Google Git
Sign in
chromium / chromium / src / c2f0727826ede5a99b5a828e35ca938b23b62108 / . / components / safe_browsing / realtime / url_lookup_service.cc
blob: 308ff2140d9b3c2967bd1590dcaed4fee5294767 [file] [log] [blame]
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/safe_browsing/realtime/url_lookup_service.h"
#include "base/base64url.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/string_piece.h"
#include "base/time/time.h"
#include "components/safe_browsing/db/v4_protocol_manager_util.h"
#include "content/public/browser/browser_thread.h"
#include "net/base/ip_address.h"
#include "net/base/load_flags.h"
#include "net/base/url_util.h"
#include "net/http/http_status_code.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
#include "services/network/public/cpp/simple_url_loader.h"
namespace safe_browsing {
namespace {
const char kRealTimeLookupUrlPrefix[] =
"https://safebrowsing.google.com/safebrowsing/clientreport/realtime";
const size_t kMaxFailuresToEnforceBackoff = 3;
const size_t kMinBackOffResetDurationInSeconds = 5 * 60; // 5 minutes.
const size_t kMaxBackOffResetDurationInSeconds = 30 * 60; // 30 minutes.
const size_t kURLLookupTimeoutDurationInSeconds = 10; // 10 seconds.
// Fragements, usernames and passwords are removed, becuase fragments are only
// used for local navigations and usernames/passwords are too privacy sensitive.
GURL SanitizeURL(const GURL& url) {
GURL::Replacements replacements;
replacements.ClearRef();
replacements.ClearUsername();
replacements.ClearPassword();
return url.ReplaceComponents(replacements);
}
} // namespace
RealTimeUrlLookupService::RealTimeUrlLookupService(
scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory)
: url_loader_factory_(url_loader_factory) {}
void RealTimeUrlLookupService::StartLookup(
const GURL& url,
RTLookupRequestCallback request_callback,
RTLookupResponseCallback response_callback) {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
DCHECK(url.is_valid());
std::unique_ptr<RTLookupRequest> request = FillRequestProto(url);
std::string req_data;
request->SerializeToString(&req_data);
net::NetworkTrafficAnnotationTag traffic_annotation =
net::DefineNetworkTrafficAnnotation("safe_browsing_realtime_url_lookup",
R"(
semantics {
sender: "Safe Browsing"
description:
"When Safe Browsing can't detect that a URL is safe based on its "
"local database, it sends the top-level URL to Google to verify it "
"before showing a warning to the user."
trigger:
"When a main frame URL fails to match the local hash-prefix "
"database of known safe URLs and a valid result from a prior "
"lookup is not already cached, this will be sent."
data: "The main frame URL that did not match the local safelist."
destination: GOOGLE_OWNED_SERVICE
}
policy {
cookies_allowed: YES
cookies_store: "Safe Browsing cookie store"
setting:
"Users can disable Safe Browsing real time URL checks by "
"unchecking 'Protect you and your device from dangerous sites' in "
"Chromium settings under Privacy, or by unchecking 'Make searches "
"and browsing better (Sends URLs of pages you visit to Google)' in "
"Chromium settings under Privacy."
chrome_policy {
SafeBrowsingRealTimeLookupEnabled {
policy_options {mode: MANDATORY}
SafeBrowsingRealTimeLookupEnabled: false
}
}
})");
auto resource_request = std::make_unique<network::ResourceRequest>();
resource_request->url = GURL(kRealTimeLookupUrlPrefix);
resource_request->load_flags = net::LOAD_DISABLE_CACHE;
resource_request->method = "POST";
std::unique_ptr<network::SimpleURLLoader> owned_loader =
network::SimpleURLLoader::Create(std::move(resource_request),
traffic_annotation);
network::SimpleURLLoader* loader = owned_loader.get();
owned_loader->AttachStringForUpload(req_data, "application/octet-stream");
owned_loader->SetTimeoutDuration(
base::TimeDelta::FromSeconds(kURLLookupTimeoutDurationInSeconds));
owned_loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
url_loader_factory_.get(),
base::BindOnce(&RealTimeUrlLookupService::OnURLLoaderComplete,
GetWeakPtr(), loader, base::TimeTicks::Now()));
pending_requests_[owned_loader.release()] = std::move(response_callback);
std::move(request_callback).Run(std::move(request));
}
RealTimeUrlLookupService::~RealTimeUrlLookupService() {
for (auto& pending : pending_requests_) {
// An empty response is treated as safe.
auto response = std::make_unique<RTLookupResponse>();
std::move(pending.second).Run(std::move(response));
delete pending.first;
}
pending_requests_.clear();
}
void RealTimeUrlLookupService::OnURLLoaderComplete(
network::SimpleURLLoader* url_loader,
base::TimeTicks request_start_time,
std::unique_ptr<std::string> response_body) {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
auto it = pending_requests_.find(url_loader);
DCHECK(it != pending_requests_.end()) << "Request not found";
UMA_HISTOGRAM_TIMES("SafeBrowsing.RT.Network.Time",
base::TimeTicks::Now() - request_start_time);
int net_error = url_loader->NetError();
int response_code = 0;
if (url_loader->ResponseInfo() && url_loader->ResponseInfo()->headers)
response_code = url_loader->ResponseInfo()->headers->response_code();
V4ProtocolManagerUtil::RecordHttpResponseOrErrorCode(
"SafeBrowsing.RT.Network.Result", net_error, response_code);
auto response = std::make_unique<RTLookupResponse>();
bool success = (net_error == net::OK) && (response_code == net::HTTP_OK) &&
response->ParseFromString(*response_body);
success ? HandleLookupSuccess() : HandleLookupError();
std::move(it->second).Run(std::move(response));
delete it->first;
pending_requests_.erase(it);
}
bool RealTimeUrlLookupService::CanCheckUrl(const GURL& url) const {
if (!url.SchemeIsHTTPOrHTTPS()) {
return false;
}
if (net::IsLocalhost(url)) {
// Includes: "//localhost/", "//localhost.localdomain/", "//127.0.0.1/"
return false;
}
net::IPAddress ip_address;
if (url.HostIsIPAddress() && ip_address.AssignFromIPLiteral(url.host()) &&
!ip_address.IsPubliclyRoutable()) {
// Includes: "//192.168.1.1/", "//172.16.2.2/", "//10.1.1.1/"
return false;
}
return true;
}
std::unique_ptr<RTLookupRequest> RealTimeUrlLookupService::FillRequestProto(
const GURL& url) {
auto request = std::make_unique<RTLookupRequest>();
request->set_url(SanitizeURL(url).spec());
request->set_lookup_type(RTLookupRequest::NAVIGATION);
// TODO(crbug.com/1017499): Set ChromeUserPopulation.
return request;
}
size_t RealTimeUrlLookupService::GetBackoffDurationInSeconds() const {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
return did_successful_lookup_since_last_backoff_
? kMinBackOffResetDurationInSeconds
: std::min(kMaxBackOffResetDurationInSeconds,
2 * next_backoff_duration_secs_);
}
void RealTimeUrlLookupService::HandleLookupError() {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
consecutive_failures_++;
// Any successful lookup clears both |consecutive_failures_| as well as
// |did_successful_lookup_since_last_backoff_|.
// On a failure, the following happens:
// 1) if |consecutive_failures_| < |kMaxFailuresToEnforceBackoff|:
// Do nothing more.
// 2) if already in the backoff mode:
// Do nothing more. This can happen if we had some outstanding real time
// requests in flight when we entered the backoff mode.
// 3) if |did_successful_lookup_since_last_backoff_| is true:
// Enter backoff mode for |kMinBackOffResetDurationInSeconds| seconds.
// 4) if |did_successful_lookup_since_last_backoff_| is false:
// This indicates that we've had |kMaxFailuresToEnforceBackoff| since
// exiting the last backoff with no successful lookups since so do an
// exponential backoff.
if (consecutive_failures_ < kMaxFailuresToEnforceBackoff)
return;
if (IsInBackoffMode()) {
return;
}
// Enter backoff mode, calculate duration.
next_backoff_duration_secs_ = GetBackoffDurationInSeconds();
backoff_timer_.Start(
FROM_HERE, base::TimeDelta::FromSeconds(next_backoff_duration_secs_),
this, &RealTimeUrlLookupService::ResetFailures);
did_successful_lookup_since_last_backoff_ = false;
}
void RealTimeUrlLookupService::HandleLookupSuccess() {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
ResetFailures();
// |did_successful_lookup_since_last_backoff_| is set to true only when we
// complete a lookup successfully.
did_successful_lookup_since_last_backoff_ = true;
}
bool RealTimeUrlLookupService::IsInBackoffMode() const {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
return backoff_timer_.IsRunning();
}
void RealTimeUrlLookupService::ResetFailures() {
DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
consecutive_failures_ = 0;
backoff_timer_.Stop();
}
// static
SBThreatType RealTimeUrlLookupService::GetSBThreatTypeForRTThreatType(
RTLookupResponse::ThreatInfo::ThreatType rt_threat_type) {
switch (rt_threat_type) {
case RTLookupResponse::ThreatInfo::WEB_MALWARE:
return SB_THREAT_TYPE_URL_MALWARE;
case RTLookupResponse::ThreatInfo::SOCIAL_ENGINEERING:
return SB_THREAT_TYPE_URL_PHISHING;
case RTLookupResponse::ThreatInfo::UNWANTED_SOFTWARE:
return SB_THREAT_TYPE_URL_UNWANTED;
case RTLookupResponse::ThreatInfo::UNCLEAR_BILLING:
return SB_THREAT_TYPE_BILLING;
case RTLookupResponse::ThreatInfo::THREAT_TYPE_UNSPECIFIED:
NOTREACHED() << "Unexpected RTLookupResponse::ThreatType encountered";
return SB_THREAT_TYPE_SAFE;
}
}
base::WeakPtr<RealTimeUrlLookupService> RealTimeUrlLookupService::GetWeakPtr() {
return weak_factory_.GetWeakPtr();
}
} // namespace safe_browsing