[Downloads] Prevent dangerous files from being opened automatically.

chrome/browser/download/download_extensions.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <set>
 #include <string>
 
 #include "chrome/browser/download/download_extensions.h"
 
 #include "base/strings/string_util.h"
@@ skipping 39 matching lines @@
  * of those above. If you wish to allow use of your version of this file only
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
 
-// When adding new entries to this list, also append the file extension to the
-// kDangerousFileTypes array in download_stats.cc.
-static const struct Executables {
-    const char* extension;
-    DownloadDangerLevel level;
-} g_executables[] = {
-  // Some files are dangerous on all platforms.
+namespace {
+
+enum DownloadAutoOpenHint {
+  ALLOW_AUTO_OPEN,
+
+  // The file type should not be allowed to open automatically.
   //
-  // Flash files downloaded locally can sometimes access the local filesystem.
-  { "swf", DANGEROUS },
-  { "spl", DANGEROUS },
-  // Chrome extensions should be obtained through the web store.
-  { "crx", ALLOW_ON_USER_GESTURE },
+  // Criteria for disallowing a file type from opening automatically:
+  //
+  // Includes file types that upon opening may either:
+  //   * ... execute arbitrary or harmful code with user privileges.
+  //   * ... change configuration of the system to cause harmful behavior
+  //     immediately or at some time in the future.
+  //
+  // Doesn't include file types that upon opening:
+  //   * ... sufficiently warn the user about the fact that:
+  //     - This file was downloaded from the internet.
+  //     - Opening it can make specified changes to the system.
+  //     (Note that any such warnings need to be displayed prior to the harmful
+  //     logic being executed).
+  //   * ... does nothing particularly dangerous, despite the act of downloading
+  //     itself being dangerous (E.g. .local and .manifest files).
+  DISALLOW_AUTO_OPEN,
+};
+
+// Guidelines for adding a new dangerous file type:
+//
+// * Include a comment above the file type that:
+//   - Describes the file type.
+//   - Justifies why it is considered dangerous if this isn't obvious from the
+//     description.
+//   - Justifies why the file type is disallowed from auto opening, if
+//     necessary.
+// * Add the file extension to the kDangerousFileTypes array in
+//   download_stats.cc.
+//
+// TODO(asanka): All file types listed below should have descriptions.
+const struct FileType {
+  const char* extension;  // Extension sans leading extension separator.
+  DownloadDangerLevel danger_level;
+  DownloadAutoOpenHint auto_open_hint;
+} kDownloadFileTypes[] = {
+    // Some files are dangerous on all platforms.
+
+    // Flash files downloaded locally can sometimes access the local filesystem.
+    {"swf", DANGEROUS, DISALLOW_AUTO_OPEN},
+    {"spl", DANGEROUS, DISALLOW_AUTO_OPEN},
+
+    // Chrome extensions should be obtained through the web store. Allowed to
+    // open automatically because Chrome displays a prompt prior to
+    // installation.
+    {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
   // Windows, all file categories.
 #if defined(OS_WIN)
-  { "ad", ALLOW_ON_USER_GESTURE },
-  { "ade", ALLOW_ON_USER_GESTURE },
-  { "adp", ALLOW_ON_USER_GESTURE },
-  { "app", ALLOW_ON_USER_GESTURE },
-  { "application", ALLOW_ON_USER_GESTURE },
-  { "asp", ALLOW_ON_USER_GESTURE },
-  { "asx", ALLOW_ON_USER_GESTURE },
-  { "bas", ALLOW_ON_USER_GESTURE },
-  { "bat", ALLOW_ON_USER_GESTURE },
-  { "cfg", DANGEROUS },
-  { "chi", ALLOW_ON_USER_GESTURE },
-  { "chm", ALLOW_ON_USER_GESTURE },
-  { "cmd", ALLOW_ON_USER_GESTURE },
-  { "com", ALLOW_ON_USER_GESTURE },
-  { "cpl", ALLOW_ON_USER_GESTURE },
-  { "crt", ALLOW_ON_USER_GESTURE },
-  { "dll", DANGEROUS },
-  { "drv", DANGEROUS },
-  { "exe", ALLOW_ON_USER_GESTURE },
-  { "fxp", ALLOW_ON_USER_GESTURE },
-  { "grp", DANGEROUS },
-  { "hlp", ALLOW_ON_USER_GESTURE },
-  { "hta", ALLOW_ON_USER_GESTURE },
-  { "htt", ALLOW_ON_USER_GESTURE },
-  { "inf", ALLOW_ON_USER_GESTURE },
-  { "ini", DANGEROUS },
-  { "ins", ALLOW_ON_USER_GESTURE },
-  { "isp", ALLOW_ON_USER_GESTURE },
-  { "js", ALLOW_ON_USER_GESTURE },
-  { "jse", ALLOW_ON_USER_GESTURE },
-  { "lnk", ALLOW_ON_USER_GESTURE },
-  { "local", DANGEROUS },
-  { "mad", ALLOW_ON_USER_GESTURE },
-  { "maf", ALLOW_ON_USER_GESTURE },
-  { "mag", ALLOW_ON_USER_GESTURE },
-  { "mam", ALLOW_ON_USER_GESTURE },
-  { "manifest", DANGEROUS },
-  { "maq", ALLOW_ON_USER_GESTURE },
-  { "mar", ALLOW_ON_USER_GESTURE },
-  { "mas", ALLOW_ON_USER_GESTURE },
-  { "mat", ALLOW_ON_USER_GESTURE },
-  { "mau", ALLOW_ON_USER_GESTURE },
-  { "mav", ALLOW_ON_USER_GESTURE },
-  { "maw", ALLOW_ON_USER_GESTURE },
-  { "mda", ALLOW_ON_USER_GESTURE },
-  { "mdb", ALLOW_ON_USER_GESTURE },
-  { "mde", ALLOW_ON_USER_GESTURE },
-  { "mdt", ALLOW_ON_USER_GESTURE },
-  { "mdw", ALLOW_ON_USER_GESTURE },
-  { "mdz", ALLOW_ON_USER_GESTURE },
-  { "mht", ALLOW_ON_USER_GESTURE },
-  { "mhtml", ALLOW_ON_USER_GESTURE },
-  { "mmc", ALLOW_ON_USER_GESTURE },
-  { "mof", DANGEROUS },
-  { "msc", ALLOW_ON_USER_GESTURE },
-  { "msh", ALLOW_ON_USER_GESTURE },
-  { "mshxml", ALLOW_ON_USER_GESTURE },
-  { "msi", ALLOW_ON_USER_GESTURE },
-  { "msp", ALLOW_ON_USER_GESTURE },
-  { "mst", ALLOW_ON_USER_GESTURE },
-  { "ocx", DANGEROUS },
-  { "ops", ALLOW_ON_USER_GESTURE },
-  { "pcd", ALLOW_ON_USER_GESTURE },
-  { "pif", ALLOW_ON_USER_GESTURE },
-  { "plg", ALLOW_ON_USER_GESTURE },
-  { "prf", ALLOW_ON_USER_GESTURE },
-  { "prg", ALLOW_ON_USER_GESTURE },
-  { "pst", ALLOW_ON_USER_GESTURE },
-  { "reg", ALLOW_ON_USER_GESTURE },
-  { "scf", ALLOW_ON_USER_GESTURE },
-  { "scr", ALLOW_ON_USER_GESTURE },
-  { "sct", ALLOW_ON_USER_GESTURE },
-  { "shb", ALLOW_ON_USER_GESTURE },
-  { "shs", ALLOW_ON_USER_GESTURE },
-  { "sys", DANGEROUS },
-  { "url", DANGEROUS },
-  { "vb", ALLOW_ON_USER_GESTURE },
-  { "vbe", ALLOW_ON_USER_GESTURE },
-  { "vbs", ALLOW_ON_USER_GESTURE },
-  { "vsd", ALLOW_ON_USER_GESTURE },
-  { "vsmacros", ALLOW_ON_USER_GESTURE },
-  { "vss", ALLOW_ON_USER_GESTURE },
-  { "vst", ALLOW_ON_USER_GESTURE },
-  { "vsw", ALLOW_ON_USER_GESTURE },
-  { "website", DANGEROUS },
-  { "ws", ALLOW_ON_USER_GESTURE },
-  { "wsc", ALLOW_ON_USER_GESTURE },
-  { "wsf", ALLOW_ON_USER_GESTURE },
-  { "wsh", ALLOW_ON_USER_GESTURE },
-  { "xbap", DANGEROUS },
+    {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Microsoft ClickOnce depolyment manifest. By default, opens with
+    // dfshim.dll which should prompt the user before running untrusted code.
+    {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Active Server Pages source file.
+    {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Advanced Stream Redirector. Contains a playlist of media files.
+    {"asx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Microsoft Visual Basic source file. Opens by default in an editor.
+    {"bas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Command script.
+    {"bat", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"cfg", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    // Windows Compiled HTML Help files.
+    {"chi", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"chm", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Command script.
+    {"cmd", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Windows legacy executable.
+    {"com", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Control panel tool. Executable.
+    {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Signed certificate file.
+    {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Windows executables.
+    {"dll", DANGEROUS, DISALLOW_AUTO_OPEN},
+    {"drv", DANGEROUS, DISALLOW_AUTO_OPEN},
+    {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"grp", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    // Windows legacy help file format.
+    {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // HTML Application. Executes as a fully trusted application.
+    {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Hypertext Template File. See https://support.microsoft.com/kb/181689.
+    {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Device installation information.
+    {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Generic configuration file.
+    {"ini", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // JavaScript file. May open using Windows Script Host with user level
+    // privileges.
+    {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Shortcuts. May open anything.
+    {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // .local files affect DLL search path for .exe file with same base name.
+    {"local", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // While being a generic name, having a .manifest file with the same
+    // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search
+    // order for the .exe file. Downloading this kind of file to the users'
+    // download directory is almost always the wrong thing to do.
+    {"manifest", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Multipart HTML.
+    {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mof", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    // Microsoft Management Console Snap-in. Contains executable code.
+    {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Windows Installer
+    {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // ActiveX Control
+    {"ocx", DANGEROUS, ALLOW_AUTO_OPEN},
+
+    {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Program Information File. Originally intended to configure execution
+    // environment for legacy DOS files. They aren't meant to contain executable
+    // code. But Windows may execute a PIF file that is sniffed as a PE file.
+    {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Registry file. Opening may cause registry settings to change. Users still
+    // need to click through a prompt. So we could consider relaxing the
+    // DISALLOW_AUTO_OPEN restriction.
+    {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // These are also executables.
+    {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // System executable. Windows tries hard to prevent you from opening these
+    // types of files.
+    {"sys", DANGEROUS, DISALLOW_AUTO_OPEN},
+
+    // Internet Shortcut. See description for .website below.
+    {"url", DANGEROUS, DISALLOW_AUTO_OPEN},
+
+    {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // VBScript files. My open with Windows Script Host and execute with user
+    // privileges.
+    {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+    {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
+
+    // Internet Shortcut (new since IE9). Both .url and .website are .ini files
+    // that describe a shortcut that points to a URL. They can point at
+    // anything. Dropping a download of this type and opening it automatically
+    // can in effect sidestep origin restrictions etc.
+    {"website", DANGEROUS, DISALLOW_AUTO_OPEN},
+
+    // Windows Script Host related.
+    {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // XAML Browser Application.
+    {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN},
 #endif  // OS_WIN
 
   // Java.
 #if !defined(OS_CHROMEOS)
-  { "class", DANGEROUS },
-  { "jar", DANGEROUS },
-  { "jnlp", DANGEROUS },
+    {"class", DANGEROUS, DISALLOW_AUTO_OPEN},
+    {"jar", DANGEROUS, DISALLOW_AUTO_OPEN},
+    {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN},
 #endif
 
   // Scripting languages. (Shells are handled below.)
 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
-  { "pl", ALLOW_ON_USER_GESTURE },
-  { "py", ALLOW_ON_USER_GESTURE },
-  { "pyc", ALLOW_ON_USER_GESTURE },
-  { "pyw", ALLOW_ON_USER_GESTURE },
-  { "rb", ALLOW_ON_USER_GESTURE },
+    {"pl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"py", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"pyc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"pyw", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"rb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 
   // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above.
 #if defined(OS_POSIX)
-  { "bash", ALLOW_ON_USER_GESTURE },
-  { "csh", ALLOW_ON_USER_GESTURE },
-  { "ksh", ALLOW_ON_USER_GESTURE },
-  { "sh", ALLOW_ON_USER_GESTURE },
-  { "shar", ALLOW_ON_USER_GESTURE },
-  { "tcsh", ALLOW_ON_USER_GESTURE },
+    {"bash", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"csh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"ksh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"sh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"shar", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"tcsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 #if defined(OS_MACOSX)
-  { "command", ALLOW_ON_USER_GESTURE },
+    {"command", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 
   // Package management formats. OS_WIN package formats are handled above.
 #if defined(OS_MACOSX) || defined(OS_LINUX)
-  { "pkg", ALLOW_ON_USER_GESTURE },
+    {"pkg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 #if defined(OS_LINUX)
-  { "deb", ALLOW_ON_USER_GESTURE },
-  { "rpm", ALLOW_ON_USER_GESTURE },
+    {"deb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"rpm", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 #if defined(OS_ANDROID)
-  { "dex", ALLOW_ON_USER_GESTURE },  // Really an executable format.
+    {"dex", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 };
 
-DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) {
+// FileType for files with an empty extension.
+const FileType kEmptyFileType = {nullptr, NOT_DANGEROUS, DISALLOW_AUTO_OPEN};
+
+// Default FileType for non-empty extensions that aren't in the list above.
+const FileType kUnknownFileType = {nullptr, NOT_DANGEROUS, ALLOW_AUTO_OPEN};
+
+const FileType& GetFileType(const base::FilePath& path) {
   base::FilePath::StringType extension(path.FinalExtension());
   if (extension.empty())
-    return NOT_DANGEROUS;
+    return kEmptyFileType;
   if (!base::IsStringASCII(extension))
-    return NOT_DANGEROUS;
+    return kUnknownFileType;
 #if defined(OS_WIN)
   std::string ascii_extension = base::UTF16ToASCII(extension);
 #elif defined(OS_POSIX)
   std::string ascii_extension = extension;
 #endif
 
   // Strip out leading dot if it's still there
   if (ascii_extension[0] == base::FilePath::kExtensionSeparator)
     ascii_extension.erase(0, 1);
 
-  for (size_t i = 0; i < arraysize(g_executables); ++i) {
-    if (base::LowerCaseEqualsASCII(ascii_extension, g_executables[i].extension))
-      return g_executables[i].level;
+  for (const auto& file_type : kDownloadFileTypes) {
+    if (base::LowerCaseEqualsASCII(ascii_extension, file_type.extension))
+      return file_type;
   }
-  return NOT_DANGEROUS;
+
+  return kUnknownFileType;
+}
+
+}  // namespace
+
+DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) {
+  return GetFileType(path).danger_level;
+}
+
+bool IsAllowedToOpenAutomatically(const base::FilePath& path) {
+  return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN;
 }
 
 static const char* kExecutableWhiteList[] = {
   // JavaScript is just as powerful as EXE.
   "text/javascript",
   "text/javascript;version=*",
   "text/html",
   // Registry files can cause critical changes to the MS OS behavior.
   // Addition of this mimetype also addresses bug 7337.
   "text/x-registry",
@@ skipping 15 matching lines @@
       return true;
   }
   for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) {
     if (net::MatchesMimeType(kExecutableBlackList[i], mime_type))
       return false;
   }
   // We consider only other application types to be executable.
   return net::MatchesMimeType("application/*", mime_type);
 }
 
-
 }  // namespace download_util