[SafeBrowsing] Block dangerous unchecked downloads based on a Finch trial.

chrome/browser/safe_browsing/unverified_download_field_trial.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.  Use of this source
+// code is governed by a BSD-style license that can be found in the LICENSE
+// file.
+
+#include "chrome/browser/safe_browsing/unverified_download_field_trial.h"
+
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+#include "base/metrics/field_trial.h"
+#include "base/metrics/histogram.h"
+#include "base/strings/string_split.h"
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/safe_browsing/download_protection_util.h"
+#include "components/variations/variations_associated_data.h"
+
+namespace safe_browsing {
+
+const char kUnverifiedDownloadFieldTrialName[] =
+    "SafeBrowsingUnverifiedDownloads";
+
+const char kUnverifiedDownloadFieldTrialDisableAll[] = "DisableAll";
+const char kUnverifiedDownloadFieldTrialDisableByParameter[] =
+    "DisableByParameter";
+const char kUnverifiedDownloadFieldTrialDisableSBTypes[] = "DisableSBTypes";
+const char kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter[] =
+    "DisableSBTypesAndByParameter";
+
+const char kUnverifiedDownloadFieldTrialWhitelistParam[] = "whitelist";
+const char kUnverifiedDownloadFieldTrialBlacklistParam[] = "blacklist";
+
+namespace {
+
+bool MatchesExtensionList(const base::FilePath& needle,
+                          const std::string& haystack) {
+#if defined(OS_WIN)
+  const base::FilePath::StringType file_type_comma_separated_list =
+      base::UTF8ToUTF16(haystack);
+#else
+  const base::FilePath::StringType& file_type_comma_separated_list = haystack;
+#endif
+  std::vector<base::FilePath::StringPieceType> file_type_list =
+      base::SplitStringPiece(file_type_comma_separated_list,
+                             FILE_PATH_LITERAL(","), base::TRIM_WHITESPACE,
+                             base::SPLIT_WANT_NONEMPTY);
+  for (const auto& file_type_in_list : file_type_list) {
+    DCHECK(file_type_in_list.size() > 0 &&
+           file_type_in_list[0] == base::FilePath::kExtensionSeparator);
+    if (needle.MatchesExtension(file_type_in_list))
+      return true;
+  }
+  return false;
+}
+
+}  // namespace
+
+bool IsUnverifiedDownloadAllowedByFieldTrial(const base::FilePath& file) {
+  std::string group_name =
+      base::FieldTrialList::FindFullName(kUnverifiedDownloadFieldTrialName);
+
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kAllowUncheckedDangerousDownloads))
+    return true;
+
+  if (group_name == kUnverifiedDownloadFieldTrialDisableAll)
+    return false;
+
+  if (group_name == kUnverifiedDownloadFieldTrialDisableByParameter ||
+      group_name == kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter) {
+    std::map<std::string, std::string> parameters;
+    variations::GetVariationParams(kUnverifiedDownloadFieldTrialName,
+                                   &parameters);
+
+    if (parameters.count(kUnverifiedDownloadFieldTrialBlacklistParam) &&
+        MatchesExtensionList(
+            file, parameters[kUnverifiedDownloadFieldTrialBlacklistParam]))
+      return false;
+
+    if (parameters.count(kUnverifiedDownloadFieldTrialWhitelistParam) &&
+        MatchesExtensionList(
+            file, parameters[kUnverifiedDownloadFieldTrialWhitelistParam]))
+      return true;
+  }
+
+  if (group_name == kUnverifiedDownloadFieldTrialDisableSBTypes ||
+      group_name == kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter ||
+      base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisallowUncheckedDangerousDownloads))
+    return !download_protection_util::IsSupportedBinaryFile(file);
+
+  return true;
+}
+
+}  // namespace safe_browsing