chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer_win.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer.h"

#include "base/file_version_info.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/metrics/histogram.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "chrome/browser/install_verification/win/module_info.h"
#include "chrome/browser/install_verification/win/module_verification_common.h"
#include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_incident.h"
#include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
#include "chrome/browser/safe_browsing/path_sanitizer.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
#include "chrome/common/safe_browsing/binary_feature_extractor.h"
#include "chrome/common/safe_browsing/csd.pb.h"
#include "chrome_elf/blacklist/blacklist.h"

namespace safe_browsing {

// Retrieves the set of blacklisted modules that are loaded in the process.
// Returns true if successful, false otherwise.
bool GetLoadedBlacklistedModules(std::vector<base::string16>* module_names) {
  DCHECK(module_names);

  std::set<ModuleInfo> module_info_set;
  if (!GetLoadedModules(&module_info_set))
    return false;

  std::set<ModuleInfo>::const_iterator module_iter(module_info_set.begin());
  for (; module_iter != module_info_set.end(); ++module_iter) {
    base::string16 module_file_name(base::ToLowerASCII(
        base::FilePath(module_iter->name).BaseName().value()));
    if (blacklist::GetBlacklistIndex(module_file_name.c_str()) != -1) {
      module_names->push_back(module_iter->name);
    }
  }

  return true;
}

void VerifyBlacklistLoadState(scoped_ptr<IncidentReceiver> incident_receiver) {
  std::vector<base::string16> module_names;
  if (GetLoadedBlacklistedModules(&module_names)) {
    PathSanitizer path_sanitizer;

    const bool blacklist_intialized = blacklist::IsBlacklistInitialized();

    for (const auto& module_name : module_names) {
      scoped_ptr<ClientIncidentReport_IncidentData_BlacklistLoadIncident>
          blacklist_load(
              new ClientIncidentReport_IncidentData_BlacklistLoadIncident());

      const base::FilePath module_path(module_name);

      // Sanitized path.
      base::FilePath sanitized_path(module_path);
      path_sanitizer.StripHomeDirectory(&sanitized_path);
      blacklist_load->set_path(base::WideToUTF8(sanitized_path.value()));

      // Digest.
      scoped_refptr<safe_browsing::BinaryFeatureExtractor>
          binary_feature_extractor(new BinaryFeatureExtractor());
      base::TimeTicks start_time = base::TimeTicks::Now();
      binary_feature_extractor->ExtractDigest(module_path,
                                              blacklist_load->mutable_digest());
      UMA_HISTOGRAM_TIMES("SBIRS.BLAHashTime",
                          base::TimeTicks::Now() - start_time);

      // Version.
      scoped_ptr<FileVersionInfo> version_info(
          FileVersionInfo::CreateFileVersionInfo(module_path));
      if (version_info) {
        std::wstring file_version = version_info->file_version();
        if (!file_version.empty())
          blacklist_load->set_version(base::WideToUTF8(file_version));
      }

      // Initialized state.
      blacklist_load->set_blacklist_initialized(blacklist_intialized);

      // Signature.
      start_time = base::TimeTicks::Now();
      binary_feature_extractor->CheckSignature(
          module_path, blacklist_load->mutable_signature());
      UMA_HISTOGRAM_TIMES("SBIRS.BLASignatureTime",
                          base::TimeTicks::Now() - start_time);

      // Image headers.
      if (!binary_feature_extractor->ExtractImageFeatures(
              module_path,
              BinaryFeatureExtractor::kDefaultOptions,
              blacklist_load->mutable_image_headers(),
              nullptr /* signed_data */)) {
        blacklist_load->clear_image_headers();
      }

      // Send the report.
      incident_receiver->AddIncidentForProcess(
          make_scoped_ptr(new BlacklistLoadIncident(blacklist_load.Pass())));
    }
  }
}

}  // namespace safe_browsing