Confirmed users
238
edits
Security/Features/Application Reputation Design Doc: Difference between revisions
Security/Features/Application Reputation Design Doc (view source)
Revision as of 16:31, 22 July 2014
, 22 July 2014→Remote lookup
| Line 45: | Line 45: | ||
Thus every for every certificate chain of length n, n-1 whitelist strings are constructed. In Chrome, certificate whitelist strings are constructed in CertificateChainIsWhitelisted [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=703]. | Thus every for every certificate chain of length n, n-1 whitelist strings are constructed. In Chrome, certificate whitelist strings are constructed in CertificateChainIsWhitelisted [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=703]. | ||
== Remote lookup == | == Remote lookup (present in FF 32) == | ||
The user-agent stuffs all file metadata into a ClientDownloadRequest protocol buffer and sends it to the remote service. If a MALWARE verdict is received, the downloaded file should not be saved and the UI should report that the download may be malware. In Chrome, this occurs in CheckClientDownloadRequest::SendRequest [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=612]. In Firefox, this happens in ApplicationReputation::PendingLookup::SendRemoteQuery [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/ApplicationReputation.cpp] and in the JS DownloadIntegration.shouldBlockForApplicationReputation [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#491]. | The user-agent stuffs all file metadata into a ClientDownloadRequest protocol buffer and sends it to the remote service. If a MALWARE verdict is received, the downloaded file should not be saved and the UI should report that the download may be malware. In Chrome, this occurs in CheckClientDownloadRequest::SendRequest [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/safe_browsing/download_protection_service.cc&rcl=1392695364&l=612]. In Firefox, this happens in ApplicationReputation::PendingLookup::SendRemoteQuery [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/ApplicationReputation.cpp] and in the JS DownloadIntegration.shouldBlockForApplicationReputation [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/DownloadIntegration.jsm#491]. | ||