1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 // Helper class which handles communication with the SafeBrowsing servers for 6 // improved binary download protection. 7 8 #ifndef CHROME_BROWSER_SAFE_BROWSING_DOWNLOAD_PROTECTION_SERVICE_H_ 9 #define CHROME_BROWSER_SAFE_BROWSING_DOWNLOAD_PROTECTION_SERVICE_H_ 10 11 #include <set> 12 #include <string> 13 #include <vector> 14 15 #include "base/basictypes.h" 16 #include "base/callback.h" 17 #include "base/files/file_path.h" 18 #include "base/gtest_prod_util.h" 19 #include "base/memory/ref_counted.h" 20 #include "chrome/browser/safe_browsing/database_manager.h" 21 #include "chrome/browser/safe_browsing/ui_manager.h" 22 #include "url/gurl.h" 23 24 25 namespace content { 26 class DownloadItem; 27 class PageNavigator; 28 } 29 30 namespace net { 31 class URLRequestContextGetter; 32 class X509Certificate; 33 } // namespace net 34 35 namespace safe_browsing { 36 class DownloadFeedbackService; 37 class BinaryFeatureExtractor; 38 39 // This class provides an asynchronous API to check whether a particular 40 // client download is malicious or not. 41 class DownloadProtectionService { 42 public: 43 enum DownloadCheckResult { 44 SAFE, 45 DANGEROUS, 46 UNCOMMON, 47 DANGEROUS_HOST, 48 POTENTIALLY_UNWANTED 49 }; 50 51 // Callback type which is invoked once the download request is done. 52 typedef base::Callback<void(DownloadCheckResult)> CheckDownloadCallback; 53 54 // Creates a download service. The service is initially disabled. You need 55 // to call SetEnabled() to start it. |sb_service| owns this object; we 56 // keep a reference to |request_context_getter|. 57 DownloadProtectionService( 58 SafeBrowsingService* sb_service, 59 net::URLRequestContextGetter* request_context_getter); 60 61 virtual ~DownloadProtectionService(); 62 63 // Checks whether the given client download is likely to be malicious or not. 64 // The result is delivered asynchronously via the given callback. This 65 // method must be called on the UI thread, and the callback will also be 66 // invoked on the UI thread. This method must be called once the download 67 // is finished and written to disk. 68 virtual void CheckClientDownload(content::DownloadItem* item, 69 const CheckDownloadCallback& callback); 70 71 // Checks whether any of the URLs in the redirect chain of the 72 // download match the SafeBrowsing bad binary URL list. The result is 73 // delivered asynchronously via the given callback. This method must be 74 // called on the UI thread, and the callback will also be invoked on the UI 75 // thread. Pre-condition: !info.download_url_chain.empty(). 76 virtual void CheckDownloadUrl(const content::DownloadItem& item, 77 const CheckDownloadCallback& callback); 78 79 // Returns true iff the download specified by |info| should be scanned by 80 // CheckClientDownload() for malicious content. 81 virtual bool IsSupportedDownload(const content::DownloadItem& item, 82 const base::FilePath& target_path) const; 83 84 // Display more information to the user regarding the download specified by 85 // |info|. This method is invoked when the user requests more information 86 // about a download that was marked as malicious. 87 void ShowDetailsForDownload(const content::DownloadItem& item, 88 content::PageNavigator* navigator); 89 90 // Enables or disables the service. This is usually called by the 91 // SafeBrowsingService, which tracks whether any profile uses these services 92 // at all. Disabling causes any pending and future requests to have their 93 // callbacks called with "SAFE" results. 94 void SetEnabled(bool enabled); 95 enabled()96 bool enabled() const { 97 return enabled_; 98 } 99 100 // Returns the timeout that is used by CheckClientDownload(). download_request_timeout_ms()101 int64 download_request_timeout_ms() const { 102 return download_request_timeout_ms_; 103 } 104 feedback_service()105 DownloadFeedbackService* feedback_service() { 106 return feedback_service_.get(); 107 } 108 109 protected: 110 // Enum to keep track why a particular download verdict was chosen. 111 // This is used to keep some stats around. 112 enum DownloadCheckResultReason { 113 REASON_INVALID_URL, 114 REASON_SB_DISABLED, 115 REASON_WHITELISTED_URL, 116 REASON_WHITELISTED_REFERRER, 117 REASON_INVALID_REQUEST_PROTO, 118 REASON_SERVER_PING_FAILED, 119 REASON_INVALID_RESPONSE_PROTO, 120 REASON_NOT_BINARY_FILE, 121 REASON_REQUEST_CANCELED, 122 REASON_DOWNLOAD_DANGEROUS, 123 REASON_DOWNLOAD_SAFE, 124 REASON_EMPTY_URL_CHAIN, 125 DEPRECATED_REASON_HTTPS_URL, 126 REASON_PING_DISABLED, 127 REASON_TRUSTED_EXECUTABLE, 128 REASON_OS_NOT_SUPPORTED, 129 REASON_DOWNLOAD_UNCOMMON, 130 REASON_DOWNLOAD_NOT_SUPPORTED, 131 REASON_INVALID_RESPONSE_VERDICT, 132 REASON_ARCHIVE_WITHOUT_BINARIES, 133 REASON_DOWNLOAD_DANGEROUS_HOST, 134 REASON_DOWNLOAD_POTENTIALLY_UNWANTED, 135 REASON_MAX // Always add new values before this one. 136 }; 137 138 private: 139 class CheckClientDownloadRequest; // Per-request state 140 friend class DownloadProtectionServiceTest; 141 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 142 CheckClientDownloadWhitelistedUrl); 143 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 144 CheckClientDownloadValidateRequest); 145 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 146 CheckClientDownloadSuccess); 147 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 148 CheckClientDownloadHTTPS); 149 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 150 CheckClientDownloadZip); 151 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 152 CheckClientDownloadFetchFailed); 153 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 154 TestDownloadRequestTimeout); 155 FRIEND_TEST_ALL_PREFIXES(DownloadProtectionServiceTest, 156 CheckClientCrxDownloadSuccess); 157 static const char kDownloadRequestUrl[]; 158 159 // Cancels all requests in |download_requests_|, and empties it, releasing 160 // the references to the requests. 161 void CancelPendingRequests(); 162 163 // Called by a CheckClientDownloadRequest instance when it finishes, to 164 // remove it from |download_requests_|. 165 void RequestFinished(CheckClientDownloadRequest* request); 166 167 // Given a certificate and its immediate issuer certificate, generates the 168 // list of strings that need to be checked against the download whitelist to 169 // determine whether the certificate is whitelisted. 170 static void GetCertificateWhitelistStrings( 171 const net::X509Certificate& certificate, 172 const net::X509Certificate& issuer, 173 std::vector<std::string>* whitelist_strings); 174 175 // Returns the URL that will be used for download requests. 176 static GURL GetDownloadRequestUrl(); 177 178 // These pointers may be NULL if SafeBrowsing is disabled. 179 scoped_refptr<SafeBrowsingUIManager> ui_manager_; 180 scoped_refptr<SafeBrowsingDatabaseManager> database_manager_; 181 182 // The context we use to issue network requests. 183 scoped_refptr<net::URLRequestContextGetter> request_context_getter_; 184 185 // Map of client download request to the corresponding callback that 186 // has to be invoked when the request is done. This map contains all 187 // pending server requests. 188 std::set<scoped_refptr<CheckClientDownloadRequest> > download_requests_; 189 190 // Keeps track of the state of the service. 191 bool enabled_; 192 193 // BinaryFeatureExtractor object, may be overridden for testing. 194 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor_; 195 196 int64 download_request_timeout_ms_; 197 198 scoped_ptr<DownloadFeedbackService> feedback_service_; 199 200 DISALLOW_COPY_AND_ASSIGN(DownloadProtectionService); 201 }; 202 } // namespace safe_browsing 203 204 #endif // CHROME_BROWSER_SAFE_BROWSING_DOWNLOAD_PROTECTION_SERVICE_H_ 205