Handle the case where IAttachmentExecute::Save() deletes a downloaded file.

content/browser/download/base_file.cc

Index: content/browser/download/base_file.cc
diff --git a/content/browser/download/base_file.cc b/content/browser/download/base_file.cc
index cc7871fcedde3d1a34ba8488651b4e4f96a7b20a..f325b7dd61f54cc6b6f228e32a298da60576bdea 100644
--- a/content/browser/download/base_file.cc
+++ b/content/browser/download/base_file.cc
@@ -196,6 +196,33 @@ net::Error RenameFileAndResetSecurityDescriptor(
   return MapShFileOperationCodes(result);
 }
 
+// Maps a return code from ScanAndSaveDownloadedFile() to a net::Error. The
+// return code is usually from the final IAttachmentExecute::Save() call.
+net::Error MapScanAndSaveErrorCodeToNetError(HRESULT hresult) {
+  switch (hresult) {
+    case INET_E_SECURITY_PROBLEM: // 0x800c000e
+      // This is returned if the download was blocked due to security
+      // restrictions. E.g. if the source URL was in the Restricted Sites zone
+      // and downloads are blocked on that zone, then the download would be
+      // deleted and this error code is returned.
+      return net::ERR_BLOCKED_BY_CLIENT;
+
+    case __HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED):  // 0x80070005
+    case __HRESULT_FROM_WIN32(ERROR_BAD_EXE_FORMAT): // 0x800700c1
+      // These are errors that we have observed in the wild
+      // (http://crbug.com/153212). We don't have a useful explanation as to why
+      // this happens.

[Randy Smith (Not in Mondays), 2012/10/16 18:19:19]

Part of me would like to find *some* different error code and status text to map
this too, just so that we can tell when they occur in the wild without a
net-internals dump.  Maybe "AV Comm Error" / "An error occurred invoking the
anti-virus program"?

[asanka, 2012/10/25 23:51:27]

Added a new interrupt reason. I named it 'SECURITY_CHECK_FAILED'. Partly because
things other than anti-virus can be at fault.

+    case E_FAIL:                        // 0x80004005
+      // Returned if an anti-virus product reports an infection in the
+      // downloaded file during IAE::Save().
+    default:
+      // Any error that occurs during IAttachmentExecute::Save() other than
+      // INET_E_SECURITY_PROBLEM is interpreted as a virus infection. This
+      // follows the behavior in IE.
+      return net::ERR_FILE_VIRUS_INFECTED;
+  }
+}
+
 #endif
 
 }  // namespace
@@ -464,21 +491,41 @@ bool BaseFile::IsEmptyHash(const std::string& hash) {
           0 == memcmp(hash.data(), kEmptySha256Hash, sizeof(kSha256HashLen)));
 }
 
-void BaseFile::AnnotateWithSourceInformation() {
+net::Error BaseFile::AnnotateWithSourceInformation() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
   DCHECK(!detached_);
 
+  bound_net_log_.BeginEvent(net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED);
+  int os_error = 0;                     // Only used for logging.
+  net::Error net_error = net::OK;
 #if defined(OS_WIN)
-  // Sets the Zone to tell Windows that this file comes from the internet.
-  // We ignore the return value because a failure is not fatal.
-  win_util::SetInternetZoneIdentifier(full_path_,
-                                      UTF8ToWide(source_url_.spec()));
+  HRESULT hr = win_util::ScanAndSaveDownloadedFile(full_path_, source_url_);
+  if (!file_util::PathExists(full_path_)) {
+    DCHECK(FAILED(hr));
+    // If the ScanAndSaveDownloadedFile() call failed, but the downloaded file
+    // is still around, then log the error, but don't show it to the
+    // user. Attachment Execution Services deletes the submitted file if the
+    // downloaded file is blocked by policy or if it was found to be infected.
+    //
+    // If the file is still there, then the error could be due to AES not being
+    // available or some other error during the AES invocation. In either case,
+    // we don't surface the error to the user.
+    net_error = MapScanAndSaveErrorCodeToNetError(hr);
+    if (net_error == net::OK)
+      net_error = net::ERR_FAILED;

[Randy Smith (Not in Mondays), 2012/10/16 18:19:19]

Do we want some better way to call out the case in which the file disappeared
but the error code didn't show a problem?  UMA?

[asanka, 2012/10/25 23:51:27]

Add a UMA count for this case.

+  }
+  os_error = hr;
 #elif defined(OS_MACOSX)
   content::AddQuarantineMetadataToFile(full_path_, source_url_, referrer_url_);
   content::AddOriginMetadataToFile(full_path_, source_url_, referrer_url_);
 #elif defined(OS_LINUX)
   content::AddOriginMetadataToFile(full_path_, source_url_, referrer_url_);
 #endif
+  bound_net_log_.EndEvent(
+      net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED,
+      base::Bind(&download_net_logs::AnnotateWithSourceCallback,
+                 os_error, net_error));
+  return net_error;
 }
 
 void BaseFile::CreateFileStream() {