Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(822)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/download/chrome_download_manager_delegate.cc

Issue 2060923002: Neutralize dangerous subresource files during Save Page. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@save-package-cleanup-1
Patch Set: Add a DCHECK to verify that sanitization doesn't affect containing directory. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/download/chrome_download_manager_delegate.h ('k') | chrome/browser/download/save_page_browsertest.cc » ('j') | content/browser/download/save_package.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/download/chrome_download_manager_delegate.cc
diff --git a/chrome/browser/download/chrome_download_manager_delegate.cc b/chrome/browser/download/chrome_download_manager_delegate.cc
index 4819efc41ff4c4aad3f8e04a819c1181bbabcbcb..50a79b969ae9d168505037a4829c22fc37c52588 100644
--- a/chrome/browser/download/chrome_download_manager_delegate.cc
+++ b/chrome/browser/download/chrome_download_manager_delegate.cc
@@ -42,6 +42,8 @@
#include "chrome/common/chrome_constants.h"
#include "chrome/common/features.h"
#include "chrome/common/pref_names.h"
+#include "chrome/common/safe_browsing/file_type_policies.h"
+#include "chrome/grit/generated_resources.h"
#include "components/pref_registry/pref_registry_syncable.h"
#include "components/prefs/pref_member.h"
#include "components/prefs/pref_service.h"
@@ -51,6 +53,7 @@
#include "content/public/browser/page_navigator.h"
#include "net/base/filename_util.h"
#include "net/base/mime_util.h"
+#include "ui/base/l10n/l10n_util.h"
#if BUILDFLAG(ANDROID_JAVA_UI)
#include "chrome/browser/android/download/chrome_download_manager_overwrite_infobar_delegate.h"
@@ -432,6 +435,22 @@ void ChromeDownloadManagerDelegate::ChooseSavePath(
callback);
}
+void ChromeDownloadManagerDelegate::SanitizeSaveItemFilename(
+ base::FilePath* filename) {
+ safe_browsing::FileTypePolicies* file_type_policies =
+ safe_browsing::FileTypePolicies::GetInstance();
+ if (!file_type_policies)
Nathan Parker 2016/06/13 21:15:00 This shouldn't be necessary. The Singleton guaran
+ return;
+
+ if (file_type_policies->GetFileDangerLevel(*filename) ==
+ safe_browsing::DownloadFileType::NOT_DANGEROUS)
Nathan Parker 2016/06/13 21:15:00 So we're not actually checking with safe browsing
asanka 2016/06/14 21:24:07 Yeah. I was a bit on the fence about what to do wi
Nathan Parker 2016/06/15 00:01:21 While it's true that an archive can contain an exe
asanka 2016/06/16 18:35:16 On 2016/06/15 at 00:01:21, Nathan Parker wrote: [.
+ return;
+
+ base::FilePath::FilePath default_filename = base::FilePath::FromUTF8Unsafe(
+ l10n_util::GetStringUTF8(IDS_DEFAULT_DOWNLOAD_FILENAME));
+ *filename = filename->AddExtension(default_filename.BaseName().value());
+}
+
void ChromeDownloadManagerDelegate::OpenDownloadUsingPlatformHandler(
DownloadItem* download) {
base::FilePath platform_path(
« no previous file with comments | « chrome/browser/download/chrome_download_manager_delegate.h ('k') | chrome/browser/download/save_page_browsertest.cc » ('j') | content/browser/download/save_package.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698