tor-browser

client.cc (14286B)

---

// Copyright 2022 The Chromium Authors.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <time.h>

#include <iostream>
#include <memory>
#include <mutex>
#include <sstream>
#include <string>
#include <thread>
#include <vector>

#include "content_analysis/sdk/analysis_client.h"
#include "demo/atomic_output.h"

using content_analysis::sdk::Client;
using content_analysis::sdk::ContentAnalysisRequest;
using content_analysis::sdk::ContentAnalysisResponse;
using content_analysis::sdk::ContentAnalysisAcknowledgement;

// Different paths are used depending on whether this agent should run as a
// use specific agent or not.  These values are chosen to match the test
// values in chrome browser.
constexpr char kPathUser[] = "path_user";
constexpr char kPathSystem[] = "brcm_chrm_cas";

// Global app config.
std::string path = kPathSystem;
bool user_specific = false;
bool group = false;
std::unique_ptr<Client> client;

// Paramters used to build the request.
content_analysis::sdk::AnalysisConnector connector =
   content_analysis::sdk::FILE_ATTACHED;
time_t request_token_number = time(nullptr);
std::string request_token;
std::string tag = "dlp";
bool threaded = false;
std::string digest = "sha256-123456";
std::string url = "https://upload.example.com";
std::string email = "me@example.com";
std::string machine_user = "DOMAIN\\me";
std::vector<std::string> datas;

// When grouping, remember the tokens of all requests/responses in order to
// acknowledge them all with the same final action.
//
// This global state.  It may be access from multiple thread so must be
// accessed from a critical section.
std::mutex global_mutex;
ContentAnalysisAcknowledgement::FinalAction global_final_action =
   ContentAnalysisAcknowledgement::ALLOW;
std::vector<std::string> request_tokens;

// Command line parameters.
constexpr const char* kArgConnector = "--connector=";
constexpr const char* kArgDigest = "--digest=";
constexpr const char* kArgEmail = "--email=";
constexpr const char* kArgGroup = "--group";
constexpr const char* kArgMachineUser = "--machine-user=";
constexpr const char* kArgPath = "--path=";
constexpr const char* kArgRequestToken = "--request-token=";
constexpr const char* kArgTag = "--tag=";
constexpr const char* kArgThreaded = "--threaded";
constexpr const char* kArgUrl = "--url=";
constexpr const char* kArgUserSpecific = "--user";
constexpr const char* kArgHelp = "--help";

bool ParseCommandLine(int argc, char* argv[]) {
 for (int i = 1; i < argc; ++i) {
   const std::string arg = argv[i];
   if (arg.find(kArgConnector) == 0) {
     std::string connector_str = arg.substr(strlen(kArgConnector));
     if (connector_str == "download") {
       connector = content_analysis::sdk::FILE_DOWNLOADED;
     } else if (connector_str == "attach") {
       connector = content_analysis::sdk::FILE_ATTACHED;
     } else if (connector_str == "bulk-data-entry") {
       connector = content_analysis::sdk::BULK_DATA_ENTRY;
     } else if (connector_str == "print") {
       connector = content_analysis::sdk::PRINT;
     } else if (connector_str == "file-transfer") {
       connector = content_analysis::sdk::FILE_TRANSFER;
     } else {
       std::cout << "[Demo] Incorrect command line arg: " << arg << std::endl;
       return false;
     }
   } else if (arg.find(kArgRequestToken) == 0) {
     request_token = arg.substr(strlen(kArgRequestToken));
   } else if (arg.find(kArgTag) == 0) {
     tag = arg.substr(strlen(kArgTag));
   } else if (arg.find(kArgThreaded) == 0) {
     threaded = true;
   } else if (arg.find(kArgDigest) == 0) {
     digest = arg.substr(strlen(kArgDigest));
   } else if (arg.find(kArgUrl) == 0) {
     url = arg.substr(strlen(kArgUrl));
   } else if (arg.find(kArgMachineUser) == 0) {
     machine_user = arg.substr(strlen(kArgMachineUser));
   } else if (arg.find(kArgEmail) == 0) {
     email = arg.substr(strlen(kArgEmail));
   } else if (arg.find(kArgPath) == 0) {
     path = arg.substr(strlen(kArgPath));
   } else if (arg.find(kArgUserSpecific) == 0) {
     // If kArgPath was already used, abort.
     if (path != kPathSystem) {
       std::cout << std::endl << "ERROR: use --path=<path> after --user";
       return false;
     }
     path = kPathUser;
     user_specific = true;
   } else if (arg.find(kArgGroup) == 0) {
     group = true;
   } else if (arg.find(kArgHelp) == 0) {
     return false;
   } else {
     datas.push_back(arg);
   }
 }

 return true;
}

void PrintHelp() {
 std::cout
   << std::endl << std::endl
   << "Usage: client [OPTIONS] [@]content_or_file ..." << std::endl
   << "A simple client to send content analysis requests to a running agent." << std::endl
   << "Without @ the content to analyze is the argument itself." << std::endl
   << "Otherwise the content is read from a file called 'content_or_file'." << std::endl
   << "Multiple [@]content_or_file arguments may be specified, each generates one request." << std::endl
   << std::endl << "Options:"  << std::endl
   << kArgConnector << "<connector> : one of 'download', 'attach' (default), 'bulk-data-entry', 'print', or 'file-transfer'" << std::endl
   << kArgRequestToken << "<unique-token> : defaults to 'req-<number>' which auto increments" << std::endl
   << kArgTag << "<tag> : defaults to 'dlp'" << std::endl
   << kArgThreaded << " : handled multiple requests using threads" << std::endl
   << kArgUrl << "<url> : defaults to 'https://upload.example.com'" << std::endl
   << kArgMachineUser << "<machine-user> : defaults to 'DOMAIN\\me'" << std::endl
   << kArgEmail << "<email> : defaults to 'me@example.com'" << std::endl
   << kArgPath << " <path> : Used the specified path instead of default. Must come after --user." << std::endl
   << kArgUserSpecific << " : Connects to an OS user specific agent" << std::endl
   << kArgDigest << "<digest> : defaults to 'sha256-123456'" << std::endl
   << kArgGroup << " : Generate the same final action for all requests" << std::endl
   << kArgHelp << " : prints this help message" << std::endl;
}

std::string GenerateRequestToken() {
 std::stringstream stm;
 stm << "req-" << request_token_number++;
 return stm.str();
}

ContentAnalysisRequest BuildRequest(const std::string& data) {
 std::string filepath;
 std::string filename;
 if (data[0] == '@') {
   filepath = data.substr(1);
   filename = filepath.substr(filepath.find_last_of("/\\") + 1);
 }

 ContentAnalysisRequest request;

 // Set request to expire 5 minutes into the future.
 request.set_expires_at(time(nullptr) + 5 * 60);
 request.set_analysis_connector(connector);
 request.set_request_token(!request_token.empty()
     ? request_token : GenerateRequestToken());
 *request.add_tags() = tag;

 auto request_data = request.mutable_request_data();
 request_data->set_url(url);
 request_data->set_email(email);
 request_data->set_digest(digest);
 if (!filename.empty()) {
   request_data->set_filename(filename);
 }

 auto client_metadata = request.mutable_client_metadata();
 auto browser = client_metadata->mutable_browser();
 browser->set_machine_user(machine_user);

 if (!filepath.empty()) {
   request.set_file_path(filepath);
 } else if (!data.empty()) {
   request.set_text_content(data);
 } else {
   std::cout << "[Demo] Specify text content or a file path." << std::endl;
   PrintHelp();
   exit(1);
 }

 return request;
}

// Gets the most severe action within the result.
ContentAnalysisResponse::Result::TriggeredRule::Action
GetActionFromResult(const ContentAnalysisResponse::Result& result) {
 auto action =
   ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED;
 for (auto rule : result.triggered_rules()) {
   if (rule.has_action() && rule.action() > action)
     action = rule.action();
 }
 return action;
}

// Gets the most severe action within all the the results of a response.
ContentAnalysisResponse::Result::TriggeredRule::Action
GetActionFromResponse(const ContentAnalysisResponse& response) {
 auto action =
   ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED;
 for (auto result : response.results()) {
   auto action2 = GetActionFromResult(result);
   if (action2 > action)
     action = action2;
 }
 return action;
}

void DumpResponse(
   std::stringstream& stream,
   const ContentAnalysisResponse& response) {
 for (auto result : response.results()) {
   auto tag = result.has_tag() ? result.tag() : "<no-tag>";

   auto status = result.has_status()
     ? result.status()
     : ContentAnalysisResponse::Result::STATUS_UNKNOWN;
   std::string status_str;
   switch (status) {
   case ContentAnalysisResponse::Result::STATUS_UNKNOWN:
     status_str = "Unknown";
     break;
   case ContentAnalysisResponse::Result::SUCCESS:
     status_str = "Success";
     break;
   case ContentAnalysisResponse::Result::FAILURE:
     status_str = "Failure";
     break;
   default:
     status_str = "<Uknown>";
     break;
   }

   auto action = GetActionFromResult(result);
   std::string action_str;
   switch (action) {
   case ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED:
     action_str = "allowed";
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::REPORT_ONLY:
     action_str = "reported only";
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::WARN:
     action_str = "warned";
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::BLOCK:
     action_str = "blocked";
     break;
   }

   time_t now = time(nullptr);
   stream << "[Demo] Request " << response.request_token()  << " is " << action_str
          << " after " << tag
          << " analysis, status=" << status_str
          << " at " << ctime(&now);
 }
}

ContentAnalysisAcknowledgement BuildAcknowledgement(
   const std::string& request_token,
   ContentAnalysisAcknowledgement::FinalAction final_action) {
 ContentAnalysisAcknowledgement ack;
 ack.set_request_token(request_token);
 ack.set_status(ContentAnalysisAcknowledgement::SUCCESS);
 ack.set_final_action(final_action);
 return ack;
}

void HandleRequest(const ContentAnalysisRequest& request) {
 AtomicCout aout;
 ContentAnalysisResponse response;
 int err = client->Send(request, &response);
 if (err != 0) {
   aout.stream() << "[Demo] Error sending request " << request.request_token()
          << std::endl;
 } else if (response.results_size() == 0) {
   aout.stream() << "[Demo] Response " << request.request_token() << " is missing a result"
                 << std::endl;
 } else {
   DumpResponse(aout.stream(), response);

   auto final_action = ContentAnalysisAcknowledgement::ALLOW;
   switch (GetActionFromResponse(response)) {
   case ContentAnalysisResponse::Result::TriggeredRule::ACTION_UNSPECIFIED:
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::REPORT_ONLY:
     final_action = ContentAnalysisAcknowledgement::REPORT_ONLY;
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::WARN:
     final_action = ContentAnalysisAcknowledgement::WARN;
     break;
   case ContentAnalysisResponse::Result::TriggeredRule::BLOCK:
     final_action = ContentAnalysisAcknowledgement::BLOCK;
     break;
   }

   // If grouping, remember the request's token in order to ack the response
   // later.
   if (group) {
     std::unique_lock<std::mutex> lock(global_mutex);
     request_tokens.push_back(request.request_token());
     if (final_action > global_final_action)
       global_final_action = final_action;
   } else {
     int err = client->Acknowledge(
       BuildAcknowledgement(response.request_token(), final_action));
     if (err != 0) {
       aout.stream() << "[Demo] Error sending ack " << request.request_token()
                     << std::endl;
     }
   }
 }
}

void ProcessRequest(size_t i) {
 auto request = BuildRequest(datas[i]);

 {
   AtomicCout aout;
   aout.stream() << "[Demo] Sending request " << request.request_token() << std::endl;
 }

 HandleRequest(request);
}

int main(int argc, char* argv[]) {
 if (!ParseCommandLine(argc, argv)) {
   PrintHelp();
   return 1;
 }

 // Each client uses a unique name to identify itself with Google Chrome.
 client = Client::Create({path, user_specific});
 if (!client) {
   std::cout << "[Demo] Error starting client" << std::endl;
   return 1;
 };

 auto info = client->GetAgentInfo();
 std::cout << "Agent pid=" << info.pid
           << " path=" << info.binary_path << std::endl;

 if (threaded) {
   std::vector<std::unique_ptr<std::thread>> threads;
   for (int i = 0; i < datas.size(); ++i) {
     AtomicCout aout;
     aout.stream() << "Start thread " << i << std::endl;
     threads.emplace_back(std::make_unique<std::thread>(ProcessRequest, i));
   }

   // Make sure all threads have terminated.
   for (auto& thread : threads) {
     thread->join();
   }
 }
 else {
   for (size_t i = 0; i < datas.size(); ++i) {
     ProcessRequest(i);
   }
 }
 // It's safe to access global state beyond this point without locking since
 // all no more responses will be touching them.

 if (group) {
   std::cout << std::endl;
   std::cout << "[Demo] Final action for all requests is ";
   switch (global_final_action) {
   // Google Chrome fails open, so if no action is specified that is the same
   // as ALLOW.
   case ContentAnalysisAcknowledgement::ACTION_UNSPECIFIED:
   case ContentAnalysisAcknowledgement::ALLOW:
     std::cout << "allowed";
     break;
   case ContentAnalysisAcknowledgement::REPORT_ONLY:
     std::cout << "reported only";
     break;
   case ContentAnalysisAcknowledgement::WARN:
     std::cout << "warned";
     break;
   case ContentAnalysisAcknowledgement::BLOCK:
     std::cout << "blocked";
     break;
   }
   std::cout << std::endl << std::endl;

   for (auto token : request_tokens) {
     std::cout << "[Demo] Sending group Ack" << std::endl;
     int err = client->Acknowledge(
       BuildAcknowledgement(token, global_final_action));
     if (err != 0) {
       std::cout << "[Demo] Error sending ack for " << token << std::endl;
     }
   }
 }

 return 0;
};