// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/safe_browsing/core/browser/verdict_cache_manager.h" #include <optional> #include <string_view> #include "base/base64.h" #include "base/command_line.h" #include "base/containers/contains.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" #include "base/rand_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/task/sequenced_task_runner.h" #include "base/time/time.h" #include "base/values.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/content_settings_utils.h" #include "components/history/core/browser/history_service_observer.h" #include "components/safe_browsing/core/browser/db/v4_protocol_manager_util.h" #include "components/safe_browsing/core/common/hashprefix_realtime/hash_realtime_utils.h" #include "components/safe_browsing/core/common/proto/csd.pb.h" #include "components/safe_browsing/core/common/safebrowsing_constants.h" namespace safe_browsing { namespace { // Keys for storing password protection verdict into a base::Value::Dict. const char kCacheCreationTime[] = …; const char kVerdictProto[] = …; const char kRealTimeThreatInfoProto[] = …; const char kPasswordOnFocusCacheKey[] = …; const char kRealTimeUrlCacheKey[] = …; const char kCsdTypeCacheKey[] = …; // Command-line flag for caching an artificial unsafe verdict for URL real-time // lookups. const char kUnsafeUrlFlag[] = …; // The maximum number of entries to be removed in a single cleanup. Removing too // many entries all at once could cause jank. const int kMaxRemovedEntriesCount = …; // The interval between the construction and the first cleanup is performed. const int kCleanUpIntervalInitSecond = …; // The interval between every cleanup task. const int kCleanUpIntervalSecond = …; // The longest duration that a cache can be stored. If a cache is stored // longer than the upper bound, it will be evicted. const int kCacheDurationUpperBoundSecond = …; // 7 days // The length of a randomly generated page load token. const int kPageLoadTokenBytes = …; // The expiration time of a page load token. const int kPageLoadTokenExpireMinute = …; // A helper class to include all match params. It is used as a centralized // place to determine if the current cache entry should be considered as a // match. struct MatchParams { … }; // Given a URL of either http or https scheme, return its http://hostname. // e.g., "https://www.foo.com:80/bar/test.cgi" -> "http://www.foo.com". GURL GetHostNameWithHTTPScheme(const GURL& url) { … } // e.g, ("www.foo.com", "/bar/test.cgi") -> "http://www.foo.com/bar/test/cgi" GURL GetUrlWithHostAndPath(const std::string& host, const std::string& path) { … } // e.g, "www.foo.com/bar/test/cgi" -> "http://www.foo.com" GURL GetHostNameFromCacheExpression(const std::string& cache_expression) { … } // Convert a Proto object into a base::Value::Dict. template <class T> base::Value::Dict CreateDictionaryFromVerdict(const T& verdict, const base::Time& receive_time, const char* proto_name) { … } template <class T> base::Value::Dict CreateDictionaryFromVerdict( const T& verdict, const base::Time& receive_time, const char* proto_name, const safe_browsing::ClientSideDetectionType csd_type) { … } // Generate path variants of the given URL. void GeneratePathVariantsWithoutQuery(const GURL& url, std::vector<std::string>* paths) { … } template <class T> bool ParseVerdictEntry(base::Value* verdict_entry, int* out_verdict_received_time, T* out_verdict, const char* proto_name) { … } // Return the path of the cache expression. e.g.: // "www.google.com" -> "" // "www.google.com/abc" -> "/abc" // "foo.com/foo/bar/" -> "/foo/bar/" std::string GetCacheExpressionPath(const std::string& cache_expression) { … } // Returns the number of path segments in |cache_expression_path|. // For example, return 0 for "/", since there is no path after the leading // slash; return 3 for "/abc/def/gh.html". size_t GetPathDepth(const std::string& cache_expression_path) { … } size_t GetHostDepth(const std::string& hostname) { … } bool PathVariantsMatchCacheExpression( const std::vector<std::string>& generated_paths, const std::string& cache_expression_path) { … } bool IsCacheExpired(int cache_creation_time, int cache_duration) { … } bool IsCacheOlderThanUpperBound(int cache_creation_time) { … } template <class T> size_t RemoveExpiredEntries(base::Value::Dict& verdict_dictionary, const char* proto_name) { … } std::string GetKeyOfTypeFromTriggerType( LoginReputationClientRequest::TriggerType trigger_type, ReusedPasswordAccountType password_type) { … } // If the verdict doesn't have |cache_expression_match_type| field, always // interpret it as exact match only. template <typename T> bool IsOnlyExactMatchAllowed(T verdict) { … } template <> bool IsOnlyExactMatchAllowed<RTLookupResponse::ThreatInfo>( RTLookupResponse::ThreatInfo verdict) { … } // Always do fuzzy matching for password protection verdicts. template <> bool IsOnlyExactMatchAllowed<LoginReputationClientResponse>( LoginReputationClientResponse verdict) { … } template <typename T> std::string GetCacheExpression(T verdict) { … } template <> std::string GetCacheExpression<RTLookupResponse::ThreatInfo>( RTLookupResponse::ThreatInfo verdict) { … } template <> std::string GetCacheExpression<LoginReputationClientResponse>( LoginReputationClientResponse verdict) { … } template <class T> std::optional<base::Value> GetMostMatchingCachedVerdictEntryWithPathMatching( const GURL& url, const std::string& type_key, scoped_refptr<HostContentSettingsMap> content_settings, const ContentSettingsType contents_setting_type, const char* proto_name, MatchParams match_params) { … } template <class T> std::optional<base::Value> GetMostMatchingCachedVerdictEntryWithHostAndPathMatching( const GURL& url, const std::string& type_key, scoped_refptr<HostContentSettingsMap> content_settings, const ContentSettingsType contents_setting_type, const char* proto_name) { … } template <class T> typename T::VerdictType GetVerdictTypeFromMostMatchedCachedVerdict( const char* proto_name, std::optional<base::Value> verdict_entry, T* out_response) { … } bool HasPageLoadTokenExpired(int64_t token_time_msec) { … } } // namespace VerdictCacheManager::VerdictCacheManager( history::HistoryService* history_service, scoped_refptr<HostContentSettingsMap> content_settings, PrefService* pref_service, std::unique_ptr<SafeBrowsingSyncObserver> sync_observer) : … { … } void VerdictCacheManager::Shutdown() { … } VerdictCacheManager::~VerdictCacheManager() = default; void VerdictCacheManager::CachePhishGuardVerdict( LoginReputationClientRequest::TriggerType trigger_type, ReusedPasswordAccountType password_type, const LoginReputationClientResponse& verdict, const base::Time& receive_time) { … } LoginReputationClientResponse::VerdictType VerdictCacheManager::GetCachedPhishGuardVerdict( const GURL& url, LoginReputationClientRequest::TriggerType trigger_type, ReusedPasswordAccountType password_type, LoginReputationClientResponse* out_response) { … } size_t VerdictCacheManager::GetStoredPhishGuardVerdictCount( LoginReputationClientRequest::TriggerType trigger_type) { … } size_t VerdictCacheManager::GetStoredRealTimeUrlCheckVerdictCount() { … } void VerdictCacheManager::CacheRealTimeUrlVerdict( const RTLookupResponse& verdict, const base::Time& receive_time) { … } RTLookupResponse::ThreatInfo::VerdictType VerdictCacheManager::GetCachedRealTimeUrlVerdict( const GURL& url, RTLookupResponse::ThreatInfo* out_threat_info) { … } safe_browsing::ClientSideDetectionType VerdictCacheManager::GetCachedRealTimeUrlClientSideDetectionType( const GURL& url) { … } ChromeUserPopulation::PageLoadToken VerdictCacheManager::CreatePageLoadToken( const GURL& url) { … } ChromeUserPopulation::PageLoadToken VerdictCacheManager::GetPageLoadToken( const GURL& url) { … } void VerdictCacheManager::CacheHashPrefixRealTimeLookupResults( const std::vector<std::string>& requested_hash_prefixes, const std::vector<V5::FullHash>& response_full_hashes, const V5::Duration& cache_duration) { … } std::unordered_map<std::string, std::vector<V5::FullHash>> VerdictCacheManager::GetCachedHashPrefixRealTimeLookupResults( const std::set<std::string>& hash_prefixes) { … } void VerdictCacheManager::ScheduleNextCleanUpAfterInterval( base::TimeDelta interval) { … } void VerdictCacheManager::CleanUpExpiredVerdicts() { … } void VerdictCacheManager::CleanUpExpiredPhishGuardVerdicts() { … } void VerdictCacheManager::CleanUpExpiredRealTimeUrlCheckVerdicts() { … } void VerdictCacheManager::CleanUpExpiredPageLoadTokens() { … } void VerdictCacheManager::CleanUpAllPageLoadTokens(ClearReason reason) { … } void VerdictCacheManager::CleanUpExpiredHashPrefixRealTimeLookupResults() { … } // Overridden from history::HistoryServiceObserver. void VerdictCacheManager::OnHistoryDeletions( history::HistoryService* history_service, const history::DeletionInfo& deletion_info) { … } // Overridden from history::HistoryServiceObserver. void VerdictCacheManager::HistoryServiceBeingDeleted( history::HistoryService* history_service) { … } void VerdictCacheManager::OnCookiesDeleted() { … } bool VerdictCacheManager::RemoveExpiredPhishGuardVerdicts( LoginReputationClientRequest::TriggerType trigger_type, base::Value::Dict& cache_dictionary) { … } bool VerdictCacheManager::RemoveExpiredRealTimeUrlCheckVerdicts( base::Value::Dict& cache_dictionary) { … } void VerdictCacheManager::RemoveContentSettingsOnURLsDeleted( bool all_history, const history::URLRows& deleted_rows) { … } size_t VerdictCacheManager::GetPhishGuardVerdictCountForURL( const GURL& url, LoginReputationClientRequest::TriggerType trigger_type) { … } size_t VerdictCacheManager::GetRealTimeUrlCheckVerdictCountForURL( const GURL& url) { … } void VerdictCacheManager::CacheArtificialUnsafeRealTimeUrlVerdictFromSwitch() { … } void VerdictCacheManager::CacheArtificialRealTimeUrlVerdict( const std::string& url_string, bool is_unsafe) { … } void VerdictCacheManager::CacheArtificialUnsafePhishGuardVerdictFromSwitch() { … } void VerdictCacheManager::CacheArtificialHashRealTimeLookupVerdict( const std::string& url_spec, bool is_unsafe) { … } void VerdictCacheManager:: CacheArtificialUnsafeHashRealTimeLookupVerdictFromSwitch() { … } void VerdictCacheManager::StopCleanUpTimerForTesting() { … } void VerdictCacheManager::SetPageLoadTokenForTesting( const GURL& url, ChromeUserPopulation::PageLoadToken token) { … } // static bool VerdictCacheManager::has_artificial_cached_url_ = …; bool VerdictCacheManager::has_artificial_cached_url() { … } void VerdictCacheManager::ResetHasArtificialCachedUrlForTesting() { … } } // namespace safe_browsing
Codebase Browser
chromium