diff options
| author | tc@google.com <tc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-06 19:04:39 +0000 |
|---|---|---|
| committer | tc@google.com <tc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-06 19:04:39 +0000 |
| commit | 763f946a53f6a4e8b94b0ae2db51af77af6f1c94 (patch) | |
| tree | 2b6ae29723c28ec22a9bf0ba9c4cdf262078d188 /chrome/browser/download/download_manager_unittest.cc | |
| parent | 79dde56048aa6b128787550529d5d14d9284d997 (diff) | |
| download | chromium_src-763f946a53f6a4e8b94b0ae2db51af77af6f1c94.zip chromium_src-763f946a53f6a4e8b94b0ae2db51af77af6f1c94.tar.gz chromium_src-763f946a53f6a4e8b94b0ae2db51af77af6f1c94.tar.bz2 | |
Prevent files saved via the "Save as..." page menu item from
being named maliciously. This is mainly copying some code from
the download manager because it seems like a pretty large task to
refactor the save-as code right now.
Here's a demo page:
http://ponderer.org/tests/title-with-.exe.html
Clean up the naming convention of register prefs for the
safe browsing service to make it more like the other
register methods.
Review URL: http://codereview.chromium.org/16523
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7595 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/download/download_manager_unittest.cc')
| -rw-r--r-- | chrome/browser/download/download_manager_unittest.cc | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/chrome/browser/download/download_manager_unittest.cc b/chrome/browser/download/download_manager_unittest.cc index d7648b9..21190eed 100644 --- a/chrome/browser/download/download_manager_unittest.cc +++ b/chrome/browser/download/download_manager_unittest.cc @@ -34,7 +34,9 @@ class DownloadManagerTest : public testing::Test { DISALLOW_EVIL_CONSTRUCTORS(DownloadManagerTest); }; -static const struct { +namespace { + +const struct { const char* disposition; const wchar_t* url; const char* mime_type; @@ -310,6 +312,8 @@ static const struct { // TODO(darin): Add some raw 8-bit Content-Disposition tests. }; +} // namespace + // Tests to ensure that the file names we generate from hints from the server // (content-disposition, URL name, etc) don't cause security holes. TEST_F(DownloadManagerTest, TestDownloadFilename) { @@ -323,3 +327,56 @@ TEST_F(DownloadManagerTest, TestDownloadFilename) { } } +namespace { + +const struct { + const wchar_t* path; + const char* mime_type; + const wchar_t* expected_path; +} kSafeFilenameCases[] = { + { L"C:\\foo\\bar.htm", + "text/html", + L"C:\\foo\\bar.htm" }, + { L"C:\\foo\\bar.html", + "text/html", + L"C:\\foo\\bar.html" }, + { L"C:\\foo\\bar", + "text/html", + L"C:\\foo\\bar.htm" }, + + { L"C:\\bar.html", + "image/png", + L"C:\\bar.png" }, + { L"C:\\bar", + "image/png", + L"C:\\bar.png" }, + + { L"C:\\foo\\bar.exe", + "text/html", + L"C:\\foo\\bar.htm" }, + { L"C:\\foo\\bar.exe", + "image/gif", + L"C:\\foo\\bar.gif" }, + + { L"C:\\foo\\google.com", + "text/html", + L"C:\\foo\\google.htm" }, + + { L"C:\\foo\\con.htm", + "text/html", + L"C:\\foo\\_con.htm" }, + { L"C:\\foo\\con", + "text/html", + L"C:\\foo\\_con.htm" }, +}; + +} // namespace + +TEST_F(DownloadManagerTest, GetSafeFilename) { + for (int i = 0; i < arraysize(kSafeFilenameCases); ++i) { + std::wstring path(kSafeFilenameCases[i].path); + download_manager_->GenerateSafeFilename(kSafeFilenameCases[i].mime_type, + &path); + EXPECT_EQ(kSafeFilenameCases[i].expected_path, path); + } +} |