| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <shlobj.h> | |
| 6 #include <shobjidl.h> | |
| 7 | |
| 8 #include "content/browser/safe_util_win.h" | |
| 9 | |
| 10 #include "base/files/file_path.h" | |
| 11 #include "base/logging.h" | |
| 12 #include "base/path_service.h" | |
| 13 #include "base/strings/string_util.h" | |
| 14 #include "base/strings/utf_string_conversions.h" | |
| 15 #include "base/win/scoped_comptr.h" | |
| 16 #include "ui/base/win/shell.h" | |
| 17 #include "url/gurl.h" | |
| 18 | |
| 19 namespace content { | |
| 20 namespace { | |
| 21 | |
| 22 // This GUID is associated with any 'don't ask me again' settings that the | |
| 23 // user can select for different file types. | |
| 24 // {2676A9A2-D919-4fee-9187-152100393AB2} | |
| 25 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee, | |
| 26 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } }; | |
| 27 | |
| 28 // Sets the Zone Identifier on the file to "Internet" (3). Returns true if the | |
| 29 // function succeeds, false otherwise. A failure is expected on system where | |
| 30 // the Zone Identifier is not supported, like a machine with a FAT32 filesystem. | |
| 31 // This function does not invoke Windows Attachment Execution Services. | |
| 32 // | |
| 33 // |full_path| is the path to the downloaded file. | |
| 34 bool SetInternetZoneIdentifierDirectly(const base::FilePath& full_path) { | |
| 35 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; | |
| 36 std::wstring path = full_path.value() + L":Zone.Identifier"; | |
| 37 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL, | |
| 38 OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); | |
| 39 if (INVALID_HANDLE_VALUE == file) | |
| 40 return false; | |
| 41 | |
| 42 static const char kIdentifier[] = "[ZoneTransfer]\r\nZoneId=3\r\n"; | |
| 43 // Don't include trailing null in data written. | |
| 44 static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1; | |
| 45 DWORD written = 0; | |
| 46 BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written, NULL); | |
| 47 BOOL flush_result = FlushFileBuffers(file); | |
| 48 CloseHandle(file); | |
| 49 | |
| 50 if (!result || !flush_result || written != kIdentifierSize) { | |
| 51 NOTREACHED(); | |
| 52 return false; | |
| 53 } | |
| 54 | |
| 55 return true; | |
| 56 } | |
| 57 | |
| 58 } | |
| 59 | |
| 60 // This function implementation is based on the attachment execution | |
| 61 // services functionally deployed with IE6 or Service pack 2. This | |
| 62 // functionality is exposed in the IAttachmentExecute COM interface. | |
| 63 // more information at: | |
| 64 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx | |
| 65 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title, | |
| 66 const base::FilePath& full_path, | |
| 67 const std::wstring& source_url) { | |
| 68 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; | |
| 69 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); | |
| 70 if (FAILED(hr)) { | |
| 71 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 | |
| 72 // Windows installation, or the thread does not have COM initialized. | |
| 73 if (hr == CO_E_NOTINITIALIZED) { | |
| 74 NOTREACHED(); | |
| 75 return false; | |
| 76 } | |
| 77 return ui::win::OpenItemViaShell(full_path); | |
| 78 } | |
| 79 | |
| 80 attachment_services->SetClientGuid(kClientID); | |
| 81 | |
| 82 if (!window_title.empty()) | |
| 83 attachment_services->SetClientTitle(window_title.c_str()); | |
| 84 | |
| 85 // To help windows decide if the downloaded file is dangerous we can provide | |
| 86 // what the documentation calls evidence. Which we provide now: | |
| 87 // | |
| 88 // Set the file itself as evidence. | |
| 89 hr = attachment_services->SetLocalPath(full_path.value().c_str()); | |
| 90 if (FAILED(hr)) | |
| 91 return false; | |
| 92 // Set the origin URL as evidence. | |
| 93 hr = attachment_services->SetSource(source_url.c_str()); | |
| 94 if (FAILED(hr)) | |
| 95 return false; | |
| 96 | |
| 97 // Now check the windows policy. | |
| 98 if (attachment_services->CheckPolicy() != S_OK) { | |
| 99 // It is possible that the above call returns an undocumented result | |
| 100 // equal to 0x800c000e which seems to indicate that the URL failed the | |
| 101 // the security check. If you proceed with the Prompt() call the | |
| 102 // Shell might show a dialog that says: | |
| 103 // "windows found that this file is potentially harmful. To help protect | |
| 104 // your computer, Windows has blocked access to this file." | |
| 105 // Upon dismissal of the dialog windows will delete the file (!!). | |
| 106 // So, we can 'return' in that case but maybe is best to let it happen to | |
| 107 // fail on the safe side. | |
| 108 | |
| 109 ATTACHMENT_ACTION action; | |
| 110 // We cannot control what the prompt says or does directly but it | |
| 111 // is a pretty decent dialog; for example, if an executable is signed it can | |
| 112 // decode and show the publisher and the certificate. | |
| 113 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action); | |
| 114 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) { | |
| 115 // The user has declined opening the item. | |
| 116 return false; | |
| 117 } | |
| 118 } | |
| 119 return ui::win::OpenItemViaShellNoZoneCheck(full_path); | |
| 120 } | |
| 121 | |
| 122 HRESULT ScanAndSaveDownloadedFile(const base::FilePath& full_path, | |
| 123 const GURL& source_url) { | |
| 124 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; | |
| 125 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); | |
| 126 | |
| 127 if (FAILED(hr)) { | |
| 128 // The thread must have COM initialized. | |
| 129 DCHECK_NE(CO_E_NOTINITIALIZED, hr); | |
| 130 | |
| 131 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 | |
| 132 // Windows installation, or the thread does not have COM initialized. Try to | |
| 133 // set the zone information directly. Failure is not considered an error. | |
| 134 SetInternetZoneIdentifierDirectly(full_path); | |
| 135 return hr; | |
| 136 } | |
| 137 | |
| 138 hr = attachment_services->SetClientGuid(kClientID); | |
| 139 if (FAILED(hr)) | |
| 140 return hr; | |
| 141 | |
| 142 hr = attachment_services->SetLocalPath(full_path.value().c_str()); | |
| 143 if (FAILED(hr)) | |
| 144 return hr; | |
| 145 | |
| 146 hr = attachment_services->SetSource(UTF8ToWide(source_url.spec()).c_str()); | |
| 147 if (FAILED(hr)) | |
| 148 return hr; | |
| 149 | |
| 150 // A failure in the Save() call below could result in the downloaded file | |
| 151 // being deleted. | |
| 152 return attachment_services->Save(); | |
| 153 } | |
| 154 | |
| 155 } // namespace content | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 21355004:
[Downloads] Move client guid for AV scanning of downloaded files to chrome/ (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src