chrome/common/safe_browsing/binary_feature_extractor.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 //
   5 // Utility functions to extract file features for malicious binary detection.
   6 // Each platform has its own implementation of this class.
   7
   8 #ifndef CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_
   9 #define CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_
  10
  11 #include "base/basictypes.h"
  12 #include "base/files/file.h"
  13 #include "base/memory/ref_counted.h"
  14
  15 namespace base {
  16 class FilePath;
  17 }
  18
  19 namespace safe_browsing {
  20 class ClientDownloadRequest_Digests;
  21 class ClientDownloadRequest_ImageHeaders;
  22 class ClientDownloadRequest_SignatureInfo;
  23
  24 class BinaryFeatureExtractor
  25     : public base::RefCountedThreadSafe<BinaryFeatureExtractor> {
  26  public:
  27   // The type and defined values for a bitfield that controls aspects of image
  28   // header extraction.
  29   typedef uint32_t ExtractHeadersOption;
  30   static const ExtractHeadersOption kDefaultOptions = 0;
  31   static const ExtractHeadersOption kOmitExports = 1U << 0;
  32
  33   BinaryFeatureExtractor();
  34
  35   // Fills in the DownloadRequest_SignatureInfo for the given file path.
  36   // This method may be called on any thread.
  37   virtual void CheckSignature(
  38       const base::FilePath& file_path,
  39       ClientDownloadRequest_SignatureInfo* signature_info);
  40
  41   // Populates |image_headers| with the PE image headers of |file_path|.
  42   // |options| is a bitfield controlling aspects of extraction. Returns true if
  43   // |image_headers| is populated with any information.
  44   virtual bool ExtractImageHeaders(
  45       const base::FilePath& file_path,
  46       ExtractHeadersOption options,
  47       ClientDownloadRequest_ImageHeaders* image_headers);
  48
  49   // As above, but works with an already-opened file. BinaryFeatureExtractor
  50   // takes ownership of |file| and closes it when done.
  51   virtual bool ExtractImageHeadersFromFile(
  52       base::File file,
  53       ExtractHeadersOption options,
  54       ClientDownloadRequest_ImageHeaders* image_headers);
  55
  56   // Populates |digests.sha256| with the SHA256 digest of |file_path|.
  57   virtual void ExtractDigest(const base::FilePath& file_path,
  58                              ClientDownloadRequest_Digests* digests);
  59
  60  protected:
  61   friend class base::RefCountedThreadSafe<BinaryFeatureExtractor>;
  62   virtual ~BinaryFeatureExtractor();
  63
  64  private:
  65   DISALLOW_COPY_AND_ASSIGN(BinaryFeatureExtractor);
  66 };
  67 }  // namespace safe_browsing
  68
  69 #endif  // CHROME_COMMON_SAFE_BROWSING_BINARY_FEATURE_EXTRACTOR_H_