Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1613483003: [SafeBrowsing] Alternate extensions should also be subject to block list. (Closed)

Created:
4 years, 11 months ago by asanka
Modified:
4 years, 10 months ago
CC:
chromium-reviews, grt+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

[SafeBrowsing] Alternate extensions should also be subject to block list. FileSelectHelper subjects suggested filenames to the safe browsing white/black lists prior to showing the file picker. However, if the list of accepted file types passed in to the file picker is not empty, and the suggested filename doesn't match the accepted file types, the file picker may append an accpeted file extension to the suggested filename. In order to prevent this from being abused, this CL causes FileSelectHelper to also verify that the list of accepted file types is also safe. R=sky,nparker,bbudge,holte BUG=575849 Committed: https://crrev.com/78ff0a5433b1c9f6fd2e3cddfc7e9cb28d809853 Cr-Commit-Position: refs/heads/master@{#371997}

Patch Set 1 #

Total comments: 5

Patch Set 2 : Add UMA for size of alternate extension list #

Total comments: 4

Patch Set 3 : Avoid a logarithmic bucket distribution. #

Patch Set 4 : Switch to a sparse histogram. #

Total comments: 2

Patch Set 5 : Set a hard limit on measured alternate extension count. #

Total comments: 2

Patch Set 6 : Fix comment in histograms.xml #

Unified diffs Side-by-side diffs Delta from patch set Stats (+136 lines, -22 lines) Patch
M chrome/browser/file_select_helper.cc View 1 chunk +10 lines, -2 lines 0 comments Download
M chrome/browser/safe_browsing/unverified_download_field_trial.cc View 1 chunk +0 lines, -1 line 0 comments Download
M chrome/browser/safe_browsing/unverified_download_policy.h View 2 chunks +7 lines, -5 lines 0 comments Download
M chrome/browser/safe_browsing/unverified_download_policy.cc View 1 2 3 4 4 chunks +34 lines, -8 lines 0 comments Download
M chrome/browser/safe_browsing/unverified_download_policy_unittest.cc View 1 2 chunks +43 lines, -6 lines 0 comments Download
M chrome/test/ppapi/ppapi_filechooser_browsertest.cc View 1 chunk +10 lines, -0 lines 0 comments Download
M ppapi/tests/test_file_chooser.h View 1 chunk +1 line, -0 lines 0 comments Download
M ppapi/tests/test_file_chooser.cc View 2 chunks +22 lines, -0 lines 0 comments Download
M tools/metrics/histograms/histograms.xml View 1 2 3 4 5 1 chunk +9 lines, -0 lines 0 comments Download

Messages

Total messages: 30 (10 generated)
asanka
PTAL? nparker: chrome/browser/safe_browsing/unverified_download_field_trial.cc chrome/browser/safe_browsing/unverified_download_policy.cc chrome/browser/safe_browsing/unverified_download_policy.h chrome/browser/safe_browsing/unverified_download_policy_unittest.cc bbudge: chrome/test/ppapi/ppapi_filechooser_browsertest.cc ppapi/tests/test_file_chooser.cc ppapi/tests/test_file_chooser.h sky: chrome/browser/file_select_helper.cc
4 years, 11 months ago (2016-01-21 01:22:19 UTC) #4
Nathan Parker
lgtm for safe_browsing/ https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc File chrome/browser/file_select_helper.cc (right): https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc#newcode445 chrome/browser/file_select_helper.cc:445: select_file_types_ = GetFileTypesFromAcceptType(params->accept_types); Do we know ...
4 years, 11 months ago (2016-01-21 01:32:27 UTC) #5
asanka
https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc File chrome/browser/file_select_helper.cc (right): https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc#newcode445 chrome/browser/file_select_helper.cc:445: select_file_types_ = GetFileTypesFromAcceptType(params->accept_types); On 2016/01/21 01:32:26, nparker wrote: > ...
4 years, 11 months ago (2016-01-21 01:37:10 UTC) #6
Nathan Parker
https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc File chrome/browser/file_select_helper.cc (right): https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc#newcode445 chrome/browser/file_select_helper.cc:445: select_file_types_ = GetFileTypesFromAcceptType(params->accept_types); On 2016/01/21 01:37:10, asanka wrote: > ...
4 years, 11 months ago (2016-01-21 17:11:15 UTC) #7
bbudge
Pepper LGTM
4 years, 11 months ago (2016-01-21 17:58:35 UTC) #8
sky
https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc File chrome/browser/file_select_helper.cc (right): https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc#newcode462 chrome/browser/file_select_helper.cc:462: for (const auto& extensions : select_file_types_->extensions) { Isn't this ...
4 years, 11 months ago (2016-01-21 20:13:15 UTC) #9
asanka
https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc File chrome/browser/file_select_helper.cc (right): https://codereview.chromium.org/1613483003/diff/1/chrome/browser/file_select_helper.cc#newcode462 chrome/browser/file_select_helper.cc:462: for (const auto& extensions : select_file_types_->extensions) { On 2016/01/21 ...
4 years, 11 months ago (2016-01-21 20:25:35 UTC) #10
sky
My mistake, LGTM
4 years, 11 months ago (2016-01-21 20:40:25 UTC) #11
asanka
sky, bbudge: Thanks! nparker: I added a measurement for the size of the alternate extension ...
4 years, 11 months ago (2016-01-21 21:44:10 UTC) #15
Nathan Parker
https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode135 chrome/browser/safe_browsing/unverified_download_policy.cc:135: alternate_extensions.size() + 1, 1, 31, 32); Thanks. I'm curious: ...
4 years, 11 months ago (2016-01-21 21:47:43 UTC) #16
asanka
https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode135 chrome/browser/safe_browsing/unverified_download_policy.cc:135: alternate_extensions.size() + 1, 1, 31, 32); On 2016/01/21 21:47:43, ...
4 years, 11 months ago (2016-01-21 22:08:47 UTC) #17
Steven Holte
https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode135 chrome/browser/safe_browsing/unverified_download_policy.cc:135: alternate_extensions.size() + 1, 1, 31, 32); On 2016/01/21 22:08:47, ...
4 years, 11 months ago (2016-01-22 23:50:49 UTC) #18
asanka
https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/20001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode135 chrome/browser/safe_browsing/unverified_download_policy.cc:135: alternate_extensions.size() + 1, 1, 31, 32); On 2016/01/22 23:50:49, ...
4 years, 11 months ago (2016-01-23 04:42:59 UTC) #19
Steven Holte
https://codereview.chromium.org/1613483003/diff/60001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/60001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode134 chrome/browser/safe_browsing/unverified_download_policy.cc:134: alternate_extensions.size()); Is there a hard limit somewhere on how ...
4 years, 11 months ago (2016-01-25 18:57:29 UTC) #20
asanka
https://codereview.chromium.org/1613483003/diff/60001/chrome/browser/safe_browsing/unverified_download_policy.cc File chrome/browser/safe_browsing/unverified_download_policy.cc (right): https://codereview.chromium.org/1613483003/diff/60001/chrome/browser/safe_browsing/unverified_download_policy.cc#newcode134 chrome/browser/safe_browsing/unverified_download_policy.cc:134: alternate_extensions.size()); On 2016/01/25 18:57:29, Steven Holte wrote: > Is ...
4 years, 11 months ago (2016-01-25 19:53:42 UTC) #21
Steven Holte
lgtm with summary update https://codereview.chromium.org/1613483003/diff/80001/tools/metrics/histograms/histograms.xml File tools/metrics/histograms/histograms.xml (right): https://codereview.chromium.org/1613483003/diff/80001/tools/metrics/histograms/histograms.xml#newcode40641 tools/metrics/histograms/histograms.xml:40641: + Count of alternate extensions ...
4 years, 11 months ago (2016-01-26 22:27:44 UTC) #22
asanka
Thanks! https://codereview.chromium.org/1613483003/diff/80001/tools/metrics/histograms/histograms.xml File tools/metrics/histograms/histograms.xml (right): https://codereview.chromium.org/1613483003/diff/80001/tools/metrics/histograms/histograms.xml#newcode40641 tools/metrics/histograms/histograms.xml:40641: + Count of alternate extensions + 1 that ...
4 years, 10 months ago (2016-01-28 02:29:22 UTC) #25
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1613483003/100001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1613483003/100001
4 years, 10 months ago (2016-01-28 02:29:26 UTC) #26
commit-bot: I haz the power
Committed patchset #6 (id:100001)
4 years, 10 months ago (2016-01-28 03:48:47 UTC) #28
commit-bot: I haz the power
4 years, 10 months ago (2016-01-28 03:49:49 UTC) #30
Message was sent while issue was closed. 
Patchset 6 (id:??) landed as
https://crrev.com/78ff0a5433b1c9f6fd2e3cddfc7e9cb28d809853
Cr-Commit-Position: refs/heads/master@{#371997}

Powered by Google App Engine
This is Rietveld 408576698