search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ozone: evdev: Sync caps lock LED state to evdev
[chromium-blink-merge.git] / chrome / browser / safe_browsing / safe_browsing_database.cc
blob1e85d7aa6a5c2376e10a6b0e34c9bbdbacbd1656
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
6
7 #include <algorithm>
8 #include <iterator>
9
10 #include "base/bind.h"
11 #include "base/files/file_util.h"
12 #include "base/macros.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/metrics/histogram.h"
15 #include "base/process/process_handle.h"
16 #include "base/process/process_metrics.h"
17 #include "base/sha1.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/time/time.h"
22 #include "chrome/browser/safe_browsing/prefix_set.h"
23 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h"
24 #include "content/public/browser/browser_thread.h"
25 #include "crypto/sha2.h"
26 #include "net/base/net_util.h"
27 #include "url/gurl.h"
28
29 #if defined(OS_MACOSX)
30 #include "base/mac/mac_util.h"
31 #endif
32
33 using content::BrowserThread;
34 using safe_browsing::PrefixSet;
35 using safe_browsing::PrefixSetBuilder;
36
37 namespace {
38
39 // Filename suffix for the bloom filter.
40 const base::FilePath::CharType kBloomFilterFileSuffix[] =
41 FILE_PATH_LITERAL(" Filter 2");
42 // Filename suffix for the prefix set.
43 const base::FilePath::CharType kPrefixSetFileSuffix[] =
44 FILE_PATH_LITERAL(" Prefix Set");
45 // Filename suffix for download store.
46 const base::FilePath::CharType kDownloadDBFile[] =
47 FILE_PATH_LITERAL(" Download");
48 // Filename suffix for client-side phishing detection whitelist store.
49 const base::FilePath::CharType kCsdWhitelistDBFile[] =
50 FILE_PATH_LITERAL(" Csd Whitelist");
51 // Filename suffix for the download whitelist store.
52 const base::FilePath::CharType kDownloadWhitelistDBFile[] =
53 FILE_PATH_LITERAL(" Download Whitelist");
54 // Filename suffix for the off-domain inclusion whitelist store.
55 const base::FilePath::CharType kInclusionWhitelistDBFile[] =
56 FILE_PATH_LITERAL(" Inclusion Whitelist");
57 // Filename suffix for the extension blacklist store.
58 const base::FilePath::CharType kExtensionBlacklistDBFile[] =
59 FILE_PATH_LITERAL(" Extension Blacklist");
60 // Filename suffix for the side-effect free whitelist store.
61 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] =
62 FILE_PATH_LITERAL(" Side-Effect Free Whitelist");
63 // Filename suffix for the csd malware IP blacklist store.
64 const base::FilePath::CharType kIPBlacklistDBFile[] =
65 FILE_PATH_LITERAL(" IP Blacklist");
66 // Filename suffix for the unwanted software blacklist store.
67 const base::FilePath::CharType kUnwantedSoftwareDBFile[] =
68 FILE_PATH_LITERAL(" UwS List");
69
70 // Filename suffix for browse store.
71 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win.
72 // Unfortunately, to change the name implies lots of transition code
73 // for little benefit. If/when file formats change (say to put all
74 // the data in one file), that would be a convenient point to rectify
75 // this.
76 // TODO(shess): This shouldn't be OS-driven <http://crbug.com/394379>
77 #if defined(OS_ANDROID)
78 // NOTE(shess): This difference is also reflected in the list name in
79 // safe_browsing_util.cc.
80 // TODO(shess): Spin up an alternate list id which can be persisted in the
81 // store. Then if a mistake is made, it won't cause confusion between
82 // incompatible lists.
83 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Mobile");
84 #else
85 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom");
86 #endif
87
88 // Maximum number of entries we allow in any of the whitelists.
89 // If a whitelist on disk contains more entries then all lookups to
90 // the whitelist will be considered a match.
91 const size_t kMaxWhitelistSize = 5000;
92
93 // If the hash of this exact expression is on a whitelist then all
94 // lookups to this whitelist will be considered a match.
95 const char kWhitelistKillSwitchUrl[] =
96 "sb-ssl.google.com/safebrowsing/csd/killswitch"; // Don't change this!
97
98 // If the hash of this exact expression is on a whitelist then the
99 // malware IP blacklisting feature will be disabled in csd.
100 // Don't change this!
101 const char kMalwareIPKillSwitchUrl[] =
102 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware";
103
104 const size_t kMaxIpPrefixSize = 128;
105 const size_t kMinIpPrefixSize = 1;
106
107 // To save space, the incoming |chunk_id| and |list_id| are combined
108 // into an |encoded_chunk_id| for storage by shifting the |list_id|
109 // into the low-order bits. These functions decode that information.
110 // TODO(lzheng): It was reasonable when database is saved in sqlite, but
111 // there should be better ways to save chunk_id and list_id after we use
112 // SafeBrowsingStoreFile.
113 int GetListIdBit(const int encoded_chunk_id) {
114 return encoded_chunk_id & 1;
115 }
116 int DecodeChunkId(int encoded_chunk_id) {
117 return encoded_chunk_id >> 1;
118 }
119 int EncodeChunkId(const int chunk, const int list_id) {
120 DCHECK_NE(list_id, safe_browsing_util::INVALID);
121 return chunk << 1 | list_id % 2;
122 }
123
124 // Generate the set of full hashes to check for |url|. If
125 // |include_whitelist_hashes| is true we will generate additional path-prefixes
126 // to match against the csd whitelist. E.g., if the path-prefix /foo is on the
127 // whitelist it should also match /foo/bar which is not the case for all the
128 // other lists. We'll also always add a pattern for the empty path.
129 // TODO(shess): This function is almost the same as
130 // |CompareFullHashes()| in safe_browsing_util.cc, except that code
131 // does an early exit on match. Since match should be the infrequent
132 // case (phishing or malware found), consider combining this function
133 // with that one.
134 void UrlToFullHashes(const GURL& url,
135 bool include_whitelist_hashes,
136 std::vector<SBFullHash>* full_hashes) {
137 std::vector<std::string> hosts;
138 if (url.HostIsIPAddress()) {
139 hosts.push_back(url.host());
140 } else {
141 safe_browsing_util::GenerateHostsToCheck(url, &hosts);
142 }
143
144 std::vector<std::string> paths;
145 safe_browsing_util::GeneratePathsToCheck(url, &paths);
146
147 for (size_t i = 0; i < hosts.size(); ++i) {
148 for (size_t j = 0; j < paths.size(); ++j) {
149 const std::string& path = paths[j];
150 full_hashes->push_back(SBFullHashForString(hosts[i] + path));
151
152 // We may have /foo as path-prefix in the whitelist which should
153 // also match with /foo/bar and /foo?bar. Hence, for every path
154 // that ends in '/' we also add the path without the slash.
155 if (include_whitelist_hashes &&
156 path.size() > 1 &&
157 path[path.size() - 1] == '/') {
158 full_hashes->push_back(
159 SBFullHashForString(hosts[i] + path.substr(0, path.size() - 1)));
160 }
161 }
162 }
163 }
164
165 // Get the prefixes matching the download |urls|.
166 void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
167 std::vector<SBPrefix>* prefixes) {
168 std::vector<SBFullHash> full_hashes;
169 for (size_t i = 0; i < urls.size(); ++i)
170 UrlToFullHashes(urls[i], false, &full_hashes);
171
172 for (size_t i = 0; i < full_hashes.size(); ++i)
173 prefixes->push_back(full_hashes[i].prefix);
174 }
175
176 // Helper function to compare addprefixes in |store| with |prefixes|.
177 // The |list_bit| indicates which list (url or hash) to compare.
178 //
179 // Returns true if there is a match, |*prefix_hits| (if non-NULL) will contain
180 // the actual matching prefixes.
181 bool MatchAddPrefixes(SafeBrowsingStore* store,
182 int list_bit,
183 const std::vector<SBPrefix>& prefixes,
184 std::vector<SBPrefix>* prefix_hits) {
185 prefix_hits->clear();
186 bool found_match = false;
187
188 SBAddPrefixes add_prefixes;
189 store->GetAddPrefixes(&add_prefixes);
190 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin();
191 iter != add_prefixes.end(); ++iter) {
192 for (size_t j = 0; j < prefixes.size(); ++j) {
193 const SBPrefix& prefix = prefixes[j];
194 if (prefix == iter->prefix &&
195 GetListIdBit(iter->chunk_id) == list_bit) {
196 prefix_hits->push_back(prefix);
197 found_match = true;
198 }
199 }
200 }
201 return found_match;
202 }
203
204 // This function generates a chunk range string for |chunks|. It
205 // outputs one chunk range string per list and writes it to the
206 // |list_ranges| vector. We expect |list_ranges| to already be of the
207 // right size. E.g., if |chunks| contains chunks with two different
208 // list ids then |list_ranges| must contain two elements.
209 void GetChunkRanges(const std::vector<int>& chunks,
210 std::vector<std::string>* list_ranges) {
211 // Since there are 2 possible list ids, there must be exactly two
212 // list ranges. Even if the chunk data should only contain one
213 // line, this code has to somehow handle corruption.
214 DCHECK_EQ(2U, list_ranges->size());
215
216 std::vector<std::vector<int> > decoded_chunks(list_ranges->size());
217 for (std::vector<int>::const_iterator iter = chunks.begin();
218 iter != chunks.end(); ++iter) {
219 int mod_list_id = GetListIdBit(*iter);
220 DCHECK_GE(mod_list_id, 0);
221 DCHECK_LT(static_cast<size_t>(mod_list_id), decoded_chunks.size());
222 decoded_chunks[mod_list_id].push_back(DecodeChunkId(*iter));
223 }
224 for (size_t i = 0; i < decoded_chunks.size(); ++i) {
225 ChunksToRangeString(decoded_chunks[i], &((*list_ranges)[i]));
226 }
227 }
228
229 // Helper function to create chunk range lists for Browse related
230 // lists.
231 void UpdateChunkRanges(SafeBrowsingStore* store,
232 const std::vector<std::string>& listnames,
233 std::vector<SBListChunkRanges>* lists) {
234 if (!store)
235 return;
236
237 DCHECK_GT(listnames.size(), 0U);
238 DCHECK_LE(listnames.size(), 2U);
239 std::vector<int> add_chunks;
240 std::vector<int> sub_chunks;
241 store->GetAddChunks(&add_chunks);
242 store->GetSubChunks(&sub_chunks);
243
244 // Always decode 2 ranges, even if only the first one is expected.
245 // The loop below will only load as many into |lists| as |listnames|
246 // indicates.
247 std::vector<std::string> adds(2);
248 std::vector<std::string> subs(2);
249 GetChunkRanges(add_chunks, &adds);
250 GetChunkRanges(sub_chunks, &subs);
251
252 for (size_t i = 0; i < listnames.size(); ++i) {
253 const std::string& listname = listnames[i];
254 DCHECK_EQ(safe_browsing_util::GetListId(listname) % 2,
255 static_cast<int>(i % 2));
256 DCHECK_NE(safe_browsing_util::GetListId(listname),
257 safe_browsing_util::INVALID);
258 lists->push_back(SBListChunkRanges(listname));
259 lists->back().adds.swap(adds[i]);
260 lists->back().subs.swap(subs[i]);
261 }
262 }
263
264 void UpdateChunkRangesForLists(SafeBrowsingStore* store,
265 const std::string& listname0,
266 const std::string& listname1,
267 std::vector<SBListChunkRanges>* lists) {
268 std::vector<std::string> listnames;
269 listnames.push_back(listname0);
270 listnames.push_back(listname1);
271 UpdateChunkRanges(store, listnames, lists);
272 }
273
274 void UpdateChunkRangesForList(SafeBrowsingStore* store,
275 const std::string& listname,
276 std::vector<SBListChunkRanges>* lists) {
277 UpdateChunkRanges(store, std::vector<std::string>(1, listname), lists);
278 }
279
280 // This code always checks for non-zero file size. This helper makes
281 // that less verbose.
282 int64 GetFileSizeOrZero(const base::FilePath& file_path) {
283 int64 size_64;
284 if (!base::GetFileSize(file_path, &size_64))
285 return 0;
286 return size_64;
287 }
288
289 // Helper for PrefixSetContainsUrlHashes(). Returns true if an un-expired match
290 // for |full_hash| is found in |cache|, with any matches appended to |results|
291 // (true can be returned with zero matches). |expire_base| is used to check the
292 // cache lifetime of matches, expired matches will be discarded from |cache|.
293 bool GetCachedFullHash(std::map<SBPrefix, SBCachedFullHashResult>* cache,
294 const SBFullHash& full_hash,
295 const base::Time& expire_base,
296 std::vector<SBFullHashResult>* results) {
297 // First check if there is a valid cached result for this prefix.
298 std::map<SBPrefix, SBCachedFullHashResult>::iterator
299 citer = cache->find(full_hash.prefix);
300 if (citer == cache->end())
301 return false;
302
303 // Remove expired entries.
304 SBCachedFullHashResult& cached_result = citer->second;
305 if (cached_result.expire_after <= expire_base) {
306 cache->erase(citer);
307 return false;
308 }
309
310 // Find full-hash matches.
311 std::vector<SBFullHashResult>& cached_hashes = cached_result.full_hashes;
312 for (size_t i = 0; i < cached_hashes.size(); ++i) {
313 if (SBFullHashEqual(full_hash, cached_hashes[i].hash))
314 results->push_back(cached_hashes[i]);
315 }
316
317 return true;
318 }
319
320 SafeBrowsingStoreFile* CreateStore(
321 bool enable,
322 const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
323 if (!enable)
324 return nullptr;
325 return new SafeBrowsingStoreFile(task_runner);
326 }
327
328 } // namespace
329
330 // The default SafeBrowsingDatabaseFactory.
331 class SafeBrowsingDatabaseFactoryImpl : public SafeBrowsingDatabaseFactory {
332 public:
333 SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
334 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
335 bool enable_download_protection,
336 bool enable_client_side_whitelist,
337 bool enable_download_whitelist,
338 bool enable_extension_blacklist,
339 bool enable_side_effect_free_whitelist,
340 bool enable_ip_blacklist,
341 bool enable_unwanted_software_list) override {
342 return new SafeBrowsingDatabaseNew(
343 db_task_runner, CreateStore(true, db_task_runner), // browse_store
344 CreateStore(enable_download_protection, db_task_runner),
345 CreateStore(enable_client_side_whitelist, db_task_runner),
346 CreateStore(enable_download_whitelist, db_task_runner),
347 CreateStore(true, db_task_runner), // inclusion_whitelist_store
348 CreateStore(enable_extension_blacklist, db_task_runner),
349 CreateStore(enable_side_effect_free_whitelist, db_task_runner),
350 CreateStore(enable_ip_blacklist, db_task_runner),
351 CreateStore(enable_unwanted_software_list, db_task_runner));
352 }
353
354 SafeBrowsingDatabaseFactoryImpl() { }
355
356 private:
357 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl);
358 };
359
360 // static
361 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL;
362
363 // Factory method, should be called on the Safe Browsing sequenced task runner,
364 // which is also passed to the function as |current_task_runner|.
365 // TODO(shess): There's no need for a factory any longer. Convert
366 // SafeBrowsingDatabaseNew to SafeBrowsingDatabase, and have Create()
367 // callers just construct things directly.
368 SafeBrowsingDatabase* SafeBrowsingDatabase::Create(
369 const scoped_refptr<base::SequencedTaskRunner>& current_task_runner,
370 bool enable_download_protection,
371 bool enable_client_side_whitelist,
372 bool enable_download_whitelist,
373 bool enable_extension_blacklist,
374 bool enable_side_effect_free_whitelist,
375 bool enable_ip_blacklist,
376 bool enable_unwanted_software_list) {
377 DCHECK(current_task_runner->RunsTasksOnCurrentThread());
378 if (!factory_)
379 factory_ = new SafeBrowsingDatabaseFactoryImpl();
380 return factory_->CreateSafeBrowsingDatabase(
381 current_task_runner, enable_download_protection,
382 enable_client_side_whitelist, enable_download_whitelist,
383 enable_extension_blacklist, enable_side_effect_free_whitelist,
384 enable_ip_blacklist, enable_unwanted_software_list);
385 }
386
387 SafeBrowsingDatabase::~SafeBrowsingDatabase() {
388 }
389
390 // static
391 base::FilePath SafeBrowsingDatabase::BrowseDBFilename(
392 const base::FilePath& db_base_filename) {
393 return base::FilePath(db_base_filename.value() + kBrowseDBFile);
394 }
395
396 // static
397 base::FilePath SafeBrowsingDatabase::DownloadDBFilename(
398 const base::FilePath& db_base_filename) {
399 return base::FilePath(db_base_filename.value() + kDownloadDBFile);
400 }
401
402 // static
403 base::FilePath SafeBrowsingDatabase::BloomFilterForFilename(
404 const base::FilePath& db_filename) {
405 return base::FilePath(db_filename.value() + kBloomFilterFileSuffix);
406 }
407
408 // static
409 base::FilePath SafeBrowsingDatabase::PrefixSetForFilename(
410 const base::FilePath& db_filename) {
411 return base::FilePath(db_filename.value() + kPrefixSetFileSuffix);
412 }
413
414 // static
415 base::FilePath SafeBrowsingDatabase::CsdWhitelistDBFilename(
416 const base::FilePath& db_filename) {
417 return base::FilePath(db_filename.value() + kCsdWhitelistDBFile);
418 }
419
420 // static
421 base::FilePath SafeBrowsingDatabase::DownloadWhitelistDBFilename(
422 const base::FilePath& db_filename) {
423 return base::FilePath(db_filename.value() + kDownloadWhitelistDBFile);
424 }
425
426 // static
427 base::FilePath SafeBrowsingDatabase::InclusionWhitelistDBFilename(
428 const base::FilePath& db_filename) {
429 return base::FilePath(db_filename.value() + kInclusionWhitelistDBFile);
430 }
431
432 // static
433 base::FilePath SafeBrowsingDatabase::ExtensionBlacklistDBFilename(
434 const base::FilePath& db_filename) {
435 return base::FilePath(db_filename.value() + kExtensionBlacklistDBFile);
436 }
437
438 // static
439 base::FilePath SafeBrowsingDatabase::SideEffectFreeWhitelistDBFilename(
440 const base::FilePath& db_filename) {
441 return base::FilePath(db_filename.value() + kSideEffectFreeWhitelistDBFile);
442 }
443
444 // static
445 base::FilePath SafeBrowsingDatabase::IpBlacklistDBFilename(
446 const base::FilePath& db_filename) {
447 return base::FilePath(db_filename.value() + kIPBlacklistDBFile);
448 }
449
450 // static
451 base::FilePath SafeBrowsingDatabase::UnwantedSoftwareDBFilename(
452 const base::FilePath& db_filename) {
453 return base::FilePath(db_filename.value() + kUnwantedSoftwareDBFile);
454 }
455
456 SafeBrowsingStore* SafeBrowsingDatabaseNew::GetStore(const int list_id) {
457 // Stores are not thread safe.
458 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
459
460 if (list_id == safe_browsing_util::PHISH ||
461 list_id == safe_browsing_util::MALWARE) {
462 return browse_store_.get();
463 } else if (list_id == safe_browsing_util::BINURL) {
464 return download_store_.get();
465 } else if (list_id == safe_browsing_util::CSDWHITELIST) {
466 return csd_whitelist_store_.get();
467 } else if (list_id == safe_browsing_util::DOWNLOADWHITELIST) {
468 return download_whitelist_store_.get();
469 } else if (list_id == safe_browsing_util::INCLUSIONWHITELIST) {
470 return inclusion_whitelist_store_.get();
471 } else if (list_id == safe_browsing_util::EXTENSIONBLACKLIST) {
472 return extension_blacklist_store_.get();
473 } else if (list_id == safe_browsing_util::SIDEEFFECTFREEWHITELIST) {
474 return side_effect_free_whitelist_store_.get();
475 } else if (list_id == safe_browsing_util::IPBLACKLIST) {
476 return ip_blacklist_store_.get();
477 } else if (list_id == safe_browsing_util::UNWANTEDURL) {
478 return unwanted_software_store_.get();
479 }
480 return NULL;
481 }
482
483 // static
484 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) {
485 UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type,
486 FAILURE_DATABASE_MAX);
487 }
488
489 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::ReadTransaction {
490 public:
491 const SBWhitelist* GetSBWhitelist(SBWhitelistId id) {
492 switch (id) {
493 case SBWhitelistId::CSD:
494 return &outer_->csd_whitelist_;
495 case SBWhitelistId::DOWNLOAD:
496 return &outer_->download_whitelist_;
497 case SBWhitelistId::INCLUSION:
498 return &outer_->inclusion_whitelist_;
499 }
500 NOTREACHED();
501 return nullptr;
502 }
503
504 const IPBlacklist* ip_blacklist() { return &outer_->ip_blacklist_; }
505
506 const PrefixSet* GetPrefixSet(PrefixSetId id) {
507 switch (id) {
508 case PrefixSetId::BROWSE:
509 return outer_->browse_prefix_set_.get();
510 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
511 return outer_->side_effect_free_whitelist_prefix_set_.get();
512 case PrefixSetId::UNWANTED_SOFTWARE:
513 return outer_->unwanted_software_prefix_set_.get();
514 }
515 NOTREACHED();
516 return nullptr;
517 }
518
519 PrefixGetHashCache* prefix_gethash_cache() {
520 // The cache is special: it is read/write on all threads. Access to it
521 // therefore requires a LOCK'ed transaction (i.e. it can't benefit from
522 // DONT_LOCK_ON_MAIN_THREAD).
523 DCHECK(transaction_lock_);
524 return &outer_->prefix_gethash_cache_;
525 }
526
527 private:
528 // Only ThreadSafeStateManager is allowed to build a ReadTransaction.
529 friend class ThreadSafeStateManager;
530
531 enum class AutoLockRequirement {
532 LOCK,
533 // SBWhitelist's, IPBlacklist's, and PrefixSet's (not caches) are only
534 // ever written to on the main task runner (as enforced by
535 // ThreadSafeStateManager) and can therefore be read on the main task
536 // runner without first acquiring |lock_|.
537 DONT_LOCK_ON_MAIN_TASK_RUNNER
538 };
539
540 ReadTransaction(const ThreadSafeStateManager* outer,
541 AutoLockRequirement auto_lock_requirement)
542 : outer_(outer) {
543 DCHECK(outer_);
544 if (auto_lock_requirement == AutoLockRequirement::LOCK)
545 transaction_lock_.reset(new base::AutoLock(outer_->lock_));
546 else
547 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
548 }
549
550 const ThreadSafeStateManager* outer_;
551 scoped_ptr<base::AutoLock> transaction_lock_;
552
553 DISALLOW_COPY_AND_ASSIGN(ReadTransaction);
554 };
555
556 class SafeBrowsingDatabaseNew::ThreadSafeStateManager::WriteTransaction {
557 public:
558 // Call this method if an error occured with the given whitelist. This will
559 // result in all lookups to the whitelist to return true.
560 void WhitelistEverything(SBWhitelistId id) {
561 SBWhitelist* whitelist = SBWhitelistForId(id);
562 whitelist->second = true;
563 whitelist->first.clear();
564 }
565
566 void SwapSBWhitelist(SBWhitelistId id,
567 std::vector<SBFullHash>* new_whitelist) {
568 SBWhitelist* whitelist = SBWhitelistForId(id);
569 whitelist->second = false;
570 whitelist->first.swap(*new_whitelist);
571 }
572
573 void clear_ip_blacklist() { outer_->ip_blacklist_.clear(); }
574
575 void swap_ip_blacklist(IPBlacklist* new_blacklist) {
576 outer_->ip_blacklist_.swap(*new_blacklist);
577 }
578
579 void SwapPrefixSet(PrefixSetId id,
580 scoped_ptr<const PrefixSet> new_prefix_set) {
581 switch (id) {
582 case PrefixSetId::BROWSE:
583 outer_->browse_prefix_set_.swap(new_prefix_set);
584 break;
585 case PrefixSetId::SIDE_EFFECT_FREE_WHITELIST:
586 outer_->side_effect_free_whitelist_prefix_set_.swap(new_prefix_set);
587 break;
588 case PrefixSetId::UNWANTED_SOFTWARE:
589 outer_->unwanted_software_prefix_set_.swap(new_prefix_set);
590 break;
591 }
592 }
593
594 void clear_prefix_gethash_cache() { outer_->prefix_gethash_cache_.clear(); }
595
596 private:
597 // Only ThreadSafeStateManager is allowed to build a WriteTransaction.
598 friend class ThreadSafeStateManager;
599
600 explicit WriteTransaction(ThreadSafeStateManager* outer)
601 : outer_(outer), transaction_lock_(outer_->lock_) {
602 DCHECK(outer_);
603 DCHECK(outer_->db_task_runner_->RunsTasksOnCurrentThread());
604 }
605
606 SBWhitelist* SBWhitelistForId(SBWhitelistId id) {
607 switch (id) {
608 case SBWhitelistId::CSD:
609 return &outer_->csd_whitelist_;
610 case SBWhitelistId::DOWNLOAD:
611 return &outer_->download_whitelist_;
612 case SBWhitelistId::INCLUSION:
613 return &outer_->inclusion_whitelist_;
614 }
615 NOTREACHED();
616 return nullptr;
617 }
618
619 ThreadSafeStateManager* outer_;
620 base::AutoLock transaction_lock_;
621
622 DISALLOW_COPY_AND_ASSIGN(WriteTransaction);
623 };
624
625 SafeBrowsingDatabaseNew::ThreadSafeStateManager::ThreadSafeStateManager(
626 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
627 : db_task_runner_(db_task_runner) {
628 }
629
630 SafeBrowsingDatabaseNew::ThreadSafeStateManager::~ThreadSafeStateManager() {
631 }
632
633 SafeBrowsingDatabaseNew::DatabaseStateManager::DatabaseStateManager(
634 const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner)
635 : db_task_runner_(db_task_runner),
636 corruption_detected_(false),
637 change_detected_(false) {
638 }
639
640 SafeBrowsingDatabaseNew::DatabaseStateManager::~DatabaseStateManager() {
641 }
642
643 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction>
644 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginReadTransaction() {
645 return make_scoped_ptr(
646 new ReadTransaction(this, ReadTransaction::AutoLockRequirement::LOCK));
647 }
648
649 scoped_ptr<SafeBrowsingDatabaseNew::ReadTransaction> SafeBrowsingDatabaseNew::
650 ThreadSafeStateManager::BeginReadTransactionNoLockOnMainTaskRunner() {
651 return make_scoped_ptr(new ReadTransaction(
652 this,
653 ReadTransaction::AutoLockRequirement::DONT_LOCK_ON_MAIN_TASK_RUNNER));
654 }
655
656 scoped_ptr<SafeBrowsingDatabaseNew::WriteTransaction>
657 SafeBrowsingDatabaseNew::ThreadSafeStateManager::BeginWriteTransaction() {
658 return make_scoped_ptr(new WriteTransaction(this));
659 }
660
661 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew(
662 const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
663 SafeBrowsingStore* browse_store,
664 SafeBrowsingStore* download_store,
665 SafeBrowsingStore* csd_whitelist_store,
666 SafeBrowsingStore* download_whitelist_store,
667 SafeBrowsingStore* inclusion_whitelist_store,
668 SafeBrowsingStore* extension_blacklist_store,
669 SafeBrowsingStore* side_effect_free_whitelist_store,
670 SafeBrowsingStore* ip_blacklist_store,
671 SafeBrowsingStore* unwanted_software_store)
672 : db_task_runner_(db_task_runner),
673 state_manager_(db_task_runner_),
674 db_state_manager_(db_task_runner_),
675 browse_store_(browse_store),
676 download_store_(download_store),
677 csd_whitelist_store_(csd_whitelist_store),
678 download_whitelist_store_(download_whitelist_store),
679 inclusion_whitelist_store_(inclusion_whitelist_store),
680 extension_blacklist_store_(extension_blacklist_store),
681 side_effect_free_whitelist_store_(side_effect_free_whitelist_store),
682 ip_blacklist_store_(ip_blacklist_store),
683 unwanted_software_store_(unwanted_software_store),
684 reset_factory_(this) {
685 DCHECK(browse_store_.get());
686 }
687
688 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() {
689 // The DCHECK is disabled due to crbug.com/338486 .
690 // DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
691 }
692
693 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) {
694 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
695
696 db_state_manager_.init_filename_base(filename_base);
697
698 // TODO(shess): The various stores are really only necessary while doing
699 // updates (see |UpdateFinished()|) or when querying a store directly (see
700 // |ContainsDownloadUrl()|).
701 // The store variables are also tested to see if a list is enabled. Perhaps
702 // the stores could be refactored into an update object so that they are only
703 // live in memory while being actively used. The sense of enabled probably
704 // belongs in protocol_manager or database_manager.
705
706 {
707 // NOTE: A transaction here is overkill as there are no pointers to this
708 // class on other threads until this function returns, but it's also
709 // harmless as that also means there is no possibility of contention on the
710 // lock.
711 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
712
713 txn->clear_prefix_gethash_cache();
714
715 browse_store_->Init(
716 BrowseDBFilename(db_state_manager_.filename_base()),
717 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
718 base::Unretained(this)));
719
720 if (unwanted_software_store_.get()) {
721 unwanted_software_store_->Init(
722 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
723 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
724 base::Unretained(this)));
725 }
726 LoadPrefixSet(BrowseDBFilename(db_state_manager_.filename_base()),
727 txn.get(), PrefixSetId::BROWSE,
728 FAILURE_BROWSE_PREFIX_SET_READ);
729 if (unwanted_software_store_.get()) {
730 LoadPrefixSet(
731 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
732 txn.get(), PrefixSetId::UNWANTED_SOFTWARE,
733 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ);
734 }
735
736 if (side_effect_free_whitelist_store_.get()) {
737 const base::FilePath side_effect_free_whitelist_filename =
738 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
739 side_effect_free_whitelist_store_->Init(
740 side_effect_free_whitelist_filename,
741 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
742 base::Unretained(this)));
743
744 LoadPrefixSet(side_effect_free_whitelist_filename, txn.get(),
745 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
746 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ);
747 } else {
748 // Delete any files of the side-effect free sidelist that may be around
749 // from when it was previously enabled.
750 SafeBrowsingStoreFile::DeleteStore(
751 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()));
752 base::DeleteFile(PrefixSetForFilename(SideEffectFreeWhitelistDBFilename(
753 db_state_manager_.filename_base())),
754 false);
755 }
756 }
757 // Note: End the transaction early because LoadWhiteList() and
758 // WhitelistEverything() manage their own transactions.
759
760 if (download_store_.get()) {
761 download_store_->Init(
762 DownloadDBFilename(db_state_manager_.filename_base()),
763 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
764 base::Unretained(this)));
765 }
766
767 if (csd_whitelist_store_.get()) {
768 csd_whitelist_store_->Init(
769 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
770 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
771 base::Unretained(this)));
772
773 std::vector<SBAddFullHash> full_hashes;
774 if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) {
775 LoadWhitelist(full_hashes, SBWhitelistId::CSD);
776 } else {
777 state_manager_.BeginWriteTransaction()->WhitelistEverything(
778 SBWhitelistId::CSD);
779 }
780 } else {
781 state_manager_.BeginWriteTransaction()->WhitelistEverything(
782 SBWhitelistId::CSD); // Just to be safe.
783 }
784
785 if (download_whitelist_store_.get()) {
786 download_whitelist_store_->Init(
787 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
788 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
789 base::Unretained(this)));
790
791 std::vector<SBAddFullHash> full_hashes;
792 if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) {
793 LoadWhitelist(full_hashes, SBWhitelistId::DOWNLOAD);
794 } else {
795 state_manager_.BeginWriteTransaction()->WhitelistEverything(
796 SBWhitelistId::DOWNLOAD);
797 }
798 } else {
799 state_manager_.BeginWriteTransaction()->WhitelistEverything(
800 SBWhitelistId::DOWNLOAD); // Just to be safe.
801 }
802
803 if (inclusion_whitelist_store_.get()) {
804 inclusion_whitelist_store_->Init(
805 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
806 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
807 base::Unretained(this)));
808
809 std::vector<SBAddFullHash> full_hashes;
810 if (inclusion_whitelist_store_->GetAddFullHashes(&full_hashes)) {
811 LoadWhitelist(full_hashes, SBWhitelistId::INCLUSION);
812 } else {
813 state_manager_.BeginWriteTransaction()->WhitelistEverything(
814 SBWhitelistId::INCLUSION);
815 }
816 } else {
817 state_manager_.BeginWriteTransaction()->WhitelistEverything(
818 SBWhitelistId::INCLUSION); // Just to be safe.
819 }
820
821 if (extension_blacklist_store_.get()) {
822 extension_blacklist_store_->Init(
823 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
824 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
825 base::Unretained(this)));
826 }
827
828 if (ip_blacklist_store_.get()) {
829 ip_blacklist_store_->Init(
830 IpBlacklistDBFilename(db_state_manager_.filename_base()),
831 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase,
832 base::Unretained(this)));
833
834 std::vector<SBAddFullHash> full_hashes;
835 if (ip_blacklist_store_->GetAddFullHashes(&full_hashes)) {
836 LoadIpBlacklist(full_hashes);
837 } else {
838 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
839 }
840 }
841 }
842
843 bool SafeBrowsingDatabaseNew::ResetDatabase() {
844 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
845
846 // Delete files on disk.
847 // TODO(shess): Hard to see where one might want to delete without a
848 // reset. Perhaps inline |Delete()|?
849 if (!Delete())
850 return false;
851
852 // Reset objects in memory.
853 scoped_ptr<WriteTransaction> txn = state_manager_.BeginWriteTransaction();
854 txn->clear_prefix_gethash_cache();
855 txn->SwapPrefixSet(PrefixSetId::BROWSE, nullptr);
856 txn->SwapPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST, nullptr);
857 txn->SwapPrefixSet(PrefixSetId::UNWANTED_SOFTWARE, nullptr);
858 txn->clear_ip_blacklist();
859 txn->WhitelistEverything(SBWhitelistId::CSD);
860 txn->WhitelistEverything(SBWhitelistId::DOWNLOAD);
861 return true;
862 }
863
864 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl(
865 const GURL& url,
866 std::vector<SBPrefix>* prefix_hits,
867 std::vector<SBFullHashResult>* cache_hits) {
868 return PrefixSetContainsUrl(url, PrefixSetId::BROWSE, prefix_hits,
869 cache_hits);
870 }
871
872 bool SafeBrowsingDatabaseNew::ContainsUnwantedSoftwareUrl(
873 const GURL& url,
874 std::vector<SBPrefix>* prefix_hits,
875 std::vector<SBFullHashResult>* cache_hits) {
876 return PrefixSetContainsUrl(url, PrefixSetId::UNWANTED_SOFTWARE, prefix_hits,
877 cache_hits);
878 }
879
880 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrl(
881 const GURL& url,
882 PrefixSetId prefix_set_id,
883 std::vector<SBPrefix>* prefix_hits,
884 std::vector<SBFullHashResult>* cache_hits) {
885 // Clear the results first.
886 prefix_hits->clear();
887 cache_hits->clear();
888
889 std::vector<SBFullHash> full_hashes;
890 UrlToFullHashes(url, false, &full_hashes);
891 if (full_hashes.empty())
892 return false;
893
894 return PrefixSetContainsUrlHashes(full_hashes, prefix_set_id, prefix_hits,
895 cache_hits);
896 }
897
898 bool SafeBrowsingDatabaseNew::ContainsBrowseUrlHashesForTesting(
899 const std::vector<SBFullHash>& full_hashes,
900 std::vector<SBPrefix>* prefix_hits,
901 std::vector<SBFullHashResult>* cache_hits) {
902 return PrefixSetContainsUrlHashes(full_hashes, PrefixSetId::BROWSE,
903 prefix_hits, cache_hits);
904 }
905
906 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrlHashes(
907 const std::vector<SBFullHash>& full_hashes,
908 PrefixSetId prefix_set_id,
909 std::vector<SBPrefix>* prefix_hits,
910 std::vector<SBFullHashResult>* cache_hits) {
911 // Used to determine cache expiration.
912 const base::Time now = base::Time::Now();
913
914 {
915 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
916
917 // |prefix_set| is empty until it is either read from disk, or the first
918 // update populates it. Bail out without a hit if not yet available.
919 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
920 if (!prefix_set)
921 return false;
922
923 for (size_t i = 0; i < full_hashes.size(); ++i) {
924 if (!GetCachedFullHash(txn->prefix_gethash_cache(), full_hashes[i], now,
925 cache_hits)) {
926 // No valid cached result, check the database.
927 if (prefix_set->Exists(full_hashes[i]))
928 prefix_hits->push_back(full_hashes[i].prefix);
929 }
930 }
931 }
932
933 // Multiple full hashes could share prefix, remove duplicates.
934 std::sort(prefix_hits->begin(), prefix_hits->end());
935 prefix_hits->erase(std::unique(prefix_hits->begin(), prefix_hits->end()),
936 prefix_hits->end());
937
938 return !prefix_hits->empty() || !cache_hits->empty();
939 }
940
941 bool SafeBrowsingDatabaseNew::ContainsDownloadUrl(
942 const std::vector<GURL>& urls,
943 std::vector<SBPrefix>* prefix_hits) {
944 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
945
946 // Ignore this check when download checking is not enabled.
947 if (!download_store_.get())
948 return false;
949
950 std::vector<SBPrefix> prefixes;
951 GetDownloadUrlPrefixes(urls, &prefixes);
952 return MatchAddPrefixes(download_store_.get(),
953 safe_browsing_util::BINURL % 2,
954 prefixes,
955 prefix_hits);
956 }
957
958 bool SafeBrowsingDatabaseNew::ContainsCsdWhitelistedUrl(const GURL& url) {
959 std::vector<SBFullHash> full_hashes;
960 UrlToFullHashes(url, true, &full_hashes);
961 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
962 }
963
964 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedUrl(const GURL& url) {
965 std::vector<SBFullHash> full_hashes;
966 UrlToFullHashes(url, true, &full_hashes);
967 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, full_hashes);
968 }
969
970 bool SafeBrowsingDatabaseNew::ContainsInclusionWhitelistedUrl(const GURL& url) {
971 std::vector<SBFullHash> full_hashes;
972 UrlToFullHashes(url, true, &full_hashes);
973 return ContainsWhitelistedHashes(SBWhitelistId::INCLUSION, full_hashes);
974 }
975
976 bool SafeBrowsingDatabaseNew::ContainsExtensionPrefixes(
977 const std::vector<SBPrefix>& prefixes,
978 std::vector<SBPrefix>* prefix_hits) {
979 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
980
981 if (!extension_blacklist_store_)
982 return false;
983
984 return MatchAddPrefixes(extension_blacklist_store_.get(),
985 safe_browsing_util::EXTENSIONBLACKLIST % 2,
986 prefixes,
987 prefix_hits);
988 }
989
990 bool SafeBrowsingDatabaseNew::ContainsSideEffectFreeWhitelistUrl(
991 const GURL& url) {
992 std::string host;
993 std::string path;
994 std::string query;
995 safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query);
996 std::string url_to_check = host + path;
997 if (!query.empty())
998 url_to_check += "?" + query;
999 SBFullHash full_hash = SBFullHashForString(url_to_check);
1000
1001 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1002
1003 const PrefixSet* side_effect_free_whitelist_prefix_set =
1004 txn->GetPrefixSet(PrefixSetId::SIDE_EFFECT_FREE_WHITELIST);
1005
1006 // |side_effect_free_whitelist_prefix_set_| is empty until it is either read
1007 // from disk, or the first update populates it. Bail out without a hit if
1008 // not yet available.
1009 if (!side_effect_free_whitelist_prefix_set)
1010 return false;
1011
1012 return side_effect_free_whitelist_prefix_set->Exists(full_hash);
1013 }
1014
1015 bool SafeBrowsingDatabaseNew::ContainsMalwareIP(const std::string& ip_address) {
1016 net::IPAddressNumber ip_number;
1017 if (!net::ParseIPLiteralToNumber(ip_address, &ip_number))
1018 return false;
1019 if (ip_number.size() == net::kIPv4AddressSize)
1020 ip_number = net::ConvertIPv4NumberToIPv6Number(ip_number);
1021 if (ip_number.size() != net::kIPv6AddressSize)
1022 return false; // better safe than sorry.
1023
1024 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1025 const IPBlacklist* ip_blacklist = txn->ip_blacklist();
1026 for (IPBlacklist::const_iterator it = ip_blacklist->begin();
1027 it != ip_blacklist->end(); ++it) {
1028 const std::string& mask = it->first;
1029 DCHECK_EQ(mask.size(), ip_number.size());
1030 std::string subnet(net::kIPv6AddressSize, '\0');
1031 for (size_t i = 0; i < net::kIPv6AddressSize; ++i) {
1032 subnet[i] = ip_number[i] & mask[i];
1033 }
1034 const std::string hash = base::SHA1HashString(subnet);
1035 DVLOG(2) << "Lookup Malware IP: "
1036 << " ip:" << ip_address
1037 << " mask:" << base::HexEncode(mask.data(), mask.size())
1038 << " subnet:" << base::HexEncode(subnet.data(), subnet.size())
1039 << " hash:" << base::HexEncode(hash.data(), hash.size());
1040 if (it->second.count(hash) > 0) {
1041 return true;
1042 }
1043 }
1044 return false;
1045 }
1046
1047 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString(
1048 const std::string& str) {
1049 std::vector<SBFullHash> hashes;
1050 hashes.push_back(SBFullHashForString(str));
1051 return ContainsWhitelistedHashes(SBWhitelistId::DOWNLOAD, hashes);
1052 }
1053
1054 bool SafeBrowsingDatabaseNew::ContainsWhitelistedHashes(
1055 SBWhitelistId whitelist_id,
1056 const std::vector<SBFullHash>& hashes) {
1057 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1058 const SBWhitelist* whitelist = txn->GetSBWhitelist(whitelist_id);
1059 if (whitelist->second)
1060 return true;
1061 for (std::vector<SBFullHash>::const_iterator it = hashes.begin();
1062 it != hashes.end(); ++it) {
1063 if (std::binary_search(whitelist->first.begin(), whitelist->first.end(),
1064 *it, SBFullHashLess)) {
1065 return true;
1066 }
1067 }
1068 return false;
1069 }
1070
1071 // Helper to insert add-chunk entries.
1072 void SafeBrowsingDatabaseNew::InsertAddChunk(
1073 SafeBrowsingStore* store,
1074 const safe_browsing_util::ListType list_id,
1075 const SBChunkData& chunk_data) {
1076 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1077 DCHECK(store);
1078
1079 // The server can give us a chunk that we already have because
1080 // it's part of a range. Don't add it again.
1081 const int chunk_id = chunk_data.ChunkNumber();
1082 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1083 if (store->CheckAddChunk(encoded_chunk_id))
1084 return;
1085
1086 store->SetAddChunk(encoded_chunk_id);
1087 if (chunk_data.IsPrefix()) {
1088 const size_t c = chunk_data.PrefixCount();
1089 for (size_t i = 0; i < c; ++i) {
1090 store->WriteAddPrefix(encoded_chunk_id, chunk_data.PrefixAt(i));
1091 }
1092 } else {
1093 const size_t c = chunk_data.FullHashCount();
1094 for (size_t i = 0; i < c; ++i) {
1095 store->WriteAddHash(encoded_chunk_id, chunk_data.FullHashAt(i));
1096 }
1097 }
1098 }
1099
1100 // Helper to insert sub-chunk entries.
1101 void SafeBrowsingDatabaseNew::InsertSubChunk(
1102 SafeBrowsingStore* store,
1103 const safe_browsing_util::ListType list_id,
1104 const SBChunkData& chunk_data) {
1105 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1106 DCHECK(store);
1107
1108 // The server can give us a chunk that we already have because
1109 // it's part of a range. Don't add it again.
1110 const int chunk_id = chunk_data.ChunkNumber();
1111 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id);
1112 if (store->CheckSubChunk(encoded_chunk_id))
1113 return;
1114
1115 store->SetSubChunk(encoded_chunk_id);
1116 if (chunk_data.IsPrefix()) {
1117 const size_t c = chunk_data.PrefixCount();
1118 for (size_t i = 0; i < c; ++i) {
1119 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1120 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1121 store->WriteSubPrefix(encoded_chunk_id, encoded_add_chunk_id,
1122 chunk_data.PrefixAt(i));
1123 }
1124 } else {
1125 const size_t c = chunk_data.FullHashCount();
1126 for (size_t i = 0; i < c; ++i) {
1127 const int add_chunk_id = chunk_data.AddChunkNumberAt(i);
1128 const int encoded_add_chunk_id = EncodeChunkId(add_chunk_id, list_id);
1129 store->WriteSubHash(encoded_chunk_id, encoded_add_chunk_id,
1130 chunk_data.FullHashAt(i));
1131 }
1132 }
1133 }
1134
1135 void SafeBrowsingDatabaseNew::InsertChunks(
1136 const std::string& list_name,
1137 const std::vector<SBChunkData*>& chunks) {
1138 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1139
1140 if (db_state_manager_.corruption_detected() || chunks.empty())
1141 return;
1142
1143 const base::TimeTicks before = base::TimeTicks::Now();
1144
1145 // TODO(shess): The caller should just pass list_id.
1146 const safe_browsing_util::ListType list_id =
1147 safe_browsing_util::GetListId(list_name);
1148
1149 SafeBrowsingStore* store = GetStore(list_id);
1150 if (!store) return;
1151
1152 db_state_manager_.set_change_detected();
1153
1154 // TODO(shess): I believe that the list is always add or sub. Can this use
1155 // that productively?
1156 store->BeginChunk();
1157 for (size_t i = 0; i < chunks.size(); ++i) {
1158 if (chunks[i]->IsAdd()) {
1159 InsertAddChunk(store, list_id, *chunks[i]);
1160 } else if (chunks[i]->IsSub()) {
1161 InsertSubChunk(store, list_id, *chunks[i]);
1162 } else {
1163 NOTREACHED();
1164 }
1165 }
1166 store->FinishChunk();
1167
1168 UMA_HISTOGRAM_TIMES("SB2.ChunkInsert", base::TimeTicks::Now() - before);
1169 }
1170
1171 void SafeBrowsingDatabaseNew::DeleteChunks(
1172 const std::vector<SBChunkDelete>& chunk_deletes) {
1173 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1174
1175 if (db_state_manager_.corruption_detected() || chunk_deletes.empty())
1176 return;
1177
1178 const std::string& list_name = chunk_deletes.front().list_name;
1179 const safe_browsing_util::ListType list_id =
1180 safe_browsing_util::GetListId(list_name);
1181
1182 SafeBrowsingStore* store = GetStore(list_id);
1183 if (!store) return;
1184
1185 db_state_manager_.set_change_detected();
1186
1187 for (size_t i = 0; i < chunk_deletes.size(); ++i) {
1188 std::vector<int> chunk_numbers;
1189 RangesToChunks(chunk_deletes[i].chunk_del, &chunk_numbers);
1190 for (size_t j = 0; j < chunk_numbers.size(); ++j) {
1191 const int encoded_chunk_id = EncodeChunkId(chunk_numbers[j], list_id);
1192 if (chunk_deletes[i].is_sub_del)
1193 store->DeleteSubChunk(encoded_chunk_id);
1194 else
1195 store->DeleteAddChunk(encoded_chunk_id);
1196 }
1197 }
1198 }
1199
1200 void SafeBrowsingDatabaseNew::CacheHashResults(
1201 const std::vector<SBPrefix>& prefixes,
1202 const std::vector<SBFullHashResult>& full_hits,
1203 const base::TimeDelta& cache_lifetime) {
1204 const base::Time expire_after = base::Time::Now() + cache_lifetime;
1205
1206 scoped_ptr<ReadTransaction> txn = state_manager_.BeginReadTransaction();
1207 PrefixGetHashCache* prefix_gethash_cache = txn->prefix_gethash_cache();
1208
1209 // Create or reset all cached results for these prefixes.
1210 for (size_t i = 0; i < prefixes.size(); ++i) {
1211 (*prefix_gethash_cache)[prefixes[i]] = SBCachedFullHashResult(expire_after);
1212 }
1213
1214 // Insert any fullhash hits. Note that there may be one, multiple, or no
1215 // fullhashes for any given entry in |prefixes|.
1216 for (size_t i = 0; i < full_hits.size(); ++i) {
1217 const SBPrefix prefix = full_hits[i].hash.prefix;
1218 (*prefix_gethash_cache)[prefix].full_hashes.push_back(full_hits[i]);
1219 }
1220 }
1221
1222 bool SafeBrowsingDatabaseNew::UpdateStarted(
1223 std::vector<SBListChunkRanges>* lists) {
1224 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1225 DCHECK(lists);
1226
1227 // If |BeginUpdate()| fails, reset the database.
1228 if (!browse_store_->BeginUpdate()) {
1229 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_BEGIN);
1230 HandleCorruptDatabase();
1231 return false;
1232 }
1233
1234 if (download_store_.get() && !download_store_->BeginUpdate()) {
1235 RecordFailure(FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN);
1236 HandleCorruptDatabase();
1237 return false;
1238 }
1239
1240 if (csd_whitelist_store_.get() && !csd_whitelist_store_->BeginUpdate()) {
1241 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1242 HandleCorruptDatabase();
1243 return false;
1244 }
1245
1246 if (download_whitelist_store_.get() &&
1247 !download_whitelist_store_->BeginUpdate()) {
1248 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1249 HandleCorruptDatabase();
1250 return false;
1251 }
1252
1253 if (inclusion_whitelist_store_.get() &&
1254 !inclusion_whitelist_store_->BeginUpdate()) {
1255 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN);
1256 HandleCorruptDatabase();
1257 return false;
1258 }
1259
1260 if (extension_blacklist_store_ &&
1261 !extension_blacklist_store_->BeginUpdate()) {
1262 RecordFailure(FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN);
1263 HandleCorruptDatabase();
1264 return false;
1265 }
1266
1267 if (side_effect_free_whitelist_store_ &&
1268 !side_effect_free_whitelist_store_->BeginUpdate()) {
1269 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN);
1270 HandleCorruptDatabase();
1271 return false;
1272 }
1273
1274 if (ip_blacklist_store_ && !ip_blacklist_store_->BeginUpdate()) {
1275 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_BEGIN);
1276 HandleCorruptDatabase();
1277 return false;
1278 }
1279
1280 if (unwanted_software_store_ && !unwanted_software_store_->BeginUpdate()) {
1281 RecordFailure(FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN);
1282 HandleCorruptDatabase();
1283 return false;
1284 }
1285
1286 // Cached fullhash results must be cleared on every database update (whether
1287 // successful or not).
1288 state_manager_.BeginWriteTransaction()->clear_prefix_gethash_cache();
1289
1290 UpdateChunkRangesForLists(browse_store_.get(),
1291 safe_browsing_util::kMalwareList,
1292 safe_browsing_util::kPhishingList,
1293 lists);
1294
1295 // NOTE(shess): |download_store_| used to contain kBinHashList, which has been
1296 // deprecated. Code to delete the list from the store shows ~15k hits/day as
1297 // of Feb 2014, so it has been removed. Everything _should_ be resilient to
1298 // extra data of that sort.
1299 UpdateChunkRangesForList(download_store_.get(),
1300 safe_browsing_util::kBinUrlList, lists);
1301
1302 UpdateChunkRangesForList(csd_whitelist_store_.get(),
1303 safe_browsing_util::kCsdWhiteList, lists);
1304
1305 UpdateChunkRangesForList(download_whitelist_store_.get(),
1306 safe_browsing_util::kDownloadWhiteList, lists);
1307
1308 UpdateChunkRangesForList(inclusion_whitelist_store_.get(),
1309 safe_browsing_util::kInclusionWhitelist, lists);
1310
1311 UpdateChunkRangesForList(extension_blacklist_store_.get(),
1312 safe_browsing_util::kExtensionBlacklist, lists);
1313
1314 UpdateChunkRangesForList(side_effect_free_whitelist_store_.get(),
1315 safe_browsing_util::kSideEffectFreeWhitelist, lists);
1316
1317 UpdateChunkRangesForList(ip_blacklist_store_.get(),
1318 safe_browsing_util::kIPBlacklist, lists);
1319
1320 UpdateChunkRangesForList(unwanted_software_store_.get(),
1321 safe_browsing_util::kUnwantedUrlList,
1322 lists);
1323
1324 db_state_manager_.reset_corruption_detected();
1325 db_state_manager_.reset_change_detected();
1326 return true;
1327 }
1328
1329 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) {
1330 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1331
1332 // The update may have failed due to corrupt storage (for instance,
1333 // an excessive number of invalid add_chunks and sub_chunks).
1334 // Double-check that the databases are valid.
1335 // TODO(shess): Providing a checksum for the add_chunk and sub_chunk
1336 // sections would allow throwing a corruption error in
1337 // UpdateStarted().
1338 if (!update_succeeded) {
1339 if (!browse_store_->CheckValidity())
1340 DLOG(ERROR) << "Safe-browsing browse database corrupt.";
1341
1342 if (download_store_.get() && !download_store_->CheckValidity())
1343 DLOG(ERROR) << "Safe-browsing download database corrupt.";
1344
1345 if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity())
1346 DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt.";
1347
1348 if (download_whitelist_store_.get() &&
1349 !download_whitelist_store_->CheckValidity()) {
1350 DLOG(ERROR) << "Safe-browsing download whitelist database corrupt.";
1351 }
1352
1353 if (inclusion_whitelist_store_.get() &&
1354 !inclusion_whitelist_store_->CheckValidity()) {
1355 DLOG(ERROR) << "Safe-browsing inclusion whitelist database corrupt.";
1356 }
1357
1358 if (extension_blacklist_store_ &&
1359 !extension_blacklist_store_->CheckValidity()) {
1360 DLOG(ERROR) << "Safe-browsing extension blacklist database corrupt.";
1361 }
1362
1363 if (side_effect_free_whitelist_store_ &&
1364 !side_effect_free_whitelist_store_->CheckValidity()) {
1365 DLOG(ERROR) << "Safe-browsing side-effect free whitelist database "
1366 << "corrupt.";
1367 }
1368
1369 if (ip_blacklist_store_ && !ip_blacklist_store_->CheckValidity()) {
1370 DLOG(ERROR) << "Safe-browsing IP blacklist database corrupt.";
1371 }
1372
1373 if (unwanted_software_store_ &&
1374 !unwanted_software_store_->CheckValidity()) {
1375 DLOG(ERROR) << "Unwanted software url list database corrupt.";
1376 }
1377 }
1378
1379 if (db_state_manager_.corruption_detected())
1380 return;
1381
1382 // Unroll the transaction if there was a protocol error or if the
1383 // transaction was empty. This will leave the prefix set, the
1384 // pending hashes, and the prefix miss cache in place.
1385 if (!update_succeeded || !db_state_manager_.change_detected()) {
1386 // Track empty updates to answer questions at http://crbug.com/72216 .
1387 if (update_succeeded && !db_state_manager_.change_detected())
1388 UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0);
1389 browse_store_->CancelUpdate();
1390 if (download_store_.get())
1391 download_store_->CancelUpdate();
1392 if (csd_whitelist_store_.get())
1393 csd_whitelist_store_->CancelUpdate();
1394 if (download_whitelist_store_.get())
1395 download_whitelist_store_->CancelUpdate();
1396 if (inclusion_whitelist_store_.get())
1397 inclusion_whitelist_store_->CancelUpdate();
1398 if (extension_blacklist_store_)
1399 extension_blacklist_store_->CancelUpdate();
1400 if (side_effect_free_whitelist_store_)
1401 side_effect_free_whitelist_store_->CancelUpdate();
1402 if (ip_blacklist_store_)
1403 ip_blacklist_store_->CancelUpdate();
1404 if (unwanted_software_store_)
1405 unwanted_software_store_->CancelUpdate();
1406 return;
1407 }
1408
1409 if (download_store_) {
1410 UpdateHashPrefixStore(DownloadDBFilename(db_state_manager_.filename_base()),
1411 download_store_.get(),
1412 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH);
1413 }
1414
1415 UpdatePrefixSetUrlStore(BrowseDBFilename(db_state_manager_.filename_base()),
1416 browse_store_.get(), PrefixSetId::BROWSE,
1417 FAILURE_BROWSE_DATABASE_UPDATE_FINISH,
1418 FAILURE_BROWSE_PREFIX_SET_WRITE, true);
1419
1420 UpdateWhitelistStore(
1421 CsdWhitelistDBFilename(db_state_manager_.filename_base()),
1422 csd_whitelist_store_.get(), SBWhitelistId::CSD);
1423 UpdateWhitelistStore(
1424 DownloadWhitelistDBFilename(db_state_manager_.filename_base()),
1425 download_whitelist_store_.get(), SBWhitelistId::DOWNLOAD);
1426 UpdateWhitelistStore(
1427 InclusionWhitelistDBFilename(db_state_manager_.filename_base()),
1428 inclusion_whitelist_store_.get(), SBWhitelistId::INCLUSION);
1429
1430 if (extension_blacklist_store_) {
1431 UpdateHashPrefixStore(
1432 ExtensionBlacklistDBFilename(db_state_manager_.filename_base()),
1433 extension_blacklist_store_.get(),
1434 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH);
1435 }
1436
1437 if (side_effect_free_whitelist_store_) {
1438 UpdatePrefixSetUrlStore(
1439 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base()),
1440 side_effect_free_whitelist_store_.get(),
1441 PrefixSetId::SIDE_EFFECT_FREE_WHITELIST,
1442 FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH,
1443 FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE, false);
1444 }
1445
1446 if (ip_blacklist_store_)
1447 UpdateIpBlacklistStore();
1448
1449 if (unwanted_software_store_) {
1450 UpdatePrefixSetUrlStore(
1451 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()),
1452 unwanted_software_store_.get(), PrefixSetId::UNWANTED_SOFTWARE,
1453 FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH,
1454 FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE, true);
1455 }
1456 }
1457
1458 void SafeBrowsingDatabaseNew::UpdateWhitelistStore(
1459 const base::FilePath& store_filename,
1460 SafeBrowsingStore* store,
1461 SBWhitelistId whitelist_id) {
1462 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1463
1464 if (!store)
1465 return;
1466
1467 // Note: |builder| will not be empty. The current data store implementation
1468 // stores all full-length hashes as both full and prefix hashes.
1469 PrefixSetBuilder builder;
1470 std::vector<SBAddFullHash> full_hashes;
1471 if (!store->FinishUpdate(&builder, &full_hashes)) {
1472 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH);
1473 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1474 return;
1475 }
1476
1477 RecordFileSizeHistogram(store_filename);
1478
1479 #if defined(OS_MACOSX)
1480 base::mac::SetFileBackupExclusion(store_filename);
1481 #endif
1482
1483 LoadWhitelist(full_hashes, whitelist_id);
1484 }
1485
1486 void SafeBrowsingDatabaseNew::UpdateHashPrefixStore(
1487 const base::FilePath& store_filename,
1488 SafeBrowsingStore* store,
1489 FailureType failure_type) {
1490 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1491
1492 // These results are not used after this call. Simply ignore the
1493 // returned value after FinishUpdate(...).
1494 PrefixSetBuilder builder;
1495 std::vector<SBAddFullHash> add_full_hashes_result;
1496
1497 if (!store->FinishUpdate(&builder, &add_full_hashes_result))
1498 RecordFailure(failure_type);
1499
1500 RecordFileSizeHistogram(store_filename);
1501
1502 #if defined(OS_MACOSX)
1503 base::mac::SetFileBackupExclusion(store_filename);
1504 #endif
1505 }
1506
1507 void SafeBrowsingDatabaseNew::UpdatePrefixSetUrlStore(
1508 const base::FilePath& db_filename,
1509 SafeBrowsingStore* url_store,
1510 PrefixSetId prefix_set_id,
1511 FailureType finish_failure_type,
1512 FailureType write_failure_type,
1513 bool store_full_hashes_in_prefix_set) {
1514 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1515 DCHECK(url_store);
1516
1517 // Measure the amount of IO during the filter build.
1518 base::IoCounters io_before, io_after;
1519 base::ProcessHandle handle = base::GetCurrentProcessHandle();
1520 scoped_ptr<base::ProcessMetrics> metric(
1521 #if !defined(OS_MACOSX)
1522 base::ProcessMetrics::CreateProcessMetrics(handle)
1523 #else
1524 // Getting stats only for the current process is enough, so NULL is fine.
1525 base::ProcessMetrics::CreateProcessMetrics(handle, NULL)
1526 #endif
1527 );
1528
1529 // IoCounters are currently not supported on Mac, and may not be
1530 // available for Linux, so we check the result and only show IO
1531 // stats if they are available.
1532 const bool got_counters = metric->GetIOCounters(&io_before);
1533
1534 const base::TimeTicks before = base::TimeTicks::Now();
1535
1536 // TODO(shess): Perhaps refactor to let builder accumulate full hashes on the
1537 // fly? Other clients use the SBAddFullHash vector, but AFAICT they only use
1538 // the SBFullHash portion. It would need an accessor on PrefixSet.
1539 PrefixSetBuilder builder;
1540 std::vector<SBAddFullHash> add_full_hashes;
1541 if (!url_store->FinishUpdate(&builder, &add_full_hashes)) {
1542 RecordFailure(finish_failure_type);
1543 return;
1544 }
1545
1546 scoped_ptr<const PrefixSet> new_prefix_set;
1547 if (store_full_hashes_in_prefix_set) {
1548 std::vector<SBFullHash> full_hash_results;
1549 for (size_t i = 0; i < add_full_hashes.size(); ++i) {
1550 full_hash_results.push_back(add_full_hashes[i].full_hash);
1551 }
1552
1553 new_prefix_set = builder.GetPrefixSet(full_hash_results);
1554 } else {
1555 // TODO(gab): Ensure that stores which do not want full hashes just don't
1556 // have full hashes in the first place and remove
1557 // |store_full_hashes_in_prefix_set| and the code specialization incurred
1558 // here.
1559 new_prefix_set = builder.GetPrefixSetNoHashes();
1560 }
1561
1562 // Swap in the newly built filter.
1563 state_manager_.BeginWriteTransaction()->SwapPrefixSet(prefix_set_id,
1564 new_prefix_set.Pass());
1565
1566 UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before);
1567
1568 WritePrefixSet(db_filename, prefix_set_id, write_failure_type);
1569
1570 // Gather statistics.
1571 if (got_counters && metric->GetIOCounters(&io_after)) {
1572 UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes",
1573 static_cast<int>(io_after.ReadTransferCount -
1574 io_before.ReadTransferCount) / 1024);
1575 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes",
1576 static_cast<int>(io_after.WriteTransferCount -
1577 io_before.WriteTransferCount) / 1024);
1578 UMA_HISTOGRAM_COUNTS("SB2.BuildReadOperations",
1579 static_cast<int>(io_after.ReadOperationCount -
1580 io_before.ReadOperationCount));
1581 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteOperations",
1582 static_cast<int>(io_after.WriteOperationCount -
1583 io_before.WriteOperationCount));
1584 }
1585
1586 RecordFileSizeHistogram(db_filename);
1587
1588 #if defined(OS_MACOSX)
1589 base::mac::SetFileBackupExclusion(db_filename);
1590 #endif
1591 }
1592
1593 void SafeBrowsingDatabaseNew::UpdateIpBlacklistStore() {
1594 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1595
1596 // Note: prefixes will not be empty. The current data store implementation
1597 // stores all full-length hashes as both full and prefix hashes.
1598 PrefixSetBuilder builder;
1599 std::vector<SBAddFullHash> full_hashes;
1600 if (!ip_blacklist_store_->FinishUpdate(&builder, &full_hashes)) {
1601 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_FINISH);
1602 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list.
1603 return;
1604 }
1605
1606 const base::FilePath ip_blacklist_filename =
1607 IpBlacklistDBFilename(db_state_manager_.filename_base());
1608
1609 RecordFileSizeHistogram(ip_blacklist_filename);
1610
1611 #if defined(OS_MACOSX)
1612 base::mac::SetFileBackupExclusion(ip_blacklist_filename);
1613 #endif
1614
1615 LoadIpBlacklist(full_hashes);
1616 }
1617
1618 void SafeBrowsingDatabaseNew::HandleCorruptDatabase() {
1619 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1620
1621 // Reset the database after the current task has unwound (but only
1622 // reset once within the scope of a given task).
1623 if (!reset_factory_.HasWeakPtrs()) {
1624 RecordFailure(FAILURE_DATABASE_CORRUPT);
1625 db_task_runner_->PostTask(
1626 FROM_HERE, base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase,
1627 reset_factory_.GetWeakPtr()));
1628 }
1629 }
1630
1631 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() {
1632 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1633
1634 RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER);
1635 db_state_manager_.set_corruption_detected(); // Stop updating the database.
1636 ResetDatabase();
1637
1638 // NOTE(shess): ResetDatabase() should remove the corruption, so this should
1639 // only happen once. If you are here because you are hitting this after a
1640 // restart, then I would be very interested in working with you to figure out
1641 // what is happening, since it may affect real users.
1642 DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
1643 }
1644
1645 // TODO(shess): I'm not clear why this code doesn't have any
1646 // real error-handling.
1647 void SafeBrowsingDatabaseNew::LoadPrefixSet(const base::FilePath& db_filename,
1648 WriteTransaction* txn,
1649 PrefixSetId prefix_set_id,
1650 FailureType read_failure_type) {
1651 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1652 DCHECK(txn);
1653 DCHECK(!db_state_manager_.filename_base().empty());
1654
1655 // Only use the prefix set if database is present and non-empty.
1656 if (!GetFileSizeOrZero(db_filename))
1657 return;
1658
1659 // Cleanup any stale bloom filter (no longer used).
1660 // TODO(shess): Track existence to drive removal of this code?
1661 const base::FilePath bloom_filter_filename =
1662 BloomFilterForFilename(db_filename);
1663 base::DeleteFile(bloom_filter_filename, false);
1664
1665 const base::TimeTicks before = base::TimeTicks::Now();
1666 scoped_ptr<const PrefixSet> new_prefix_set =
1667 PrefixSet::LoadFile(PrefixSetForFilename(db_filename));
1668 if (!new_prefix_set.get())
1669 RecordFailure(read_failure_type);
1670 txn->SwapPrefixSet(prefix_set_id, new_prefix_set.Pass());
1671 UMA_HISTOGRAM_TIMES("SB2.PrefixSetLoad", base::TimeTicks::Now() - before);
1672 }
1673
1674 bool SafeBrowsingDatabaseNew::Delete() {
1675 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1676 DCHECK(!db_state_manager_.filename_base().empty());
1677
1678 // TODO(shess): This is a mess. SafeBrowsingFileStore::Delete() closes the
1679 // store before calling DeleteStore(). DeleteStore() deletes transient files
1680 // in addition to the main file. Probably all of these should be converted to
1681 // a helper which calls Delete() if the store exists, else DeleteStore() on
1682 // the generated filename.
1683
1684 // TODO(shess): Determine if the histograms are useful in any way. I cannot
1685 // recall any action taken as a result of their values, in which case it might
1686 // make more sense to histogram an overall thumbs-up/-down and just dig deeper
1687 // if something looks wrong.
1688
1689 const bool r1 = browse_store_->Delete();
1690 if (!r1)
1691 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1692
1693 const bool r2 = download_store_.get() ? download_store_->Delete() : true;
1694 if (!r2)
1695 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1696
1697 const bool r3 = csd_whitelist_store_.get() ?
1698 csd_whitelist_store_->Delete() : true;
1699 if (!r3)
1700 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1701
1702 const bool r4 = download_whitelist_store_.get() ?
1703 download_whitelist_store_->Delete() : true;
1704 if (!r4)
1705 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1706
1707 const bool r5 = inclusion_whitelist_store_.get() ?
1708 inclusion_whitelist_store_->Delete() : true;
1709 if (!r5)
1710 RecordFailure(FAILURE_DATABASE_STORE_DELETE);
1711
1712 const base::FilePath browse_filename =
1713 BrowseDBFilename(db_state_manager_.filename_base());
1714 const base::FilePath bloom_filter_filename =
1715 BloomFilterForFilename(browse_filename);
1716 const bool r6 = base::DeleteFile(bloom_filter_filename, false);
1717 if (!r6)
1718 RecordFailure(FAILURE_DATABASE_FILTER_DELETE);
1719
1720 const base::FilePath browse_prefix_set_filename =
1721 PrefixSetForFilename(browse_filename);
1722 const bool r7 = base::DeleteFile(browse_prefix_set_filename, false);
1723 if (!r7)
1724 RecordFailure(FAILURE_BROWSE_PREFIX_SET_DELETE);
1725
1726 const base::FilePath extension_blacklist_filename =
1727 ExtensionBlacklistDBFilename(db_state_manager_.filename_base());
1728 const bool r8 = base::DeleteFile(extension_blacklist_filename, false);
1729 if (!r8)
1730 RecordFailure(FAILURE_EXTENSION_BLACKLIST_DELETE);
1731
1732 const base::FilePath side_effect_free_whitelist_filename =
1733 SideEffectFreeWhitelistDBFilename(db_state_manager_.filename_base());
1734 const bool r9 = base::DeleteFile(side_effect_free_whitelist_filename,
1735 false);
1736 if (!r9)
1737 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE);
1738
1739 const base::FilePath side_effect_free_whitelist_prefix_set_filename =
1740 PrefixSetForFilename(side_effect_free_whitelist_filename);
1741 const bool r10 = base::DeleteFile(
1742 side_effect_free_whitelist_prefix_set_filename,
1743 false);
1744 if (!r10)
1745 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE);
1746
1747 const bool r11 = base::DeleteFile(
1748 IpBlacklistDBFilename(db_state_manager_.filename_base()), false);
1749 if (!r11)
1750 RecordFailure(FAILURE_IP_BLACKLIST_DELETE);
1751
1752 const bool r12 = base::DeleteFile(
1753 UnwantedSoftwareDBFilename(db_state_manager_.filename_base()), false);
1754 if (!r12)
1755 RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
1756
1757 return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10 && r11 &&
1758 r12;
1759 }
1760
1761 void SafeBrowsingDatabaseNew::WritePrefixSet(const base::FilePath& db_filename,
1762 PrefixSetId prefix_set_id,
1763 FailureType write_failure_type) {
1764 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1765
1766 // Do not grab the lock to avoid contention while writing to disk. This is
1767 // safe as only this task runner can ever modify |state_manager_|'s prefix
1768 // sets anyways.
1769 scoped_ptr<ReadTransaction> txn =
1770 state_manager_.BeginReadTransactionNoLockOnMainTaskRunner();
1771 const PrefixSet* prefix_set = txn->GetPrefixSet(prefix_set_id);
1772
1773 if (!prefix_set)
1774 return;
1775
1776 const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
1777
1778 const base::TimeTicks before = base::TimeTicks::Now();
1779 const bool write_ok = prefix_set->WriteFile(prefix_set_filename);
1780 UMA_HISTOGRAM_TIMES("SB2.PrefixSetWrite", base::TimeTicks::Now() - before);
1781
1782 RecordFileSizeHistogram(prefix_set_filename);
1783
1784 if (!write_ok)
1785 RecordFailure(write_failure_type);
1786
1787 #if defined(OS_MACOSX)
1788 base::mac::SetFileBackupExclusion(prefix_set_filename);
1789 #endif
1790 }
1791
1792 void SafeBrowsingDatabaseNew::LoadWhitelist(
1793 const std::vector<SBAddFullHash>& full_hashes,
1794 SBWhitelistId whitelist_id) {
1795 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1796
1797 if (full_hashes.size() > kMaxWhitelistSize) {
1798 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1799 return;
1800 }
1801
1802 std::vector<SBFullHash> new_whitelist;
1803 new_whitelist.reserve(full_hashes.size());
1804 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1805 it != full_hashes.end(); ++it) {
1806 new_whitelist.push_back(it->full_hash);
1807 }
1808 std::sort(new_whitelist.begin(), new_whitelist.end(), SBFullHashLess);
1809
1810 SBFullHash kill_switch = SBFullHashForString(kWhitelistKillSwitchUrl);
1811 if (std::binary_search(new_whitelist.begin(), new_whitelist.end(),
1812 kill_switch, SBFullHashLess)) {
1813 // The kill switch is whitelisted hence we whitelist all URLs.
1814 state_manager_.BeginWriteTransaction()->WhitelistEverything(whitelist_id);
1815 } else {
1816 state_manager_.BeginWriteTransaction()->SwapSBWhitelist(whitelist_id,
1817 &new_whitelist);
1818 }
1819 }
1820
1821 void SafeBrowsingDatabaseNew::LoadIpBlacklist(
1822 const std::vector<SBAddFullHash>& full_hashes) {
1823 DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
1824
1825 IPBlacklist new_blacklist;
1826 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin();
1827 it != full_hashes.end();
1828 ++it) {
1829 const char* full_hash = it->full_hash.full_hash;
1830 DCHECK_EQ(crypto::kSHA256Length, arraysize(it->full_hash.full_hash));
1831 // The format of the IP blacklist is:
1832 // SHA-1(IPv6 prefix) + uint8(prefix size) + 11 unused bytes.
1833 std::string hashed_ip_prefix(full_hash, base::kSHA1Length);
1834 size_t prefix_size = static_cast<uint8>(full_hash[base::kSHA1Length]);
1835 if (prefix_size > kMaxIpPrefixSize || prefix_size < kMinIpPrefixSize) {
1836 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_INVALID);
1837 new_blacklist.clear(); // Load empty blacklist.
1838 break;
1839 }
1840
1841 // We precompute the mask for the given subnet size to speed up lookups.
1842 // Basically we need to create a 16B long string which has the highest
1843 // |size| bits sets to one.
1844 std::string mask(net::kIPv6AddressSize, '\0');
1845 mask.replace(0, prefix_size / 8, prefix_size / 8, '\xFF');
1846 if ((prefix_size % 8) != 0) {
1847 mask[prefix_size / 8] = 0xFF << (8 - (prefix_size % 8));
1848 }
1849 DVLOG(2) << "Inserting malicious IP: "
1850 << " raw:" << base::HexEncode(full_hash, crypto::kSHA256Length)
1851 << " mask:" << base::HexEncode(mask.data(), mask.size())
1852 << " prefix_size:" << prefix_size
1853 << " hashed_ip:" << base::HexEncode(hashed_ip_prefix.data(),
1854 hashed_ip_prefix.size());
1855 new_blacklist[mask].insert(hashed_ip_prefix);
1856 }
1857
1858 state_manager_.BeginWriteTransaction()->swap_ip_blacklist(&new_blacklist);
1859 }
1860
1861 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() {
1862 SBFullHash malware_kill_switch = SBFullHashForString(kMalwareIPKillSwitchUrl);
1863 std::vector<SBFullHash> full_hashes;
1864 full_hashes.push_back(malware_kill_switch);
1865 return ContainsWhitelistedHashes(SBWhitelistId::CSD, full_hashes);
1866 }
1867
1868 bool SafeBrowsingDatabaseNew::IsCsdWhitelistKillSwitchOn() {
1869 return state_manager_.BeginReadTransaction()
1870 ->GetSBWhitelist(SBWhitelistId::CSD)
1871 ->second;
1872 }
1873
1874 SafeBrowsingDatabaseNew::PrefixGetHashCache*
1875 SafeBrowsingDatabaseNew::GetUnsynchronizedPrefixGetHashCacheForTesting() {
1876 return state_manager_.BeginReadTransaction()->prefix_gethash_cache();
1877 }
1878
1879 void SafeBrowsingDatabaseNew::RecordFileSizeHistogram(
1880 const base::FilePath& file_path) {
1881 const int64 file_size = GetFileSizeOrZero(file_path);
1882 const int file_size_kilobytes = static_cast<int>(file_size / 1024);
1883
1884 base::FilePath::StringType filename = file_path.BaseName().value();
1885
1886 // Default to logging DB sizes unless |file_path| points at PrefixSet storage.
1887 std::string histogram_name("SB2.DatabaseSizeKilobytes");
1888 if (EndsWith(filename, kPrefixSetFileSuffix, true)) {
1889 histogram_name = "SB2.PrefixSetSizeKilobytes";
1890 // Clear the PrefixSet suffix to have the histogram suffix selector below
1891 // work the same for PrefixSet-based storage as it does for simple safe
1892 // browsing stores.
1893 // The size of the kPrefixSetFileSuffix is the size of its array minus 1 as
1894 // the array includes the terminating '\0'.
1895 const size_t kPrefixSetSuffixSize = arraysize(kPrefixSetFileSuffix) - 1;
1896 filename.erase(filename.size() - kPrefixSetSuffixSize);
1897 }
1898
1899 // Changes to histogram suffixes below need to be mirrored in the
1900 // SafeBrowsingLists suffix enum in histograms.xml.
1901 if (EndsWith(filename, kBrowseDBFile, true))
1902 histogram_name.append(".Browse");
1903 else if (EndsWith(filename, kDownloadDBFile, true))
1904 histogram_name.append(".Download");
1905 else if (EndsWith(filename, kCsdWhitelistDBFile, true))
1906 histogram_name.append(".CsdWhitelist");
1907 else if (EndsWith(filename, kDownloadWhitelistDBFile, true))
1908 histogram_name.append(".DownloadWhitelist");
1909 else if (EndsWith(filename, kInclusionWhitelistDBFile, true))
1910 histogram_name.append(".InclusionWhitelist");
1911 else if (EndsWith(filename, kExtensionBlacklistDBFile, true))
1912 histogram_name.append(".ExtensionBlacklist");
1913 else if (EndsWith(filename, kSideEffectFreeWhitelistDBFile, true))
1914 histogram_name.append(".SideEffectFreeWhitelist");
1915 else if (EndsWith(filename, kIPBlacklistDBFile, true))
1916 histogram_name.append(".IPBlacklist");
1917 else if (EndsWith(filename, kUnwantedSoftwareDBFile, true))
1918 histogram_name.append(".UnwantedSoftware");
1919 else
1920 NOTREACHED(); // Add support for new lists above.
1921
1922 // Histogram properties as in UMA_HISTOGRAM_COUNTS macro.
1923 base::HistogramBase* histogram_pointer = base::Histogram::FactoryGet(
1924 histogram_name, 1, 1000000, 50,
1925 base::HistogramBase::kUmaTargetedHistogramFlag);
1926
1927 histogram_pointer->Add(file_size_kilobytes);
1928 }