Implement mimetype sniffing for extensions.

net/base/mime_sniffer.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Detecting mime types is a tricky business because we need to balance
 // compatibility concerns with security issues.  Here is a survey of how other
 // browsers behave and then a description of how we intend to behave.
 //
 // HTML payload, no Content-Type header:
 // * IE 7: Render as HTML
@@ skipping 238 matching lines @@
     return true;
   }
   return false;
 }
 
 static bool CheckForMagicNumbers(const char* content, size_t size,
                                  const MagicNumber* magic, size_t magic_len,
                                  Histogram* counter, std::string* result) {
   for (size_t i = 0; i < magic_len; ++i) {
     if (MatchMagicNumber(content, size, &(magic[i]), result)) {
-      counter->Add(static_cast<int>(i));
+      if (counter) counter->Add(static_cast<int>(i));
       return true;
     }
   }
   return false;
 }
 
 static bool SniffForHTML(const char* content, size_t size,
                          std::string* result) {
   // We adopt a strategy similar to that used by Mozilla to sniff HTML tags,
   // but with some modifications to better match the HTML5 spec.
@@ skipping 161 matching lines @@
     }
   }
   if (mime_type.find('/') == std::string::npos) {
     // Firefox rejects a mime type if it does not contain a slash
     counter.Add(arraysize(kUnknownMimeTypes));
     return true;
   }
   return false;
 }
 
+// Sniff a crx (chrome extension) file.
+static bool SniffCRX(const char* content, size_t content_size, const GURL& url,
+                     const std::string& type_hint, std::string* result) {
+  static SnifferHistogram counter("mime_sniffer.kSniffCRX", 3);
+
+  // Technically, the crx magic number is just Cr24, but the bytes after that
+  // are a version number which changes infrequently. Including it in the
+  // sniffing gives us less room for error. If the version number ever changes,
+  // we can just add an entry to this list.
+  //
+  // TODO(aa): If we ever have another magic number, we'll want to pass a
+  // histogram into CheckForMagicNumbers(), below, to see which one matched.
+  const struct MagicNumber kCRXMagicNumbers[] = {
+    MAGIC_NUMBER("application/x-chrome-extension", "Cr24\x02\x00\x00\x00")
+  };
+
+  // Only consider files that have the extension ".crx".
+  const char kCRXExtension[] = ".crx";
+  const int kExtensionLength = arraysize(kCRXExtension) - 1;  // ignore null
+  if (url.path().rfind(kCRXExtension, std::string::npos, kExtensionLength) ==
+      url.path().size() - kExtensionLength) {
+    counter.Add(1);
+  } else {
+    return false;
+  }
+
+  if (CheckForMagicNumbers(content, content_size,
+                           kCRXMagicNumbers, arraysize(kCRXMagicNumbers),
+                           NULL, result)) {
+    counter.Add(2);
+  } else {
+    return false;
+  }
+
+  return true;
+}
+
 bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
   static SnifferHistogram should_sniff_counter(
       "mime_sniffer.ShouldSniffMimeType2", 3);
   // We are willing to sniff the mime type for HTTP, HTTPS, and FTP
   bool sniffable_scheme = url.is_empty() ||
                           url.SchemeIs("http") ||
                           url.SchemeIs("https") ||
                           url.SchemeIs("ftp");
   if (!sniffable_scheme) {
     should_sniff_counter.Add(1);
     return false;
   }
 
   static const char* kSniffableTypes[] = {
     // Many web servers are misconfigured to send text/plain for many
     // different types of content.
     "text/plain",
     // IIS 4.0 and 5.0 send application/octet-stream when serving .xhtml
     // files.  Firefox 2.0 does not sniff xhtml here, but Safari 3,
     // Opera 9, and IE do.
     "application/octet-stream",
     // XHTML and Atom/RSS feeds are often served as plain xml instead of
     // their more specific mime types.
     "text/xml",
     "application/xml",
-  };
+  };  
   static SnifferHistogram counter("mime_sniffer.kSniffableTypes2",
                                   arraysize(kSniffableTypes) + 1);
   for (size_t i = 0; i < arraysize(kSniffableTypes); ++i) {
     if (mime_type == kSniffableTypes[i]) {
       counter.Add(i);
       should_sniff_counter.Add(2);
       return true;
     }
   }
   if (IsUnknownMimeType(mime_type)) {
@@ skipping 51 matching lines @@
   // If we have plain XML, sniff XML subtypes.
   if (type_hint == "text/xml" || type_hint == "application/xml") {
     // We're not interested in sniffing these types for images and the like.
     // Instead, we're looking explicitly for a feed.  If we don't find one we're
     // done and return early.
     if (SniffXML(content, content_size, result))
       return true;
     return content_size >= kMaxBytesToSniff;
   }
 
+  // CRX files (chrome extensions) have a special sniffing algorithm. It is
+  // tighter than the others because we don't have to match legacy behavior.
+  if (SniffCRX(content, content_size, url, type_hint, result))
+    return true;
+
   // Now we look in our large table of magic numbers to see if we can find
   // anything that matches the content.
   if (SniffForMagicNumbers(content, content_size, result))
     return true;  // We've matched a magic number.  No more content needed.
 
   // Having failed thus far, we're willing to override unknown mime types and
   // text/plain.
   if (hint_is_unknown_mime_type || hint_is_text_plain) {
     if (looks_binary)
       result->assign("application/octet-stream");
     else
       result->assign("text/plain");
     // We could change our mind if a binary-looking byte appears later in
     // the content, so we only have enough content if we have the max.
     return content_size >= kMaxBytesToSniff;
   }
 
   return have_enough_content;
 }
 
 }  // namespace net