diff options
| author | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-06 23:49:13 +0000 |
|---|---|---|
| committer | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-06 23:49:13 +0000 |
| commit | cd448093b26be45c8e32696a83dc0bbd5504eb22 (patch) | |
| tree | d6071377e41bdb80efba231c0cf8fa90b4ad7f49 /chrome/browser/download/download_extensions.h | |
| parent | 1d11be7dc39b207e0ab43508771b2ffd1d205e07 (diff) | |
| download | chromium_src-cd448093b26be45c8e32696a83dc0bbd5504eb22.zip chromium_src-cd448093b26be45c8e32696a83dc0bbd5504eb22.tar.gz chromium_src-cd448093b26be45c8e32696a83dc0bbd5504eb22.tar.bz2 | |
Modify the "dangerous download" algorithm as follows. Original patch by Pierre-Antoine LaFayette (see http://codereview.chromium.org/1403001/ ), r=me,brettw,aa.
Downloads are considered dangerous if:
a) The file is dangerous just by sitting on the drive, without needing to be clicked on e.g. dll, xbap
b) The file is executable and the download was not user initiated.
c) They are an extension that is not from the gallery
We have defined a user initiated download as 3 possible cases:
a) A user enters a URL into the address bar that is a file
b) A user left clicks on a URL that is a file
c) A user right clicks and does "Save As" on a URL that is a file.
BUG=9044
TEST=Open a page with a download link to a dangerous file that is not an extension, e.g. an .exe file, and left click on the link. The download should proceed without a prompt.
Review URL: http://codereview.chromium.org/5603008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68406 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/download/download_extensions.h')
| -rw-r--r-- | chrome/browser/download/download_extensions.h | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/chrome/browser/download/download_extensions.h b/chrome/browser/download/download_extensions.h new file mode 100644 index 0000000..3a7c557 --- /dev/null +++ b/chrome/browser/download/download_extensions.h @@ -0,0 +1,39 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_BROWSER_DOWNLOAD_DOWNLOAD_EXTENSIONS_H_ +#define CHROME_BROWSER_DOWNLOAD_DOWNLOAD_EXTENSIONS_H_ +#pragma once + +#include <string> + +#include "base/file_path.h" + +namespace download_util { + +enum DownloadDangerLevel { + NotDangerous, + AllowOnUserGesture, + Dangerous +}; + +// Determine the download danger level of a file. +DownloadDangerLevel GetFileDangerLevel(const FilePath& path); + +// Determine the download danger level using a file extension. +DownloadDangerLevel GetFileExtensionDangerLevel( + const FilePath::StringType& extension); + +// True if the download danger level of the file is NotDangerous. +bool IsFileSafe(const FilePath& path); + +// True if the download danger level of the extension is NotDangerous. +bool IsFileExtensionSafe(const FilePath::StringType& extension); + +// Tests if we think the server means for this mime_type to be executable. +bool IsExecutableMimeType(const std::string& mime_type); + +} // namespace download_util + +#endif // CHROME_BROWSER_DOWNLOAD_DOWNLOAD_EXTENSIONS_H_ |