1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h" 6 7 #include <string> 8 9 #include "base/bind.h" 10 #include "base/callback.h" 11 #include "base/files/file_util.h" 12 #include "base/metrics/histogram.h" 13 #include "base/strings/string_number_conversions.h" 14 #include "base/strings/string_util.h" 15 #include "base/strings/stringprintf.h" 16 #include "base/time/time.h" 17 #include "chrome/browser/browser_process.h" 18 #include "chrome/browser/safe_browsing/binary_feature_extractor.h" 19 #include "chrome/browser/safe_browsing/safe_browsing_service.h" 20 #include "chrome/common/safe_browsing/csd.pb.h" 21 22 namespace safe_browsing { 23 24 namespace { 25 26 void RecordSignatureVerificationTime(size_t file_index, 27 const base::TimeDelta& verification_time) { 28 static const char kHistogramName[] = "SBIRS.VerifyBinaryIntegrity."; 29 30 base::HistogramBase* signature_verification_time_histogram = 31 base::Histogram::FactoryTimeGet( 32 std::string(kHistogramName) + base::IntToString(file_index), 33 base::TimeDelta::FromMilliseconds(1), 34 base::TimeDelta::FromSeconds(20), 35 50, 36 base::Histogram::kUmaTargetedHistogramFlag); 37 38 signature_verification_time_histogram->AddTime(verification_time); 39 } 40 41 } // namespace 42 43 void RegisterBinaryIntegrityAnalysis() { 44 #if defined(OS_WIN) 45 scoped_refptr<SafeBrowsingService> safe_browsing_service( 46 g_browser_process->safe_browsing_service()); 47 48 safe_browsing_service->RegisterDelayedAnalysisCallback( 49 base::Bind(&VerifyBinaryIntegrity)); 50 #endif 51 } 52 53 void VerifyBinaryIntegrity(const AddIncidentCallback& callback) { 54 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor( 55 new BinaryFeatureExtractor()); 56 57 std::vector<base::FilePath> critical_binaries = GetCriticalBinariesPath(); 58 for (size_t i = 0; i < critical_binaries.size(); ++i) { 59 base::FilePath binary_path(critical_binaries[i]); 60 if (!base::PathExists(binary_path)) 61 continue; 62 63 scoped_ptr<ClientDownloadRequest_SignatureInfo> signature_info( 64 new ClientDownloadRequest_SignatureInfo()); 65 66 base::TimeTicks time_before = base::TimeTicks::Now(); 67 binary_feature_extractor->CheckSignature(binary_path, signature_info.get()); 68 RecordSignatureVerificationTime(i, base::TimeTicks::Now() - time_before); 69 70 // Only create a report if the signature is untrusted. 71 if (!signature_info->trusted()) { 72 scoped_ptr<ClientIncidentReport_IncidentData> incident_data( 73 new ClientIncidentReport_IncidentData()); 74 ClientIncidentReport_IncidentData_BinaryIntegrityIncident* 75 binary_integrity = incident_data->mutable_binary_integrity(); 76 77 binary_integrity->set_file_basename( 78 binary_path.BaseName().AsUTF8Unsafe()); 79 binary_integrity->set_allocated_signature(signature_info.release()); 80 81 // Send the report. 82 callback.Run(incident_data.Pass()); 83 } 84 } 85 } 86 87 #if !defined(OS_WIN) 88 std::vector<base::FilePath> GetCriticalBinariesPath() { 89 return std::vector<base::FilePath>(); 90 } 91 #endif // !defined(OS_WIN) 92 93 } // namespace safe_browsing 94