diff options
author | Gabriel Ivașcu <ivascu.gabriel59@gmail.com> | 2018-06-12 12:39:50 +0300 |
---|---|---|
committer | Gabriel Ivașcu <ivascu.gabriel59@gmail.com> | 2018-06-12 13:08:41 +0300 |
commit | 4fb56e272298d59fbe1963d43dc1e2ab90ba6e90 (patch) | |
tree | a830b92fe1f548b5f30cfe6ac0138117718e994d | |
parent | 5d9c882229d0ef2b29ea3e8529114dcc74102f3b (diff) | |
download | epiphany-35-hardcode-threat-lists.tar.gz |
Revert "gsb-storage: Don't hardcode Linux threat lists"35-hardcode-threat-lists
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
-rw-r--r-- | lib/safe-browsing/ephy-gsb-service.c | 74 | ||||
-rw-r--r-- | lib/safe-browsing/ephy-gsb-storage.c | 99 | ||||
-rw-r--r-- | lib/safe-browsing/ephy-gsb-storage.h | 2 |
3 files changed, 51 insertions, 124 deletions
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c index b36592af3..a99a6d243 100644 --- a/lib/safe-browsing/ephy-gsb-service.c +++ b/lib/safe-browsing/ephy-gsb-service.c @@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self) LOG ("Next update scheduled in %ld seconds", interval); } -static GList * -ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self) -{ - GList *retval = NULL; - JsonNode *body_node = NULL; - JsonObject *body_obj; - JsonArray *threat_lists; - JsonObject *descriptor; - const char *threat_type; - const char *platform_type; - const char *threat_entry_type; - SoupMessage *msg; - char *url; - - g_assert (EPHY_IS_GSB_SERVICE (self)); - - url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key); - msg = soup_message_new (SOUP_METHOD_GET, url); - soup_session_send_message (self->session, msg); - - if (msg->status_code != 200) { - LOG ("Failed to fetch the threat lists from the server, got: %u, %s", - msg->status_code, msg->response_body->data); - goto out; - } - - body_node = json_from_string (msg->response_body->data, NULL); - if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) { - g_warning ("Response is not a valid JSON object"); - goto out; - } - - body_obj = json_node_get_object (body_node); - - if (json_object_has_non_null_array_member (body_obj, "threatLists")) { - threat_lists = json_object_get_array_member (body_obj, "threatLists"); - for (guint i = 0; i < json_array_get_length (threat_lists); i++) { - descriptor = json_array_get_object_element (threat_lists, i); - threat_type = json_object_get_string_member (descriptor, "threatType"); - platform_type = json_object_get_string_member (descriptor, "platformType"); - - /* Keep SOCIAL_ENGINEERING threats that are for any platform. - * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only. - */ - if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) { - if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0) - continue; - } else if (g_strcmp0 (platform_type, "LINUX") != 0) { - continue; - } - - threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType"); - retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type, - platform_type, - threat_entry_type, - NULL)); - } - } - -out: - g_free (url); - g_object_unref (msg); - if (body_node) - json_node_unref (body_node); - - return g_list_reverse (retval); -} - static void ephy_gsb_service_update_thread (GTask *task, EphyGSBService *self, @@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task, ephy_gsb_storage_delete_old_full_hashes (self->storage); - /* Fetch and store new threat lists, if any. */ - threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self); - for (GList *l = threat_lists; l && l->data; l = l->next) - ephy_gsb_storage_insert_threat_list (self->storage, l->data); - g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free); - threat_lists = ephy_gsb_storage_get_threat_lists (self->storage); if (!threat_lists) { LOG ("No threat lists to update"); diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c index 374d98dd4..05d8f27a7 100644 --- a/lib/safe-browsing/ephy-gsb-storage.c +++ b/lib/safe-browsing/ephy-gsb-storage.c @@ -34,8 +34,21 @@ */ #define BATCH_SIZE 199 -/* Increment schema version if you modify the database table structure. */ -#define SCHEMA_VERSION 2 +/* Increment schema version if you: + * 1) Modify the database table structure. + * 2) Modify the threat lists below. + */ +#define SCHEMA_VERSION 3 + +/* The available Linux threat lists of Google Safe Browsing API v4. + * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}. + */ +static const char * const gsb_linux_threat_lists[][3] = { + {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"}, + {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"}, + {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"}, + {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"}, +}; struct _EphyGSBStorage { GObject parent_instance; @@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self) static gboolean ephy_gsb_storage_init_threats_table (EphyGSBStorage *self) { + EphySQLiteStatement *statement; GError *error = NULL; + GString *string; const char *sql; g_assert (EPHY_IS_GSB_STORAGE (self)); @@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self) return FALSE; } + sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES "; + string = g_string_new (sql); + for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) + g_string_append (string, "(?, ?, ?),"); + /* Remove trailing comma character. */ + g_string_erase (string, string->len - 1, -1); + + statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error); + g_string_free (string, TRUE); + + if (error) { + g_warning ("Failed to create threats table insert statement: %s", error->message); + g_error_free (error); + return FALSE; + } + + for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) { + EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0], + gsb_linux_threat_lists[i][1], + gsb_linux_threat_lists[i][2], + NULL); + bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1); + ephy_gsb_threat_list_free (list); + } + + ephy_sqlite_statement_step (statement, &error); + g_object_unref (statement); + + if (error) { + g_warning ("Failed to insert initial data into threats table: %s", error->message); + g_error_free (error); + return FALSE; + } + return TRUE; } @@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self, } /** - * ephy_gsb_storage_insert_threat_list: - * @self: an #EphyGSBStorage - * @list: an #EphyGSBThreatList - * - * Insert a threat lists into the local database. If the combination - * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the - * database, then this function does nothing. The client state is ignored. - * Use ephy_gsb_storage_update_client_state() if you need to update the - * client state. - **/ -void -ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self, - EphyGSBThreatList *list) -{ - EphySQLiteStatement *statement; - GError *error = NULL; - const char *sql; - - g_assert (EPHY_IS_GSB_STORAGE (self)); - g_assert (list); - - sql = "INSERT OR IGNORE INTO threats " - "(threat_type, platform_type, threat_entry_type, client_state) " - "VALUES (?, ?, ?, ?)"; - statement = ephy_sqlite_connection_create_statement (self->db, sql, &error); - if (error) { - g_warning ("Failed to create insert threat list statement: %s", error->message); - g_error_free (error); - return; - } - - if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) { - g_object_unref (statement); - return; - } - - ephy_sqlite_statement_step (statement, &error); - if (error) { - g_warning ("Failed to execute insert threat list statement: %s", error->message); - g_error_free (error); - } - - g_object_unref (statement); -} - -/** * ephy_gsb_storage_get_threat_lists: * @self: an #EphyGSBStorage * diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h index 056b4e741..ed41a7e23 100644 --- a/lib/safe-browsing/ephy-gsb-storage.h +++ b/lib/safe-browsing/ephy-gsb-storage.h @@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage void ephy_gsb_storage_set_metadata (EphyGSBStorage *self, const char *key, gint64 value); -void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self, - EphyGSBThreatList *list); GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self); char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self, EphyGSBThreatList *list); |