[SafeBrowsing] Block dangerous unchecked downloads based on a Finch trial.

chrome/browser/file_select_helper.cc

Index: chrome/browser/file_select_helper.cc
diff --git a/chrome/browser/file_select_helper.cc b/chrome/browser/file_select_helper.cc
index 034ec98cf8247f908577b714fc3192898eec8e8a..f1d15f4f3cf47f9bdeea45ea23a41f62e9158298 100644
--- a/chrome/browser/file_select_helper.cc
+++ b/chrome/browser/file_select_helper.cc
@@ -32,6 +32,7 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/file_chooser_file_info.h"
 #include "content/public/common/file_chooser_params.h"
+#include "net/base/filename_util.h"
 #include "net/base/mime_util.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/shell_dialogs/selected_file_info.h"
@@ -41,6 +42,10 @@
 #include "content/public/browser/site_instance.h"
 #endif
 
+#if defined(FULL_SAFE_BROWSING)
+#include "chrome/browser/safe_browsing/unverified_download_policy.h"
+#endif
+
 using content::BrowserThread;
 using content::FileChooserParams;
 using content::RenderViewHost;
@@ -402,6 +407,13 @@ void FileSelectHelper::RunFileChooser(RenderViewHost* render_view_host,
                                       const FileChooserParams& params) {
   DCHECK(!render_view_host_);
   DCHECK(!web_contents_);
+  DCHECK(params.default_file_name.empty() ||
+         params.mode == FileChooserParams::Save)
+      << "The default_file_name parameter should only be specified for Save "
+         "file choosers";
+  DCHECK(params.default_file_name == params.default_file_name.BaseName())
+      << "The default_file_name parameter should not contain path separators";
+
   render_view_host_ = render_view_host;
   web_contents_ = web_contents;
   notification_registrar_.RemoveAll();
@@ -441,6 +453,18 @@ void FileSelectHelper::RunFileChooserOnUIThread(
     return;
   }
 
+  base::FilePath default_file_path = profile_->last_selected_directory().Append(
+      GetSanitizedFileName(params.default_file_name));
+
+#if defined(FULL_SAFE_BROWSING)
+  if (params.mode == FileChooserParams::Save &&
+      !params.default_file_name.empty() &&
+      !safe_browsing::IsUnverifiedDownloadAllowed(default_file_path)) {
+    NotifyRenderViewHostAndEnd(std::vector<ui::SelectedFileInfo>());
+    return;
+  }
+#endif
+
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_contents_));
   if (!select_file_dialog_.get())
@@ -466,10 +490,6 @@ void FileSelectHelper::RunFileChooserOnUIThread(
       NOTREACHED();
   }
 
-  base::FilePath default_file_name = params.default_file_name.IsAbsolute() ?
-      params.default_file_name :
-      profile_->last_selected_directory().Append(params.default_file_name);
-
   gfx::NativeWindow owning_window = platform_util::GetTopLevel(
       render_view_host_->GetWidget()->GetView()->GetNativeView());
 
@@ -480,10 +500,7 @@ void FileSelectHelper::RunFileChooserOnUIThread(
 #endif
 
   select_file_dialog_->SelectFile(
-      dialog_type_,
-      params.title,
-      default_file_name,
-      select_file_types_.get(),
+      dialog_type_, params.title, default_file_path, select_file_types_.get(),
       select_file_types_.get() && !select_file_types_->extensions.empty()
           ? 1
           : 0,  // 1-based index of default extension to show.
@@ -572,3 +589,13 @@ bool FileSelectHelper::IsAcceptTypeValid(const std::string& accept_type) {
   }
   return true;
 }
+
+// static
+base::FilePath FileSelectHelper::GetSanitizedFileName(
+    const base::FilePath& suggested_filename) {
+  if (suggested_filename.empty())
+    return base::FilePath();
+  return net::GenerateFileName(
+      GURL(), std::string(), std::string(), suggested_filename.AsUTF8Unsafe(),
+      std::string(), l10n_util::GetStringUTF8(IDS_DEFAULT_DOWNLOAD_FILENAME));
+}