[SafeBrowsing] Alternate extensions should also be subject to block list.

chrome/browser/safe_browsing/unverified_download_policy.cc

Index: chrome/browser/safe_browsing/unverified_download_policy.cc
diff --git a/chrome/browser/safe_browsing/unverified_download_policy.cc b/chrome/browser/safe_browsing/unverified_download_policy.cc
index f13752b67ecca8ad92833840015ff697258246a0..a7ce65262241cd699bd605707a052ed654a1ef4f 100644
--- a/chrome/browser/safe_browsing/unverified_download_policy.cc
+++ b/chrome/browser/safe_browsing/unverified_download_policy.cc
@@ -60,23 +60,38 @@ void RespondWithPolicy(
                        uma_file_type, requestor);
   }
   BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
-                                   base::Bind(callback, policy));
+                          base::Bind(callback, policy));
 }
 
 void CheckFieldTrialOnAnyThread(
     const base::FilePath& file,
+    const std::vector<base::FilePath::StringType>& alternate_extensions,
     const GURL& requestor,
     const UnverifiedDownloadCheckCompletionCallback& callback) {
-  bool is_allowed = IsUnverifiedDownloadAllowedByFieldTrial(file);
-  RespondWithPolicy(file, callback, requestor, is_allowed
-                                        ? UnverifiedDownloadPolicy::ALLOWED
-                                        : UnverifiedDownloadPolicy::DISALLOWED);
+  if (!IsUnverifiedDownloadAllowedByFieldTrial(file)) {
+    RespondWithPolicy(file, callback, requestor,
+                      UnverifiedDownloadPolicy::DISALLOWED);
+    return;
+  }
+
+  for (const auto& extension : alternate_extensions) {
+    base::FilePath alternate_filename = file.AddExtension(extension);
+    if (!IsUnverifiedDownloadAllowedByFieldTrial(alternate_filename)) {
+      RespondWithPolicy(alternate_filename, callback, requestor,
+                        UnverifiedDownloadPolicy::DISALLOWED);
+      return;
+    }
+  }
+
+  RespondWithPolicy(file, callback, requestor,
+                    UnverifiedDownloadPolicy::ALLOWED);
 }
 
 void CheckWhitelistOnIOThread(
     scoped_refptr<SafeBrowsingService> service,
     const GURL& requestor,
     const base::FilePath& file,
+    const std::vector<base::FilePath::StringType>& alternate_extensions,
     const UnverifiedDownloadCheckCompletionCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   int uma_file_type =
@@ -104,7 +119,7 @@ void CheckWhitelistOnIOThread(
     return;
   }
 
-  CheckFieldTrialOnAnyThread(file, requestor, callback);
+  CheckFieldTrialOnAnyThread(file, alternate_extensions, requestor, callback);
 }
 
 }  // namespace
@@ -112,18 +127,22 @@ void CheckWhitelistOnIOThread(
 void CheckUnverifiedDownloadPolicy(
     const GURL& requestor,
     const base::FilePath& file,
+    const std::vector<base::FilePath::StringType>& alternate_extensions,
     const UnverifiedDownloadCheckCompletionCallback& callback) {
+  UMA_HISTOGRAM_SPARSE_SLOWLY(
+      "SafeBrowsing.UnverifiedDownloads.AlternateExtensionCount",
+      alternate_extensions.size());

[Steven Holte, 2016/01/25 18:57:29]

Is there a hard limit somewhere on how large this can be?  The data will be
harder to process if we get many distinct values, so it would be good to add
std::min(some_limit, alternate_extensions.size()) before recording.

[asanka, 2016/01/25 19:53:42]

Done. I added a limit of 16.

   if (requestor.is_valid()) {
     scoped_refptr<SafeBrowsingService> service =
         g_browser_process->safe_browsing_service();
     BrowserThread::PostTask(
         BrowserThread::IO, FROM_HERE,
         base::Bind(&CheckWhitelistOnIOThread, service, requestor, file,
-                   callback));
+                   alternate_extensions, callback));
     return;
   }
 
-  CheckFieldTrialOnAnyThread(file, GURL(), callback);
+  CheckFieldTrialOnAnyThread(file, alternate_extensions, GURL(), callback);
 }
 
 }  // namespace safe_browsing