| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "components/safe_browsing_db/v4_get_hash_protocol_manager.h" |
| |
| #include <utility> |
| |
| #include "base/base64.h" |
| #include "base/macros.h" |
| #include "base/metrics/histogram_macros.h" |
| #include "base/timer/timer.h" |
| #include "net/base/load_flags.h" |
| #include "net/http/http_response_headers.h" |
| #include "net/http/http_status_code.h" |
| #include "net/url_request/url_fetcher.h" |
| #include "net/url_request/url_request_context_getter.h" |
| |
| using base::Time; |
| using base::TimeDelta; |
| |
| namespace { |
| |
| // Enumerate parsing failures for histogramming purposes. DO NOT CHANGE |
| // THE ORDERING OF THESE VALUES. |
| enum ParseResultType { |
| // Error parsing the protocol buffer from a string. |
| PARSE_FROM_STRING_ERROR = 0, |
| |
| // A match in the response had an unexpected THREAT_ENTRY_TYPE. |
| UNEXPECTED_THREAT_ENTRY_TYPE_ERROR = 1, |
| |
| // A match in the response had an unexpected THREAT_TYPE. |
| UNEXPECTED_THREAT_TYPE_ERROR = 2, |
| |
| // A match in the response had an unexpected PLATFORM_TYPE. |
| UNEXPECTED_PLATFORM_TYPE_ERROR = 3, |
| |
| // A match in the response contained no metadata where metadata was |
| // expected. |
| NO_METADATA_ERROR = 4, |
| |
| // A match in the response contained a ThreatType that was inconsistent |
| // with the other matches. |
| INCONSISTENT_THREAT_TYPE_ERROR = 5, |
| |
| // Memory space for histograms is determined by the max. ALWAYS |
| // ADD NEW VALUES BEFORE THIS ONE. |
| PARSE_RESULT_TYPE_MAX = 6 |
| }; |
| |
| // Record parsing errors of a GetHash result. |
| void RecordParseGetHashResult(ParseResultType result_type) { |
| UMA_HISTOGRAM_ENUMERATION("SafeBrowsing.ParseV4HashResult", result_type, |
| PARSE_RESULT_TYPE_MAX); |
| } |
| |
| } // namespace |
| |
| namespace safe_browsing { |
| |
| const char kUmaV4HashResponseMetricName[] = |
| "SafeBrowsing.GetV4HashHttpResponseOrErrorCode"; |
| |
| // The default V4GetHashProtocolManagerFactory. |
| class V4GetHashProtocolManagerFactoryImpl |
| : public V4GetHashProtocolManagerFactory { |
| public: |
| V4GetHashProtocolManagerFactoryImpl() {} |
| ~V4GetHashProtocolManagerFactoryImpl() override {} |
| V4GetHashProtocolManager* CreateProtocolManager( |
| net::URLRequestContextGetter* request_context_getter, |
| const V4ProtocolConfig& config) override { |
| return new V4GetHashProtocolManager(request_context_getter, config); |
| } |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(V4GetHashProtocolManagerFactoryImpl); |
| }; |
| |
| // V4GetHashProtocolManager implementation -------------------------------- |
| |
| // static |
| V4GetHashProtocolManagerFactory* V4GetHashProtocolManager::factory_ = NULL; |
| |
| // static |
| V4GetHashProtocolManager* V4GetHashProtocolManager::Create( |
| net::URLRequestContextGetter* request_context_getter, |
| const V4ProtocolConfig& config) { |
| if (!factory_) |
| factory_ = new V4GetHashProtocolManagerFactoryImpl(); |
| return factory_->CreateProtocolManager(request_context_getter, config); |
| } |
| |
| void V4GetHashProtocolManager::ResetGetHashErrors() { |
| gethash_error_count_ = 0; |
| gethash_back_off_mult_ = 1; |
| } |
| |
| V4GetHashProtocolManager::V4GetHashProtocolManager( |
| net::URLRequestContextGetter* request_context_getter, |
| const V4ProtocolConfig& config) |
| : gethash_error_count_(0), |
| gethash_back_off_mult_(1), |
| next_gethash_time_(Time::FromDoubleT(0)), |
| config_(config), |
| request_context_getter_(request_context_getter), |
| url_fetcher_id_(0) { |
| } |
| |
| // static |
| void V4GetHashProtocolManager::RecordGetHashResult(ResultType result_type) { |
| UMA_HISTOGRAM_ENUMERATION("SafeBrowsing.GetV4HashResult", result_type, |
| GET_HASH_RESULT_MAX); |
| } |
| |
| V4GetHashProtocolManager::~V4GetHashProtocolManager() { |
| // Delete in-progress SafeBrowsing requests. |
| STLDeleteContainerPairFirstPointers(hash_requests_.begin(), |
| hash_requests_.end()); |
| hash_requests_.clear(); |
| } |
| |
| std::string V4GetHashProtocolManager::GetHashRequest( |
| const std::vector<SBPrefix>& prefixes, |
| const std::vector<PlatformType>& platforms, |
| ThreatType threat_type) { |
| // Build the request. Client info and client states are not added to the |
| // request protocol buffer. Client info is passed as params in the url. |
| FindFullHashesRequest req; |
| ThreatInfo* info = req.mutable_threat_info(); |
| info->add_threat_types(threat_type); |
| info->add_threat_entry_types(URL_EXPRESSION); |
| for (const PlatformType p : platforms) { |
| info->add_platform_types(p); |
| } |
| for (const SBPrefix& prefix : prefixes) { |
| std::string hash(reinterpret_cast<const char*>(&prefix), sizeof(SBPrefix)); |
| info->add_threat_entries()->set_hash(hash); |
| } |
| |
| // Serialize and Base64 encode. |
| std::string req_data, req_base64; |
| req.SerializeToString(&req_data); |
| base::Base64Encode(req_data, &req_base64); |
| |
| return req_base64; |
| } |
| |
| bool V4GetHashProtocolManager::ParseHashResponse( |
| const std::string& data, |
| std::vector<SBFullHashResult>* full_hashes, |
| base::TimeDelta* negative_cache_duration) { |
| FindFullHashesResponse response; |
| |
| if (!response.ParseFromString(data)) { |
| RecordParseGetHashResult(PARSE_FROM_STRING_ERROR); |
| return false; |
| } |
| |
| if (response.has_negative_cache_duration()) { |
| // Seconds resolution is good enough so we ignore the nanos field. |
| *negative_cache_duration = base::TimeDelta::FromSeconds( |
| response.negative_cache_duration().seconds()); |
| } |
| |
| if (response.has_minimum_wait_duration()) { |
| // Seconds resolution is good enough so we ignore the nanos field. |
| next_gethash_time_ = |
| Time::Now() + base::TimeDelta::FromSeconds( |
| response.minimum_wait_duration().seconds()); |
| } |
| |
| // We only expect one threat type per request, so we make sure |
| // the threat types are consistent between matches. |
| ThreatType expected_threat_type = THREAT_TYPE_UNSPECIFIED; |
| |
| // Loop over the threat matches and fill in full_hashes. |
| for (const ThreatMatch& match : response.matches()) { |
| // Make sure the platform and threat entry type match. |
| if (!(match.has_threat_entry_type() && |
| match.threat_entry_type() == URL_EXPRESSION && match.has_threat())) { |
| RecordParseGetHashResult(UNEXPECTED_THREAT_ENTRY_TYPE_ERROR); |
| return false; |
| } |
| |
| if (!match.has_threat_type()) { |
| RecordParseGetHashResult(UNEXPECTED_THREAT_TYPE_ERROR); |
| return false; |
| } |
| |
| if (expected_threat_type == THREAT_TYPE_UNSPECIFIED) { |
| expected_threat_type = match.threat_type(); |
| } else if (match.threat_type() != expected_threat_type) { |
| RecordParseGetHashResult(INCONSISTENT_THREAT_TYPE_ERROR); |
| return false; |
| } |
| |
| // Fill in the full hash. |
| SBFullHashResult result; |
| result.hash = StringToSBFullHash(match.threat().hash()); |
| |
| if (match.has_cache_duration()) { |
| // Seconds resolution is good enough so we ignore the nanos field. |
| result.cache_duration = |
| base::TimeDelta::FromSeconds(match.cache_duration().seconds()); |
| } |
| |
| // Different threat types will handle the metadata differently. |
| if (match.threat_type() == API_ABUSE) { |
| if (match.has_platform_type() && |
| match.platform_type() == CHROME_PLATFORM) { |
| if (match.has_threat_entry_metadata()) { |
| // For API Abuse, store a list of the returned permissions. |
| for (const ThreatEntryMetadata::MetadataEntry& m : |
| match.threat_entry_metadata().entries()) { |
| if (m.key() == "permission") { |
| result.metadata.api_permissions.push_back(m.value()); |
| } |
| } |
| } else { |
| RecordParseGetHashResult(NO_METADATA_ERROR); |
| return false; |
| } |
| } else { |
| RecordParseGetHashResult(UNEXPECTED_PLATFORM_TYPE_ERROR); |
| return false; |
| } |
| } else { |
| RecordParseGetHashResult(UNEXPECTED_THREAT_TYPE_ERROR); |
| return false; |
| } |
| |
| full_hashes->push_back(result); |
| } |
| return true; |
| } |
| |
| void V4GetHashProtocolManager::GetFullHashes( |
| const std::vector<SBPrefix>& prefixes, |
| const std::vector<PlatformType>& platforms, |
| ThreatType threat_type, |
| FullHashCallback callback) { |
| DCHECK(CalledOnValidThread()); |
| // We need to wait the minimum waiting duration, and if we are in backoff, |
| // we need to check if we're past the next allowed time. If we are, we can |
| // proceed with the request. If not, we are required to return empty results |
| // (i.e. treat the page as safe). |
| if (Time::Now() <= next_gethash_time_) { |
| if (gethash_error_count_) { |
| RecordGetHashResult(GET_HASH_BACKOFF_ERROR); |
| } else { |
| RecordGetHashResult(GET_HASH_MIN_WAIT_DURATION_ERROR); |
| } |
| std::vector<SBFullHashResult> full_hashes; |
| callback.Run(full_hashes, base::TimeDelta()); |
| return; |
| } |
| |
| std::string req_base64 = GetHashRequest(prefixes, platforms, threat_type); |
| GURL gethash_url = GetHashUrl(req_base64); |
| |
| net::URLFetcher* fetcher = |
| net::URLFetcher::Create(url_fetcher_id_++, gethash_url, |
| net::URLFetcher::GET, this) |
| .release(); |
| hash_requests_[fetcher] = callback; |
| |
| fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE); |
| fetcher->SetRequestContext(request_context_getter_.get()); |
| fetcher->Start(); |
| } |
| |
| void V4GetHashProtocolManager::GetFullHashesWithApis( |
| const std::vector<SBPrefix>& prefixes, |
| FullHashCallback callback) { |
| std::vector<PlatformType> platform = {CHROME_PLATFORM}; |
| GetFullHashes(prefixes, platform, API_ABUSE, callback); |
| } |
| |
| // net::URLFetcherDelegate implementation ---------------------------------- |
| |
| // SafeBrowsing request responses are handled here. |
| void V4GetHashProtocolManager::OnURLFetchComplete( |
| const net::URLFetcher* source) { |
| DCHECK(CalledOnValidThread()); |
| |
| HashRequests::iterator it = hash_requests_.find(source); |
| DCHECK(it != hash_requests_.end()) << "Request not found"; |
| |
| // FindFullHashes response. |
| // Reset the scoped pointer so the fetcher gets destroyed properly. |
| scoped_ptr<const net::URLFetcher> fetcher(it->first); |
| |
| int response_code = source->GetResponseCode(); |
| net::URLRequestStatus status = source->GetStatus(); |
| V4ProtocolManagerUtil::RecordHttpResponseOrErrorCode( |
| kUmaV4HashResponseMetricName, status, response_code); |
| |
| const FullHashCallback& callback = it->second; |
| std::vector<SBFullHashResult> full_hashes; |
| base::TimeDelta negative_cache_duration; |
| if (status.is_success() && response_code == net::HTTP_OK) { |
| RecordGetHashResult(GET_HASH_STATUS_200); |
| ResetGetHashErrors(); |
| std::string data; |
| source->GetResponseAsString(&data); |
| if (!ParseHashResponse(data, &full_hashes, &negative_cache_duration)) { |
| full_hashes.clear(); |
| RecordGetHashResult(GET_HASH_PARSE_ERROR); |
| } |
| } else { |
| HandleGetHashError(Time::Now()); |
| |
| DVLOG(1) << "SafeBrowsing GetEncodedFullHashes request for: " |
| << source->GetURL() << " failed with error: " << status.error() |
| << " and response code: " << response_code; |
| |
| if (status.status() == net::URLRequestStatus::FAILED) { |
| RecordGetHashResult(GET_HASH_NETWORK_ERROR); |
| } else { |
| RecordGetHashResult(GET_HASH_HTTP_ERROR); |
| } |
| } |
| |
| // Invoke the callback with full_hashes, even if there was a parse error or |
| // an error response code (in which case full_hashes will be empty). The |
| // caller can't be blocked indefinitely. |
| callback.Run(full_hashes, negative_cache_duration); |
| |
| hash_requests_.erase(it); |
| } |
| |
| void V4GetHashProtocolManager::HandleGetHashError(const Time& now) { |
| DCHECK(CalledOnValidThread()); |
| base::TimeDelta next = V4ProtocolManagerUtil::GetNextBackOffInterval( |
| &gethash_error_count_, &gethash_back_off_mult_); |
| next_gethash_time_ = now + next; |
| } |
| |
| GURL V4GetHashProtocolManager::GetHashUrl(const std::string& req_base64) const { |
| return V4ProtocolManagerUtil::GetRequestUrl(req_base64, "encodedFullHashes", |
| config_); |
| } |
| |
| |
| } // namespace safe_browsing |
