Home | History | Annotate | Download | only in safe_browsing 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_HOST_H_
      6 #define CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_HOST_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/memory/ref_counted.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "chrome/browser/safe_browsing/browser_feature_extractor.h"
     15 #include "chrome/browser/safe_browsing/database_manager.h"
     16 #include "chrome/browser/safe_browsing/ui_manager.h"
     17 #include "content/public/browser/notification_registrar.h"
     18 #include "content/public/browser/resource_request_details.h"
     19 #include "content/public/browser/web_contents_observer.h"
     20 #include "url/gurl.h"
     21 
     22 namespace safe_browsing {
     23 class ClientPhishingRequest;
     24 class ClientSideDetectionService;
     25 
     26 // This class is used to receive the IPC from the renderer which
     27 // notifies the browser that a URL was classified as phishing.  This
     28 // class relays this information to the client-side detection service
     29 // class which sends a ping to a server to validate the verdict.
     30 // TODO(noelutz): move all client-side detection IPCs to this class.
     31 class ClientSideDetectionHost : public content::WebContentsObserver,
     32                                 public content::NotificationObserver,
     33                                 public SafeBrowsingUIManager::Observer {
     34  public:
     35   // The caller keeps ownership of the tab object and is responsible for
     36   // ensuring that it stays valid until WebContentsDestroyed is called.
     37   static ClientSideDetectionHost* Create(content::WebContents* tab);
     38   virtual ~ClientSideDetectionHost();
     39 
     40   // From content::WebContentsObserver.
     41   virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
     42 
     43   // From content::WebContentsObserver.  If we navigate away we cancel all
     44   // pending callbacks that could show an interstitial, and check to see whether
     45   // we should classify the new URL.
     46   virtual void DidNavigateMainFrame(
     47       const content::LoadCommittedDetails& details,
     48       const content::FrameNavigateParams& params) OVERRIDE;
     49 
     50   // Called when the SafeBrowsingService found a hit with one of the
     51   // SafeBrowsing lists.  This method is called on the UI thread.
     52   virtual void OnSafeBrowsingHit(
     53       const SafeBrowsingUIManager::UnsafeResource& resource) OVERRIDE;
     54 
     55   // Called when the SafeBrowsingService finds a match on the SB lists.
     56   // Called on the UI thread. Called even if the resource is whitelisted.
     57   virtual void OnSafeBrowsingMatch(
     58       const SafeBrowsingUIManager::UnsafeResource& resource) OVERRIDE;
     59 
     60   virtual scoped_refptr<SafeBrowsingDatabaseManager> database_manager();
     61 
     62   // Returns whether the current page contains a malware or phishing safe
     63   // browsing match.
     64   bool DidPageReceiveSafeBrowsingMatch() const;
     65 
     66  protected:
     67   explicit ClientSideDetectionHost(content::WebContents* tab);
     68 
     69   // From content::WebContentsObserver.
     70   virtual void WebContentsDestroyed(content::WebContents* tab) OVERRIDE;
     71 
     72   // Used for testing.
     73   void set_safe_browsing_managers(
     74       SafeBrowsingUIManager* ui_manager,
     75       SafeBrowsingDatabaseManager* database_manager);
     76 
     77  private:
     78   friend class ClientSideDetectionHostTest;
     79   class ShouldClassifyUrlRequest;
     80   friend class ShouldClassifyUrlRequest;
     81 
     82   // Verdict is an encoded ClientPhishingRequest protocol message.
     83   void OnPhishingDetectionDone(const std::string& verdict);
     84 
     85   // Callback that is called when the server ping back is
     86   // done. Display an interstitial if |is_phishing| is true.
     87   // Otherwise, we do nothing.  Called in UI thread.
     88   void MaybeShowPhishingWarning(GURL phishing_url, bool is_phishing);
     89 
     90   // Callback that is called when the malware IP server ping back is
     91   // done. Display an interstitial if |is_malware| is true.
     92   // Otherwise, we do nothing.  Called in UI thread.
     93   void MaybeShowMalwareWarning(GURL original_url, GURL malware_url,
     94                                bool is_malware);
     95 
     96   // Callback that is called when the browser feature extractor is done.
     97   // This method is responsible for deleting the request object.  Called on
     98   // the UI thread.
     99   void FeatureExtractionDone(bool success, ClientPhishingRequest* request);
    100 
    101   // Function to be called when the browser malware feature extractor is done.
    102   // Called on the UI thread.
    103   void MalwareFeatureExtractionDone(bool success,
    104                                     scoped_ptr<ClientMalwareRequest> request);
    105 
    106   // Update the entries in browse_info_->ips map.
    107   void UpdateIPUrlMap(const std::string& ip,
    108                       const std::string& url,
    109                       const std::string& method,
    110                       const std::string& referrer,
    111                       const ResourceType::Type resource_type);
    112 
    113   // From NotificationObserver.  Called when a notification comes in.  This
    114   // method is called in the UI thread.
    115   virtual void Observe(int type,
    116                        const content::NotificationSource& source,
    117                        const content::NotificationDetails& details) OVERRIDE;
    118 
    119   // Returns true if the user has seen a regular SafeBrowsing
    120   // interstitial for the current page.  This is only true if the user has
    121   // actually clicked through the warning.  This method is called on the UI
    122   // thread.
    123   bool DidShowSBInterstitial() const;
    124 
    125   // Used for testing.  This function does not take ownership of the service
    126   // class.
    127   void set_client_side_detection_service(ClientSideDetectionService* service);
    128 
    129   // Get/Set malware_killswitch_on_ value. These methods called on UI thread.
    130   bool MalwareKillSwitchIsOn();
    131   void SetMalwareKillSwitch(bool killswitch_on);
    132 
    133   // This pointer may be NULL if client-side phishing detection is disabled.
    134   ClientSideDetectionService* csd_service_;
    135   // These pointers may be NULL if SafeBrowsing is disabled.
    136   scoped_refptr<SafeBrowsingDatabaseManager> database_manager_;
    137   scoped_refptr<SafeBrowsingUIManager> ui_manager_;
    138   // Keep a handle to the latest classification request so that we can cancel
    139   // it if necessary.
    140   scoped_refptr<ShouldClassifyUrlRequest> classification_request_;
    141   // Browser-side feature extractor.
    142   scoped_ptr<BrowserFeatureExtractor> feature_extractor_;
    143   // Keeps some info about the current page visit while the renderer
    144   // classification is going on.  Since we cancel classification on
    145   // every page load we can simply keep this data around as a member
    146   // variable.  This information will be passed on to the feature extractor.
    147   scoped_ptr<BrowseInfo> browse_info_;
    148   // Redirect chain that leads to the first page of the current host. We keep
    149   // track of this for browse_info_.
    150   std::vector<GURL> cur_host_redirects_;
    151   // Current host, used to help determine cur_host_redirects_.
    152   std::string cur_host_;
    153   // Handles registering notifications with the NotificationService.
    154   content::NotificationRegistrar registrar_;
    155 
    156   // Max number of ips we save for each browse
    157   static const int kMaxIPsPerBrowse;
    158   // Max number of urls we report for each malware IP.
    159   static const int kMaxUrlsPerIP;
    160 
    161   base::WeakPtrFactory<ClientSideDetectionHost> weak_factory_;
    162 
    163   // Unique page ID of the most recent unsafe site that was loaded in this tab
    164   // as well as the UnsafeResource.
    165   int unsafe_unique_page_id_;
    166   scoped_ptr<SafeBrowsingUIManager::UnsafeResource> unsafe_resource_;
    167 
    168   // Whether the malware IP matching feature killswitch is on.
    169   // This should be accessed from UI thread.
    170   bool malware_killswitch_on_;
    171 
    172   // Whether the malware bad ip matching and report feature is enabled.
    173   // This should be accessed from UI thread.
    174   bool malware_report_enabled_;
    175 
    176   // Set to true if we got a match on malware or phishing for the current
    177   // page load. Is reset to false when DidNavigateMainFrame is received.
    178   bool malware_or_phishing_match_;
    179 
    180   DISALLOW_COPY_AND_ASSIGN(ClientSideDetectionHost);
    181 };
    182 
    183 }  // namespace safe_browsing
    184 
    185 #endif  // CHROME_BROWSER_SAFE_BROWSING_CLIENT_SIDE_DETECTION_HOST_H_
    186