• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "chrome/browser/safe_browsing/protocol_manager.h"
6 
7 #include "base/environment.h"
8 #include "base/logging.h"
9 #include "base/memory/scoped_vector.h"
10 #include "base/metrics/histogram.h"
11 #include "base/rand_util.h"
12 #include "base/stl_util.h"
13 #include "base/strings/string_util.h"
14 #include "base/strings/stringprintf.h"
15 #include "base/timer/timer.h"
16 #include "chrome/browser/safe_browsing/protocol_parser.h"
17 #include "chrome/common/chrome_version_info.h"
18 #include "chrome/common/env_vars.h"
19 #include "google_apis/google_api_keys.h"
20 #include "net/base/escape.h"
21 #include "net/base/load_flags.h"
22 #include "net/base/net_errors.h"
23 #include "net/url_request/url_fetcher.h"
24 #include "net/url_request/url_request_context_getter.h"
25 #include "net/url_request/url_request_status.h"
26 
27 #if defined(OS_ANDROID)
28 #include "net/base/network_change_notifier.h"
29 #endif
30 
31 using base::Time;
32 using base::TimeDelta;
33 
34 namespace {
35 
36 // UpdateResult indicates what happened with the primary and/or backup update
37 // requests. The ordering of the values must stay the same for UMA consistency,
38 // and is also ordered in this way to match ProtocolManager::BackupUpdateReason.
39 enum UpdateResult {
40   UPDATE_RESULT_FAIL,
41   UPDATE_RESULT_SUCCESS,
42   UPDATE_RESULT_BACKUP_CONNECT_FAIL,
43   UPDATE_RESULT_BACKUP_CONNECT_SUCCESS,
44   UPDATE_RESULT_BACKUP_HTTP_FAIL,
45   UPDATE_RESULT_BACKUP_HTTP_SUCCESS,
46   UPDATE_RESULT_BACKUP_NETWORK_FAIL,
47   UPDATE_RESULT_BACKUP_NETWORK_SUCCESS,
48   UPDATE_RESULT_MAX,
49   UPDATE_RESULT_BACKUP_START = UPDATE_RESULT_BACKUP_CONNECT_FAIL,
50 };
51 
RecordUpdateResult(UpdateResult result)52 void RecordUpdateResult(UpdateResult result) {
53   DCHECK(result >= 0 && result < UPDATE_RESULT_MAX);
54   UMA_HISTOGRAM_ENUMERATION("SB2.UpdateResult", result, UPDATE_RESULT_MAX);
55 }
56 
57 }  // namespace
58 
59 // Minimum time, in seconds, from start up before we must issue an update query.
60 static const int kSbTimerStartIntervalSecMin = 60;
61 
62 // Maximum time, in seconds, from start up before we must issue an update query.
63 static const int kSbTimerStartIntervalSecMax = 300;
64 
65 // The maximum time, in seconds, to wait for a response to an update request.
66 static const int kSbMaxUpdateWaitSec = 30;
67 
68 // Maximum back off multiplier.
69 static const size_t kSbMaxBackOff = 8;
70 
71 // The default SBProtocolManagerFactory.
72 class SBProtocolManagerFactoryImpl : public SBProtocolManagerFactory {
73  public:
SBProtocolManagerFactoryImpl()74   SBProtocolManagerFactoryImpl() { }
~SBProtocolManagerFactoryImpl()75   virtual ~SBProtocolManagerFactoryImpl() { }
CreateProtocolManager(SafeBrowsingProtocolManagerDelegate * delegate,net::URLRequestContextGetter * request_context_getter,const SafeBrowsingProtocolConfig & config)76   virtual SafeBrowsingProtocolManager* CreateProtocolManager(
77       SafeBrowsingProtocolManagerDelegate* delegate,
78       net::URLRequestContextGetter* request_context_getter,
79       const SafeBrowsingProtocolConfig& config) OVERRIDE {
80     return new SafeBrowsingProtocolManager(
81         delegate, request_context_getter, config);
82   }
83  private:
84   DISALLOW_COPY_AND_ASSIGN(SBProtocolManagerFactoryImpl);
85 };
86 
87 // SafeBrowsingProtocolManager implementation ----------------------------------
88 
89 // static
90 SBProtocolManagerFactory* SafeBrowsingProtocolManager::factory_ = NULL;
91 
92 // static
Create(SafeBrowsingProtocolManagerDelegate * delegate,net::URLRequestContextGetter * request_context_getter,const SafeBrowsingProtocolConfig & config)93 SafeBrowsingProtocolManager* SafeBrowsingProtocolManager::Create(
94     SafeBrowsingProtocolManagerDelegate* delegate,
95     net::URLRequestContextGetter* request_context_getter,
96     const SafeBrowsingProtocolConfig& config) {
97   if (!factory_)
98     factory_ = new SBProtocolManagerFactoryImpl();
99   return factory_->CreateProtocolManager(
100       delegate, request_context_getter, config);
101 }
102 
SafeBrowsingProtocolManager(SafeBrowsingProtocolManagerDelegate * delegate,net::URLRequestContextGetter * request_context_getter,const SafeBrowsingProtocolConfig & config)103 SafeBrowsingProtocolManager::SafeBrowsingProtocolManager(
104     SafeBrowsingProtocolManagerDelegate* delegate,
105     net::URLRequestContextGetter* request_context_getter,
106     const SafeBrowsingProtocolConfig& config)
107     : delegate_(delegate),
108       request_type_(NO_REQUEST),
109       update_error_count_(0),
110       gethash_error_count_(0),
111       update_back_off_mult_(1),
112       gethash_back_off_mult_(1),
113       next_update_interval_(base::TimeDelta::FromSeconds(
114           base::RandInt(kSbTimerStartIntervalSecMin,
115                         kSbTimerStartIntervalSecMax))),
116       update_state_(FIRST_REQUEST),
117       chunk_pending_to_write_(false),
118       version_(config.version),
119       update_size_(0),
120       client_name_(config.client_name),
121       request_context_getter_(request_context_getter),
122       url_prefix_(config.url_prefix),
123       backup_update_reason_(BACKUP_UPDATE_REASON_MAX),
124       disable_auto_update_(config.disable_auto_update),
125 #if defined(OS_ANDROID)
126       disable_connection_check_(config.disable_connection_check),
127 #endif
128       url_fetcher_id_(0),
129       app_in_foreground_(true) {
130   DCHECK(!url_prefix_.empty());
131 
132   backup_url_prefixes_[BACKUP_UPDATE_REASON_CONNECT] =
133       config.backup_connect_error_url_prefix;
134   backup_url_prefixes_[BACKUP_UPDATE_REASON_HTTP] =
135       config.backup_http_error_url_prefix;
136   backup_url_prefixes_[BACKUP_UPDATE_REASON_NETWORK] =
137       config.backup_network_error_url_prefix;
138 
139   // Set the backoff multiplier fuzz to a random value between 0 and 1.
140   back_off_fuzz_ = static_cast<float>(base::RandDouble());
141   if (version_.empty())
142     version_ = SafeBrowsingProtocolManagerHelper::Version();
143 }
144 
145 // static
RecordGetHashResult(bool is_download,ResultType result_type)146 void SafeBrowsingProtocolManager::RecordGetHashResult(
147     bool is_download, ResultType result_type) {
148   if (is_download) {
149     UMA_HISTOGRAM_ENUMERATION("SB2.GetHashResultDownload", result_type,
150                               GET_HASH_RESULT_MAX);
151   } else {
152     UMA_HISTOGRAM_ENUMERATION("SB2.GetHashResult", result_type,
153                               GET_HASH_RESULT_MAX);
154   }
155 }
156 
IsUpdateScheduled() const157 bool SafeBrowsingProtocolManager::IsUpdateScheduled() const {
158   return update_timer_.IsRunning();
159 }
160 
~SafeBrowsingProtocolManager()161 SafeBrowsingProtocolManager::~SafeBrowsingProtocolManager() {
162   // Delete in-progress SafeBrowsing requests.
163   STLDeleteContainerPairFirstPointers(hash_requests_.begin(),
164                                       hash_requests_.end());
165   hash_requests_.clear();
166 }
167 
168 // We can only have one update or chunk request outstanding, but there may be
169 // multiple GetHash requests pending since we don't want to serialize them and
170 // slow down the user.
GetFullHash(const std::vector<SBPrefix> & prefixes,FullHashCallback callback,bool is_download)171 void SafeBrowsingProtocolManager::GetFullHash(
172     const std::vector<SBPrefix>& prefixes,
173     FullHashCallback callback,
174     bool is_download) {
175   DCHECK(CalledOnValidThread());
176   // If we are in GetHash backoff, we need to check if we're past the next
177   // allowed time. If we are, we can proceed with the request. If not, we are
178   // required to return empty results (i.e. treat the page as safe).
179   if (gethash_error_count_ && Time::Now() <= next_gethash_time_) {
180     RecordGetHashResult(is_download, GET_HASH_BACKOFF_ERROR);
181     std::vector<SBFullHashResult> full_hashes;
182     callback.Run(full_hashes, base::TimeDelta());
183     return;
184   }
185   GURL gethash_url = GetHashUrl();
186   net::URLFetcher* fetcher = net::URLFetcher::Create(
187       url_fetcher_id_++, gethash_url, net::URLFetcher::POST, this);
188   hash_requests_[fetcher] = FullHashDetails(callback, is_download);
189 
190   const std::string get_hash = safe_browsing::FormatGetHash(prefixes);
191 
192   fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);
193   fetcher->SetRequestContext(request_context_getter_.get());
194   fetcher->SetUploadData("text/plain", get_hash);
195   fetcher->Start();
196 }
197 
GetNextUpdate()198 void SafeBrowsingProtocolManager::GetNextUpdate() {
199   DCHECK(CalledOnValidThread());
200   if (request_.get() || request_type_ != NO_REQUEST)
201     return;
202 
203 #if defined(OS_ANDROID)
204   if (!disable_connection_check_) {
205     net::NetworkChangeNotifier::ConnectionType type =
206       net::NetworkChangeNotifier::GetConnectionType();
207     if (type != net::NetworkChangeNotifier::CONNECTION_WIFI) {
208       ScheduleNextUpdate(false /* no back off */);
209       return;
210     }
211   }
212 #endif
213 
214   IssueUpdateRequest();
215 }
216 
217 // net::URLFetcherDelegate implementation ----------------------------------
218 
219 // All SafeBrowsing request responses are handled here.
220 // TODO(paulg): Clarify with the SafeBrowsing team whether a failed parse of a
221 //              chunk should retry the download and parse of that chunk (and
222 //              what back off / how many times to try), and if that effects the
223 //              update back off. For now, a failed parse of the chunk means we
224 //              drop it. This isn't so bad because the next UPDATE_REQUEST we
225 //              do will report all the chunks we have. If that chunk is still
226 //              required, the SafeBrowsing servers will tell us to get it again.
OnURLFetchComplete(const net::URLFetcher * source)227 void SafeBrowsingProtocolManager::OnURLFetchComplete(
228     const net::URLFetcher* source) {
229   DCHECK(CalledOnValidThread());
230   scoped_ptr<const net::URLFetcher> fetcher;
231 
232   HashRequests::iterator it = hash_requests_.find(source);
233   if (it != hash_requests_.end()) {
234     // GetHash response.
235     fetcher.reset(it->first);
236     const FullHashDetails& details = it->second;
237     std::vector<SBFullHashResult> full_hashes;
238     base::TimeDelta cache_lifetime;
239     if (source->GetStatus().is_success() &&
240         (source->GetResponseCode() == 200 ||
241          source->GetResponseCode() == 204)) {
242       // For tracking our GetHash false positive (204) rate, compared to real
243       // (200) responses.
244       if (source->GetResponseCode() == 200)
245         RecordGetHashResult(details.is_download, GET_HASH_STATUS_200);
246       else
247         RecordGetHashResult(details.is_download, GET_HASH_STATUS_204);
248 
249       gethash_error_count_ = 0;
250       gethash_back_off_mult_ = 1;
251       std::string data;
252       source->GetResponseAsString(&data);
253       if (!safe_browsing::ParseGetHash(
254               data.data(), data.length(), &cache_lifetime, &full_hashes)) {
255         full_hashes.clear();
256         RecordGetHashResult(details.is_download, GET_HASH_PARSE_ERROR);
257         // TODO(cbentzel): Should cache_lifetime be set to 0 here? (See
258         // http://crbug.com/360232.)
259       }
260     } else {
261       HandleGetHashError(Time::Now());
262       if (source->GetStatus().status() == net::URLRequestStatus::FAILED) {
263         RecordGetHashResult(details.is_download, GET_HASH_NETWORK_ERROR);
264         VLOG(1) << "SafeBrowsing GetHash request for: " << source->GetURL()
265                 << " failed with error: " << source->GetStatus().error();
266       } else {
267         RecordGetHashResult(details.is_download, GET_HASH_HTTP_ERROR);
268         VLOG(1) << "SafeBrowsing GetHash request for: " << source->GetURL()
269                 << " failed with error: " << source->GetResponseCode();
270       }
271     }
272 
273     // Invoke the callback with full_hashes, even if there was a parse error or
274     // an error response code (in which case full_hashes will be empty). The
275     // caller can't be blocked indefinitely.
276     details.callback.Run(full_hashes, cache_lifetime);
277 
278     hash_requests_.erase(it);
279   } else {
280     // Update or chunk response.
281     fetcher.reset(request_.release());
282 
283     if (request_type_ == UPDATE_REQUEST ||
284         request_type_ == BACKUP_UPDATE_REQUEST) {
285       if (!fetcher.get()) {
286         // We've timed out waiting for an update response, so we've cancelled
287         // the update request and scheduled a new one. Ignore this response.
288         return;
289       }
290 
291       // Cancel the update response timeout now that we have the response.
292       timeout_timer_.Stop();
293     }
294 
295     net::URLRequestStatus status = source->GetStatus();
296     if (status.is_success() && source->GetResponseCode() == 200) {
297       // We have data from the SafeBrowsing service.
298       std::string data;
299       source->GetResponseAsString(&data);
300 
301       // TODO(shess): Cleanup the flow of this code so that |parsed_ok| can be
302       // removed or omitted.
303       const bool parsed_ok = HandleServiceResponse(
304           source->GetURL(), data.data(), data.length());
305       if (!parsed_ok) {
306         VLOG(1) << "SafeBrowsing request for: " << source->GetURL()
307                 << " failed parse.";
308         chunk_request_urls_.clear();
309         if (request_type_ == UPDATE_REQUEST &&
310             IssueBackupUpdateRequest(BACKUP_UPDATE_REASON_HTTP)) {
311           return;
312         }
313         UpdateFinished(false);
314       }
315 
316       switch (request_type_) {
317         case CHUNK_REQUEST:
318           if (parsed_ok) {
319             chunk_request_urls_.pop_front();
320             if (chunk_request_urls_.empty() && !chunk_pending_to_write_)
321               UpdateFinished(true);
322           }
323           break;
324         case UPDATE_REQUEST:
325         case BACKUP_UPDATE_REQUEST:
326           if (chunk_request_urls_.empty() && parsed_ok) {
327             // We are up to date since the servers gave us nothing new, so we
328             // are done with this update cycle.
329             UpdateFinished(true);
330           }
331           break;
332         case NO_REQUEST:
333           // This can happen if HandleServiceResponse fails above.
334           break;
335         default:
336           NOTREACHED();
337           break;
338       }
339     } else {
340       if (status.status() == net::URLRequestStatus::FAILED) {
341         VLOG(1) << "SafeBrowsing request for: " << source->GetURL()
342                 << " failed with error: " << source->GetStatus().error();
343       } else {
344         VLOG(1) << "SafeBrowsing request for: " << source->GetURL()
345                 << " failed with error: " << source->GetResponseCode();
346       }
347       if (request_type_ == CHUNK_REQUEST) {
348         // The SafeBrowsing service error, or very bad response code: back off.
349         chunk_request_urls_.clear();
350       } else if (request_type_ == UPDATE_REQUEST) {
351         BackupUpdateReason backup_update_reason = BACKUP_UPDATE_REASON_MAX;
352         if (status.is_success()) {
353           backup_update_reason = BACKUP_UPDATE_REASON_HTTP;
354         } else {
355           switch (status.error()) {
356             case net::ERR_INTERNET_DISCONNECTED:
357             case net::ERR_NETWORK_CHANGED:
358               backup_update_reason = BACKUP_UPDATE_REASON_NETWORK;
359               break;
360             default:
361               backup_update_reason = BACKUP_UPDATE_REASON_CONNECT;
362               break;
363           }
364         }
365         if (backup_update_reason != BACKUP_UPDATE_REASON_MAX &&
366             IssueBackupUpdateRequest(backup_update_reason)) {
367           return;
368         }
369       }
370       UpdateFinished(false);
371     }
372   }
373 
374   // Get the next chunk if available.
375   IssueChunkRequest();
376 }
377 
HandleServiceResponse(const GURL & url,const char * data,size_t length)378 bool SafeBrowsingProtocolManager::HandleServiceResponse(
379     const GURL& url, const char* data, size_t length) {
380   DCHECK(CalledOnValidThread());
381 
382   switch (request_type_) {
383     case UPDATE_REQUEST:
384     case BACKUP_UPDATE_REQUEST: {
385       size_t next_update_sec = 0;
386       bool reset = false;
387       scoped_ptr<std::vector<SBChunkDelete> > chunk_deletes(
388           new std::vector<SBChunkDelete>);
389       std::vector<ChunkUrl> chunk_urls;
390       if (!safe_browsing::ParseUpdate(data, length, &next_update_sec, &reset,
391                                       chunk_deletes.get(), &chunk_urls)) {
392         return false;
393       }
394 
395       base::TimeDelta next_update_interval =
396           base::TimeDelta::FromSeconds(next_update_sec);
397       last_update_ = Time::Now();
398 
399       if (update_state_ == FIRST_REQUEST)
400         update_state_ = SECOND_REQUEST;
401       else if (update_state_ == SECOND_REQUEST)
402         update_state_ = NORMAL_REQUEST;
403 
404       // New time for the next update.
405       if (next_update_interval > base::TimeDelta()) {
406         next_update_interval_ = next_update_interval;
407       } else if (update_state_ == SECOND_REQUEST) {
408         next_update_interval_ = base::TimeDelta::FromSeconds(
409             base::RandInt(15, 45));
410       }
411 
412       // New chunks to download.
413       if (!chunk_urls.empty()) {
414         UMA_HISTOGRAM_COUNTS("SB2.UpdateUrls", chunk_urls.size());
415         for (size_t i = 0; i < chunk_urls.size(); ++i)
416           chunk_request_urls_.push_back(chunk_urls[i]);
417       }
418 
419       // Handle the case were the SafeBrowsing service tells us to dump our
420       // database.
421       if (reset) {
422         delegate_->ResetDatabase();
423         return true;
424       }
425 
426       // Chunks to delete from our storage.
427       if (!chunk_deletes->empty())
428         delegate_->DeleteChunks(chunk_deletes.Pass());
429 
430       break;
431     }
432     case CHUNK_REQUEST: {
433       UMA_HISTOGRAM_TIMES("SB2.ChunkRequest",
434                           base::Time::Now() - chunk_request_start_);
435 
436       const ChunkUrl chunk_url = chunk_request_urls_.front();
437       scoped_ptr<ScopedVector<SBChunkData> >
438           chunks(new ScopedVector<SBChunkData>);
439       UMA_HISTOGRAM_COUNTS("SB2.ChunkSize", length);
440       update_size_ += length;
441       if (!safe_browsing::ParseChunk(data, length, chunks.get()))
442         return false;
443 
444       // Chunks to add to storage.  Pass ownership of |chunks|.
445       if (!chunks->empty()) {
446         chunk_pending_to_write_ = true;
447         delegate_->AddChunks(
448             chunk_url.list_name, chunks.Pass(),
449             base::Bind(&SafeBrowsingProtocolManager::OnAddChunksComplete,
450                        base::Unretained(this)));
451       }
452 
453       break;
454     }
455 
456     default:
457       return false;
458   }
459 
460   return true;
461 }
462 
Initialize()463 void SafeBrowsingProtocolManager::Initialize() {
464   DCHECK(CalledOnValidThread());
465   // Don't want to hit the safe browsing servers on build/chrome bots.
466   scoped_ptr<base::Environment> env(base::Environment::Create());
467   if (env->HasVar(env_vars::kHeadless))
468     return;
469   ScheduleNextUpdate(false /* no back off */);
470 }
471 
ScheduleNextUpdate(bool back_off)472 void SafeBrowsingProtocolManager::ScheduleNextUpdate(bool back_off) {
473   DCHECK(CalledOnValidThread());
474   if (disable_auto_update_) {
475     // Unschedule any current timer.
476     update_timer_.Stop();
477     return;
478   }
479   // Reschedule with the new update.
480   base::TimeDelta next_update_interval = GetNextUpdateInterval(back_off);
481   ForceScheduleNextUpdate(next_update_interval);
482 }
483 
ForceScheduleNextUpdate(base::TimeDelta interval)484 void SafeBrowsingProtocolManager::ForceScheduleNextUpdate(
485     base::TimeDelta interval) {
486   DCHECK(CalledOnValidThread());
487   DCHECK(interval >= base::TimeDelta());
488   // Unschedule any current timer.
489   update_timer_.Stop();
490   update_timer_.Start(FROM_HERE, interval, this,
491                       &SafeBrowsingProtocolManager::GetNextUpdate);
492 }
493 
494 // According to section 5 of the SafeBrowsing protocol specification, we must
495 // back off after a certain number of errors. We only change |next_update_sec_|
496 // when we receive a response from the SafeBrowsing service.
GetNextUpdateInterval(bool back_off)497 base::TimeDelta SafeBrowsingProtocolManager::GetNextUpdateInterval(
498     bool back_off) {
499   DCHECK(CalledOnValidThread());
500   DCHECK(next_update_interval_ > base::TimeDelta());
501   base::TimeDelta next = next_update_interval_;
502   if (back_off) {
503     next = GetNextBackOffInterval(&update_error_count_, &update_back_off_mult_);
504   } else {
505     // Successful response means error reset.
506     update_error_count_ = 0;
507     update_back_off_mult_ = 1;
508   }
509   return next;
510 }
511 
GetNextBackOffInterval(size_t * error_count,size_t * multiplier) const512 base::TimeDelta SafeBrowsingProtocolManager::GetNextBackOffInterval(
513     size_t* error_count, size_t* multiplier) const {
514   DCHECK(CalledOnValidThread());
515   DCHECK(multiplier && error_count);
516   (*error_count)++;
517   if (*error_count > 1 && *error_count < 6) {
518     base::TimeDelta next = base::TimeDelta::FromMinutes(
519         *multiplier * (1 + back_off_fuzz_) * 30);
520     *multiplier *= 2;
521     if (*multiplier > kSbMaxBackOff)
522       *multiplier = kSbMaxBackOff;
523     return next;
524   }
525   if (*error_count >= 6)
526     return base::TimeDelta::FromHours(8);
527   return base::TimeDelta::FromMinutes(1);
528 }
529 
530 // This request requires getting a list of all the chunks for each list from the
531 // database asynchronously. The request will be issued when we're called back in
532 // OnGetChunksComplete.
533 // TODO(paulg): We should get this at start up and maintain a ChunkRange cache
534 //              to avoid hitting the database with each update request. On the
535 //              otherhand, this request will only occur ~20-30 minutes so there
536 //              isn't that much overhead. Measure!
IssueUpdateRequest()537 void SafeBrowsingProtocolManager::IssueUpdateRequest() {
538   DCHECK(CalledOnValidThread());
539   request_type_ = UPDATE_REQUEST;
540   delegate_->UpdateStarted();
541   delegate_->GetChunks(
542       base::Bind(&SafeBrowsingProtocolManager::OnGetChunksComplete,
543                  base::Unretained(this)));
544 }
545 
546 // The backup request can run immediately since the chunks have already been
547 // retrieved from the DB.
IssueBackupUpdateRequest(BackupUpdateReason backup_update_reason)548 bool SafeBrowsingProtocolManager::IssueBackupUpdateRequest(
549     BackupUpdateReason backup_update_reason) {
550   DCHECK(CalledOnValidThread());
551   DCHECK_EQ(request_type_, UPDATE_REQUEST);
552   DCHECK(backup_update_reason >= 0 &&
553          backup_update_reason < BACKUP_UPDATE_REASON_MAX);
554   if (backup_url_prefixes_[backup_update_reason].empty())
555     return false;
556   request_type_ = BACKUP_UPDATE_REQUEST;
557   backup_update_reason_ = backup_update_reason;
558 
559   GURL backup_update_url = BackupUpdateUrl(backup_update_reason);
560   request_.reset(net::URLFetcher::Create(
561       url_fetcher_id_++, backup_update_url, net::URLFetcher::POST, this));
562   request_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
563   request_->SetRequestContext(request_context_getter_.get());
564   request_->SetUploadData("text/plain", update_list_data_);
565   request_->Start();
566 
567   // Begin the update request timeout.
568   timeout_timer_.Start(FROM_HERE, TimeDelta::FromSeconds(kSbMaxUpdateWaitSec),
569                        this,
570                        &SafeBrowsingProtocolManager::UpdateResponseTimeout);
571 
572   return true;
573 }
574 
IssueChunkRequest()575 void SafeBrowsingProtocolManager::IssueChunkRequest() {
576   DCHECK(CalledOnValidThread());
577   // We are only allowed to have one request outstanding at any time.  Also,
578   // don't get the next url until the previous one has been written to disk so
579   // that we don't use too much memory.
580   if (request_.get() || chunk_request_urls_.empty() || chunk_pending_to_write_)
581     return;
582 
583   ChunkUrl next_chunk = chunk_request_urls_.front();
584   DCHECK(!next_chunk.url.empty());
585   GURL chunk_url = NextChunkUrl(next_chunk.url);
586   request_type_ = CHUNK_REQUEST;
587   request_.reset(net::URLFetcher::Create(
588       url_fetcher_id_++, chunk_url, net::URLFetcher::GET, this));
589   request_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
590   request_->SetRequestContext(request_context_getter_.get());
591   chunk_request_start_ = base::Time::Now();
592   request_->Start();
593 }
594 
OnGetChunksComplete(const std::vector<SBListChunkRanges> & lists,bool database_error)595 void SafeBrowsingProtocolManager::OnGetChunksComplete(
596     const std::vector<SBListChunkRanges>& lists, bool database_error) {
597   DCHECK(CalledOnValidThread());
598   DCHECK_EQ(request_type_, UPDATE_REQUEST);
599   DCHECK(update_list_data_.empty());
600   if (database_error) {
601     // The update was not successful, but don't back off.
602     UpdateFinished(false, false);
603     return;
604   }
605 
606   // Format our stored chunks:
607   bool found_malware = false;
608   bool found_phishing = false;
609   for (size_t i = 0; i < lists.size(); ++i) {
610     update_list_data_.append(safe_browsing::FormatList(lists[i]));
611     if (lists[i].name == safe_browsing_util::kPhishingList)
612       found_phishing = true;
613 
614     if (lists[i].name == safe_browsing_util::kMalwareList)
615       found_malware = true;
616   }
617 
618   // If we have an empty database, let the server know we want data for these
619   // lists.
620   // TODO(shess): These cases never happen because the database fills in the
621   // lists in GetChunks().  Refactor the unit tests so that this code can be
622   // removed.
623   if (!found_phishing) {
624     update_list_data_.append(safe_browsing::FormatList(
625         SBListChunkRanges(safe_browsing_util::kPhishingList)));
626   }
627   if (!found_malware) {
628     update_list_data_.append(safe_browsing::FormatList(
629         SBListChunkRanges(safe_browsing_util::kMalwareList)));
630   }
631 
632   // Large requests are (probably) a sign of database corruption.
633   // Record stats to inform decisions about whether to automate
634   // deletion of such databases.  http://crbug.com/120219
635   UMA_HISTOGRAM_COUNTS("SB2.UpdateRequestSize", update_list_data_.size());
636 
637   GURL update_url = UpdateUrl();
638   request_.reset(net::URLFetcher::Create(
639       url_fetcher_id_++, update_url, net::URLFetcher::POST, this));
640   request_->SetLoadFlags(net::LOAD_DISABLE_CACHE);
641   request_->SetRequestContext(request_context_getter_.get());
642   request_->SetUploadData("text/plain", update_list_data_);
643   request_->Start();
644 
645   // Begin the update request timeout.
646   timeout_timer_.Start(FROM_HERE, TimeDelta::FromSeconds(kSbMaxUpdateWaitSec),
647                        this,
648                        &SafeBrowsingProtocolManager::UpdateResponseTimeout);
649 }
650 
651 // If we haven't heard back from the server with an update response, this method
652 // will run. Close the current update session and schedule another update.
UpdateResponseTimeout()653 void SafeBrowsingProtocolManager::UpdateResponseTimeout() {
654   DCHECK(CalledOnValidThread());
655   DCHECK(request_type_ == UPDATE_REQUEST ||
656          request_type_ == BACKUP_UPDATE_REQUEST);
657   request_.reset();
658   if (request_type_ == UPDATE_REQUEST &&
659       IssueBackupUpdateRequest(BACKUP_UPDATE_REASON_CONNECT)) {
660     return;
661   }
662   UpdateFinished(false);
663 }
664 
OnAddChunksComplete()665 void SafeBrowsingProtocolManager::OnAddChunksComplete() {
666   DCHECK(CalledOnValidThread());
667   chunk_pending_to_write_ = false;
668 
669   if (chunk_request_urls_.empty()) {
670     UMA_HISTOGRAM_LONG_TIMES("SB2.Update", Time::Now() - last_update_);
671     UpdateFinished(true);
672   } else {
673     IssueChunkRequest();
674   }
675 }
676 
HandleGetHashError(const Time & now)677 void SafeBrowsingProtocolManager::HandleGetHashError(const Time& now) {
678   DCHECK(CalledOnValidThread());
679   base::TimeDelta next = GetNextBackOffInterval(
680       &gethash_error_count_, &gethash_back_off_mult_);
681   next_gethash_time_ = now + next;
682 }
683 
UpdateFinished(bool success)684 void SafeBrowsingProtocolManager::UpdateFinished(bool success) {
685   UpdateFinished(success, !success);
686 }
687 
UpdateFinished(bool success,bool back_off)688 void SafeBrowsingProtocolManager::UpdateFinished(bool success, bool back_off) {
689   DCHECK(CalledOnValidThread());
690 #if defined(OS_ANDROID)
691   if (app_in_foreground_)
692     UMA_HISTOGRAM_COUNTS("SB2.UpdateSizeForeground", update_size_);
693   else
694     UMA_HISTOGRAM_COUNTS("SB2.UpdateSizeBackground", update_size_);
695 #endif
696   UMA_HISTOGRAM_COUNTS("SB2.UpdateSize", update_size_);
697   update_size_ = 0;
698   bool update_success = success || request_type_ == CHUNK_REQUEST;
699   if (backup_update_reason_ == BACKUP_UPDATE_REASON_MAX) {
700     RecordUpdateResult(
701         update_success ? UPDATE_RESULT_SUCCESS : UPDATE_RESULT_FAIL);
702   } else {
703     UpdateResult update_result = static_cast<UpdateResult>(
704           UPDATE_RESULT_BACKUP_START +
705           (static_cast<int>(backup_update_reason_) * 2) +
706           update_success);
707     RecordUpdateResult(update_result);
708   }
709   backup_update_reason_ = BACKUP_UPDATE_REASON_MAX;
710   request_type_ = NO_REQUEST;
711   update_list_data_.clear();
712   delegate_->UpdateFinished(success);
713   ScheduleNextUpdate(back_off);
714 }
715 
UpdateUrl() const716 GURL SafeBrowsingProtocolManager::UpdateUrl() const {
717   std::string url = SafeBrowsingProtocolManagerHelper::ComposeUrl(
718       url_prefix_, "downloads", client_name_, version_, additional_query_);
719   return GURL(url);
720 }
721 
BackupUpdateUrl(BackupUpdateReason backup_update_reason) const722 GURL SafeBrowsingProtocolManager::BackupUpdateUrl(
723     BackupUpdateReason backup_update_reason) const {
724   DCHECK(backup_update_reason >= 0 &&
725          backup_update_reason < BACKUP_UPDATE_REASON_MAX);
726   DCHECK(!backup_url_prefixes_[backup_update_reason].empty());
727   std::string url = SafeBrowsingProtocolManagerHelper::ComposeUrl(
728       backup_url_prefixes_[backup_update_reason], "downloads", client_name_,
729       version_, additional_query_);
730   return GURL(url);
731 }
732 
GetHashUrl() const733 GURL SafeBrowsingProtocolManager::GetHashUrl() const {
734   std::string url = SafeBrowsingProtocolManagerHelper::ComposeUrl(
735       url_prefix_, "gethash", client_name_, version_, additional_query_);
736   return GURL(url);
737 }
738 
NextChunkUrl(const std::string & url) const739 GURL SafeBrowsingProtocolManager::NextChunkUrl(const std::string& url) const {
740   DCHECK(CalledOnValidThread());
741   std::string next_url;
742   if (!StartsWithASCII(url, "http://", false) &&
743       !StartsWithASCII(url, "https://", false)) {
744     // Use https if we updated via https, otherwise http (useful for testing).
745     if (StartsWithASCII(url_prefix_, "https://", false))
746       next_url.append("https://");
747     else
748       next_url.append("http://");
749     next_url.append(url);
750   } else {
751     next_url = url;
752   }
753   if (!additional_query_.empty()) {
754     if (next_url.find("?") != std::string::npos) {
755       next_url.append("&");
756     } else {
757       next_url.append("?");
758     }
759     next_url.append(additional_query_);
760   }
761   return GURL(next_url);
762 }
763 
FullHashDetails()764 SafeBrowsingProtocolManager::FullHashDetails::FullHashDetails()
765     : callback(),
766       is_download(false) {
767 }
768 
FullHashDetails(FullHashCallback callback,bool is_download)769 SafeBrowsingProtocolManager::FullHashDetails::FullHashDetails(
770     FullHashCallback callback, bool is_download)
771     : callback(callback),
772       is_download(is_download) {
773 }
774 
~FullHashDetails()775 SafeBrowsingProtocolManager::FullHashDetails::~FullHashDetails() {
776 }
777 
~SafeBrowsingProtocolManagerDelegate()778 SafeBrowsingProtocolManagerDelegate::~SafeBrowsingProtocolManagerDelegate() {
779 }
780