Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(545)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/download/save_page_browsertest.cc

Issue 2060923002: Neutralize dangerous subresource files during Save Page. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@save-package-cleanup-1
Patch Set: Add a note to safe_browsing/README.md about "Save as" downloads Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/download/chrome_download_manager_delegate.cc ('k') | chrome/browser/resources/safe_browsing/README.md » ('j') | chrome/browser/resources/safe_browsing/README.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 #include <stdint.h> 6 #include <stdint.h>
7 #include <string> 7 #include <string>
8 #include <utility> 8 #include <utility>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 744 matching lines...) Expand 10 before | Expand all | Expand 10 after
755 loop_runner->Run(); 755 loop_runner->Run();
756 base::FilePath download_dir = DownloadPrefs::FromDownloadManager( 756 base::FilePath download_dir = DownloadPrefs::FromDownloadManager(
757 GetDownloadManager())->DownloadPath(); 757 GetDownloadManager())->DownloadPath();
758 base::FilePath filename = download_dir.AppendASCII("dataurl.txt"); 758 base::FilePath filename = download_dir.AppendASCII("dataurl.txt");
759 ASSERT_TRUE(base::PathExists(filename)); 759 ASSERT_TRUE(base::PathExists(filename));
760 std::string contents; 760 std::string contents;
761 EXPECT_TRUE(base::ReadFileToString(filename, &contents)); 761 EXPECT_TRUE(base::ReadFileToString(filename, &contents));
762 EXPECT_EQ("foo", contents); 762 EXPECT_EQ("foo", contents);
763 } 763 }
764 764
765 // If a save-page-complete operation results in creating subresources that would
766 // otherwise be considered dangerous, such files should get a .download
767 // extension appended so that they won't be accidentally executed by the user.
768 IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, DangerousSubresources) {
769 GURL url =
770 URLRequestMockHTTPJob::GetMockUrl("/save_page/dubious-subresources.html");
771
772 ui_test_utils::NavigateToURL(browser(), url);
773 base::FilePath full_file_name, dir;
774 SaveCurrentTab(url, content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML,
775 "dubious-subresources", 2, &dir, &full_file_name);
776 ASSERT_FALSE(HasFailure());
777
778 EXPECT_TRUE(base::PathExists(full_file_name));
779 EXPECT_TRUE(base::PathExists(dir.AppendASCII("not-a-crx.crx.download")));
780 }
781
765 // Test that we don't crash when the page contains an iframe that 782 // Test that we don't crash when the page contains an iframe that
766 // was handled as a download (http://crbug.com/42212). 783 // was handled as a download (http://crbug.com/42212).
767 IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, SaveDownloadableIFrame) { 784 IN_PROC_BROWSER_TEST_F(SavePageBrowserTest, SaveDownloadableIFrame) {
768 GURL url = URLRequestMockHTTPJob::GetMockUrl( 785 GURL url = URLRequestMockHTTPJob::GetMockUrl(
769 "downloads/iframe-src-is-a-download.htm"); 786 "downloads/iframe-src-is-a-download.htm");
770 787
771 // Wait for and then dismiss the non-save-page-as-related download item 788 // Wait for and then dismiss the non-save-page-as-related download item
772 // (the one associated with downloading of "thisdayinhistory.xls" file). 789 // (the one associated with downloading of "thisdayinhistory.xls" file).
773 { 790 {
774 GURL download_url("http://mock.http/downloads/thisdayinhistory.xls"); 791 GURL download_url("http://mock.http/downloads/thisdayinhistory.xls");
(...skipping 471 matching lines...) Expand 10 before | Expand all | Expand 10 after
1246 TestOriginalVsSavedPage(save_page_type, url, 1, expected_substrings); 1263 TestOriginalVsSavedPage(save_page_type, url, 1, expected_substrings);
1247 } 1264 }
1248 1265
1249 INSTANTIATE_TEST_CASE_P( 1266 INSTANTIATE_TEST_CASE_P(
1250 SaveType, 1267 SaveType,
1251 SavePageOriginalVsSavedComparisonTest, 1268 SavePageOriginalVsSavedComparisonTest,
1252 ::testing::Values(content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML, 1269 ::testing::Values(content::SAVE_PAGE_TYPE_AS_COMPLETE_HTML,
1253 content::SAVE_PAGE_TYPE_AS_MHTML)); 1270 content::SAVE_PAGE_TYPE_AS_MHTML));
1254 1271
1255 } // namespace 1272 } // namespace
OLDNEW
« no previous file with comments | « chrome/browser/download/chrome_download_manager_delegate.cc ('k') | chrome/browser/resources/safe_browsing/README.md » ('j') | chrome/browser/resources/safe_browsing/README.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698