// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/safe_browsing/safe_browsing_util.h"
#include "base/base64.h"
#include "base/string_util.h"
#include "crypto/hmac.h"
#include "crypto/sha2.h"
#include "chrome/browser/google/google_util.h"
#include "googleurl/src/gurl.h"
#include "googleurl/src/url_util.h"
#include "net/base/escape.h"
#include "unicode/locid.h"
#if defined(OS_WIN)
#include "chrome/installer/util/browser_distribution.h"
#endif
static const int kSafeBrowsingMacDigestSize = 20;
// Continue to this URL after submitting the phishing report form.
// TODO(paulg): Change to a Chrome specific URL.
static const char kContinueUrlFormat[] =
"http://www.google.com/tools/firefox/toolbar/FT2/intl/%s/submit_success.html";
static const char kReportParams[] = "?tpl=%s&continue=%s&url=%s";
// SBChunk ---------------------------------------------------------------------
SBChunk::SBChunk()
: chunk_number(0),
list_id(0),
is_add(false) {
}
SBChunk::~SBChunk() {}
// SBChunkList -----------------------------------------------------------------
SBChunkList::SBChunkList() {}
SBChunkList::~SBChunkList() {
clear();
}
void SBChunkList::clear() {
for (std::vector<SBChunk>::iterator citer = chunks_.begin();
citer != chunks_.end(); ++citer) {
for (std::deque<SBChunkHost>::iterator hiter = citer->hosts.begin();
hiter != citer->hosts.end(); ++hiter) {
if (hiter->entry) {
hiter->entry->Destroy();
hiter->entry = NULL;
}
}
}
chunks_.clear();
}
// SBListChunkRanges -----------------------------------------------------------
SBListChunkRanges::SBListChunkRanges(const std::string& n) : name(n) {}
// SBChunkDelete ---------------------------------------------------------------
SBChunkDelete::SBChunkDelete() : is_sub_del(false) {}
SBChunkDelete::~SBChunkDelete() {}
// SBEntry ---------------------------------------------------------------------
// static
SBEntry* SBEntry::Create(Type type, int prefix_count) {
int size = Size(type, prefix_count);
SBEntry *rv = static_cast<SBEntry*>(malloc(size));
memset(rv, 0, size);
rv->set_type(type);
rv->set_prefix_count(prefix_count);
return rv;
}
void SBEntry::Destroy() {
free(this);
}
// static
int SBEntry::PrefixSize(Type type) {
switch (type) {
case ADD_PREFIX:
return sizeof(SBPrefix);
case ADD_FULL_HASH:
return sizeof(SBFullHash);
case SUB_PREFIX:
return sizeof(SBSubPrefix);
case SUB_FULL_HASH:
return sizeof(SBSubFullHash);
default:
NOTREACHED();
return 0;
}
}
int SBEntry::Size() const {
return Size(type(), prefix_count());
}
// static
int SBEntry::Size(Type type, int prefix_count) {
return sizeof(Data) + prefix_count * PrefixSize(type);
}
int SBEntry::ChunkIdAtPrefix(int index) const {
if (type() == SUB_PREFIX)
return sub_prefixes_[index].add_chunk;
return (type() == SUB_FULL_HASH) ?
sub_full_hashes_[index].add_chunk : chunk_id();
}
void SBEntry::SetChunkIdAtPrefix(int index, int chunk_id) {
DCHECK(IsSub());
if (type() == SUB_PREFIX)
sub_prefixes_[index].add_chunk = chunk_id;
else
sub_full_hashes_[index].add_chunk = chunk_id;
}
const SBPrefix& SBEntry::PrefixAt(int index) const {
DCHECK(IsPrefix());
return IsAdd() ? add_prefixes_[index] : sub_prefixes_[index].prefix;
}
const SBFullHash& SBEntry::FullHashAt(int index) const {
DCHECK(!IsPrefix());
return IsAdd() ? add_full_hashes_[index] : sub_full_hashes_[index].prefix;
}
void SBEntry::SetPrefixAt(int index, const SBPrefix& prefix) {
DCHECK(IsPrefix());
if (IsAdd())
add_prefixes_[index] = prefix;
else
sub_prefixes_[index].prefix = prefix;
}
void SBEntry::SetFullHashAt(int index, const SBFullHash& full_hash) {
DCHECK(!IsPrefix());
if (IsAdd())
add_full_hashes_[index] = full_hash;
else
sub_full_hashes_[index].prefix = full_hash;
}
// Utility functions -----------------------------------------------------------
namespace safe_browsing_util {
// Listnames that browser can process.
const char kMalwareList[] = "goog-malware-shavar";
const char kPhishingList[] = "goog-phish-shavar";
const char kBinUrlList[] = "goog-badbinurl-shavar";
const char kBinHashList[] = "goog-badbin-digestvar";
const char kCsdWhiteList[] = "goog-csdwhite-sha256";
int GetListId(const std::string& name) {
int id;
if (name == safe_browsing_util::kMalwareList) {
id = MALWARE;
} else if (name == safe_browsing_util::kPhishingList) {
id = PHISH;
} else if (name == safe_browsing_util::kBinUrlList) {
id = BINURL;
} else if (name == safe_browsing_util::kBinHashList) {
id = BINHASH;
} else if (name == safe_browsing_util::kCsdWhiteList) {
id = CSDWHITELIST;
} else {
id = INVALID;
}
return id;
}
bool GetListName(int list_id, std::string* list) {
switch (list_id) {
case MALWARE:
*list = safe_browsing_util::kMalwareList;
break;
case PHISH:
*list = safe_browsing_util::kPhishingList;
break;
case BINURL:
*list = safe_browsing_util::kBinUrlList;
break;
case BINHASH:
*list = safe_browsing_util::kBinHashList;
break;
case CSDWHITELIST:
*list = safe_browsing_util::kCsdWhiteList;
break;
default:
return false;
}
return true;
}
std::string Unescape(const std::string& url) {
std::string unescaped_str(url);
std::string old_unescaped_str;
const int kMaxLoopIterations = 1024;
int loop_var = 0;
do {
old_unescaped_str = unescaped_str;
unescaped_str = UnescapeURLComponent(old_unescaped_str,
UnescapeRule::CONTROL_CHARS | UnescapeRule::SPACES |
UnescapeRule::URL_SPECIAL_CHARS);
} while (unescaped_str != old_unescaped_str && ++loop_var <=
kMaxLoopIterations);
return unescaped_str;
}
std::string Escape(const std::string& url) {
std::string escaped_str;
const char* kHexString = "0123456789ABCDEF";
for (size_t i = 0; i < url.length(); i++) {
unsigned char c = static_cast<unsigned char>(url[i]);
if (c <= ' ' || c > '~' || c == '#' || c == '%') {
escaped_str.push_back('%');
escaped_str.push_back(kHexString[c >> 4]);
escaped_str.push_back(kHexString[c & 0xf]);
} else {
escaped_str.push_back(c);
}
}
return escaped_str;
}
std::string RemoveConsecutiveChars(const std::string& str, const char c) {
std::string output(str);
std::string string_to_find;
std::string::size_type loc = 0;
string_to_find.append(2, c);
while ((loc = output.find(string_to_find, loc)) != std::string::npos) {
output.erase(loc, 1);
}
return output;
}
// Canonicalizes url as per Google Safe Browsing Specification.
// See section 6.1 in
// http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec.
void CanonicalizeUrl(const GURL& url,
std::string* canonicalized_hostname,
std::string* canonicalized_path,
std::string* canonicalized_query) {
DCHECK(url.is_valid());
// We only canonicalize "normal" URLs.
if (!url.IsStandard())
return;
// Following canonicalization steps are excluded since url parsing takes care
// of those :-
// 1. Remove any tab (0x09), CR (0x0d), and LF (0x0a) chars from url.
// (Exclude escaped version of these chars).
// 2. Normalize hostname to 4 dot-seperated decimal values.
// 3. Lowercase hostname.
// 4. Resolve path sequences "/../" and "/./".
// That leaves us with the following :-
// 1. Remove fragment in URL.
GURL url_without_fragment;
GURL::Replacements f_replacements;
f_replacements.ClearRef();
f_replacements.ClearUsername();
f_replacements.ClearPassword();
url_without_fragment = url.ReplaceComponents(f_replacements);
// 2. Do URL unescaping until no more hex encoded characters exist.
std::string url_unescaped_str(Unescape(url_without_fragment.spec()));
url_parse::Parsed parsed;
url_parse::ParseStandardURL(url_unescaped_str.data(),
url_unescaped_str.length(), &parsed);
// 3. In hostname, remove all leading and trailing dots.
const std::string host = (parsed.host.len > 0) ? url_unescaped_str.substr(
parsed.host.begin, parsed.host.len) : "";
const char kCharsToTrim[] = ".";
std::string host_without_end_dots;
TrimString(host, kCharsToTrim, &host_without_end_dots);
// 4. In hostname, replace consecutive dots with a single dot.
std::string host_without_consecutive_dots(RemoveConsecutiveChars(
host_without_end_dots, '.'));
// 5. In path, replace runs of consecutive slashes with a single slash.
std::string path = (parsed.path.len > 0) ? url_unescaped_str.substr(
parsed.path.begin, parsed.path.len): "";
std::string path_without_consecutive_slash(RemoveConsecutiveChars(
path, '/'));
url_canon::Replacements<char> hp_replacements;
hp_replacements.SetHost(host_without_consecutive_dots.data(),
url_parse::Component(0, host_without_consecutive_dots.length()));
hp_replacements.SetPath(path_without_consecutive_slash.data(),
url_parse::Component(0, path_without_consecutive_slash.length()));
std::string url_unescaped_with_can_hostpath;
url_canon::StdStringCanonOutput output(&url_unescaped_with_can_hostpath);
url_parse::Parsed temp_parsed;
url_util::ReplaceComponents(url_unescaped_str.data(),
url_unescaped_str.length(), parsed,
hp_replacements, NULL, &output, &temp_parsed);
output.Complete();
// 6. Step needed to revert escaping done in url_util::ReplaceComponents.
url_unescaped_with_can_hostpath = Unescape(url_unescaped_with_can_hostpath);
// 7. After performing all above steps, percent-escape all chars in url which
// are <= ASCII 32, >= 127, #, %. Escapes must be uppercase hex characters.
std::string escaped_canon_url_str(Escape(url_unescaped_with_can_hostpath));
url_parse::Parsed final_parsed;
url_parse::ParseStandardURL(escaped_canon_url_str.data(),
escaped_canon_url_str.length(), &final_parsed);
if (canonicalized_hostname && final_parsed.host.len > 0) {
*canonicalized_hostname =
escaped_canon_url_str.substr(final_parsed.host.begin,
final_parsed.host.len);
}
if (canonicalized_path && final_parsed.path.len > 0) {
*canonicalized_path = escaped_canon_url_str.substr(final_parsed.path.begin,
final_parsed.path.len);
}
if (canonicalized_query && final_parsed.query.len > 0) {
*canonicalized_query = escaped_canon_url_str.substr(
final_parsed.query.begin, final_parsed.query.len);
}
}
void GenerateHostsToCheck(const GURL& url, std::vector<std::string>* hosts) {
hosts->clear();
std::string canon_host;
CanonicalizeUrl(url, &canon_host, NULL, NULL);
const std::string host = canon_host; // const sidesteps GCC bugs below!
if (host.empty())
return;
// Per the Safe Browsing Protocol v2 spec, we try the host, and also up to 4
// hostnames formed by starting with the last 5 components and successively
// removing the leading component. The last component isn't examined alone,
// since it's the TLD or a subcomponent thereof.
//
// Note that we don't need to be clever about stopping at the "real" eTLD --
// the data on the server side has been filtered to ensure it will not
// blacklist a whole TLD, and it's not significantly slower on our side to
// just check too much.
//
// Also note that because we have a simple blacklist, not some sort of complex
// whitelist-in-blacklist or vice versa, it doesn't matter what order we check
// these in.
const size_t kMaxHostsToCheck = 4;
bool skipped_last_component = false;
for (std::string::const_reverse_iterator i(host.rbegin());
i != host.rend() && hosts->size() < kMaxHostsToCheck; ++i) {
if (*i == '.') {
if (skipped_last_component)
hosts->push_back(std::string(i.base(), host.end()));
else
skipped_last_component = true;
}
}
hosts->push_back(host);
}
void GeneratePathsToCheck(const GURL& url, std::vector<std::string>* paths) {
paths->clear();
std::string canon_path;
std::string canon_query;
CanonicalizeUrl(url, NULL, &canon_path, &canon_query);
const std::string path = canon_path; // const sidesteps GCC bugs below!
const std::string query = canon_query;
if (path.empty())
return;
// Per the Safe Browsing Protocol v2 spec, we try the exact path with/without
// the query parameters, and also up to 4 paths formed by starting at the root
// and adding more path components.
//
// As with the hosts above, it doesn't matter what order we check these in.
const size_t kMaxPathsToCheck = 4;
for (std::string::const_iterator i(path.begin());
i != path.end() && paths->size() < kMaxPathsToCheck; ++i) {
if (*i == '/')
paths->push_back(std::string(path.begin(), i + 1));
}
if (!paths->empty() && paths->back() != path)
paths->push_back(path);
if (!query.empty())
paths->push_back(path + "?" + query);
}
int GetHashIndex(const SBFullHash& hash,
const std::vector<SBFullHashResult>& full_hashes) {
for (size_t i = 0; i < full_hashes.size(); ++i) {
if (hash == full_hashes[i].hash)
return static_cast<int>(i);
}
return -1;
}
int GetUrlHashIndex(const GURL& url,
const std::vector<SBFullHashResult>& full_hashes) {
if (full_hashes.empty())
return -1;
std::vector<std::string> hosts, paths;
GenerateHostsToCheck(url, &hosts);
GeneratePathsToCheck(url, &paths);
for (size_t h = 0; h < hosts.size(); ++h) {
for (size_t p = 0; p < paths.size(); ++p) {
SBFullHash key;
crypto::SHA256HashString(hosts[h] + paths[p],
key.full_hash,
sizeof(SBFullHash));
int index = GetHashIndex(key, full_hashes);
if (index != -1) return index;
}
}
return -1;
}
bool IsPhishingList(const std::string& list_name) {
return list_name.compare(kPhishingList) == 0;
}
bool IsMalwareList(const std::string& list_name) {
return list_name.compare(kMalwareList) == 0;
}
bool IsBadbinurlList(const std::string& list_name) {
return list_name.compare(kBinUrlList) == 0;
}
bool IsBadbinhashList(const std::string& list_name) {
return list_name.compare(kBinHashList) == 0;
}
static void DecodeWebSafe(std::string* decoded) {
DCHECK(decoded);
for (std::string::iterator i(decoded->begin()); i != decoded->end(); ++i) {
if (*i == '_')
*i = '/';
else if (*i == '-')
*i = '+';
}
}
bool VerifyMAC(const std::string& key, const std::string& mac,
const char* data, int data_length) {
std::string key_copy = key;
DecodeWebSafe(&key_copy);
std::string decoded_key;
base::Base64Decode(key_copy, &decoded_key);
std::string mac_copy = mac;
DecodeWebSafe(&mac_copy);
std::string decoded_mac;
base::Base64Decode(mac_copy, &decoded_mac);
crypto::HMAC hmac(crypto::HMAC::SHA1);
if (!hmac.Init(decoded_key))
return false;
const std::string data_str(data, data_length);
unsigned char digest[kSafeBrowsingMacDigestSize];
if (!hmac.Sign(data_str, digest, kSafeBrowsingMacDigestSize))
return false;
return !memcmp(digest, decoded_mac.data(), kSafeBrowsingMacDigestSize);
}
GURL GeneratePhishingReportUrl(const std::string& report_page,
const std::string& url_to_report) {
icu::Locale locale = icu::Locale::getDefault();
const char* lang = locale.getLanguage();
if (!lang)
lang = "en"; // fallback
const std::string continue_esc =
EscapeQueryParamValue(StringPrintf(kContinueUrlFormat, lang), true);
const std::string current_esc = EscapeQueryParamValue(url_to_report, true);
#if defined(OS_WIN)
BrowserDistribution* dist = BrowserDistribution::GetDistribution();
std::string client_name(dist->GetSafeBrowsingName());
#else
std::string client_name("googlechrome");
#endif
GURL report_url(report_page +
StringPrintf(kReportParams, client_name.c_str(), continue_esc.c_str(),
current_esc.c_str()));
return google_util::AppendGoogleLocaleParam(report_url);
}
void StringToSBFullHash(const std::string& hash_in, SBFullHash* hash_out) {
DCHECK_EQ(static_cast<size_t>(crypto::SHA256_LENGTH), hash_in.size());
memcpy(hash_out->full_hash, hash_in.data(), crypto::SHA256_LENGTH);
}
std::string SBFullHashToString(const SBFullHash& hash) {
DCHECK_EQ(static_cast<size_t>(crypto::SHA256_LENGTH), sizeof(hash.full_hash));
return std::string(hash.full_hash, sizeof(hash.full_hash));
}
} // namespace safe_browsing_util