Home | History | Annotate | Download | only in incident_reporting 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer.h"
      6 
      7 #include "base/files/file_path.h"
      8 #include "base/logging.h"
      9 #include "base/metrics/histogram.h"
     10 #include "base/strings/string_number_conversions.h"
     11 #include "base/strings/string_util.h"
     12 #include "base/strings/utf_string_conversions.h"
     13 #include "chrome/browser/install_verification/win/module_info.h"
     14 #include "chrome/browser/install_verification/win/module_verification_common.h"
     15 #include "chrome/browser/safe_browsing/binary_feature_extractor.h"
     16 #include "chrome/browser/safe_browsing/incident_reporting/add_incident_callback.h"
     17 #include "chrome/browser/safe_browsing/path_sanitizer.h"
     18 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
     19 #include "chrome/common/safe_browsing/csd.pb.h"
     20 #include "chrome_elf/blacklist/blacklist.h"
     21 
     22 namespace safe_browsing {
     23 
     24 // Retrieves the set of blacklisted modules that are loaded in the process.
     25 // Returns true if successful, false otherwise.
     26 bool GetLoadedBlacklistedModules(std::vector<base::string16>* module_names) {
     27   DCHECK(module_names);
     28 
     29   std::set<ModuleInfo> module_info_set;
     30   if (!GetLoadedModules(&module_info_set))
     31     return false;
     32 
     33   std::set<ModuleInfo>::const_iterator module_iter(module_info_set.begin());
     34   for (; module_iter != module_info_set.end(); ++module_iter) {
     35     base::string16 module_file_name(base::StringToLowerASCII(
     36         base::FilePath(module_iter->name).BaseName().value()));
     37     if (blacklist::GetBlacklistIndex(module_file_name.c_str()) != -1) {
     38       module_names->push_back(module_iter->name);
     39     }
     40   }
     41 
     42   return true;
     43 }
     44 
     45 void VerifyBlacklistLoadState(const AddIncidentCallback& callback) {
     46   std::vector<base::string16> module_names;
     47   if (GetLoadedBlacklistedModules(&module_names)) {
     48     PathSanitizer path_sanitizer;
     49 
     50     const bool blacklist_intialized = blacklist::IsBlacklistInitialized();
     51 
     52     std::vector<base::string16>::const_iterator module_iter(
     53         module_names.begin());
     54     for (; module_iter != module_names.end(); ++module_iter) {
     55       scoped_ptr<ClientIncidentReport_IncidentData> incident_data(
     56           new ClientIncidentReport_IncidentData());
     57       ClientIncidentReport_IncidentData_BlacklistLoadIncident* blacklist_load =
     58           incident_data->mutable_blacklist_load();
     59 
     60       base::FilePath module_path(*module_iter);
     61       path_sanitizer.StripHomeDirectory(&module_path);
     62 
     63       blacklist_load->set_path(base::WideToUTF8(module_path.value()));
     64       // TODO(robertshield): Add computation of file digest and version here.
     65 
     66       blacklist_load->set_blacklist_initialized(blacklist_intialized);
     67 
     68       // Send the report.
     69       callback.Run(incident_data.Pass());
     70     }
     71   }
     72 }
     73 
     74 }  // namespace safe_browsing
     75