Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7487)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/unverified_download_field_trial.cc

Issue 1409003002: [SafeBrowsing] Block dangerous unchecked downloads based on a Finch trial. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/safe_browsing/unverified_download_field_trial.h ('k') | chrome/browser/safe_browsing/unverified_download_field_trial_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/unverified_download_field_trial.cc
diff --git a/chrome/browser/safe_browsing/unverified_download_field_trial.cc b/chrome/browser/safe_browsing/unverified_download_field_trial.cc
new file mode 100644
index 0000000000000000000000000000000000000000..6086ab93219122e3479f34a7d94e7891aec27dbf
--- /dev/null
+++ b/chrome/browser/safe_browsing/unverified_download_field_trial.cc
@@ -0,0 +1,95 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/safe_browsing/unverified_download_field_trial.h"
+
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+#include "base/metrics/field_trial.h"
+#include "base/metrics/histogram.h"
+#include "base/strings/string_split.h"
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/safe_browsing/download_protection_util.h"
+#include "components/variations/variations_associated_data.h"
+
+namespace safe_browsing {
+
+const char kUnverifiedDownloadFieldTrialName[] =
+ "SafeBrowsingUnverifiedDownloads";
+
+const char kUnverifiedDownloadFieldTrialDisableAll[] = "DisableAll";
+const char kUnverifiedDownloadFieldTrialDisableByParameter[] =
+ "DisableByParameter";
+const char kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter[] =
+ "DisableSBTypesAndByParameter";
+
+const char kUnverifiedDownloadFieldTrialWhitelistParam[] = "whitelist";
+const char kUnverifiedDownloadFieldTrialBlacklistParam[] = "blacklist";
+
+namespace {
+
+bool MatchesExtensionList(const base::FilePath& needle,
+ const std::string& haystack) {
+#if defined(OS_WIN)
+ const base::FilePath::StringType comma_separated_extensions =
+ base::UTF8ToUTF16(haystack);
+#else
+ const base::FilePath::StringType& comma_separated_extensions = haystack;
+#endif
+ std::vector<base::FilePath::StringPieceType> extension_list =
+ base::SplitStringPiece(comma_separated_extensions, FILE_PATH_LITERAL(","),
+ base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
+ for (const auto& extension : extension_list) {
+ // This shouldn't happen, but check anyway in case the parameter is
+ // accidentally malformed. The underlying FilePath implementation expects
+ // the extension to begin with an extension separator.
+ if (extension.size() == 0 ||
+ extension[0] != base::FilePath::kExtensionSeparator)
+ continue;
+ if (needle.MatchesExtension(extension))
+ return true;
+ }
+ return false;
+}
+
+} // namespace
+
+bool IsUnverifiedDownloadAllowedByFieldTrial(const base::FilePath& file) {
+ std::string group_name =
+ base::FieldTrialList::FindFullName(kUnverifiedDownloadFieldTrialName);
+
+ if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kAllowUncheckedDangerousDownloads))
+ return true;
+
+ if (group_name == kUnverifiedDownloadFieldTrialDisableAll)
+ return false;
+
+ if (group_name == kUnverifiedDownloadFieldTrialDisableByParameter ||
+ group_name == kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter) {
+ std::map<std::string, std::string> parameters;
+ variations::GetVariationParams(kUnverifiedDownloadFieldTrialName,
+ &parameters);
+
+ if (parameters.count(kUnverifiedDownloadFieldTrialBlacklistParam) &&
+ MatchesExtensionList(
+ file, parameters[kUnverifiedDownloadFieldTrialBlacklistParam]))
+ return false;
+
+ if (parameters.count(kUnverifiedDownloadFieldTrialWhitelistParam) &&
+ MatchesExtensionList(
+ file, parameters[kUnverifiedDownloadFieldTrialWhitelistParam]))
+ return true;
+ }
+
+ if (group_name == kUnverifiedDownloadFieldTrialDisableSBTypesAndByParameter ||
+ base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kDisallowUncheckedDangerousDownloads))
+ return !download_protection_util::IsSupportedBinaryFile(file);
+
+ return true;
+}
+
+} // namespace safe_browsing
« no previous file with comments | « chrome/browser/safe_browsing/unverified_download_field_trial.h ('k') | chrome/browser/safe_browsing/unverified_download_field_trial_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698