303 if (ip_blacklist_store_ && !ip_blacklist_store_->CheckValidity()) {
1304 DLOG(ERROR) << "Safe-browsing IP blacklist database corrupt.";
1305 }
1306
1307 if (unwanted_software_store_ &&
1308 !unwanted_software_store_->CheckValidity()) {
1309 DLOG(ERROR) << "Unwanted software url list database corrupt.";
1310 }
1311 }
1312
1313 if (db_state_manager_.corruption_detected())
1314 return;
1315
1316 // Unroll the transaction if there was a protocol error or if the
1317 // transaction was empty. This will leave the prefix set, the
1318 // pending hashes, and the prefix miss cache in place.
1319 if (!update_succeeded || !db_state_manager_.change_detected()) {
1320 // Track empty updates to answer questions at http://crbug.com/72216 .
1321 if (update_succeeded && !db_state_manager_.change_detected())
1322 UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
1323 browse_store_->CancelUpdate();
1324 if (download_store_.get())
1325 download_store_->CancelUpdate();
1326 if (csd_whitelist_store_.get())
1327 csd_whitelist_store_->CancelUpdate();
1328 if (download_whitelist_store_.get())
1329 download_whitelist_store_->CancelUpdate();
1330 if (inclusion_whitelist_store_.get())
1331 inclusion_whitelist_store_->CancelUpdate();
1332 if (extension_blacklist_store_)
1333 extension_blacklist_store_->CancelUpdate();
1334 if (ip_blacklist_store_)
1335 ip_blacklist_store_->CancelUpdate();
1336 if (unwanted_software_store_)
1337 unwanted_software_store_->CancelUpdate();
1338 return;
1339 }
1340
1341 if (download_store_) {
1342 UpdateHashPrefixStore(DownloadDBFilename(db_state_manager_.filename_base()),
1343 download_store_.get(),
1344 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
1345 }
1346
1347 UpdatePrefixSetUrlStore(BrowseDBFilename(db_state_manager_.filename_base()),
1348 browse_store_.get(), PrefixSetId::BROWSE,
1349 FAILURE_BROWSE_DATABASE_UPDATE_FINISH,
1350 FAILURE_BROWSE_PREFIX_SET_WRITE, true);
1351
1352 UpdateWhitelistStore(
1353 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
1354 csd_whitelist_store_.get(), SBWhitelistId::CSD);
1355 UpdateWhitelistStore(
1356 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
1357 download_whitelist_store_.get(), SBWhitelistId::DOWNLOAD);
1358 UpdateWhitelistStore(
1359 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
1360 inclusion_whitelist_store_.get(), SBWhitelistId::INCLUSION);
1361
1362 if (extension_blacklist_store_) {
1363 UpdateHashPrefixStore(
1364 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
1365 extension_blacklist_store_.get(),
1366 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH);
1367 }
1368
1369 if (ip_blacklist_store_)
1370 UpdateIpBlacklistStore();
1371
1372 if (unwanted_software_store_) {
1373 UpdatePrefixSetUrlStore(
1374 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
1375 unwanted_software_store_.get(), PrefixSetId::UNWANTED_SOFTWARE,
1376 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH,
1377 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE, true);
1378 }
1379 }
1380
1381 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
1382 const base::FilePath& store_filename,
1383 SafeBrowsingStore* store,
1384 SBWhitelistId whitelist_id) {
1385 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1386
1387 if (!store)
1388 return;
1389
1390 // Note: |builder| will not be empty. The current data store implementation
1391 // stores all full-length hashes as both full and prefix hashes.
1392 PrefixSetBuilder builder;
1393 std::vector<SBAddFullHash> full_hashes;
1394 if (!store->FinishUpdate(&builder, &full_hashes)) {
1395 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH);
1396 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1397 return;
1398 }
1399
1400 RecordFileSizeHistogram(store_filename);
1401
1402 #if defined(OS_MACOSX)
1403 base::mac::SetFileBackupExclusion(store_filename);
1404 #endif
1405
1406 LoadWhitelist(full_hashes, whitelist_id);
1407 }
1408
1409 void SafeBrowsingDatabaseNew::UpdateHashPrefixStore(
1410 const base::FilePath& store_filename,
1411 SafeBrowsingStore* store,
1412 FailureType failure_type) {
1413 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1414
1415 // These results are not used after this call. Simply ignore the
1416 // returned value after FinishUpdate(...).
1417 PrefixSetBuilder builder;
1418 std::vector<SBAddFullHash> add_full_hashes_result;
1419
1420 if (!store->FinishUpdate(&builder, &add_full_hashes_result))
1421 RecordFailure(failure_type);
1422
1423 RecordFileSizeHistogram(store_filename);
1424
1425 #if defined(OS_MACOSX)
1426 base::mac::SetFileBackupExclusion(store_filename);
1427 #endif
1428 }
1429
1430 void SafeBrowsingDatabaseNew::UpdatePrefixSetUrlStore(
1431 const base::FilePath& db_filename,
1432 SafeBrowsingStore* url_store,
1433 PrefixSetId prefix_set_id,
1434 FailureType finish_failure_type,
1435 FailureType write_failure_type,
1436 bool store_full_hashes_in_prefix_set) {
1437 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1438 DCHECK(url_store);
1439
1440 // Measure the amount of IO during the filter build.
1441 base::IoCounters io_before, io_after;
1442 base::ProcessHandle handle = base::GetCurrentProcessHandle();
1443 scoped_ptr<base::ProcessMetrics> metric(
1444 #if !defined(OS_MACOSX)
1445 base::ProcessMetrics::CreateProcessMetrics(handle)
1446 #else
1447 // Getting stats only for the current process is enough, so NULL is fine.
1448 base::ProcessMetrics::CreateProcessMetrics(handle, NULL)
1449 #endif
1450 );
1451
1452 // IoCounters are currently not supported on Mac, and may not be
1453 // available for Linux, so we check the result and only show IO
1454 // stats if they are available.
1455 const bool got_counters = metric->GetIOCounters(&io_before);
1456
1457 const base::TimeTicks before = base::TimeTicks::Now();
1458
1459 // TODO(shess): Perhaps refactor to let builder accumulate full hashes on the
1460 // fly? Other clients use the SBAddFullHash vector, but AFAICT they only use
1461 // the SBFullHash portion. It would need an accessor on PrefixSet.
1462 PrefixSetBuilder builder;
1463 std::vector<SBAddFullHash> add_full_hashes;
1464 if (!url_store->FinishUpdate(&builder, &add_full_hashes)) {
1465 RecordFailure(finish_failure_type);
1466 return;
1467 }
1468
1469 scoped_ptr<const PrefixSet> new_prefix_set;
1470 if (store_full_hashes_in_prefix_set) {
1471 std::vector<SBFullHash> full_hash_results;
1472 for (size_t i = 0; i < add_full_hashes.size(); ++i) {
1473 full_hash_results.push_back(add_full_hashes[i].full_hash);
1474 }
1475
1476 new_prefix_set = builder.GetPrefixSet(full_hash_results);
1477 } else {
1478 // TODO(gab): Ensure that stores which do not want full hashes just don't
1479 // have full hashes in the first place and remove
1480 // |store_full_hashes_in_prefix_set| and the code specialization incurred
1481 // here.
1482 new_prefix_set = builder.GetPrefixSetNoHashes();
1483 }
1484
1485 // Swap in the newly built filter.
1486 state_manager_.BeginWriteTransaction()->SwapPrefixSet(prefix_set_id,
1487 new_prefix_set.Pass());
1488
1489 UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before);
1490
1491 WritePrefixSet(db_filename, prefix_set_id, write_failure_type);
1492
1493 // Gather statistics.
1494 if (got_counters && metric->GetIOCounters(&io_after)) {
1495 UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes",
1496 static_cast<int>(io_after.ReadTransferCount -
1497 io_before.ReadTransferCount) / 1024);
1498 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes",
1499 static_cast<int>(io_after.WriteTransferCount -
1500 io_before.WriteTransferCount) / 1024);
1501 UMA_HISTOGRAM_COUNTS("SB2.BuildReadOperations",
1502 static_cast<int>(io_after.ReadOperationCount -
1503 io_before.ReadOperationCount));
1504 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteOperations",
1505 static_cast<int>(io_after.WriteOperationCount -
1506 io_before.WriteOperationCount));
1507 }
1508
1509 RecordFileSizeHistogram(db_filename);
1510
1511 #if defined(OS_MACOSX)
1512 base::mac::SetFileBackupExclusion(db_filename);
1513 #endif
1514 }
1515
1516 void SafeBrowsingDatabaseNew::UpdateIpBlacklistStore() {
1517 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1518
1519 // Note: prefixes will not be empty. The current data store implementation
1520 // stores all full-length hashes as both full and prefix hashes.
1521 PrefixSetBuilder builder;
1522 std::vector<SBAddFullHash> full_hashes;
1523 if (!ip_blacklist_store_->FinishUpdate(&builder, &full_hashes)) {
1524 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_FINISH);
1525 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
1526 return;
1527 }
1528
1529 const base::FilePath ip_blacklist_filename =
1530 IpBlacklistDBFilename(db_state_manager_.filename_base());
1531
1532 RecordFileSizeHistogram(ip_blacklist_filename);
1533
1534 #if defined(OS_MACOSX)
1535 base::mac::SetFileBackupExclusion(ip_blacklist_filename);
1536 #endif
1537
1538 LoadIpBlacklist(full_hashes);
1539 }
1540
1541 void SafeBrowsingDatabaseNew::HandleCorruptDatabase() {
1542 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1543
1544 // Reset the database after the current task has unwound (but only
1545 // reset once within the scope of a given task).
1546 if (!reset_factory_.HasWeakPtrs()) {
1547 RecordFailure(FAILURE_DATABASE_CORRUPT);
1548 db_task_runner_->PostTask(
1549 FROM_HERE, base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase,
1550 reset_factory_.GetWeakPtr()));
1551 }
1552 }
1553
1554 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() {
1555 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1556
1557 RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER);
1558 db_state_manager_.set_corruption_detected(); // Stop updating the database.
1559 ResetDatabase();
1560
1561 // NOTE(shess): ResetDatabase() should remove the corruption, so this should
1562 // only happen once. If you are here because you are hitting this after a
1563 // restart, then I would be very interested in working with you to figure out
1564 // what is happening, since it may affect real users.
1565 DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
1566 }
1567
1568 // TODO(shess): I'm not clear why this code doesn't have any
1569 // real error-handling.
1570 void SafeBrowsingDatabaseNew::LoadPrefixSet(const base::FilePath& db_filename,
1571 WriteTransaction* txn,
1572 PrefixSetId prefix_set_id,
1573 FailureType read_failure_type) {
1574 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1575 DCHECK(txn);
1576 DCHECK(!db_state_manager_.filename_base().empty());
1577
1578 // Only use the prefix set if database is present and non-empty.
1579 if (!GetFileSizeOrZero(db_filename))
1580 return;
1581
1582 // Cleanup any stale bloom filter (no longer used).
1583 // TODO(shess): Track existence to drive removal of this code?
1584 const base::FilePath bloom_filter_filename =
1585 BloomFilterForFilename(db_filename);
1586 base::DeleteFile(bloom_filter_filename, false);
1587
1588 const base::TimeTicks before = base::TimeTicks::Now();
1589 scoped_ptr<const PrefixSet> new_prefix_set =
1590 PrefixSet::LoadFile(PrefixSetForFilename(db_filename));
1591 if (!new_prefix_set.get())
1592 RecordFailure(read_failure_type);
1593 txn->SwapPrefixSet(prefix_set_id, new_prefix_set.Pass());
1594 UMA_HISTOGRAM_TIMES("SB2.PrefixSetLoad", base::TimeTicks::Now() - before);
1595 }
1596
1597 bool SafeBrowsingDatabaseNew::Delete() {
1598 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1599 DCHECK(!db_state_manager_.filename_base().empty());
1600
1601 // TODO(shess): This is a mess. SafeBrowsingFileStore::Delete() closes the
1602 // store before calling DeleteStore(). DeleteStore() deletes transient files
1603 // in addition to the main file. Probably all of these should be converted to
1604 // a helper which calls Delete() if the store exists, else DeleteStore() on
1605 // the generated filename.
1606
1607 // TODO(shess): Determine if the histograms are useful in any way. I cannot
1608 // recall any action taken as a result of their values, in which case it might
1609 // make more sense to histogram an overall thumbs-up/-down and just dig deeper
1610 // if something looks wrong.
1611
1612 const bool r1 = browse_store_->Delete();
1613 if (!r1)
1614 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1615
1616 const bool r2 = download_store_.get() ? download_store_->Delete() : true;
1617 if (!r2)
1618 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1619
1620 const bool r3 = csd_whitelist_store_.get() ?
1621 csd_whitelist_store_->Delete() : true;
1622 if (!r3)
1623 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1624
1625 const bool r4 = download_whitelist_store_.get() ?
1626 download_whitelist_store_->Delete() : true;
1627 if (!r4)
1628 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1629
1630 const bool r5 = inclusion_whitelist_store_.get() ?
1631 inclusion_whitelist_store_->Delete() : true;
1632 if (!r5)
1633 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1634
1635 const base::FilePath browse_filename =
1636 BrowseDBFilename(db_state_manager_.filename_base());
1637 const base::FilePath bloom_filter_filename =
1638 BloomFilterForFilename(browse_filename);
1639 const bool r6 = base::DeleteFile(bloom_filter_filename, false);
1640 if (!r6)
1641 RecordFailure(FAILURE_DATABASE_FILTER_DELETE);
1642
1643 const base::FilePath browse_prefix_set_filename =
1644 PrefixSetForFilename(browse_filename);
1645 const bool r7 = base::DeleteFile(browse_prefix_set_filename, false);
1646 if (!r7)
1647 RecordFailure(FAILURE_BROWSE_PREFIX_SET_DELETE);
1648
1649 const base::FilePath extension_blacklist_filename =
1650 ExtensionBlacklistDBFilename(db_state_manager_.filename_base());
1651 const bool r8 = base::DeleteFile(extension_blacklist_filename, false);
1652 if (!r8)
1653 RecordFailure(FAILURE_EXTENSION_BLACKLIST_DELETE);
1654
1655 const bool r9 = base::DeleteFile(
1656 IpBlacklistDBFilename(db_state_manager_.filename_base()), false);
1657 if (!r9)
1658 RecordFailure(FAILURE_IP_BLACKLIST_DELETE);
1659
1660 const bool r10 = base::DeleteFile(
1661 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()), false);
1662 if (!r10)
1663 RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
1664
1665 return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10;
1666 }
1667
1668 void SafeBrowsingDatabaseNew::WritePrefixSet(const base::FilePath& db_filename,
1669 PrefixSetId prefix_set_id,
1670 FailureType write_failure_type) {
1671 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1672
1673 // Do not grab the lock to avoid contention while writing to disk. This is
1674 // safe as only this task runner can ever modify |state_manager_|'s prefix
1675 // sets anyways.
1676 scoped_ptr<ReadTransaction> txn =
1677 state_manager_.BeginReadTransactionNoLockOnMainTaskRunner();
1678 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
1679
1680 if (!prefix_set)
1681 return;
1682
1683 const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
1684
1685 const base::TimeTicks before = base::TimeTicks::Now();
1686 const bool write_ok = prefix_set->WriteFile(prefix_set_filename);
1687 UMA_HISTOGRAM_TIMES("SB2.PrefixSetWrite", base::TimeTicks::Now() - before);
1688
1689 RecordFileSizeHistogram(prefix_set_filename);
1690
1691 if (!write_ok)
1692 RecordFailure(write_failure_type);
1693
1694 #if defined(OS_MACOSX)
1695 base::mac::SetFileBackupExclusion(prefix_set_filename);
1696 #endif
1697 }
1698
1699 void SafeBrowsingDatabaseNew::LoadWhitelist(
1700 const std::vector<SBAddFullHash>& full_hashes,
1701 SBWhitelistId whitelist_id) {
1702 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1703
1704 if (full_hashes.size() > kMaxWhitelistSize) {
1705 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1706 return;
1707 }
1708
1709 std::vector<SBFullHash> new_whitelist;
1710 new_whitelist.reserve(full_hashes.size());
1711 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1712 it != full_hashes.end(); ++it) {
1713 new_whitelist.push_back(it->full_hash);
1714 }
1715 std::sort(new_whitelist.begin(), new_whitelist.end(), SBFullHashLess);
1716
1717 SBFullHash kill_switch = SBFullHashForString(kWhitelistKillSwitchUrl);
1718 if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
1719 kill_switch, SBFullHashLess)) {
1720 // The kill switch is whitelisted hence we whitelist all URLs.
1721 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1722 } else {
1723 state_manager_.BeginWriteTransaction()->SwapSBWhitelist(whitelist_id,
1724 &new_whitelist);
1725 }
1726 }
1727
1728 void SafeBrowsingDatabaseNew::LoadIpBlacklist(
1729 const std::vector<SBAddFullHash>& full_hashes) {
1730 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1731
1732 IPBlacklist new_blacklist;
1733 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1734 it != full_hashes.end();
1735 ++it) {
1736 const char* full_hash = it->full_hash.full_hash;
1737 DCHECK_EQ(crypto::kSHA256Length, arraysize(it->full_hash.full_hash));
1738 // The format of the IP blacklist is:
1739 // SHA-1(IPv6 prefix) + uint8(prefix size) + 11 unused bytes.
1740 std::string hashed_ip_prefix(full_hash, base::kSHA1Length);
1741 size_t prefix_size = static_cast<uint8>(full_hash[base::kSHA1Length]);
1742 if (prefix_size > kMaxIpPrefixSize || prefix_size < kMinIpPrefixSize) {
1743 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_INVALID);
1744 new_blacklist.clear(); // Load empty blacklist.
1745 break;
1746 }
1747
1748 // We precompute the mask for the given subnet size to speed up lookups.
1749 // Basically we need to create a 16B long string which has the highest
1750 // |size| bits sets to one.
1751 std::string mask(net::kIPv6AddressSize, '\0');
1752 mask.replace(0, prefix_size / 8, prefix_size / 8, '\xFF');
1753 if ((prefix_size % 8) != 0) {
1754 mask[prefix_size / 8] = 0xFF << (8 - (prefix_size % 8));
1755 }
1756 DVLOG(2) << "Inserting malicious IP: "
1757 << " raw:" << base::HexEncode(full_hash, crypto::kSHA256Length)
1758 << " mask:" << base::HexEncode(mask.data(), mask.size())
1759 << " prefix_size:" << prefix_size
1760 << " hashed_ip:" << base::HexEncode(hashed_ip_prefix.data(),
1761 hashed_ip_prefix.size());
1762 new_blacklist[mask].insert(hashed_ip_prefix);
1763 }
1764
1765 state_manager_.BeginWriteTransaction()->swap_ip_blacklist(&new_blacklist);
1766 }
1767
1768 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() {
1769 SBFullHash malware_kill_switch = SBFullHashForString(kMalwareIPKillSwitchUrl);
1770 std::vector<SBFullHash> full_hashes;
1771 full_hashes.push_back(malware_kill_switch);
1772 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
1773 }
1774
1775 bool SafeBrowsingDatabaseNew::IsCsdWhitelistKillSwitchOn() {
1776 return state_manager_.BeginReadTransaction()
1777 ->GetSBWhitelist(SBWhitelistId::CSD)
1778 ->second;
1779 }
1780
1781 SafeBrowsingDatabaseNew::PrefixGetHashCache*
1782 SafeBrowsingDatabaseNew::GetUnsynchronizedPrefixGetHashCacheForTesting() {
1783 return state_manager_.BeginReadTransaction()->prefix_gethash_cache();
1784 }
1785
1786 void SafeBrowsingDatabaseNew::RecordFileSizeHistogram(
1787 const base::FilePath& file_path) {
1788 const int64 file_size = GetFileSizeOrZero(file_path);
1789 const int file_size_kilobytes = static_cast<int>(file_size / 1024);
1790
1791 base::FilePath::StringType filename = file_path.BaseName().value();
1792
1793 // Default to logging DB sizes unless |file_path| points at PrefixSet storage.
1794 std::string histogram_name("SB2.DatabaseSizeKilobytes");
1795 if (base::EndsWith(filename, kPrefixSetFileSuffix,
1796 base::CompareCase::SENSITIVE)) {
1797 histogram_name = "SB2.PrefixSetSizeKilobytes";
1798 // Clear the PrefixSet suffix to have the histogram suffix selector below
1799 // work the same for PrefixSet-based storage as it does for simple safe
1800 // browsing stores.
1801 // The size of the kPrefixSetFileSuffix is the size of its array minus 1 as
1802 // the array includes the terminating '\0'.
1803 const size_t kPrefixSetSuffixSize = arraysize(kPrefixSetFileSuffix) - 1;
1804 filename.erase(filename.size() - kPrefixSetSuffixSize);
1805 }
1806
1807 // Changes to histogram suffixes below need to be mirrored in the
1808 // SafeBrowsingLists suffix enum in histograms.xml.
1809 if (base::EndsWith(filename, kBrowseDBFile, base::CompareCase::SENSITIVE))
1810 histogram_name.append(".Browse");
1811 else if (base::EndsWith(filename, kDownloadDBFile,
1812 base::CompareCase::SENSITIVE))
1813 histogram_name.append(".Download");
1814 else if (base::EndsWith(filename, kCsdWhitelistDBFile,
1815 base::CompareCase::SENSITIVE))
1816 histogram_name.append(".CsdWhitelist");
1817 else if (base::EndsWith(filename, kDownloadWhitelistDBFile,
1818 base::CompareCase::SENSITIVE))
1819 histogram_name.append(".DownloadWhitelist");
1820 else if (base::EndsWith(filename, kInclusionWhitelistDBFile,
1821 base::CompareCase::SENSITIVE))
1822 histogram_name.append(".InclusionWhitelist");
1823 else if (base::EndsWith(filename, kExtensionBlacklistDBFile,
1824 base::CompareCase::SENSITIVE))
1825 histogram_name.append(".ExtensionBlacklist");
1826 else if (base::EndsWith(filename, kIPBlacklistDBFile,
1827 base::CompareCase::SENSITIVE))
1828 histogram_name.append(".IPBlacklist");
1829 else if (base::EndsWith(filename, kUnwantedSoftwareDBFile,
1830 base::CompareCase::SENSITIVE))
1831 histogram_name.append(".UnwantedSoftware");
1832 else
1833 NOTREACHED(); // Add support for new lists above.
1834
1835 // Histogram properties as in UMA_HISTOGRAM_COUNTS macro.
1836 base::HistogramBase* histogram_pointer = base::Histogram::FactoryGet(
1837 histogram_name, 1, 1000000, 50,
1838 base::HistogramBase::kUmaTargetedHistogramFlag);
1839
1840 histogram_pointer->Add(file_size_kilobytes);
1841 }