1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// The Safe Browsing service is responsible for downloading anti-phishing and
// anti-malware tables and checking urls against them.
#ifndef COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
#define COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
#include <deque>
#include <map>
#include <set>
#include <string>
#include <vector>
#include "base/memory/ref_counted.h"
#include "components/safe_browsing_db/hit_report.h"
#include "components/safe_browsing_db/util.h"
#include "content/public/common/resource_type.h"
#include "url/gurl.h"
namespace net {
class URLRequestContextGetter;
} // namespace net
namespace safe_browsing {
struct V4ProtocolConfig;
class V4GetHashProtocolManager;
// Base class to either the locally-managed or a remotely-managed database.
class SafeBrowsingDatabaseManager
: public base::RefCountedThreadSafe<SafeBrowsingDatabaseManager> {
public:
// Callers requesting a result should derive from this class.
// The destructor should call db_manager->CancelCheck(client) if a
// request is still pending.
class Client {
public:
virtual ~Client() {}
// Called when the result of checking a browse URL is known.
virtual void OnCheckBrowseUrlResult(const GURL& url,
SBThreatType threat_type,
const ThreatMetadata& metadata) {}
// Called when the result of checking a download URL is known.
virtual void OnCheckDownloadUrlResult(const std::vector<GURL>& url_chain,
SBThreatType threat_type) {}
// Called when the result of checking a set of extensions is known.
virtual void OnCheckExtensionsResult(
const std::set<std::string>& threats) {}
// Called when the result of checking the API blacklist is known.
virtual void OnCheckApiBlacklistUrlResult(const GURL& url,
const std::string& metadata) {}
// Called when the result of checking the resource blacklist is known.
virtual void OnCheckResourceUrlResult(const GURL& url,
SBThreatType threat_type,
const std::string& threat_hash) {}
};
// Returns true if URL-checking is supported on this build+device.
// If false, calls to CheckBrowseUrl may dcheck-fail.
virtual bool IsSupported() const = 0;
// Returns the ThreatSource for this implementation.
virtual ThreatSource GetThreatSource() const = 0;
// Returns true if checks are never done synchronously, and therefore
// always have some latency.
virtual bool ChecksAreAlwaysAsync() const = 0;
// Returns true if this resource type should be checked.
virtual bool CanCheckResourceType(
content::ResourceType resource_type) const = 0;
// Returns true if the url's scheme can be checked.
virtual bool CanCheckUrl(const GURL& url) const = 0;
// Returns whether download protection is enabled.
virtual bool download_protection_enabled() const = 0;
// Called on the IO thread to check if the given url is safe or not. If we
// can synchronously determine that the url is safe, CheckUrl returns true.
// Otherwise it returns false, and "client" is called asynchronously with the
// result when it is ready.
virtual bool CheckBrowseUrl(const GURL& url, Client* client) = 0;
// Check if the prefix for |url| is in safebrowsing download add lists.
// Result will be passed to callback in |client|.
virtual bool CheckDownloadUrl(const std::vector<GURL>& url_chain,
Client* client) = 0;
// Check which prefixes in |extension_ids| are in the safebrowsing blacklist.
// Returns true if not, false if further checks need to be made in which case
// the result will be passed to |client|.
virtual bool CheckExtensionIDs(const std::set<std::string>& extension_ids,
Client* client) = 0;
// Check if |url| is in the resources blacklist. Returns true if not, false
// if further checks need to be made in which case the result will be passed
// to callback in |client|.
virtual bool CheckResourceUrl(const GURL& url, Client* client) = 0;
// Check if the |url| matches any of the full-length hashes from the client-
// side phishing detection whitelist. Returns true if there was a match and
// false otherwise. To make sure we are conservative we will return true if
// an error occurs. This method must be called on the IO thread.
virtual bool MatchCsdWhitelistUrl(const GURL& url) = 0;
// Check if the given IP address (either IPv4 or IPv6) matches the malware
// IP blacklist.
virtual bool MatchMalwareIP(const std::string& ip_address) = 0;
// Check if the |url| matches any of the full-length hashes from the download
// whitelist. Returns true if there was a match and false otherwise. To make
// sure we are conservative we will return true if an error occurs. This
// method must be called on the IO thread.
virtual bool MatchDownloadWhitelistUrl(const GURL& url) = 0;
// Check if |str| matches any of the full-length hashes from the download
// whitelist. Returns true if there was a match and false otherwise. To make
// sure we are conservative we will return true if an error occurs. This
// method must be called on the IO thread.
virtual bool MatchDownloadWhitelistString(const std::string& str) = 0;
// Check if the |url| matches any of the full-length hashes from the off-
// domain inclusion whitelist. Returns true if there was a match and false
// otherwise. To make sure we are conservative, we will return true if an
// error occurs. This method must be called on the IO thread.
virtual bool MatchInclusionWhitelistUrl(const GURL& url) = 0;
// Check if |str|, a lowercase DLL file name, matches any of the full-length
// hashes from the module whitelist. Returns true if there was a match and
// false otherwise. To make sure we are conservative we will return true if
// an error occurs. This method must be called on the IO thread.
virtual bool MatchModuleWhitelistString(const std::string& str) = 0;
// Check if the CSD malware IP matching kill switch is turned on.
virtual bool IsMalwareKillSwitchOn() = 0;
// Check if the CSD whitelist kill switch is turned on.
virtual bool IsCsdWhitelistKillSwitchOn() = 0;
// Called on the IO thread to cancel a pending check if the result is no
// longer needed. Also called after the result has been handled.
virtual void CancelCheck(Client* client) = 0;
// Called on the IO thread to check if the given url has blacklisted APIs.
// "client" is called asynchronously with the result when it is ready.
// This method has the same implementation for both the local and remote
// database managers since it pings Safe Browsing servers directly without
// accessing the database at all.
virtual void CheckApiBlacklistUrl(const GURL& url, Client* client);
// Called to initialize objects that are used on the io_thread, such as the
// v4 protocol manager. This may be called multiple times during the life of
// the DatabaseManager. Must be called on IO thread.
virtual void StartOnIOThread(
net::URLRequestContextGetter* request_context_getter,
const V4ProtocolConfig& config);
// Called to stop or shutdown operations on the io_thread.
virtual void StopOnIOThread(bool shutdown);
protected:
SafeBrowsingDatabaseManager();
virtual ~SafeBrowsingDatabaseManager();
friend class base::RefCountedThreadSafe<SafeBrowsingDatabaseManager>;
// Created and destroyed via StartonIOThread/StopOnIOThread.
V4GetHashProtocolManager* v4_get_hash_protocol_manager_;
}; // class SafeBrowsingDatabaseManager
} // namespace safe_browsing
#endif // COMPONENTS_SAFE_BROWSING_DB_DATABASE_MANAGER_H_
|