1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/safe_browsing/safe_browsing_database.h" 6 7 #include <algorithm> 8 #include <iterator> 9 10 #include "base/bind.h" 11 #include "base/file_util.h" 12 #include "base/message_loop/message_loop.h" 13 #include "base/metrics/histogram.h" 14 #include "base/metrics/stats_counters.h" 15 #include "base/process/process.h" 16 #include "base/process/process_metrics.h" 17 #include "base/sha1.h" 18 #include "base/strings/string_number_conversions.h" 19 #include "base/strings/stringprintf.h" 20 #include "base/time/time.h" 21 #include "chrome/browser/safe_browsing/prefix_set.h" 22 #include "chrome/browser/safe_browsing/safe_browsing_store_file.h" 23 #include "content/public/browser/browser_thread.h" 24 #include "crypto/sha2.h" 25 #include "net/base/net_util.h" 26 #include "url/gurl.h" 27 28 #if defined(OS_MACOSX) 29 #include "base/mac/mac_util.h" 30 #endif 31 32 using content::BrowserThread; 33 34 namespace { 35 36 // Filename suffix for the bloom filter. 37 const base::FilePath::CharType kBloomFilterFile[] = 38 FILE_PATH_LITERAL(" Filter 2"); 39 // Filename suffix for the prefix set. 40 const base::FilePath::CharType kPrefixSetFile[] = 41 FILE_PATH_LITERAL(" Prefix Set"); 42 // Filename suffix for download store. 43 const base::FilePath::CharType kDownloadDBFile[] = 44 FILE_PATH_LITERAL(" Download"); 45 // Filename suffix for client-side phishing detection whitelist store. 46 const base::FilePath::CharType kCsdWhitelistDBFile[] = 47 FILE_PATH_LITERAL(" Csd Whitelist"); 48 // Filename suffix for the download whitelist store. 49 const base::FilePath::CharType kDownloadWhitelistDBFile[] = 50 FILE_PATH_LITERAL(" Download Whitelist"); 51 // Filename suffix for the extension blacklist store. 52 const base::FilePath::CharType kExtensionBlacklistDBFile[] = 53 FILE_PATH_LITERAL(" Extension Blacklist"); 54 // Filename suffix for the side-effect free whitelist store. 55 const base::FilePath::CharType kSideEffectFreeWhitelistDBFile[] = 56 FILE_PATH_LITERAL(" Side-Effect Free Whitelist"); 57 // Filename suffix for the csd malware IP blacklist store. 58 const base::FilePath::CharType kIPBlacklistDBFile[] = 59 FILE_PATH_LITERAL(" IP Blacklist"); 60 61 // Filename suffix for browse store. 62 // TODO(shess): "Safe Browsing Bloom Prefix Set" is full of win. 63 // Unfortunately, to change the name implies lots of transition code 64 // for little benefit. If/when file formats change (say to put all 65 // the data in one file), that would be a convenient point to rectify 66 // this. 67 const base::FilePath::CharType kBrowseDBFile[] = FILE_PATH_LITERAL(" Bloom"); 68 69 // The maximum staleness for a cached entry. 70 const int kMaxStalenessMinutes = 45; 71 72 // Maximum number of entries we allow in any of the whitelists. 73 // If a whitelist on disk contains more entries then all lookups to 74 // the whitelist will be considered a match. 75 const size_t kMaxWhitelistSize = 5000; 76 77 // If the hash of this exact expression is on a whitelist then all 78 // lookups to this whitelist will be considered a match. 79 const char kWhitelistKillSwitchUrl[] = 80 "sb-ssl.google.com/safebrowsing/csd/killswitch"; // Don't change this! 81 82 // If the hash of this exact expression is on a whitelist then the 83 // malware IP blacklisting feature will be disabled in csd. 84 // Don't change this! 85 const char kMalwareIPKillSwitchUrl[] = 86 "sb-ssl.google.com/safebrowsing/csd/killswitch_malware"; 87 88 const size_t kMaxIpPrefixSize = 128; 89 const size_t kMinIpPrefixSize = 1; 90 91 // To save space, the incoming |chunk_id| and |list_id| are combined 92 // into an |encoded_chunk_id| for storage by shifting the |list_id| 93 // into the low-order bits. These functions decode that information. 94 // TODO(lzheng): It was reasonable when database is saved in sqlite, but 95 // there should be better ways to save chunk_id and list_id after we use 96 // SafeBrowsingStoreFile. 97 int GetListIdBit(const int encoded_chunk_id) { 98 return encoded_chunk_id & 1; 99 } 100 int DecodeChunkId(int encoded_chunk_id) { 101 return encoded_chunk_id >> 1; 102 } 103 int EncodeChunkId(const int chunk, const int list_id) { 104 DCHECK_NE(list_id, safe_browsing_util::INVALID); 105 return chunk << 1 | list_id % 2; 106 } 107 108 // Generate the set of full hashes to check for |url|. If 109 // |include_whitelist_hashes| is true we will generate additional path-prefixes 110 // to match against the csd whitelist. E.g., if the path-prefix /foo is on the 111 // whitelist it should also match /foo/bar which is not the case for all the 112 // other lists. We'll also always add a pattern for the empty path. 113 // TODO(shess): This function is almost the same as 114 // |CompareFullHashes()| in safe_browsing_util.cc, except that code 115 // does an early exit on match. Since match should be the infrequent 116 // case (phishing or malware found), consider combining this function 117 // with that one. 118 void BrowseFullHashesToCheck(const GURL& url, 119 bool include_whitelist_hashes, 120 std::vector<SBFullHash>* full_hashes) { 121 std::vector<std::string> hosts; 122 if (url.HostIsIPAddress()) { 123 hosts.push_back(url.host()); 124 } else { 125 safe_browsing_util::GenerateHostsToCheck(url, &hosts); 126 } 127 128 std::vector<std::string> paths; 129 safe_browsing_util::GeneratePathsToCheck(url, &paths); 130 131 for (size_t i = 0; i < hosts.size(); ++i) { 132 for (size_t j = 0; j < paths.size(); ++j) { 133 const std::string& path = paths[j]; 134 SBFullHash full_hash; 135 crypto::SHA256HashString(hosts[i] + path, &full_hash, 136 sizeof(full_hash)); 137 full_hashes->push_back(full_hash); 138 139 // We may have /foo as path-prefix in the whitelist which should 140 // also match with /foo/bar and /foo?bar. Hence, for every path 141 // that ends in '/' we also add the path without the slash. 142 if (include_whitelist_hashes && 143 path.size() > 1 && 144 path[path.size() - 1] == '/') { 145 crypto::SHA256HashString(hosts[i] + path.substr(0, path.size() - 1), 146 &full_hash, sizeof(full_hash)); 147 full_hashes->push_back(full_hash); 148 } 149 } 150 } 151 } 152 153 // Get the prefixes matching the download |urls|. 154 void GetDownloadUrlPrefixes(const std::vector<GURL>& urls, 155 std::vector<SBPrefix>* prefixes) { 156 std::vector<SBFullHash> full_hashes; 157 for (size_t i = 0; i < urls.size(); ++i) 158 BrowseFullHashesToCheck(urls[i], false, &full_hashes); 159 160 for (size_t i = 0; i < full_hashes.size(); ++i) 161 prefixes->push_back(full_hashes[i].prefix); 162 } 163 164 // Helper function to compare addprefixes in |store| with |prefixes|. 165 // The |list_bit| indicates which list (url or hash) to compare. 166 // 167 // Returns true if there is a match, |*prefix_hits| (if non-NULL) will contain 168 // the actual matching prefixes. 169 bool MatchAddPrefixes(SafeBrowsingStore* store, 170 int list_bit, 171 const std::vector<SBPrefix>& prefixes, 172 std::vector<SBPrefix>* prefix_hits) { 173 prefix_hits->clear(); 174 bool found_match = false; 175 176 SBAddPrefixes add_prefixes; 177 store->GetAddPrefixes(&add_prefixes); 178 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin(); 179 iter != add_prefixes.end(); ++iter) { 180 for (size_t j = 0; j < prefixes.size(); ++j) { 181 const SBPrefix& prefix = prefixes[j]; 182 if (prefix == iter->prefix && 183 GetListIdBit(iter->chunk_id) == list_bit) { 184 prefix_hits->push_back(prefix); 185 found_match = true; 186 } 187 } 188 } 189 return found_match; 190 } 191 192 // Find the entries in |full_hashes| with prefix in |prefix_hits|, and 193 // add them to |full_hits| if not expired. "Not expired" is when 194 // either |last_update| was recent enough, or the item has been 195 // received recently enough. Expired items are not deleted because a 196 // future update may make them acceptable again. 197 // 198 // For efficiency reasons the code walks |prefix_hits| and 199 // |full_hashes| in parallel, so they must be sorted by prefix. 200 void GetCachedFullHashesForBrowse(const std::vector<SBPrefix>& prefix_hits, 201 const std::vector<SBAddFullHash>& full_hashes, 202 std::vector<SBFullHashResult>* full_hits, 203 base::Time last_update) { 204 const base::Time expire_time = 205 base::Time::Now() - base::TimeDelta::FromMinutes(kMaxStalenessMinutes); 206 207 std::vector<SBPrefix>::const_iterator piter = prefix_hits.begin(); 208 std::vector<SBAddFullHash>::const_iterator hiter = full_hashes.begin(); 209 210 while (piter != prefix_hits.end() && hiter != full_hashes.end()) { 211 if (*piter < hiter->full_hash.prefix) { 212 ++piter; 213 } else if (hiter->full_hash.prefix < *piter) { 214 ++hiter; 215 } else { 216 if (expire_time < last_update || 217 expire_time.ToTimeT() < hiter->received) { 218 SBFullHashResult result; 219 const int list_bit = GetListIdBit(hiter->chunk_id); 220 DCHECK(list_bit == safe_browsing_util::MALWARE || 221 list_bit == safe_browsing_util::PHISH); 222 const safe_browsing_util::ListType list_id = 223 static_cast<safe_browsing_util::ListType>(list_bit); 224 if (!safe_browsing_util::GetListName(list_id, &result.list_name)) 225 continue; 226 result.add_chunk_id = DecodeChunkId(hiter->chunk_id); 227 result.hash = hiter->full_hash; 228 full_hits->push_back(result); 229 } 230 231 // Only increment |hiter|, |piter| might have multiple hits. 232 ++hiter; 233 } 234 } 235 } 236 237 // This function generates a chunk range string for |chunks|. It 238 // outputs one chunk range string per list and writes it to the 239 // |list_ranges| vector. We expect |list_ranges| to already be of the 240 // right size. E.g., if |chunks| contains chunks with two different 241 // list ids then |list_ranges| must contain two elements. 242 void GetChunkRanges(const std::vector<int>& chunks, 243 std::vector<std::string>* list_ranges) { 244 // Since there are 2 possible list ids, there must be exactly two 245 // list ranges. Even if the chunk data should only contain one 246 // line, this code has to somehow handle corruption. 247 DCHECK_EQ(2U, list_ranges->size()); 248 249 std::vector<std::vector<int> > decoded_chunks(list_ranges->size()); 250 for (std::vector<int>::const_iterator iter = chunks.begin(); 251 iter != chunks.end(); ++iter) { 252 int mod_list_id = GetListIdBit(*iter); 253 DCHECK_GE(mod_list_id, 0); 254 DCHECK_LT(static_cast<size_t>(mod_list_id), decoded_chunks.size()); 255 decoded_chunks[mod_list_id].push_back(DecodeChunkId(*iter)); 256 } 257 for (size_t i = 0; i < decoded_chunks.size(); ++i) { 258 ChunksToRangeString(decoded_chunks[i], &((*list_ranges)[i])); 259 } 260 } 261 262 // Helper function to create chunk range lists for Browse related 263 // lists. 264 void UpdateChunkRanges(SafeBrowsingStore* store, 265 const std::vector<std::string>& listnames, 266 std::vector<SBListChunkRanges>* lists) { 267 DCHECK_GT(listnames.size(), 0U); 268 DCHECK_LE(listnames.size(), 2U); 269 std::vector<int> add_chunks; 270 std::vector<int> sub_chunks; 271 store->GetAddChunks(&add_chunks); 272 store->GetSubChunks(&sub_chunks); 273 274 // Always decode 2 ranges, even if only the first one is expected. 275 // The loop below will only load as many into |lists| as |listnames| 276 // indicates. 277 std::vector<std::string> adds(2); 278 std::vector<std::string> subs(2); 279 GetChunkRanges(add_chunks, &adds); 280 GetChunkRanges(sub_chunks, &subs); 281 282 for (size_t i = 0; i < listnames.size(); ++i) { 283 const std::string& listname = listnames[i]; 284 DCHECK_EQ(safe_browsing_util::GetListId(listname) % 2, 285 static_cast<int>(i % 2)); 286 DCHECK_NE(safe_browsing_util::GetListId(listname), 287 safe_browsing_util::INVALID); 288 lists->push_back(SBListChunkRanges(listname)); 289 lists->back().adds.swap(adds[i]); 290 lists->back().subs.swap(subs[i]); 291 } 292 } 293 294 // Helper for deleting chunks left over from obsolete lists. 295 void DeleteChunksFromStore(SafeBrowsingStore* store, int listid){ 296 std::vector<int> add_chunks; 297 size_t adds_deleted = 0; 298 store->GetAddChunks(&add_chunks); 299 for (std::vector<int>::const_iterator iter = add_chunks.begin(); 300 iter != add_chunks.end(); ++iter) { 301 if (GetListIdBit(*iter) == GetListIdBit(listid)) { 302 adds_deleted++; 303 store->DeleteAddChunk(*iter); 304 } 305 } 306 if (adds_deleted > 0) 307 UMA_HISTOGRAM_COUNTS("SB2.DownloadBinhashAddsDeleted", adds_deleted); 308 309 std::vector<int> sub_chunks; 310 size_t subs_deleted = 0; 311 store->GetSubChunks(&sub_chunks); 312 for (std::vector<int>::const_iterator iter = sub_chunks.begin(); 313 iter != sub_chunks.end(); ++iter) { 314 if (GetListIdBit(*iter) == GetListIdBit(listid)) { 315 subs_deleted++; 316 store->DeleteSubChunk(*iter); 317 } 318 } 319 if (subs_deleted > 0) 320 UMA_HISTOGRAM_COUNTS("SB2.DownloadBinhashSubsDeleted", subs_deleted); 321 } 322 323 // Order |SBAddFullHash| on the prefix part. |SBAddPrefixLess()| from 324 // safe_browsing_store.h orders on both chunk-id and prefix. 325 bool SBAddFullHashPrefixLess(const SBAddFullHash& a, const SBAddFullHash& b) { 326 return a.full_hash.prefix < b.full_hash.prefix; 327 } 328 329 // This code always checks for non-zero file size. This helper makes 330 // that less verbose. 331 int64 GetFileSizeOrZero(const base::FilePath& file_path) { 332 int64 size_64; 333 if (!base::GetFileSize(file_path, &size_64)) 334 return 0; 335 return size_64; 336 } 337 338 } // namespace 339 340 // The default SafeBrowsingDatabaseFactory. 341 class SafeBrowsingDatabaseFactoryImpl : public SafeBrowsingDatabaseFactory { 342 public: 343 virtual SafeBrowsingDatabase* CreateSafeBrowsingDatabase( 344 bool enable_download_protection, 345 bool enable_client_side_whitelist, 346 bool enable_download_whitelist, 347 bool enable_extension_blacklist, 348 bool enable_side_effect_free_whitelist, 349 bool enable_ip_blacklist) OVERRIDE { 350 return new SafeBrowsingDatabaseNew( 351 new SafeBrowsingStoreFile, 352 enable_download_protection ? new SafeBrowsingStoreFile : NULL, 353 enable_client_side_whitelist ? new SafeBrowsingStoreFile : NULL, 354 enable_download_whitelist ? new SafeBrowsingStoreFile : NULL, 355 enable_extension_blacklist ? new SafeBrowsingStoreFile : NULL, 356 enable_side_effect_free_whitelist ? new SafeBrowsingStoreFile : NULL, 357 enable_ip_blacklist ? new SafeBrowsingStoreFile : NULL); 358 } 359 360 SafeBrowsingDatabaseFactoryImpl() { } 361 362 private: 363 DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactoryImpl); 364 }; 365 366 // static 367 SafeBrowsingDatabaseFactory* SafeBrowsingDatabase::factory_ = NULL; 368 369 // Factory method, non-thread safe. Caller has to make sure this s called 370 // on SafeBrowsing Thread. 371 // TODO(shess): There's no need for a factory any longer. Convert 372 // SafeBrowsingDatabaseNew to SafeBrowsingDatabase, and have Create() 373 // callers just construct things directly. 374 SafeBrowsingDatabase* SafeBrowsingDatabase::Create( 375 bool enable_download_protection, 376 bool enable_client_side_whitelist, 377 bool enable_download_whitelist, 378 bool enable_extension_blacklist, 379 bool enable_side_effect_free_whitelist, 380 bool enable_ip_blacklist) { 381 if (!factory_) 382 factory_ = new SafeBrowsingDatabaseFactoryImpl(); 383 return factory_->CreateSafeBrowsingDatabase( 384 enable_download_protection, 385 enable_client_side_whitelist, 386 enable_download_whitelist, 387 enable_extension_blacklist, 388 enable_side_effect_free_whitelist, 389 enable_ip_blacklist); 390 } 391 392 SafeBrowsingDatabase::~SafeBrowsingDatabase() { 393 } 394 395 // static 396 base::FilePath SafeBrowsingDatabase::BrowseDBFilename( 397 const base::FilePath& db_base_filename) { 398 return base::FilePath(db_base_filename.value() + kBrowseDBFile); 399 } 400 401 // static 402 base::FilePath SafeBrowsingDatabase::DownloadDBFilename( 403 const base::FilePath& db_base_filename) { 404 return base::FilePath(db_base_filename.value() + kDownloadDBFile); 405 } 406 407 // static 408 base::FilePath SafeBrowsingDatabase::BloomFilterForFilename( 409 const base::FilePath& db_filename) { 410 return base::FilePath(db_filename.value() + kBloomFilterFile); 411 } 412 413 // static 414 base::FilePath SafeBrowsingDatabase::PrefixSetForFilename( 415 const base::FilePath& db_filename) { 416 return base::FilePath(db_filename.value() + kPrefixSetFile); 417 } 418 419 // static 420 base::FilePath SafeBrowsingDatabase::CsdWhitelistDBFilename( 421 const base::FilePath& db_filename) { 422 return base::FilePath(db_filename.value() + kCsdWhitelistDBFile); 423 } 424 425 // static 426 base::FilePath SafeBrowsingDatabase::DownloadWhitelistDBFilename( 427 const base::FilePath& db_filename) { 428 return base::FilePath(db_filename.value() + kDownloadWhitelistDBFile); 429 } 430 431 // static 432 base::FilePath SafeBrowsingDatabase::ExtensionBlacklistDBFilename( 433 const base::FilePath& db_filename) { 434 return base::FilePath(db_filename.value() + kExtensionBlacklistDBFile); 435 } 436 437 // static 438 base::FilePath SafeBrowsingDatabase::SideEffectFreeWhitelistDBFilename( 439 const base::FilePath& db_filename) { 440 return base::FilePath(db_filename.value() + kSideEffectFreeWhitelistDBFile); 441 } 442 443 // static 444 base::FilePath SafeBrowsingDatabase::IpBlacklistDBFilename( 445 const base::FilePath& db_filename) { 446 return base::FilePath(db_filename.value() + kIPBlacklistDBFile); 447 } 448 449 SafeBrowsingStore* SafeBrowsingDatabaseNew::GetStore(const int list_id) { 450 if (list_id == safe_browsing_util::PHISH || 451 list_id == safe_browsing_util::MALWARE) { 452 return browse_store_.get(); 453 } else if (list_id == safe_browsing_util::BINURL || 454 list_id == safe_browsing_util::BINHASH) { 455 return download_store_.get(); 456 } else if (list_id == safe_browsing_util::CSDWHITELIST) { 457 return csd_whitelist_store_.get(); 458 } else if (list_id == safe_browsing_util::DOWNLOADWHITELIST) { 459 return download_whitelist_store_.get(); 460 } else if (list_id == safe_browsing_util::EXTENSIONBLACKLIST) { 461 return extension_blacklist_store_.get(); 462 } else if (list_id == safe_browsing_util::SIDEEFFECTFREEWHITELIST) { 463 return side_effect_free_whitelist_store_.get(); 464 } else if (list_id == safe_browsing_util::IPBLACKLIST) { 465 return ip_blacklist_store_.get(); 466 } 467 return NULL; 468 } 469 470 // static 471 void SafeBrowsingDatabase::RecordFailure(FailureType failure_type) { 472 UMA_HISTOGRAM_ENUMERATION("SB2.DatabaseFailure", failure_type, 473 FAILURE_DATABASE_MAX); 474 } 475 476 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew() 477 : creation_loop_(base::MessageLoop::current()), 478 browse_store_(new SafeBrowsingStoreFile), 479 reset_factory_(this), 480 corruption_detected_(false), 481 change_detected_(false) { 482 DCHECK(browse_store_.get()); 483 DCHECK(!download_store_.get()); 484 DCHECK(!csd_whitelist_store_.get()); 485 DCHECK(!download_whitelist_store_.get()); 486 DCHECK(!extension_blacklist_store_.get()); 487 DCHECK(!side_effect_free_whitelist_store_.get()); 488 DCHECK(!ip_blacklist_store_.get()); 489 } 490 491 SafeBrowsingDatabaseNew::SafeBrowsingDatabaseNew( 492 SafeBrowsingStore* browse_store, 493 SafeBrowsingStore* download_store, 494 SafeBrowsingStore* csd_whitelist_store, 495 SafeBrowsingStore* download_whitelist_store, 496 SafeBrowsingStore* extension_blacklist_store, 497 SafeBrowsingStore* side_effect_free_whitelist_store, 498 SafeBrowsingStore* ip_blacklist_store) 499 : creation_loop_(base::MessageLoop::current()), 500 browse_store_(browse_store), 501 download_store_(download_store), 502 csd_whitelist_store_(csd_whitelist_store), 503 download_whitelist_store_(download_whitelist_store), 504 extension_blacklist_store_(extension_blacklist_store), 505 side_effect_free_whitelist_store_(side_effect_free_whitelist_store), 506 ip_blacklist_store_(ip_blacklist_store), 507 reset_factory_(this), 508 corruption_detected_(false) { 509 DCHECK(browse_store_.get()); 510 } 511 512 SafeBrowsingDatabaseNew::~SafeBrowsingDatabaseNew() { 513 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 514 } 515 516 void SafeBrowsingDatabaseNew::Init(const base::FilePath& filename_base) { 517 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 518 // Ensure we haven't been run before. 519 DCHECK(browse_filename_.empty()); 520 DCHECK(download_filename_.empty()); 521 DCHECK(csd_whitelist_filename_.empty()); 522 DCHECK(download_whitelist_filename_.empty()); 523 DCHECK(extension_blacklist_filename_.empty()); 524 DCHECK(side_effect_free_whitelist_filename_.empty()); 525 DCHECK(ip_blacklist_filename_.empty()); 526 527 browse_filename_ = BrowseDBFilename(filename_base); 528 browse_prefix_set_filename_ = PrefixSetForFilename(browse_filename_); 529 530 browse_store_->Init( 531 browse_filename_, 532 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 533 base::Unretained(this))); 534 DVLOG(1) << "Init browse store: " << browse_filename_.value(); 535 536 { 537 // NOTE: There is no need to grab the lock in this function, since 538 // until it returns, there are no pointers to this class on other 539 // threads. Then again, that means there is no possibility of 540 // contention on the lock... 541 base::AutoLock locked(lookup_lock_); 542 full_browse_hashes_.clear(); 543 pending_browse_hashes_.clear(); 544 LoadPrefixSet(); 545 } 546 547 if (download_store_.get()) { 548 download_filename_ = DownloadDBFilename(filename_base); 549 download_store_->Init( 550 download_filename_, 551 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 552 base::Unretained(this))); 553 DVLOG(1) << "Init download store: " << download_filename_.value(); 554 } 555 556 if (csd_whitelist_store_.get()) { 557 csd_whitelist_filename_ = CsdWhitelistDBFilename(filename_base); 558 csd_whitelist_store_->Init( 559 csd_whitelist_filename_, 560 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 561 base::Unretained(this))); 562 DVLOG(1) << "Init csd whitelist store: " << csd_whitelist_filename_.value(); 563 std::vector<SBAddFullHash> full_hashes; 564 if (csd_whitelist_store_->GetAddFullHashes(&full_hashes)) { 565 LoadWhitelist(full_hashes, &csd_whitelist_); 566 } else { 567 WhitelistEverything(&csd_whitelist_); 568 } 569 } else { 570 WhitelistEverything(&csd_whitelist_); // Just to be safe. 571 } 572 573 if (download_whitelist_store_.get()) { 574 download_whitelist_filename_ = DownloadWhitelistDBFilename(filename_base); 575 download_whitelist_store_->Init( 576 download_whitelist_filename_, 577 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 578 base::Unretained(this))); 579 DVLOG(1) << "Init download whitelist store: " 580 << download_whitelist_filename_.value(); 581 std::vector<SBAddFullHash> full_hashes; 582 if (download_whitelist_store_->GetAddFullHashes(&full_hashes)) { 583 LoadWhitelist(full_hashes, &download_whitelist_); 584 } else { 585 WhitelistEverything(&download_whitelist_); 586 } 587 } else { 588 WhitelistEverything(&download_whitelist_); // Just to be safe. 589 } 590 591 if (extension_blacklist_store_.get()) { 592 extension_blacklist_filename_ = ExtensionBlacklistDBFilename(filename_base); 593 extension_blacklist_store_->Init( 594 extension_blacklist_filename_, 595 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 596 base::Unretained(this))); 597 DVLOG(1) << "Init extension blacklist store: " 598 << extension_blacklist_filename_.value(); 599 } 600 601 if (side_effect_free_whitelist_store_.get()) { 602 side_effect_free_whitelist_filename_ = 603 SideEffectFreeWhitelistDBFilename(filename_base); 604 side_effect_free_whitelist_prefix_set_filename_ = 605 PrefixSetForFilename(side_effect_free_whitelist_filename_); 606 side_effect_free_whitelist_store_->Init( 607 side_effect_free_whitelist_filename_, 608 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 609 base::Unretained(this))); 610 DVLOG(1) << "Init side-effect free whitelist store: " 611 << side_effect_free_whitelist_filename_.value(); 612 613 // If there is no database, the filter cannot be used. 614 base::PlatformFileInfo db_info; 615 if (base::GetFileInfo(side_effect_free_whitelist_filename_, &db_info) 616 && db_info.size != 0) { 617 const base::TimeTicks before = base::TimeTicks::Now(); 618 side_effect_free_whitelist_prefix_set_.reset( 619 safe_browsing::PrefixSet::LoadFile( 620 side_effect_free_whitelist_prefix_set_filename_)); 621 DVLOG(1) << "SafeBrowsingDatabaseNew read side-effect free whitelist " 622 << "prefix set in " 623 << (base::TimeTicks::Now() - before).InMilliseconds() << " ms"; 624 UMA_HISTOGRAM_TIMES("SB2.SideEffectFreeWhitelistPrefixSetLoad", 625 base::TimeTicks::Now() - before); 626 if (!side_effect_free_whitelist_prefix_set_.get()) 627 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ); 628 } 629 } else { 630 // Delete any files of the side-effect free sidelist that may be around 631 // from when it was previously enabled. 632 SafeBrowsingStoreFile::DeleteStore( 633 SideEffectFreeWhitelistDBFilename(filename_base)); 634 } 635 636 if (ip_blacklist_store_.get()) { 637 ip_blacklist_filename_ = IpBlacklistDBFilename(filename_base); 638 ip_blacklist_store_->Init( 639 ip_blacklist_filename_, 640 base::Bind(&SafeBrowsingDatabaseNew::HandleCorruptDatabase, 641 base::Unretained(this))); 642 DVLOG(1) << "SafeBrowsingDatabaseNew read ip blacklist: " 643 << ip_blacklist_filename_.value(); 644 std::vector<SBAddFullHash> full_hashes; 645 if (ip_blacklist_store_->GetAddFullHashes(&full_hashes)) { 646 LoadIpBlacklist(full_hashes); 647 } else { 648 DVLOG(1) << "Unable to load full hashes from the IP blacklist."; 649 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list. 650 } 651 } 652 } 653 654 bool SafeBrowsingDatabaseNew::ResetDatabase() { 655 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 656 657 // Delete files on disk. 658 // TODO(shess): Hard to see where one might want to delete without a 659 // reset. Perhaps inline |Delete()|? 660 if (!Delete()) 661 return false; 662 663 // Reset objects in memory. 664 { 665 base::AutoLock locked(lookup_lock_); 666 full_browse_hashes_.clear(); 667 pending_browse_hashes_.clear(); 668 prefix_miss_cache_.clear(); 669 browse_prefix_set_.reset(); 670 side_effect_free_whitelist_prefix_set_.reset(); 671 ip_blacklist_.clear(); 672 } 673 // Wants to acquire the lock itself. 674 WhitelistEverything(&csd_whitelist_); 675 WhitelistEverything(&download_whitelist_); 676 return true; 677 } 678 679 // TODO(lzheng): Remove matching_list, it is not used anywhere. 680 bool SafeBrowsingDatabaseNew::ContainsBrowseUrl( 681 const GURL& url, 682 std::string* matching_list, 683 std::vector<SBPrefix>* prefix_hits, 684 std::vector<SBFullHashResult>* full_hits, 685 base::Time last_update) { 686 // Clear the results first. 687 matching_list->clear(); 688 prefix_hits->clear(); 689 full_hits->clear(); 690 691 std::vector<SBFullHash> full_hashes; 692 BrowseFullHashesToCheck(url, false, &full_hashes); 693 if (full_hashes.empty()) 694 return false; 695 696 // This function is called on the I/O thread, prevent changes to 697 // filter and caches. 698 base::AutoLock locked(lookup_lock_); 699 700 // |browse_prefix_set_| is empty until it is either read from disk, or the 701 // first update populates it. Bail out without a hit if not yet 702 // available. 703 if (!browse_prefix_set_.get()) 704 return false; 705 706 size_t miss_count = 0; 707 for (size_t i = 0; i < full_hashes.size(); ++i) { 708 const SBPrefix prefix = full_hashes[i].prefix; 709 if (browse_prefix_set_->Exists(prefix)) { 710 prefix_hits->push_back(prefix); 711 if (prefix_miss_cache_.count(prefix) > 0) 712 ++miss_count; 713 } 714 } 715 716 // If all the prefixes are cached as 'misses', don't issue a GetHash. 717 if (miss_count == prefix_hits->size()) 718 return false; 719 720 // Find the matching full-hash results. |full_browse_hashes_| are from the 721 // database, |pending_browse_hashes_| are from GetHash requests between 722 // updates. 723 std::sort(prefix_hits->begin(), prefix_hits->end()); 724 725 GetCachedFullHashesForBrowse(*prefix_hits, full_browse_hashes_, 726 full_hits, last_update); 727 GetCachedFullHashesForBrowse(*prefix_hits, pending_browse_hashes_, 728 full_hits, last_update); 729 return true; 730 } 731 732 bool SafeBrowsingDatabaseNew::ContainsDownloadUrl( 733 const std::vector<GURL>& urls, 734 std::vector<SBPrefix>* prefix_hits) { 735 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 736 737 // Ignore this check when download checking is not enabled. 738 if (!download_store_.get()) 739 return false; 740 741 std::vector<SBPrefix> prefixes; 742 GetDownloadUrlPrefixes(urls, &prefixes); 743 return MatchAddPrefixes(download_store_.get(), 744 safe_browsing_util::BINURL % 2, 745 prefixes, 746 prefix_hits); 747 } 748 749 bool SafeBrowsingDatabaseNew::ContainsDownloadHashPrefix( 750 const SBPrefix& prefix) { 751 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 752 753 // Ignore this check when download store is not available. 754 if (!download_store_.get()) 755 return false; 756 757 std::vector<SBPrefix> prefix_hits; 758 return MatchAddPrefixes(download_store_.get(), 759 safe_browsing_util::BINHASH % 2, 760 std::vector<SBPrefix>(1, prefix), 761 &prefix_hits); 762 } 763 764 bool SafeBrowsingDatabaseNew::ContainsCsdWhitelistedUrl(const GURL& url) { 765 // This method is theoretically thread-safe but we expect all calls to 766 // originate from the IO thread. 767 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 768 std::vector<SBFullHash> full_hashes; 769 BrowseFullHashesToCheck(url, true, &full_hashes); 770 return ContainsWhitelistedHashes(csd_whitelist_, full_hashes); 771 } 772 773 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedUrl(const GURL& url) { 774 std::vector<SBFullHash> full_hashes; 775 BrowseFullHashesToCheck(url, true, &full_hashes); 776 return ContainsWhitelistedHashes(download_whitelist_, full_hashes); 777 } 778 779 bool SafeBrowsingDatabaseNew::ContainsExtensionPrefixes( 780 const std::vector<SBPrefix>& prefixes, 781 std::vector<SBPrefix>* prefix_hits) { 782 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 783 if (!extension_blacklist_store_) 784 return false; 785 786 return MatchAddPrefixes(extension_blacklist_store_.get(), 787 safe_browsing_util::EXTENSIONBLACKLIST % 2, 788 prefixes, 789 prefix_hits); 790 } 791 792 bool SafeBrowsingDatabaseNew::ContainsSideEffectFreeWhitelistUrl( 793 const GURL& url) { 794 SBFullHash full_hash; 795 std::string host; 796 std::string path; 797 std::string query; 798 safe_browsing_util::CanonicalizeUrl(url, &host, &path, &query); 799 std::string url_to_check = host + path; 800 if (!query.empty()) 801 url_to_check += "?" + query; 802 crypto::SHA256HashString(url_to_check, &full_hash, sizeof(full_hash)); 803 804 // This function can be called on any thread, so lock against any changes 805 base::AutoLock locked(lookup_lock_); 806 807 // |side_effect_free_whitelist_prefix_set_| is empty until it is either read 808 // from disk, or the first update populates it. Bail out without a hit if 809 // not yet available. 810 if (!side_effect_free_whitelist_prefix_set_.get()) 811 return false; 812 813 return side_effect_free_whitelist_prefix_set_->Exists(full_hash.prefix); 814 } 815 816 bool SafeBrowsingDatabaseNew::ContainsMalwareIP(const std::string& ip_address) { 817 net::IPAddressNumber ip_number; 818 if (!net::ParseIPLiteralToNumber(ip_address, &ip_number)) { 819 DVLOG(2) << "Unable to parse IP address: '" << ip_address << "'"; 820 return false; 821 } 822 if (ip_number.size() == net::kIPv4AddressSize) { 823 ip_number = net::ConvertIPv4NumberToIPv6Number(ip_number); 824 } 825 if (ip_number.size() != net::kIPv6AddressSize) { 826 DVLOG(2) << "Unable to convert IPv4 address to IPv6: '" 827 << ip_address << "'"; 828 return false; // better safe than sorry. 829 } 830 // This function can be called from any thread. 831 base::AutoLock locked(lookup_lock_); 832 for (IPBlacklist::const_iterator it = ip_blacklist_.begin(); 833 it != ip_blacklist_.end(); 834 ++it) { 835 const std::string& mask = it->first; 836 DCHECK_EQ(mask.size(), ip_number.size()); 837 std::string subnet(net::kIPv6AddressSize, '\0'); 838 for (size_t i = 0; i < net::kIPv6AddressSize; ++i) { 839 subnet[i] = ip_number[i] & mask[i]; 840 } 841 const std::string hash = base::SHA1HashString(subnet); 842 DVLOG(2) << "Lookup Malware IP: " 843 << " ip:" << ip_address 844 << " mask:" << base::HexEncode(mask.data(), mask.size()) 845 << " subnet:" << base::HexEncode(subnet.data(), subnet.size()) 846 << " hash:" << base::HexEncode(hash.data(), hash.size()); 847 if (it->second.count(hash) > 0) { 848 return true; 849 } 850 } 851 return false; 852 } 853 854 bool SafeBrowsingDatabaseNew::ContainsDownloadWhitelistedString( 855 const std::string& str) { 856 SBFullHash hash; 857 crypto::SHA256HashString(str, &hash, sizeof(hash)); 858 std::vector<SBFullHash> hashes; 859 hashes.push_back(hash); 860 return ContainsWhitelistedHashes(download_whitelist_, hashes); 861 } 862 863 bool SafeBrowsingDatabaseNew::ContainsWhitelistedHashes( 864 const SBWhitelist& whitelist, 865 const std::vector<SBFullHash>& hashes) { 866 base::AutoLock l(lookup_lock_); 867 if (whitelist.second) 868 return true; 869 for (std::vector<SBFullHash>::const_iterator it = hashes.begin(); 870 it != hashes.end(); ++it) { 871 if (std::binary_search(whitelist.first.begin(), whitelist.first.end(), *it)) 872 return true; 873 } 874 return false; 875 } 876 877 // Helper to insert entries for all of the prefixes or full hashes in 878 // |entry| into the store. 879 void SafeBrowsingDatabaseNew::InsertAdd(int chunk_id, SBPrefix host, 880 const SBEntry* entry, int list_id) { 881 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 882 883 SafeBrowsingStore* store = GetStore(list_id); 884 if (!store) return; 885 886 STATS_COUNTER("SB.HostInsert", 1); 887 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id); 888 const int count = entry->prefix_count(); 889 890 DCHECK(!entry->IsSub()); 891 if (!count) { 892 // No prefixes, use host instead. 893 STATS_COUNTER("SB.PrefixAdd", 1); 894 store->WriteAddPrefix(encoded_chunk_id, host); 895 } else if (entry->IsPrefix()) { 896 // Prefixes only. 897 for (int i = 0; i < count; i++) { 898 const SBPrefix prefix = entry->PrefixAt(i); 899 STATS_COUNTER("SB.PrefixAdd", 1); 900 store->WriteAddPrefix(encoded_chunk_id, prefix); 901 } 902 } else { 903 // Prefixes and hashes. 904 const base::Time receive_time = base::Time::Now(); 905 for (int i = 0; i < count; ++i) { 906 const SBFullHash full_hash = entry->FullHashAt(i); 907 const SBPrefix prefix = full_hash.prefix; 908 909 STATS_COUNTER("SB.PrefixAdd", 1); 910 store->WriteAddPrefix(encoded_chunk_id, prefix); 911 912 STATS_COUNTER("SB.PrefixAddFull", 1); 913 store->WriteAddHash(encoded_chunk_id, receive_time, full_hash); 914 } 915 } 916 } 917 918 // Helper to iterate over all the entries in the hosts in |chunks| and 919 // add them to the store. 920 void SafeBrowsingDatabaseNew::InsertAddChunks( 921 const safe_browsing_util::ListType list_id, 922 const SBChunkList& chunks) { 923 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 924 925 SafeBrowsingStore* store = GetStore(list_id); 926 if (!store) return; 927 928 for (SBChunkList::const_iterator citer = chunks.begin(); 929 citer != chunks.end(); ++citer) { 930 const int chunk_id = citer->chunk_number; 931 932 // The server can give us a chunk that we already have because 933 // it's part of a range. Don't add it again. 934 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id); 935 if (store->CheckAddChunk(encoded_chunk_id)) 936 continue; 937 938 store->SetAddChunk(encoded_chunk_id); 939 for (std::deque<SBChunkHost>::const_iterator hiter = citer->hosts.begin(); 940 hiter != citer->hosts.end(); ++hiter) { 941 // NOTE: Could pass |encoded_chunk_id|, but then inserting add 942 // chunks would look different from inserting sub chunks. 943 InsertAdd(chunk_id, hiter->host, hiter->entry, list_id); 944 } 945 } 946 } 947 948 // Helper to insert entries for all of the prefixes or full hashes in 949 // |entry| into the store. 950 void SafeBrowsingDatabaseNew::InsertSub(int chunk_id, SBPrefix host, 951 const SBEntry* entry, int list_id) { 952 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 953 954 SafeBrowsingStore* store = GetStore(list_id); 955 if (!store) return; 956 957 STATS_COUNTER("SB.HostDelete", 1); 958 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id); 959 const int count = entry->prefix_count(); 960 961 DCHECK(entry->IsSub()); 962 if (!count) { 963 // No prefixes, use host instead. 964 STATS_COUNTER("SB.PrefixSub", 1); 965 const int add_chunk_id = EncodeChunkId(entry->chunk_id(), list_id); 966 store->WriteSubPrefix(encoded_chunk_id, add_chunk_id, host); 967 } else if (entry->IsPrefix()) { 968 // Prefixes only. 969 for (int i = 0; i < count; i++) { 970 const SBPrefix prefix = entry->PrefixAt(i); 971 const int add_chunk_id = 972 EncodeChunkId(entry->ChunkIdAtPrefix(i), list_id); 973 974 STATS_COUNTER("SB.PrefixSub", 1); 975 store->WriteSubPrefix(encoded_chunk_id, add_chunk_id, prefix); 976 } 977 } else { 978 // Prefixes and hashes. 979 for (int i = 0; i < count; ++i) { 980 const SBFullHash full_hash = entry->FullHashAt(i); 981 const int add_chunk_id = 982 EncodeChunkId(entry->ChunkIdAtPrefix(i), list_id); 983 984 STATS_COUNTER("SB.PrefixSub", 1); 985 store->WriteSubPrefix(encoded_chunk_id, add_chunk_id, full_hash.prefix); 986 987 STATS_COUNTER("SB.PrefixSubFull", 1); 988 store->WriteSubHash(encoded_chunk_id, add_chunk_id, full_hash); 989 } 990 } 991 } 992 993 // Helper to iterate over all the entries in the hosts in |chunks| and 994 // add them to the store. 995 void SafeBrowsingDatabaseNew::InsertSubChunks( 996 safe_browsing_util::ListType list_id, 997 const SBChunkList& chunks) { 998 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 999 1000 SafeBrowsingStore* store = GetStore(list_id); 1001 if (!store) return; 1002 1003 for (SBChunkList::const_iterator citer = chunks.begin(); 1004 citer != chunks.end(); ++citer) { 1005 const int chunk_id = citer->chunk_number; 1006 1007 // The server can give us a chunk that we already have because 1008 // it's part of a range. Don't add it again. 1009 const int encoded_chunk_id = EncodeChunkId(chunk_id, list_id); 1010 if (store->CheckSubChunk(encoded_chunk_id)) 1011 continue; 1012 1013 store->SetSubChunk(encoded_chunk_id); 1014 for (std::deque<SBChunkHost>::const_iterator hiter = citer->hosts.begin(); 1015 hiter != citer->hosts.end(); ++hiter) { 1016 InsertSub(chunk_id, hiter->host, hiter->entry, list_id); 1017 } 1018 } 1019 } 1020 1021 void SafeBrowsingDatabaseNew::InsertChunks(const std::string& list_name, 1022 const SBChunkList& chunks) { 1023 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1024 1025 if (corruption_detected_ || chunks.empty()) 1026 return; 1027 1028 const base::TimeTicks before = base::TimeTicks::Now(); 1029 1030 const safe_browsing_util::ListType list_id = 1031 safe_browsing_util::GetListId(list_name); 1032 DVLOG(2) << list_name << ": " << list_id; 1033 1034 SafeBrowsingStore* store = GetStore(list_id); 1035 if (!store) return; 1036 1037 change_detected_ = true; 1038 1039 store->BeginChunk(); 1040 if (chunks.front().is_add) { 1041 InsertAddChunks(list_id, chunks); 1042 } else { 1043 InsertSubChunks(list_id, chunks); 1044 } 1045 store->FinishChunk(); 1046 1047 UMA_HISTOGRAM_TIMES("SB2.ChunkInsert", base::TimeTicks::Now() - before); 1048 } 1049 1050 void SafeBrowsingDatabaseNew::DeleteChunks( 1051 const std::vector<SBChunkDelete>& chunk_deletes) { 1052 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1053 1054 if (corruption_detected_ || chunk_deletes.empty()) 1055 return; 1056 1057 const std::string& list_name = chunk_deletes.front().list_name; 1058 const safe_browsing_util::ListType list_id = 1059 safe_browsing_util::GetListId(list_name); 1060 1061 SafeBrowsingStore* store = GetStore(list_id); 1062 if (!store) return; 1063 1064 change_detected_ = true; 1065 1066 for (size_t i = 0; i < chunk_deletes.size(); ++i) { 1067 std::vector<int> chunk_numbers; 1068 RangesToChunks(chunk_deletes[i].chunk_del, &chunk_numbers); 1069 for (size_t j = 0; j < chunk_numbers.size(); ++j) { 1070 const int encoded_chunk_id = EncodeChunkId(chunk_numbers[j], list_id); 1071 if (chunk_deletes[i].is_sub_del) 1072 store->DeleteSubChunk(encoded_chunk_id); 1073 else 1074 store->DeleteAddChunk(encoded_chunk_id); 1075 } 1076 } 1077 } 1078 1079 void SafeBrowsingDatabaseNew::CacheHashResults( 1080 const std::vector<SBPrefix>& prefixes, 1081 const std::vector<SBFullHashResult>& full_hits) { 1082 // This is called on the I/O thread, lock against updates. 1083 base::AutoLock locked(lookup_lock_); 1084 1085 if (full_hits.empty()) { 1086 prefix_miss_cache_.insert(prefixes.begin(), prefixes.end()); 1087 return; 1088 } 1089 1090 // TODO(shess): SBFullHashResult and SBAddFullHash are very similar. 1091 // Refactor to make them identical. 1092 const base::Time now = base::Time::Now(); 1093 const size_t orig_size = pending_browse_hashes_.size(); 1094 for (std::vector<SBFullHashResult>::const_iterator iter = full_hits.begin(); 1095 iter != full_hits.end(); ++iter) { 1096 const int list_id = safe_browsing_util::GetListId(iter->list_name); 1097 if (list_id == safe_browsing_util::MALWARE || 1098 list_id == safe_browsing_util::PHISH) { 1099 int encoded_chunk_id = EncodeChunkId(iter->add_chunk_id, list_id); 1100 SBAddFullHash add_full_hash(encoded_chunk_id, now, iter->hash); 1101 pending_browse_hashes_.push_back(add_full_hash); 1102 } 1103 } 1104 1105 // Sort new entries then merge with the previously-sorted entries. 1106 std::vector<SBAddFullHash>::iterator 1107 orig_end = pending_browse_hashes_.begin() + orig_size; 1108 std::sort(orig_end, pending_browse_hashes_.end(), SBAddFullHashPrefixLess); 1109 std::inplace_merge(pending_browse_hashes_.begin(), 1110 orig_end, pending_browse_hashes_.end(), 1111 SBAddFullHashPrefixLess); 1112 } 1113 1114 bool SafeBrowsingDatabaseNew::UpdateStarted( 1115 std::vector<SBListChunkRanges>* lists) { 1116 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1117 DCHECK(lists); 1118 1119 // If |BeginUpdate()| fails, reset the database. 1120 if (!browse_store_->BeginUpdate()) { 1121 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_BEGIN); 1122 HandleCorruptDatabase(); 1123 return false; 1124 } 1125 1126 if (download_store_.get() && !download_store_->BeginUpdate()) { 1127 RecordFailure(FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN); 1128 HandleCorruptDatabase(); 1129 return false; 1130 } 1131 1132 if (csd_whitelist_store_.get() && !csd_whitelist_store_->BeginUpdate()) { 1133 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN); 1134 HandleCorruptDatabase(); 1135 return false; 1136 } 1137 1138 if (download_whitelist_store_.get() && 1139 !download_whitelist_store_->BeginUpdate()) { 1140 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN); 1141 HandleCorruptDatabase(); 1142 return false; 1143 } 1144 1145 if (extension_blacklist_store_ && 1146 !extension_blacklist_store_->BeginUpdate()) { 1147 RecordFailure(FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN); 1148 HandleCorruptDatabase(); 1149 return false; 1150 } 1151 1152 if (side_effect_free_whitelist_store_ && 1153 !side_effect_free_whitelist_store_->BeginUpdate()) { 1154 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN); 1155 HandleCorruptDatabase(); 1156 return false; 1157 } 1158 1159 if (ip_blacklist_store_ && !ip_blacklist_store_->BeginUpdate()) { 1160 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_BEGIN); 1161 HandleCorruptDatabase(); 1162 return false; 1163 } 1164 1165 std::vector<std::string> browse_listnames; 1166 browse_listnames.push_back(safe_browsing_util::kMalwareList); 1167 browse_listnames.push_back(safe_browsing_util::kPhishingList); 1168 UpdateChunkRanges(browse_store_.get(), browse_listnames, lists); 1169 1170 if (download_store_.get()) { 1171 // This store used to contain kBinHashList in addition to 1172 // kBinUrlList. Strip the stale data before generating the chunk 1173 // ranges to request. UpdateChunkRanges() will traverse the chunk 1174 // list, so this is very cheap if there are no kBinHashList chunks. 1175 const int listid = 1176 safe_browsing_util::GetListId(safe_browsing_util::kBinHashList); 1177 DeleteChunksFromStore(download_store_.get(), listid); 1178 1179 // The above marks the chunks for deletion, but they are not 1180 // actually deleted until the database is rewritten. The 1181 // following code removes the kBinHashList part of the request 1182 // before continuing so that UpdateChunkRanges() doesn't break. 1183 std::vector<std::string> download_listnames; 1184 download_listnames.push_back(safe_browsing_util::kBinUrlList); 1185 download_listnames.push_back(safe_browsing_util::kBinHashList); 1186 UpdateChunkRanges(download_store_.get(), download_listnames, lists); 1187 DCHECK_EQ(lists->back().name, 1188 std::string(safe_browsing_util::kBinHashList)); 1189 lists->pop_back(); 1190 1191 // TODO(shess): This problem could also be handled in 1192 // BeginUpdate() by detecting the chunks to delete and rewriting 1193 // the database before it's used. When I implemented that, it 1194 // felt brittle, it might be easier to just wait for some future 1195 // format change. 1196 } 1197 1198 if (csd_whitelist_store_.get()) { 1199 std::vector<std::string> csd_whitelist_listnames; 1200 csd_whitelist_listnames.push_back(safe_browsing_util::kCsdWhiteList); 1201 UpdateChunkRanges(csd_whitelist_store_.get(), 1202 csd_whitelist_listnames, lists); 1203 } 1204 1205 if (download_whitelist_store_.get()) { 1206 std::vector<std::string> download_whitelist_listnames; 1207 download_whitelist_listnames.push_back( 1208 safe_browsing_util::kDownloadWhiteList); 1209 UpdateChunkRanges(download_whitelist_store_.get(), 1210 download_whitelist_listnames, lists); 1211 } 1212 1213 if (extension_blacklist_store_) { 1214 UpdateChunkRanges( 1215 extension_blacklist_store_.get(), 1216 std::vector<std::string>(1, safe_browsing_util::kExtensionBlacklist), 1217 lists); 1218 } 1219 1220 if (side_effect_free_whitelist_store_) { 1221 UpdateChunkRanges( 1222 side_effect_free_whitelist_store_.get(), 1223 std::vector<std::string>( 1224 1, safe_browsing_util::kSideEffectFreeWhitelist), 1225 lists); 1226 } 1227 1228 if (ip_blacklist_store_) { 1229 UpdateChunkRanges( 1230 ip_blacklist_store_.get(), 1231 std::vector<std::string>(1, safe_browsing_util::kIPBlacklist), 1232 lists); 1233 } 1234 1235 corruption_detected_ = false; 1236 change_detected_ = false; 1237 return true; 1238 } 1239 1240 void SafeBrowsingDatabaseNew::UpdateFinished(bool update_succeeded) { 1241 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1242 1243 // The update may have failed due to corrupt storage (for instance, 1244 // an excessive number of invalid add_chunks and sub_chunks). 1245 // Double-check that the databases are valid. 1246 // TODO(shess): Providing a checksum for the add_chunk and sub_chunk 1247 // sections would allow throwing a corruption error in 1248 // UpdateStarted(). 1249 if (!update_succeeded) { 1250 if (!browse_store_->CheckValidity()) 1251 DLOG(ERROR) << "Safe-browsing browse database corrupt."; 1252 1253 if (download_store_.get() && !download_store_->CheckValidity()) 1254 DLOG(ERROR) << "Safe-browsing download database corrupt."; 1255 1256 if (csd_whitelist_store_.get() && !csd_whitelist_store_->CheckValidity()) 1257 DLOG(ERROR) << "Safe-browsing csd whitelist database corrupt."; 1258 1259 if (download_whitelist_store_.get() && 1260 !download_whitelist_store_->CheckValidity()) { 1261 DLOG(ERROR) << "Safe-browsing download whitelist database corrupt."; 1262 } 1263 1264 if (extension_blacklist_store_ && 1265 !extension_blacklist_store_->CheckValidity()) { 1266 DLOG(ERROR) << "Safe-browsing extension blacklist database corrupt."; 1267 } 1268 1269 if (side_effect_free_whitelist_store_ && 1270 !side_effect_free_whitelist_store_->CheckValidity()) { 1271 DLOG(ERROR) << "Safe-browsing side-effect free whitelist database " 1272 << "corrupt."; 1273 } 1274 1275 if (ip_blacklist_store_ && !ip_blacklist_store_->CheckValidity()) { 1276 DLOG(ERROR) << "Safe-browsing IP blacklist database corrupt."; 1277 } 1278 } 1279 1280 if (corruption_detected_) 1281 return; 1282 1283 // Unroll the transaction if there was a protocol error or if the 1284 // transaction was empty. This will leave the prefix set, the 1285 // pending hashes, and the prefix miss cache in place. 1286 if (!update_succeeded || !change_detected_) { 1287 // Track empty updates to answer questions at http://crbug.com/72216 . 1288 if (update_succeeded && !change_detected_) 1289 UMA_HISTOGRAM_COUNTS("SB2.DatabaseUpdateKilobytes", 0); 1290 browse_store_->CancelUpdate(); 1291 if (download_store_.get()) 1292 download_store_->CancelUpdate(); 1293 if (csd_whitelist_store_.get()) 1294 csd_whitelist_store_->CancelUpdate(); 1295 if (download_whitelist_store_.get()) 1296 download_whitelist_store_->CancelUpdate(); 1297 if (extension_blacklist_store_) 1298 extension_blacklist_store_->CancelUpdate(); 1299 if (side_effect_free_whitelist_store_) 1300 side_effect_free_whitelist_store_->CancelUpdate(); 1301 if (ip_blacklist_store_) 1302 ip_blacklist_store_->CancelUpdate(); 1303 return; 1304 } 1305 1306 if (download_store_) { 1307 int64 size_bytes = UpdateHashPrefixStore( 1308 download_filename_, 1309 download_store_.get(), 1310 FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH); 1311 UMA_HISTOGRAM_COUNTS("SB2.DownloadDatabaseKilobytes", 1312 static_cast<int>(size_bytes / 1024)); 1313 } 1314 1315 UpdateBrowseStore(); 1316 UpdateWhitelistStore(csd_whitelist_filename_, 1317 csd_whitelist_store_.get(), 1318 &csd_whitelist_); 1319 UpdateWhitelistStore(download_whitelist_filename_, 1320 download_whitelist_store_.get(), 1321 &download_whitelist_); 1322 1323 if (extension_blacklist_store_) { 1324 int64 size_bytes = UpdateHashPrefixStore( 1325 extension_blacklist_filename_, 1326 extension_blacklist_store_.get(), 1327 FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH); 1328 UMA_HISTOGRAM_COUNTS("SB2.ExtensionBlacklistKilobytes", 1329 static_cast<int>(size_bytes / 1024)); 1330 } 1331 1332 if (side_effect_free_whitelist_store_) 1333 UpdateSideEffectFreeWhitelistStore(); 1334 1335 if (ip_blacklist_store_) 1336 UpdateIpBlacklistStore(); 1337 } 1338 1339 void SafeBrowsingDatabaseNew::UpdateWhitelistStore( 1340 const base::FilePath& store_filename, 1341 SafeBrowsingStore* store, 1342 SBWhitelist* whitelist) { 1343 if (!store) 1344 return; 1345 1346 // For the whitelists, we don't cache and save full hashes since all 1347 // hashes are already full. 1348 std::vector<SBAddFullHash> empty_add_hashes; 1349 1350 // Note: prefixes will not be empty. The current data store implementation 1351 // stores all full-length hashes as both full and prefix hashes. 1352 SBAddPrefixes prefixes; 1353 std::vector<SBAddFullHash> full_hashes; 1354 if (!store->FinishUpdate(empty_add_hashes, &prefixes, &full_hashes)) { 1355 RecordFailure(FAILURE_WHITELIST_DATABASE_UPDATE_FINISH); 1356 WhitelistEverything(whitelist); 1357 return; 1358 } 1359 1360 #if defined(OS_MACOSX) 1361 base::mac::SetFileBackupExclusion(store_filename); 1362 #endif 1363 1364 LoadWhitelist(full_hashes, whitelist); 1365 } 1366 1367 int64 SafeBrowsingDatabaseNew::UpdateHashPrefixStore( 1368 const base::FilePath& store_filename, 1369 SafeBrowsingStore* store, 1370 FailureType failure_type) { 1371 // We don't cache and save full hashes. 1372 std::vector<SBAddFullHash> empty_add_hashes; 1373 1374 // These results are not used after this call. Simply ignore the 1375 // returned value after FinishUpdate(...). 1376 SBAddPrefixes add_prefixes_result; 1377 std::vector<SBAddFullHash> add_full_hashes_result; 1378 1379 if (!store->FinishUpdate(empty_add_hashes, 1380 &add_prefixes_result, 1381 &add_full_hashes_result)) { 1382 RecordFailure(failure_type); 1383 } 1384 1385 #if defined(OS_MACOSX) 1386 base::mac::SetFileBackupExclusion(store_filename); 1387 #endif 1388 1389 return GetFileSizeOrZero(store_filename); 1390 } 1391 1392 void SafeBrowsingDatabaseNew::UpdateBrowseStore() { 1393 // Copy out the pending add hashes. Copy rather than swapping in 1394 // case |ContainsBrowseURL()| is called before the new filter is complete. 1395 std::vector<SBAddFullHash> pending_add_hashes; 1396 { 1397 base::AutoLock locked(lookup_lock_); 1398 pending_add_hashes.insert(pending_add_hashes.end(), 1399 pending_browse_hashes_.begin(), 1400 pending_browse_hashes_.end()); 1401 } 1402 1403 // Measure the amount of IO during the filter build. 1404 base::IoCounters io_before, io_after; 1405 base::ProcessHandle handle = base::Process::Current().handle(); 1406 scoped_ptr<base::ProcessMetrics> metric( 1407 #if !defined(OS_MACOSX) 1408 base::ProcessMetrics::CreateProcessMetrics(handle) 1409 #else 1410 // Getting stats only for the current process is enough, so NULL is fine. 1411 base::ProcessMetrics::CreateProcessMetrics(handle, NULL) 1412 #endif 1413 ); 1414 1415 // IoCounters are currently not supported on Mac, and may not be 1416 // available for Linux, so we check the result and only show IO 1417 // stats if they are available. 1418 const bool got_counters = metric->GetIOCounters(&io_before); 1419 1420 const base::TimeTicks before = base::TimeTicks::Now(); 1421 1422 SBAddPrefixes add_prefixes; 1423 std::vector<SBAddFullHash> add_full_hashes; 1424 if (!browse_store_->FinishUpdate(pending_add_hashes, 1425 &add_prefixes, &add_full_hashes)) { 1426 RecordFailure(FAILURE_BROWSE_DATABASE_UPDATE_FINISH); 1427 return; 1428 } 1429 1430 // TODO(shess): If |add_prefixes| were sorted by the prefix, it 1431 // could be passed directly to |PrefixSet()|, removing the need for 1432 // |prefixes|. For now, |prefixes| is useful while debugging 1433 // things. 1434 std::vector<SBPrefix> prefixes; 1435 prefixes.reserve(add_prefixes.size()); 1436 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin(); 1437 iter != add_prefixes.end(); ++iter) { 1438 prefixes.push_back(iter->prefix); 1439 } 1440 1441 std::sort(prefixes.begin(), prefixes.end()); 1442 scoped_ptr<safe_browsing::PrefixSet> 1443 prefix_set(new safe_browsing::PrefixSet(prefixes)); 1444 1445 // This needs to be in sorted order by prefix for efficient access. 1446 std::sort(add_full_hashes.begin(), add_full_hashes.end(), 1447 SBAddFullHashPrefixLess); 1448 1449 // Swap in the newly built filter and cache. 1450 { 1451 base::AutoLock locked(lookup_lock_); 1452 full_browse_hashes_.swap(add_full_hashes); 1453 1454 // TODO(shess): If |CacheHashResults()| is posted between the 1455 // earlier lock and this clear, those pending hashes will be lost. 1456 // It could be fixed by only removing hashes which were collected 1457 // at the earlier point. I believe that is fail-safe as-is (the 1458 // hash will be fetched again). 1459 pending_browse_hashes_.clear(); 1460 prefix_miss_cache_.clear(); 1461 browse_prefix_set_.swap(prefix_set); 1462 } 1463 1464 DVLOG(1) << "SafeBrowsingDatabaseImpl built prefix set in " 1465 << (base::TimeTicks::Now() - before).InMilliseconds() 1466 << " ms total. prefix count: " << add_prefixes.size(); 1467 UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before); 1468 1469 // Persist the prefix set to disk. Since only this thread changes 1470 // |browse_prefix_set_|, there is no need to lock. 1471 WritePrefixSet(); 1472 1473 // Gather statistics. 1474 if (got_counters && metric->GetIOCounters(&io_after)) { 1475 UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes", 1476 static_cast<int>(io_after.ReadTransferCount - 1477 io_before.ReadTransferCount) / 1024); 1478 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes", 1479 static_cast<int>(io_after.WriteTransferCount - 1480 io_before.WriteTransferCount) / 1024); 1481 UMA_HISTOGRAM_COUNTS("SB2.BuildReadOperations", 1482 static_cast<int>(io_after.ReadOperationCount - 1483 io_before.ReadOperationCount)); 1484 UMA_HISTOGRAM_COUNTS("SB2.BuildWriteOperations", 1485 static_cast<int>(io_after.WriteOperationCount - 1486 io_before.WriteOperationCount)); 1487 } 1488 1489 int64 file_size = GetFileSizeOrZero(browse_prefix_set_filename_); 1490 UMA_HISTOGRAM_COUNTS("SB2.PrefixSetKilobytes", 1491 static_cast<int>(file_size / 1024)); 1492 file_size = GetFileSizeOrZero(browse_filename_); 1493 UMA_HISTOGRAM_COUNTS("SB2.BrowseDatabaseKilobytes", 1494 static_cast<int>(file_size / 1024)); 1495 1496 #if defined(OS_MACOSX) 1497 base::mac::SetFileBackupExclusion(browse_filename_); 1498 #endif 1499 } 1500 1501 void SafeBrowsingDatabaseNew::UpdateSideEffectFreeWhitelistStore() { 1502 std::vector<SBAddFullHash> empty_add_hashes; 1503 SBAddPrefixes add_prefixes; 1504 std::vector<SBAddFullHash> add_full_hashes_result; 1505 1506 if (!side_effect_free_whitelist_store_->FinishUpdate( 1507 empty_add_hashes, 1508 &add_prefixes, 1509 &add_full_hashes_result)) { 1510 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH); 1511 return; 1512 } 1513 1514 // TODO(shess): If |add_prefixes| were sorted by the prefix, it 1515 // could be passed directly to |PrefixSet()|, removing the need for 1516 // |prefixes|. For now, |prefixes| is useful while debugging 1517 // things. 1518 std::vector<SBPrefix> prefixes; 1519 prefixes.reserve(add_prefixes.size()); 1520 for (SBAddPrefixes::const_iterator iter = add_prefixes.begin(); 1521 iter != add_prefixes.end(); ++iter) { 1522 prefixes.push_back(iter->prefix); 1523 } 1524 1525 std::sort(prefixes.begin(), prefixes.end()); 1526 scoped_ptr<safe_browsing::PrefixSet> 1527 prefix_set(new safe_browsing::PrefixSet(prefixes)); 1528 1529 // Swap in the newly built prefix set. 1530 { 1531 base::AutoLock locked(lookup_lock_); 1532 side_effect_free_whitelist_prefix_set_.swap(prefix_set); 1533 } 1534 1535 const base::TimeTicks before = base::TimeTicks::Now(); 1536 const bool write_ok = side_effect_free_whitelist_prefix_set_->WriteFile( 1537 side_effect_free_whitelist_prefix_set_filename_); 1538 DVLOG(1) << "SafeBrowsingDatabaseNew wrote side-effect free whitelist prefix " 1539 << "set in " << (base::TimeTicks::Now() - before).InMilliseconds() 1540 << " ms"; 1541 UMA_HISTOGRAM_TIMES("SB2.SideEffectFreePrefixSetWrite", 1542 base::TimeTicks::Now() - before); 1543 1544 if (!write_ok) 1545 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE); 1546 1547 // Gather statistics. 1548 int64 file_size = GetFileSizeOrZero( 1549 side_effect_free_whitelist_prefix_set_filename_); 1550 UMA_HISTOGRAM_COUNTS("SB2.SideEffectFreeWhitelistPrefixSetKilobytes", 1551 static_cast<int>(file_size / 1024)); 1552 file_size = GetFileSizeOrZero(side_effect_free_whitelist_filename_); 1553 UMA_HISTOGRAM_COUNTS("SB2.SideEffectFreeWhitelistDatabaseKilobytes", 1554 static_cast<int>(file_size / 1024)); 1555 1556 #if defined(OS_MACOSX) 1557 base::mac::SetFileBackupExclusion(side_effect_free_whitelist_filename_); 1558 base::mac::SetFileBackupExclusion( 1559 side_effect_free_whitelist_prefix_set_filename_); 1560 #endif 1561 } 1562 1563 void SafeBrowsingDatabaseNew::UpdateIpBlacklistStore() { 1564 // For the IP blacklist, we don't cache and save full hashes since all 1565 // hashes are already full. 1566 std::vector<SBAddFullHash> empty_add_hashes; 1567 1568 // Note: prefixes will not be empty. The current data store implementation 1569 // stores all full-length hashes as both full and prefix hashes. 1570 SBAddPrefixes prefixes; 1571 std::vector<SBAddFullHash> full_hashes; 1572 if (!ip_blacklist_store_->FinishUpdate(empty_add_hashes, 1573 &prefixes, &full_hashes)) { 1574 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_FINISH); 1575 LoadIpBlacklist(std::vector<SBAddFullHash>()); // Clear the list. 1576 return; 1577 } 1578 1579 #if defined(OS_MACOSX) 1580 base::mac::SetFileBackupExclusion(ip_blacklist_filename_); 1581 #endif 1582 1583 LoadIpBlacklist(full_hashes); 1584 } 1585 1586 void SafeBrowsingDatabaseNew::HandleCorruptDatabase() { 1587 // Reset the database after the current task has unwound (but only 1588 // reset once within the scope of a given task). 1589 if (!reset_factory_.HasWeakPtrs()) { 1590 RecordFailure(FAILURE_DATABASE_CORRUPT); 1591 base::MessageLoop::current()->PostTask(FROM_HERE, 1592 base::Bind(&SafeBrowsingDatabaseNew::OnHandleCorruptDatabase, 1593 reset_factory_.GetWeakPtr())); 1594 } 1595 } 1596 1597 void SafeBrowsingDatabaseNew::OnHandleCorruptDatabase() { 1598 RecordFailure(FAILURE_DATABASE_CORRUPT_HANDLER); 1599 corruption_detected_ = true; // Stop updating the database. 1600 ResetDatabase(); 1601 DLOG(FATAL) << "SafeBrowsing database was corrupt and reset"; 1602 } 1603 1604 // TODO(shess): I'm not clear why this code doesn't have any 1605 // real error-handling. 1606 void SafeBrowsingDatabaseNew::LoadPrefixSet() { 1607 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1608 DCHECK(!browse_prefix_set_filename_.empty()); 1609 1610 // If there is no database, the filter cannot be used. 1611 base::PlatformFileInfo db_info; 1612 if (!base::GetFileInfo(browse_filename_, &db_info) || db_info.size == 0) 1613 return; 1614 1615 // Cleanup any stale bloom filter (no longer used). 1616 // TODO(shess): Track failure to delete? 1617 base::FilePath bloom_filter_filename = 1618 BloomFilterForFilename(browse_filename_); 1619 base::DeleteFile(bloom_filter_filename, false); 1620 1621 const base::TimeTicks before = base::TimeTicks::Now(); 1622 browse_prefix_set_.reset(safe_browsing::PrefixSet::LoadFile( 1623 browse_prefix_set_filename_)); 1624 DVLOG(1) << "SafeBrowsingDatabaseNew read prefix set in " 1625 << (base::TimeTicks::Now() - before).InMilliseconds() << " ms"; 1626 UMA_HISTOGRAM_TIMES("SB2.PrefixSetLoad", base::TimeTicks::Now() - before); 1627 1628 if (!browse_prefix_set_.get()) 1629 RecordFailure(FAILURE_BROWSE_PREFIX_SET_READ); 1630 } 1631 1632 bool SafeBrowsingDatabaseNew::Delete() { 1633 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1634 1635 const bool r1 = browse_store_->Delete(); 1636 if (!r1) 1637 RecordFailure(FAILURE_DATABASE_STORE_DELETE); 1638 1639 const bool r2 = download_store_.get() ? download_store_->Delete() : true; 1640 if (!r2) 1641 RecordFailure(FAILURE_DATABASE_STORE_DELETE); 1642 1643 const bool r3 = csd_whitelist_store_.get() ? 1644 csd_whitelist_store_->Delete() : true; 1645 if (!r3) 1646 RecordFailure(FAILURE_DATABASE_STORE_DELETE); 1647 1648 const bool r4 = download_whitelist_store_.get() ? 1649 download_whitelist_store_->Delete() : true; 1650 if (!r4) 1651 RecordFailure(FAILURE_DATABASE_STORE_DELETE); 1652 1653 base::FilePath bloom_filter_filename = 1654 BloomFilterForFilename(browse_filename_); 1655 const bool r5 = base::DeleteFile(bloom_filter_filename, false); 1656 if (!r5) 1657 RecordFailure(FAILURE_DATABASE_FILTER_DELETE); 1658 1659 const bool r6 = base::DeleteFile(browse_prefix_set_filename_, false); 1660 if (!r6) 1661 RecordFailure(FAILURE_BROWSE_PREFIX_SET_DELETE); 1662 1663 const bool r7 = base::DeleteFile(extension_blacklist_filename_, false); 1664 if (!r7) 1665 RecordFailure(FAILURE_EXTENSION_BLACKLIST_DELETE); 1666 1667 const bool r8 = base::DeleteFile(side_effect_free_whitelist_filename_, 1668 false); 1669 if (!r8) 1670 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE); 1671 1672 const bool r9 = base::DeleteFile( 1673 side_effect_free_whitelist_prefix_set_filename_, 1674 false); 1675 if (!r9) 1676 RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE); 1677 1678 const bool r10 = base::DeleteFile(ip_blacklist_filename_, false); 1679 if (!r10) 1680 RecordFailure(FAILURE_IP_BLACKLIST_DELETE); 1681 1682 return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10; 1683 } 1684 1685 void SafeBrowsingDatabaseNew::WritePrefixSet() { 1686 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1687 1688 if (!browse_prefix_set_.get()) 1689 return; 1690 1691 const base::TimeTicks before = base::TimeTicks::Now(); 1692 const bool write_ok = browse_prefix_set_->WriteFile( 1693 browse_prefix_set_filename_); 1694 DVLOG(1) << "SafeBrowsingDatabaseNew wrote prefix set in " 1695 << (base::TimeTicks::Now() - before).InMilliseconds() << " ms"; 1696 UMA_HISTOGRAM_TIMES("SB2.PrefixSetWrite", base::TimeTicks::Now() - before); 1697 1698 if (!write_ok) 1699 RecordFailure(FAILURE_BROWSE_PREFIX_SET_WRITE); 1700 1701 #if defined(OS_MACOSX) 1702 base::mac::SetFileBackupExclusion(browse_prefix_set_filename_); 1703 #endif 1704 } 1705 1706 void SafeBrowsingDatabaseNew::WhitelistEverything(SBWhitelist* whitelist) { 1707 base::AutoLock locked(lookup_lock_); 1708 whitelist->second = true; 1709 whitelist->first.clear(); 1710 } 1711 1712 void SafeBrowsingDatabaseNew::LoadWhitelist( 1713 const std::vector<SBAddFullHash>& full_hashes, 1714 SBWhitelist* whitelist) { 1715 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1716 if (full_hashes.size() > kMaxWhitelistSize) { 1717 WhitelistEverything(whitelist); 1718 return; 1719 } 1720 1721 std::vector<SBFullHash> new_whitelist; 1722 new_whitelist.reserve(full_hashes.size()); 1723 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin(); 1724 it != full_hashes.end(); ++it) { 1725 new_whitelist.push_back(it->full_hash); 1726 } 1727 std::sort(new_whitelist.begin(), new_whitelist.end()); 1728 1729 SBFullHash kill_switch; 1730 crypto::SHA256HashString(kWhitelistKillSwitchUrl, &kill_switch, 1731 sizeof(kill_switch)); 1732 if (std::binary_search(new_whitelist.begin(), new_whitelist.end(), 1733 kill_switch)) { 1734 // The kill switch is whitelisted hence we whitelist all URLs. 1735 WhitelistEverything(whitelist); 1736 } else { 1737 base::AutoLock locked(lookup_lock_); 1738 whitelist->second = false; 1739 whitelist->first.swap(new_whitelist); 1740 } 1741 } 1742 1743 void SafeBrowsingDatabaseNew::LoadIpBlacklist( 1744 const std::vector<SBAddFullHash>& full_hashes) { 1745 DCHECK_EQ(creation_loop_, base::MessageLoop::current()); 1746 IPBlacklist new_blacklist; 1747 DVLOG(2) << "Writing IP blacklist of size: " << full_hashes.size(); 1748 for (std::vector<SBAddFullHash>::const_iterator it = full_hashes.begin(); 1749 it != full_hashes.end(); 1750 ++it) { 1751 const char* full_hash = it->full_hash.full_hash; 1752 DCHECK_EQ(crypto::kSHA256Length, arraysize(it->full_hash.full_hash)); 1753 // The format of the IP blacklist is: 1754 // SHA-1(IPv6 prefix) + uint8(prefix size) + 11 unused bytes. 1755 std::string hashed_ip_prefix(full_hash, base::kSHA1Length); 1756 size_t prefix_size = static_cast<uint8>(full_hash[base::kSHA1Length]); 1757 if (prefix_size > kMaxIpPrefixSize || prefix_size < kMinIpPrefixSize) { 1758 DVLOG(2) << "Invalid IP prefix size in IP blacklist: " << prefix_size; 1759 RecordFailure(FAILURE_IP_BLACKLIST_UPDATE_INVALID); 1760 new_blacklist.clear(); // Load empty blacklist. 1761 break; 1762 } 1763 1764 // We precompute the mask for the given subnet size to speed up lookups. 1765 // Basically we need to create a 16B long string which has the highest 1766 // |size| bits sets to one. 1767 std::string mask(net::kIPv6AddressSize, '\0'); 1768 mask.replace(0, prefix_size / 8, prefix_size / 8, '\xFF'); 1769 if ((prefix_size % 8) != 0) { 1770 mask[prefix_size / 8] = 0xFF << (8 - (prefix_size % 8)); 1771 } 1772 DVLOG(2) << "Inserting malicious IP: " 1773 << " raw:" << base::HexEncode(full_hash, crypto::kSHA256Length) 1774 << " mask:" << base::HexEncode(mask.data(), mask.size()) 1775 << " prefix_size:" << prefix_size 1776 << " hashed_ip:" << base::HexEncode(hashed_ip_prefix.data(), 1777 hashed_ip_prefix.size()); 1778 new_blacklist[mask].insert(hashed_ip_prefix); 1779 } 1780 1781 base::AutoLock locked(lookup_lock_); 1782 ip_blacklist_.swap(new_blacklist); 1783 } 1784 1785 bool SafeBrowsingDatabaseNew::IsMalwareIPMatchKillSwitchOn() { 1786 SBFullHash malware_kill_switch; 1787 crypto::SHA256HashString(kMalwareIPKillSwitchUrl, &malware_kill_switch, 1788 sizeof(malware_kill_switch)); 1789 std::vector<SBFullHash> full_hashes; 1790 full_hashes.push_back(malware_kill_switch); 1791 return ContainsWhitelistedHashes(csd_whitelist_, full_hashes); 1792 } 1793
