OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
9 | 9 |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
50 * of those above. If you wish to allow use of your version of this file only | 50 * of those above. If you wish to allow use of your version of this file only |
51 * under the terms of either the GPL or the LGPL, and not to allow others to | 51 * under the terms of either the GPL or the LGPL, and not to allow others to |
52 * use your version of this file under the terms of the MPL, indicate your | 52 * use your version of this file under the terms of the MPL, indicate your |
53 * decision by deleting the provisions above and replace them with the notice | 53 * decision by deleting the provisions above and replace them with the notice |
54 * and other provisions required by the GPL or the LGPL. If you do not delete | 54 * and other provisions required by the GPL or the LGPL. If you do not delete |
55 * the provisions above, a recipient may use your version of this file under | 55 * the provisions above, a recipient may use your version of this file under |
56 * the terms of any one of the MPL, the GPL or the LGPL. | 56 * the terms of any one of the MPL, the GPL or the LGPL. |
57 * | 57 * |
58 * ***** END LICENSE BLOCK ***** */ | 58 * ***** END LICENSE BLOCK ***** */ |
59 | 59 |
60 static const struct Executables { | 60 namespace { |
61 const char* extension; | 61 |
62 DownloadDangerLevel level; | 62 enum DownloadAutoOpenHint { |
63 } g_executables[] = { | 63 ALLOW_AUTO_OPEN, |
64 // Some files are dangerous on all platforms. | 64 |
65 // | 65 // The file type should not be allowed to open automatically. |
66 // Flash files downloaded locally can sometimes access the local filesystem. | 66 // |
67 { "swf", DANGEROUS }, | 67 // This is a subtle distinction from file types that are just dangerous to |
68 { "spl", DANGEROUS }, | 68 // download. Allowing a file type to open automatically can result in a |
69 // Chrome extensions should be obtained through the web store. | 69 // malicious website being able to run harmful code on the users' machine |
70 { "crx", ALLOW_ON_USER_GESTURE }, | 70 // without the user making an explicit decision to download or open the file |
71 // type. | |
72 // | |
73 // The existence of the list an acknowledgement that the act of downloading | |
74 // doesn't necessarily indicate consent to download the specific file that was | |
75 // written to disk. I.e. a malicious file could drop a download possibly by | |
76 // clickjacking, or the file written to disk may not be what the user thought | |
77 // it was. Such a download may even bypass a user prompt if the danger type is | |
78 // ALLOW_ON_USER_GESTURE. Even if the user explicitly consents to the | |
Randy Smith (Not in Mondays)
2015/06/15 19:19:17
I'd rewrite this a bit to explicitly acknowledge t
asanka
2015/06/16 19:23:42
Yup. I moved the general overview over to download
| |
79 // download, they should be able to choose when or if the file should be | |
Randy Smith (Not in Mondays)
2015/06/15 19:19:17
The issue is whether they should be forced to rath
asanka
2015/06/16 19:23:42
Yeah. Clarified.
| |
80 // opened by the default handler if the file type is dangerous. | |
81 // | |
82 // Criteria for disallowing a file type from opening automatically: | |
83 // | |
84 // Includes file types that upon opening may either: | |
85 // * ... execute arbitrary or harmful code with user privileges. | |
86 // * ... change configuration of the system to cause harmful behavior | |
87 // immediately or at some time in the future. | |
88 // | |
89 // Doesn't include file types that upon opening: | |
90 // * ... sufficiently warn the user about the fact that: | |
91 // - This file was downloaded from the internet. | |
92 // - Opening it can make specified changes to the system. | |
93 // (Note that any such warnings need to be displayed prior to the harmful | |
94 // logic being executed). | |
95 // * ... does nothing particularly dangerous, despite the act of downloading | |
96 // itself being dangerous (E.g. .local and .manifest files). | |
97 DISALLOW_AUTO_OPEN, | |
98 }; | |
99 | |
100 const struct FileType { | |
101 const char* extension; // Extension sans leading extension separator. | |
102 DownloadDangerLevel danger_level; | |
103 DownloadAutoOpenHint auto_open_hint; | |
104 } kDownloadFileTypes[] = { | |
105 // Some files are dangerous on all platforms. | |
Randy Smith (Not in Mondays)
2015/06/15 19:19:17
I really like the addition of detailed comments to
asanka
2015/06/16 19:23:42
Agree completely. I'll fill in the blanks that I'm
| |
106 | |
107 // Flash files downloaded locally can sometimes access the local filesystem. | |
108 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
109 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
110 | |
111 // Chrome extensions should be obtained through the web store. Allowed to | |
112 // open automatically because Chrome displays a prompt prior to | |
113 // installation. | |
114 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
71 | 115 |
72 // Windows, all file categories. | 116 // Windows, all file categories. |
73 #if defined(OS_WIN) | 117 #if defined(OS_WIN) |
74 { "ad", ALLOW_ON_USER_GESTURE }, | 118 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
75 { "ade", ALLOW_ON_USER_GESTURE }, | 119 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
76 { "adp", ALLOW_ON_USER_GESTURE }, | 120 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
77 { "app", ALLOW_ON_USER_GESTURE }, | 121 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
78 { "application", ALLOW_ON_USER_GESTURE }, | 122 |
79 { "asp", ALLOW_ON_USER_GESTURE }, | 123 // Microsoft ClickOnce depolyment manifest. By default, opens with |
80 { "asx", ALLOW_ON_USER_GESTURE }, | 124 // dfshim.dll which should prompt the user before running untrusted code. |
81 { "bas", ALLOW_ON_USER_GESTURE }, | 125 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
82 { "bat", ALLOW_ON_USER_GESTURE }, | 126 |
83 { "cfg", DANGEROUS }, | 127 // Active Server Pages source file. |
84 { "chi", ALLOW_ON_USER_GESTURE }, | 128 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
85 { "chm", ALLOW_ON_USER_GESTURE }, | 129 |
86 { "cmd", ALLOW_ON_USER_GESTURE }, | 130 // Advanced Stream Redirector. Contains a playlist of media files. |
87 { "com", ALLOW_ON_USER_GESTURE }, | 131 {"asx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
88 { "cpl", ALLOW_ON_USER_GESTURE }, | 132 |
89 { "crt", ALLOW_ON_USER_GESTURE }, | 133 // Microsoft Visual Basic source file. Opens by default in an editor. |
90 { "dll", DANGEROUS }, | 134 {"bas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
91 { "drv", DANGEROUS }, | 135 |
92 { "exe", ALLOW_ON_USER_GESTURE }, | 136 // Command script. |
93 { "fxp", ALLOW_ON_USER_GESTURE }, | 137 {"bat", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
94 { "grp", DANGEROUS }, | 138 |
95 { "hlp", ALLOW_ON_USER_GESTURE }, | 139 {"cfg", DANGEROUS, ALLOW_AUTO_OPEN}, |
96 { "hta", ALLOW_ON_USER_GESTURE }, | 140 |
97 { "htt", ALLOW_ON_USER_GESTURE }, | 141 // Windows Compiled HTML Help files. |
98 { "inf", ALLOW_ON_USER_GESTURE }, | 142 {"chi", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
99 { "ini", DANGEROUS }, | 143 {"chm", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
100 { "ins", ALLOW_ON_USER_GESTURE }, | 144 |
101 { "isp", ALLOW_ON_USER_GESTURE }, | 145 // Command script. |
102 { "js", ALLOW_ON_USER_GESTURE }, | 146 {"cmd", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
103 { "jse", ALLOW_ON_USER_GESTURE }, | 147 |
104 { "lnk", ALLOW_ON_USER_GESTURE }, | 148 // Windows legacy executable. |
105 { "local", DANGEROUS }, | 149 {"com", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
106 { "mad", ALLOW_ON_USER_GESTURE }, | 150 |
107 { "maf", ALLOW_ON_USER_GESTURE }, | 151 // Control panel tool. Executable. |
108 { "mag", ALLOW_ON_USER_GESTURE }, | 152 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
109 { "mam", ALLOW_ON_USER_GESTURE }, | 153 |
110 { "manifest", DANGEROUS }, | 154 // Signed certificate file. |
111 { "maq", ALLOW_ON_USER_GESTURE }, | 155 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
112 { "mar", ALLOW_ON_USER_GESTURE }, | 156 |
113 { "mas", ALLOW_ON_USER_GESTURE }, | 157 // Windows executables. |
114 { "mat", ALLOW_ON_USER_GESTURE }, | 158 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, |
115 { "mau", ALLOW_ON_USER_GESTURE }, | 159 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, |
116 { "mav", ALLOW_ON_USER_GESTURE }, | 160 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
117 { "maw", ALLOW_ON_USER_GESTURE }, | 161 |
118 { "mda", ALLOW_ON_USER_GESTURE }, | 162 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
119 { "mdb", ALLOW_ON_USER_GESTURE }, | 163 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, |
120 { "mde", ALLOW_ON_USER_GESTURE }, | 164 |
121 { "mdt", ALLOW_ON_USER_GESTURE }, | 165 // Windows legacy help file format. |
122 { "mdw", ALLOW_ON_USER_GESTURE }, | 166 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
123 { "mdz", ALLOW_ON_USER_GESTURE }, | 167 |
124 { "mht", ALLOW_ON_USER_GESTURE }, | 168 // HTML Application. Executes as a fully trusted application. |
125 { "mhtml", ALLOW_ON_USER_GESTURE }, | 169 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
126 { "mmc", ALLOW_ON_USER_GESTURE }, | 170 |
127 { "mof", DANGEROUS }, | 171 // Hypertext Template File. See https://support.microsoft.com/kb/181689. |
128 { "msc", ALLOW_ON_USER_GESTURE }, | 172 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
129 { "msh", ALLOW_ON_USER_GESTURE }, | 173 |
130 { "mshxml", ALLOW_ON_USER_GESTURE }, | 174 // Device installation information. |
131 { "msi", ALLOW_ON_USER_GESTURE }, | 175 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
132 { "msp", ALLOW_ON_USER_GESTURE }, | 176 |
133 { "mst", ALLOW_ON_USER_GESTURE }, | 177 // Generic configuration file. |
134 { "ocx", DANGEROUS }, | 178 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, |
135 { "ops", ALLOW_ON_USER_GESTURE }, | 179 |
136 { "pcd", ALLOW_ON_USER_GESTURE }, | 180 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
137 { "pif", ALLOW_ON_USER_GESTURE }, | 181 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
138 { "plg", ALLOW_ON_USER_GESTURE }, | 182 |
139 { "prf", ALLOW_ON_USER_GESTURE }, | 183 // JavaScript file. May open using Windows Script Host with user level |
140 { "prg", ALLOW_ON_USER_GESTURE }, | 184 // privileges. |
141 { "pst", ALLOW_ON_USER_GESTURE }, | 185 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
142 { "reg", ALLOW_ON_USER_GESTURE }, | 186 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
143 { "scf", ALLOW_ON_USER_GESTURE }, | 187 |
144 { "scr", ALLOW_ON_USER_GESTURE }, | 188 // Shortcuts. May open anything. |
145 { "sct", ALLOW_ON_USER_GESTURE }, | 189 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
146 { "shb", ALLOW_ON_USER_GESTURE }, | 190 |
147 { "shs", ALLOW_ON_USER_GESTURE }, | 191 // .local files affect DLL search path for .exe file with same base name. |
148 { "sys", DANGEROUS }, | 192 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, |
149 { "url", DANGEROUS }, | 193 |
150 { "vb", ALLOW_ON_USER_GESTURE }, | 194 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
151 { "vbe", ALLOW_ON_USER_GESTURE }, | 195 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
152 { "vbs", ALLOW_ON_USER_GESTURE }, | 196 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
153 { "vsd", ALLOW_ON_USER_GESTURE }, | 197 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
154 { "vsmacros", ALLOW_ON_USER_GESTURE }, | 198 |
155 { "vss", ALLOW_ON_USER_GESTURE }, | 199 // While being a generic name, having a .manifest file with the same |
156 { "vst", ALLOW_ON_USER_GESTURE }, | 200 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search |
157 { "vsw", ALLOW_ON_USER_GESTURE }, | 201 // order for the .exe file. Downloading this kind of file to the users' |
158 { "ws", ALLOW_ON_USER_GESTURE }, | 202 // download directory is almost always the wrong thing to do. |
159 { "wsc", ALLOW_ON_USER_GESTURE }, | 203 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, |
160 { "wsf", ALLOW_ON_USER_GESTURE }, | 204 |
161 { "wsh", ALLOW_ON_USER_GESTURE }, | 205 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
162 { "xbap", DANGEROUS }, | 206 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
207 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
208 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
209 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
210 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
211 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
212 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
213 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
214 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
215 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
216 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
217 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
218 | |
219 // Multipart HTML. | |
220 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
221 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
222 | |
223 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
224 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, | |
225 | |
226 // Microsoft Management Console Snap-in. Contains executable code. | |
227 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
228 | |
229 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
230 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
231 | |
232 // Windows Installer | |
233 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
234 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
235 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
236 | |
237 // ActiveX Control | |
238 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, | |
239 | |
240 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
241 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
242 | |
243 // Program Information File. Originally intended to configure execution | |
244 // environment for legacy DOS files. They aren't meant to contain executable | |
245 // code. But Windows may execute a PIF file that is sniffed as a PE file. | |
246 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
247 | |
248 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
249 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
250 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
251 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
252 | |
253 // Registry file. Opening may cause registry settings to change. Users still | |
254 // need to click through a prompt. So we could consider relaxing the | |
255 // DISALLOW_AUTO_OPEN restriction. | |
256 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
257 | |
258 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
259 | |
260 // These are also executables. | |
261 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
262 | |
263 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
264 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
265 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
266 | |
267 // System executable. Windows tries hard to prevent you from opening these | |
268 // types of files. | |
269 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
270 | |
271 // Internet Shortcut. | |
272 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
273 | |
274 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
275 | |
276 // VBScript files. My open with Windows Script Host and execute with user | |
277 // privileges. | |
278 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
279 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
280 | |
281 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
282 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
283 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
284 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
285 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
286 | |
287 // Windows Script Host related. | |
288 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
289 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
290 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
291 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | |
292 | |
293 // XAML Browser Application. | |
294 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
163 #endif // OS_WIN | 295 #endif // OS_WIN |
164 | 296 |
165 // Java. | 297 // Java. |
166 #if !defined(OS_CHROMEOS) | 298 #if !defined(OS_CHROMEOS) |
167 { "class", DANGEROUS }, | 299 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, |
168 { "jar", DANGEROUS }, | 300 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, |
169 { "jnlp", DANGEROUS }, | 301 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, |
170 #endif | 302 #endif |
171 | 303 |
172 // Scripting languages. (Shells are handled below.) | 304 // Scripting languages. (Shells are handled below.) |
173 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) | 305 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) |
174 { "pl", ALLOW_ON_USER_GESTURE }, | 306 {"pl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
175 { "py", ALLOW_ON_USER_GESTURE }, | 307 {"py", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
176 { "pyc", ALLOW_ON_USER_GESTURE }, | 308 {"pyc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
177 { "pyw", ALLOW_ON_USER_GESTURE }, | 309 {"pyw", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
178 { "rb", ALLOW_ON_USER_GESTURE }, | 310 {"rb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
179 #endif | 311 #endif |
180 | 312 |
181 // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above. | 313 // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above. |
182 #if defined(OS_POSIX) | 314 #if defined(OS_POSIX) |
183 { "bash", ALLOW_ON_USER_GESTURE }, | 315 {"bash", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
184 { "csh", ALLOW_ON_USER_GESTURE }, | 316 {"csh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
185 { "ksh", ALLOW_ON_USER_GESTURE }, | 317 {"ksh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
186 { "sh", ALLOW_ON_USER_GESTURE }, | 318 {"sh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
187 { "shar", ALLOW_ON_USER_GESTURE }, | 319 {"shar", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
188 { "tcsh", ALLOW_ON_USER_GESTURE }, | 320 {"tcsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
189 #endif | 321 #endif |
190 #if defined(OS_MACOSX) | 322 #if defined(OS_MACOSX) |
191 { "command", ALLOW_ON_USER_GESTURE }, | 323 {"command", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
192 #endif | 324 #endif |
193 | 325 |
194 // Package management formats. OS_WIN package formats are handled above. | 326 // Package management formats. OS_WIN package formats are handled above. |
195 #if defined(OS_MACOSX) || defined(OS_LINUX) | 327 #if defined(OS_MACOSX) || defined(OS_LINUX) |
196 { "pkg", ALLOW_ON_USER_GESTURE }, | 328 {"pkg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
197 #endif | 329 #endif |
198 #if defined(OS_LINUX) | 330 #if defined(OS_LINUX) |
199 { "deb", ALLOW_ON_USER_GESTURE }, | 331 {"deb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
200 { "rpm", ALLOW_ON_USER_GESTURE }, | 332 {"rpm", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
201 #endif | 333 #endif |
202 #if defined(OS_ANDROID) | 334 #if defined(OS_ANDROID) |
203 { "dex", ALLOW_ON_USER_GESTURE }, // Really an executable format. | 335 {"dex", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
204 #endif | 336 #endif |
205 }; | 337 }; |
206 | 338 |
207 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | 339 // FileType for files with an empty extension. |
340 const FileType kEmptyFileType = {nullptr, NOT_DANGEROUS, DISALLOW_AUTO_OPEN}; | |
341 | |
342 // Default FileType for non-empty extensions that aren't in the list above. | |
343 const FileType kUnknownFileType = {nullptr, NOT_DANGEROUS, ALLOW_AUTO_OPEN}; | |
344 | |
345 const FileType& GetFileType(const base::FilePath& path) { | |
208 base::FilePath::StringType extension(path.FinalExtension()); | 346 base::FilePath::StringType extension(path.FinalExtension()); |
209 if (extension.empty()) | 347 if (extension.empty()) |
210 return NOT_DANGEROUS; | 348 return kEmptyFileType; |
211 if (!base::IsStringASCII(extension)) | 349 if (!base::IsStringASCII(extension)) |
212 return NOT_DANGEROUS; | 350 return kUnknownFileType; |
213 #if defined(OS_WIN) | 351 #if defined(OS_WIN) |
214 std::string ascii_extension = base::UTF16ToASCII(extension); | 352 std::string ascii_extension = base::UTF16ToASCII(extension); |
215 #elif defined(OS_POSIX) | 353 #elif defined(OS_POSIX) |
216 std::string ascii_extension = extension; | 354 std::string ascii_extension = extension; |
217 #endif | 355 #endif |
218 | 356 |
219 // Strip out leading dot if it's still there | 357 // Strip out leading dot if it's still there |
220 if (ascii_extension[0] == base::FilePath::kExtensionSeparator) | 358 if (ascii_extension[0] == base::FilePath::kExtensionSeparator) |
221 ascii_extension.erase(0, 1); | 359 ascii_extension.erase(0, 1); |
222 | 360 |
223 for (size_t i = 0; i < arraysize(g_executables); ++i) { | 361 for (const auto& file_type : kDownloadFileTypes) { |
224 if (base::LowerCaseEqualsASCII(ascii_extension, g_executables[i].extension)) | 362 if (base::LowerCaseEqualsASCII(ascii_extension, file_type.extension)) |
225 return g_executables[i].level; | 363 return file_type; |
226 } | 364 } |
227 return NOT_DANGEROUS; | 365 |
366 return kUnknownFileType; | |
367 } | |
368 | |
369 } // namespace | |
370 | |
371 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | |
372 return GetFileType(path).danger_level; | |
373 } | |
374 | |
375 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { | |
376 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; | |
228 } | 377 } |
229 | 378 |
230 static const char* kExecutableWhiteList[] = { | 379 static const char* kExecutableWhiteList[] = { |
231 // JavaScript is just as powerful as EXE. | 380 // JavaScript is just as powerful as EXE. |
232 "text/javascript", | 381 "text/javascript", |
233 "text/javascript;version=*", | 382 "text/javascript;version=*", |
234 "text/html", | 383 "text/html", |
235 // Registry files can cause critical changes to the MS OS behavior. | 384 // Registry files can cause critical changes to the MS OS behavior. |
236 // Addition of this mimetype also addresses bug 7337. | 385 // Addition of this mimetype also addresses bug 7337. |
237 "text/x-registry", | 386 "text/x-registry", |
(...skipping 15 matching lines...) Expand all Loading... | |
253 return true; | 402 return true; |
254 } | 403 } |
255 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { | 404 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { |
256 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) | 405 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) |
257 return false; | 406 return false; |
258 } | 407 } |
259 // We consider only other application types to be executable. | 408 // We consider only other application types to be executable. |
260 return net::MatchesMimeType("application/*", mime_type); | 409 return net::MatchesMimeType("application/*", mime_type); |
261 } | 410 } |
262 | 411 |
263 | |
264 } // namespace download_util | 412 } // namespace download_util |
OLD | NEW |