chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer_win.cc - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer.h"

 #include <utility>

 #include "base/file_version_info.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/install_verification/win/module_info.h"
 #include "chrome/browser/install_verification/win/module_verification_common.h"
 #include "chrome/browser/safe_browsing/download_protection/path_sanitizer.h"
 #include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_incident.h"
 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/common/safe_browsing/binary_feature_extractor.h"
 #include "chrome_elf/blacklist/blacklist.h"
 #include "components/safe_browsing/proto/csd.pb.h"

 namespace safe_browsing {

 // Retrieves the set of blacklisted modules that are loaded in the process.
 // Returns true if successful, false otherwise.
 bool GetLoadedBlacklistedModules(std::vector<base::string16>* module_names) {
   DCHECK(module_names);

   std::set<ModuleInfo> module_info_set;
   if (!GetLoadedModules(&module_info_set))
     return false;

   std::set<ModuleInfo>::const_iterator module_iter(module_info_set.begin());
   for (; module_iter != module_info_set.end(); ++module_iter) {
     base::string16 module_file_name(base::ToLowerASCII(
         base::FilePath(module_iter->name).BaseName().value()));
     if (blacklist::GetBlacklistIndex(module_file_name.c_str()) != -1) {
       module_names->push_back(module_iter->name);
     }
   }

   return true;
 }

 void VerifyBlacklistLoadState(
     std::unique_ptr<IncidentReceiver> incident_receiver) {
   std::vector<base::string16> module_names;
   if (GetLoadedBlacklistedModules(&module_names)) {
     PathSanitizer path_sanitizer;

     const bool blacklist_intialized = blacklist::IsBlacklistInitialized();

     for (const auto& module_name : module_names) {
       std::unique_ptr<ClientIncidentReport_IncidentData_BlacklistLoadIncident>
           blacklist_load(
               new ClientIncidentReport_IncidentData_BlacklistLoadIncident());

       const base::FilePath module_path(module_name);

       // Sanitized path.
       base::FilePath sanitized_path(module_path);
       path_sanitizer.StripHomeDirectory(&sanitized_path);
       blacklist_load->set_path(base::WideToUTF8(sanitized_path.value()));

       // Digest.
       scoped_refptr<BinaryFeatureExtractor>
           binary_feature_extractor(new BinaryFeatureExtractor());
       base::TimeTicks start_time = base::TimeTicks::Now();
       binary_feature_extractor->ExtractDigest(module_path,
                                               blacklist_load->mutable_digest());
       UMA_HISTOGRAM_TIMES("SBIRS.BLAHashTime",
                           base::TimeTicks::Now() - start_time);

       // Version.
       std::unique_ptr<FileVersionInfo> version_info(
           FileVersionInfo::CreateFileVersionInfo(module_path));
       if (version_info) {
         std::wstring file_version = version_info->file_version();
         if (!file_version.empty())
           blacklist_load->set_version(base::WideToUTF8(file_version));
       }

       // Initialized state.
       blacklist_load->set_blacklist_initialized(blacklist_intialized);

       // Signature.
       start_time = base::TimeTicks::Now();
       binary_feature_extractor->CheckSignature(
           module_path, blacklist_load->mutable_signature());
       UMA_HISTOGRAM_TIMES("SBIRS.BLASignatureTime",
                           base::TimeTicks::Now() - start_time);

       // Image headers.
       if (!binary_feature_extractor->ExtractImageFeatures(
               module_path,
               BinaryFeatureExtractor::kDefaultOptions,
               blacklist_load->mutable_image_headers(),
               nullptr /* signed_data */)) {
         blacklist_load->clear_image_headers();
       }

       // Send the report.
       incident_receiver->AddIncidentForProcess(
           base::MakeUnique<BlacklistLoadIncident>(std::move(blacklist_load)));
     }
   }
 }

 }  // namespace safe_browsing
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_analyzer.h"

	#include <utility>

	#include "base/file_version_info.h"
	#include "base/files/file_path.h"
	#include "base/logging.h"
	#include "base/memory/ptr_util.h"
	#include "base/metrics/histogram_macros.h"
	#include "base/strings/string_number_conversions.h"
	#include "base/strings/string_util.h"
	#include "base/strings/utf_string_conversions.h"
	#include "chrome/browser/install_verification/win/module_info.h"
	#include "chrome/browser/install_verification/win/module_verification_common.h"
	#include "chrome/browser/safe_browsing/download_protection/path_sanitizer.h"
	#include "chrome/browser/safe_browsing/incident_reporting/blacklist_load_incident.h"
	#include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
	#include "chrome/browser/safe_browsing/safe_browsing_service.h"
	#include "chrome/common/safe_browsing/binary_feature_extractor.h"
	#include "chrome_elf/blacklist/blacklist.h"
	#include "components/safe_browsing/proto/csd.pb.h"

	namespace safe_browsing {

	// Retrieves the set of blacklisted modules that are loaded in the process.
	// Returns true if successful, false otherwise.
	bool GetLoadedBlacklistedModules(std::vector<base::string16>* module_names) {
	DCHECK(module_names);

	std::set<ModuleInfo> module_info_set;
	if (!GetLoadedModules(&module_info_set))
	return false;

	std::set<ModuleInfo>::const_iterator module_iter(module_info_set.begin());
	for (; module_iter != module_info_set.end(); ++module_iter) {
	base::string16 module_file_name(base::ToLowerASCII(
	base::FilePath(module_iter->name).BaseName().value()));
	if (blacklist::GetBlacklistIndex(module_file_name.c_str()) != -1) {
	module_names->push_back(module_iter->name);
	}
	}

	return true;
	}

	void VerifyBlacklistLoadState(
	std::unique_ptr<IncidentReceiver> incident_receiver) {
	std::vector<base::string16> module_names;
	if (GetLoadedBlacklistedModules(&module_names)) {
	PathSanitizer path_sanitizer;

	const bool blacklist_intialized = blacklist::IsBlacklistInitialized();

	for (const auto& module_name : module_names) {
	std::unique_ptr<ClientIncidentReport_IncidentData_BlacklistLoadIncident>
	blacklist_load(
	new ClientIncidentReport_IncidentData_BlacklistLoadIncident());

	const base::FilePath module_path(module_name);

	// Sanitized path.
	base::FilePath sanitized_path(module_path);
	path_sanitizer.StripHomeDirectory(&sanitized_path);
	blacklist_load->set_path(base::WideToUTF8(sanitized_path.value()));

	// Digest.
	scoped_refptr<BinaryFeatureExtractor>
	binary_feature_extractor(new BinaryFeatureExtractor());
	base::TimeTicks start_time = base::TimeTicks::Now();
	binary_feature_extractor->ExtractDigest(module_path,
	blacklist_load->mutable_digest());
	UMA_HISTOGRAM_TIMES("SBIRS.BLAHashTime",
	base::TimeTicks::Now() - start_time);

	// Version.
	std::unique_ptr<FileVersionInfo> version_info(
	FileVersionInfo::CreateFileVersionInfo(module_path));
	if (version_info) {
	std::wstring file_version = version_info->file_version();
	if (!file_version.empty())
	blacklist_load->set_version(base::WideToUTF8(file_version));
	}

	// Initialized state.
	blacklist_load->set_blacklist_initialized(blacklist_intialized);

	// Signature.
	start_time = base::TimeTicks::Now();
	binary_feature_extractor->CheckSignature(
	module_path, blacklist_load->mutable_signature());
	UMA_HISTOGRAM_TIMES("SBIRS.BLASignatureTime",
	base::TimeTicks::Now() - start_time);

	// Image headers.
	if (!binary_feature_extractor->ExtractImageFeatures(
	module_path,
	BinaryFeatureExtractor::kDefaultOptions,
	blacklist_load->mutable_image_headers(),
	nullptr /* signed_data */)) {
	blacklist_load->clear_image_headers();
	}

	// Send the report.
	incident_receiver->AddIncidentForProcess(
	base::MakeUnique<BlacklistLoadIncident>(std::move(blacklist_load)));
	}
	}
	}

	} // namespace safe_browsing