1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
#define CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
#include <map>
#include <set>
#include <string>
#include <vector>
#include "base/containers/hash_tables.h"
#include "base/files/file_path.h"
#include "base/gtest_prod_util.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/sequenced_task_runner.h"
#include "base/synchronization/lock.h"
#include "base/time/time.h"
#include "chrome/browser/safe_browsing/safe_browsing_store.h"
namespace safe_browsing {
class PrefixSet;
}
class GURL;
class SafeBrowsingDatabase;
// Factory for creating SafeBrowsingDatabase. Tests implement this factory
// to create fake Databases for testing.
class SafeBrowsingDatabaseFactory {
public:
SafeBrowsingDatabaseFactory() { }
virtual ~SafeBrowsingDatabaseFactory() { }
virtual SafeBrowsingDatabase* CreateSafeBrowsingDatabase(
const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
bool enable_download_protection,
bool enable_client_side_whitelist,
bool enable_download_whitelist,
bool enable_extension_blacklist,
bool enable_ip_blacklist,
bool enable_unwanted_software_list) = 0;
private:
DISALLOW_COPY_AND_ASSIGN(SafeBrowsingDatabaseFactory);
};
// Encapsulates on-disk databases that for safebrowsing. There are
// four databases: browse, download, download whitelist and
// client-side detection (csd) whitelist databases. The browse database contains
// information about phishing and malware urls. The download database contains
// URLs for bad binaries (e.g: those containing virus) and hash of
// these downloaded contents. The download whitelist contains whitelisted
// download hosting sites as well as whitelisted binary signing certificates
// etc. The csd whitelist database contains URLs that will never be considered
// as phishing by the client-side phishing detection. These on-disk databases
// are shared among all profiles, as it doesn't contain user-specific data. This
// object is not thread-safe, i.e. all its methods should be used on the same
// thread that it was created on, unless specified otherwise.
class SafeBrowsingDatabase {
public:
// Factory method for obtaining a SafeBrowsingDatabase implementation.
// It is not thread safe.
// The browse list and off-domain inclusion whitelist are always on;
// availability of other lists is controlled by the flags on this method.
static SafeBrowsingDatabase* Create(
const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
bool enable_download_protection,
bool enable_client_side_whitelist,
bool enable_download_whitelist,
bool enable_extension_blacklist,
bool enable_ip_blacklist,
bool enable_unwanted_software_list);
// Makes the passed |factory| the factory used to instantiate
// a SafeBrowsingDatabase. This is used for tests.
static void RegisterFactory(SafeBrowsingDatabaseFactory* factory) {
factory_ = factory;
}
virtual ~SafeBrowsingDatabase();
// Initializes the database with the given filename.
virtual void Init(const base::FilePath& filename) = 0;
// Deletes the current database and creates a new one.
virtual bool ResetDatabase() = 0;
// Returns false if |url| is not in the browse database or already was cached
// as a miss. If it returns true, |prefix_hits| contains sorted unique
// matching hash prefixes which had no cached results and |cache_hits|
// contains any matching cached gethash results. This function is safe to
// call from any thread.
virtual bool ContainsBrowseUrl(
const GURL& url,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits) = 0;
// Returns true iff the given url is on the unwanted software blacklist.
// Returns false if |url| is not in the browse database or already was cached
// as a miss. If it returns true, |prefix_hits| contains sorted unique
// matching hash prefixes which had no cached results and |cache_hits|
// contains any matching cached gethash results. This function is safe to
// call from any thread.
virtual bool ContainsUnwantedSoftwareUrl(
const GURL& url,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits) = 0;
// Returns false if none of |prefixes| are in Download database. If it returns
// true, |prefix_hits| should contain the prefixes for the URLs that were in
// the database. This function can ONLY be accessed from creation thread.
virtual bool ContainsDownloadUrlPrefixes(
const std::vector<SBPrefix>& prefixes,
std::vector<SBPrefix>* prefix_hits) = 0;
// Returns false if |url| is not on the client-side phishing detection
// whitelist. Otherwise, this function returns true. Note: the whitelist
// only contains full-length hashes so we don't return any prefix hit. This
// function is safe to call from any thread.
virtual bool ContainsCsdWhitelistedUrl(const GURL& url) = 0;
// The download whitelist is used for two purposes: a white-domain list of
// sites that are considered to host only harmless binaries as well as a
// whitelist of arbitrary strings such as hashed certificate authorities that
// are considered to be trusted. The two methods below let you lookup the
// whitelist either for a URL or an arbitrary string. These methods will
// return false if no match is found and true otherwise. This function is safe
// to call from any thread.
virtual bool ContainsDownloadWhitelistedUrl(const GURL& url) = 0;
virtual bool ContainsDownloadWhitelistedString(const std::string& str) = 0;
// Returns true if |url| is on the off-domain inclusion whitelist.
virtual bool ContainsInclusionWhitelistedUrl(const GURL& url) = 0;
// Populates |prefix_hits| with any prefixes in |prefixes| that have matches
// in the database, returning true if there were any matches.
//
// This function can ONLY be accessed from the creation thread.
virtual bool ContainsExtensionPrefixes(
const std::vector<SBPrefix>& prefixes,
std::vector<SBPrefix>* prefix_hits) = 0;
// Returns true iff the given IP is currently on the csd malware IP blacklist.
// This function is safe to call from any thread.
virtual bool ContainsMalwareIP(const std::string& ip_address) = 0;
// A database transaction should look like:
//
// std::vector<SBListChunkRanges> lists;
// if (db.UpdateStarted(&lists)) {
// // Do something with |lists|.
//
// // Process add/sub commands.
// db.InsertChunks(list_name, chunks);
//
// // Process adddel/subdel commands.
// db.DeleteChunks(chunks_deletes);
//
// // If passed true, processes the collected chunk info and
// // rebuilds the filter. If passed false, rolls everything
// // back.
// db.UpdateFinished(success);
// }
//
// If UpdateStarted() returns true, the caller MUST eventually call
// UpdateFinished(). If it returns false, the caller MUST NOT call
// the other functions.
virtual bool UpdateStarted(std::vector<SBListChunkRanges>* lists) = 0;
virtual void InsertChunks(const std::string& list_name,
const std::vector<SBChunkData*>& chunks) = 0;
virtual void DeleteChunks(
const std::vector<SBChunkDelete>& chunk_deletes) = 0;
virtual void UpdateFinished(bool update_succeeded) = 0;
// Store the results of a GetHash response. In the case of empty results, we
// cache the prefixes until the next update so that we don't have to issue
// further GetHash requests we know will be empty. This function is safe to
// call from any thread.
virtual void CacheHashResults(
const std::vector<SBPrefix>& prefixes,
const std::vector<SBFullHashResult>& full_hits,
const base::TimeDelta& cache_lifetime) = 0;
// Returns true if the malware IP blacklisting killswitch URL is present
// in the csd whitelist. This function is safe to call from any thread.
virtual bool IsMalwareIPMatchKillSwitchOn() = 0;
// Returns true if the whitelist killswitch URL is present in the csd
// whitelist. This function is safe to call from any thread.
virtual bool IsCsdWhitelistKillSwitchOn() = 0;
// The name of the bloom-filter file for the given database file.
// NOTE(shess): OBSOLETE. Present for deleting stale files.
static base::FilePath BloomFilterForFilename(
const base::FilePath& db_filename);
// The name of the prefix set file for the given database file.
static base::FilePath PrefixSetForFilename(const base::FilePath& db_filename);
// Filename for malware and phishing URL database.
static base::FilePath BrowseDBFilename(
const base::FilePath& db_base_filename);
// Filename for download URL and download binary hash database.
static base::FilePath DownloadDBFilename(
const base::FilePath& db_base_filename);
// Filename for client-side phishing detection whitelist databsae.
static base::FilePath CsdWhitelistDBFilename(
const base::FilePath& csd_whitelist_base_filename);
// Filename for download whitelist databsae.
static base::FilePath DownloadWhitelistDBFilename(
const base::FilePath& download_whitelist_base_filename);
// Filename for the off-domain inclusion whitelist databsae.
static base::FilePath InclusionWhitelistDBFilename(
const base::FilePath& inclusion_whitelist_base_filename);
// Filename for extension blacklist database.
static base::FilePath ExtensionBlacklistDBFilename(
const base::FilePath& extension_blacklist_base_filename);
// Filename for side-effect free whitelist database. This database no longer
// exists, but the filename is retained so the database may be deleted.
static base::FilePath SideEffectFreeWhitelistDBFilename(
const base::FilePath& side_effect_free_whitelist_base_filename);
// Filename for the csd malware IP blacklist database.
static base::FilePath IpBlacklistDBFilename(
const base::FilePath& ip_blacklist_base_filename);
// Filename for the unwanted software blacklist database.
static base::FilePath UnwantedSoftwareDBFilename(
const base::FilePath& db_filename);
// Get the prefixes matching the download |urls|.
static void GetDownloadUrlPrefixes(const std::vector<GURL>& urls,
std::vector<SBPrefix>* prefixes);
// SafeBrowsing Database failure types for histogramming purposes. Explicitly
// label new values and do not re-use old values. Also make sure to reflect
// modifications made below in the SB2DatabaseFailure histogram enum.
enum FailureType {
FAILURE_DATABASE_CORRUPT = 0,
FAILURE_DATABASE_CORRUPT_HANDLER = 1,
FAILURE_BROWSE_DATABASE_UPDATE_BEGIN = 2,
FAILURE_BROWSE_DATABASE_UPDATE_FINISH = 3,
FAILURE_DATABASE_FILTER_MISSING_OBSOLETE = 4,
FAILURE_DATABASE_FILTER_READ_OBSOLETE = 5,
FAILURE_DATABASE_FILTER_WRITE_OBSOLETE = 6,
FAILURE_DATABASE_FILTER_DELETE = 7,
FAILURE_DATABASE_STORE_MISSING = 8,
FAILURE_DATABASE_STORE_DELETE = 9,
FAILURE_DOWNLOAD_DATABASE_UPDATE_BEGIN = 10,
FAILURE_DOWNLOAD_DATABASE_UPDATE_FINISH = 11,
FAILURE_WHITELIST_DATABASE_UPDATE_BEGIN = 12,
FAILURE_WHITELIST_DATABASE_UPDATE_FINISH = 13,
FAILURE_BROWSE_PREFIX_SET_READ = 14,
FAILURE_BROWSE_PREFIX_SET_WRITE = 15,
FAILURE_BROWSE_PREFIX_SET_DELETE = 16,
FAILURE_EXTENSION_BLACKLIST_UPDATE_BEGIN = 17,
FAILURE_EXTENSION_BLACKLIST_UPDATE_FINISH = 18,
FAILURE_EXTENSION_BLACKLIST_DELETE = 19,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_BEGIN = 20,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH = 21,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_DELETE = 22,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_READ = 23,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_WRITE = 24,
// Obsolete: FAILURE_SIDE_EFFECT_FREE_WHITELIST_PREFIX_SET_DELETE = 25,
FAILURE_IP_BLACKLIST_UPDATE_BEGIN = 26,
FAILURE_IP_BLACKLIST_UPDATE_FINISH = 27,
FAILURE_IP_BLACKLIST_UPDATE_INVALID = 28,
FAILURE_IP_BLACKLIST_DELETE = 29,
FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_BEGIN = 30,
FAILURE_UNWANTED_SOFTWARE_DATABASE_UPDATE_FINISH = 31,
FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_READ = 32,
FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_WRITE = 33,
FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE = 34,
// Memory space for histograms is determined by the max. ALWAYS
// ADD NEW VALUES BEFORE THIS ONE.
FAILURE_DATABASE_MAX
};
static void RecordFailure(FailureType failure_type);
private:
// The factory used to instantiate a SafeBrowsingDatabase object.
// Useful for tests, so they can provide their own implementation of
// SafeBrowsingDatabase.
static SafeBrowsingDatabaseFactory* factory_;
};
class SafeBrowsingDatabaseNew : public SafeBrowsingDatabase {
public:
// Create a database with the stores below. Takes ownership of all store
// objects handed to this constructor. Ignores all future operations on lists
// for which the store is initialized to NULL.
SafeBrowsingDatabaseNew(
const scoped_refptr<base::SequencedTaskRunner>& db_task_runner,
SafeBrowsingStore* browse_store,
SafeBrowsingStore* download_store,
SafeBrowsingStore* csd_whitelist_store,
SafeBrowsingStore* download_whitelist_store,
SafeBrowsingStore* inclusion_whitelist_store,
SafeBrowsingStore* extension_blacklist_store,
SafeBrowsingStore* ip_blacklist_store,
SafeBrowsingStore* unwanted_software_store);
~SafeBrowsingDatabaseNew() override;
// Implement SafeBrowsingDatabase interface.
void Init(const base::FilePath& filename) override;
bool ResetDatabase() override;
bool ContainsBrowseUrl(const GURL& url,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits) override;
bool ContainsUnwantedSoftwareUrl(
const GURL& url,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits) override;
bool ContainsDownloadUrlPrefixes(const std::vector<SBPrefix>& prefixes,
std::vector<SBPrefix>* prefix_hits) override;
bool ContainsCsdWhitelistedUrl(const GURL& url) override;
bool ContainsDownloadWhitelistedUrl(const GURL& url) override;
bool ContainsDownloadWhitelistedString(const std::string& str) override;
bool ContainsInclusionWhitelistedUrl(const GURL& url) override;
bool ContainsExtensionPrefixes(const std::vector<SBPrefix>& prefixes,
std::vector<SBPrefix>* prefix_hits) override;
bool ContainsMalwareIP(const std::string& ip_address) override;
bool UpdateStarted(std::vector<SBListChunkRanges>* lists) override;
void InsertChunks(const std::string& list_name,
const std::vector<SBChunkData*>& chunks) override;
void DeleteChunks(const std::vector<SBChunkDelete>& chunk_deletes) override;
void UpdateFinished(bool update_succeeded) override;
void CacheHashResults(const std::vector<SBPrefix>& prefixes,
const std::vector<SBFullHashResult>& full_hits,
const base::TimeDelta& cache_lifetime) override;
// Returns the value of malware_kill_switch_;
bool IsMalwareIPMatchKillSwitchOn() override;
// Returns true if the CSD whitelist has everything whitelisted.
bool IsCsdWhitelistKillSwitchOn() override;
private:
friend class SafeBrowsingDatabaseTest;
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, HashCaching);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, CachedFullMiss);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, CachedPrefixHitFullMiss);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest, BrowseFullHashMatching);
FRIEND_TEST_ALL_PREFIXES(SafeBrowsingDatabaseTest,
BrowseFullHashAndPrefixMatching);
// A SafeBrowsing whitelist contains a list of whitelisted full-hashes (stored
// in a sorted vector) as well as a boolean flag indicating whether all
// lookups in the whitelist should be considered matches for safety.
typedef std::pair<std::vector<SBFullHash>, bool> SBWhitelist;
// This map holds a csd malware IP blacklist which maps a prefix mask
// to a set of hashed blacklisted IP prefixes. Each IP prefix is a hashed
// IPv6 IP prefix using SHA-1.
typedef std::map<std::string, base::hash_set<std::string> > IPBlacklist;
typedef std::map<SBPrefix, SBCachedFullHashResult> PrefixGetHashCache;
// The ThreadSafeStateManager holds the SafeBrowsingDatabase's state which
// must be accessed in a thread-safe fashion. It must be constructed on the
// SafeBrowsingDatabaseManager's main thread. The main thread will then be the
// only thread on which this state can be modified; allowing for unlocked
// reads on the main thread and thus avoiding contention while performing
// intensive operations such as writing that state to disk. The state can only
// be accessed via (Read|Write)Transactions obtained through this class which
// will automatically handle thread-safety.
class ThreadSafeStateManager {
public:
// Identifiers for stores held by the ThreadSafeStateManager. Allows helper
// methods to start a transaction themselves and keep it as short as
// possible rather than force callers to start the transaction early to pass
// a store pointer to the said helper methods.
enum class SBWhitelistId {
CSD,
DOWNLOAD,
INCLUSION,
};
enum class PrefixSetId {
BROWSE,
UNWANTED_SOFTWARE,
};
// Obtained through BeginReadTransaction(NoLockOnMainTaskRunner)?(): a
// ReadTransaction allows read-only observations of the
// ThreadSafeStateManager's state. The |prefix_gethash_cache_| has a special
// allowance to be writable from a ReadTransaction but can't benefit from
// unlocked ReadTransactions. ReadTransaction should be held for the
// shortest amount of time possible (e.g., release it before computing final
// results if possible).
class ReadTransaction;
// Obtained through BeginWriteTransaction(): a WriteTransaction allows
// modification of the ThreadSafeStateManager's state. It should be used for
// the shortest amount of time possible (e.g., pre-compute the new state
// before grabbing a WriteTransaction to swap it in atomically).
class WriteTransaction;
explicit ThreadSafeStateManager(
const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner);
~ThreadSafeStateManager();
scoped_ptr<ReadTransaction> BeginReadTransaction();
scoped_ptr<ReadTransaction> BeginReadTransactionNoLockOnMainTaskRunner();
scoped_ptr<WriteTransaction> BeginWriteTransaction();
private:
// The sequenced task runner for this object, used to verify that its state
// is only ever accessed from the runner.
scoped_refptr<const base::SequencedTaskRunner> db_task_runner_;
// Lock for protecting access to this class' state.
mutable base::Lock lock_;
SBWhitelist csd_whitelist_;
SBWhitelist download_whitelist_;
SBWhitelist inclusion_whitelist_;
// The IP blacklist should be small. At most a couple hundred IPs.
IPBlacklist ip_blacklist_;
// PrefixSets to speed up lookups for particularly large lists. The
// PrefixSet themselves are never modified, instead a new one is swapped in
// on update.
scoped_ptr<const safe_browsing::PrefixSet> browse_prefix_set_;
scoped_ptr<const safe_browsing::PrefixSet> unwanted_software_prefix_set_;
// Cache of gethash results for prefix stores. Entries should not be used if
// they are older than their expire_after field. Cached misses will have
// empty full_hashes field. Cleared on each update. The cache is "mutable"
// as it can be written to from any transaction holding the lock, including
// ReadTransactions.
mutable PrefixGetHashCache prefix_gethash_cache_;
DISALLOW_COPY_AND_ASSIGN(ThreadSafeStateManager);
};
// Forward the above inner-definitions to alleviate some verbosity in the
// impl.
using SBWhitelistId = ThreadSafeStateManager::SBWhitelistId;
using PrefixSetId = ThreadSafeStateManager::PrefixSetId;
using ReadTransaction = ThreadSafeStateManager::ReadTransaction;
using WriteTransaction = ThreadSafeStateManager::WriteTransaction;
// Manages the non-thread safe (i.e. only to be accessed to the database's
// main thread) state of this class.
class DatabaseStateManager {
public:
explicit DatabaseStateManager(
const scoped_refptr<const base::SequencedTaskRunner>& db_task_runner);
~DatabaseStateManager();
void init_filename_base(const base::FilePath& filename_base) {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
DCHECK(filename_base_.empty()) << "filename already initialized";
filename_base_ = filename_base;
}
const base::FilePath& filename_base() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
return filename_base_;
}
void set_corruption_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
corruption_detected_ = true;
}
void reset_corruption_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
corruption_detected_ = false;
}
bool corruption_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
return corruption_detected_;
}
void set_change_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
change_detected_ = true;
}
void reset_change_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
change_detected_ = false;
}
bool change_detected() {
DCHECK(db_task_runner_->RunsTasksOnCurrentThread());
return change_detected_;
}
private:
// The sequenced task runner for this object, used to verify that its state
// is only ever accessed from the runner.
scoped_refptr<const base::SequencedTaskRunner> db_task_runner_;
// The base filename passed to Init(), used to generate the store and prefix
// set filenames used to store data on disk.
base::FilePath filename_base_;
// Set if corruption is detected during the course of an update.
// Causes the update functions to fail with no side effects, until
// the next call to |UpdateStarted()|.
bool corruption_detected_;
// Set to true if any chunks are added or deleted during an update.
// Used to optimize away database update.
bool change_detected_;
DISALLOW_COPY_AND_ASSIGN(DatabaseStateManager);
};
bool PrefixSetContainsUrl(const GURL& url,
PrefixSetId prefix_set_id,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits);
// Exposed for testing of PrefixSetContainsUrlHashes() on the
// PrefixSet backing kMalwareList.
bool ContainsBrowseUrlHashesForTesting(
const std::vector<SBFullHash>& full_hashes,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits);
bool PrefixSetContainsUrlHashes(const std::vector<SBFullHash>& full_hashes,
PrefixSetId prefix_set_id,
std::vector<SBPrefix>* prefix_hits,
std::vector<SBFullHashResult>* cache_hits);
// Returns true if the whitelist is disabled or if any of the given hashes
// matches the whitelist.
bool ContainsWhitelistedHashes(SBWhitelistId whitelist_id,
const std::vector<SBFullHash>& hashes);
// Return the store matching |list_id|.
SafeBrowsingStore* GetStore(int list_id);
// Deletes the files on disk.
bool Delete();
// Load the prefix set in "|db_filename| Prefix Set" off disk, if available,
// and stores it in the PrefixSet identified by |prefix_set_id|.
// |read_failure_type| provides a caller-specific error code to be used on
// failure. This method should only ever be called during initialization as
// it performs some disk IO while holding a transaction (for the sake of
// avoiding uncessary back-and-forth interactions with the lock during
// Init()).
void LoadPrefixSet(const base::FilePath& db_filename,
ThreadSafeStateManager::WriteTransaction* txn,
PrefixSetId prefix_set_id,
FailureType read_failure_type);
// Writes the current prefix set "|db_filename| Prefix Set" on disk.
// |write_failure_type| provides a caller-specific error code to be used on
// failure.
void WritePrefixSet(const base::FilePath& db_filename,
PrefixSetId prefix_set_id,
FailureType write_failure_type);
// Loads the given full-length hashes to the given whitelist. If the number
// of hashes is too large or if the kill switch URL is on the whitelist
// we will whitelist everything.
void LoadWhitelist(const std::vector<SBAddFullHash>& full_hashes,
SBWhitelistId whitelist_id);
// Parses the IP blacklist from the given full-length hashes.
void LoadIpBlacklist(const std::vector<SBAddFullHash>& full_hashes);
// Helpers for handling database corruption.
// |OnHandleCorruptDatabase()| runs |ResetDatabase()| and sets
// |corruption_detected_|, |HandleCorruptDatabase()| posts
// |OnHandleCorruptDatabase()| to the current thread, to be run
// after the current task completes.
// TODO(shess): Wire things up to entirely abort the update
// transaction when this happens.
void HandleCorruptDatabase();
void OnHandleCorruptDatabase();
// Helpers for InsertChunks().
void InsertAddChunk(SafeBrowsingStore* store,
safe_browsing_util::ListType list_id,
const SBChunkData& chunk);
void InsertSubChunk(SafeBrowsingStore* store,
safe_browsing_util::ListType list_id,
const SBChunkData& chunk);
// Updates the |store| and stores the result on disk under |store_filename|.
void UpdateHashPrefixStore(const base::FilePath& store_filename,
SafeBrowsingStore* store,
FailureType failure_type);
// Updates a PrefixStore store for URLs (|url_store|) which is backed on disk
// by a "|db_filename| Prefix Set" file. Specific failure types are provided
// to highlight the specific store who made the initial request on failure.
// |store_full_hashes_in_prefix_set| dictates whether full_hashes from the
// |url_store| should be cached in the |prefix_set| as well.
void UpdatePrefixSetUrlStore(const base::FilePath& db_filename,
SafeBrowsingStore* url_store,
PrefixSetId prefix_set_id,
FailureType finish_failure_type,
FailureType write_failure_type,
bool store_full_hashes_in_prefix_set);
void UpdateUrlStore(SafeBrowsingStore* url_store,
PrefixSetId prefix_set_id,
FailureType failure_type);
void UpdateWhitelistStore(const base::FilePath& store_filename,
SafeBrowsingStore* store,
SBWhitelistId whitelist_id);
void UpdateIpBlacklistStore();
// Returns a raw pointer to ThreadSafeStateManager's PrefixGetHashCache for
// testing. This should only be used in unit tests (where multi-threading and
// synchronization are not problematic).
PrefixGetHashCache* GetUnsynchronizedPrefixGetHashCacheForTesting();
// Records a file size histogram for the database or PrefixSet backed by
// |filename|.
void RecordFileSizeHistogram(const base::FilePath& file_path);
// The sequenced task runner for this object, used to verify that its state
// is only ever accessed from the runner and post some tasks to it.
scoped_refptr<base::SequencedTaskRunner> db_task_runner_;
ThreadSafeStateManager state_manager_;
DatabaseStateManager db_state_manager_;
// Underlying persistent stores for chunk data:
// - |browse_store_|: For browsing related (phishing and malware URLs)
// chunks and prefixes.
// - |download_store_|: For download related (download URL and binary hash)
// chunks and prefixes.
// - |csd_whitelist_store_|: For the client-side phishing detection
// whitelist chunks and full-length hashes. This list only contains 256
// bit hashes.
// - |download_whitelist_store_|: For the download whitelist chunks and
// full-length hashes. This list only contains 256 bit hashes.
// - |inclusion_whitelist_store_|: For the inclusion whitelist. Same format
// as |download_whitelist_store_|.
// - |extension_blacklist_store_|: For extension IDs.
// - |ip_blacklist_store_|: For IP blacklist.
// - |unwanted_software_store_|: For unwanted software list (format
// identical to browsing lists).
//
// The stores themselves will be modified throughout the existence of this
// database, but shouldn't ever be swapped out (hence the const scoped_ptr --
// which could be swapped for C++11's std::optional when that's available).
// They are NonThreadSafe and should thus only be accessed on the database's
// main thread as enforced by SafeBrowsingStoreFile's implementation.
const scoped_ptr<SafeBrowsingStore> browse_store_;
const scoped_ptr<SafeBrowsingStore> download_store_;
const scoped_ptr<SafeBrowsingStore> csd_whitelist_store_;
const scoped_ptr<SafeBrowsingStore> download_whitelist_store_;
const scoped_ptr<SafeBrowsingStore> inclusion_whitelist_store_;
const scoped_ptr<SafeBrowsingStore> extension_blacklist_store_;
const scoped_ptr<SafeBrowsingStore> ip_blacklist_store_;
const scoped_ptr<SafeBrowsingStore> unwanted_software_store_;
// Used to schedule resetting the database because of corruption. This factory
// and the WeakPtrs it issues should only be used on the database's main
// thread.
base::WeakPtrFactory<SafeBrowsingDatabaseNew> reset_factory_;
};
#endif // CHROME_BROWSER_SAFE_BROWSING_SAFE_BROWSING_DATABASE_H_
|
