Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/download/download_util.cc

Issue 1403001: Modifying the "dangerous download" algorithm. (Closed)
Patch Set: Adding .sys and .drv as Dangerous extensions Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/download/download_util.h ('k') | chrome/browser/extensions/user_script_listener_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // 4 //
5 // Download utility implementation 5 // Download utility implementation
6 6
7 #include "chrome/browser/download/download_util.h" 7 #include "chrome/browser/download/download_util.h"
8 8
9 #if defined(OS_WIN) 9 #if defined(OS_WIN)
10 #include <shobjidl.h> 10 #include <shobjidl.h>
(...skipping 11 matching lines...) Expand all
22 #include "base/string_number_conversions.h" 22 #include "base/string_number_conversions.h"
23 #include "base/stringprintf.h" 23 #include "base/stringprintf.h"
24 #include "base/sys_string_conversions.h" 24 #include "base/sys_string_conversions.h"
25 #include "base/thread_restrictions.h" 25 #include "base/thread_restrictions.h"
26 #include "base/utf_string_conversions.h" 26 #include "base/utf_string_conversions.h"
27 #include "base/values.h" 27 #include "base/values.h"
28 #include "base/win/windows_version.h" 28 #include "base/win/windows_version.h"
29 #include "chrome/browser/browser_list.h" 29 #include "chrome/browser/browser_list.h"
30 #include "chrome/browser/browser_process.h" 30 #include "chrome/browser/browser_process.h"
31 #include "chrome/browser/browser_thread.h" 31 #include "chrome/browser/browser_thread.h"
32 #include "chrome/browser/download/download_extensions.h"
32 #include "chrome/browser/download/download_item.h" 33 #include "chrome/browser/download/download_item.h"
33 #include "chrome/browser/download/download_item_model.h" 34 #include "chrome/browser/download/download_item_model.h"
34 #include "chrome/browser/download/download_manager.h" 35 #include "chrome/browser/download/download_manager.h"
35 #include "chrome/browser/extensions/crx_installer.h" 36 #include "chrome/browser/extensions/crx_installer.h"
36 #include "chrome/browser/extensions/extension_install_ui.h" 37 #include "chrome/browser/extensions/extension_install_ui.h"
37 #include "chrome/browser/extensions/extensions_service.h" 38 #include "chrome/browser/extensions/extensions_service.h"
38 #include "chrome/browser/history/download_create_info.h" 39 #include "chrome/browser/history/download_create_info.h"
39 #include "chrome/browser/net/chrome_url_request_context.h" 40 #include "chrome/browser/net/chrome_url_request_context.h"
40 #include "chrome/browser/profiles/profile.h" 41 #include "chrome/browser/profiles/profile.h"
41 #include "chrome/browser/renderer_host/resource_dispatcher_host.h" 42 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
(...skipping 672 matching lines...) Expand 10 before | Expand all | Expand 10 after
714 FilePath::StringType file_name; 715 FilePath::StringType file_name;
715 base::SStringPrintf( 716 base::SStringPrintf(
716 &file_name, 717 &file_name,
717 PRFilePathLiteral FILE_PATH_LITERAL(".crdownload"), 718 PRFilePathLiteral FILE_PATH_LITERAL(".crdownload"),
718 suggested_path.value().c_str()); 719 suggested_path.value().c_str());
719 return FilePath(file_name); 720 return FilePath(file_name);
720 } 721 }
721 722
722 // TODO(erikkay,phajdan.jr): This is apparently not being exercised in tests. 723 // TODO(erikkay,phajdan.jr): This is apparently not being exercised in tests.
723 bool IsDangerous(DownloadCreateInfo* info, Profile* profile) { 724 bool IsDangerous(DownloadCreateInfo* info, Profile* profile) {
724 // Downloads can be marked as dangerous for two reasons: 725 DownloadDangerLevel danger_level = GetFileDangerLevel(
725 // a) They have a dangerous-looking filename 726 info->suggested_path.BaseName());
726 // b) They are an extension that is not from the gallery 727
727 if (IsExecutableFile(info->suggested_path.BaseName())) { 728 if (danger_level == Dangerous) {
729 return true;
730 } else if (danger_level == AllowOnUserGesture && !info->has_user_gesture) {
728 return true; 731 return true;
729 } else if (info->is_extension_install) { 732 } else if (info->is_extension_install) {
730 ExtensionsService* service = profile->GetExtensionsService(); 733 ExtensionsService* service = profile->GetExtensionsService();
731 if (!service || 734 if (!service ||
732 !service->IsDownloadFromGallery(info->url, info->referrer_url)) { 735 !service->IsDownloadFromGallery(info->url, info->referrer_url)) {
736 // Extensions that are not from the gallery are considered dangerous.
733 return true; 737 return true;
734 } 738 }
735 } 739 }
740
736 return false; 741 return false;
737 } 742 }
738 743
739 } // namespace download_util 744 } // namespace download_util
OLDNEW
« no previous file with comments | « chrome/browser/download/download_util.h ('k') | chrome/browser/extensions/user_script_listener_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698