// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/safe_browsing/unverified_download_policy.h"

#include <algorithm>

#include "base/bind.h"
#include "base/callback.h"
#include "base/files/file_path.h"
#include "base/metrics/sparse_histogram.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
#include "chrome/browser/safe_browsing/unverified_download_field_trial.h"
#include "chrome/common/safe_browsing/download_protection_util.h"
#include "components/rappor/rappor_service.h"
#include "components/rappor/rappor_utils.h"
#include "components/safe_browsing_db/database_manager.h"
#include "content/public/browser/browser_thread.h"

namespace safe_browsing {

namespace {
using content::BrowserThread;

// Record the uma_file_type to UMA as an enum, and the URL's eTLD+1 to Rappor.
void RecordPolicyMetricOnUIThread(const std::string& metric_name,
                                  int uma_file_type,
                                  const GURL& requestor) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
  UMA_HISTOGRAM_SPARSE_SLOWLY(metric_name, uma_file_type);

  rappor::RapporService* rappor_service = g_browser_process->rappor_service();
  if (rappor_service && requestor.is_valid()) {
    rappor_service->RecordSample(
        metric_name, rappor::SAFEBROWSING_RAPPOR_TYPE,
        rappor::GetDomainAndRegistrySampleFromGURL(requestor));
  }
}

void RecordPolicyMetric(const std::string& metric_name,
                        int uma_file_type,
                        const GURL& requestor) {
  BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
                          base::Bind(&RecordPolicyMetricOnUIThread, metric_name,
                                     uma_file_type, requestor));
}

void RespondWithPolicy(
    const base::FilePath& file,
    const UnverifiedDownloadCheckCompletionCallback& callback,
    const GURL& requestor,
    UnverifiedDownloadPolicy policy) {
  int uma_file_type =
      download_protection_util::GetSBClientDownloadExtensionValueForUMA(file);
  if (policy == UnverifiedDownloadPolicy::ALLOWED) {
    RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Allowed",
                       uma_file_type, requestor);
  } else {
    RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.Blocked",
                       uma_file_type, requestor);
  }
  BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
                          base::Bind(callback, policy));
}

void CheckFieldTrialOnAnyThread(
    const base::FilePath& file,
    const std::vector<base::FilePath::StringType>& alternate_extensions,
    const GURL& requestor,
    const UnverifiedDownloadCheckCompletionCallback& callback) {
  if (!IsUnverifiedDownloadAllowedByFieldTrial(file)) {
    RespondWithPolicy(file, callback, requestor,
                      UnverifiedDownloadPolicy::DISALLOWED);
    return;
  }

  for (const auto& extension : alternate_extensions) {
    base::FilePath alternate_filename = file.AddExtension(extension);
    if (!IsUnverifiedDownloadAllowedByFieldTrial(alternate_filename)) {
      RespondWithPolicy(alternate_filename, callback, requestor,
                        UnverifiedDownloadPolicy::DISALLOWED);
      return;
    }
  }

  RespondWithPolicy(file, callback, requestor,
                    UnverifiedDownloadPolicy::ALLOWED);
}

void CheckWhitelistOnIOThread(
    scoped_refptr<SafeBrowsingService> service,
    const GURL& requestor,
    const base::FilePath& file,
    const std::vector<base::FilePath::StringType>& alternate_extensions,
    const UnverifiedDownloadCheckCompletionCallback& callback) {
  DCHECK_CURRENTLY_ON(BrowserThread::IO);
  int uma_file_type =
      download_protection_util::GetSBClientDownloadExtensionValueForUMA(file);

  if (!service || !service->enabled()) {
    // If the SafeBrowsing service was disabled, don't try to check against the
    // field trial list. Instead allow the download. We are assuming that if the
    // SafeBrowsing service was disabled for this user, then we shouldn't
    // interefere with unverified downloads.
    RecordPolicyMetric(
        "SafeBrowsing.UnverifiedDownloads.AllowedDueToDisabledService",
        uma_file_type, requestor);
    RespondWithPolicy(file, callback, requestor,
                      UnverifiedDownloadPolicy::ALLOWED);
    return;
  }

  if (service->database_manager() &&
      service->database_manager()->MatchDownloadWhitelistUrl(requestor)) {
    RecordPolicyMetric("SafeBrowsing.UnverifiedDownloads.AllowedByWhitelist",
                       uma_file_type, requestor);
    RespondWithPolicy(file, callback, requestor,
                      UnverifiedDownloadPolicy::ALLOWED);
    return;
  }

  CheckFieldTrialOnAnyThread(file, alternate_extensions, requestor, callback);
}

}  // namespace

void CheckUnverifiedDownloadPolicy(
    const GURL& requestor,
    const base::FilePath& file,
    const std::vector<base::FilePath::StringType>& alternate_extensions,
    const UnverifiedDownloadCheckCompletionCallback& callback) {
  // Record a count of alternate extensions. The count is capped so that it
  // won't be unbounded. In practice, it's expected that numbers above 3 are
  // rare.
  int alternate_extension_count =
      std::min<int>(alternate_extensions.size(), 16);
  UMA_HISTOGRAM_SPARSE_SLOWLY(
      "SafeBrowsing.UnverifiedDownloads.AlternateExtensionCount",
      alternate_extension_count);
  if (requestor.is_valid()) {
    scoped_refptr<SafeBrowsingService> service =
        g_browser_process->safe_browsing_service();
    BrowserThread::PostTask(
        BrowserThread::IO, FROM_HERE,
        base::Bind(&CheckWhitelistOnIOThread, service, requestor, file,
                   alternate_extensions, callback));
    return;
  }

  CheckFieldTrialOnAnyThread(file, alternate_extensions, GURL(), callback);
}

}  // namespace safe_browsing