| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
| 9 | 9 |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, | 64 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 65 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, | 65 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 66 | 66 |
| 67 // Chrome extensions should be obtained through the web store. Allowed to | 67 // Chrome extensions should be obtained through the web store. Allowed to |
| 68 // open automatically because Chrome displays a prompt prior to | 68 // open automatically because Chrome displays a prompt prior to |
| 69 // installation. | 69 // installation. |
| 70 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 70 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 71 | 71 |
| 72 // Included for parity with kSafeBrowsingFileTypes. | 72 // Included for parity with kSafeBrowsingFileTypes. |
| 73 {"bin", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 73 {"bin", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 74 {"rtf", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 74 | 75 |
| 75 // Archive file types. Not inherently dangerous, but could contain dangerous | 76 // Archive file types. Not inherently dangerous, but could contain dangerous |
| 76 // files. Included for parity with kSafeBrowsingFileTypes. | 77 // files. Included for parity with kSafeBrowsingFileTypes. |
| 77 {"001", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 78 {"001", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 78 {"7z", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 79 {"7z", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 79 {"ace", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 80 {"ace", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 80 {"arc", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 81 {"arc", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 81 {"arj", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 82 {"arj", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 82 {"b64", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 83 {"b64", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 83 {"balz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 84 {"balz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 226 | 227 |
| 227 // Control panel tool. Executable. | 228 // Control panel tool. Executable. |
| 228 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 229 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 229 | 230 |
| 230 // Signed certificate file. | 231 // Signed certificate file. |
| 231 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 232 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 232 | 233 |
| 233 // Windows executables. | 234 // Windows executables. |
| 234 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, | 235 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 235 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, | 236 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 237 |
| 238 // Opens in Outlook. Not common, but could be exploited (CVE-2015-6172) |
| 239 {"eml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 240 |
| 241 // Windows executable |
| 236 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 242 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 237 | 243 |
| 238 // Font file, uses Portable Executable or New Executable format. Not | 244 // Font file, uses Portable Executable or New Executable format. Not |
| 239 // supposed to contain executable code. | 245 // supposed to contain executable code. |
| 240 {"fon", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 246 {"fon", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 241 | 247 |
| 242 // Microsoft FoxPro Compiled Source. | 248 // Microsoft FoxPro Compiled Source. |
| 243 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 249 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 244 | 250 |
| 245 // Windows Sidebar Gadget (Vista & Win 7). ZIP archive containing html + js. | 251 // Windows Sidebar Gadget (Vista & Win 7). ZIP archive containing html + js. |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 309 // Multipart HTML. | 315 // Multipart HTML. |
| 310 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 316 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 311 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 317 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 312 | 318 |
| 313 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 319 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 314 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, | 320 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 315 | 321 |
| 316 // Microsoft Management Console Snap-in. Contains executable code. | 322 // Microsoft Management Console Snap-in. Contains executable code. |
| 317 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 323 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 318 | 324 |
| 325 // Opens in Outlook. Not common, but could be exploited (CVE-2015-6172) |
| 326 {"msg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 327 |
| 319 // Microsoft Shell. | 328 // Microsoft Shell. |
| 320 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 329 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 321 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 330 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 322 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 331 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 323 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 332 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 324 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 333 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 325 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 334 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 326 | 335 |
| 327 // Windows Installer. | 336 // Windows Installer. |
| 328 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 337 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 329 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 338 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 330 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 339 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 331 | 340 |
| 332 // ActiveX Control. | 341 // ActiveX Control. |
| 333 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, | 342 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 334 | 343 |
| 335 // Microsoft Office Profile Settings File. | 344 // Microsoft Office Profile Settings File. |
| 336 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 345 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 337 | 346 |
| 338 // Portable Application Installer File. | 347 // Portable Application Installer File. |
| 339 {"paf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 348 {"paf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 340 | 349 |
| 341 // Extensions that will open in IE even when chrome is set as default | 350 // Extensions that will open in IE even when chrome is set as default |
| 342 // browser. | 351 // browser. |
| 343 {"partial", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 352 {"partial", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 344 {"xrm-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 353 {"xrm-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 354 {"rels", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 345 {"svg", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, | 355 {"svg", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, |
| 346 {"xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 356 {"xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 347 {"xsl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 357 {"xsl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 348 | 358 |
| 349 // Microsoft Visual Test. | 359 // Microsoft Visual Test. |
| 350 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 360 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 351 | 361 |
| 352 // Program Information File. Originally intended to configure execution | 362 // Program Information File. Originally intended to configure execution |
| 353 // environment for legacy DOS files. They aren't meant to contain executable | 363 // environment for legacy DOS files. They aren't meant to contain executable |
| 354 // code. But Windows may execute a PIF file that is sniffed as a PE file. | 364 // code. But Windows may execute a PIF file that is sniffed as a PE file. |
| (...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 542 | 552 |
| 543 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | 553 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { |
| 544 return GetFileType(path).danger_level; | 554 return GetFileType(path).danger_level; |
| 545 } | 555 } |
| 546 | 556 |
| 547 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { | 557 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { |
| 548 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; | 558 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; |
| 549 } | 559 } |
| 550 | 560 |
| 551 } // namespace download_util | 561 } // namespace download_util |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1577533002:
Add download pings for: .rels, .msg, .eml. Add UMA for .rtf. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master