1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/safe_browsing/core/file_type_policies.h"
6
7 #include "base/logging.h"
8 #include "base/memory/singleton.h"
9 #include "base/metrics/histogram_functions.h"
10 #include "base/strings/string_util.h"
11 #include "components/grit/components_resources.h"
12 #include "ui/base/resource/resource_bundle.h"
13
14 namespace safe_browsing {
15
16 using base::AutoLock;
17
18 // Our Singleton needs to populate itself when first constructed.
19 // This is left out of the constructor to make testing simpler.
20 struct FileTypePoliciesSingletonTrait
21 : public base::DefaultSingletonTraits<FileTypePolicies> {
Newsafe_browsing::FileTypePoliciesSingletonTrait22 static FileTypePolicies* New() {
23 FileTypePolicies* instance = new FileTypePolicies();
24 instance->PopulateFromResourceBundle();
25 return instance;
26 }
27 };
28
29 // --- FileTypePolicies methods ---
30
31 // static
GetInstance()32 FileTypePolicies* FileTypePolicies::GetInstance() {
33 return base::Singleton<FileTypePolicies,
34 FileTypePoliciesSingletonTrait>::get();
35 }
36
FileTypePolicies()37 FileTypePolicies::FileTypePolicies() {
38 // Setup a file-type policy to use if the ResourceBundle is unreadable.
39 // This should normally never be used.
40 last_resort_default_.set_uma_value(-1l);
41 last_resort_default_.set_ping_setting(DownloadFileType::NO_PING);
42 auto* settings = last_resort_default_.add_platform_settings();
43 settings->set_danger_level(DownloadFileType::ALLOW_ON_USER_GESTURE);
44 settings->set_auto_open_hint(DownloadFileType::DISALLOW_AUTO_OPEN);
45 }
46
~FileTypePolicies()47 FileTypePolicies::~FileTypePolicies() {
48 AutoLock lock(lock_); // DCHECK fail if the lock is held.
49 }
50
ReadResourceBundle()51 std::string FileTypePolicies::ReadResourceBundle() {
52 ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
53 return bundle.LoadDataResourceString(IDR_DOWNLOAD_FILE_TYPES_PB);
54 }
55
RecordUpdateMetrics(UpdateResult result,const std::string & src_name)56 void FileTypePolicies::RecordUpdateMetrics(UpdateResult result,
57 const std::string& src_name) {
58 lock_.AssertAcquired();
59 // src_name should be "ResourceBundle" or "DynamicUpdate".
60 base::UmaHistogramSparse("SafeBrowsing.FileTypeUpdate." + src_name + "Result",
61 static_cast<unsigned int>(result));
62
63 if (result == UpdateResult::SUCCESS) {
64 base::UmaHistogramSparse(
65 "SafeBrowsing.FileTypeUpdate." + src_name + "Version",
66 config_->version_id());
67 }
68 }
69
PopulateFromResourceBundle()70 void FileTypePolicies::PopulateFromResourceBundle() {
71 AutoLock lock(lock_);
72 std::string binary_pb = ReadResourceBundle();
73 UpdateResult result = PopulateFromBinaryPb(binary_pb);
74 RecordUpdateMetrics(result, "ResourceBundle");
75 }
76
PopulateFromDynamicUpdate(const std::string & binary_pb)77 void FileTypePolicies::PopulateFromDynamicUpdate(const std::string& binary_pb) {
78 AutoLock lock(lock_);
79 UpdateResult result = PopulateFromBinaryPb(binary_pb);
80 RecordUpdateMetrics(result, "DynamicUpdate");
81 }
82
PopulateFromBinaryPb(const std::string & binary_pb)83 FileTypePolicies::UpdateResult FileTypePolicies::PopulateFromBinaryPb(
84 const std::string& binary_pb) {
85 lock_.AssertAcquired();
86
87 // Parse the proto and do some validation on it.
88 if (binary_pb.empty())
89 return UpdateResult::FAILED_EMPTY;
90
91 std::unique_ptr<DownloadFileTypeConfig> new_config(
92 new DownloadFileTypeConfig);
93 if (!new_config->ParseFromString(binary_pb))
94 return UpdateResult::FAILED_PROTO_PARSE;
95
96 // Need at least a default setting.
97 if (new_config->default_file_type().platform_settings().size() == 0)
98 return UpdateResult::FAILED_DEFAULT_SETTING_SET;
99
100 // Every file type should have exactly one setting, pre-filtered for this
101 // platform.
102 for (const auto& file_type : new_config->file_types()) {
103 if (file_type.platform_settings().size() != 1)
104 return UpdateResult::FAILED_WRONG_SETTINGS_COUNT;
105 }
106
107 // Compare against existing config, if we have one.
108 if (config_) {
109 // If versions are equal, we skip the update but it's not really
110 // a failure.
111 if (new_config->version_id() == config_->version_id())
112 return UpdateResult::SKIPPED_VERSION_CHECK_EQUAL;
113
114 // Check that version number increases
115 if (new_config->version_id() <= config_->version_id())
116 return UpdateResult::FAILED_VERSION_CHECK;
117
118 // Check that we haven't dropped more than 1/2 the list.
119 if (new_config->file_types().size() * 2 < config_->file_types().size())
120 return UpdateResult::FAILED_DELTA_CHECK;
121 }
122
123 // Looks good. Update our internal list.
124 SwapConfigLocked(new_config);
125
126 return UpdateResult::SUCCESS;
127 }
128
SwapConfig(std::unique_ptr<DownloadFileTypeConfig> & new_config)129 void FileTypePolicies::SwapConfig(
130 std::unique_ptr<DownloadFileTypeConfig>& new_config) {
131 AutoLock lock(lock_);
132 SwapConfigLocked(new_config);
133 }
134
SwapConfigLocked(std::unique_ptr<DownloadFileTypeConfig> & new_config)135 void FileTypePolicies::SwapConfigLocked(
136 std::unique_ptr<DownloadFileTypeConfig>& new_config) {
137 lock_.AssertAcquired();
138 config_.swap(new_config);
139
140 // Build an index for faster lookup.
141 file_type_by_ext_.clear();
142 for (const DownloadFileType& file_type : config_->file_types()) {
143 // If there are dups, first one wins.
144 file_type_by_ext_.insert(std::make_pair(file_type.extension(), &file_type));
145 }
146 }
147
148 // static
GetFileExtension(const base::FilePath & file)149 base::FilePath::StringType FileTypePolicies::GetFileExtension(
150 const base::FilePath& file) {
151 // Remove trailing space and period characters from the extension.
152 base::FilePath::StringType file_basename = file.BaseName().value();
153 base::FilePath::StringPieceType trimmed_filename = base::TrimString(
154 file_basename, FILE_PATH_LITERAL(". "), base::TRIM_TRAILING);
155 return base::FilePath(trimmed_filename).FinalExtension();
156 }
157
158 // static
CanonicalizedExtension(const base::FilePath & file)159 std::string FileTypePolicies::CanonicalizedExtension(
160 const base::FilePath& file) {
161 // The policy list is all ASCII, so a non-ASCII extension won't be in it.
162 const base::FilePath::StringType ext = GetFileExtension(file);
163 std::string ascii_ext =
164 base::ToLowerASCII(base::FilePath(ext).MaybeAsASCII());
165 if (ascii_ext[0] == '.')
166 ascii_ext.erase(0, 1);
167 return ascii_ext;
168 }
169
170 //
171 // Accessors
172 //
173
SampledPingProbability() const174 float FileTypePolicies::SampledPingProbability() const {
175 AutoLock lock(lock_);
176 return config_ ? config_->sampled_ping_probability() : 0.0;
177 }
178
PolicyForExtension(const std::string & ascii_ext) const179 const DownloadFileType& FileTypePolicies::PolicyForExtension(
180 const std::string& ascii_ext) const {
181 lock_.AssertAcquired();
182 // This could happen if the ResourceBundle is corrupted.
183 if (!config_) {
184 DCHECK(false);
185 return last_resort_default_;
186 }
187 auto itr = file_type_by_ext_.find(ascii_ext);
188 if (itr != file_type_by_ext_.end())
189 return *itr->second;
190 else
191 return config_->default_file_type();
192 }
193
PolicyForFile(const base::FilePath & file) const194 DownloadFileType FileTypePolicies::PolicyForFile(
195 const base::FilePath& file) const {
196 const std::string ext = CanonicalizedExtension(file);
197 AutoLock lock(lock_);
198 return PolicyForExtension(ext);
199 }
200
SettingsForFile(const base::FilePath & file) const201 DownloadFileType::PlatformSettings FileTypePolicies::SettingsForFile(
202 const base::FilePath& file) const {
203 const std::string ext = CanonicalizedExtension(file);
204 AutoLock lock(lock_);
205 DCHECK_EQ(1, PolicyForExtension(ext).platform_settings().size());
206 return PolicyForExtension(ext).platform_settings(0);
207 }
208
UmaValueForFile(const base::FilePath & file) const209 int64_t FileTypePolicies::UmaValueForFile(const base::FilePath& file) const {
210 const std::string ext = CanonicalizedExtension(file);
211 AutoLock lock(lock_);
212 return PolicyForExtension(ext).uma_value();
213 }
214
IsArchiveFile(const base::FilePath & file) const215 bool FileTypePolicies::IsArchiveFile(const base::FilePath& file) const {
216 const std::string ext = CanonicalizedExtension(file);
217 AutoLock lock(lock_);
218 return PolicyForExtension(ext).is_archive();
219 }
220
221 // TODO(nparker): Add unit tests for these accessors.
222
IsAllowedToOpenAutomatically(const base::FilePath & file) const223 bool FileTypePolicies::IsAllowedToOpenAutomatically(
224 const base::FilePath& file) const {
225 const std::string ext = CanonicalizedExtension(file);
226 if (ext.empty())
227 return false;
228 AutoLock lock(lock_);
229 return PolicyForExtension(ext).platform_settings(0).auto_open_hint() ==
230 DownloadFileType::ALLOW_AUTO_OPEN;
231 }
232
PingSettingForFile(const base::FilePath & file) const233 DownloadFileType::PingSetting FileTypePolicies::PingSettingForFile(
234 const base::FilePath& file) const {
235 const std::string ext = CanonicalizedExtension(file);
236 AutoLock lock(lock_);
237 return PolicyForExtension(ext).ping_setting();
238 }
239
IsCheckedBinaryFile(const base::FilePath & file) const240 bool FileTypePolicies::IsCheckedBinaryFile(const base::FilePath& file) const {
241 return PingSettingForFile(file) == DownloadFileType::FULL_PING;
242 }
243
GetFileDangerLevel(const base::FilePath & file) const244 DownloadFileType::DangerLevel FileTypePolicies::GetFileDangerLevel(
245 const base::FilePath& file) const {
246 const std::string ext = CanonicalizedExtension(file);
247 AutoLock lock(lock_);
248 return PolicyForExtension(ext).platform_settings(0).danger_level();
249 }
250
GetMaxFileSizeToAnalyze(const std::string & ascii_ext) const251 uint64_t FileTypePolicies::GetMaxFileSizeToAnalyze(
252 const std::string& ascii_ext) const {
253 AutoLock lock(lock_);
254 return PolicyForExtension(ascii_ext)
255 .platform_settings(0)
256 .max_file_size_to_analyze();
257 }
258
GetMaxArchivedBinariesToReport() const259 uint64_t FileTypePolicies::GetMaxArchivedBinariesToReport() const {
260 AutoLock lock(lock_);
261 if (!config_ || !config_->has_max_archived_binaries_to_report()) {
262 // The resource bundle may be corrupted.
263 DCHECK(false);
264 return 10; // reasonable default
265 }
266 return config_->max_archived_binaries_to_report();
267 }
268
269 } // namespace safe_browsing
270