Report and parse .img, .iso, and .smi as DMGs when downloading

These files are all opened by Disk Utility.

70% of this patch was written by research@nightwatchcybersecurity.com

BUG=596354

Review URL: https://codereview.chromium.org/1827303002

Cr-Commit-Position: refs/heads/master@{#383277}

3 files changed, 80 insertions, 4 deletions

diff --git a/chrome/browser/safe_browsing/download_protection_service.cc b/chrome/browser/safe_browsing/download_protection_service.cc
index 7a54644..6a1ff00 100644
--- a/chrome/browser/safe_browsing/download_protection_service.cc
+++ b/chrome/browser/safe_browsing/download_protection_service.cc
@@ -335,7 +335,13 @@ class DownloadProtectionService::CheckClientDownloadRequest
       StartExtractZipFeatures();
 #if defined(OS_MACOSX)
     } else if (item_->GetTargetFilePath().MatchesExtension(
-                  FILE_PATH_LITERAL(".dmg"))) {
+                   FILE_PATH_LITERAL(".dmg")) ||
+               item_->GetTargetFilePath().MatchesExtension(
+                   FILE_PATH_LITERAL(".img")) ||
+               item_->GetTargetFilePath().MatchesExtension(
+                   FILE_PATH_LITERAL(".iso")) ||
+               item_->GetTargetFilePath().MatchesExtension(
+                   FILE_PATH_LITERAL(".smi"))) {
       StartExtractDmgFeatures();
 #endif
     } else {
@@ -625,6 +631,8 @@ class DownloadProtectionService::CheckClientDownloadRequest
   }
 
 #if defined(OS_MACOSX)
+  // This is called for .DMGs and other files that can be parsed by
+  // SandboxedDMGAnalyzer.
   void StartExtractDmgFeatures() {
     DCHECK_CURRENTLY_ON(BrowserThread::UI);
     DCHECK(item_);
@@ -651,9 +659,26 @@ class DownloadProtectionService::CheckClientDownloadRequest
              << ", has_executable=" << results.has_executable
              << ", success=" << results.success;
 
-    UMA_HISTOGRAM_BOOLEAN("SBClientDownload.DmgFileSuccess", results.success);
-    UMA_HISTOGRAM_BOOLEAN("SBClientDownload.DmgFileHasExecutable",
-                          archived_executable_);
+    int uma_file_type =
+        download_protection_util::GetSBClientDownloadExtensionValueForUMA(
+            item_->GetTargetFilePath());
+
+    if (results.success) {
+      UMA_HISTOGRAM_SPARSE_SLOWLY("SBClientDownload.DmgFileSuccessByType",
+                                  uma_file_type);
+    } else {
+      UMA_HISTOGRAM_SPARSE_SLOWLY("SBClientDownload.DmgFileFailureByType",
+                                  uma_file_type);
+    }
+
+    if (archived_executable_) {
+      UMA_HISTOGRAM_SPARSE_SLOWLY("SBClientDownload.DmgFileHasExecutableByType",
+                                  uma_file_type);
+    } else {
+      UMA_HISTOGRAM_SPARSE_SLOWLY(
+          "SBClientDownload.DmgFileHasNoExecutableByType", uma_file_type);
+    }
+
     UMA_HISTOGRAM_TIMES("SBClientDownload.ExtractDmgFeaturesTime",
                         base::TimeTicks::Now() - dmg_analysis_start_time_);
 
diff --git a/chrome/common/safe_browsing/download_protection_util.cc b/chrome/common/safe_browsing/download_protection_util.cc
index 596f4fb..c90a9f4 100644
--- a/chrome/common/safe_browsing/download_protection_util.cc
+++ b/chrome/common/safe_browsing/download_protection_util.cc
@@ -268,6 +268,8 @@ enum SBClientDownloadExtensions {
   EXTENSION_RTF,
   EXTENSION_VHDX,
   EXTENSION_SEARCH_MS,
+  EXTENSION_IMG,
+  EXTENSION_SMI,
 
   // New values go above this one.
   EXTENSION_MAX
@@ -339,6 +341,7 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".hqx"), EXTENSION_HQX, true, true},
     {FILE_PATH_LITERAL(".hta"), EXTENSION_HTA, true, false},
     {FILE_PATH_LITERAL(".htt"), EXTENSION_HTT, true, false},
+    {FILE_PATH_LITERAL(".img"), EXTENSION_IMG, true, false},
     {FILE_PATH_LITERAL(".inf"), EXTENSION_INF, true, false},
     {FILE_PATH_LITERAL(".ini"), EXTENSION_INI, true, false},
     {FILE_PATH_LITERAL(".ins"), EXTENSION_INS, true, false},
@@ -474,6 +477,7 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".shb"), EXTENSION_SHB, true, false},
     {FILE_PATH_LITERAL(".shs"), EXTENSION_SHS, true, false},
     {FILE_PATH_LITERAL(".slp"), EXTENSION_SLP, true, true},
+    {FILE_PATH_LITERAL(".smi"), EXTENSION_SMI, true, false},
     {FILE_PATH_LITERAL(".spl"), EXTENSION_SPL, true, false},
     {FILE_PATH_LITERAL(".squashfs"), EXTENSION_SQUASHFS, true, true},
     {FILE_PATH_LITERAL(".svg"), EXTENSION_SVG, true, false},
@@ -592,7 +596,10 @@ ClientDownloadRequest::DownloadType GetDownloadType(
     // result of analyzing the ZIP file.
     return ClientDownloadRequest::ZIPPED_EXECUTABLE;
   else if (file.MatchesExtension(FILE_PATH_LITERAL(".dmg")) ||
+           file.MatchesExtension(FILE_PATH_LITERAL(".img")) ||
+           file.MatchesExtension(FILE_PATH_LITERAL(".iso")) ||
            file.MatchesExtension(FILE_PATH_LITERAL(".pkg")) ||
+           file.MatchesExtension(FILE_PATH_LITERAL(".smi")) ||
            file.MatchesExtension(FILE_PATH_LITERAL(".osx")) ||
            file.MatchesExtension(FILE_PATH_LITERAL(".app")))
     return ClientDownloadRequest::MAC_EXECUTABLE;
diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
index 50a4aef..f39dc79 100644
--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -43782,16 +43782,49 @@ http://cs/file:chrome/histograms.xml - but prefer this file for new entries.
   </summary>
 </histogram>
 
+<histogram name="SBClientDownload.DmgFileFailureByType"
+    enum="SBClientDownloadExtensions">
+  <owner>nparker@chromium.org</owner>
+  <summary>
+    Counts of DMG-like file types that failed to be successfully analyzed by the
+    SafeBrowsing download service.
+  </summary>
+</histogram>
+
 <histogram name="SBClientDownload.DmgFileHasExecutable" enum="Boolean">
   <owner>rsesek@chromium.org</owner>
+  <obsolete>
+    Replaced by SBClientDownload.DmgFileHas[No]ExecutableByType in M51.
+  </obsolete>
   <summary>
     For each DMG file analyzed by the SafeBrowsing download service, records if
     the DMG contained an executable file.
   </summary>
 </histogram>
 
+<histogram name="SBClientDownload.DmgFileHasExecutableByType"
+    enum="SBClientDownloadExtensions">
+  <owner>nparker@chromium.org</owner>
+  <summary>
+    Counts of DMG-like file types which were analyzed by the SafeBrowsing
+    download service that contained an executable file.
+  </summary>
+</histogram>
+
+<histogram name="SBClientDownload.DmgFileHasNoExecutableByType"
+    enum="SBClientDownloadExtensions">
+  <owner>nparker@chromium.org</owner>
+  <summary>
+    Counts of DMG-like file types which were analyzed by the SafeBrowsing
+    download service that did NOT contain an executable file.
+  </summary>
+</histogram>
+
 <histogram name="SBClientDownload.DmgFileSuccess" enum="BooleanSuccess">
   <owner>rsesek@chromium.org</owner>
+  <obsolete>
+    Replaced by SBClientDownload.DmgFile{Success,Failure}ByType in M51.
+  </obsolete>
   <summary>
     For each DMG file analyzed by the SafeBrowsing download service, records
     true if the analysis was successful, or false if there was an error
@@ -43799,6 +43832,15 @@ http://cs/file:chrome/histograms.xml - but prefer this file for new entries.
   </summary>
 </histogram>
 
+<histogram name="SBClientDownload.DmgFileSuccessByType"
+    enum="SBClientDownloadExtensions">
+  <owner>nparker@chromium.org</owner>
+  <summary>
+    Counts of DMG-like file types that were successfully analyzed by the
+    SafeBrowsing download service.
+  </summary>
+</histogram>
+
 <histogram name="SBClientDownload.DownloadExtensions"
     enum="SBClientDownloadExtensions">
   <owner>mattm@chromium.org</owner>
@@ -80352,6 +80394,8 @@ To add a new entry, add it with any value and run test to compute valid value.
   <int value="244" label="RTF"/>
   <int value="245" label="VHDX"/>
   <int value="246" label="SEARCH_MS"/>
+  <int value="247" label="IMG"/>
+  <int value="248" label="SMI"/>
 </enum>
 
 <enum name="SBClientDownloadIsSignedBinary" type="int">