Bjørn Lie
ba7813279e
- Add epiphany-uri-tester-fixes.patch: Fix urlcache memory leak and fix cache lookups when URI is not matched (glgo#GNOME/epiphany#37). - Add epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch: Revert gsb-storage: Don't hardcode Linux threat lists. OBS-URL: https://build.opensuse.org/request/show/616638 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/epiphany?expand=0&rev=293
255 lines
9.4 KiB
Diff
255 lines
9.4 KiB
Diff
From c0eea4014270cac6d32d24de2bd8338e2da39ffd Mon Sep 17 00:00:00 2001
|
|
From: Gabriel Ivașcu <ivascu.gabriel59@gmail.com>
|
|
Date: Tue, 12 Jun 2018 12:39:50 +0300
|
|
Subject: [PATCH] Revert "gsb-storage: Don't hardcode Linux threat lists"
|
|
|
|
This reverts commit 3c8cd6387f85106051c9e674ee8b1e59fb40858c.
|
|
|
|
Also, increment SCHEMA_VERSION in ephy-gsb-storage.c.
|
|
---
|
|
lib/safe-browsing/ephy-gsb-service.c | 74 --------------------------------------------------------------------------
|
|
lib/safe-browsing/ephy-gsb-storage.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
|
|
lib/safe-browsing/ephy-gsb-storage.h | 2 --
|
|
3 files changed, 51 insertions(+), 124 deletions(-)
|
|
|
|
diff --git a/lib/safe-browsing/ephy-gsb-service.c b/lib/safe-browsing/ephy-gsb-service.c
|
|
index b36592a..a99a6d2 100644
|
|
--- a/lib/safe-browsing/ephy-gsb-service.c
|
|
+++ b/lib/safe-browsing/ephy-gsb-service.c
|
|
@@ -163,74 +163,6 @@ ephy_gsb_service_schedule_update (EphyGSBService *self)
|
|
LOG ("Next update scheduled in %ld seconds", interval);
|
|
}
|
|
|
|
-static GList *
|
|
-ephy_gsb_service_fetch_threat_lists_sync (EphyGSBService *self)
|
|
-{
|
|
- GList *retval = NULL;
|
|
- JsonNode *body_node = NULL;
|
|
- JsonObject *body_obj;
|
|
- JsonArray *threat_lists;
|
|
- JsonObject *descriptor;
|
|
- const char *threat_type;
|
|
- const char *platform_type;
|
|
- const char *threat_entry_type;
|
|
- SoupMessage *msg;
|
|
- char *url;
|
|
-
|
|
- g_assert (EPHY_IS_GSB_SERVICE (self));
|
|
-
|
|
- url = g_strdup_printf ("%sthreatLists?key=%s", API_PREFIX, self->api_key);
|
|
- msg = soup_message_new (SOUP_METHOD_GET, url);
|
|
- soup_session_send_message (self->session, msg);
|
|
-
|
|
- if (msg->status_code != 200) {
|
|
- LOG ("Failed to fetch the threat lists from the server, got: %u, %s",
|
|
- msg->status_code, msg->response_body->data);
|
|
- goto out;
|
|
- }
|
|
-
|
|
- body_node = json_from_string (msg->response_body->data, NULL);
|
|
- if (!body_node || !JSON_NODE_HOLDS_OBJECT (body_node)) {
|
|
- g_warning ("Response is not a valid JSON object");
|
|
- goto out;
|
|
- }
|
|
-
|
|
- body_obj = json_node_get_object (body_node);
|
|
-
|
|
- if (json_object_has_non_null_array_member (body_obj, "threatLists")) {
|
|
- threat_lists = json_object_get_array_member (body_obj, "threatLists");
|
|
- for (guint i = 0; i < json_array_get_length (threat_lists); i++) {
|
|
- descriptor = json_array_get_object_element (threat_lists, i);
|
|
- threat_type = json_object_get_string_member (descriptor, "threatType");
|
|
- platform_type = json_object_get_string_member (descriptor, "platformType");
|
|
-
|
|
- /* Keep SOCIAL_ENGINEERING threats that are for any platform.
|
|
- * Keep MALWARE/UNWANTED_SOFTWARE threats that are for Linux only.
|
|
- */
|
|
- if (g_strcmp0 (threat_type, "SOCIAL_ENGINEERING") == 0) {
|
|
- if (g_strcmp0 (platform_type, "ANY_PLATFORM") != 0)
|
|
- continue;
|
|
- } else if (g_strcmp0 (platform_type, "LINUX") != 0) {
|
|
- continue;
|
|
- }
|
|
-
|
|
- threat_entry_type = json_object_get_string_member (descriptor, "threatEntryType");
|
|
- retval = g_list_prepend (retval, ephy_gsb_threat_list_new (threat_type,
|
|
- platform_type,
|
|
- threat_entry_type,
|
|
- NULL));
|
|
- }
|
|
- }
|
|
-
|
|
-out:
|
|
- g_free (url);
|
|
- g_object_unref (msg);
|
|
- if (body_node)
|
|
- json_node_unref (body_node);
|
|
-
|
|
- return g_list_reverse (retval);
|
|
-}
|
|
-
|
|
static void
|
|
ephy_gsb_service_update_thread (GTask *task,
|
|
EphyGSBService *self,
|
|
@@ -255,12 +187,6 @@ ephy_gsb_service_update_thread (GTask *task,
|
|
|
|
ephy_gsb_storage_delete_old_full_hashes (self->storage);
|
|
|
|
- /* Fetch and store new threat lists, if any. */
|
|
- threat_lists = ephy_gsb_service_fetch_threat_lists_sync (self);
|
|
- for (GList *l = threat_lists; l && l->data; l = l->next)
|
|
- ephy_gsb_storage_insert_threat_list (self->storage, l->data);
|
|
- g_list_free_full (threat_lists, (GDestroyNotify)ephy_gsb_threat_list_free);
|
|
-
|
|
threat_lists = ephy_gsb_storage_get_threat_lists (self->storage);
|
|
if (!threat_lists) {
|
|
LOG ("No threat lists to update");
|
|
diff --git a/lib/safe-browsing/ephy-gsb-storage.c b/lib/safe-browsing/ephy-gsb-storage.c
|
|
index 374d98d..05d8f27 100644
|
|
--- a/lib/safe-browsing/ephy-gsb-storage.c
|
|
+++ b/lib/safe-browsing/ephy-gsb-storage.c
|
|
@@ -34,8 +34,21 @@
|
|
*/
|
|
#define BATCH_SIZE 199
|
|
|
|
-/* Increment schema version if you modify the database table structure. */
|
|
-#define SCHEMA_VERSION 2
|
|
+/* Increment schema version if you:
|
|
+ * 1) Modify the database table structure.
|
|
+ * 2) Modify the threat lists below.
|
|
+ */
|
|
+#define SCHEMA_VERSION 3
|
|
+
|
|
+/* The available Linux threat lists of Google Safe Browsing API v4.
|
|
+ * The format is {THREAT_TYPE, PLATFORM_TYPE, THREAT_ENTRY_TYPE}.
|
|
+ */
|
|
+static const char * const gsb_linux_threat_lists[][3] = {
|
|
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "URL"},
|
|
+ {GSB_THREAT_TYPE_SOCIAL_ENGINEERING, "ANY_PLATFORM", "URL"},
|
|
+ {GSB_THREAT_TYPE_UNWANTED_SOFTWARE, "LINUX", "URL"},
|
|
+ {GSB_THREAT_TYPE_MALWARE, "LINUX", "IP_RANGE"},
|
|
+};
|
|
|
|
struct _EphyGSBStorage {
|
|
GObject parent_instance;
|
|
@@ -195,7 +208,9 @@ ephy_gsb_storage_init_metadata_table (EphyGSBStorage *self)
|
|
static gboolean
|
|
ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
|
|
{
|
|
+ EphySQLiteStatement *statement;
|
|
GError *error = NULL;
|
|
+ GString *string;
|
|
const char *sql;
|
|
|
|
g_assert (EPHY_IS_GSB_STORAGE (self));
|
|
@@ -218,6 +233,40 @@ ephy_gsb_storage_init_threats_table (EphyGSBStorage *self)
|
|
return FALSE;
|
|
}
|
|
|
|
+ sql = "INSERT INTO threats (threat_type, platform_type, threat_entry_type) VALUES ";
|
|
+ string = g_string_new (sql);
|
|
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++)
|
|
+ g_string_append (string, "(?, ?, ?),");
|
|
+ /* Remove trailing comma character. */
|
|
+ g_string_erase (string, string->len - 1, -1);
|
|
+
|
|
+ statement = ephy_sqlite_connection_create_statement (self->db, string->str, &error);
|
|
+ g_string_free (string, TRUE);
|
|
+
|
|
+ if (error) {
|
|
+ g_warning ("Failed to create threats table insert statement: %s", error->message);
|
|
+ g_error_free (error);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
+ for (guint i = 0; i < G_N_ELEMENTS (gsb_linux_threat_lists); i++) {
|
|
+ EphyGSBThreatList *list = ephy_gsb_threat_list_new (gsb_linux_threat_lists[i][0],
|
|
+ gsb_linux_threat_lists[i][1],
|
|
+ gsb_linux_threat_lists[i][2],
|
|
+ NULL);
|
|
+ bind_threat_list_params (statement, list, i * 3, i * 3 + 1, i * 3 + 2, -1);
|
|
+ ephy_gsb_threat_list_free (list);
|
|
+ }
|
|
+
|
|
+ ephy_sqlite_statement_step (statement, &error);
|
|
+ g_object_unref (statement);
|
|
+
|
|
+ if (error) {
|
|
+ g_warning ("Failed to insert initial data into threats table: %s", error->message);
|
|
+ g_error_free (error);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
return TRUE;
|
|
}
|
|
|
|
@@ -600,52 +649,6 @@ ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
|
|
}
|
|
|
|
/**
|
|
- * ephy_gsb_storage_insert_threat_list:
|
|
- * @self: an #EphyGSBStorage
|
|
- * @list: an #EphyGSBThreatList
|
|
- *
|
|
- * Insert a threat lists into the local database. If the combination
|
|
- * THREAT_TYPE/PLATFORM_TYPE/THREAT_ENTRY_TYPE already exists in the
|
|
- * database, then this function does nothing. The client state is ignored.
|
|
- * Use ephy_gsb_storage_update_client_state() if you need to update the
|
|
- * client state.
|
|
- **/
|
|
-void
|
|
-ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
|
|
- EphyGSBThreatList *list)
|
|
-{
|
|
- EphySQLiteStatement *statement;
|
|
- GError *error = NULL;
|
|
- const char *sql;
|
|
-
|
|
- g_assert (EPHY_IS_GSB_STORAGE (self));
|
|
- g_assert (list);
|
|
-
|
|
- sql = "INSERT OR IGNORE INTO threats "
|
|
- "(threat_type, platform_type, threat_entry_type, client_state) "
|
|
- "VALUES (?, ?, ?, ?)";
|
|
- statement = ephy_sqlite_connection_create_statement (self->db, sql, &error);
|
|
- if (error) {
|
|
- g_warning ("Failed to create insert threat list statement: %s", error->message);
|
|
- g_error_free (error);
|
|
- return;
|
|
- }
|
|
-
|
|
- if (!bind_threat_list_params (statement, list, 0, 1, 2, -1)) {
|
|
- g_object_unref (statement);
|
|
- return;
|
|
- }
|
|
-
|
|
- ephy_sqlite_statement_step (statement, &error);
|
|
- if (error) {
|
|
- g_warning ("Failed to execute insert threat list statement: %s", error->message);
|
|
- g_error_free (error);
|
|
- }
|
|
-
|
|
- g_object_unref (statement);
|
|
-}
|
|
-
|
|
-/**
|
|
* ephy_gsb_storage_get_threat_lists:
|
|
* @self: an #EphyGSBStorage
|
|
*
|
|
diff --git a/lib/safe-browsing/ephy-gsb-storage.h b/lib/safe-browsing/ephy-gsb-storage.h
|
|
index 056b4e7..ed41a7e 100644
|
|
--- a/lib/safe-browsing/ephy-gsb-storage.h
|
|
+++ b/lib/safe-browsing/ephy-gsb-storage.h
|
|
@@ -38,8 +38,6 @@ gint64 ephy_gsb_storage_get_metadata (EphyGSBStorage
|
|
void ephy_gsb_storage_set_metadata (EphyGSBStorage *self,
|
|
const char *key,
|
|
gint64 value);
|
|
-void ephy_gsb_storage_insert_threat_list (EphyGSBStorage *self,
|
|
- EphyGSBThreatList *list);
|
|
GList *ephy_gsb_storage_get_threat_lists (EphyGSBStorage *self);
|
|
char *ephy_gsb_storage_compute_checksum (EphyGSBStorage *self,
|
|
EphyGSBThreatList *list);
|
|
--
|
|
libgit2 0.27.1
|
|
|