Commit 4b10404d authored by Dominique Fauteux-Chapleau's avatar Dominique Fauteux-Chapleau Committed by Commit Bot

Add fields for threat insights

This adds fields in ContentAnalysisResponse::Result for malware_family
and malware_category, and corresponding fields in reporting events.

This should be removed once a better propagation for this info is
agreed upon.

Bug: 1147036
Change-Id: I0a74882830d5c4799fd5007e4aa3a8cee30178eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2526163Reviewed-by: default avatarDaniel Rubery <drubery@chromium.org>
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825391}
parent 2ce49662
...@@ -132,6 +132,10 @@ const char SafeBrowsingPrivateEventRouter::kKeyContentType[] = "contentType"; ...@@ -132,6 +132,10 @@ const char SafeBrowsingPrivateEventRouter::kKeyContentType[] = "contentType";
const char SafeBrowsingPrivateEventRouter::kKeyContentSize[] = "contentSize"; const char SafeBrowsingPrivateEventRouter::kKeyContentSize[] = "contentSize";
const char SafeBrowsingPrivateEventRouter::kKeyTrigger[] = "trigger"; const char SafeBrowsingPrivateEventRouter::kKeyTrigger[] = "trigger";
const char SafeBrowsingPrivateEventRouter::kKeyEventResult[] = "eventResult"; const char SafeBrowsingPrivateEventRouter::kKeyEventResult[] = "eventResult";
const char SafeBrowsingPrivateEventRouter::kKeyMalwareFamily[] =
"malwareFamily";
const char SafeBrowsingPrivateEventRouter::kKeyMalwareCategory[] =
"malwareCategory";
const char SafeBrowsingPrivateEventRouter::kKeyPasswordReuseEvent[] = const char SafeBrowsingPrivateEventRouter::kKeyPasswordReuseEvent[] =
"passwordReuseEvent"; "passwordReuseEvent";
...@@ -422,7 +426,8 @@ void SafeBrowsingPrivateEventRouter::OnAnalysisConnectorResult( ...@@ -422,7 +426,8 @@ void SafeBrowsingPrivateEventRouter::OnAnalysisConnectorResult(
OnDangerousDeepScanningResult( OnDangerousDeepScanningResult(
url, file_name, download_digest_sha256, url, file_name, download_digest_sha256,
MalwareRuleToThreatType(result.triggered_rules(0).rule_name()), MalwareRuleToThreatType(result.triggered_rules(0).rule_name()),
mime_type, trigger, content_size, event_result); mime_type, trigger, content_size, event_result, result.malware_family(),
result.malware_category());
} else if (result.tag() == "dlp") { } else if (result.tag() == "dlp") {
OnSensitiveDataEvent(url, file_name, download_digest_sha256, mime_type, OnSensitiveDataEvent(url, file_name, download_digest_sha256, mime_type,
trigger, result, content_size, event_result); trigger, result, content_size, event_result);
...@@ -437,7 +442,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult( ...@@ -437,7 +442,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
const std::string& mime_type, const std::string& mime_type,
const std::string& trigger, const std::string& trigger,
const int64_t content_size, const int64_t content_size,
safe_browsing::EventResult event_result) { safe_browsing::EventResult event_result,
const std::string& malware_family,
const std::string& malware_category) {
if (!IsRealtimeReportingEnabled()) if (!IsRealtimeReportingEnabled())
return; return;
...@@ -449,7 +456,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult( ...@@ -449,7 +456,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
const std::string& profile_user_name, const std::string& profile_user_name,
const std::string& threat_type, const std::string& mime_type, const std::string& threat_type, const std::string& mime_type,
const std::string& trigger, const int64_t content_size, const std::string& trigger, const int64_t content_size,
safe_browsing::EventResult event_result) { safe_browsing::EventResult event_result,
const std::string& malware_family,
const std::string& malware_category) {
// Create a real-time event dictionary from the arguments and // Create a real-time event dictionary from the arguments and
// report it. // report it.
base::Value event(base::Value::Type::DICTIONARY); base::Value event(base::Value::Type::DICTIONARY);
...@@ -471,10 +480,15 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult( ...@@ -471,10 +480,15 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
event.SetBoolKey( event.SetBoolKey(
kKeyClickedThrough, kKeyClickedThrough,
event_result == safe_browsing::EventResult::BYPASSED); event_result == safe_browsing::EventResult::BYPASSED);
if (!malware_family.empty())
event.SetStringKey(kKeyMalwareFamily, malware_family);
if (!malware_category.empty())
event.SetStringKey(kKeyMalwareCategory, malware_category);
return event; return event;
}, },
url.spec(), file_name, download_digest_sha256, GetProfileUserName(), url.spec(), file_name, download_digest_sha256, GetProfileUserName(),
threat_type, mime_type, trigger, content_size, event_result)); threat_type, mime_type, trigger, content_size, event_result,
malware_family, malware_category));
} }
void SafeBrowsingPrivateEventRouter::OnSensitiveDataEvent( void SafeBrowsingPrivateEventRouter::OnSensitiveDataEvent(
......
...@@ -80,6 +80,8 @@ class SafeBrowsingPrivateEventRouter ...@@ -80,6 +80,8 @@ class SafeBrowsingPrivateEventRouter
static const char kKeyContentSize[]; static const char kKeyContentSize[];
static const char kKeyTrigger[]; static const char kKeyTrigger[];
static const char kKeyEventResult[]; static const char kKeyEventResult[];
static const char kKeyMalwareFamily[];
static const char kKeyMalwareCategory[];
static const char kKeyPasswordReuseEvent[]; static const char kKeyPasswordReuseEvent[];
static const char kKeyPasswordChangedEvent[]; static const char kKeyPasswordChangedEvent[];
...@@ -266,7 +268,9 @@ class SafeBrowsingPrivateEventRouter ...@@ -266,7 +268,9 @@ class SafeBrowsingPrivateEventRouter
const std::string& mime_type, const std::string& mime_type,
const std::string& trigger, const std::string& trigger,
const int64_t content_size, const int64_t content_size,
safe_browsing::EventResult event_result); safe_browsing::EventResult event_result,
const std::string& malware_family,
const std::string& malware_category);
// Notifies listeners that the analysis connector detected a violation. // Notifies listeners that the analysis connector detected a violation.
void OnSensitiveDataEvent( void OnSensitiveDataEvent(
......
...@@ -102,6 +102,11 @@ message ContentAnalysisResponse { ...@@ -102,6 +102,11 @@ message ContentAnalysisResponse {
optional string rule_id = 3; optional string rule_id = 3;
} }
repeated TriggeredRule triggered_rules = 3; repeated TriggeredRule triggered_rules = 3;
// TODO(crbug.com/1147036): Remove fields 4-5 once a definitive approach is
// agreed upon.
optional string malware_family = 4;
optional string malware_category = 5;
} }
repeated Result results = 4; repeated Result results = 4;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment