Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(891)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/download/chrome_download_manager_delegate.cc

Issue 7624031: Treat files downloaded from the address bar as "always safe" (including extensions per discussion... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_webnavigation_api.cc » ('j') | chrome/browser/extensions/extension_webnavigation_api.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/download/chrome_download_manager_delegate.h" 5 #include "chrome/browser/download/chrome_download_manager_delegate.h"
6 6
7 #include "base/callback.h" 7 #include "base/callback.h"
8 #include "base/file_util.h" 8 #include "base/file_util.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "base/rand_util.h" 10 #include "base/rand_util.h"
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
126 void ChromeDownloadManagerDelegate::ChooseSavePath( 126 void ChromeDownloadManagerDelegate::ChooseSavePath(
127 const base::WeakPtr<SavePackage>& save_package, 127 const base::WeakPtr<SavePackage>& save_package,
128 const FilePath& suggested_path, 128 const FilePath& suggested_path,
129 bool can_save_as_complete) { 129 bool can_save_as_complete) {
130 // Deletes itself. 130 // Deletes itself.
131 new SavePackageFilePicker( 131 new SavePackageFilePicker(
132 save_package, suggested_path, can_save_as_complete); 132 save_package, suggested_path, can_save_as_complete);
133 } 133 }
134 134
135 void ChromeDownloadManagerDelegate::CheckDownloadUrlDone( 135 void ChromeDownloadManagerDelegate::CheckDownloadUrlDone(
136 int32 download_id, bool is_dangerous_url) { 136 int32 download_id,
137 bool is_dangerous_url) {
137 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); 138 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
138 139
139 DownloadItem* download = 140 DownloadItem* download =
140 download_manager_->GetActiveDownloadItem(download_id); 141 download_manager_->GetActiveDownloadItem(download_id);
141 if (!download) 142 if (!download)
142 return; 143 return;
143 144
144 if (is_dangerous_url) 145 if (is_dangerous_url)
145 download->MarkUrlDangerous(); 146 download->MarkUrlDangerous();
146 147
147 download_manager_->download_history()->CheckVisitedReferrerBefore( 148 download_manager_->download_history()->CheckVisitedReferrerBefore(download_id,
148 download_id, 149 download->referrer_url(), NewCallback(this,
149 download->referrer_url(), 150 &ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone));
ahendrickson 2011/08/19 15:51:47 Nit: I think the indentation is wrong here.
Peter Kasting 2011/08/19 17:27:38 I'll indent the last line 4 more. I asked Brett w
150 NewCallback(this,
151 &ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone));
152 } 151 }
153 152
154 void ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone( 153 void ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone(
155 int32 download_id, 154 int32 download_id,
156 bool visited_referrer_before) { 155 bool visited_referrer_before) {
157 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); 156 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
158 157
159 DownloadItem* download = 158 DownloadItem* download =
160 download_manager_->GetActiveDownloadItem(download_id); 159 download_manager_->GetActiveDownloadItem(download_id);
161 if (!download) 160 if (!download)
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
331 download_manager_->RestartDownload(download_id); 330 download_manager_->RestartDownload(download_id);
332 } 331 }
333 332
334 // TODO(phajdan.jr): This is apparently not being exercised in tests. 333 // TODO(phajdan.jr): This is apparently not being exercised in tests.
335 bool ChromeDownloadManagerDelegate::IsDangerousFile( 334 bool ChromeDownloadManagerDelegate::IsDangerousFile(
336 const DownloadItem& download, 335 const DownloadItem& download,
337 const DownloadStateInfo& state, 336 const DownloadStateInfo& state,
338 bool visited_referrer_before) { 337 bool visited_referrer_before) {
339 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); 338 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
340 339
341 bool auto_open = ShouldOpenFileBasedOnExtension(state.suggested_path); 340 // Anything loaded directly from the address bar is OK.
342 download_util::DownloadDangerLevel danger_level = 341 if (state.transition_type & PageTransition::FROM_ADDRESS_BAR)
343 download_util::GetFileDangerLevel(state.suggested_path.BaseName()); 342 return false;
344 343
345 if (danger_level == download_util::Dangerous) 344 // Extensions that are not from the gallery are considered dangerous.
346 return !(auto_open && state.has_user_gesture);
347
348 if (danger_level == download_util::AllowOnUserGesture &&
349 (!state.has_user_gesture || !visited_referrer_before))
350 return true;
351
352 if (state.is_extension_install) { 345 if (state.is_extension_install) {
353 // Extensions that are not from the gallery are considered dangerous.
354 ExtensionService* service = 346 ExtensionService* service =
355 download_manager_->profile()->GetExtensionService(); 347 download_manager_->profile()->GetExtensionService();
356 if (!service || !service->IsDownloadFromGallery(download.GetURL(), 348 if (!service || !service->IsDownloadFromGallery(download.GetURL(),
357 download.referrer_url())) 349 download.referrer_url()))
358 return true; 350 return true;
359 } 351 }
360 return false; 352
353 // Anything the user has marked auto-open is OK if it's user-initiated.
354 if (ShouldOpenFileBasedOnExtension(state.suggested_path) &&
355 state.has_user_gesture)
356 return false;
357
358 // "Allow on user gesture" is OK when we have a user gesture and the hosting
359 // page has been visited before today.
360 download_util::DownloadDangerLevel danger_level =
361 download_util::GetFileDangerLevel(state.suggested_path.BaseName());
362 if (danger_level == download_util::AllowOnUserGesture)
363 return !state.has_user_gesture || !visited_referrer_before;
364
365 return danger_level == download_util::Dangerous;
361 } 366 }
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_webnavigation_api.cc » ('j') | chrome/browser/extensions/extension_webnavigation_api.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698