chrome/browser/safe_browsing/browser_feature_extractor.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 //
   5 // BrowserFeatureExtractor computes various browser features for client-side
   6 // phishing detection.  For now it does a bunch of lookups in the history
   7 // service to see whether a particular URL has been visited before by the
   8 // user.
   9
  10 #ifndef CHROME_BROWSER_SAFE_BROWSING_BROWSER_FEATURE_EXTRACTOR_H_
  11 #define CHROME_BROWSER_SAFE_BROWSING_BROWSER_FEATURE_EXTRACTOR_H_
  12
  13 #include <map>
  14 #include <set>
  15 #include <string>
  16 #include <utility>
  17 #include <vector>
  18
  19 #include "base/basictypes.h"
  20 #include "base/callback.h"
  21 #include "base/containers/hash_tables.h"
  22 #include "base/memory/scoped_ptr.h"
  23 #include "base/sequenced_task_runner_helpers.h"
  24 #include "base/time/time.h"
  25 #include "chrome/browser/common/cancelable_request.h"
  26 #include "chrome/browser/history/history_types.h"
  27 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
  28 #include "chrome/browser/safe_browsing/ui_manager.h"
  29 #include "url/gurl.h"
  30 #include "webkit/common/resource_type.h"
  31
  32
  33 class HistoryService;
  34
  35 namespace content {
  36 class WebContents;
  37 }
  38
  39 namespace safe_browsing {
  40 class ClientMalwareRequest;
  41 class ClientPhishingRequest;
  42 class ClientSideDetectionHost;
  43
  44 struct IPUrlInfo {
  45   // The url on the bad IP address.
  46   std::string url;
  47   std::string method;
  48   std::string referrer;
  49   ResourceType::Type resource_type;
  50
  51   IPUrlInfo(const std::string& url,
  52             const std::string& method,
  53             const std::string& referrer,
  54             const ResourceType::Type& resource_type);
  55   ~IPUrlInfo();
  56 };
  57
  58 typedef std::map<std::string, std::vector<IPUrlInfo> > IPUrlMap;
  59
  60 struct BrowseInfo {
  61   // List of IPv4 and IPv6 addresses from which content was requested
  62   // together with the hosts on it, while browsing to the |url|.
  63   IPUrlMap ips;
  64
  65   // If a SafeBrowsing interstitial was shown for the current URL
  66   // this will contain the UnsafeResource struct for that URL.
  67   scoped_ptr<SafeBrowsingUIManager::UnsafeResource> unsafe_resource;
  68
  69   // List of redirects that lead to the first page on the current host and
  70   // the current url respectively. These may be the same if the current url
  71   // is the first page on its host.
  72   std::vector<GURL> host_redirects;
  73   std::vector<GURL> url_redirects;
  74
  75   // URL of the referrer of this URL load.
  76   GURL referrer;
  77
  78   // The HTTP status code from this navigation.
  79   int http_status_code;
  80
  81   BrowseInfo();
  82   ~BrowseInfo();
  83 };
  84
  85 // All methods of this class must be called on the UI thread (including
  86 // the constructor).
  87 class BrowserFeatureExtractor {
  88  public:
  89   // Called when feature extraction is done.  The first argument will be
  90   // true iff feature extraction succeeded.  The second argument is the
  91   // phishing request which was modified by the feature extractor.  The
  92   // DoneCallback takes ownership of the request object.
  93   typedef base::Callback<void(bool, ClientPhishingRequest*)> DoneCallback;
  94   typedef base::Callback<void(bool, scoped_ptr<ClientMalwareRequest>)>
  95       MalwareDoneCallback;
  96
  97   // The caller keeps ownership of the tab and host objects and is
  98   // responsible for ensuring that they stay valid for the entire
  99   // lifetime of this object.
 100   BrowserFeatureExtractor(content::WebContents* tab,
 101                           ClientSideDetectionHost* host);
 102
 103   // The destructor will cancel any pending requests.
 104   virtual ~BrowserFeatureExtractor();
 105
 106   // Begins extraction of the browser features.  We take ownership
 107   // of the request object until |callback| is called (see DoneCallback above)
 108   // and will write the extracted features to the feature map.  Once the
 109   // feature extraction is complete, |callback| is run on the UI thread.  We
 110   // take ownership of the |callback| object.  |info| may not be valid after
 111   // ExtractFeatures returns.  This method must run on the UI thread.
 112   virtual void ExtractFeatures(const BrowseInfo* info,
 113                                ClientPhishingRequest* request,
 114                                const DoneCallback& callback);
 115
 116   // Begins extraction of the malware related features.  We take ownership
 117   // of the request object until |callback| is called.  Once feature extraction
 118   // is complete, |callback| will run on the UI thread.  |info| is not expected
 119   // to stay valid after ExtractMalwareFeatures returns.  All IPs stored in
 120   // |info| will be cleared by calling this function.
 121   virtual void ExtractMalwareFeatures(BrowseInfo* info,
 122                                       ClientMalwareRequest* request,
 123                                       const MalwareDoneCallback& callback);
 124
 125  private:
 126   friend class base::DeleteHelper<BrowserFeatureExtractor>;
 127   typedef std::pair<ClientPhishingRequest*, DoneCallback> ExtractionData;
 128   typedef std::map<CancelableRequestProvider::Handle,
 129                    ExtractionData> PendingQueriesMap;
 130
 131   // Synchronous browser feature extraction.
 132   void ExtractBrowseInfoFeatures(const BrowseInfo& info,
 133                                  ClientPhishingRequest* request);
 134
 135   // Actually starts feature extraction (does the real work).
 136   void StartExtractFeatures(ClientPhishingRequest* request,
 137                             const DoneCallback& callback);
 138
 139   // HistoryService callback which is called when we're done querying URL visits
 140   // in the history.
 141   void QueryUrlHistoryDone(CancelableRequestProvider::Handle handle,
 142                            bool success,
 143                            const history::URLRow* row,
 144                            history::VisitVector* visits);
 145
 146   // HistoryService callback which is called when we're done querying HTTP host
 147   // visits in the history.
 148   void QueryHttpHostVisitsDone(CancelableRequestProvider::Handle handle,
 149                                bool success,
 150                                int num_visits,
 151                                base::Time first_visit);
 152
 153   // HistoryService callback which is called when we're done querying HTTPS host
 154   // visits in the history.
 155   void QueryHttpsHostVisitsDone(CancelableRequestProvider::Handle handle,
 156                                 bool success,
 157                                 int num_visits,
 158                                 base::Time first_visit);
 159
 160   // Helper function which sets the host history features given the
 161   // number of host visits and the time of the fist host visit.  Set
 162   // |is_http_query| to true if the URL scheme is HTTP and to false if
 163   // the scheme is HTTPS.
 164   void SetHostVisitsFeatures(int num_visits,
 165                              base::Time first_visit,
 166                              bool is_http_query,
 167                              ClientPhishingRequest* request);
 168
 169   // Helper function which stores the request and callback while the history
 170   // query is being processed.
 171   void StorePendingQuery(CancelableRequestProvider::Handle handle,
 172                          ClientPhishingRequest* request,
 173                          const DoneCallback& callback);
 174
 175   // Helper function which is the counterpart of StorePendingQuery.  If there
 176   // is a pending query for the given handle it will return false and set both
 177   // the request and cb pointers.  Otherwise, it will return false.
 178   bool GetPendingQuery(CancelableRequestProvider::Handle handle,
 179                        ClientPhishingRequest** request,
 180                        DoneCallback* callback);
 181
 182   // Helper function which gets the history server if possible.  If the pointer
 183   // is set it will return true and false otherwise.
 184   bool GetHistoryService(HistoryService** history);
 185
 186   // Helper function which is called when we're done filtering out benign IPs
 187   // on the IO thread.  This function is called on the UI thread.
 188   void FinishExtractMalwareFeatures(scoped_ptr<IPUrlMap> bad_ips,
 189                                     MalwareDoneCallback callback,
 190                                     scoped_ptr<ClientMalwareRequest> request);
 191
 192   content::WebContents* tab_;
 193   ClientSideDetectionHost* host_;
 194   CancelableRequestConsumer request_consumer_;
 195   base::WeakPtrFactory<BrowserFeatureExtractor> weak_factory_;
 196
 197   // Set of pending extractions (i.e. extractions for which ExtractFeatures was
 198   // called but not StartExtractFeatures).
 199   std::map<ClientPhishingRequest*, DoneCallback> pending_extractions_;
 200
 201   // Set of pending queries (i.e., where history->Query...() was called but
 202   // the history callback hasn't been invoked yet).
 203   PendingQueriesMap pending_queries_;
 204
 205   DISALLOW_COPY_AND_ASSIGN(BrowserFeatureExtractor);
 206 };
 207
 208 }  // namespace safe_browsing
 209 #endif  // CHROME_BROWSER_SAFE_BROWSING_BROWSER_FEATURE_EXTRACTOR_H_