diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /third_party/content_analysis_sdk | |
parent | Initial commit. (diff) | |
download | firefox-upstream/124.0.1.tar.xz firefox-upstream/124.0.1.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/content_analysis_sdk')
62 files changed, 6264 insertions, 0 deletions
diff --git a/third_party/content_analysis_sdk/.gitignore b/third_party/content_analysis_sdk/.gitignore new file mode 100644 index 0000000000..0ab461830e --- /dev/null +++ b/third_party/content_analysis_sdk/.gitignore @@ -0,0 +1,6 @@ +.vscode/ +.ccls-cache/ +.cache/ +build/ +*.bak +*.swp diff --git a/third_party/content_analysis_sdk/CMakeLists.txt b/third_party/content_analysis_sdk/CMakeLists.txt new file mode 100644 index 0000000000..5dacc81031 --- /dev/null +++ b/third_party/content_analysis_sdk/CMakeLists.txt @@ -0,0 +1,214 @@ +# Copyright 2022 The Chromium Authors. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +cmake_minimum_required(VERSION 3.22) + +project(chrome_enterprise_connector_local_analysis) + +# Ensure a C++14 compiler is used. +set(CMAKE_CXX_STANDARD 14) + +# Determine the operating system being targeted. +if(CMAKE_SYSTEM_NAME STREQUAL "Windows") + set(WIN TRUE) + set(MAC FALSE) + set(LINUX FALSE) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin") + set(WIN FALSE) + set(MAC TRUE) + set(LINUX FALSE) +else() + set(WIN FALSE) + set(MAC FALSE) + set(LINUX TRUE) +endif() + +# Set the path to the protoc protobuf compiler. +if(WIN) + set(PROTOC ${PROJECT_BINARY_DIR}/vcpkg/installed/x64-windows/tools/protobuf/protoc.exe) +elseif(MAC) + set(PROTOC ${PROJECT_BINARY_DIR}/vcpkg/installed/x64-osx/tools/protobuf/protoc) +elseif(LINUX) + set(PROTOC ${PROJECT_BINARY_DIR}/vcpkg/installed/x64-linux/tools/protobuf/protoc) +endif() + +# Calls the protoc compiler using the arguments specific to this project. +# protobuf_generate_cpp is not flexible enough for our needs. +add_custom_command( + OUTPUT ${PROJECT_BINARY_DIR}/gen/content_analysis/sdk/analysis.pb.cc + COMMAND + ${PROTOC} + --cpp_out=${PROJECT_BINARY_DIR}/gen + --proto_path=${PROJECT_SOURCE_DIR}/proto + ${PROJECT_SOURCE_DIR}/proto/content_analysis/sdk/analysis.proto + DEPENDS ./proto/content_analysis/sdk/analysis.proto + WORKING_DIRECTORY ${PROJECT_BINARY_DIR} +) +# Define proto target. Compile this target exclusively by calling: +# `cmake --build <build_dir> --target proto` +add_custom_target(proto + ALL + DEPENDS + ${PROJECT_BINARY_DIR}/gen/content_analysis/sdk/analysis.pb.cc +) + +# The include directory contains the header files needed by the demo code. +# The gen directory contains generated protobuf headers describing the request +# and response objects used to communicate with Google Chrome. +set(AGENT_INCLUDES + ./agent/include + . + ${PROJECT_BINARY_DIR}/gen +) +set(BROWSER_INCLUDES + ./browser/include + . + ${PROJECT_BINARY_DIR}/gen +) + +# The SDK contains platform specific code for each of the supported platforms. +# ${PLATFORM_AGENT_CODE} holds the list of source files needed for the current +# platform being built. +if(WIN) + set(PLATFORM_AGENT_CODE + ./agent/src/agent_utils_win.cc + ./agent/src/agent_utils_win.h + ./agent/src/agent_win.cc + ./agent/src/agent_win.h + ./agent/src/event_win.cc + ./agent/src/event_win.h + ./agent/src/scoped_print_handle_win.cc + ./agent/src/scoped_print_handle_win.h + ./common/utils_win.cc + ./common/utils_win.h + ) + set(PLATFORM_TEST_CODE + ./agent/src/agent_win_unittest.cc + ./agent/src/event_win_unittest.cc + ) +elseif(MAC) + set(PLATFORM_AGENT_CODE + ./agent/src/agent_mac.cc + ./agent/src/agent_mac.h + ./agent/src/event_mac.cc + ./agent/src/event_mac.h + ./agent/src/scoped_print_handle_mac.cc + ./agent/src/scoped_print_handle_mac.h + ) + set(PLATFORM_TEST_CODE + ./agent/src/event_mac_unittest.cc + ) +elseif(LINUX) + set(PLATFORM_AGENT_CODE + ./agent/src/agent_posix.cc + ./agent/src/agent_posix.h + ./agent/src/event_posix.cc + ./agent/src/event_posix.h + ./agent/src/scoped_print_handle_posix.cc + ./agent/src/scoped_print_handle_posix.h + ) + set(PLATFORM_TEST_CODE + ./agent/src/event_posix_unittest.cc + ) +endif() + +# The SDK contains platform specific code for each of the supported platforms. +# ${PLATFORM_BROWSER_CODE} holds the list of source files needed for the current +# platform being built. +if(WIN) + set(PLATFORM_BROWSER_CODE + ./browser/src/client_win.cc + ./browser/src/client_win.h + ./common/utils_win.cc + ./common/utils_win.h + ) +elseif(MAC) + set(PLATFORM_BROWSER_CODE + ./browser/src/client_mac.cc + ./browser/src/client_mac.h + ) +elseif(LINUX) + set(PLATFORM_BROWSER_CODE + ./browser/src/client_posix.cc + ./browser/src/client_posix.h + ) +endif() + +# Makes available the package definitions in vcpkg. +include("${PROJECT_BINARY_DIR}/vcpkg/scripts/buildsystems/vcpkg.cmake") +find_package(Protobuf CONFIG REQUIRED) +# Unit tests +enable_testing() +find_package(GTest CONFIG REQUIRED) +include(GoogleTest) + +add_executable(unit_tests + ${PLATFORM_TEST_CODE} +) +set_property(TARGET unit_tests PROPERTY CXX_STANDARD 20) +target_include_directories(unit_tests + PRIVATE + ${AGENT_INCLUDES} + ${BROWSER_INCLUDES} +) +target_link_libraries(unit_tests + PUBLIC + cac_agent + cac_browser + GTest::gtest GTest::gtest_main +) + +gtest_discover_tests(unit_tests) + +# Builds the content analysis connector agent linker library. This library +# is linked into the agent in order to listen for and process content analysis +# requests from Google Chrome. +add_library(cac_agent + ./agent/include/content_analysis/sdk/analysis_agent.h + ./agent/include/content_analysis/sdk/result_codes.h + ./agent/src/agent_base.cc + ./agent/src/agent_base.h + ./agent/src/event_base.cc + ./agent/src/event_base.h + ./agent/src/scoped_print_handle_base.cc + ./agent/src/scoped_print_handle_base.h + ${PLATFORM_AGENT_CODE} + ${PROJECT_BINARY_DIR}/gen/content_analysis/sdk/analysis.pb.cc +) +target_link_libraries(cac_agent + PUBLIC + protobuf::libprotoc + protobuf::libprotobuf + protobuf::libprotobuf-lite) +target_include_directories(cac_agent PRIVATE ${AGENT_INCLUDES}) +# Builds the content analysis connector browser linker library. This library +# is linked into the client in order to send content analysis requests to the +# agent. +add_library(cac_browser + ./browser/include/content_analysis/sdk/analysis_client.h + ./browser/src/client_base.cc + ./browser/src/client_base.h + ${PLATFORM_BROWSER_CODE} + ${PROJECT_BINARY_DIR}/gen/content_analysis/sdk/analysis.pb.cc +) +target_include_directories(cac_browser PRIVATE ${BROWSER_INCLUDES}) +target_link_libraries(cac_browser + PUBLIC + protobuf::libprotoc + protobuf::libprotobuf + protobuf::libprotobuf-lite) + +# The demo agent executable. +add_executable(agent + ./demo/agent.cc + ./demo/handler.h +) +target_compile_features(agent PRIVATE cxx_std_17) +target_include_directories(agent PRIVATE ${AGENT_INCLUDES}) +target_link_libraries(agent PRIVATE cac_agent) + +# The demo client executable. +add_executable(browser ./demo/client.cc) +target_include_directories(browser PRIVATE ${BROWSER_INCLUDES}) +target_link_libraries(browser PRIVATE cac_browser) + diff --git a/third_party/content_analysis_sdk/LICENSE b/third_party/content_analysis_sdk/LICENSE new file mode 100644 index 0000000000..1ef68ff09e --- /dev/null +++ b/third_party/content_analysis_sdk/LICENSE @@ -0,0 +1,28 @@ +// Copyright 2022 The Chromium Authors. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google LLC nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/third_party/content_analysis_sdk/README.md b/third_party/content_analysis_sdk/README.md new file mode 100644 index 0000000000..f65a728b49 --- /dev/null +++ b/third_party/content_analysis_sdk/README.md @@ -0,0 +1,70 @@ +# Google Chrome Content Analysis Connector Agent SDK + +The Google Chrome Content Analysis Connector provides an official mechanism +allowing Data Loss Prevention (DLP) agents to more deeply integrate their +services with Google Chrome. + +DLP agents are background processes on managed computers that allow enterprises +to monitor locally running applications for data exfiltration events. They can +allow/block these activities based on customer defined DLP policies. + +This repository contains the SDK that DLP agents may use to become service +providers for the Google Chrome Content Analysis Connector. The code that must +be compiled and linked into the content analysis agent is located in the `agent` +subdirectory. + +A demo implementation of a service provider is located in the `demo` subdirectory. + +The code that must be compiled and linked into Google Chrome is located in +the `browser` subdirectory. + +The Protocol Buffer serialization format is used to serialize messages between the +browser and the agent. The protobuf definitions used can be found in the `proto` +subdirectory. + +## Google Protocol Buffers + +This SDK depends on Google Protocol Buffers version 3.18 or later. It may be +installed from Google's [download page](https://developers.google.com/protocol-buffers/docs/downloads#release-packages) +for your developement platform. It may also be installed using a package +manager. + +The included prepare_build scripts use the Microsoft [vcpkg](https://github.com/microsoft/vcpkg) +package manager to install protobuf. vcpkg is available on all supported +platforms. + +## Build + +### Pre-requisites + +The following must be installed on the computer before building the demo: + +- [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) version 2.33 or later. +- [cmake](https://cmake.org/install/) version 3.23 or later. +- A C++ compiler toolchain for your platform. +- On linux, the `realpath` shell tool, available in the `coreutils` package. + In Debian-based distributions use `sudo apt intall coreutils`. + In Red Hat distributions use `sudo yum install coreutils`. +- On Mac, use `brew install cmake coreutils pkg-config googletest` or an equivalent setup + +### Running prepare_build + +First get things ready by installing required dependencies: +``` +$SDK_DIR/prepare_build <build-dir> +``` +where `<build-dir>` is the path to a directory where the demo will be built. +By default, if no argument is provided, a directory named `build` will be +created in the project root. Any output within the `build/` directory will +be ignored by version control. + +`prepare_build` performs the following steps: +1. Downloads the vcpkg package manager. +2. Downloads and builds the Google Protocol Buffers library. +3. Creates build files for your specific platform. + +### Cmake Targets + +To build the demo run the command `cmake --build <build-dir>`. + +To build the protocol buffer targets run the command `cmake --build <build-dir> --target proto` diff --git a/third_party/content_analysis_sdk/agent/README.md b/third_party/content_analysis_sdk/agent/README.md new file mode 100644 index 0000000000..0df623b7b5 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/README.md @@ -0,0 +1,38 @@ +# Google Chrome Content Analysis Connector Agent SDK + +This directory holds the Google Chrome Content Analysis Connector Agent SDK. +An Agent is an OS process running on the same computer as Google Chrome +that listens for and processes content analysis requests from the browser. +Supported OSes are Windows, Mac, and Linux. + +## Google Protocol Buffers + +This SDK depends on Google Protocol Buffers version 3.18 or later. It may be +installed from Google's [download page](https://developers.google.com/protocol-buffers/docs/downloads#release-packages) +for your developement platform. It may also be installed using a package +manager. + +The included demo uses the Microsoft [vcpkg](https://github.com/microsoft/vcpkg) +package manager to install protobuf. vcpkg is available on all supported +platforms. See the demo for more details. + +## Adding the SDK into an agent + +Add the SDK to a content analysis agent as follows: + +1. Clone the SDK from [Github](https://github.com/chromium/content_analysis_sdk). +This document assumes that the SDK is downloaded and extracted into the +directory $SDK_DIR. + +2. Add the directory $SDK_DIR/include to the include path of the agent +code base. + +3. Add all the source files in the directory $SDK_DIR/src to the agent build. +Note that files ending in _win.cc or _win.h are meant only for Windows, files +ending in _posix.cc or _posix.h are meant only for Linux, and files ending in +_mac.cc or _mac.h are meant only for Mac. + +4. Reference the SDK in agent code using: +``` +#include "content_analysis/sdk/local_analysis.h" +```
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/analysis_agent.h b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/analysis_agent.h new file mode 100644 index 0000000000..6f7617120a --- /dev/null +++ b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/analysis_agent.h @@ -0,0 +1,288 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_AGENT_H_ +#define CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_AGENT_H_ + +#include <memory> +#include <string> + +#include "content_analysis/sdk/analysis.pb.h" +#include "content_analysis/sdk/result_codes.h" + +// This is the main include file for code using Content Analysis Connector +// Agent SDK. No other include is needed. +// +// An agent begins by creating an instance of Agent using the factory +// function Agent::Create(). This instance should live as long as the agent +// intends to receive content analysis requests from Google Chrome. +// +// Agent::Create() must be passed an object that implements the +// AgentEventHandler interface. Methods on this interface will be called +// at the approriate time to handle specific events. The events are: +// +// - A Google Chrome browser has started or stopped. This events contains +// information about the browser such as process id and executable path. +// - A request to analyze content. The agent reads and analyses the +// request in to determine a verdict: allow or block. When the verdict is +// known the response is sent back to Google Chrome. +// - An acknowledgement that Google Chrome has properly received the agent's +// verdict. +// +// The agent is not required to serialize event handling. That is, content +// analysis events can be analyze in the background and the response does +// not need to be sent before OnAnalysisRequested() returns. +// +// Google Chrome thottles the number of requests sent to the agent to 5 +// current requests at a time but this is subject to change. + +namespace content_analysis { +namespace sdk { + +// Represents information about one instance of a Google Chrome browser +// process that is connected to the agent. +struct BrowserInfo { + unsigned long pid = 0; // Process ID of Google Chrome browser process. + std::string binary_path; // The full path to the process's main binary. +}; + +// Represents one content analysis request as generated by a given user action +// in Google Chrome. +// +// The agent should retrieve information about the content analysis request +// using the GetRequest() method. The agent should analyze the request and +// update the response, returned by GetResponse(), with a verdict (allow or +// block). Once the verdict is set the response can be sent back to Google +// Chrome by calling Send(). +// +// The default verdict is to allow the requested user action. If the final +// verdict is to allow then the agent does not need to update the response and +// can simply call Send(). +// +// If the final verdict should be to block, the agent should first update the +// response by calling SetEventVerdictToBlock() before calling Send(). +// +// This class is not thread safe. However, it may be passed to another thread +// as long as the agent properly serializses access to the event. +// +// See the demo directory for an example of how to use this class. +class ContentAnalysisEvent { + public: + virtual ~ContentAnalysisEvent() = default; + + // Prepares the event for graceful shutdown. Upon return calls to all + // other methods of this class will fail. + virtual ResultCode Close() = 0; + + // Retrives information about the browser that generated this content + // analysis event. + virtual const BrowserInfo& GetBrowserInfo() const = 0; + + // Retrieves a read-only reference to the content analysis request received + // from Google Chrome. + virtual const ContentAnalysisRequest& GetRequest() const = 0; + + // Retrieves a writable reference to the content analysis response that will + // be sent to Google Chrome as the verdict for the request of this event. + // The agent may modify this response in place before calling Send(). + virtual ContentAnalysisResponse& GetResponse() = 0; + + // Send the verdict to Google Chrome. Once this method is called further + // changes to the response are ignored. + virtual ResultCode Send() = 0; + + // Returns a string containing internal state of the object that is useful + // for debugging. + virtual std::string DebugString() const = 0; + + protected: + ContentAnalysisEvent() = default; + ContentAnalysisEvent(const ContentAnalysisEvent& rhs) = delete; + ContentAnalysisEvent(ContentAnalysisEvent&& rhs) = delete; + ContentAnalysisEvent& operator=(const ContentAnalysisEvent& rhs) = delete; + ContentAnalysisEvent& operator=(ContentAnalysisEvent&& rhs) = delete; + +}; + +// Agents should implement this interface in order to handle events as needed. +// +// OnBrowserConnected() and OnBrowserDisonnected() notify the agent when +// instances of Google Chome start and stop. The agent may perform any one-time +// actions as required for these events. The default action is to do nothing +// for both events. If the agent does not need perform any special actions +// these methods do not need to be overridden. +// +// OnAnalysisRequested() notifies the agent of a new content analysis request +// from Google Chrome. The agent should perform the analysis and respond to +// the event. It is not required for the agent complete the analysis and +// respond to before this callback returns. The agent may pass the +// ContentAnalysisEvent to a background task and respond when ready. This +// callback has no default action and agents must override it. +// +// OnResponseAcknowledged() notifies the agent that Google Chrome has received +// the content analysis response and how it has handled it. +class AgentEventHandler { + public: + AgentEventHandler() = default; + virtual ~AgentEventHandler() = default; + + // Called when a new Google Chrome browser instance connects to the agent. + // This is always called before the first OnAnalysisRequested() from that + // browser. + virtual void OnBrowserConnected(const BrowserInfo& info) {} + + // Called when a Google Chrome browser instance disconnects from the agent. + // The agent will no longer receive new content analysis requests from this + // browser. + virtual void OnBrowserDisconnected(const BrowserInfo& info) {} + + // Called when a Google Chrome browser requests a content analysis. + virtual void OnAnalysisRequested( + std::unique_ptr<ContentAnalysisEvent> event) = 0; + + // Called when a Google Chrome browser acknowledges the content analysis + // response from the agent. The default action is to do nothing. + // If the agent does not need perform any special actions this methods does + // not need to be overridden. + virtual void OnResponseAcknowledged( + const ContentAnalysisAcknowledgement& ack) {} + + // Called when a Google Chrome browser asks the agent to cancels one or + // more content analysis requests. This happens when the user presses the + // Cancel button in the in-progress dialog. This is expected to be a best + // effort only; agents may choose to ignore this message or possibly only + // cancel a subset of requests with the given user action id. + // + // The default action is to do nothing. If the agent does not need perform + // any special actions this methods does not need to be overridden. + virtual void OnCancelRequests( + const ContentAnalysisCancelRequests& cancel) {} + + // Called whenever the Agent implementation detects an error. `context` + // is a string that provide a hint to the handler as to where the error + // happened in the agent. `error` represent the actual error detected. + virtual void OnInternalError(const char* context, ResultCode error) {} +}; + +// Represents an agent that can perform content analysis for the Google Chrome +// browser. This class holds the server endpoint that Google Chrome connects +// to when content analysis is required. +// +// Agent instances should outlive all ContentAnalysisEvent instances created +// with it. Agent instances are not thread safe except for Stop() which can be +// called from any thread to shutdown the agent. Outstanding +// ContentAnalysisEvents created from this agent may or may not still complete. +// +// See the demo directory for an example of how to use this class. +class Agent { + public: + // Configuration options where creating an agent. `name` is used to create + // a channel between the agent and Google Chrome. + struct Config { + // Used to create a channel between the agent and Google Chrome. Both must + // use the same name to properly rendezvous with each other. The channel + // is platform specific. + std::string name; + + // Set to true if there is a different agent instance per OS user. Defaults + // to false. + bool user_specific = false; + }; + + // Creates a new agent instance. If successful, an agent is returned. + // Otherwise a nullptr is returned and `rc` contains the reason for the + // failure. + static std::unique_ptr<Agent> Create( + Config config, + std::unique_ptr<AgentEventHandler> handler, + ResultCode* rc); + + virtual ~Agent() = default; + + // Returns the configuration parameters used to create the agent. + virtual const Config& GetConfig() const = 0; + + // Handles events triggered on this agent and calls the coresponding + // callbacks in the AgentEventHandler. This method is blocking and returns + // when Stop() is called or if an error occurs. + virtual ResultCode HandleEvents() = 0; + + // Prepares the agent for graceful shutdown. Any function blocked on + // HandleEvents() will return. It is safe to call this method from any + // thread. + virtual ResultCode Stop() = 0; + + // Returns a string containing internal state of the object that is useful + // for debugging. + virtual std::string DebugString() const = 0; + + protected: + Agent() = default; + Agent(const Agent& rhs) = delete; + Agent(Agent&& rhs) = delete; + Agent& operator=(const Agent& rhs) = delete; + Agent& operator=(Agent&& rhs) = delete; +}; + +// Update the tag or status of `response`. This function assumes that the +// response contains only one Result. If one already exists it is updated +// otherwise a new Result is created. +// +// The response contained within ContentAnalysisEvent has already been updated. +// This function is useful only when create a new instance of +// ContentAnalysisResponse. +// +// If `tag` is not empty it will replace the result's tag. +// If `status` is not STATUS_UNKNOWN it will will replace the result's status. +ResultCode UpdateResponse(ContentAnalysisResponse& response, + const std::string& tag, + ContentAnalysisResponse::Result::Status status); + +// Sets the response verdict of an event to `action`. This is a convenience +// function that is equivalent to the following: +// +// auto result = event->GetResponse().mutable_results(0); +// auto rule = result->mutable_triggered_rules(0); +// rule->set_action(action); +// +// This function assumes the event's response has already been initialized +// using UpdateResponse(). +ResultCode SetEventVerdictTo( + ContentAnalysisEvent* event, + ContentAnalysisResponse::Result::TriggeredRule::Action action); + +// Sets the reponse verdict of an event to "block". This is a convenience +// function that is equivalent to the following: +// +// SetEventVerdictTo(event, +// ContentAnalysisResponse::Result::TriggeredRule::BLOCK); +ResultCode SetEventVerdictToBlock(ContentAnalysisEvent* event); + +// Helper class to handle the lifetime and access of print data. +class ScopedPrintHandle { + public: + virtual ~ScopedPrintHandle() = default; + virtual const char* data() = 0; + virtual size_t size() = 0; + + protected: + ScopedPrintHandle() = default; + + ScopedPrintHandle(const ScopedPrintHandle&) = delete; + ScopedPrintHandle& operator=(const ScopedPrintHandle&) = delete; + + ScopedPrintHandle(ScopedPrintHandle&&) = default; + ScopedPrintHandle& operator=(ScopedPrintHandle&&) = default; +}; + +// Returns a `ScopedPrintHandle` initialized from the request's print data +// if it exists. +std::unique_ptr<ScopedPrintHandle> +CreateScopedPrintHandle(const ContentAnalysisRequest& request, + int64_t browser_pid); + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_AGENT_H_ diff --git a/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.h b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.h new file mode 100644 index 0000000000..e2a858c069 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.h @@ -0,0 +1,36 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_RESULT_CODES_H_ +#define CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_RESULT_CODES_H_ + +#include <stdint.h> + +namespace content_analysis { +namespace sdk { + +// Result codes of methods and functions. + +#define RC_RECOVERABLE(RC, MSG) RC, +#define RC_UNRECOVERABLE(RC, MSG) RC, +enum class ResultCode { +#include "content_analysis/sdk/result_codes.inc" +}; +#undef RC_RECOVERABLE +#undef RC_UNRECOVERABLE + +// Returns true if the error is recoverable. A recoverable errors means the +// agent may still receive new requests from Google Chrome. An unrecoverable +// error means the agent is unlikely to get more request from Google Chrome. +inline bool IsRecoverableError(ResultCode rc) { + return rc < ResultCode::ERR_FIRST_UNRECOVERABLE_ERROR; +} + +// Returns a human readable error for the given result code. +const char* ResultCodeToString(ResultCode rc); + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_INCLUDE_CONTENT_ANALYSIS_SDK_RESULT_CODES_H_ diff --git a/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.inc b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.inc new file mode 100644 index 0000000000..05155ecb1e --- /dev/null +++ b/third_party/content_analysis_sdk/agent/include/content_analysis/sdk/result_codes.inc @@ -0,0 +1,25 @@ +// This file is #included from C++ headers and source code to generate code +// specific to each ResultCode. The including code is expected to #define +// macros for RC_RECOVERABLE and RC_UNRECOVERABLE before #including this file +// and then #undef then after use. + +RC_RECOVERABLE(OK, "Operation completed successfully.") +RC_RECOVERABLE(ERR_MISSING_RESULT, "Response is missing a result message.") +RC_RECOVERABLE(ERR_RESPONSE_ALREADY_SENT, "A resonse has already been sent for this request.") +RC_RECOVERABLE(ERR_MISSING_REQUEST_TOKEN, "The request is missing a request token.") +RC_RECOVERABLE(ERR_AGENT_NOT_INITIALIZED, "The agent is not proplerly initialized to handle events.") +RC_RECOVERABLE(ERR_INVALID_REQUEST_FROM_BROWSER, "The browser sent an incorrectly formatted message.") +RC_RECOVERABLE(ERR_IO_PENDING, "IO incomplete, the operation is still pending.") +RC_RECOVERABLE(ERR_MORE_DATA, "There is more data to read before the entire message has been received.") +RC_RECOVERABLE(ERR_CANNOT_GET_BROWSER_PID, "Cannot get process Id of browser.") +RC_RECOVERABLE(ERR_CANNOT_GET_BROWSER_BINARY_PATH, "Cannot get the full path to the brower's main binary file.") +RC_RECOVERABLE(ERR_BROKEN_PIPE, "Browser process has disconnected.") +RC_RECOVERABLE(ERR_UNEXPECTED, "An internal error has occured.") + +// All unrecoverable errors should be declared below ERR_FIRST_UNRECOVERABLE_ERROR. +RC_UNRECOVERABLE(ERR_FIRST_UNRECOVERABLE_ERROR, "Marker for the first unrecoverable error.") +RC_UNRECOVERABLE(ERR_AGENT_ALREADY_EXISTS, "Another process is already running as an agent on this computer.") +RC_UNRECOVERABLE(ERR_AGENT_EVENT_HANDLER_NOT_SPECIFIED, "An agent handler was not specified when creating an agent.") +RC_UNRECOVERABLE(ERR_CANNOT_CREATE_AGENT_STOP_EVENT, "Could not create event to signal the agent to stop.") +RC_UNRECOVERABLE(ERR_INVALID_CHANNEL_NAME, "Invalid channel name specified in Agent::Config.") +RC_UNRECOVERABLE(ERR_CANNOT_CREATE_CHANNEL_IO_EVENT, "Could not create event to perform async IO with a client.") diff --git a/third_party/content_analysis_sdk/agent/src/agent_base.cc b/third_party/content_analysis_sdk/agent/src/agent_base.cc new file mode 100644 index 0000000000..c584dac5b6 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_base.cc @@ -0,0 +1,42 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <utility> + +#include "agent_base.h" + +namespace content_analysis { +namespace sdk { + +AgentBase::AgentBase(Config config, std::unique_ptr<AgentEventHandler> handler) + : config_(std::move(config)), handler_(std::move(handler)) {} + +const Agent::Config& AgentBase::GetConfig() const { + return config_; +} + +ResultCode AgentBase::Stop() { + return ResultCode::OK; +} + +ResultCode AgentBase::NotifyError(const char* context, ResultCode error) { + if (handler_) { + handler_->OnInternalError(context, error); + } + return error; +} + +#define RC_RECOVERABLE(RC, MSG) case ResultCode::RC: return MSG; +#define RC_UNRECOVERABLE(RC, MSG) case ResultCode::RC: return MSG; +const char* ResultCodeToString(ResultCode rc) { + switch (rc) { +#include "content_analysis/sdk/result_codes.inc" + } + return "Unknown error code."; +} +#undef RC_RECOVERABLE +#undef RC_UNRECOVERABLE + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/agent_base.h b/third_party/content_analysis_sdk/agent/src/agent_base.h new file mode 100644 index 0000000000..8ce7df29ef --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_base.h @@ -0,0 +1,40 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_AGENT_BASE_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_AGENT_BASE_H_ + +#include <memory> + +#include "content_analysis/sdk/analysis_agent.h" + +namespace content_analysis { +namespace sdk { + +// Base Agent class with code common to all platforms. +class AgentBase : public Agent { + public: + // Agent: + const Config& GetConfig() const override; + ResultCode Stop() override; + + protected: + AgentBase(Config config, std::unique_ptr<AgentEventHandler> handler); + + AgentEventHandler* handler() const { return handler_.get(); } + const Config& configuration() const { return config_; } + + // Notifies the handler of the given error. Returns the error + // passed into the method. + ResultCode NotifyError(const char* context, ResultCode error); + + private: + Config config_; + std::unique_ptr<AgentEventHandler> handler_; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_AGENT_BASE_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/agent/src/agent_mac.cc b/third_party/content_analysis_sdk/agent/src/agent_mac.cc new file mode 100644 index 0000000000..5bbac5fe49 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_mac.cc @@ -0,0 +1,34 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "agent_mac.h" +#include "event_mac.h" + +namespace content_analysis { +namespace sdk { + +// static +std::unique_ptr<Agent> Agent::Create( + Config config, + std::unique_ptr<AgentEventHandler> handler, + ResultCode* rc) { + *rc = ResultCode::ERR_UNEXPECTED; + return std::make_unique<AgentMac>(std::move(config), std::move(handler)); +} + +AgentMac::AgentMac( + Config config, + std::unique_ptr<AgentEventHandler> handler) + : AgentBase(std::move(config), std::move(handler)) {} + +ResultCode AgentMac::HandleEvents() { + return ResultCode::ERR_UNEXPECTED; +} + +std::string AgentMac::DebugString() const { + return std::string(); +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/agent_mac.h b/third_party/content_analysis_sdk/agent/src/agent_mac.h new file mode 100644 index 0000000000..6fd3d49f7b --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_mac.h @@ -0,0 +1,27 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_SRC_AGENT_MAC_H_ +#define CONTENT_ANALYSIS_SRC_AGENT_MAC_H_ + +#include "agent_base.h" + +namespace content_analysis { +namespace sdk { + +// Agent implementaton for macOS. +class AgentMac : public AgentBase { + public: + AgentMac(Config config, std::unique_ptr<AgentEventHandler> handler); + + ResultCode HandleEvents() override; + std::string DebugString() const override; + + // TODO(rogerta): Fill in implementation. +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_SRC_AGENT_MAC_H_ diff --git a/third_party/content_analysis_sdk/agent/src/agent_posix.cc b/third_party/content_analysis_sdk/agent/src/agent_posix.cc new file mode 100644 index 0000000000..c206261213 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_posix.cc @@ -0,0 +1,36 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <utility> + +#include "agent_posix.h" +#include "event_posix.h" + +namespace content_analysis { +namespace sdk { + +// static +std::unique_ptr<Agent> Agent::Create( + Config config, + std::unique_ptr<AgentEventHandler> handler, + ResultCode* rc) { + *rc = ResultCode::ERR_UNEXPECTED; + return std::make_unique<AgentPosix>(std::move(config), std::move(handler)); +} + +AgentPosix::AgentPosix( + Config config, + std::unique_ptr<AgentEventHandler> handler) + : AgentBase(std::move(config), std::move(handler)) {} + +ResultCode AgentPosix::HandleEvents() { + return ResultCode::ERR_UNEXPECTED; +} + +std::string AgentPosix::DebugString() const { + return std::string(); +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/agent_posix.h b/third_party/content_analysis_sdk/agent/src/agent_posix.h new file mode 100644 index 0000000000..cd9e67ad25 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_posix.h @@ -0,0 +1,27 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_SRC_AGENT_POSIX_H_ +#define CONTENT_ANALYSIS_SRC_AGENT_POSIX_H_ + +#include "agent_base.h" + +namespace content_analysis { +namespace sdk { + +// Agent implementaton for linux. +class AgentPosix : public AgentBase { + public: + AgentPosix(Config config, std::unique_ptr<AgentEventHandler> handler); + + ResultCode HandleEvents() override; + std::string DebugString() const override; + + // TODO(rogerta): Fill in implementation. +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_SRC_AGENT_POSIX_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/agent/src/agent_utils_win.cc b/third_party/content_analysis_sdk/agent/src/agent_utils_win.cc new file mode 100644 index 0000000000..5a5f411d84 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_utils_win.cc @@ -0,0 +1,28 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <windows.h> + +#include "content_analysis/sdk/result_codes.h" + +namespace content_analysis { +namespace sdk { + +#define ERR_TO_RC(ERR, RC) case ERR: return ResultCode::RC; + +ResultCode ErrorToResultCode(DWORD err) { + switch (err) { + ERR_TO_RC(ERROR_SUCCESS, OK); + ERR_TO_RC(ERROR_ACCESS_DENIED, ERR_AGENT_ALREADY_EXISTS); + ERR_TO_RC(ERROR_BROKEN_PIPE, ERR_BROKEN_PIPE); + ERR_TO_RC(ERROR_INVALID_NAME, ERR_INVALID_CHANNEL_NAME); + ERR_TO_RC(ERROR_MORE_DATA, ERR_MORE_DATA); + ERR_TO_RC(ERROR_IO_PENDING, ERR_IO_PENDING); + default: + return ResultCode::ERR_UNEXPECTED; + } +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/agent_utils_win.h b/third_party/content_analysis_sdk/agent/src/agent_utils_win.h new file mode 100644 index 0000000000..7368ac794e --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_utils_win.h @@ -0,0 +1,19 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ +#define CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ + +#include "event_base.h" + +namespace content_analysis { +namespace sdk { + +// Maps a Windows error status code (ERROR_xxx codes) to an SDK result code. +ResultCode ErrorToResultCode(DWORD err); + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ diff --git a/third_party/content_analysis_sdk/agent/src/agent_win.cc b/third_party/content_analysis_sdk/agent/src/agent_win.cc new file mode 100644 index 0000000000..5d0b2c62b5 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_win.cc @@ -0,0 +1,546 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <sstream> +#include <utility> +#include <vector> + +#include <windows.h> +#include <sddl.h> + +#include "common/utils_win.h" + +#include "agent_utils_win.h" +#include "agent_win.h" +#include "event_win.h" + +namespace content_analysis { +namespace sdk { + +// The minimum number of pipe in listening mode. This is greater than one to +// handle the case of multiple instance of Google Chrome browser starting +// at the same time. +const DWORD kMinNumListeningPipeInstances = 2; + +// The minimum number of handles to wait on. This is the minimum number +// of pipes in listening mode plus the stop event. +const DWORD kMinNumWaitHandles = kMinNumListeningPipeInstances + 1; + +// static +std::unique_ptr<Agent> Agent::Create( + Config config, + std::unique_ptr<AgentEventHandler> handler, + ResultCode* rc) { + auto agent = std::make_unique<AgentWin>(std::move(config), std::move(handler), rc); + return *rc == ResultCode::OK ? std::move(agent) : nullptr; +} + +AgentWin::Connection::Connection(const std::string& pipename, + bool user_specific, + AgentEventHandler* handler, + bool is_first_pipe, + ResultCode* rc) + : handler_(handler) { + *rc = ResultCode::OK; + memset(&overlapped_, 0, sizeof(overlapped_)); + // Create a manual reset event as specified for overlapped IO. + // Use default security attriutes and no name since this event is not + // shared with other processes. + overlapped_.hEvent = CreateEvent(/*securityAttr=*/nullptr, + /*manualReset=*/TRUE, + /*initialState=*/FALSE, + /*name=*/nullptr); + if (!overlapped_.hEvent) { + *rc = ResultCode::ERR_CANNOT_CREATE_CHANNEL_IO_EVENT; + return; + } + + *rc = ResetInternal(pipename, user_specific, is_first_pipe); +} + +AgentWin::Connection::~Connection() { + Cleanup(); + + if (handle_ != INVALID_HANDLE_VALUE) { + CloseHandle(handle_); + } + + // Invalid event handles are represented as null. + if (overlapped_.hEvent) { + CloseHandle(overlapped_.hEvent); + } +} + +ResultCode AgentWin::Connection::Reset( + const std::string& pipename, + bool user_specific) { + return NotifyIfError("ConnectionReset", + ResetInternal(pipename, user_specific, false)); +} + +ResultCode AgentWin::Connection::HandleEvent(HANDLE handle) { + auto rc = ResultCode::OK; + DWORD count; + BOOL success = GetOverlappedResult(handle, &overlapped_, &count, + /*wait=*/FALSE); + if (!is_connected_) { + // This connection is currently listing for a new connection from a Google + // Chrome browser. If the result is a success, this means the browser has + // connected as expected. Otherwise an error occured so report it to the + // caller. + if (success) { + // A Google Chrome browser connected to the agent. Reset this + // connection object to handle communication with the browser and then + // tell the handler about it. + + is_connected_ = true; + buffer_.resize(internal::kBufferSize); + + rc = BuildBrowserInfo(); + if (rc == ResultCode::OK) { + handler_->OnBrowserConnected(browser_info_); + } + } else { + rc = ErrorToResultCode(GetLastError()); + NotifyIfError("GetOverlappedResult", rc); + } + } else { + // Some data has arrived from Google Chrome. This data is (part of) an + // instance of the proto message `ChromeToAgent`. + // + // If the message is small it is received in by one call to ReadFile(). + // If the message is larger it is received in by multiple calls to + // ReadFile(). + // + // `success` is true if the data just read is the last bytes for a message. + // Otherwise it is false. + rc = OnReadFile(success, count); + } + + // If all data has been read, queue another read. + if (rc == ResultCode::OK || rc == ResultCode::ERR_MORE_DATA) { + rc = QueueReadFile(rc == ResultCode::OK); + } + + if (rc != ResultCode::OK && rc != ResultCode::ERR_IO_PENDING && + rc != ResultCode::ERR_MORE_DATA) { + Cleanup(); + } else { + // Don't propagate all the "success" error codes to the called to keep + // this simpler. + rc = ResultCode::OK; + } + + return rc; +} + +void AgentWin::Connection::AppendDebugString(std::stringstream& state) const { + state << "{handle=" << handle_; + state << " connected=" << is_connected_; + state << " pid=" << browser_info_.pid; + state << " rsize=" << read_size_; + state << " fsize=" << final_size_; + state << "}"; +} + +ResultCode AgentWin::Connection::ConnectPipe() { + // In overlapped mode, connecting to a named pipe always returns false. + if (ConnectNamedPipe(handle_, &overlapped_)) { + return ErrorToResultCode(GetLastError()); + } + + DWORD err = GetLastError(); + if (err == ERROR_IO_PENDING) { + // Waiting for a Google Chrome Browser to connect. + return ResultCode::OK; + } else if (err == ERROR_PIPE_CONNECTED) { + // A Google Chrome browser is already connected. Make sure event is in + // signaled state in order to process the connection. + if (SetEvent(overlapped_.hEvent)) { + err = ERROR_SUCCESS; + } else { + err = GetLastError(); + } + } + + return ErrorToResultCode(err); +} + +ResultCode AgentWin::Connection::ResetInternal(const std::string& pipename, + bool user_specific, + bool is_first_pipe) { + auto rc = ResultCode::OK; + + // If this is the not the first time, disconnect from any existing Google + // Chrome browser. Otherwise creater a new pipe. + if (handle_ != INVALID_HANDLE_VALUE) { + if (!DisconnectNamedPipe(handle_)) { + rc = ErrorToResultCode(GetLastError()); + } + } else { + rc = ErrorToResultCode( + internal::CreatePipe(pipename, user_specific, is_first_pipe, &handle_)); + } + + // Make sure event starts in reset state. + if (rc == ResultCode::OK && !ResetEvent(overlapped_.hEvent)) { + rc = ErrorToResultCode(GetLastError()); + } + + if (rc == ResultCode::OK) { + rc = ConnectPipe(); + } + + if (rc != ResultCode::OK) { + Cleanup(); + handle_ = INVALID_HANDLE_VALUE; + } + + return rc; +} + +void AgentWin::Connection::Cleanup() { + if (is_connected_ && handler_) { + handler_->OnBrowserDisconnected(browser_info_); + } + + is_connected_ = false; + browser_info_ = BrowserInfo(); + buffer_.clear(); + cursor_ = nullptr; + read_size_ = 0; + final_size_ = 0; + + if (handle_ != INVALID_HANDLE_VALUE) { + // Cancel all outstanding IO requests on this pipe by using a null for + // overlapped. + CancelIoEx(handle_, /*overlapped=*/nullptr); + } + + // This function does not close `handle_` or the event in `overlapped` so + // that the server can resuse the pipe with an new Google Chrome browser + // instance. +} + +ResultCode AgentWin::Connection::QueueReadFile(bool reset_cursor) { + if (reset_cursor) { + cursor_ = buffer_.data(); + read_size_ = buffer_.size(); + final_size_ = 0; + } + + // When this function is called there are the following possiblities: + // + // 1/ Data is already available and the buffer is filled in. ReadFile() + // return TRUE and the event is set. + // 2/ Data is not avaiable yet. ReadFile() returns FALSE and the last error + // is ERROR_IO_PENDING(997) and the event is reset. + // 3/ Some error occurred, like for example Google Chrome stops. ReadFile() + // returns FALSE and the last error is something other than + // ERROR_IO_PENDING, for example ERROR_BROKEN_PIPE(109). The event + // state is unchanged. + auto rc = ResultCode::OK; + DWORD count; + if (!ReadFile(handle_, cursor_, read_size_, &count, &overlapped_)) { + DWORD err = GetLastError(); + rc = ErrorToResultCode(err); + + // IO pending is not an error so don't notify. + // + // Ignore broken pipes for notifications since that happens when the Google + // Chrome browser shuts down. The agent will be notified of a browser + // disconnect in that case. + // + // More data means that `buffer_` was too small to read the entire message + // from the browser. The buffer has already been resized. Another call to + // ReadFile() is needed to get the remainder. + if (rc != ResultCode::ERR_IO_PENDING && + rc != ResultCode::ERR_BROKEN_PIPE && + rc != ResultCode::ERR_MORE_DATA) { + NotifyIfError("QueueReadFile", rc, err); + } + } + + return rc; +} + +ResultCode AgentWin::Connection::OnReadFile(BOOL done_reading, DWORD count) { + final_size_ += count; + + // If `done_reading` is TRUE, this means the full message has been read. + // Call the appropriate handler method. + if (done_reading) { + return CallHandler(); + } + + // Otherwise there are two possibilities: + // + // 1/ The last error is ERROR_MORE_DATA(234). This means there are more + // bytes to read before the request message is complete. Resize the + // buffer and adjust the cursor. The caller will queue up another read + // and wait. don't notify the handler since this is not an error. + // 2/ Some error occured. In this case notify the handler and return the + // error. + + DWORD err = GetLastError(); + if (err == ERROR_MORE_DATA) { + read_size_ = internal::kBufferSize; + buffer_.resize(buffer_.size() + read_size_); + cursor_ = buffer_.data() + buffer_.size() - read_size_; + return ErrorToResultCode(err); + } + + return NotifyIfError("OnReadFile", ErrorToResultCode(err)); +} + +ResultCode AgentWin::Connection::CallHandler() { + ChromeToAgent message; + if (!message.ParseFromArray(buffer_.data(), final_size_)) { + // Malformed message. + return NotifyIfError("ParseChromeToAgent", + ResultCode::ERR_INVALID_REQUEST_FROM_BROWSER); + } + + auto rc = ResultCode::OK; + + if (message.has_request()) { + // This is a request from Google Chrome to perform a content analysis + // request. + // + // Move the request from `message` to the event to reduce the amount + // of memory allocation/copying and also because the the handler takes + // ownership of the event. + auto event = std::make_unique<ContentAnalysisEventWin>( + handle_, browser_info_, std::move(*message.mutable_request())); + rc = event->Init(); + if (rc == ResultCode::OK) { + handler_->OnAnalysisRequested(std::move(event)); + } else { + NotifyIfError("RequestValidation", rc); + } + } else if (message.has_ack()) { + // This is an ack from Google Chrome that it has received a content + // analysis response from the agent. + handler_->OnResponseAcknowledged(message.ack()); + } else if (message.has_cancel()) { + // Google Chrome is informing the agent that the content analysis + // request(s) associated with the given user action id have been + // canceled by the user. + handler_->OnCancelRequests(message.cancel()); + } else { + // Malformed message. + rc = NotifyIfError("NoRequestOrAck", + ResultCode::ERR_INVALID_REQUEST_FROM_BROWSER); + } + + return rc; +} + +ResultCode AgentWin::Connection::BuildBrowserInfo() { + if (!GetNamedPipeClientProcessId(handle_, &browser_info_.pid)) { + return NotifyIfError("BuildBrowserInfo", + ResultCode::ERR_CANNOT_GET_BROWSER_PID); + } + + if (!internal::GetProcessPath(browser_info_.pid, + &browser_info_.binary_path)) { + return NotifyIfError("BuildBrowserInfo", + ResultCode::ERR_CANNOT_GET_BROWSER_BINARY_PATH); + } + + return ResultCode::OK; +} + +ResultCode AgentWin::Connection::NotifyIfError( + const char* context, + ResultCode rc, + DWORD err) { + if (handler_ && rc != ResultCode::OK) { + std::stringstream stm; + stm << context << " pid=" << browser_info_.pid; + if (err != ERROR_SUCCESS) { + stm << context << " err=" << err; + } + + handler_->OnInternalError(stm.str().c_str(), rc); + } + return rc; +} + +AgentWin::AgentWin( + Config config, + std::unique_ptr<AgentEventHandler> event_handler, + ResultCode* rc) + : AgentBase(std::move(config), std::move(event_handler)) { + *rc = ResultCode::OK; + if (handler() == nullptr) { + *rc = ResultCode::ERR_AGENT_EVENT_HANDLER_NOT_SPECIFIED; + return; + } + + stop_event_ = CreateEvent(/*securityAttr=*/nullptr, + /*manualReset=*/TRUE, + /*initialState=*/FALSE, + /*name=*/nullptr); + if (stop_event_ == nullptr) { + *rc = ResultCode::ERR_CANNOT_CREATE_AGENT_STOP_EVENT; + return; + } + + std::string pipename = + internal::GetPipeNameForAgent(configuration().name, + configuration().user_specific); + if (pipename.empty()) { + *rc = ResultCode::ERR_INVALID_CHANNEL_NAME; + return; + } + + pipename_ = pipename; + + connections_.reserve(kMinNumListeningPipeInstances); + for (DWORD i = 0; i < kMinNumListeningPipeInstances; ++i) { + connections_.emplace_back( + std::make_unique<Connection>(pipename_, configuration().user_specific, + handler(), i == 0, rc)); + if (*rc != ResultCode::OK || !connections_.back()->IsValid()) { + Shutdown(); + break; + } + } +} + +AgentWin::~AgentWin() { + Shutdown(); +} + +ResultCode AgentWin::HandleEvents() { + std::vector<HANDLE> wait_handles; + auto rc = ResultCode::OK; + bool stopped = false; + while (!stopped && rc == ResultCode::OK) { + rc = HandleOneEvent(wait_handles, &stopped); + } + + return rc; +} + +ResultCode AgentWin::Stop() { + SetEvent(stop_event_); + return AgentBase::Stop(); +} + +std::string AgentWin::DebugString() const { + std::stringstream state; + state.setf(std::ios::boolalpha); + state << "AgentWin{pipe=\"" << pipename_; + state << "\" stop=" << stop_event_; + + for (size_t i = 0; i < connections_.size(); ++i) { + state << " conn@" << i; + connections_[i]->AppendDebugString(state); + } + + state << "}" << std::ends; + return state.str(); +} + +void AgentWin::GetHandles(std::vector<HANDLE>& wait_handles) const { + // Reserve enough space in the handles vector to include the stop event plus + // all connections. + wait_handles.clear(); + wait_handles.reserve(1 + connections_.size()); + + for (auto& state : connections_) { + HANDLE wait_handle = state->GetWaitHandle(); + if (!wait_handle) { + wait_handles.clear(); + break; + } + wait_handles.push_back(wait_handle); + } + + // Push the stop event last so that connections_ index calculations in + // HandleOneEvent() don't have to account for this handle. + wait_handles.push_back(stop_event_); +} + +ResultCode AgentWin::HandleOneEventForTesting() { + std::vector<HANDLE> wait_handles; + bool stopped; + return HandleOneEvent(wait_handles, &stopped); +} + +bool AgentWin::IsAClientConnectedForTesting() { + for (const auto& state : connections_) { + if (state->IsConnected()) { + return true; + } + } + return false; +} + +ResultCode AgentWin::HandleOneEvent( + std::vector<HANDLE>& wait_handles, + bool* stopped) { + *stopped = false; + + // Wait on the specified handles for an event to occur. + GetHandles(wait_handles); + if (wait_handles.size() < kMinNumWaitHandles) { + return NotifyError("GetHandles", ResultCode::ERR_AGENT_NOT_INITIALIZED); + } + + DWORD index = WaitForMultipleObjects( + wait_handles.size(), wait_handles.data(), + /*waitAll=*/FALSE, /*timeoutMs=*/INFINITE); + if (index == WAIT_FAILED) { + return NotifyError("WaitForMultipleObjects", + ErrorToResultCode(GetLastError())); + } + + // If the index of signaled handle is the last one in wait_handles, then the + // stop event was signaled. + index -= WAIT_OBJECT_0; + if (index == wait_handles.size() - 1) { + *stopped = true; + return ResultCode::OK; + } + + auto& connection = connections_[index]; + bool was_listening = !connection->IsConnected(); + auto rc = connection->HandleEvent(wait_handles[index]); + if (rc != ResultCode::OK) { + // If `connection` was not listening and there are more than + // kMinNumListeningPipeInstances pipes, delete this connection. Otherwise + // reset it so that it becomes a listener. + if (!was_listening && + connections_.size() > kMinNumListeningPipeInstances) { + connections_.erase(connections_.begin() + index); + } else { + rc = connection->Reset(pipename_, configuration().user_specific); + } + } + + // If `connection` was listening and is now connected, create a new + // one so that there are always kMinNumListeningPipeInstances listening. + if (rc == ResultCode::OK && was_listening && connection->IsConnected()) { + connections_.emplace_back( + std::make_unique<Connection>(pipename_, configuration().user_specific, + handler(), false, &rc)); + } + + return ResultCode::OK; +} + +void AgentWin::Shutdown() { + connections_.clear(); + pipename_.clear(); + if (stop_event_ != nullptr) { + CloseHandle(stop_event_); + stop_event_ = nullptr; + } +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/agent_win.h b/third_party/content_analysis_sdk/agent/src/agent_win.h new file mode 100644 index 0000000000..a6a0c73311 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_win.h @@ -0,0 +1,196 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_AGENT_WIN_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_AGENT_WIN_H_ + +#include <windows.h> + +#include <memory> +#include <sstream> +#include <string> +#include <vector> + +#include "agent_base.h" + +namespace content_analysis { +namespace sdk { + +// Agent implementaton for Windows. +class AgentWin : public AgentBase { + public: + // Creates a new agent given the specific configuration and handler. + // If an error occurs during creation, `rc` is set to the specific + // error. Otherwise `rc` is ResultCode::OK. + AgentWin(Config config, std::unique_ptr<AgentEventHandler> handler, + ResultCode* rc); + ~AgentWin() override; + + // Agent: + ResultCode HandleEvents() override; + ResultCode Stop() override; + std::string DebugString() const override; + + // Handles one pipe event and returns. Used only in tests. + ResultCode HandleOneEventForTesting(); + + // Returns true if there is at least one client connected to this agent. + bool IsAClientConnectedForTesting(); + +private: + // Represents one connection to a Google Chrome browser, or one pipe + // listening for a Google Chrome browser to connect. + class Connection { + public: + // Starts listening on a pipe with the given name. `is_first_pipe` should + // be true only for the first pipe created by the agent. If an error + // occurs while creating the connction object it is returned in `rc`. + // If no errors occur then rc is set to ResultCode::OK. + // + // When `user_specific` is true there is a different agent instance per OS + // user. + // + // `Connection` objects cannot be copied or moved because the OVERLAPPED + // structure cannot be changed or moved in memory while an I/O operation + // is in progress. + Connection(const std::string& pipename, + bool user_specific, + AgentEventHandler* handler, + bool is_first_pipe, + ResultCode* rc); + Connection(const Connection& other) = delete; + Connection(Connection&& other) = delete; + Connection& operator=(const Connection& other) = delete; + Connection& operator=(Connection&& other) = delete; + ~Connection(); + + bool IsValid() const { return handle_ != INVALID_HANDLE_VALUE; } + bool IsConnected() const { return is_connected_; } + HANDLE GetWaitHandle() const { return overlapped_.hEvent; } + + // Resets this connection object to listen for a new Google Chrome browser. + // When `user_specific` is true there is a different agent instance per OS + // user. + ResultCode Reset(const std::string& pipename, bool user_specific); + + // Hnadles an event for this connection. `wait_handle` corresponds to + // this connections wait handle. + ResultCode HandleEvent(HANDLE wait_handle); + + // Append debuf information to the string stream. + void AppendDebugString(std::stringstream& state) const; + + private: + // Listens for a new connection from Google Chrome. + ResultCode ConnectPipe(); + + // Resets this connection object to listen for a new Google Chrome browser. + // When `user_specific` is true there is a different agent instance per OS + // user. + ResultCode ResetInternal(const std::string& pipename, + bool user_specific, + bool is_first_pipe); + + // Cleans up this connection object so that it can be reused with a new + // Google Chroem browser instance. The handles assocated with this object + // are not closed. On return, this object is neither connected nor + // listening and any buffer used to hold browser messages are cleared. + void Cleanup(); + + // Queues a read on the pipe to receive a message from Google Chrome. + // ERROR_SUCCESS, ERROR_IO_PENDING, and ERROR_MORE_DATA are successful + // return values. Other values represent an error with the connection. + // If `reset_cursor` is true the internal read buffer cursor is reset to + // the start of the buffer, otherwise it is unchanged. + ResultCode QueueReadFile(bool reset_cursor); + + // Called when data from Google Chrome is available for reading from the + // pipe. ERROR_SUCCESS and ERROR_MORE_DATA are both successful return + // values. Other values represent an error with the connection. + // + // `done_reading` is true if the code has finished reading an entire message + // from chrome. Regardless of whether reading is done, `count` contains + // the number of bytes read. + // + // If `done_reading` is true, the data received from the browser is parsed + // as if it were a `ChromeToAgent` proto message and the handler is called + // as needed. + // + // If `done_reading` is false, the data received from the browser is + // appended to the data already received from the browser. `buffer_` is + // resized to allow reading more data from the browser. + // + // In all cases the caller is expected to use QueueReadFile() to continue + // reading data from the browser. + ResultCode OnReadFile(BOOL done_reading, DWORD count); + + // Calls the appropriate method the handler depending on the message + // received from Google Chrome. + ResultCode CallHandler(); + + // Fills in the browser_info_ member of this Connection. Assumes + // IsConnected() is true. + ResultCode BuildBrowserInfo(); + + // Notifies the handler of the given error iff `rc` is not equal to + // ResultCode::OK. Appends the Google Chrome browser process id to the + // context before calling the handler. Also append `err` to the context + // if it is not ERROR_SUCCESS. + // + // Returns the error passed into the method. + ResultCode NotifyIfError(const char* context, + ResultCode rc, + DWORD err=ERROR_SUCCESS); + + // The handler to call for various agent events. + AgentEventHandler* handler_ = nullptr; + + // Members used to communicate with Google Chrome. + HANDLE handle_ = INVALID_HANDLE_VALUE; + OVERLAPPED overlapped_; + + // True if this connection is assigned to a specific Google Chrome browser, + // otherwise this connection is listening for a new browser. + bool is_connected_ = false; + + // Information about the Google Chrome browser process. + BrowserInfo browser_info_; + + // Members used to read messages from Google Chrome. + std::vector<char> buffer_; + char* cursor_ = nullptr; + DWORD read_size_ = 0; + DWORD final_size_ = 0; + }; + + // Returns handles that can be used to wait for events from all handles + // managed by this agent. This includes all connection objects and the + // stop event. The stop event is always last in the list. + void GetHandles(std::vector<HANDLE>& wait_handles) const; + + // Handles one pipe event and returns. If the return value is + // ResultCode::OK, the `stopped` argument is set to true if the agent + // should stop handling more events. If the return value is not + // ResultCode::OK, `stopped` is undefined. + ResultCode HandleOneEvent(std::vector<HANDLE>& wait_handles, bool* stopped); + + // Performs a clean shutdown of the agent. + void Shutdown(); + + // Name used to create the pipes between the agent and Google Chrome browsers. + std::string pipename_; + + // A list of pipes to already connected Google Chrome browsers. + // The first kMinNumListeningPipeInstances pipes in the list correspond to + // listening pipes. + std::vector<std::unique_ptr<Connection>> connections_; + + // An event that is set when the agent should stop. Set in Stop(). + HANDLE stop_event_ = nullptr; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_AGENT_WIN_H_ diff --git a/third_party/content_analysis_sdk/agent/src/agent_win_unittest.cc b/third_party/content_analysis_sdk/agent/src/agent_win_unittest.cc new file mode 100644 index 0000000000..c0bddf82f4 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/agent_win_unittest.cc @@ -0,0 +1,522 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <latch> +#include <memory> +#include <thread> + +#include "agent/src/agent_win.h" +#include "agent/src/event_win.h" +#include "browser/src/client_win.h" +#include "gtest/gtest.h" + +namespace content_analysis { +namespace sdk { +namespace testing { + +// A handler that counts the number of times the callback methods are invoked. +// Also remembers the last BrowserInfo structure passed to it from any of the +// callbacks. +struct TestHandler : public AgentEventHandler { + void OnBrowserConnected(const BrowserInfo& info) override { + last_info_ = info; + ++connect_count_; + } + void OnBrowserDisconnected(const BrowserInfo& info) override { + last_info_ = info; + ++disconnect_count_; + } + void OnAnalysisRequested( + std::unique_ptr<ContentAnalysisEvent> event) override { + ++request_count_; + ResultCode ret = event->Send(); + ASSERT_EQ(ResultCode::OK, ret); + } + void OnResponseAcknowledged( + const ContentAnalysisAcknowledgement& ack) override { + ++ack_count_; + } + void OnCancelRequests( + const ContentAnalysisCancelRequests& cancel) override { + ++cancel_count_; + } + + int connect_count_ = 0; + int disconnect_count_ = 0; + int request_count_ = 0; + int ack_count_ = 0; + int cancel_count_ = 0; + BrowserInfo last_info_; +}; + +// A test handler that closes its event before sending the response. +struct CloseEventTestHandler : public TestHandler { + void OnAnalysisRequested( + std::unique_ptr<ContentAnalysisEvent> event) override { + ++request_count_; + + // Closing the event before sending should generate an error. + ResultCode ret = event->Close(); + ASSERT_EQ(ResultCode::OK, ret); + + ret = event->Send(); + ASSERT_NE(ResultCode::OK, ret); + } +}; + +// A test handler that attempts to send two responses for a given request. +struct DoubleSendTestHandler : public TestHandler { + void OnAnalysisRequested( + std::unique_ptr<ContentAnalysisEvent> event) override { + ++request_count_; + + ResultCode ret = event->Send(); + ASSERT_EQ(ResultCode::OK, ret); + + // Trying to send again fails. + ret = event->Send(); + ASSERT_NE(ResultCode::OK, ret); + } +}; + +// A test handler that signals a latch after a client connects. +// Can only be used with one client. +struct SignalClientConnectedTestHandler : public TestHandler { + void OnBrowserConnected(const BrowserInfo& info) override { + TestHandler::OnBrowserConnected(info); + wait_for_client.count_down(); + } + + std::latch wait_for_client{ 1 }; +}; + +// A test handler that signals a latch after a request is processed. +// Can only be used with one request. +struct SignalClientRequestedTestHandler : public TestHandler { + void OnAnalysisRequested( + std::unique_ptr<ContentAnalysisEvent> event) override { + TestHandler::OnAnalysisRequested(std::move(event)); + wait_for_request.count_down(); + } + + std::latch wait_for_request{ 1 }; +}; + +std::unique_ptr<AgentWin> CreateAgent( + Agent::Config config, + TestHandler** handler_ptr, + ResultCode expected_rc=ResultCode::OK) { + ResultCode rc; + auto handler = std::make_unique<TestHandler>(); + *handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + std::move(config), std::move(handler), &rc); + EXPECT_EQ(expected_rc, rc); + return agent; +} + +std::unique_ptr<ClientWin> CreateClient( + Client::Config config) { + int rc; + auto client = std::make_unique<ClientWin>(std::move(config), &rc); + return rc == 0 ? std::move(client) : nullptr; +} + +ContentAnalysisRequest BuildRequest(std::string content=std::string()) { + ContentAnalysisRequest request; + request.set_request_token("req-token"); + *request.add_tags() = "dlp"; + request.set_text_content(content); // Moved. + return request; +} + +TEST(AgentTest, Create) { + const Agent::Config config{"test", false}; + TestHandler* handler_ptr; + auto agent = CreateAgent(config, &handler_ptr); + ASSERT_TRUE(agent); + ASSERT_TRUE(handler_ptr); + + ASSERT_EQ(config.name, agent->GetConfig().name); + ASSERT_EQ(config.user_specific, agent->GetConfig().user_specific); +} + +TEST(AgentTest, Create_InvalidPipename) { + // TODO(rogerta): The win32 docs say that a backslash is an invalid + // character for a pipename, but it seemed to work correctly in testing. + // Using an empty name was the easiest way to generate an invalid pipe + // name. + const Agent::Config config{"", false}; + TestHandler* handler_ptr; + auto agent = CreateAgent(config, &handler_ptr, + ResultCode::ERR_INVALID_CHANNEL_NAME); + ASSERT_TRUE(agent); + + ASSERT_EQ(ResultCode::ERR_AGENT_NOT_INITIALIZED, + agent->HandleOneEventForTesting()); +} + +// Can't create two agents with the same name. +TEST(AgentTest, Create_SecondFails) { + const Agent::Config config{ "test", false }; + TestHandler* handler_ptr1; + auto agent1 = CreateAgent(config, &handler_ptr1); + ASSERT_TRUE(agent1); + + TestHandler* handler_ptr2; + auto agent2 = CreateAgent(config, &handler_ptr2, + ResultCode::ERR_AGENT_ALREADY_EXISTS); + ASSERT_TRUE(agent2); + + ASSERT_EQ(ResultCode::ERR_AGENT_NOT_INITIALIZED, + agent2->HandleOneEventForTesting()); +} + +TEST(AgentTest, Stop) { + TestHandler* handler_ptr; + auto agent = CreateAgent({ "test", false }, &handler_ptr); + ASSERT_TRUE(agent); + + // Create a separate thread to stop the agent. + std::thread thread([&agent]() { + agent->Stop(); + }); + + agent->HandleEvents(); + thread.join(); +} + +TEST(AgentTest, ConnectAndStop) { + ResultCode rc; + auto handler = std::make_unique<SignalClientConnectedTestHandler>(); + auto* handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + Agent::Config{"test", false}, std::move(handler), &rc); + ASSERT_TRUE(agent); + ASSERT_EQ(ResultCode::OK, rc); + + // Client thread waits until latch reaches zero. + std::latch stop_client{ 1 }; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&stop_client]() { + auto client = CreateClient({ "test", false }); + ASSERT_TRUE(client); + stop_client.wait(); + }); + + // A thread that stops the agent after one client connects. + std::thread stop_agent([&handler_ptr, &agent]() { + handler_ptr->wait_for_client.wait(); + agent->Stop(); + }); + + agent->HandleEvents(); + + stop_client.count_down(); + client_thread.join(); + stop_agent.join(); +} + +TEST(AgentTest, Connect_UserSpecific) { + ResultCode rc; + auto handler = std::make_unique<SignalClientConnectedTestHandler>(); + auto* handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + Agent::Config{ "test", true }, std::move(handler), &rc); + ASSERT_TRUE(agent); + ASSERT_EQ(ResultCode::OK, rc); + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([]() { + // If the user_specific does not match the agent, the client should not + // connect. + auto client = CreateClient({ "test", false }); + ASSERT_FALSE(client); + + auto client2 = CreateClient({ "test", true }); + ASSERT_TRUE(client2); + }); + + // A thread that stops the agent after one client connects. + std::thread stop_agent([&handler_ptr, &agent]() { + handler_ptr->wait_for_client.wait(); + agent->Stop(); + }); + + agent->HandleEvents(); + + client_thread.join(); + stop_agent.join(); +} + +TEST(AgentTest, ConnectRequestAndStop) { + ResultCode rc; + auto handler = std::make_unique<SignalClientRequestedTestHandler>(); + auto* handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + Agent::Config{"test", false}, std::move(handler), &rc); + ASSERT_TRUE(agent); + ASSERT_EQ(ResultCode::OK, rc); + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([]() { + auto client = CreateClient({ "test", false }); + ASSERT_TRUE(client); + + ContentAnalysisRequest request = BuildRequest("test"); + ContentAnalysisResponse response; + client->Send(request, &response); + }); + + // A thread that stops the agent after one client connects. + std::thread stop_agent([&handler_ptr, &agent]() { + handler_ptr->wait_for_request.wait(); + agent->Stop(); + }); + + agent->HandleEvents(); + + client_thread.join(); + stop_agent.join(); +} + +TEST(AgentTest, ConnectAndClose) { + const Agent::Config aconfig{ "test", false }; + const Client::Config cconfig{ "test", false }; + + // Create an agent and client that connects to it. + TestHandler* handler_ptr; + auto agent = CreateAgent(aconfig, &handler_ptr); + ASSERT_TRUE(agent); + auto client = CreateClient(cconfig); + ASSERT_TRUE(client); + ASSERT_EQ(cconfig.name, client->GetConfig().name); + ASSERT_EQ(cconfig.user_specific, client->GetConfig().user_specific); + + agent->HandleOneEventForTesting(); + ASSERT_EQ(1, handler_ptr->connect_count_); + ASSERT_EQ(0, handler_ptr->disconnect_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + ASSERT_EQ(GetCurrentProcessId(), handler_ptr->last_info_.pid); + + // Close the client and make sure a disconnect is received. + client.reset(); + agent->HandleOneEventForTesting(); + ASSERT_EQ(1, handler_ptr->connect_count_); + ASSERT_EQ(1, handler_ptr->disconnect_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + ASSERT_EQ(GetCurrentProcessId(), handler_ptr->last_info_.pid); +} + +TEST(AgentTest, Request) { + TestHandler* handler_ptr; + auto agent = CreateAgent({"test", false}, &handler_ptr); + ASSERT_TRUE(agent); + + bool done = false; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&done]() { + auto client = CreateClient({"test", false}); + ASSERT_TRUE(client); + + // Send a request and wait for a response. + ContentAnalysisRequest request = BuildRequest(); + ContentAnalysisResponse response; + int ret = client->Send(request, &response); + ASSERT_EQ(0, ret); + ASSERT_EQ(request.request_token(), response.request_token()); + + done = true; + }); + + while (!done) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(1, handler_ptr->request_count_); + ASSERT_EQ(0, handler_ptr->ack_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + + client_thread.join(); +} + +TEST(AgentTest, Request_Large) { + TestHandler* handler_ptr; + auto agent = CreateAgent({"test", false}, &handler_ptr); + ASSERT_TRUE(agent); + + bool done = false; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&done]() { + auto client = CreateClient({"test", false}); + ASSERT_TRUE(client); + + // Send a request and wait for a response. Create a large string, which + // means larger than the initial mesasge buffer size specified when + // creating the pipes (4096 bytes). + ContentAnalysisRequest request = BuildRequest(std::string(5000, 'a')); + ContentAnalysisResponse response; + int ret = client->Send(request, &response); + ASSERT_EQ(0, ret); + ASSERT_EQ(request.request_token(), response.request_token()); + + done = true; + }); + + while (!done) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(1, handler_ptr->request_count_); + ASSERT_EQ(0, handler_ptr->ack_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + + client_thread.join(); +} + +TEST(AgentTest, Request_DoubleSend) { + ResultCode rc; + auto handler = std::make_unique<DoubleSendTestHandler>(); + DoubleSendTestHandler* handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + Agent::Config{"test", false}, std::move(handler), &rc); + ASSERT_TRUE(agent); + ASSERT_EQ(ResultCode::OK, rc); + + bool done = false; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&done]() { + auto client = CreateClient({ "test", false }); + ASSERT_TRUE(client); + + // Send a request and wait for a response. + ContentAnalysisRequest request = BuildRequest(); + ContentAnalysisResponse response; + int ret = client->Send(request, &response); + ASSERT_EQ(0, ret); + ASSERT_EQ(request.request_token(), response.request_token()); + + done = true; + }); + + while (!done) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(1, handler_ptr->request_count_); + ASSERT_EQ(0, handler_ptr->ack_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + + client_thread.join(); +} + +TEST(AgentTest, Request_CloseEvent) { + ResultCode rc; + auto handler = std::make_unique<CloseEventTestHandler>(); + CloseEventTestHandler* handler_ptr = handler.get(); + auto agent = std::make_unique<AgentWin>( + Agent::Config{"test", false}, std::move(handler), &rc); + ASSERT_TRUE(agent); + ASSERT_EQ(ResultCode::OK, rc); + + bool done = false; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&done]() { + auto client = CreateClient({"test", false}); + ASSERT_TRUE(client); + + // Send a request and wait for a response. + ContentAnalysisRequest request = BuildRequest(); + ContentAnalysisResponse response; + int ret = client->Send(request, &response); + ASSERT_EQ(0, ret); + ASSERT_EQ(request.request_token(), response.request_token()); + + done = true; + }); + + while (!done) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(1, handler_ptr->request_count_); + + client_thread.join(); +} + +TEST(AgentTest, Ack) { + TestHandler* handler_ptr; + auto agent = CreateAgent({ "test", false }, &handler_ptr); + ASSERT_TRUE(agent); + + bool done = false; + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([&done]() { + auto client = CreateClient({"test", false}); + ASSERT_TRUE(client); + + // Send a request and wait for a response. + ContentAnalysisRequest request = BuildRequest(); + ContentAnalysisResponse response; + int ret = client->Send(request, &response); + ASSERT_EQ(0, ret); + + ContentAnalysisAcknowledgement ack; + ack.set_request_token(request.request_token()); + ret = client->Acknowledge(ack); + ASSERT_EQ(0, ret); + + done = true; + }); + + while (!done) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(1, handler_ptr->request_count_); + ASSERT_EQ(1, handler_ptr->ack_count_); + ASSERT_EQ(0, handler_ptr->cancel_count_); + + client_thread.join(); +} + +TEST(AgentTest, Cancel) { + TestHandler* handler_ptr; + auto agent = CreateAgent({ "test", false }, &handler_ptr); + ASSERT_TRUE(agent); + + // Create a thread to handle the client. Since the client is sync, it can't + // run in the same thread as the agent. + std::thread client_thread([]() { + auto client = CreateClient({"test", false}); + ASSERT_TRUE(client); + + ContentAnalysisCancelRequests cancel; + cancel.set_user_action_id("1234567890"); + int ret = client->CancelRequests(cancel); + ASSERT_EQ(0, ret); + }); + + while (handler_ptr->cancel_count_ == 0) { + agent->HandleOneEventForTesting(); + } + ASSERT_EQ(0, handler_ptr->request_count_); + ASSERT_EQ(0, handler_ptr->ack_count_); + + client_thread.join(); +} + +} // namespace testing +} // namespace sdk +} // namespace content_analysis + diff --git a/third_party/content_analysis_sdk/agent/src/event_base.cc b/third_party/content_analysis_sdk/agent/src/event_base.cc new file mode 100644 index 0000000000..c8186a4112 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_base.cc @@ -0,0 +1,65 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "event_base.h" + +namespace content_analysis { +namespace sdk { + +ContentAnalysisEventBase::ContentAnalysisEventBase( + const BrowserInfo& browser_info) + : browser_info_(browser_info) {} + +ResultCode ContentAnalysisEventBase::Close() { + return ResultCode::OK; +} + +ResultCode UpdateResponse(ContentAnalysisResponse& response, + const std::string& tag, + ContentAnalysisResponse::Result::Status status) { + auto result = response.results_size() > 0 + ? response.mutable_results(0) + : response.add_results(); + + if (!tag.empty()) { + result->set_tag(tag); + } + + if (status != ContentAnalysisResponse::Result::STATUS_UNKNOWN) { + result->set_status(status); + } + + return ResultCode::OK; +} + +ResultCode SetEventVerdictTo( + ContentAnalysisEvent* event, + ContentAnalysisResponse::Result::TriggeredRule::Action action) { + // This function expects that the event's result has already been + // initialized by a call to UpdateResponse(). + + if (event->GetResponse().results_size() == 0) { + return ResultCode::ERR_MISSING_RESULT; + } + + auto result = event->GetResponse().mutable_results(0); + + // Content analysis responses generated with this SDK contain at most one + // triggered rule. + auto rule = result->triggered_rules_size() > 0 + ? result->mutable_triggered_rules(0) + : result->add_triggered_rules(); + + rule->set_action(action); + + return ResultCode::OK; +} + +ResultCode SetEventVerdictToBlock(ContentAnalysisEvent* event) { + return SetEventVerdictTo(event, + ContentAnalysisResponse::Result::TriggeredRule::BLOCK); +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/event_base.h b/third_party/content_analysis_sdk/agent/src/event_base.h new file mode 100644 index 0000000000..3e41c0ea44 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_base.h @@ -0,0 +1,38 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_EVENT_BASE_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_EVENT_BASE_H_ + +#include "content_analysis/sdk/analysis_agent.h" + +namespace content_analysis { +namespace sdk { + +// Base ContentAnalysisEvent class with code common to all platforms. +class ContentAnalysisEventBase : public ContentAnalysisEvent { + public: + // ContentAnalysisEvent: + ResultCode Close() override; + const BrowserInfo& GetBrowserInfo() const override { return browser_info_; } + const ContentAnalysisRequest& GetRequest() const override { return request_; } + ContentAnalysisResponse& GetResponse() override { return *response(); } + + protected: + explicit ContentAnalysisEventBase(const BrowserInfo& browser_info); + + ContentAnalysisRequest* request() { return &request_; } + AgentToChrome* agent_to_chrome() { return &agent_to_chrome_; } + ContentAnalysisResponse* response() { return agent_to_chrome()->mutable_response(); } + +private: + BrowserInfo browser_info_; + ContentAnalysisRequest request_; + AgentToChrome agent_to_chrome_; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_EVENT_BASE_H_ diff --git a/third_party/content_analysis_sdk/agent/src/event_mac.cc b/third_party/content_analysis_sdk/agent/src/event_mac.cc new file mode 100644 index 0000000000..46822e473d --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_mac.cc @@ -0,0 +1,29 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "event_mac.h" + +#include "scoped_print_handle_mac.h" + +namespace content_analysis { +namespace sdk { + +ContentAnalysisEventMac::ContentAnalysisEventMac( + const BrowserInfo& browser_info, + ContentAnalysisRequest req) + : ContentAnalysisEventBase(browser_info) { + *request() = std::move(req); +} + +ResultCode ContentAnalysisEventMac::Send() { + return ResultCode::ERR_UNEXPECTED; +} + +std::string ContentAnalysisEventMac::DebugString() const { + return std::string(); +} + + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/event_mac.h b/third_party/content_analysis_sdk/agent/src/event_mac.h new file mode 100644 index 0000000000..0d89c47035 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_mac.h @@ -0,0 +1,29 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ +#define CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ + +#include "event_base.h" + +namespace content_analysis { +namespace sdk { + +// ContentAnalysisEvent implementaton for macOS. +class ContentAnalysisEventMac : public ContentAnalysisEventBase { + public: + ContentAnalysisEventMac(const BrowserInfo& browser_info, + ContentAnalysisRequest request); + + // ContentAnalysisEvent: + ResultCode Send() override; + std::string DebugString() const override; + + // TODO(rogerta): Fill in implementation. +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_SRC_EVENT_MAC_H_ diff --git a/third_party/content_analysis_sdk/agent/src/event_mac_unittest.cc b/third_party/content_analysis_sdk/agent/src/event_mac_unittest.cc new file mode 100644 index 0000000000..cf41d6bcdb --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_mac_unittest.cc @@ -0,0 +1,53 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> + +#include "agent/src/event_mac.h" +#include "content_analysis/sdk/analysis_agent.h" +#include "gtest/gtest.h" + +namespace content_analysis { +namespace sdk { +namespace testing { + +std::unique_ptr<ContentAnalysisEventMac> CreateEvent( + const BrowserInfo& browser_info, + ContentAnalysisRequest request) { + return std::make_unique<ContentAnalysisEventMac>( + browser_info, std::move(request)); +} + +TEST(EventTest, Create_BrowserInfo) { + const BrowserInfo bi{12345, "/path/to/binary"}; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(bi.pid, event->GetBrowserInfo().pid); + ASSERT_EQ(bi.binary_path, event->GetBrowserInfo().binary_path); +} + +TEST(EventTest, Create_Request) { + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(1u, event->GetRequest().tags_size()); + ASSERT_EQ(request.tags(0), event->GetRequest().tags(0)); + ASSERT_TRUE(event->GetRequest().has_request_token()); + ASSERT_EQ(request.request_token(), event->GetRequest().request_token()); +} + +} // namespace testing +} // namespace sdk +} // namespace content_analysis + diff --git a/third_party/content_analysis_sdk/agent/src/event_posix.cc b/third_party/content_analysis_sdk/agent/src/event_posix.cc new file mode 100644 index 0000000000..1b0854af90 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_posix.cc @@ -0,0 +1,28 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "event_posix.h" + +#include "scoped_print_handle_posix.h" + +namespace content_analysis { +namespace sdk { + + ContentAnalysisEventPosix::ContentAnalysisEventPosix( + const BrowserInfo& browser_info, + ContentAnalysisRequest req) + : ContentAnalysisEventBase(browser_info) { + *request() = std::move(req); +} + +ResultCode ContentAnalysisEventPosix::Send() { + return ResultCode::ERR_UNEXPECTED; +} + +std::string ContentAnalysisEventPosix::DebugString() const { + return std::string(); +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/event_posix.h b/third_party/content_analysis_sdk/agent/src/event_posix.h new file mode 100644 index 0000000000..f3d0e24330 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_posix.h @@ -0,0 +1,29 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_SRC_EVENT_POSIX_H_ +#define CONTENT_ANALYSIS_SRC_EVENT_POSIX_H_ + +#include "event_base.h" + +namespace content_analysis { +namespace sdk { + +// ContentAnalysisEvent implementaton for linux. +class ContentAnalysisEventPosix : public ContentAnalysisEventBase { + public: + ContentAnalysisEventPosix(const BrowserInfo& browser_info, + ContentAnalysisRequest request); + + // ContentAnalysisEvent: + ResultCode Send() override; + std::string DebugString() const override; + + // TODO(rogerta): Fill in implementation. +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_SRC_EVENT_POSIX_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/agent/src/event_posix_unittest.cc b/third_party/content_analysis_sdk/agent/src/event_posix_unittest.cc new file mode 100644 index 0000000000..841934c2fd --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_posix_unittest.cc @@ -0,0 +1,53 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> + +#include "agent/src/event_posix.h" +#include "content_analysis/sdk/analysis_agent.h" +#include "gtest/gtest.h" + +namespace content_analysis { +namespace sdk { +namespace testing { + +std::unique_ptr<ContentAnalysisEventPosix> CreateEvent( + const BrowserInfo& browser_info, + ContentAnalysisRequest request) { + return std::make_unique<ContentAnalysisEventPosix>( + browser_info, std::move(request)); +} + +TEST(EventTest, Create_BrowserInfo) { + const BrowserInfo bi{12345, "/path/to/binary"}; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(bi.pid, event->GetBrowserInfo().pid); + ASSERT_EQ(bi.binary_path, event->GetBrowserInfo().binary_path); +} + +TEST(EventTest, Create_Request) { + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(1u, event->GetRequest().tags_size()); + ASSERT_EQ(request.tags(0), event->GetRequest().tags(0)); + ASSERT_TRUE(event->GetRequest().has_request_token()); + ASSERT_EQ(request.request_token(), event->GetRequest().request_token()); +} + +} // namespace testing +} // namespace sdk +} // namespace content_analysis + diff --git a/third_party/content_analysis_sdk/agent/src/event_win.cc b/third_party/content_analysis_sdk/agent/src/event_win.cc new file mode 100644 index 0000000000..907bdfb858 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_win.cc @@ -0,0 +1,133 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <ios> +#include <iostream> +#include <sstream> +#include <utility> + +#include "event_win.h" + +#include "common/utils_win.h" + +#include "agent_utils_win.h" +#include "scoped_print_handle_win.h" + +namespace content_analysis { +namespace sdk { + +// Writes a string to the pipe. Returns ERROR_SUCCESS if successful, else +// returns GetLastError() of the write. This function does not return until +// the entire message has been sent (or an error occurs). +static DWORD WriteMessageToPipe(HANDLE pipe, const std::string& message) { + if (message.empty()) { + return ERROR_SUCCESS; + } + + internal::ScopedOverlapped overlapped; + if (!overlapped.is_valid()) { + return GetLastError(); + } + + DWORD err = ERROR_SUCCESS; + const char* cursor = message.data(); + for (DWORD size = message.length(); size > 0;) { + if (WriteFile(pipe, cursor, size, /*written=*/nullptr, overlapped)) { + err = ERROR_SUCCESS; + break; + } + + // If an I/O is not pending, return the error. + err = GetLastError(); + if (err != ERROR_IO_PENDING) { + break; + } + + DWORD written; + if (!GetOverlappedResult(pipe, overlapped, &written, /*wait=*/TRUE)) { + err = GetLastError(); + break; + } + + cursor += written; + size -= written; + } + + return err; +} + + +ContentAnalysisEventWin::ContentAnalysisEventWin( + HANDLE handle, + const BrowserInfo& browser_info, + ContentAnalysisRequest req) + : ContentAnalysisEventBase(browser_info), + hPipe_(handle) { + *request() = std::move(req); +} + +ContentAnalysisEventWin::~ContentAnalysisEventWin() { + Shutdown(); +} + +ResultCode ContentAnalysisEventWin::Init() { + // TODO(rogerta): do some extra validation of the request? + if (request()->request_token().empty()) { + return ResultCode::ERR_MISSING_REQUEST_TOKEN; + } + + response()->set_request_token(request()->request_token()); + + // Prepare the response so that ALLOW verdicts are the default(). + return UpdateResponse(*response(), + request()->tags_size() > 0 ? request()->tags(0) : std::string(), + ContentAnalysisResponse::Result::SUCCESS); +} + +ResultCode ContentAnalysisEventWin::Close() { + Shutdown(); + return ContentAnalysisEventBase::Close(); +} + +ResultCode ContentAnalysisEventWin::Send() { + if (response_sent_) { + return ResultCode::ERR_RESPONSE_ALREADY_SENT; + } + + response_sent_ = true; + + DWORD err = WriteMessageToPipe(hPipe_, + agent_to_chrome()->SerializeAsString()); + return ErrorToResultCode(err); +} + +std::string ContentAnalysisEventWin::DebugString() const { + std::stringstream state; + state.setf(std::ios::boolalpha); + state << "ContentAnalysisEventWin{handle=" << hPipe_; + state << " pid=" << GetBrowserInfo().pid; + state << " rtoken=" << GetRequest().request_token(); + state << " sent=" << response_sent_; + state << "}" << std::ends; + + return state.str(); +} + +void ContentAnalysisEventWin::Shutdown() { + if (hPipe_ != INVALID_HANDLE_VALUE) { + // If no response has been sent yet, attempt to send it now. Otherwise + // the client may be stuck waiting. After shutdown the agent will not + // have any other chance to respond. + if (!response_sent_) { + Send(); + } + + // This event does not own the pipe, so don't close it. + FlushFileBuffers(hPipe_); + hPipe_ = INVALID_HANDLE_VALUE; + } +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/event_win.h b/third_party/content_analysis_sdk/agent/src/event_win.h new file mode 100644 index 0000000000..f631f693dc --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_win.h @@ -0,0 +1,51 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_EVENT_WIN_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_EVENT_WIN_H_ + +#include <windows.h> + +#include "event_base.h" + +namespace content_analysis { +namespace sdk { + +// ContentAnalysisEvent implementaton for Windows. +class ContentAnalysisEventWin : public ContentAnalysisEventBase { + public: + ContentAnalysisEventWin(HANDLE handle, + const BrowserInfo& browser_info, + ContentAnalysisRequest request); + ~ContentAnalysisEventWin() override; + + // Initialize the event. This involves reading the request from Google + // Chrome and making sure it is well formed. + ResultCode Init(); + + // ContentAnalysisEvent: + ResultCode Close() override; + ResultCode Send() override; + std::string DebugString() const override; + std::string SerializeStringToSendToBrowser() { + return agent_to_chrome()->SerializeAsString(); + } + void SetResponseSent() { response_sent_ = true; } + + HANDLE Pipe() const { return hPipe_; } + + private: + void Shutdown(); + + // This handle is not owned by the event. + HANDLE hPipe_ = INVALID_HANDLE_VALUE; + + // Set to true when Send() is called the first time. + bool response_sent_ = false; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_EVENT_WIN_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/agent/src/event_win_unittest.cc b/third_party/content_analysis_sdk/agent/src/event_win_unittest.cc new file mode 100644 index 0000000000..ffc3103ac1 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/event_win_unittest.cc @@ -0,0 +1,116 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> + +#include "agent/src/event_win.h" +#include "common/utils_win.h" +#include "gtest/gtest.h" + +namespace content_analysis { +namespace sdk { +namespace testing { + +std::unique_ptr<ContentAnalysisEventWin> CreateEvent( + HANDLE handle, + const BrowserInfo& browser_info, + ContentAnalysisRequest request) { + return std::make_unique<ContentAnalysisEventWin>( + handle, browser_info, std::move(request)); +} + +TEST(EventTest, Create_BrowserInfo) { + const BrowserInfo bi{12345, "/path/to/binary"}; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(INVALID_HANDLE_VALUE, bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(bi.pid, event->GetBrowserInfo().pid); + ASSERT_EQ(bi.binary_path, event->GetBrowserInfo().binary_path); +} + +TEST(EventTest, Create_Request) { + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(INVALID_HANDLE_VALUE, bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(1u, event->GetRequest().tags_size()); + ASSERT_EQ(request.tags(0), event->GetRequest().tags(0)); + ASSERT_TRUE(event->GetRequest().has_request_token()); + ASSERT_EQ(request.request_token(), event->GetRequest().request_token()); +} + +TEST(EventTest, Create_Init) { + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + request.set_request_token("req-token"); + + auto event = CreateEvent(INVALID_HANDLE_VALUE, bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(ResultCode::OK, event->Init()); + + // Initializing an event should initialize the contained response for a + // success verdict that matches the request. + ASSERT_EQ(request.request_token(), event->GetResponse().request_token()); + ASSERT_EQ(1u, event->GetResponse().results_size()); + ASSERT_EQ(ContentAnalysisResponse::Result::SUCCESS, + event->GetResponse().results(0).status()); + ASSERT_TRUE(event->GetResponse().results(0).has_tag()); + ASSERT_EQ(request.tags(0), event->GetResponse().results(0).tag()); + ASSERT_EQ(0u, event->GetResponse().results(0).triggered_rules_size()); +} + +// Initializing an event whose request has no request token is an error. +TEST(EventTest, Create_Init_RequestNoRequestToken) { + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + *request.add_tags() = "foo"; + + auto event = CreateEvent(INVALID_HANDLE_VALUE, bi, request); + ASSERT_TRUE(event); + + ASSERT_EQ(ResultCode::ERR_MISSING_REQUEST_TOKEN, event->Init()); +} + +TEST(EventTest, Write_BadPipe) { + HANDLE pipe; + DWORD err = internal::CreatePipe( + internal::GetPipeNameForAgent("testpipe", false), false, true, &pipe); + ASSERT_EQ(ERROR_SUCCESS, err); + ASSERT_NE(INVALID_HANDLE_VALUE, pipe); + + // Create an event with the dummy pipe and initilalize it. + const BrowserInfo bi{ 12345, "/path/to/binary" }; + ContentAnalysisRequest request; + request.set_request_token("req-token"); + *request.add_tags() = "dlp"; + request.set_text_content("test"); + auto event = std::make_unique<ContentAnalysisEventWin>( + pipe, bi, std::move(request)); + ASSERT_TRUE(event); + ResultCode rc = event->Init(); + ASSERT_EQ(ResultCode::OK, rc); + + // Close the handle before trying to send the response. + // This simulates an error with the pipe. + CloseHandle(pipe); + ASSERT_EQ(ERROR_SUCCESS, GetLastError()); + + // The following call should not hang. + event->Send(); +} + +} // namespace testing +} // namespace sdk +} // namespace content_analysis + diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.cc b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.cc new file mode 100644 index 0000000000..802b553b20 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.cc @@ -0,0 +1,17 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "scoped_print_handle_base.h" + +namespace content_analysis { +namespace sdk { + +ScopedPrintHandleBase::ScopedPrintHandleBase( + const ContentAnalysisRequest::PrintData& print_data) + : size_(print_data.size()) {} + +size_t ScopedPrintHandleBase::size() { return size_; } + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.h b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.h new file mode 100644 index 0000000000..1ae20381d7 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_base.h @@ -0,0 +1,25 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_BASE_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_BASE_H_ + +#include "content_analysis/sdk/analysis_agent.h" + +namespace content_analysis { +namespace sdk { + +class ScopedPrintHandleBase : public ScopedPrintHandle { + public: + ScopedPrintHandleBase(const ContentAnalysisRequest::PrintData& print_data); + + size_t size() override; + protected: + size_t size_ = 0; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_BASE_H_ diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.cc b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.cc new file mode 100644 index 0000000000..316576bf90 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.cc @@ -0,0 +1,36 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "scoped_print_handle_mac.h" + +namespace content_analysis { +namespace sdk { + +std::unique_ptr<ScopedPrintHandle> +CreateScopedPrintHandle(const ContentAnalysisRequest& request, + int64_t browser_pid) { + if (!request.has_print_data() || !request.print_data().has_handle()) { + return nullptr; + } + + return std::make_unique<ScopedPrintHandleMac>(request.print_data()); +} + +ScopedPrintHandleMac::ScopedPrintHandleMac( + const ContentAnalysisRequest::PrintData& print_data) + : ScopedPrintHandleBase(print_data) { + // TODO +} + +ScopedPrintHandleMac::~ScopedPrintHandleMac() { + // TODO +} + +const char* ScopedPrintHandleMac::data() { + // TODO + return nullptr; +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.h b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.h new file mode 100644 index 0000000000..d407ef5375 --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_mac.h @@ -0,0 +1,24 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_MAC_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_MAC_H_ + +#include "scoped_print_handle_base.h" + +namespace content_analysis { +namespace sdk { + +class ScopedPrintHandleMac : public ScopedPrintHandleBase { + public: + ScopedPrintHandleMac(const ContentAnalysisRequest::PrintData& print_data); + ~ScopedPrintHandleMac() override; + + const char* data() override; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_MAC_H_ diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.cc b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.cc new file mode 100644 index 0000000000..cd2eb2cc8e --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.cc @@ -0,0 +1,36 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "scoped_print_handle_posix.h" + +namespace content_analysis { +namespace sdk { + +std::unique_ptr<ScopedPrintHandle> +CreateScopedPrintHandle(const ContentAnalysisRequest& request, + int64_t browser_pid) { + if (!request.has_print_data() || !request.print_data().has_handle()) { + return nullptr; + } + + return std::make_unique<ScopedPrintHandlePosix>(request.print_data()); +} + +ScopedPrintHandlePosix::ScopedPrintHandlePosix( + const ContentAnalysisRequest::PrintData& print_data) + : ScopedPrintHandleBase(print_data) { + // TODO +} + +ScopedPrintHandlePosix::~ScopedPrintHandlePosix() { + // TODO +} + +const char* ScopedPrintHandlePosix::data() { + // TODO + return nullptr; +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.h b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.h new file mode 100644 index 0000000000..e9125f58eb --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_posix.h @@ -0,0 +1,24 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_POSIX_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_POSIX_H_ + +#include "scoped_print_handle_base.h" + +namespace content_analysis { +namespace sdk { + +class ScopedPrintHandlePosix : public ScopedPrintHandleBase { + public: + ScopedPrintHandlePosix(const ContentAnalysisRequest::PrintData& print_data); + ~ScopedPrintHandlePosix() override; + + const char* data() override; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_POSIX_H_ diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.cc b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.cc new file mode 100644 index 0000000000..2573d676ea --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.cc @@ -0,0 +1,67 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "scoped_print_handle_win.h" + +namespace content_analysis { +namespace sdk { + +std::unique_ptr<ScopedPrintHandle> +CreateScopedPrintHandle(const ContentAnalysisRequest& request, + int64_t browser_pid) { + if (!request.has_print_data() || !request.print_data().has_handle()) { + return nullptr; + } + + // The handle in the request must be duped to be read by the agent + // process. If that doesn't work for any reason, return null. + // See https://learn.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-duplicatehandle + // for details. + HANDLE browser_process = OpenProcess( + /*dwDesiredAccess=*/PROCESS_DUP_HANDLE, + /*bInheritHandle=*/false, + /*dwProcessId=*/browser_pid); + if (!browser_process) + return nullptr; + + HANDLE dupe = nullptr; + DuplicateHandle( + /*hSourceProcessHandle=*/browser_process, + /*hSourceHandle=*/reinterpret_cast<HANDLE>(request.print_data().handle()), + /*hTargetProcessHandle=*/GetCurrentProcess(), + /*lpTargetHandle=*/&dupe, + /*dwDesiredAccess=*/PROCESS_DUP_HANDLE | FILE_MAP_READ, + /*bInheritHandle=*/false, + /*dwOptions=*/0); + + CloseHandle(browser_process); + + if (!dupe) + return nullptr; + + ContentAnalysisRequest::PrintData dupe_print_data; + dupe_print_data.set_handle(reinterpret_cast<int64_t>(dupe)); + dupe_print_data.set_size(request.print_data().size()); + + + return std::make_unique<ScopedPrintHandleWin>(dupe_print_data); +} + +ScopedPrintHandleWin::ScopedPrintHandleWin( + const ContentAnalysisRequest::PrintData& print_data) + : ScopedPrintHandleBase(print_data), + handle_(reinterpret_cast<HANDLE>(print_data.handle())) { + mapped_ = MapViewOfFile(handle_, FILE_MAP_READ, 0, 0, 0); +} + +ScopedPrintHandleWin::~ScopedPrintHandleWin() { + CloseHandle(handle_); +} + +const char* ScopedPrintHandleWin::data() { + return reinterpret_cast<const char*>(mapped_); +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.h b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.h new file mode 100644 index 0000000000..31923285be --- /dev/null +++ b/third_party/content_analysis_sdk/agent/src/scoped_print_handle_win.h @@ -0,0 +1,29 @@ +// Copyright 2023 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_WIN_H_ +#define CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_WIN_H_ + +#include <windows.h> + +#include "scoped_print_handle_base.h" + +namespace content_analysis { +namespace sdk { + +class ScopedPrintHandleWin : public ScopedPrintHandleBase { + public: + ScopedPrintHandleWin(const ContentAnalysisRequest::PrintData& print_data); + ~ScopedPrintHandleWin() override; + + const char* data() override; + private: + void* mapped_ = nullptr; + HANDLE handle_ = nullptr; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_AGENT_SRC_SCOPED_PRINT_HANDLE_WIN_H_ diff --git a/third_party/content_analysis_sdk/browser/include/content_analysis/sdk/analysis_client.h b/third_party/content_analysis_sdk/browser/include/content_analysis/sdk/analysis_client.h new file mode 100644 index 0000000000..c7c5da8520 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/include/content_analysis/sdk/analysis_client.h @@ -0,0 +1,84 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_BROWSER_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_CLIENT_H_ +#define CONTENT_ANALYSIS_BROWSER_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_CLIENT_H_ + +#include <memory> +#include <string> + +#include "content_analysis/sdk/analysis.pb.h" + +// This is the main include file for code using Content Analysis Connector +// Client SDK. No other include is needed. +// +// A browser begins by creating an instance of Client using the factory +// function Client::Create(). This instance should live as long as the browser +// intends to send content analysis requests to the content analysis agent. + +namespace content_analysis { +namespace sdk { + +// Represents information about one instance of a content analysis agent +// process that is connected to the browser. +struct AgentInfo { + unsigned long pid = 0; // Process ID of content analysis agent process. + std::string binary_path; // The full path to the process's main binary. +}; + +// Represents a client that can request content analysis for locally running +// agent. This class holds the client endpoint that the browser connects +// with when content analysis is required. +// +// See the demo directory for an example of how to use this class. +class Client { + public: + // Configuration options where creating an agent. `name` is used to create + // a channel between the agent and Google Chrome. + struct Config { + // Used to create a channel between the agent and Google Chrome. Both must + // use the same name to properly rendezvous with each other. The channel + // is platform specific. + std::string name; + + // Set to true if there is a different agent instance per OS user. Defaults + // to false. + bool user_specific = false; + }; + + // Returns a new client instance and calls Start(). + static std::unique_ptr<Client> Create(Config config); + + virtual ~Client() = default; + + // Returns the configuration parameters used to create the client. + virtual const Config& GetConfig() const = 0; + + // Retrives information about the agent that is connected to the browser. + virtual const AgentInfo& GetAgentInfo() const = 0; + + // Sends an analysis request to the agent and waits for a response. + virtual int Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) = 0; + + // Sends an response acknowledgment back to the agent. + virtual int Acknowledge(const ContentAnalysisAcknowledgement& ack) = 0; + + // Ask the agent to cancel all requests matching the criteria in `cancel`. + // This is a best effort only, the agent may cancel some, all, or no requests + // that match. + virtual int CancelRequests(const ContentAnalysisCancelRequests& cancel) = 0; + + protected: + Client() = default; + Client(const Client& rhs) = delete; + Client(Client&& rhs) = delete; + Client& operator=(const Client& rhs) = delete; + Client& operator=(Client&& rhs) = delete; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_BROWSER_INCLUDE_CONTENT_ANALYSIS_SDK_ANALYSIS_CLIENT_H_ diff --git a/third_party/content_analysis_sdk/browser/src/client_base.cc b/third_party/content_analysis_sdk/browser/src/client_base.cc new file mode 100644 index 0000000000..0147c0cbee --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_base.cc @@ -0,0 +1,21 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "client_base.h" + +namespace content_analysis { +namespace sdk { + +ClientBase::ClientBase(Config config) : config_(config) {} + +const Client::Config& ClientBase::GetConfig() const { + return config_; +} + +const AgentInfo& ClientBase::GetAgentInfo() const { + return agent_info_; +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/browser/src/client_base.h b/third_party/content_analysis_sdk/browser/src/client_base.h new file mode 100644 index 0000000000..f8d7849394 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_base.h @@ -0,0 +1,34 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_BASE_H_ +#define CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_BASE_H_ + +#include "content_analysis/sdk/analysis_client.h" + +namespace content_analysis { +namespace sdk { + +// Base Client class with code common to all platforms. +class ClientBase : public Client { + public: + // Client: + const Config& GetConfig() const override; + const AgentInfo& GetAgentInfo() const override; + + protected: + ClientBase(Config config); + + const Config& configuration() const { return config_; } + AgentInfo& agent_info() { return agent_info_; } + +private: + Config config_; + AgentInfo agent_info_; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_BASE_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/browser/src/client_mac.cc b/third_party/content_analysis_sdk/browser/src/client_mac.cc new file mode 100644 index 0000000000..c6f5a798c1 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_mac.cc @@ -0,0 +1,33 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <utility> + +#include "client_mac.h" + +namespace content_analysis { +namespace sdk { + +// static +std::unique_ptr<Client> Client::Create(Config config) { + return std::make_unique<ClientMac>(std::move(config)); +} + +ClientMac::ClientMac(Config config) : ClientBase(std::move(config)) {} + +int ClientMac::Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) { + return -1; +} + +int ClientMac::Acknowledge(const ContentAnalysisAcknowledgement& ack) { + return -1; +} + +int ClientMac::CancelRequests(const ContentAnalysisCancelRequests& cancel) { + return -1; +} + +} // namespace sdk +} // namespace content_analysis
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/browser/src/client_mac.h b/third_party/content_analysis_sdk/browser/src/client_mac.h new file mode 100644 index 0000000000..f3c640dd89 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_mac.h @@ -0,0 +1,28 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_MAC_H_ +#define CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_MAC_H_ + +#include "client_base.h" + +namespace content_analysis { +namespace sdk { + +// Client implementaton for macOS. +class ClientMac : public ClientBase { + public: + ClientMac(Config config); + + // Client: + int Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) override; + int Acknowledge(const ContentAnalysisAcknowledgement& ack) override; + int CancelRequests(const ContentAnalysisCancelRequests& cancel) override; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_MAC_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/browser/src/client_posix.cc b/third_party/content_analysis_sdk/browser/src/client_posix.cc new file mode 100644 index 0000000000..14277724fd --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_posix.cc @@ -0,0 +1,33 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <utility> + +#include "client_posix.h" + +namespace content_analysis { +namespace sdk { + +// static +std::unique_ptr<Client> Client::Create(Config config) { + return std::make_unique<ClientPosix>(std::move(config)); +} + +ClientPosix::ClientPosix(Config config) : ClientBase(std::move(config)) {} + +int ClientPosix::Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) { + return -1; +} + +int ClientPosix::Acknowledge(const ContentAnalysisAcknowledgement& ack) { + return -1; +} + +int ClientPosix::CancelRequests(const ContentAnalysisCancelRequests& cancel) { + return -1; +} + +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/browser/src/client_posix.h b/third_party/content_analysis_sdk/browser/src/client_posix.h new file mode 100644 index 0000000000..9e7666d681 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_posix.h @@ -0,0 +1,28 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_POSIX_H_ +#define CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_POSIX_H_ + +#include "client_base.h" + +namespace content_analysis { +namespace sdk { + +// Client implementaton for Posix. +class ClientPosix : public ClientBase { + public: + ClientPosix(Config config); + + // Client: + int Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) override; + int Acknowledge(const ContentAnalysisAcknowledgement& ack) override; + int CancelRequests(const ContentAnalysisCancelRequests& cancel) override; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_POSIX_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/browser/src/client_win.cc b/third_party/content_analysis_sdk/browser/src/client_win.cc new file mode 100644 index 0000000000..039946d131 --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_win.cc @@ -0,0 +1,432 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <windows.h> +#include <winternl.h> + +#include <cstring> +#include <memory> +#include <utility> +#include <vector> + +#include "common/utils_win.h" + +#include "client_win.h" + +namespace content_analysis { +namespace sdk { + +const DWORD kBufferSize = 4096; + +// Use the same default timeout value (50ms) as CreateNamedPipeA(), expressed +// in 100ns intervals. +constexpr LONGLONG kDefaultTimeout = 500000; + +// The following #defines and struct are copied from the official Microsoft +// Windows Driver Kit headers because they are not available in the official +// Microsoft Windows user mode SDK headers. + +#define FSCTL_PIPE_WAIT 0x110018 +#define STATUS_SUCCESS ((NTSTATUS)0) +#define STATUS_PIPE_NOT_AVAILABLE ((NTSTATUS)0xc00000ac) +#define STATUS_IO_TIMEOUT ((NTSTATUS)0xc00000b5) + +typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { + LARGE_INTEGER Timeout; + ULONG NameLength; + BOOLEAN TimeoutSpecified; + WCHAR Name[1]; +} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; + +namespace { + +using NtCreateFileFn = decltype(&::NtCreateFile); + +NtCreateFileFn GetNtCreateFileFn() { + static NtCreateFileFn fnNtCreateFile = []() { + NtCreateFileFn fn = nullptr; + HMODULE h = LoadLibraryA("NtDll.dll"); + if (h != nullptr) { + fn = reinterpret_cast<NtCreateFileFn>(GetProcAddress(h, "NtCreateFile")); + FreeLibrary(h); + } + return fn; + }(); + + return fnNtCreateFile; +} + + +using NtFsControlFileFn = NTSTATUS (NTAPI *)( + HANDLE FileHandle, + HANDLE Event, + PIO_APC_ROUTINE ApcRoutine, + PVOID ApcContext, + PIO_STATUS_BLOCK IoStatusBlock, + ULONG IoControlCode, + PVOID InputBuffer, + ULONG InputBufferLength, + PVOID OutputBuffer, + ULONG OutputBufferLength); + +NtFsControlFileFn GetNtFsControlFileFn() { + static NtFsControlFileFn fnNtFsControlFile = []() { + NtFsControlFileFn fn = nullptr; + HMODULE h = LoadLibraryA("NtDll.dll"); + if (h != nullptr) { + fn = reinterpret_cast<NtFsControlFileFn>(GetProcAddress(h, "NtFsControlFile")); + FreeLibrary(h); + } + return fn; + }(); + + return fnNtFsControlFile; +} + +NTSTATUS WaitForPipeAvailability(const UNICODE_STRING& path) { + NtCreateFileFn fnNtCreateFile = GetNtCreateFileFn(); + if (fnNtCreateFile == nullptr) { + return false; + } + NtFsControlFileFn fnNtFsControlFile = GetNtFsControlFileFn(); + if (fnNtFsControlFile == nullptr) { + return false; + } + + // Build the device name. This is the initial part of `path` which is + // assumed to start with the string `kPipePrefixForClient`. The `Length` + // field is measured in bytes, not characters, and does not include the null + // terminator. It's important that the device name ends with a trailing + // backslash. + size_t device_name_char_length = std::strlen(internal::kPipePrefixForClient); + UNICODE_STRING device_name; + device_name.Buffer = path.Buffer; + device_name.Length = device_name_char_length * sizeof(wchar_t); + device_name.MaximumLength = device_name.Length; + + // Build the pipe name. This is the remaining part of `path` after the device + // name. + UNICODE_STRING pipe_name; + pipe_name.Buffer = path.Buffer + device_name_char_length; + pipe_name.Length = path.Length - device_name.Length; + pipe_name.MaximumLength = pipe_name.Length; + + // Build the ioctl input buffer. This buffer is the size of + // FILE_PIPE_WAIT_FOR_BUFFER plus the length of the pipe name. Since + // FILE_PIPE_WAIT_FOR_BUFFER includes one WCHAR this includes space for + // the terminating null character of the name which wcsncpy() copies. + size_t buffer_size = sizeof(FILE_PIPE_WAIT_FOR_BUFFER) + pipe_name.Length; + std::vector<char> buffer(buffer_size); + FILE_PIPE_WAIT_FOR_BUFFER* wait_buffer = + reinterpret_cast<FILE_PIPE_WAIT_FOR_BUFFER*>(buffer.data()); + wait_buffer->Timeout.QuadPart = kDefaultTimeout; + wait_buffer->NameLength = pipe_name.Length; + wait_buffer->TimeoutSpecified = TRUE; + std::wcsncpy(wait_buffer->Name, pipe_name.Buffer, wait_buffer->NameLength / + sizeof(wchar_t)); + + OBJECT_ATTRIBUTES attr; + InitializeObjectAttributes(&attr, &device_name, OBJ_CASE_INSENSITIVE, nullptr, + nullptr); + + IO_STATUS_BLOCK io; + HANDLE h = INVALID_HANDLE_VALUE; + NTSTATUS sts = fnNtCreateFile(&h, GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE, + &attr, &io, /*AllocationSize=*/nullptr, FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_OPEN, + FILE_SYNCHRONOUS_IO_NONALERT, /*EaBuffer=*/nullptr, /*EaLength=*/0); + if (sts != STATUS_SUCCESS) { + return false; + } + + IO_STATUS_BLOCK io2; + sts = fnNtFsControlFile(h, /*Event=*/nullptr, /*ApcRoutine=*/nullptr, + /*ApcContext*/nullptr, &io2, FSCTL_PIPE_WAIT, buffer.data(), + buffer.size(), nullptr, 0); + CloseHandle(h); + return sts; +} + +// Reads the next message from the pipe and returns a buffer of chars. +// This function is synchronous. +std::vector<char> ReadNextMessageFromPipe( + HANDLE pipe, + OVERLAPPED* overlapped) { + DWORD err = ERROR_SUCCESS; + std::vector<char> buffer(kBufferSize); + char* p = buffer.data(); + int final_size = 0; + while (true) { + DWORD read; + + // Even though the pipe is opened for overlapped IO, the read operation + // could still completely synchronously. For example, a server's response + // message could already be available in the pipe's internal buffer. + // If ReadFile() does complete synchronously, TRUE is returned. In this + // case update the final size and exit the loop. + if (ReadFile(pipe, p, kBufferSize, &read, overlapped)) { + final_size += read; + break; + } else { + // Reaching here means that ReadFile() will either complete async or + // an error has occurred. The former case is detected if the error code + // is "IO pending", in which case GetOverlappedResult() is called to wait + // for the IO to complete. If that function returns TRUE then the read + // operation completed successfully and the code simply updates the final + // size and exits the loop. + err = GetLastError(); + if (err == ERROR_IO_PENDING) { + if (GetOverlappedResult(pipe, overlapped, &read, /*wait=*/TRUE)) { + final_size += read; + break; + } else { + err = GetLastError(); + } + } + + // Reaching here means an error has occurred. One error is recoverable: + // "more data". For any other type of error break out of the loop. + if (err != ERROR_MORE_DATA) { + final_size = 0; + break; + } + + // Reaching here means the error is "more data", that is, the buffer + // specified in ReadFile() was too small to contain the entire response + // message from the server. ReadFile() has placed the start of the + // message in the specified buffer but ReadFile() needs to be called + // again to read the remaining part. + // + // The buffer size is increased and the current pointer into the buffer + // `p` is adjusted so that when the loop re-runs, it calls ReadFile() + // with the correct point in the buffer. It's possible that this loop + // might have to run many times if the response message is rather large. + buffer.resize(buffer.size() + kBufferSize); + p = buffer.data() + buffer.size() - kBufferSize; + } + } + + buffer.resize(final_size); + return buffer; +} + +// Writes a string to the pipe. Returns true if successful, false otherwise. +// This function is synchronous. +bool WriteMessageToPipe( + HANDLE pipe, + const std::string& message, + OVERLAPPED* overlapped) { + if (message.empty()) + return false; + + // Even though the pipe is opened for overlapped IO, the write operation + // could still completely synchronously. If it does, TRUE is returned. + // In this case the function is done. + bool ok = WriteFile(pipe, message.data(), message.size(), nullptr, overlapped); + if (!ok) { + // Reaching here means that WriteFile() will either complete async or + // an error has occurred. The former case is detected if the error code + // is "IO pending", in which case GetOverlappedResult() is called to wait + // for the IO to complete. Whether the operation completes sync or async, + // return true if the operation succeeded and false otherwise. + DWORD err = GetLastError(); + if (err == ERROR_IO_PENDING) { + DWORD written; + ok = GetOverlappedResult(pipe, overlapped, &written, /*wait=*/TRUE); + } + } + + return ok; +} + +} // namespace + +// static +std::unique_ptr<Client> Client::Create(Config config) { + int rc; + auto client = std::make_unique<ClientWin>(std::move(config), &rc); + return rc == 0 ? std::move(client) : nullptr; +} + +ClientWin::ClientWin(Config config, int* rc) : ClientBase(std::move(config)) { + *rc = -1; + + std::string pipename = + internal::GetPipeNameForClient(configuration().name, + configuration().user_specific); + if (!pipename.empty()) { + unsigned long pid = 0; + if (ConnectToPipe(pipename, &hPipe_) == ERROR_SUCCESS && + GetNamedPipeServerProcessId(hPipe_, &pid)) { + agent_info().pid = pid; + + // Getting the process path is best effort. + *rc = 0; + std::string binary_path; + if (internal::GetProcessPath(pid, &binary_path)) { + agent_info().binary_path = std::move(binary_path); + } + } + } + + if (*rc != 0) { + Shutdown(); + } +} + +ClientWin::~ClientWin() { + Shutdown(); +} + +int ClientWin::Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) { + ChromeToAgent chrome_to_agent; + *chrome_to_agent.mutable_request() = std::move(request); + + internal::ScopedOverlapped overlapped; + if (!overlapped.is_valid()) { + return -1; + } + + bool success = WriteMessageToPipe(hPipe_, + chrome_to_agent.SerializeAsString(), + overlapped); + if (success) { + std::vector<char> buffer = ReadNextMessageFromPipe(hPipe_, overlapped); + AgentToChrome agent_to_chrome; + success = buffer.size() > 0 && + agent_to_chrome.ParseFromArray(buffer.data(), buffer.size()); + if (success) { + *response = std::move(*agent_to_chrome.mutable_response()); + } + } + + return success ? 0 : -1; +} + +int ClientWin::Acknowledge(const ContentAnalysisAcknowledgement& ack) { + // TODO: could avoid a copy by changing argument to be + // `ContentAnalysisAcknowledgement ack` and then using std::move() below and + // at call site. + ChromeToAgent chrome_to_agent; + *chrome_to_agent.mutable_ack() = ack; + + internal::ScopedOverlapped overlapped; + if (!overlapped.is_valid()) { + return -1; + } + + return WriteMessageToPipe(hPipe_, chrome_to_agent.SerializeAsString(), overlapped) + ? 0 : -1; +} + +int ClientWin::CancelRequests(const ContentAnalysisCancelRequests& cancel) { + // TODO: could avoid a copy by changing argument to be + // `ContentAnalysisCancelRequests cancel` and then using std::move() below and + // at call site. + ChromeToAgent chrome_to_agent; + *chrome_to_agent.mutable_cancel() = cancel; + + internal::ScopedOverlapped overlapped; + if (!overlapped.is_valid()) { + return -1; + } + + return WriteMessageToPipe(hPipe_, chrome_to_agent.SerializeAsString(), overlapped) + ? 0 : -1; +} + +// static +DWORD ClientWin::ConnectToPipe(const std::string& pipename, HANDLE* handle) { + // Get pointers to the Ntxxx functions. This is required to use absolute + // pipe names from the Windows NT Object Manager's namespace. This protects + // against the "\\.\pipe" symlink being redirected. + + NtCreateFileFn fnNtCreateFile = GetNtCreateFileFn(); + if (fnNtCreateFile == nullptr) { + return ERROR_INVALID_FUNCTION; + } + + // Convert the path to a wchar_t string. Pass pipename.size() as the + // `cbMultiByte` argument instead of -1 since the terminating null should not + // be counted. NtCreateFile() does not expect the object name to be + // terminated. Note that `buffer` and hence `name` created from it are both + // unterminated strings. + int wlen = MultiByteToWideChar(CP_ACP, 0, pipename.c_str(), pipename.size(), + nullptr, 0); + if (wlen == 0) { + return GetLastError(); + } + std::vector<wchar_t> buffer(wlen); + MultiByteToWideChar(CP_ACP, 0, pipename.c_str(), pipename.size(), + buffer.data(), wlen); + + UNICODE_STRING name; + name.Buffer = buffer.data(); + name.Length = wlen * sizeof(wchar_t); // Length in bytes, not characters. + name.MaximumLength = name.Length; + + OBJECT_ATTRIBUTES attr; + InitializeObjectAttributes(&attr, &name, OBJ_CASE_INSENSITIVE, nullptr, + nullptr); + + // Open the named pipe for overlapped IO, i.e. do not specify either of the + // FILE_SYNCHRONOUS_IO_xxxALERT in the creation option flags. If the pipe + // is not opened for overlapped IO, then the Send() method will block if + // called from different threads since only one read or write operation would + // be allowed at a time. + IO_STATUS_BLOCK io; + HANDLE h = INVALID_HANDLE_VALUE; + NTSTATUS sts = STATUS_IO_TIMEOUT; + while (sts == STATUS_IO_TIMEOUT) { + sts = fnNtCreateFile(&h, GENERIC_READ | GENERIC_WRITE | + SYNCHRONIZE, &attr, &io, /*AllocationSize=*/nullptr, + FILE_ATTRIBUTE_NORMAL, /*ShareAccess=*/0, FILE_OPEN, + FILE_NON_DIRECTORY_FILE, + /*EaBuffer=*/nullptr, /*EaLength=*/0); + if (sts != STATUS_SUCCESS) { + if (sts != STATUS_PIPE_NOT_AVAILABLE) { + break; + } + + sts = WaitForPipeAvailability(name); + if (sts != STATUS_SUCCESS && sts != STATUS_IO_TIMEOUT) { + break; + } + } + } + + if (sts != STATUS_SUCCESS) { + return ERROR_PIPE_NOT_CONNECTED; + } + + // Change to message read mode to match server side. Max connection count + // and timeout must be null if client and server are on the same machine. + DWORD mode = PIPE_READMODE_MESSAGE; + if (!SetNamedPipeHandleState(h, &mode, + /*maxCollectionCount=*/nullptr, + /*connectionTimeout=*/nullptr)) { + DWORD err = GetLastError(); + CloseHandle(h); + return err; + } + + *handle = h; + return ERROR_SUCCESS; +} + +void ClientWin::Shutdown() { + if (hPipe_ != INVALID_HANDLE_VALUE) { + // TODO: This trips the LateWriteObserver. We could move this earlier + // (before the LateWriteObserver is created) or just remove it, although + // the later could mean an ACK message is not processed by the agent + // in time. + // FlushFileBuffers(hPipe_); + CloseHandle(hPipe_); + hPipe_ = INVALID_HANDLE_VALUE; + } +} + +} // namespace sdk +} // namespace content_analysis
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/browser/src/client_win.h b/third_party/content_analysis_sdk/browser/src/client_win.h new file mode 100644 index 0000000000..f4bdd834fc --- /dev/null +++ b/third_party/content_analysis_sdk/browser/src/client_win.h @@ -0,0 +1,39 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_WIN_H_ +#define CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_WIN_H_ + +#include <string> + +#include "client_base.h" + +namespace content_analysis { +namespace sdk { + +// Client implementaton for Windows. +class ClientWin : public ClientBase { + public: + ClientWin(Config config, int* rc); + ~ClientWin() override; + + // Client: + int Send(ContentAnalysisRequest request, + ContentAnalysisResponse* response) override; + int Acknowledge(const ContentAnalysisAcknowledgement& ack) override; + int CancelRequests(const ContentAnalysisCancelRequests& cancel) override; + + private: + static DWORD ConnectToPipe(const std::string& pipename, HANDLE* handle); + + // Performs a clean shutdown of the client. + void Shutdown(); + + HANDLE hPipe_ = INVALID_HANDLE_VALUE; +}; + +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_BROWSER_SRC_CLIENT_WIN_H_ diff --git a/third_party/content_analysis_sdk/common/utils_win.cc b/third_party/content_analysis_sdk/common/utils_win.cc new file mode 100644 index 0000000000..a87c2d9e02 --- /dev/null +++ b/third_party/content_analysis_sdk/common/utils_win.cc @@ -0,0 +1,174 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <vector> + +#include <windows.h> +#include <sddl.h> + +#include "utils_win.h" + +namespace content_analysis { +namespace sdk { +namespace internal { + +std::string GetUserSID() { + std::string sid; + + HANDLE handle; + if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &handle) && + !OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &handle)) { + return std::string(); + } + + DWORD length = 0; + std::vector<char> buffer; + if (!GetTokenInformation(handle, TokenUser, nullptr, 0, &length)) { + DWORD err = GetLastError(); + if (err == ERROR_INSUFFICIENT_BUFFER) { + buffer.resize(length); + } + } + if (GetTokenInformation(handle, TokenUser, buffer.data(), buffer.size(), + &length)) { + TOKEN_USER* info = reinterpret_cast<TOKEN_USER*>(buffer.data()); + char* sid_string; + if (ConvertSidToStringSidA(info->User.Sid, &sid_string)) { + sid = sid_string; + LocalFree(sid_string); + } + } + + CloseHandle(handle); + return sid; +} + +std::string BuildPipeName(const char* prefix, + const std::string& base, + bool user_specific) { + std::string pipename = prefix; + + // If the agent is not user-specific, the assumption is that it runs with + // administrator privileges. Create the pipe in a location only available + // to administrators. + if (!user_specific) + pipename += "ProtectedPrefix\\Administrators\\"; + + pipename += base; + + if (user_specific) { + std::string sid = GetUserSID(); + if (sid.empty()) + return std::string(); + + pipename += "." + sid; + } + + return pipename; +} + +std::string GetPipeNameForAgent(const std::string& base, bool user_specific) { + return BuildPipeName(kPipePrefixForAgent, base, user_specific); +} + +std::string GetPipeNameForClient(const std::string& base, bool user_specific) { + return BuildPipeName(kPipePrefixForClient, base, user_specific); +} + +DWORD CreatePipe( + const std::string& name, + bool user_specific, + bool is_first_pipe, + HANDLE* handle) { + DWORD err = ERROR_SUCCESS; + DWORD mode = PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED; + + // Create DACL for pipe to allow users on the local system to read and write + // to the pipe. The creator and owner as well as administrator always get + // full control of the pipe. + // + // If `user_specific` is true, a different agent instance is used for each + // OS user, so only allow the interactive logged on user to reads and write + // messages to the pipe. Otherwise only one agent instance used used for all + // OS users and all authenticated logged on users can reads and write + // messages. + // + // See https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-definition-language + // for a description of this string format. + constexpr char kDaclEveryone[] = "D:" + "(A;OICI;GA;;;CO)" // Allow full control to creator owner. + "(A;OICI;GA;;;BA)" // Allow full control to admins. + "(A;OICI;GRGW;;;WD)"; // Allow read and write to everyone. + constexpr char kDaclUserSpecific[] = "D:" + "(A;OICI;GA;;;CO)" // Allow full control to creator owner. + "(A;OICI;GA;;;BA)" // Allow full control to admins. + "(A;OICI;GRGW;;;IU)"; // Allow read and write to interactive user. + SECURITY_ATTRIBUTES sa; + memset(&sa, 0, sizeof(sa)); + sa.nLength = sizeof(sa); + sa.bInheritHandle = FALSE; + if (!ConvertStringSecurityDescriptorToSecurityDescriptorA( + user_specific ? kDaclUserSpecific : kDaclEveryone, SDDL_REVISION_1, + &sa.lpSecurityDescriptor, /*outSdSize=*/nullptr)) { + err = GetLastError(); + return err; + } + + // When `is_first_pipe` is true, the agent expects there is no process that + // is currently listening on this pipe. If there is, CreateNamedPipeA() + // returns with ERROR_ACCESS_DENIED. This is used to detect if another + // process is listening for connections when there shouldn't be. + if (is_first_pipe) { + mode |= FILE_FLAG_FIRST_PIPE_INSTANCE; + } + *handle = CreateNamedPipeA(name.c_str(), mode, + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT | + PIPE_REJECT_REMOTE_CLIENTS, PIPE_UNLIMITED_INSTANCES, kBufferSize, + kBufferSize, 0, &sa); + if (*handle == INVALID_HANDLE_VALUE) { + err = GetLastError(); + } + + // Free the security descriptor as it is no longer needed once + // CreateNamedPipeA() returns. + LocalFree(sa.lpSecurityDescriptor); + + return err; +} + +bool GetProcessPath(unsigned long pid, std::string* binary_path) { + HANDLE hProc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid); + if (hProc == nullptr) { + return false; + } + + char path[MAX_PATH]; + DWORD size = sizeof(path); + DWORD length = QueryFullProcessImageNameA(hProc, /*flags=*/0, path, &size); + CloseHandle(hProc); + if (length == 0) { + return false; + } + + *binary_path = path; + return true; +} + +ScopedOverlapped::ScopedOverlapped() { + memset(&overlapped_, 0, sizeof(overlapped_)); + overlapped_.hEvent = CreateEvent(/*securityAttr=*/nullptr, + /*manualReset=*/TRUE, + /*initialState=*/FALSE, + /*name=*/nullptr); +} + +ScopedOverlapped::~ScopedOverlapped() { + if (overlapped_.hEvent != nullptr) { + CloseHandle(overlapped_.hEvent); + } +} + +} // internal +} // namespace sdk +} // namespace content_analysis diff --git a/third_party/content_analysis_sdk/common/utils_win.h b/third_party/content_analysis_sdk/common/utils_win.h new file mode 100644 index 0000000000..93b9b379f2 --- /dev/null +++ b/third_party/content_analysis_sdk/common/utils_win.h @@ -0,0 +1,76 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Utility and helper functions common to both the agent and browser code. +// This code is not publicly exposed from the SDK. + +#ifndef CONTENT_ANALYSIS_COMMON_UTILS_WIN_H_ +#define CONTENT_ANALYSIS_COMMON_UTILS_WIN_H_ + +#include <string> + +namespace content_analysis { +namespace sdk { +namespace internal { + +// The default size of the buffer used to hold messages received from +// Google Chrome. +const DWORD kBufferSize = 4096; + +// Named pipe prefixes used for agent and client side of pipe. +constexpr char kPipePrefixForAgent[] = R"(\\.\\pipe\)"; +constexpr char kPipePrefixForClient[] = R"(\Device\NamedPipe\)"; + +// Returns the user SID of the thread or process that calls thie function. +// Returns an empty string on error. +std::string GetUserSID(); + +// Returns the name of the pipe that should be used to communicate between +// the agent and Google Chrome. If `sid` is non-empty, make the pip name +// specific to that user. +// +// GetPipeNameForAgent() is meant to be used in the agent. The returned +// path can be used with CreatePipe() below. GetPipeNameForClient() is meant +// to be used in the client. The returned path can only be used with +// NtCreateFile() and not CreateFile(). +std::string GetPipeNameForAgent(const std::string& base, bool user_specific); +std::string GetPipeNameForClient(const std::string& base, bool user_specific); + +// Creates a named pipe with the give name. If `is_first_pipe` is true, +// fail if this is not the first pipe using this name. +// +// This function create a pipe whose DACL allow full control to the creator +// owner and administrators. If `user_specific` the DACL only allows the +// logged on user to read from and write to the pipe. Otherwise anyone logged +// in can read from and write to the pipe. +// +// A handle to the pipe is retuned in `handle`. +DWORD CreatePipe(const std::string& name, + bool user_specific, + bool is_first_pipe, + HANDLE* handle); + +// Returns the full path to the main binary file of the process with the given +// process ID. +bool GetProcessPath(unsigned long pid, std::string* binary_path); + +// A class that scopes the creation and destruction of an OVERLAPPED structure +// used for async IO. +class ScopedOverlapped { + public: + ScopedOverlapped(); + ~ScopedOverlapped(); + + bool is_valid() { return overlapped_.hEvent != nullptr; } + operator OVERLAPPED*() { return &overlapped_; } + + private: + OVERLAPPED overlapped_; +}; + +} // internal +} // namespace sdk +} // namespace content_analysis + +#endif // CONTENT_ANALYSIS_COMMON_UTILS_WIN_H_
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/demo/README.md b/third_party/content_analysis_sdk/demo/README.md new file mode 100644 index 0000000000..0f22912cc1 --- /dev/null +++ b/third_party/content_analysis_sdk/demo/README.md @@ -0,0 +1,16 @@ +# Google Chrome Content Analysis Connector Agent SDK Demo + +This directory holds the Google Chrome Content Analysis Connector Agent SDK Demo. +It contains an example of how to use the SDK. + +Build instructions are available in the main project `README.md`. + +## Demo agent permissions +On Microsoft Windows, if the demo agent is run without the `--user` command line +argument it must have Administrator privileges in order to properly create the +pipe used to communicate with the browser. The demo browser must also be run +without the `--user` command line argument. + +Otherwise the agent may run as any user, with or without Administrator +privileges. The demo browser must also be run with the `--user` command line +argument and run as the same user.
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/demo/agent.cc b/third_party/content_analysis_sdk/demo/agent.cc new file mode 100644 index 0000000000..c3640018e6 --- /dev/null +++ b/third_party/content_analysis_sdk/demo/agent.cc @@ -0,0 +1,189 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <algorithm> +#include <fstream> +#include <iostream> +#include <string> +#include <regex> +#include <vector> + +#include "content_analysis/sdk/analysis_agent.h" +#include "demo/handler.h" +#include "demo/handler_misbehaving.h" + +using namespace content_analysis::sdk; + +// Different paths are used depending on whether this agent should run as a +// use specific agent or not. These values are chosen to match the test +// values in chrome browser. +constexpr char kPathUser[] = "path_user"; +constexpr char kPathSystem[] = "brcm_chrm_cas"; + +// Global app config. +std::string path = kPathSystem; +bool use_queue = false; +bool user_specific = false; +std::vector<unsigned long> delays = {0}; // In seconds. +unsigned long num_threads = 8u; +std::string save_print_data_path = ""; +RegexArray toBlock, toWarn, toReport; +static bool useMisbehavingHandler = false; +static std::string modeStr; + +// Command line parameters. +constexpr const char* kArgDelaySpecific = "--delays="; +constexpr const char* kArgPath = "--path="; +constexpr const char* kArgQueued = "--queued"; +constexpr const char* kArgThreads = "--threads="; +constexpr const char* kArgUserSpecific = "--user"; +constexpr const char* kArgToBlock = "--toblock="; +constexpr const char* kArgToWarn = "--towarn="; +constexpr const char* kArgToReport = "--toreport="; +constexpr const char* kArgMisbehave = "--misbehave="; +constexpr const char* kArgHelp = "--help"; +constexpr const char* kArgSavePrintRequestDataTo = "--save-print-request-data-to="; + +std::map<std::string, Mode> sStringToMode = { +#define AGENT_MODE(name) {#name, Mode::Mode_##name}, +#include "modes.h" +#undef AGENT_MODE +}; + +std::map<Mode, std::string> sModeToString = { +#define AGENT_MODE(name) {Mode::Mode_##name, #name}, +#include "modes.h" +#undef AGENT_MODE +}; + +std::vector<std::pair<std::string, std::regex>> +ParseRegex(const std::string str) { + std::vector<std::pair<std::string, std::regex>> ret; + for (auto it = str.begin(); it != str.end(); /* nop */) { + auto it2 = std::find(it, str.end(), ','); + ret.push_back(std::make_pair(std::string(it, it2), std::regex(it, it2))); + it = it2 == str.end() ? it2 : it2 + 1; + } + + return ret; +} + +bool ParseCommandLine(int argc, char* argv[]) { + for (int i = 1; i < argc; ++i) { + const std::string arg = argv[i]; + if (arg.find(kArgUserSpecific) == 0) { + // If kArgPath was already used, abort. + if (path != kPathSystem) { + std::cout << std::endl << "ERROR: use --path=<path> after --user"; + return false; + } + path = kPathUser; + user_specific = true; + } else if (arg.find(kArgDelaySpecific) == 0) { + std::string delaysStr = arg.substr(strlen(kArgDelaySpecific)); + delays.clear(); + size_t posStart = 0, posEnd; + unsigned long delay; + while ((posEnd = delaysStr.find(',', posStart)) != std::string::npos) { + delay = std::stoul(delaysStr.substr(posStart, posEnd - posStart)); + if (delay > 30) { + delay = 30; + } + delays.push_back(delay); + posStart = posEnd + 1; + } + delay = std::stoul(delaysStr.substr(posStart)); + if (delay > 30) { + delay = 30; + } + delays.push_back(delay); + } else if (arg.find(kArgPath) == 0) { + path = arg.substr(strlen(kArgPath)); + } else if (arg.find(kArgQueued) == 0) { + use_queue = true; + } else if (arg.find(kArgThreads) == 0) { + num_threads = std::stoul(arg.substr(strlen(kArgThreads))); + } else if (arg.find(kArgToBlock) == 0) { + toBlock = ParseRegex(arg.substr(strlen(kArgToBlock))); + } else if (arg.find(kArgToWarn) == 0) { + toWarn = ParseRegex(arg.substr(strlen(kArgToWarn))); + } else if (arg.find(kArgToReport) == 0) { + toReport = ParseRegex(arg.substr(strlen(kArgToReport))); + } else if (arg.find(kArgMisbehave) == 0) { + modeStr = arg.substr(strlen(kArgMisbehave)); + useMisbehavingHandler = true; + } else if (arg.find(kArgHelp) == 0) { + return false; + } else if (arg.find(kArgSavePrintRequestDataTo) == 0) { + int arg_len = strlen(kArgSavePrintRequestDataTo); + save_print_data_path = arg.substr(arg_len); + } + } + + return true; +} + +void PrintHelp() { + std::cout + << std::endl << std::endl + << "Usage: agent [OPTIONS]" << std::endl + << "A simple agent to process content analysis requests." << std::endl + << "Data containing the string 'block' blocks the request data from being used." << std::endl + << std::endl << "Options:" << std::endl + << kArgDelaySpecific << "<delay1,delay2,...> : Add delays to request processing in seconds. Delays are limited to 30 seconds and are applied round-robin to requests. Default is 0." << std::endl + << kArgPath << " <path> : Used the specified path instead of default. Must come after --user." << std::endl + << kArgQueued << " : Queue requests for processing in a background thread" << std::endl + << kArgThreads << " : When queued, number of threads in the request processing thread pool" << std::endl + << kArgUserSpecific << " : Make agent OS user specific." << std::endl + << kArgSavePrintRequestDataTo << " : saves the PDF data to the given file path for print requests" << std::endl + << kArgToBlock << "<regex> : Regular expression matching file and text content to block." << std::endl + << kArgToWarn << "<regex> : Regular expression matching file and text content to warn about." << std::endl + << kArgToReport << "<regex> : Regular expression matching file and text content to report." << std::endl + << kArgMisbehave << "<mode> : Use 'misbehaving' agent in given mode for testing purposes." << std::endl + << kArgHelp << " : prints this help message" << std::endl; +} + +int main(int argc, char* argv[]) { + if (!ParseCommandLine(argc, argv)) { + PrintHelp(); + return 1; + } + + // TODO: Add toBlock, toWarn, toReport to QueueingHandler + auto handler = + useMisbehavingHandler + ? MisbehavingHandler::Create(delays[0], modeStr) + : use_queue + ? std::make_unique<QueuingHandler>(num_threads, std::move(delays), save_print_data_path, std::move(toBlock), std::move(toWarn), std::move(toReport)) + : std::make_unique<Handler>(std::move(delays), save_print_data_path, std::move(toBlock), std::move(toWarn), std::move(toReport)); + + if (!handler) { + std::cout << "[Demo] Failed to construct handler." << std::endl; + return 1; + } + + // Each agent uses a unique name to identify itself with Google Chrome. + content_analysis::sdk::ResultCode rc; + auto agent = content_analysis::sdk::Agent::Create( + {path, user_specific}, std::move(handler), &rc); + if (!agent || rc != content_analysis::sdk::ResultCode::OK) { + std::cout << "[Demo] Error starting agent: " + << content_analysis::sdk::ResultCodeToString(rc) + << std::endl; + return 1; + }; + + std::cout << "[Demo] " << agent->DebugString() << std::endl; + + // Blocks, sending events to the handler until agent->Stop() is called. + rc = agent->HandleEvents(); + if (rc != content_analysis::sdk::ResultCode::OK) { + std::cout << "[Demo] Error from handling events: " + << content_analysis::sdk::ResultCodeToString(rc) + << std::endl; + std::cout << "[Demo] " << agent->DebugString() << std::endl; + } + + return 0; +} diff --git a/third_party/content_analysis_sdk/demo/atomic_output.h b/third_party/content_analysis_sdk/demo/atomic_output.h new file mode 100644 index 0000000000..86ca8cdd75 --- /dev/null +++ b/third_party/content_analysis_sdk/demo/atomic_output.h @@ -0,0 +1,29 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <iostream> +#include <sstream> +#include <string> + +// Utility class to atomically write outout to std::cout. All data streamed +// the class is automatically sent to std::cout in the dtor. This is useful +// to keep the output of multiple threads writing to std::Cout from +// interleaving. + +class AtomicCout { + public: + ~AtomicCout() { + flush(); + } + + std::stringstream& stream() { return stream_; } + + void flush() { + std::cout << stream_.str(); + stream_.str(std::string()); + } + + private: + std::stringstream stream_; +};
\ No newline at end of file diff --git a/third_party/content_analysis_sdk/demo/client.cc b/third_party/content_analysis_sdk/demo/client.cc new file mode 100644 index 0000000000..5e47fca57f --- /dev/null +++ b/third_party/content_analysis_sdk/demo/client.cc @@ -0,0 +1,411 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <time.h> + +#include <iostream> +#include <memory> +#include <mutex> +#include <sstream> +#include <string> +#include <thread> +#include <vector> + +#include "content_analysis/sdk/analysis_client.h" +#include "demo/atomic_output.h" + +using content_analysis::sdk::Client; +using content_analysis::sdk::ContentAnalysisRequest; +using content_analysis::sdk::ContentAnalysisResponse; +using content_analysis::sdk::ContentAnalysisAcknowledgement; + +// Different paths are used depending on whether this agent should run as a +// use specific agent or not. These values are chosen to match the test +// values in chrome browser. +constexpr char kPathUser[] = "path_user"; +constexpr char kPathSystem[] = "brcm_chrm_cas"; + +// Global app config. +std::string path = kPathSystem; +bool user_specific = false; +bool group = false; +std::unique_ptr<Client> client; + +// Paramters used to build the request. +content_analysis::sdk::AnalysisConnector connector = + content_analysis::sdk::FILE_ATTACHED; +time_t request_token_number = time(nullptr); +std::string request_token; +std::string tag = "dlp"; +bool threaded = false; +std::string digest = "sha256-123456"; +std::string url = "https://upload.example.com"; +std::string email = "me@example.com"; +std::string machine_user = "DOMAIN\\me"; +std::vector<std::string> datas; + +// When grouping, remember the tokens of all requests/responses in order to +// acknowledge them all with the same final action. +// +// This global state. It may be access from multiple thread so must be +// accessed from a critical section. +std::mutex global_mutex; +ContentAnalysisAcknowledgement::FinalAction global_final_action = + ContentAnalysisAcknowledgement::ALLOW; +std::vector<std::string> request_tokens; + +// Command line parameters. +constexpr const char* kArgConnector = "--connector="; +constexpr const char* kArgDigest = "--digest="; +constexpr const char* kArgEmail = "--email="; +constexpr const char* kArgGroup = "--group"; +constexpr const char* kArgMachineUser = "--machine-user="; +constexpr const char* kArgPath = "--path="; +constexpr const char* kArgRequestToken = "--request-token="; +constexpr const char* kArgTag = "--tag="; +constexpr const char* kArgThreaded = "--threaded"; +constexpr const char* kArgUrl = "--url="; +constexpr const char* kArgUserSpecific = "--user"; +constexpr const char* kArgHelp = "--help"; + +bool ParseCommandLine(int argc, char* argv[]) { + for (int i = 1; i < argc; ++i) { + const std::string arg = argv[i]; + if (arg.find(kArgConnector) == 0) { + std::string connector_str = arg.substr(strlen(kArgConnector)); + if (connector_str == "download") { + connector = content_analysis::sdk::FILE_DOWNLOADED; + } else if (connector_str == "attach") { + connector = content_analysis::sdk::FILE_ATTACHED; + } else if (connector_str == "bulk-data-entry") { + connector = content_analysis::sdk::BULK_DATA_ENTRY; + } else if (connector_str == "print") { + connector = content_analysis::sdk::PRINT; + } else if (connector_str == "file-transfer") { + connector = content_analysis::sdk::FILE_TRANSFER; + } else { + std::cout << "[Demo] Incorrect command line arg: " << arg << std::endl; + return false; + } + } else if (arg.find(kArgRequestToken) == 0) { + request_token = arg.substr(strlen(kArgRequestToken)); + } else if (arg.find(kArgTag) == 0) { + tag = arg.substr(strlen(kArgTag)); + } else if (arg.find(kArgThreaded) == 0) { + threaded = true; + } else if (arg.find(kArgDigest) == 0) { + digest = arg.substr(strlen(kArgDigest)); + } else if (arg.find(kArgUrl) == 0) { + url = arg.substr(strlen(kArgUrl)); + } else if (arg.find(kArgMachineUser) == 0) { + machine_user = arg.substr(strlen(kArgMachineUser)); + } else if (arg.find(kArgEmail) == 0) { + email = arg.substr(strlen(kArgEmail)); + } else if (arg.find(kArgPath) == 0) { + path = arg.substr(strlen(kArgPath)); + } else if (arg.find(kArgUserSpecific) == 0) { + // If kArgPath was already used, abort. + if (path != kPathSystem) { + std::cout << std::endl << "ERROR: use --path=<path> after --user"; + return false; + } + path = kPathUser; + user_specific = true; + } else if (arg.find(kArgGroup) == 0) { + group = true; + } else if (arg.find(kArgHelp) == 0) { + return false; + } else { + datas.push_back(arg); + } + } + + return true; +} + +void PrintHelp() { + std::cout + << std::endl << std::endl + << "Usage: client [OPTIONS] [@]content_or_file ..." << std::endl + << "A simple client to send content analysis requests to a running agent." << std::endl + << "Without @ the content to analyze is the argument itself." << std::endl + << "Otherwise the content is read from a file called 'content_or_file'." << std::endl + << "Multiple [@]content_or_file arguments may be specified, each generates one request." << std::endl + << std::endl << "Options:" << std::endl + << kArgConnector << "<connector> : one of 'download', 'attach' (default), 'bulk-data-entry', 'print', or 'file-transfer'" << std::endl + << kArgRequestToken << "<unique-token> : defaults to 'req-<number>' which auto increments" << std::endl + << kArgTag << "<tag> : defaults to 'dlp'" << std::endl + << kArgThreaded << " : handled multiple requests using threads" << std::endl + << kArgUrl << "<url> : defaults to 'https://upload.example.com'" << std::endl + << kArgMachineUser << "<machine-user> : defaults to 'DOMAIN\\me'" << std::endl + << kArgEmail << "<email> : defaults to 'me@example.com'" << std::endl + << kArgPath << " <path> : Used the specified path instead of default. Must come after --user." << std::endl + << kArgUserSpecific << " : Connects to an OS user specific agent" << std::endl + << kArgDigest << "<digest> : defaults to 'sha256-123456'" << std::endl + << kArgGroup << " : Generate the same final action for all requests" << std::endl + << kArgHelp << " : prints this help message" << std::endl; +} + +std::string GenerateRequestToken() { + std::stringstream stm; + stm << "req-" << request_token_number++; + return stm.str(); +} + +ContentAnalysisRequest BuildRequest(const std::string& data) { + std::string filepath; + std::string filename; + if (data[0] == '@') { + filepath = data.substr(1); + filename = filepath.substr(filepath.find_last_of("/\\") + 1); + } + + ContentAnalysisRequest request; + + // Set request to expire 5 minutes into the future. + request.set_expires_at(time(nullptr) + 5 * 60); + request.set_analysis_connector(connector); + request.set_request_token(!request_token.empty() + ? request_token : GenerateRequestToken()); + *request.add_tags() = tag; + + auto request_data = request.mutable_request_data(); + request_data->set_url(url); + request_data->set_email(email); + request_data->set_digest(digest); + if (!filename.empty()) { + request_data->set_filename(filename); + } + + auto client_metadata = request.mutable_client_metadata(); + auto browser = client_metadata->mutable_browser(); + browser->set_machine_user(machine_user); + + if (!filepath.empty()) { + request.set_file_path(filepath); + } else if (!data.empty()) { + request.set_text_content(data); + } else { + std::cout << "[Demo] Specify text content or a file path." << std::endl; + PrintHelp(); + exit(1); + } + + return request; +} + +// Gets the most severe action within the result. +ContentAnalysisResponse::Result::TriggeredRule::Action +GetActionFromResult(const ContentAnalysisResponse::Result& result) { + auto action = + ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED; + for (auto rule : result.triggered_rules()) { + if (rule.has_action() && rule.action() > action) + action = rule.action(); + } + return action; +} + +// Gets the most severe action within all the the results of a response. +ContentAnalysisResponse::Result::TriggeredRule::Action +GetActionFromResponse(const ContentAnalysisResponse& response) { + auto action = + ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED; + for (auto result : response.results()) { + auto action2 = GetActionFromResult(result); + if (action2 > action) + action = action2; + } + return action; +} + +void DumpResponse( + std::stringstream& stream, + const ContentAnalysisResponse& response) { + for (auto result : response.results()) { + auto tag = result.has_tag() ? result.tag() : "<no-tag>"; + + auto status = result.has_status() + ? result.status() + : ContentAnalysisResponse::Result::STATUS_UNKNOWN; + std::string status_str; + switch (status) { + case ContentAnalysisResponse::Result::STATUS_UNKNOWN: + status_str = "Unknown"; + break; + case ContentAnalysisResponse::Result::SUCCESS: + status_str = "Success"; + break; + case ContentAnalysisResponse::Result::FAILURE: + status_str = "Failure"; + break; + default: + status_str = "<Uknown>"; + break; + } + + auto action = GetActionFromResult(result); + std::string action_str; + switch (action) { + case ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED: + action_str = "allowed"; + break; + case ContentAnalysisResponse::Result::TriggeredRule::REPORT_ONLY: + action_str = "reported only"; + break; + case ContentAnalysisResponse::Result::TriggeredRule::WARN: + action_str = "warned"; + break; + case ContentAnalysisResponse::Result::TriggeredRule::BLOCK: + action_str = "blocked"; + break; + } + + time_t now = time(nullptr); + stream << "[Demo] Request " << response.request_token() << " is " << action_str + << " after " << tag + << " analysis, status=" << status_str + << " at " << ctime(&now); + } +} + +ContentAnalysisAcknowledgement BuildAcknowledgement( + const std::string& request_token, + ContentAnalysisAcknowledgement::FinalAction final_action) { + ContentAnalysisAcknowledgement ack; + ack.set_request_token(request_token); + ack.set_status(ContentAnalysisAcknowledgement::SUCCESS); + ack.set_final_action(final_action); + return ack; +} + +void HandleRequest(const ContentAnalysisRequest& request) { + AtomicCout aout; + ContentAnalysisResponse response; + int err = client->Send(request, &response); + if (err != 0) { + aout.stream() << "[Demo] Error sending request " << request.request_token() + << std::endl; + } else if (response.results_size() == 0) { + aout.stream() << "[Demo] Response " << request.request_token() << " is missing a result" + << std::endl; + } else { + DumpResponse(aout.stream(), response); + + auto final_action = ContentAnalysisAcknowledgement::ALLOW; + switch (GetActionFromResponse(response)) { + case ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED: + break; + case ContentAnalysisResponse::Result::TriggeredRule::REPORT_ONLY: + final_action = ContentAnalysisAcknowledgement::REPORT_ONLY; + break; + case ContentAnalysisResponse::Result::TriggeredRule::WARN: + final_action = ContentAnalysisAcknowledgement::WARN; + break; + case ContentAnalysisResponse::Result::TriggeredRule::BLOCK: + final_action = ContentAnalysisAcknowledgement::BLOCK; + break; + } + + // If grouping, remember the request's token in order to ack the response + // later. + if (group) { + std::unique_lock<std::mutex> lock(global_mutex); + request_tokens.push_back(request.request_token()); + if (final_action > global_final_action) + global_final_action = final_action; + } else { + int err = client->Acknowledge( + BuildAcknowledgement(request.request_token(), final_action)); + if (err != 0) { + aout.stream() << "[Demo] Error sending ack " << request.request_token() + << std::endl; + } + } + } +} + +void ProcessRequest(size_t i) { + auto request = BuildRequest(datas[i]); + + { + AtomicCout aout; + aout.stream() << "[Demo] Sending request " << request.request_token() << std::endl; + } + + HandleRequest(request); +} + +int main(int argc, char* argv[]) { + if (!ParseCommandLine(argc, argv)) { + PrintHelp(); + return 1; + } + + // Each client uses a unique name to identify itself with Google Chrome. + client = Client::Create({path, user_specific}); + if (!client) { + std::cout << "[Demo] Error starting client" << std::endl; + return 1; + }; + + auto info = client->GetAgentInfo(); + std::cout << "Agent pid=" << info.pid + << " path=" << info.binary_path << std::endl; + + if (threaded) { + std::vector<std::unique_ptr<std::thread>> threads; + for (int i = 0; i < datas.size(); ++i) { + AtomicCout aout; + aout.stream() << "Start thread " << i << std::endl; + threads.emplace_back(std::make_unique<std::thread>(ProcessRequest, i)); + } + + // Make sure all threads have terminated. + for (auto& thread : threads) { + thread->join(); + } + } + else { + for (size_t i = 0; i < datas.size(); ++i) { + ProcessRequest(i); + } + } + // It's safe to access global state beyond this point without locking since + // all no more responses will be touching them. + + if (group) { + std::cout << std::endl; + std::cout << "[Demo] Final action for all requests is "; + switch (global_final_action) { + // Google Chrome fails open, so if no action is specified that is the same + // as ALLOW. + case ContentAnalysisAcknowledgement::ACTION_UNSPECIFIED: + case ContentAnalysisAcknowledgement::ALLOW: + std::cout << "allowed"; + break; + case ContentAnalysisAcknowledgement::REPORT_ONLY: + std::cout << "reported only"; + break; + case ContentAnalysisAcknowledgement::WARN: + std::cout << "warned"; + break; + case ContentAnalysisAcknowledgement::BLOCK: + std::cout << "blocked"; + break; + } + std::cout << std::endl << std::endl; + + for (auto token : request_tokens) { + std::cout << "[Demo] Sending group Ack" << std::endl; + int err = client->Acknowledge( + BuildAcknowledgement(token, global_final_action)); + if (err != 0) { + std::cout << "[Demo] Error sending ack for " << token << std::endl; + } + } + } + + return 0; +}; diff --git a/third_party/content_analysis_sdk/demo/handler.h b/third_party/content_analysis_sdk/demo/handler.h new file mode 100644 index 0000000000..1c9871bd08 --- /dev/null +++ b/third_party/content_analysis_sdk/demo/handler.h @@ -0,0 +1,449 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_DEMO_HANDLER_H_ +#define CONTENT_ANALYSIS_DEMO_HANDLER_H_ + +#include <time.h> + +#include <algorithm> +#include <atomic> +#include <chrono> +#include <fstream> +#include <iostream> +#include <optional> +#include <thread> +#include <utility> +#include <regex> +#include <vector> + +#include "content_analysis/sdk/analysis_agent.h" +#include "demo/atomic_output.h" +#include "demo/request_queue.h" + +using RegexArray = std::vector<std::pair<std::string, std::regex>>; + +// An AgentEventHandler that dumps requests information to stdout and blocks +// any requests that have the keyword "block" in their data +class Handler : public content_analysis::sdk::AgentEventHandler { + public: + using Event = content_analysis::sdk::ContentAnalysisEvent; + + Handler(std::vector<unsigned long>&& delays, const std::string& print_data_file_path, + RegexArray&& toBlock = RegexArray(), + RegexArray&& toWarn = RegexArray(), + RegexArray&& toReport = RegexArray()) : + toBlock_(std::move(toBlock)), toWarn_(std::move(toWarn)), toReport_(std::move(toReport)), + delays_(std::move(delays)), print_data_file_path_(print_data_file_path) {} + + const std::vector<unsigned long> delays() { return delays_; } + size_t nextDelayIndex() const { return nextDelayIndex_; } + + protected: + // Analyzes one request from Google Chrome and responds back to the browser + // with either an allow or block verdict. + void AnalyzeContent(std::stringstream& stream, std::unique_ptr<Event> event) { + // An event represents one content analysis request and response triggered + // by a user action in Google Chrome. The agent determines whether the + // user is allowed to perform the action by examining event->GetRequest(). + // The verdict, which can be "allow" or "block" is written into + // event->GetResponse(). + + DumpEvent(stream, event.get()); + + bool success = true; + std::optional<content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action> caResponse = + content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_BLOCK; + + if (event->GetRequest().has_text_content()) { + caResponse = DecideCAResponse( + event->GetRequest().text_content(), stream); + } else if (event->GetRequest().has_file_path()) { + // TODO: Fix downloads to store file *first* so we can check contents. + // Until then, just check the file name: + caResponse = DecideCAResponse( + event->GetRequest().file_path(), stream); + } else if (event->GetRequest().has_print_data()) { + // In the case of print request, normally the PDF bytes would be parsed + // for sensitive data violations. To keep this class simple, only the + // URL is checked for the word "block". + caResponse = DecideCAResponse(event->GetRequest().request_data().url(), stream); + } + + if (!success) { + content_analysis::sdk::UpdateResponse( + event->GetResponse(), + std::string(), + content_analysis::sdk::ContentAnalysisResponse::Result::FAILURE); + stream << " Verdict: failed to reach verdict: "; + stream << event->DebugString() << std::endl; + } else { + stream << " Verdict: "; + if (caResponse) { + switch (caResponse.value()) { + case content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_BLOCK: + stream << "BLOCK"; + break; + case content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_WARN: + stream << "WARN"; + break; + case content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_REPORT_ONLY: + stream << "REPORT_ONLY"; + break; + case content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_ACTION_UNSPECIFIED: + stream << "ACTION_UNSPECIFIED"; + break; + default: + stream << "<error>"; + break; + } + auto rc = + content_analysis::sdk::SetEventVerdictTo(event.get(), caResponse.value()); + if (rc != content_analysis::sdk::ResultCode::OK) { + stream << " error: " + << content_analysis::sdk::ResultCodeToString(rc) << std::endl; + stream << " " << event->DebugString() << std::endl; + } + stream << std::endl; + } else { + stream << " Verdict: allow" << std::endl; + } + stream << std::endl; + } + stream << std::endl; + + // If a delay is specified, wait that much. + size_t nextDelayIndex = nextDelayIndex_.fetch_add(1); + unsigned long delay = delays_[nextDelayIndex % delays_.size()]; + if (delay > 0) { + std::this_thread::sleep_for(std::chrono::seconds(delay)); + } + + // Send the response back to Google Chrome. + auto rc = event->Send(); + if (rc != content_analysis::sdk::ResultCode::OK) { + stream << "[Demo] Error sending response: " + << content_analysis::sdk::ResultCodeToString(rc) + << std::endl; + stream << event->DebugString() << std::endl; + } + } + + private: + void OnBrowserConnected( + const content_analysis::sdk::BrowserInfo& info) override { + AtomicCout aout; + aout.stream() << std::endl << "==========" << std::endl; + aout.stream() << "Browser connected pid=" << info.pid + << " path=" << info.binary_path << std::endl; + } + + void OnBrowserDisconnected( + const content_analysis::sdk::BrowserInfo& info) override { + AtomicCout aout; + aout.stream() << std::endl << "Browser disconnected pid=" << info.pid << std::endl; + aout.stream() << "==========" << std::endl; + } + + void OnAnalysisRequested(std::unique_ptr<Event> event) override { + // If the agent is capable of analyzing content in the background, the + // events may be handled in background threads. Having said that, a + // event should not be assumed to be thread safe, that is, it should not + // be accessed by more than one thread concurrently. + // + // In this example code, the event is handled synchronously. + AtomicCout aout; + aout.stream() << std::endl << "----------" << std::endl << std::endl; + AnalyzeContent(aout.stream(), std::move(event)); + } + + void OnResponseAcknowledged( + const content_analysis::sdk::ContentAnalysisAcknowledgement& + ack) override { + const char* final_action = "<Unknown>"; + if (ack.has_final_action()) { + switch (ack.final_action()) { + case content_analysis::sdk::ContentAnalysisAcknowledgement::ACTION_UNSPECIFIED: + final_action = "<Unspecified>"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::ALLOW: + final_action = "Allow"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::REPORT_ONLY: + final_action = "Report only"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::WARN: + final_action = "Warn"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::BLOCK: + final_action = "Block"; + break; + } + } + + AtomicCout aout; + aout.stream() << "Ack: " << ack.request_token() << std::endl; + aout.stream() << " Final action: " << final_action << std::endl; + } + void OnCancelRequests( + const content_analysis::sdk::ContentAnalysisCancelRequests& cancel) + override { + AtomicCout aout; + aout.stream() << "Cancel: " << std::endl; + aout.stream() << " User action ID: " << cancel.user_action_id() << std::endl; + } + + void OnInternalError( + const char* context, + content_analysis::sdk::ResultCode error) override { + AtomicCout aout; + aout.stream() << std::endl + << "*ERROR*: context=\"" << context << "\" " + << content_analysis::sdk::ResultCodeToString(error) + << std::endl; + } + + void DumpEvent(std::stringstream& stream, Event* event) { + time_t now = time(nullptr); + stream << "Received at: " << ctime(&now); // Returned string includes \n. + + const content_analysis::sdk::ContentAnalysisRequest& request = + event->GetRequest(); + std::string connector = "<Unknown>"; + if (request.has_analysis_connector()) { + switch (request.analysis_connector()) + { + case content_analysis::sdk::FILE_DOWNLOADED: + connector = "download"; + break; + case content_analysis::sdk::FILE_ATTACHED: + connector = "attach"; + break; + case content_analysis::sdk::BULK_DATA_ENTRY: + connector = "bulk-data-entry"; + break; + case content_analysis::sdk::PRINT: + connector = "print"; + break; + case content_analysis::sdk::FILE_TRANSFER: + connector = "file-transfer"; + break; + default: + break; + } + } + + std::string url = + request.has_request_data() && request.request_data().has_url() + ? request.request_data().url() : "<No URL>"; + + std::string tab_title = + request.has_request_data() && request.request_data().has_tab_title() + ? request.request_data().tab_title() : "<No tab title>"; + + std::string filename = + request.has_request_data() && request.request_data().has_filename() + ? request.request_data().filename() : "<No filename>"; + + std::string digest = + request.has_request_data() && request.request_data().has_digest() + ? request.request_data().digest() : "<No digest>"; + + std::string file_path = + request.has_file_path() + ? request.file_path() : "<none>"; + + std::string text_content = + request.has_text_content() + ? request.text_content() : "<none>"; + + std::string machine_user = + request.has_client_metadata() && + request.client_metadata().has_browser() && + request.client_metadata().browser().has_machine_user() + ? request.client_metadata().browser().machine_user() : "<No machine user>"; + + std::string email = + request.has_request_data() && request.request_data().has_email() + ? request.request_data().email() : "<No email>"; + + time_t t = request.expires_at(); + std::string expires_at_str = ctime(&t); + // Returned string includes trailing \n, overwrite with null. + expires_at_str[expires_at_str.size() - 1] = 0; + time_t secs_remaining = t - now; + + std::string user_action_id = request.has_user_action_id() + ? request.user_action_id() : "<No user action id>"; + + stream << "Request: " << request.request_token() << std::endl; + stream << " User action ID: " << user_action_id << std::endl; + stream << " Expires at: " << expires_at_str << " (" + << secs_remaining << " seconds from now)" << std::endl; + stream << " Connector: " << connector << std::endl; + stream << " URL: " << url << std::endl; + stream << " Tab title: " << tab_title << std::endl; + stream << " Filename: " << filename << std::endl; + stream << " Digest: " << digest << std::endl; + stream << " Filepath: " << file_path << std::endl; + stream << " Text content: '" << text_content << "'" << std::endl; + stream << " Machine user: " << machine_user << std::endl; + stream << " Email: " << email << std::endl; + if (request.has_print_data() && !print_data_file_path_.empty()) { + if (request.request_data().has_print_metadata() && + request.request_data().print_metadata().has_printer_name()) { + stream << " Printer name: " + << request.request_data().print_metadata().printer_name() + << std::endl; + } else { + stream << " No printer name in request" << std::endl; + } + + stream << " Print data saved to: " << print_data_file_path_ + << std::endl; + using content_analysis::sdk::ContentAnalysisEvent; + auto print_data = + content_analysis::sdk::CreateScopedPrintHandle(event->GetRequest(), + event->GetBrowserInfo().pid); + std::ofstream file(print_data_file_path_, + std::ios::out | std::ios::trunc | std::ios::binary); + file.write(print_data->data(), print_data->size()); + file.flush(); + file.close(); + } + } + + bool ReadContentFromFile(const std::string& file_path, + std::string* content) { + std::ifstream file(file_path, + std::ios::in | std::ios::binary | std::ios::ate); + if (!file.is_open()) + return false; + + // Get file size. This example does not handle files larger than 1MB. + // Make sure content string can hold the contents of the file. + int size = file.tellg(); + if (size > 1024 * 1024) + return false; + + content->resize(size + 1); + + // Read file into string. + file.seekg(0, std::ios::beg); + file.read(&(*content)[0], size); + content->at(size) = 0; + return true; + } + + std::optional<content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action> + DecideCAResponse(const std::string& content, std::stringstream& stream) { + for (auto& r : toBlock_) { + if (std::regex_search(content, r.second)) { + stream << "'" << content << "' matches BLOCK regex '" + << r.first << "'" << std::endl; + return content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_BLOCK; + } + } + for (auto& r : toWarn_) { + if (std::regex_search(content, r.second)) { + stream << "'" << content << "' matches WARN regex '" + << r.first << "'" << std::endl; + return content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_WARN; + } + } + for (auto& r : toReport_) { + if (std::regex_search(content, r.second)) { + stream << "'" << content << "' matches REPORT_ONLY regex '" + << r.first << "'" << std::endl; + return content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule_Action_REPORT_ONLY; + } + } + stream << "'" << content << "' was ALLOWed\n"; + return {}; + } + + // For the demo, block any content that matches these wildcards. + RegexArray toBlock_; + RegexArray toWarn_; + RegexArray toReport_; + + std::vector<unsigned long> delays_; + std::atomic<size_t> nextDelayIndex_; + std::string print_data_file_path_; +}; + +// An AgentEventHandler that dumps requests information to stdout and blocks +// any requests that have the keyword "block" in their data +class QueuingHandler : public Handler { + public: + QueuingHandler(unsigned long threads, std::vector<unsigned long>&& delays, const std::string& print_data_file_path, + RegexArray&& toBlock = RegexArray(), + RegexArray&& toWarn = RegexArray(), + RegexArray&& toReport = RegexArray()) + : Handler(std::move(delays), print_data_file_path, std::move(toBlock), std::move(toWarn), std::move(toReport)) { + StartBackgroundThreads(threads); + } + + ~QueuingHandler() override { + // Abort background process and wait for it to finish. + request_queue_.abort(); + WaitForBackgroundThread(); + } + + private: + void OnAnalysisRequested(std::unique_ptr<Event> event) override { + { + time_t now = time(nullptr); + const content_analysis::sdk::ContentAnalysisRequest& request = + event->GetRequest(); + AtomicCout aout; + aout.stream() << std::endl << "Queuing request: " << request.request_token() + << " at " << ctime(&now) << std::endl; + } + + request_queue_.push(std::move(event)); + } + + static void* ProcessRequests(void* qh) { + QueuingHandler* handler = reinterpret_cast<QueuingHandler*>(qh); + + while (true) { + auto event = handler->request_queue_.pop(); + if (!event) + break; + + AtomicCout aout; + aout.stream() << std::endl << "----------" << std::endl; + aout.stream() << "Thread: " << std::this_thread::get_id() << std::endl; + aout.stream() << "Delaying request processing for " + << handler->delays()[handler->nextDelayIndex() % handler->delays().size()] << "s" << std::endl << std::endl; + aout.flush(); + + handler->AnalyzeContent(aout.stream(), std::move(event)); + } + + return 0; + } + + // A list of outstanding content analysis requests. + RequestQueue request_queue_; + + void StartBackgroundThreads(unsigned long threads) { + threads_.reserve(threads); + for (unsigned long i = 0; i < threads; ++i) { + threads_.emplace_back(std::make_unique<std::thread>(ProcessRequests, this)); + } + } + + void WaitForBackgroundThread() { + for (auto& thread : threads_) { + thread->join(); + } + } + + // Thread id of backgrond thread. + std::vector<std::unique_ptr<std::thread>> threads_; +}; + +#endif // CONTENT_ANALYSIS_DEMO_HANDLER_H_ diff --git a/third_party/content_analysis_sdk/demo/handler_misbehaving.h b/third_party/content_analysis_sdk/demo/handler_misbehaving.h new file mode 100644 index 0000000000..d303049d98 --- /dev/null +++ b/third_party/content_analysis_sdk/demo/handler_misbehaving.h @@ -0,0 +1,495 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CONTENT_ANALYSIS_DEMO_HANDLER_MISBEHAVING_H_ +#define CONTENT_ANALYSIS_DEMO_HANDLER_MISBEHAVING_H_ + +#include <time.h> + +#include <algorithm> +#include <chrono> +#include <fstream> +#include <map> +#include <iostream> +#include <utility> +#include <vector> +#include <regex> +#include <windows.h> + +#include "content_analysis/sdk/analysis.pb.h" +#include "content_analysis/sdk/analysis_agent.h" +#include "agent/src/event_win.h" + +enum class Mode { +// Have to use a "Mode_" prefix to avoid preprocessing problems in StringToMode +#define AGENT_MODE(name) Mode_##name, +#include "modes.h" +#undef AGENT_MODE +}; + +extern std::map<std::string, Mode> sStringToMode; +extern std::map<Mode, std::string> sModeToString; + +// Writes a string to the pipe. Returns ERROR_SUCCESS if successful, else +// returns GetLastError() of the write. This function does not return until +// the entire message has been sent (or an error occurs). +static DWORD WriteBigMessageToPipe(HANDLE pipe, const std::string& message) { + std::cout << "[demo] WriteBigMessageToPipe top, message size is " + << message.size() << std::endl; + if (message.empty()) { + return ERROR_SUCCESS; + } + + OVERLAPPED overlapped; + memset(&overlapped, 0, sizeof(overlapped)); + overlapped.hEvent = CreateEvent(/*securityAttr=*/nullptr, + /*manualReset=*/TRUE, + /*initialState=*/FALSE, + /*name=*/nullptr); + if (overlapped.hEvent == nullptr) { + return GetLastError(); + } + + DWORD err = ERROR_SUCCESS; + const char* cursor = message.data(); + for (DWORD size = message.length(); size > 0;) { + std::cout << "[demo] WriteBigMessageToPipe top of loop, remaining size " + << size << std::endl; + if (WriteFile(pipe, cursor, size, /*written=*/nullptr, &overlapped)) { + std::cout << "[demo] WriteBigMessageToPipe: success" << std::endl; + err = ERROR_SUCCESS; + break; + } + + // If an I/O is not pending, return the error. + err = GetLastError(); + if (err != ERROR_IO_PENDING) { + std::cout + << "[demo] WriteBigMessageToPipe: returning error from WriteFile " + << err << std::endl; + break; + } + + DWORD written; + if (!GetOverlappedResult(pipe, &overlapped, &written, /*wait=*/TRUE)) { + err = GetLastError(); + std::cout << "[demo] WriteBigMessageToPipe: returning error from " + "GetOverlappedREsult " + << err << std::endl; + break; + } + + // reset err for the next loop iteration + err = ERROR_SUCCESS; + std::cout << "[demo] WriteBigMessageToPipe: bottom of loop, wrote " + << written << std::endl; + cursor += written; + size -= written; + } + + CloseHandle(overlapped.hEvent); + return err; +} + +// An AgentEventHandler that does various misbehaving things +class MisbehavingHandler final : public content_analysis::sdk::AgentEventHandler { + public: + using Event = content_analysis::sdk::ContentAnalysisEvent; + + static + std::unique_ptr<AgentEventHandler> Create(unsigned long delay, + const std::string& modeStr) { + auto it = sStringToMode.find(modeStr); + if (it == sStringToMode.end()) { + std::cout << "\"" << modeStr << "\"" + << " is not a valid mode!" << std::endl; + return nullptr; + } + + return std::unique_ptr<AgentEventHandler>(new MisbehavingHandler(delay, it->second)); + } + + private: + MisbehavingHandler(unsigned long delay, Mode mode) : delay_(delay), mode_(mode) {} + + template <size_t N> + DWORD SendBytesOverPipe(const unsigned char (&bytes)[N], + const std::unique_ptr<Event>& event) { + content_analysis::sdk::ContentAnalysisEventWin* eventWin = + static_cast<content_analysis::sdk::ContentAnalysisEventWin*>( + event.get()); + HANDLE pipe = eventWin->Pipe(); + std::string s(reinterpret_cast<const char*>(bytes), N); + return WriteBigMessageToPipe(pipe, s); + } + + // Analyzes one request from Google Chrome and responds back to the browser + // with either an allow or block verdict. + void AnalyzeContent(std::unique_ptr<Event> event) { + // An event represents one content analysis request and response triggered + // by a user action in Google Chrome. The agent determines whether the + // user is allowed to perform the action by examining event->GetRequest(). + // The verdict, which can be "allow" or "block" is written into + // event->GetResponse(). + + std::cout << std::endl << "----------" << std::endl << std::endl; + + DumpRequest(event->GetRequest()); + std::cout << "Mode is " << sModeToString[mode_] << std::endl; + + if (mode_ == Mode::Mode_largeResponse) { + for (size_t i = 0; i < 1000; ++i) { + content_analysis::sdk::ContentAnalysisResponse_Result* result = + event->GetResponse().add_results(); + result->set_tag("someTag"); + content_analysis::sdk::ContentAnalysisResponse_Result_TriggeredRule* + triggeredRule = result->add_triggered_rules(); + triggeredRule->set_rule_id("some_id"); + triggeredRule->set_rule_name("some_name"); + } + } else if (mode_ == + Mode::Mode_invalidUtf8StringStartByteIsContinuationByte) { + // protobuf docs say + // "A string must always contain UTF-8 encoded text." + // So let's try something invalid + // Anything with bits 10xxxxxx is only a continuation code point + event->GetResponse().set_request_token("\x80\x41\x41\x41"); + } else if (mode_ == + Mode::Mode_invalidUtf8StringEndsInMiddleOfMultibyteSequence) { + // f0 byte indicates there should be 3 bytes following it, but here + // there are only 2 + event->GetResponse().set_request_token("\x41\xf0\x90\x8d"); + } else if (mode_ == Mode::Mode_invalidUtf8StringOverlongEncoding) { + // codepoint U+20AC, should be encoded in 3 bytes (E2 82 AC) + // instead of 4 + event->GetResponse().set_request_token("\xf0\x82\x82\xac"); + } else if (mode_ == Mode::Mode_invalidUtf8StringMultibyteSequenceTooShort) { + // f0 byte indicates there should be 3 bytes following it, but here + // there are only 2 (\x41 is not a continuation byte) + event->GetResponse().set_request_token("\xf0\x90\x8d\x41"); + } else if (mode_ == Mode::Mode_invalidUtf8StringDecodesToInvalidCodePoint) { + // decodes to U+1FFFFF, but only up to U+10FFFF is a valid code point + event->GetResponse().set_request_token("\xf7\xbf\xbf\xbf"); + } else if (mode_ == Mode::Mode_stringWithEmbeddedNull) { + event->GetResponse().set_request_token("\x41\x00\x41"); + } else if (mode_ == Mode::Mode_zeroResults) { + event->GetResponse().clear_results(); + } else if (mode_ == Mode::Mode_resultWithInvalidStatus) { + // This causes an assertion failure and the process exits + // So we just serialize this ourselves below + /*content_analysis::sdk::ContentAnalysisResponse_Result* result = + event->GetResponse().mutable_results(0); + result->set_status( + static_cast< + ::content_analysis::sdk::ContentAnalysisResponse_Result_Status>( + 100));*/ + } else { + bool block = false; + + if (event->GetRequest().has_text_content()) { + block = ShouldBlockRequest(event->GetRequest().text_content()); + } else if (event->GetRequest().has_file_path()) { + block = ShouldBlockRequest(event->GetRequest().file_path()); + } + + if (block) { + auto rc = content_analysis::sdk::SetEventVerdictToBlock(event.get()); + std::cout << " Verdict: block"; + if (rc != content_analysis::sdk::ResultCode::OK) { + std::cout << " error: " + << content_analysis::sdk::ResultCodeToString(rc) + << std::endl; + std::cout << " " << event->DebugString() << std::endl; + } + std::cout << std::endl; + } else { + std::cout << " Verdict: allow" << std::endl; + } + } + + std::cout << std::endl; + + // If a delay is specified, wait that much. + if (delay_ > 0) { + std::cout << "[Demo] delaying request processing for " << delay_ << "s" + << std::endl; + std::this_thread::sleep_for(std::chrono::seconds(delay_)); + } + + if (mode_ == Mode::Mode_largeResponse) { + content_analysis::sdk::ContentAnalysisEventWin* eventWin = + static_cast<content_analysis::sdk::ContentAnalysisEventWin*>( + event.get()); + HANDLE pipe = eventWin->Pipe(); + std::cout << "largeResponse about to write" << std::endl; + DWORD result = WriteBigMessageToPipe( + pipe, eventWin->SerializeStringToSendToBrowser()); + std::cout << "largeResponse done writing with error " << result + << std::endl; + eventWin->SetResponseSent(); + } else if (mode_ == Mode::Mode_resultWithInvalidStatus) { + content_analysis::sdk::ContentAnalysisEventWin* eventWin = + static_cast<content_analysis::sdk::ContentAnalysisEventWin*>( + event.get()); + HANDLE pipe = eventWin->Pipe(); + std::string serializedString = eventWin->SerializeStringToSendToBrowser(); + // The last byte is the status value. Set it to 100 + serializedString[serializedString.length() - 1] = 100; + WriteBigMessageToPipe(pipe, serializedString); + } else if (mode_ == Mode::Mode_messageTruncatedInMiddleOfString) { + unsigned char bytes[5]; + bytes[0] = 10; // field 1 (request_token), LEN encoding + bytes[1] = 13; // length 13 + bytes[2] = 65; // "A" + bytes[3] = 66; // "B" + bytes[4] = 67; // "C" + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithInvalidWireType) { + unsigned char bytes[5]; + bytes[0] = 15; // field 1 (request_token), "7" encoding (invalid value) + bytes[1] = 3; // length 3 + bytes[2] = 65; // "A" + bytes[3] = 66; // "B" + bytes[4] = 67; // "C" + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithUnusedFieldNumber) { + unsigned char bytes[5]; + bytes[0] = 82; // field 10 (this is invalid), LEN encoding + bytes[1] = 3; // length 3 + bytes[2] = 65; // "A" + bytes[3] = 66; // "B" + bytes[4] = 67; // "C" + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithWrongStringWireType) { + unsigned char bytes[2]; + bytes[0] = 10; // field 1 (request_token), VARINT encoding (but should be + // a string/LEN) + bytes[1] = 42; // value 42 + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithZeroTag) { + unsigned char bytes[1]; + // The protobuf deserialization code seems to handle this + // in a special case. + bytes[0] = 0; + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithZeroFieldButNonzeroWireType) { + // The protobuf deserialization code seems to handle this + // in a special case. + unsigned char bytes[5]; + bytes[0] = 2; // field 0 (invalid), LEN encoding + bytes[1] = 3; // length 13 + bytes[2] = 65; // "A" + bytes[3] = 66; // "B" + bytes[4] = 67; // "C" + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageWithGroupEnd) { + // GROUP_ENDs are obsolete and the deserialization code + // handles them in a special case. + unsigned char bytes[1]; + bytes[0] = 12; // field 1 (request_token), GROUP_END encoding + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageTruncatedInMiddleOfVarint) { + unsigned char bytes[2]; + bytes[0] = 16; // field 2 (status), VARINT encoding + bytes[1] = 128; // high bit is set, indicating there + // should be a byte after this + SendBytesOverPipe(bytes, event); + } else if (mode_ == Mode::Mode_messageTruncatedInMiddleOfTag) { + unsigned char bytes[1]; + bytes[0] = 128; // tag is actually encoded as a VARINT, so set the high + // bit, indicating there should be a byte after this + SendBytesOverPipe(bytes, event); + } else { + std::cout << "(misbehaving) Handler::AnalyzeContent() about to call " + "event->Send(), mode is " + << sModeToString[mode_] << std::endl; + // Send the response back to Google Chrome. + auto rc = event->Send(); + if (rc != content_analysis::sdk::ResultCode::OK) { + std::cout << "[Demo] Error sending response: " + << content_analysis::sdk::ResultCodeToString(rc) << std::endl; + std::cout << event->DebugString() << std::endl; + } + } + } + + private: + void OnBrowserConnected( + const content_analysis::sdk::BrowserInfo& info) override { + std::cout << std::endl << "==========" << std::endl; + std::cout << "Browser connected pid=" << info.pid << std::endl; + } + + void OnBrowserDisconnected( + const content_analysis::sdk::BrowserInfo& info) override { + std::cout << std::endl + << "Browser disconnected pid=" << info.pid << std::endl; + std::cout << "==========" << std::endl; + } + + void OnAnalysisRequested(std::unique_ptr<Event> event) override { + // If the agent is capable of analyzing content in the background, the + // events may be handled in background threads. Having said that, a + // event should not be assumed to be thread safe, that is, it should not + // be accessed by more than one thread concurrently. + // + // In this example code, the event is handled synchronously. + AnalyzeContent(std::move(event)); + } + void OnResponseAcknowledged( + const content_analysis::sdk::ContentAnalysisAcknowledgement& ack) + override { + const char* final_action = "<Unknown>"; + if (ack.has_final_action()) { + switch (ack.final_action()) { + case content_analysis::sdk::ContentAnalysisAcknowledgement:: + ACTION_UNSPECIFIED: + final_action = "<Unspecified>"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::ALLOW: + final_action = "Allow"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::REPORT_ONLY: + final_action = "Report only"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::WARN: + final_action = "Warn"; + break; + case content_analysis::sdk::ContentAnalysisAcknowledgement::BLOCK: + final_action = "Block"; + break; + } + } + + std::cout << "Ack: " << ack.request_token() << std::endl; + std::cout << " Final action: " << final_action << std::endl; + } + void OnCancelRequests( + const content_analysis::sdk::ContentAnalysisCancelRequests& cancel) + override { + std::cout << "Cancel: " << std::endl; + std::cout << " User action ID: " << cancel.user_action_id() << std::endl; + } + + void OnInternalError(const char* context, + content_analysis::sdk::ResultCode error) override { + std::cout << std::endl + << "*ERROR*: context=\"" << context << "\" " + << content_analysis::sdk::ResultCodeToString(error) << std::endl; + } + + void DumpRequest( + const content_analysis::sdk::ContentAnalysisRequest& request) { + std::string connector = "<Unknown>"; + if (request.has_analysis_connector()) { + switch (request.analysis_connector()) { + case content_analysis::sdk::FILE_DOWNLOADED: + connector = "download"; + break; + case content_analysis::sdk::FILE_ATTACHED: + connector = "attach"; + break; + case content_analysis::sdk::BULK_DATA_ENTRY: + connector = "bulk-data-entry"; + break; + case content_analysis::sdk::PRINT: + connector = "print"; + break; + case content_analysis::sdk::FILE_TRANSFER: + connector = "file-transfer"; + break; + default: + break; + } + } + + std::string url = + request.has_request_data() && request.request_data().has_url() + ? request.request_data().url() + : "<No URL>"; + + std::string tab_title = + request.has_request_data() && request.request_data().has_tab_title() + ? request.request_data().tab_title() + : "<No tab title>"; + + std::string filename = + request.has_request_data() && request.request_data().has_filename() + ? request.request_data().filename() + : "<No filename>"; + + std::string digest = + request.has_request_data() && request.request_data().has_digest() + ? request.request_data().digest() + : "<No digest>"; + + std::string file_path = + request.has_file_path() ? request.file_path() : "<none>"; + + std::string text_content = + request.has_text_content() ? request.text_content() : "<none>"; + + std::string machine_user = + request.has_client_metadata() && + request.client_metadata().has_browser() && + request.client_metadata().browser().has_machine_user() + ? request.client_metadata().browser().machine_user() + : "<No machine user>"; + + std::string email = + request.has_request_data() && request.request_data().has_email() + ? request.request_data().email() + : "<No email>"; + + time_t t = request.expires_at(); + + std::string user_action_id = request.has_user_action_id() + ? request.user_action_id() + : "<No user action id>"; + + std::cout << "Request: " << request.request_token() << std::endl; + std::cout << " User action ID: " << user_action_id << std::endl; + std::cout << " Expires at: " << ctime(&t); // Returned string includes \n. + std::cout << " Connector: " << connector << std::endl; + std::cout << " URL: " << url << std::endl; + std::cout << " Tab title: " << tab_title << std::endl; + std::cout << " Filename: " << filename << std::endl; + std::cout << " Digest: " << digest << std::endl; + std::cout << " Filepath: " << file_path << std::endl; + std::cout << " Text content: '" << text_content << "'" << std::endl; + std::cout << " Machine user: " << machine_user << std::endl; + std::cout << " Email: " << email << std::endl; + } + + bool ReadContentFromFile(const std::string& file_path, std::string* content) { + std::ifstream file(file_path, + std::ios::in | std::ios::binary | std::ios::ate); + if (!file.is_open()) return false; + + // Get file size. This example does not handle files larger than 1MB. + // Make sure content string can hold the contents of the file. + int size = file.tellg(); + if (size > 1024 * 1024) return false; + + content->resize(size + 1); + + // Read file into string. + file.seekg(0, std::ios::beg); + file.read(&(*content)[0], size); + content->at(size) = 0; + return true; + } + + bool ShouldBlockRequest(const std::string& content) { + // Determines if the request should be blocked. (not needed for the + // misbehaving agent) + std::cout << "'" << content << "' was not blocked\n"; + return false; + } + + unsigned long delay_; + Mode mode_; +}; + +#endif // CONTENT_ANALYSIS_DEMO_HANDLER_MISBEHAVING_H_ diff --git a/third_party/content_analysis_sdk/demo/modes.h b/third_party/content_analysis_sdk/demo/modes.h new file mode 100644 index 0000000000..debefc9d1a --- /dev/null +++ b/third_party/content_analysis_sdk/demo/modes.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// #define AGENT_MODE(name) to do what you want and then #include this file + +AGENT_MODE(largeResponse) +AGENT_MODE(invalidUtf8StringStartByteIsContinuationByte) +AGENT_MODE(invalidUtf8StringEndsInMiddleOfMultibyteSequence) +AGENT_MODE(invalidUtf8StringOverlongEncoding) +AGENT_MODE(invalidUtf8StringMultibyteSequenceTooShort) +AGENT_MODE(invalidUtf8StringDecodesToInvalidCodePoint) +AGENT_MODE(stringWithEmbeddedNull) +AGENT_MODE(zeroResults) +AGENT_MODE(resultWithInvalidStatus) +AGENT_MODE(messageTruncatedInMiddleOfString) +AGENT_MODE(messageWithInvalidWireType) +AGENT_MODE(messageWithUnusedFieldNumber) +AGENT_MODE(messageWithWrongStringWireType) +AGENT_MODE(messageWithZeroTag) +AGENT_MODE(messageWithZeroFieldButNonzeroWireType) +AGENT_MODE(messageWithGroupEnd) +AGENT_MODE(messageTruncatedInMiddleOfVarint) +AGENT_MODE(messageTruncatedInMiddleOfTag) diff --git a/third_party/content_analysis_sdk/demo/request_queue.h b/third_party/content_analysis_sdk/demo/request_queue.h new file mode 100644 index 0000000000..8615774e2e --- /dev/null +++ b/third_party/content_analysis_sdk/demo/request_queue.h @@ -0,0 +1,70 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_ANALYSIS_DEMO_REQUST_QUEUE_H_ +#define CONTENT_ANALYSIS_DEMO_REQUST_QUEUE_H_ + +#include <condition_variable> +#include <memory> +#include <mutex> +#include <queue> + +#include "content_analysis/sdk/analysis_agent.h" + +// This class maintains a list of outstanding content analysis requests to +// process. Each request is encapsulated in one ContentAnalysisEvent. +// Requests are handled in FIFO order. +class RequestQueue { + public: + using Event = content_analysis::sdk::ContentAnalysisEvent; + + RequestQueue() = default; + virtual ~RequestQueue() = default; + + // Push a new content analysis event into the queue. + void push(std::unique_ptr<Event> event) { + std::lock_guard<std::mutex> lock(mutex_); + + events_.push(std::move(event)); + + // Wake before leaving to prevent unpredicatable scheduling. + cv_.notify_one(); + } + + // Pop the next request from the queue, blocking if necessary until an event + // is available. Returns a nullptr if the queue will produce no more + // events. + std::unique_ptr<Event> pop() { + std::unique_lock<std::mutex> lock(mutex_); + + while (!abort_ && events_.size() == 0) + cv_.wait(lock); + + std::unique_ptr<Event> event; + if (!abort_) { + event = std::move(events_.front()); + events_.pop(); + } + + return event; + } + + // Marks the queue as aborted. pop() will now return nullptr. + void abort() { + std::lock_guard<std::mutex> lg(mutex_); + + abort_ = true; + + // Wake before leaving to prevent unpredicatable scheduling. + cv_.notify_all(); + } + + private: + std::queue<std::unique_ptr<Event>> events_; + std::mutex mutex_; + std::condition_variable cv_; + bool abort_ = false; +}; + +#endif // CONTENT_ANALYSIS_DEMO_REQUST_QUEUE_H_ diff --git a/third_party/content_analysis_sdk/docs/code-of-conduct.md b/third_party/content_analysis_sdk/docs/code-of-conduct.md new file mode 100644 index 0000000000..be0f6056c3 --- /dev/null +++ b/third_party/content_analysis_sdk/docs/code-of-conduct.md @@ -0,0 +1,94 @@ +# Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of +experience, education, socio-economic status, nationality, personal appearance, +race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, or to ban temporarily or permanently any +contributor for other behaviors that they deem inappropriate, threatening, +offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +This Code of Conduct also applies outside the project spaces when the Project +Steward has a reasonable belief that an individual's behavior may have a +negative impact on the project or its community. + +## Conflict Resolution + +We do not believe that all conflict is bad; healthy debate and disagreement +often yield positive results. However, it is never okay to be disrespectful or +to engage in behavior that violates the project’s code of conduct. + +If you see someone violating the code of conduct, you are encouraged to address +the behavior directly with those involved. Many issues can be resolved quickly +and easily, and this gives people more control over the outcome of their +dispute. If you are unable to resolve the matter for any reason, or if the +behavior is threatening or harassing, report it. We are dedicated to providing +an environment where participants feel welcome and safe. + +Reports should be directed to *community@chromium.org*, the +Project Steward(s) for *content_analysis_sdk*. It is the Project Steward’s duty to +receive and address reported violations of the code of conduct. They will then +work with a committee consisting of representatives from the Open Source +Programs Office and the Google Open Source Strategy team. If for any reason you +are uncomfortable reaching out to the Project Steward, please email +opensource@google.com. + +We will investigate every complaint, but you may not receive a direct response. +We will use our discretion in determining when and how to follow up on reported +incidents, which may range from not taking action to permanent expulsion from +the project and project-sponsored spaces. We will notify the accused of the +report and provide them an opportunity to discuss it before any action is taken. +The identity of the reporter will be omitted from the details of the report +supplied to the accused. In potentially harmful situations, such as ongoing +harassment or threats to anyone's safety, we may take action without notice. + +## Attribution + +This Code of Conduct is adapted from the Contributor Covenant, version 1.4, +available at +https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + diff --git a/third_party/content_analysis_sdk/docs/contributing.md b/third_party/content_analysis_sdk/docs/contributing.md new file mode 100644 index 0000000000..3bcdc104c8 --- /dev/null +++ b/third_party/content_analysis_sdk/docs/contributing.md @@ -0,0 +1,29 @@ +# How to Contribute + +We'd love to accept your patches and contributions to this project. There are +just a few small guidelines you need to follow. + +## Contributor License Agreement + +Contributions to this project must be accompanied by a Contributor License +Agreement. You (or your employer) retain the copyright to your contribution; +this simply gives us permission to use and redistribute your contributions as +part of the project. Head over to <https://cla.developers.google.com/> to see +your current agreements on file or to sign a new one. + +You generally only need to submit a CLA once, so if you've already submitted one +(even if it was for a different project), you probably don't need to do it +again. + +## Code Reviews + +All submissions, including submissions by project members, require review. We +use GitHub pull requests for this purpose. Consult +[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more +information on using pull requests. + +## Community Guidelines + +This project follows [Google's Open Source Community +Guidelines](https://opensource.google/conduct/). + diff --git a/third_party/content_analysis_sdk/prepare_build b/third_party/content_analysis_sdk/prepare_build new file mode 100644 index 0000000000..ce68760f0a --- /dev/null +++ b/third_party/content_analysis_sdk/prepare_build @@ -0,0 +1,48 @@ +#!/bin/bash
+# Copyright 2022 The Chromium Authors.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This script is meant to be run once to setup the example demo agent.
+# Run it with one command line argument: the path to a directory where the
+# demo agent will be built. This should be a directory outside the SDK
+# directory tree. By default, if no directory is supplied, a directory
+# named `build` in the project root will be used.
+#
+# Once the build is prepared, the demo binary is built using the command
+# `cmake --build <build-dir>`, where <build-dir> is the same argument given
+# to this script.
+
+set -euo pipefail
+
+export ROOT_DIR=$(realpath $(dirname $0))
+export DEMO_DIR=$(realpath $ROOT_DIR/demo)
+export PROTO_DIR=$(realpath $ROOT_DIR/proto)
+# Defaults to $ROOT_DIR/build if no argument is provided.
+export BUILD_DIR=$(realpath ${1:-$ROOT_DIR/build})
+
+echo Root dir: $ROOT_DIR
+echo Build dir: $BUILD_DIR
+echo Demo dir: $DEMO_DIR
+echo Proto dir: $PROTO_DIR
+
+# Prepare build directory
+mkdir -p $BUILD_DIR
+# Prepare protobuf out directory
+mkdir -p $BUILD_DIR/gen
+# Enter build directory
+cd $BUILD_DIR
+
+# Install vcpkg and use it to install Google Protocol Buffers.
+test -d vcpkg || (
+ git clone https://github.com/microsoft/vcpkg
+ ./vcpkg/bootstrap-vcpkg.sh -disableMetrics
+)
+# Install any packages we want from vcpkg.
+./vcpkg/vcpkg install protobuf
+./vcpkg/vcpkg install gtest
+
+# Generate the build files.
+export CMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake
+cmake $ROOT_DIR
+
diff --git a/third_party/content_analysis_sdk/prepare_build.bat b/third_party/content_analysis_sdk/prepare_build.bat new file mode 100644 index 0000000000..445752090a --- /dev/null +++ b/third_party/content_analysis_sdk/prepare_build.bat @@ -0,0 +1,68 @@ +REM Copyright 2022 The Chromium Authors.
+REM Use of this source code is governed by a BSD-style license that can be
+REM found in the LICENSE file.
+@echo off
+setlocal
+
+REM This script is meant to be run once to setup the example demo agent.
+REM Run it with one command line argument: the path to a directory where the
+REM demo agent will be built. This should be a directory outside the SDK
+REM directory tree. By default, if no directory is supplied, a directory
+REM named `build` in the project root will be used.
+REM
+REM Once the build is prepared, the demo binary is built using the command
+REM `cmake --build <build-dir>`, where <build-dir> is the same argument given
+REM to this script.
+
+set ROOT_DIR=%~dp0
+call :ABSPATH "%ROOT_DIR%\demo" DEMO_DIR
+call :ABSPATH "%ROOT_DIR%\proto" PROTO_DIR
+
+REM BUILD_DIR defaults to $ROOT_DIR/build if no argument is provided.
+IF "%1" == "" (
+ call :ABSPATH "%ROOT_DIR%\build" BUILD_DIR
+) ELSE (
+ set BUILD_DIR=%~f1
+)
+
+echo .
+echo Root dir: %ROOT_DIR%
+echo Build dir: %BUILD_DIR%
+echo Demo dir: %DEMO_DIR%
+echo Proto dir: %PROTO_DIR%
+echo .
+
+REM Prepare build directory
+mkdir "%BUILD_DIR%"
+REM Prepare protobuf out directory
+mkdir "%BUILD_DIR%\gen"
+REM Enter build directory
+cd /d "%BUILD_DIR%"
+
+REM Install vcpkg and use it to install Google Protocol Buffers.
+IF NOT exist .\vcpkg\ (
+ cmd/c git clone https://github.com/microsoft/vcpkg
+ cmd/c .\vcpkg\bootstrap-vcpkg.bat -disableMetrics
+) ELSE (
+ echo vcpkg is already installed.
+)
+REM Install any packages we want from vcpkg.
+cmd/c .\vcpkg\vcpkg install protobuf:x64-windows
+cmd/c .\vcpkg\vcpkg install gtest:x64-windows
+
+REM Generate the build files.
+set CMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake
+cmake %ROOT_DIR%
+
+echo.
+echo.
+echo To build, type: cmake --build "%BUILD_DIR%"
+echo.
+
+exit /b
+
+REM Resolve relative path in %1 and set it into variable %2.
+:ABSPATH
+ set %2=%~f1
+ exit /b
+
diff --git a/third_party/content_analysis_sdk/proto/content_analysis/sdk/analysis.proto b/third_party/content_analysis_sdk/proto/content_analysis/sdk/analysis.proto new file mode 100644 index 0000000000..0bbd3d4368 --- /dev/null +++ b/third_party/content_analysis_sdk/proto/content_analysis/sdk/analysis.proto @@ -0,0 +1,255 @@ +// Copyright 2022 The Chromium Authors. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +syntax = "proto2"; + +option optimize_for = LITE_RUNTIME; + +package content_analysis.sdk; + +// The values in this enum can be extended in future versions of Chrome to +// support new analysis triggers. +enum AnalysisConnector { + ANALYSIS_CONNECTOR_UNSPECIFIED = 0; + FILE_DOWNLOADED = 1; + FILE_ATTACHED = 2; + BULK_DATA_ENTRY = 3; + PRINT = 4; + // This value is not yet implemented in the SDK. It is kept for consistency with the Chromium code. + FILE_TRANSFER = 5; +} + +message ContentMetaData { + // The URL containing the file download/upload or to which web content is + // being uploaded. + optional string url = 1; + + // Name of file on user system (if applicable). + optional string filename = 2; + + // Sha256 digest of file. + optional string digest = 3; + + // Specifically for the download case. + optional ClientDownloadRequest csd = 4; + + // Optional email address of user. This field may be empty if the user + // is not signed in. + optional string email = 5; + + // Name of tab title. + optional string tab_title = 9; + + // Empty for non-print actions. + message PrintMetadata { + optional string printer_name = 1; + + enum PrinterType { + UNKNOWN = 0; + CLOUD = 1; + LOCAL = 2; + } + optional PrinterType printer_type = 2; + } + optional PrintMetadata print_metadata = 11; + + reserved 6 to 8, 10; +} + +message ClientMetadata { + // Describes the browser uploading a scan request. + message Browser { + // This is omitted on scans triggered at the profile level. + optional string machine_user = 4; + + reserved 1 to 3; + }; + optional Browser browser = 1; + + reserved 2 to 3; +}; + +message ClientDownloadRequest { + // Type of the resources stored below. + enum ResourceType { + // The final URL of the download payload. The resource URL should + // correspond to the URL field above. + DOWNLOAD_URL = 0; + // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. + DOWNLOAD_REDIRECT = 1; + // The final top-level URL of the tab that triggered the download. + TAB_URL = 2; + // A redirect URL thas was fetched before hitting the final TAB_URL. + TAB_REDIRECT = 3; + // The document URL for a PPAPI plugin instance that initiated the download. + // This is the document.url for the container element for the plugin + // instance. + PPAPI_DOCUMENT = 4; + // The plugin URL for a PPAPI plugin instance that initiated the download. + PPAPI_PLUGIN = 5; + } + + message Resource { + required string url = 1; + required ResourceType type = 2; + + reserved 3 to 4; + } + + repeated Resource resources = 4; + + reserved 1 to 3, 5 to 84; +} + + +// Analysis request sent from chrome to backend. +// The proto in the Chromium codebase is the source of truth, the version here +// should always be in sync with it (https://osscs.corp.google.com/chromium/chromium/src/+/main:components/enterprise/common/proto/connectors.proto;l=87;drc=a8fb6888aff535f27654f03cd1643868ba066de9). +message ContentAnalysisRequest { + // Token used to correlate requests and responses. This is different than the + // FCM token in that it is unique for each request. + optional string request_token = 5; + + // Which enterprise connector fired this request. + optional AnalysisConnector analysis_connector = 9; + + // Information about the data that triggered the content analysis request. + optional ContentMetaData request_data = 10; + + // The tags configured for the URL that triggered the content analysis. + repeated string tags = 11; + + // Additional information about the browser, device or profile so events can + // be reported with device/user identifiable information. + optional ClientMetadata client_metadata = 12; + + // Data used to transmit print data from the browser. + message PrintData { + // A platform-specific handle that can be used to access the printed document. + optional int64 handle = 1; + + // The size of the data to be printed. + optional int64 size = 2; + } + + oneof content_data { + // The text content to analyze in local content analysis request. + string text_content = 13; + + // The full path to the file to analyze in local content analysis request. + // The path is expressed in a platform dependent way. + string file_path = 14; + + // The to-be-printed page/document in PDF format. + PrintData print_data = 18; + } + + // The absolute deadline (seconds since the UTC Epoch time) that Chrome will + // wait until a response from the agent is received. + optional int64 expires_at = 15; + + // ID for keeping track of analysis requests that belong to the same user + // action. + optional string user_action_id = 16; + + // Count of analysis requests that belong to the same user action. + optional int64 user_action_requests_count = 17; + + // Reserved to make sure there is no overlap with DeepScanningClientRequest. + reserved 1 to 4, 6 to 8; +} + +// Verdict response sent from agent to Google Chrome. +message ContentAnalysisResponse { + // Token used to correlate requests and responses. Corresponds to field in + // ContentAnalysisRequest with the same name. + optional string request_token = 1; + + // Represents the analysis result from a given tag. + message Result { + optional string tag = 1; + + // The status of this result. + enum Status { + STATUS_UNKNOWN = 0; + SUCCESS = 1; + FAILURE = 2; + } + optional Status status = 2; + + // Identifies the detection rules that were triggered by the analysis. + // Only relevant when status is SUCCESS. + message TriggeredRule { + enum Action { + ACTION_UNSPECIFIED = 0; + REPORT_ONLY = 1; + WARN = 2; + BLOCK = 3; + } + optional Action action = 1; + optional string rule_name = 2; + optional string rule_id = 3; + reserved 4; + } + repeated TriggeredRule triggered_rules = 3; + + reserved 4 to 7; + } + repeated Result results = 4; + + reserved 2 to 3; +} + +// An Acknowledgement is sent by the browser following the receipt of a response +// from the agent. +message ContentAnalysisAcknowledgement { + // Token used to correlate with the corresponding request and response. + optional string request_token = 1; + + // The action taken by google Chrome with the content analysis response. + enum Status { + // The response was handled as specified by the agent. + SUCCESS = 1; + + // The response from the agent was not properly formatted. + INVALID_RESPONSE = 2; + + // The response from the agent was too late and Google Chrome took the + // default action. + TOO_LATE = 3; + }; + optional Status status = 2; + + // The final action that chrome took with this request. This may be different + // from the action specified in the response if the response was too late or + // if the original request was part of a user action whose overall final + // differed from the action of this particular request. + enum FinalAction { + ACTION_UNSPECIFIED = 0; + ALLOW = 1; + REPORT_ONLY = 2; + WARN = 3; + BLOCK = 4; + }; + optional FinalAction final_action = 3; +} + +// A message that asks the agent to cancel all requests with the given user +// action id. Note that more that content analysis request may have the given +// user action id. +message ContentAnalysisCancelRequests { + optional string user_action_id = 1; +} + +// Generic message sent from Chrome to Agent. +message ChromeToAgent { + optional ContentAnalysisRequest request = 1; + optional ContentAnalysisAcknowledgement ack = 2; + optional ContentAnalysisCancelRequests cancel = 3; +} + +// Generic message sent from Agent to Chrome. +message AgentToChrome { + optional ContentAnalysisResponse response = 1; +} |