OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
9 | 9 |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
50 * of those above. If you wish to allow use of your version of this file only | 50 * of those above. If you wish to allow use of your version of this file only |
51 * under the terms of either the GPL or the LGPL, and not to allow others to | 51 * under the terms of either the GPL or the LGPL, and not to allow others to |
52 * use your version of this file under the terms of the MPL, indicate your | 52 * use your version of this file under the terms of the MPL, indicate your |
53 * decision by deleting the provisions above and replace them with the notice | 53 * decision by deleting the provisions above and replace them with the notice |
54 * and other provisions required by the GPL or the LGPL. If you do not delete | 54 * and other provisions required by the GPL or the LGPL. If you do not delete |
55 * the provisions above, a recipient may use your version of this file under | 55 * the provisions above, a recipient may use your version of this file under |
56 * the terms of any one of the MPL, the GPL or the LGPL. | 56 * the terms of any one of the MPL, the GPL or the LGPL. |
57 * | 57 * |
58 * ***** END LICENSE BLOCK ***** */ | 58 * ***** END LICENSE BLOCK ***** */ |
59 | 59 |
60 static const struct Executables { | 60 namespace { |
61 const char* extension; | 61 |
62 DownloadDangerLevel level; | 62 enum DownloadDangerFlags { |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Jamming these together with DownloadDangerLevel fe
asanka
2015/06/12 20:12:52
Yeah. I see what you mean. I split it out into a s
| |
63 // The file type should not be allowed to open automatically. | |
64 // | |
65 // Includes: | |
66 // * Executables that are likely to start and execute arbitrary privileged | |
67 // code without requiring user interaction. | |
68 // * Files that aren't traditionally executables, but are handled by | |
69 // applications that have a less than stellar safety track record. Such | |
70 // application may allow arbitrary code execution upon opening a file. | |
71 // * Files that don't have executable code, but may modify system | |
72 // configuration in ways that are unsafe. | |
73 // | |
74 // Doesn't include: | |
75 // * Files containing executable code if opening said file is mediated via | |
76 // a trusted application that obtains user consent. | |
77 EXCLUDE_FROM_AUTO_OPEN = 1 << 4, | |
78 | |
79 // Special flag that indicates that the file path didn't have an extension. | |
80 NO_EXTENSION = 1 << 5, | |
81 | |
82 // Mask for extracting DownloadDangerLevel from DownloadDangerFlags. | |
83 DOWNLOAD_DANGER_LEVEL_MASK = 0xf | |
84 }; | |
85 | |
86 static const struct Executable { | |
87 const char* extension; // Extension sans leading extension separator. | |
88 int danger_level_flags; // Bit combination of DownloadDangerLevel and | |
89 // DownloadDangerFlags. | |
63 } g_executables[] = { | 90 } g_executables[] = { |
64 // Some files are dangerous on all platforms. | 91 // Some files are dangerous on all platforms. |
65 // | 92 // |
66 // Flash files downloaded locally can sometimes access the local filesystem. | 93 // Flash files downloaded locally can sometimes access the local filesystem. |
67 { "swf", DANGEROUS }, | 94 {"swf", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
68 { "spl", DANGEROUS }, | 95 {"spl", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
69 // Chrome extensions should be obtained through the web store. | 96 // Chrome extensions should be obtained through the web store. |
70 { "crx", ALLOW_ON_USER_GESTURE }, | 97 {"crx", ALLOW_ON_USER_GESTURE}, |
71 | 98 |
72 // Windows, all file categories. | 99 // Windows, all file categories. |
73 #if defined(OS_WIN) | 100 #if defined(OS_WIN) |
74 { "ad", ALLOW_ON_USER_GESTURE }, | 101 {"ad", ALLOW_ON_USER_GESTURE}, |
75 { "ade", ALLOW_ON_USER_GESTURE }, | 102 {"ade", ALLOW_ON_USER_GESTURE}, |
76 { "adp", ALLOW_ON_USER_GESTURE }, | 103 {"adp", ALLOW_ON_USER_GESTURE}, |
77 { "app", ALLOW_ON_USER_GESTURE }, | 104 {"app", ALLOW_ON_USER_GESTURE}, |
78 { "application", ALLOW_ON_USER_GESTURE }, | 105 {"application", ALLOW_ON_USER_GESTURE}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Naively, I would have thought that something named
asanka
2015/06/12 20:12:52
I added some details in the form of comments. Let
| |
79 { "asp", ALLOW_ON_USER_GESTURE }, | 106 {"asp", ALLOW_ON_USER_GESTURE}, |
80 { "asx", ALLOW_ON_USER_GESTURE }, | 107 {"asx", ALLOW_ON_USER_GESTURE}, |
81 { "bas", ALLOW_ON_USER_GESTURE }, | 108 {"bas", ALLOW_ON_USER_GESTURE}, |
82 { "bat", ALLOW_ON_USER_GESTURE }, | 109 {"bat", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
83 { "cfg", DANGEROUS }, | 110 {"cfg", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
84 { "chi", ALLOW_ON_USER_GESTURE }, | 111 {"chi", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
85 { "chm", ALLOW_ON_USER_GESTURE }, | 112 {"chm", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
86 { "cmd", ALLOW_ON_USER_GESTURE }, | 113 {"cmd", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
87 { "com", ALLOW_ON_USER_GESTURE }, | 114 {"com", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
88 { "cpl", ALLOW_ON_USER_GESTURE }, | 115 {"cpl", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
89 { "crt", ALLOW_ON_USER_GESTURE }, | 116 {"crt", ALLOW_ON_USER_GESTURE}, |
90 { "dll", DANGEROUS }, | 117 {"dll", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
91 { "drv", DANGEROUS }, | 118 {"drv", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
92 { "exe", ALLOW_ON_USER_GESTURE }, | 119 {"exe", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
93 { "fxp", ALLOW_ON_USER_GESTURE }, | 120 {"fxp", ALLOW_ON_USER_GESTURE}, |
94 { "grp", DANGEROUS }, | 121 {"grp", DANGEROUS}, |
95 { "hlp", ALLOW_ON_USER_GESTURE }, | 122 {"hlp", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
This is something I could easily imagine users wan
asanka
2015/06/12 20:12:52
This was due to the known default file handler hav
| |
96 { "hta", ALLOW_ON_USER_GESTURE }, | 123 {"hta", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
97 { "htt", ALLOW_ON_USER_GESTURE }, | 124 {"htt", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
98 { "inf", ALLOW_ON_USER_GESTURE }, | 125 {"inf", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
99 { "ini", DANGEROUS }, | 126 {"ini", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
100 { "ins", ALLOW_ON_USER_GESTURE }, | 127 {"ins", ALLOW_ON_USER_GESTURE}, |
101 { "isp", ALLOW_ON_USER_GESTURE }, | 128 {"isp", ALLOW_ON_USER_GESTURE}, |
102 { "js", ALLOW_ON_USER_GESTURE }, | 129 {"js", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
103 { "jse", ALLOW_ON_USER_GESTURE }, | 130 {"jse", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
104 { "lnk", ALLOW_ON_USER_GESTURE }, | 131 {"lnk", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
105 { "local", DANGEROUS }, | 132 {"local", DANGEROUS}, |
106 { "mad", ALLOW_ON_USER_GESTURE }, | 133 {"mad", ALLOW_ON_USER_GESTURE}, |
107 { "maf", ALLOW_ON_USER_GESTURE }, | 134 {"maf", ALLOW_ON_USER_GESTURE}, |
108 { "mag", ALLOW_ON_USER_GESTURE }, | 135 {"mag", ALLOW_ON_USER_GESTURE}, |
109 { "mam", ALLOW_ON_USER_GESTURE }, | 136 {"mam", ALLOW_ON_USER_GESTURE}, |
110 { "manifest", DANGEROUS }, | 137 {"manifest", DANGEROUS}, |
111 { "maq", ALLOW_ON_USER_GESTURE }, | 138 {"maq", ALLOW_ON_USER_GESTURE}, |
112 { "mar", ALLOW_ON_USER_GESTURE }, | 139 {"mar", ALLOW_ON_USER_GESTURE}, |
113 { "mas", ALLOW_ON_USER_GESTURE }, | 140 {"mas", ALLOW_ON_USER_GESTURE}, |
114 { "mat", ALLOW_ON_USER_GESTURE }, | 141 {"mat", ALLOW_ON_USER_GESTURE}, |
115 { "mau", ALLOW_ON_USER_GESTURE }, | 142 {"mau", ALLOW_ON_USER_GESTURE}, |
116 { "mav", ALLOW_ON_USER_GESTURE }, | 143 {"mav", ALLOW_ON_USER_GESTURE}, |
117 { "maw", ALLOW_ON_USER_GESTURE }, | 144 {"maw", ALLOW_ON_USER_GESTURE}, |
118 { "mda", ALLOW_ON_USER_GESTURE }, | 145 {"mda", ALLOW_ON_USER_GESTURE}, |
119 { "mdb", ALLOW_ON_USER_GESTURE }, | 146 {"mdb", ALLOW_ON_USER_GESTURE}, |
120 { "mde", ALLOW_ON_USER_GESTURE }, | 147 {"mde", ALLOW_ON_USER_GESTURE}, |
121 { "mdt", ALLOW_ON_USER_GESTURE }, | 148 {"mdt", ALLOW_ON_USER_GESTURE}, |
122 { "mdw", ALLOW_ON_USER_GESTURE }, | 149 {"mdw", ALLOW_ON_USER_GESTURE}, |
123 { "mdz", ALLOW_ON_USER_GESTURE }, | 150 {"mdz", ALLOW_ON_USER_GESTURE}, |
124 { "mht", ALLOW_ON_USER_GESTURE }, | 151 {"mht", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
125 { "mhtml", ALLOW_ON_USER_GESTURE }, | 152 {"mhtml", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Does opening a web page on the disk give it some s
asanka
2015/06/12 20:12:52
Removed the flag.
| |
126 { "mmc", ALLOW_ON_USER_GESTURE }, | 153 {"mmc", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
127 { "mof", DANGEROUS }, | 154 {"mof", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
128 { "msc", ALLOW_ON_USER_GESTURE }, | 155 {"msc", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
129 { "msh", ALLOW_ON_USER_GESTURE }, | 156 {"msh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
130 { "mshxml", ALLOW_ON_USER_GESTURE }, | 157 {"mshxml", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
131 { "msi", ALLOW_ON_USER_GESTURE }, | 158 {"msi", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
132 { "msp", ALLOW_ON_USER_GESTURE }, | 159 {"msp", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
133 { "mst", ALLOW_ON_USER_GESTURE }, | 160 {"mst", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
134 { "ocx", DANGEROUS }, | 161 {"ocx", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
135 { "ops", ALLOW_ON_USER_GESTURE }, | 162 {"ops", ALLOW_ON_USER_GESTURE}, |
136 { "pcd", ALLOW_ON_USER_GESTURE }, | 163 {"pcd", ALLOW_ON_USER_GESTURE}, |
137 { "pif", ALLOW_ON_USER_GESTURE }, | 164 {"pif", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
138 { "plg", ALLOW_ON_USER_GESTURE }, | 165 {"plg", ALLOW_ON_USER_GESTURE}, |
139 { "prf", ALLOW_ON_USER_GESTURE }, | 166 {"prf", ALLOW_ON_USER_GESTURE}, |
140 { "prg", ALLOW_ON_USER_GESTURE }, | 167 {"prg", ALLOW_ON_USER_GESTURE}, |
141 { "pst", ALLOW_ON_USER_GESTURE }, | 168 {"pst", ALLOW_ON_USER_GESTURE}, |
142 { "reg", ALLOW_ON_USER_GESTURE }, | 169 {"reg", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
143 { "scf", ALLOW_ON_USER_GESTURE }, | 170 {"scf", ALLOW_ON_USER_GESTURE}, |
144 { "scr", ALLOW_ON_USER_GESTURE }, | 171 {"scr", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
145 { "sct", ALLOW_ON_USER_GESTURE }, | 172 {"sct", ALLOW_ON_USER_GESTURE}, |
146 { "shb", ALLOW_ON_USER_GESTURE }, | 173 {"shb", ALLOW_ON_USER_GESTURE}, |
147 { "shs", ALLOW_ON_USER_GESTURE }, | 174 {"shs", ALLOW_ON_USER_GESTURE}, |
148 { "sys", DANGEROUS }, | 175 {"sys", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
149 { "url", DANGEROUS }, | 176 {"url", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Why? I'm not sure why people would want to downlo
asanka
2015/06/12 20:12:52
A .url file is an OLE persisted container that can
| |
150 { "vb", ALLOW_ON_USER_GESTURE }, | 177 {"vb", ALLOW_ON_USER_GESTURE}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Why isn't open a .vb file dangerous? Does it alwa
asanka
2015/06/12 20:12:52
.vb (not to be confused with .vbs) isn't associate
| |
151 { "vbe", ALLOW_ON_USER_GESTURE }, | 178 {"vbe", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
152 { "vbs", ALLOW_ON_USER_GESTURE }, | 179 {"vbs", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
153 { "vsd", ALLOW_ON_USER_GESTURE }, | 180 {"vsd", ALLOW_ON_USER_GESTURE}, |
154 { "vsmacros", ALLOW_ON_USER_GESTURE }, | 181 {"vsmacros", ALLOW_ON_USER_GESTURE}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
You know Windows (much) better than I, but I'd thi
asanka
2015/06/12 20:12:52
As far as I could discover, opening this type of f
| |
155 { "vss", ALLOW_ON_USER_GESTURE }, | 182 {"vss", ALLOW_ON_USER_GESTURE}, |
156 { "vst", ALLOW_ON_USER_GESTURE }, | 183 {"vst", ALLOW_ON_USER_GESTURE}, |
157 { "vsw", ALLOW_ON_USER_GESTURE }, | 184 {"vsw", ALLOW_ON_USER_GESTURE}, |
158 { "ws", ALLOW_ON_USER_GESTURE }, | 185 {"ws", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
159 { "wsc", ALLOW_ON_USER_GESTURE }, | 186 {"wsc", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
160 { "wsf", ALLOW_ON_USER_GESTURE }, | 187 {"wsf", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
161 { "wsh", ALLOW_ON_USER_GESTURE }, | 188 {"wsh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
162 { "xbap", DANGEROUS }, | 189 {"xbap", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
163 #endif // OS_WIN | 190 #endif // OS_WIN |
164 | 191 |
165 // Java. | 192 // Java. |
166 #if !defined(OS_CHROMEOS) | 193 #if !defined(OS_CHROMEOS) |
167 { "class", DANGEROUS }, | 194 {"class", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
168 { "jar", DANGEROUS }, | 195 {"jar", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
169 { "jnlp", DANGEROUS }, | 196 {"jnlp", DANGEROUS | EXCLUDE_FROM_AUTO_OPEN}, |
170 #endif | 197 #endif |
171 | 198 |
172 // Scripting languages. (Shells are handled below.) | 199 // Scripting languages. (Shells are handled below.) |
173 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) | 200 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) |
174 { "pl", ALLOW_ON_USER_GESTURE }, | 201 {"pl", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
175 { "py", ALLOW_ON_USER_GESTURE }, | 202 {"py", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
176 { "pyc", ALLOW_ON_USER_GESTURE }, | 203 {"pyc", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
177 { "pyw", ALLOW_ON_USER_GESTURE }, | 204 {"pyw", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
178 { "rb", ALLOW_ON_USER_GESTURE }, | 205 {"rb", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
179 #endif | 206 #endif |
180 | 207 |
181 // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above. | 208 // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above. |
182 #if defined(OS_POSIX) | 209 #if defined(OS_POSIX) |
183 { "bash", ALLOW_ON_USER_GESTURE }, | 210 {"bash", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
184 { "csh", ALLOW_ON_USER_GESTURE }, | 211 {"csh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
185 { "ksh", ALLOW_ON_USER_GESTURE }, | 212 {"ksh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
186 { "sh", ALLOW_ON_USER_GESTURE }, | 213 {"sh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
187 { "shar", ALLOW_ON_USER_GESTURE }, | 214 {"shar", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
188 { "tcsh", ALLOW_ON_USER_GESTURE }, | 215 {"tcsh", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
189 #endif | 216 #endif |
190 #if defined(OS_MACOSX) | 217 #if defined(OS_MACOSX) |
191 { "command", ALLOW_ON_USER_GESTURE }, | 218 {"command", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
192 #endif | 219 #endif |
193 | 220 |
194 // Package management formats. OS_WIN package formats are handled above. | 221 // Package management formats. OS_WIN package formats are handled above. |
195 #if defined(OS_MACOSX) || defined(OS_LINUX) | 222 #if defined(OS_MACOSX) || defined(OS_LINUX) |
196 { "pkg", ALLOW_ON_USER_GESTURE }, | 223 {"pkg", ALLOW_ON_USER_GESTURE}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
Hmmm. This is right at the boundary for me--I can
asanka
2015/06/12 20:12:52
Added.
| |
197 #endif | 224 #endif |
198 #if defined(OS_LINUX) | 225 #if defined(OS_LINUX) |
199 { "deb", ALLOW_ON_USER_GESTURE }, | 226 {"deb", ALLOW_ON_USER_GESTURE}, |
200 { "rpm", ALLOW_ON_USER_GESTURE }, | 227 {"rpm", ALLOW_ON_USER_GESTURE}, |
Randy Smith (Not in Mondays)
2015/06/09 19:40:04
I think that "opening" a package on Linux installs
asanka
2015/06/12 20:12:52
Added.
| |
201 #endif | 228 #endif |
202 #if defined(OS_ANDROID) | 229 #if defined(OS_ANDROID) |
203 { "dex", ALLOW_ON_USER_GESTURE }, // Really an executable format. | 230 {"dex", ALLOW_ON_USER_GESTURE | EXCLUDE_FROM_AUTO_OPEN}, |
palmer
2015/06/08 19:05:07
I'm actually not sure if Android even would direct
asanka
2015/06/09 00:38:10
Yeah. I added the flag for a couple of file types
| |
204 #endif | 231 #endif |
205 }; | 232 }; |
206 | 233 |
207 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | 234 int GetFileDangerFlags(const base::FilePath& path) { |
208 base::FilePath::StringType extension(path.FinalExtension()); | 235 base::FilePath::StringType extension(path.FinalExtension()); |
209 if (extension.empty()) | 236 if (extension.empty()) |
210 return NOT_DANGEROUS; | 237 return NO_EXTENSION; |
211 if (!base::IsStringASCII(extension)) | 238 if (!base::IsStringASCII(extension)) |
212 return NOT_DANGEROUS; | 239 return NOT_DANGEROUS; |
213 #if defined(OS_WIN) | 240 #if defined(OS_WIN) |
214 std::string ascii_extension = base::UTF16ToASCII(extension); | 241 std::string ascii_extension = base::UTF16ToASCII(extension); |
215 #elif defined(OS_POSIX) | 242 #elif defined(OS_POSIX) |
216 std::string ascii_extension = extension; | 243 std::string ascii_extension = extension; |
217 #endif | 244 #endif |
218 | 245 |
219 // Strip out leading dot if it's still there | 246 // Strip out leading dot if it's still there |
220 if (ascii_extension[0] == base::FilePath::kExtensionSeparator) | 247 if (ascii_extension[0] == base::FilePath::kExtensionSeparator) |
221 ascii_extension.erase(0, 1); | 248 ascii_extension.erase(0, 1); |
222 | 249 |
223 for (size_t i = 0; i < arraysize(g_executables); ++i) { | 250 for (const auto& file : g_executables) { |
224 if (LowerCaseEqualsASCII(ascii_extension, g_executables[i].extension)) | 251 if (LowerCaseEqualsASCII(ascii_extension, file.extension)) |
225 return g_executables[i].level; | 252 return file.danger_level_flags; |
226 } | 253 } |
254 | |
227 return NOT_DANGEROUS; | 255 return NOT_DANGEROUS; |
228 } | 256 } |
229 | 257 |
258 } // namespace | |
259 | |
260 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | |
261 int flags = GetFileDangerFlags(path); | |
262 return static_cast<DownloadDangerLevel>(flags & DOWNLOAD_DANGER_LEVEL_MASK); | |
263 } | |
264 | |
265 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { | |
266 int flags = GetFileDangerFlags(path); | |
267 return !(flags == NO_EXTENSION || (flags & EXCLUDE_FROM_AUTO_OPEN)); | |
268 } | |
269 | |
230 static const char* kExecutableWhiteList[] = { | 270 static const char* kExecutableWhiteList[] = { |
231 // JavaScript is just as powerful as EXE. | 271 // JavaScript is just as powerful as EXE. |
232 "text/javascript", | 272 "text/javascript", |
233 "text/javascript;version=*", | 273 "text/javascript;version=*", |
234 "text/html", | 274 "text/html", |
235 // Registry files can cause critical changes to the MS OS behavior. | 275 // Registry files can cause critical changes to the MS OS behavior. |
236 // Addition of this mimetype also addresses bug 7337. | 276 // Addition of this mimetype also addresses bug 7337. |
237 "text/x-registry", | 277 "text/x-registry", |
238 "text/x-sh", | 278 "text/x-sh", |
239 // Some sites use binary/octet-stream to mean application/octet-stream. | 279 // Some sites use binary/octet-stream to mean application/octet-stream. |
(...skipping 13 matching lines...) Expand all Loading... | |
253 return true; | 293 return true; |
254 } | 294 } |
255 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { | 295 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { |
256 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) | 296 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) |
257 return false; | 297 return false; |
258 } | 298 } |
259 // We consider only other application types to be executable. | 299 // We consider only other application types to be executable. |
260 return net::MatchesMimeType("application/*", mime_type); | 300 return net::MatchesMimeType("application/*", mime_type); |
261 } | 301 } |
262 | 302 |
263 | |
264 } // namespace download_util | 303 } // namespace download_util |
OLD | NEW |