src/chrome/browser/safe_browsing/environment_data_collection_win.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/safe_browsing/environment_data_collection_win.h"
   6
   7 #include <windows.h>
   8 #include <set>
   9
  10 #include "base/i18n/case_conversion.h"
  11 #include "base/strings/string_util.h"
  12 #include "base/strings/utf_string_conversions.h"
  13 #include "chrome/browser/install_verification/win/module_info.h"
  14 #include "chrome/browser/install_verification/win/module_verification_common.h"
  15 #include "chrome/browser/net/service_providers_win.h"
  16 #include "chrome/browser/safe_browsing/path_sanitizer.h"
  17 #include "chrome/common/safe_browsing/csd.pb.h"
  18
  19 namespace safe_browsing {
  20
  21 namespace {
  22
  23 // Helper function for expanding all environment variables in |path|.
  24 std::wstring ExpandEnvironmentVariables(const std::wstring& path) {
  25   static const DWORD kMaxBuffer = 32 * 1024;  // Max according to MSDN.
  26   std::wstring path_expanded;
  27   DWORD path_len = MAX_PATH;
  28   do {
  29     DWORD result = ExpandEnvironmentStrings(
  30         path.c_str(), WriteInto(&path_expanded, path_len), path_len);
  31     if (!result) {
  32       // Failed to expand variables. Return the original string.
  33       DPLOG(ERROR) << path;
  34       break;
  35     }
  36     if (result <= path_len)
  37       return path_expanded.substr(0, result - 1);
  38     path_len = result;
  39   } while (path_len < kMaxBuffer);
  40
  41   return path;
  42 }
  43
  44 }  // namespace
  45
  46 bool CollectDlls(ClientIncidentReport_EnvironmentData_Process* process) {
  47   // Retrieve the module list.
  48   std::set<ModuleInfo> loaded_modules;
  49   if (!GetLoadedModules(&loaded_modules))
  50     return false;
  51
  52   // Sanitize path of each module and add it to the incident report.
  53   PathSanitizer path_sanitizer;
  54   for (std::set<ModuleInfo>::const_iterator it = loaded_modules.begin();
  55        it != loaded_modules.end();
  56        ++it) {
  57     base::FilePath dll_path(it->name);
  58     path_sanitizer.StripHomeDirectory(&dll_path);
  59
  60     ClientIncidentReport_EnvironmentData_Process_Dll* dll = process->add_dll();
  61     dll->set_path(base::WideToUTF8(base::i18n::ToLower(dll_path.value())));
  62     dll->set_base_address(it->base_address);
  63     dll->set_length(it->size);
  64   }
  65
  66   return true;
  67 }
  68
  69 void RecordLspFeature(ClientIncidentReport_EnvironmentData_Process* process) {
  70   WinsockLayeredServiceProviderList lsp_list;
  71   GetWinsockLayeredServiceProviders(&lsp_list);
  72
  73   // For each LSP, we extract and sanitize the path.
  74   PathSanitizer path_sanitizer;
  75   std::set<std::wstring> lsp_paths;
  76   for (size_t i = 0; i < lsp_list.size(); ++i) {
  77     base::FilePath lsp_path(ExpandEnvironmentVariables(lsp_list[i].path));
  78     path_sanitizer.StripHomeDirectory(&lsp_path);
  79     lsp_paths.insert(base::i18n::ToLower(lsp_path.value()));
  80   }
  81
  82   // Look for a match between LSPs and loaded dlls.
  83   for (int i = 0; i < process->dll_size(); ++i) {
  84     if (lsp_paths.count(base::UTF8ToWide(process->dll(i).path()))) {
  85       process->mutable_dll(i)
  86           ->add_feature(ClientIncidentReport_EnvironmentData_Process_Dll::LSP);
  87     }
  88   }
  89 }
  90
  91 void CollectPlatformProcessData(
  92     ClientIncidentReport_EnvironmentData_Process* process) {
  93   CollectDlls(process);
  94   RecordLspFeature(process);
  95 }
  96
  97 }  // namespace safe_browsing