1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_REUSE_DETECTOR_H_
#define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_REUSE_DETECTOR_H_
#include <stdint.h>
#include <map>
#include <memory>
#include <set>
#include <string>
#include <vector>
#include "base/macros.h"
#include "base/optional.h"
#include "base/strings/string16.h"
#include "components/password_manager/core/browser/password_store_change.h"
#include "components/password_manager/core/browser/password_store_consumer.h"
class PrefService;
namespace password_manager {
class PasswordReuseDetectorConsumer;
// Comparator that compares reversed strings.
struct ReverseStringLess {
bool operator()(const base::string16& lhs, const base::string16& rhs) const;
};
// Per-profile class responsible for detection of password reuse, i.e. that the
// user input on some site contains the password saved on another site.
// It receives saved passwords through PasswordStoreConsumer interface.
// It stores passwords in memory and CheckReuse() can be used for finding
// a password reuse.
class PasswordReuseDetector : public PasswordStoreConsumer {
public:
explicit PasswordReuseDetector(PrefService* prefs);
~PasswordReuseDetector() override;
// PasswordStoreConsumer
void OnGetPasswordStoreResults(
std::vector<std::unique_ptr<autofill::PasswordForm>> results) override;
// Add new or updated passwords from |changes| to internal password index.
void OnLoginsChanged(const PasswordStoreChangeList& changes);
// Checks that some suffix of |input| equals to a password saved on another
// registry controlled domain than |domain| or to a sync password.
// If such suffix is found, |consumer|->OnReuseFound() is called on the same
// thread on which this method is called.
// |consumer| should not be null.
void CheckReuse(const base::string16& input,
const std::string& domain,
PasswordReuseDetectorConsumer* consumer);
// Saves a hash of |password| for password reuse checking.
void SaveSyncPasswordHash(const base::string16& password);
private:
using passwords_iterator = std::map<base::string16,
std::set<std::string>,
ReverseStringLess>::const_iterator;
// Add password from |form| to |passwords_|.
void AddPassword(const autofill::PasswordForm& form);
// Returns true iff a reuse of a sync password is found. If reuse is found it
// is reported to |consumer|.
bool CheckSyncPasswordReuse(const base::string16& input,
const std::string& domain,
PasswordReuseDetectorConsumer* consumer);
// Returns true iff a reuse of a saved password is found. If reuse is found it
// is reported to |consumer|.
bool CheckSavedPasswordReuse(const base::string16& input,
const std::string& domain,
PasswordReuseDetectorConsumer* consumer);
// Returns the iterator to |passwords_| that corresponds to the longest key in
// |passwords_| that is a suffix of |input|. Returns passwords_.end() in case
// when no key in |passwords_| is a prefix of |input|.
passwords_iterator FindSavedPassword(const base::string16& input);
// Contains all passwords.
// A key is a password.
// A value is a set of registry controlled domains on which the password
// saved.
std::map<base::string16, std::set<std::string>, ReverseStringLess> passwords_;
// Number of passwords in |passwords_|, each password is calculated the number
// of times how many different sites it's saved on.
int saved_passwords_ = 0;
base::Optional<uint64_t> sync_password_hash_;
PrefService* const prefs_;
DISALLOW_COPY_AND_ASSIGN(PasswordReuseDetector);
};
} // namespace password_manager
#endif // COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_PASSWORD_REUSE_DETECTOR_H_
|