chrome/browser/safe_browsing/ping_manager.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/safe_browsing/ping_manager.h"
   6
   7 #include "base/logging.h"
   8 #include "base/stl_util.h"
   9 #include "base/strings/string_util.h"
  10 #include "base/strings/stringprintf.h"
  11 #include "chrome/browser/net/certificate_error_reporter.h"
  12 #include "chrome/common/env_vars.h"
  13 #include "content/public/browser/browser_thread.h"
  14 #include "google_apis/google_api_keys.h"
  15 #include "net/base/escape.h"
  16 #include "net/base/load_flags.h"
  17 #include "net/ssl/ssl_info.h"
  18 #include "net/url_request/url_fetcher.h"
  19 #include "net/url_request/url_request_context_getter.h"
  20 #include "net/url_request/url_request_status.h"
  21 #include "url/gurl.h"
  22
  23 using chrome_browser_net::CertificateErrorReporter;
  24 using content::BrowserThread;
  25
  26 namespace {
  27 // URL to upload invalid certificate chain reports
  28 const char kExtendedReportingUploadUrl[] =
  29     "https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs";
  30 }  // namespace
  31
  32 // SafeBrowsingPingManager implementation ----------------------------------
  33
  34 // static
  35 SafeBrowsingPingManager* SafeBrowsingPingManager::Create(
  36     net::URLRequestContextGetter* request_context_getter,
  37     const SafeBrowsingProtocolConfig& config) {
  38   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  39   return new SafeBrowsingPingManager(request_context_getter, config);
  40 }
  41
  42 SafeBrowsingPingManager::SafeBrowsingPingManager(
  43     net::URLRequestContextGetter* request_context_getter,
  44     const SafeBrowsingProtocolConfig& config)
  45     : client_name_(config.client_name),
  46       request_context_getter_(request_context_getter),
  47       url_prefix_(config.url_prefix),
  48       certificate_error_reporter_(
  49           request_context_getter
  50               ? new CertificateErrorReporter(
  51                     request_context_getter->GetURLRequestContext(),
  52                     GURL(kExtendedReportingUploadUrl),
  53                     CertificateErrorReporter::SEND_COOKIES)
  54               : nullptr) {
  55   DCHECK(!url_prefix_.empty());
  56
  57   version_ = SafeBrowsingProtocolManagerHelper::Version();
  58 }
  59
  60 SafeBrowsingPingManager::~SafeBrowsingPingManager() {
  61   // Delete in-progress safebrowsing reports (hits and details).
  62   STLDeleteContainerPointers(safebrowsing_reports_.begin(),
  63                              safebrowsing_reports_.end());
  64 }
  65
  66 // net::URLFetcherDelegate implementation ----------------------------------
  67
  68 // All SafeBrowsing request responses are handled here.
  69 void SafeBrowsingPingManager::OnURLFetchComplete(
  70     const net::URLFetcher* source) {
  71   Reports::iterator sit = safebrowsing_reports_.find(source);
  72   DCHECK(sit != safebrowsing_reports_.end());
  73   delete *sit;
  74   safebrowsing_reports_.erase(sit);
  75 }
  76
  77 // Sends a SafeBrowsing "hit" for UMA users.
  78 void SafeBrowsingPingManager::ReportSafeBrowsingHit(
  79     const GURL& malicious_url,
  80     const GURL& page_url,
  81     const GURL& referrer_url,
  82     bool is_subresource,
  83     SBThreatType threat_type,
  84     const std::string& post_data) {
  85   GURL report_url = SafeBrowsingHitUrl(malicious_url, page_url,
  86                                        referrer_url, is_subresource,
  87                                        threat_type);
  88   net::URLFetcher* report = net::URLFetcher::Create(
  89       report_url,
  90       post_data.empty() ? net::URLFetcher::GET : net::URLFetcher::POST,
  91       this);
  92   report->SetLoadFlags(net::LOAD_DISABLE_CACHE);
  93   report->SetRequestContext(request_context_getter_.get());
  94   if (!post_data.empty())
  95     report->SetUploadData("text/plain", post_data);
  96   safebrowsing_reports_.insert(report);
  97   report->Start();
  98 }
  99
 100 // Sends malware details for users who opt-in.
 101 void SafeBrowsingPingManager::ReportMalwareDetails(
 102     const std::string& report) {
 103   GURL report_url = MalwareDetailsUrl();
 104   net::URLFetcher* fetcher = net::URLFetcher::Create(
 105       report_url, net::URLFetcher::POST, this);
 106   fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);
 107   fetcher->SetRequestContext(request_context_getter_.get());
 108   fetcher->SetUploadData("application/octet-stream", report);
 109   // Don't try too hard to send reports on failures.
 110   fetcher->SetAutomaticallyRetryOn5xx(false);
 111   fetcher->Start();
 112   safebrowsing_reports_.insert(fetcher);
 113 }
 114
 115 void SafeBrowsingPingManager::ReportInvalidCertificateChain(
 116     const std::string& hostname,
 117     const net::SSLInfo& ssl_info) {
 118   DCHECK(certificate_error_reporter_);
 119   certificate_error_reporter_->SendReport(
 120       CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING, hostname,
 121       ssl_info);
 122 }
 123
 124 void SafeBrowsingPingManager::SetCertificateErrorReporterForTesting(
 125     scoped_ptr<CertificateErrorReporter> certificate_error_reporter) {
 126   certificate_error_reporter_ = certificate_error_reporter.Pass();
 127 }
 128
 129 GURL SafeBrowsingPingManager::SafeBrowsingHitUrl(
 130     const GURL& malicious_url, const GURL& page_url,
 131     const GURL& referrer_url, bool is_subresource,
 132     SBThreatType threat_type) const {
 133   DCHECK(threat_type == SB_THREAT_TYPE_URL_MALWARE ||
 134          threat_type == SB_THREAT_TYPE_URL_PHISHING ||
 135          threat_type == SB_THREAT_TYPE_URL_UNWANTED ||
 136          threat_type == SB_THREAT_TYPE_BINARY_MALWARE_URL ||
 137          threat_type == SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL ||
 138          threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL);
 139   std::string url = SafeBrowsingProtocolManagerHelper::ComposeUrl(
 140       url_prefix_, "report", client_name_, version_, std::string());
 141   std::string threat_list = "none";
 142   switch (threat_type) {
 143     case SB_THREAT_TYPE_URL_MALWARE:
 144       threat_list = "malblhit";
 145       break;
 146     case SB_THREAT_TYPE_URL_PHISHING:
 147       threat_list = "phishblhit";
 148       break;
 149     case SB_THREAT_TYPE_URL_UNWANTED:
 150       threat_list = "uwsblhit";
 151       break;
 152     case SB_THREAT_TYPE_BINARY_MALWARE_URL:
 153       threat_list = "binurlhit";
 154       break;
 155     case SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL:
 156       threat_list = "phishcsdhit";
 157       break;
 158     case SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL:
 159       threat_list = "malcsdhit";
 160       break;
 161     default:
 162       NOTREACHED();
 163   }
 164   return GURL(base::StringPrintf("%s&evts=%s&evtd=%s&evtr=%s&evhr=%s&evtb=%d",
 165       url.c_str(), threat_list.c_str(),
 166       net::EscapeQueryParamValue(malicious_url.spec(), true).c_str(),
 167       net::EscapeQueryParamValue(page_url.spec(), true).c_str(),
 168       net::EscapeQueryParamValue(referrer_url.spec(), true).c_str(),
 169       is_subresource));
 170 }
 171
 172 GURL SafeBrowsingPingManager::MalwareDetailsUrl() const {
 173   std::string url = base::StringPrintf(
 174           "%s/clientreport/malware?client=%s&appver=%s&pver=1.0",
 175           url_prefix_.c_str(),
 176           client_name_.c_str(),
 177           version_.c_str());
 178   std::string api_key = google_apis::GetAPIKey();
 179   if (!api_key.empty()) {
 180     base::StringAppendF(&url, "&key=%s",
 181                         net::EscapeQueryParamValue(api_key, true).c_str());
 182   }
 183   return GURL(url);
 184 }