diff options
Diffstat (limited to 'net/base/filename_util_unittest.cc')
| -rw-r--r-- | net/base/filename_util_unittest.cc | 1652 |
1 files changed, 1652 insertions, 0 deletions
diff --git a/net/base/filename_util_unittest.cc b/net/base/filename_util_unittest.cc new file mode 100644 index 0000000..701e772 --- /dev/null +++ b/net/base/filename_util_unittest.cc @@ -0,0 +1,1652 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/filename_util.h" + +#include "base/file_util.h" +#include "base/files/file_path.h" +#include "base/strings/string_util.h" +#include "base/strings/utf_string_conversions.h" +#include "base/test/test_file_util.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" + +namespace net { + +namespace { + +struct FileCase { + const wchar_t* file; + const char* url; +}; + +struct GenerateFilenameCase { + int lineno; + const char* url; + const char* content_disp_header; + const char* referrer_charset; + const char* suggested_filename; + const char* mime_type; + const wchar_t* default_filename; + const wchar_t* expected_filename; +}; + +void RunGenerateFileNameTestCase(const GenerateFilenameCase* test_case) { + std::string default_filename(base::WideToUTF8(test_case->default_filename)); + base::FilePath file_path = GenerateFileName( + GURL(test_case->url), test_case->content_disp_header, + test_case->referrer_charset, test_case->suggested_filename, + test_case->mime_type, default_filename); + EXPECT_EQ(test_case->expected_filename, + file_util::FilePathAsWString(file_path)) + << "test case at line number: " << test_case->lineno; +} + +} // namespace + +static const base::FilePath::CharType* kSafePortableBasenames[] = { + FILE_PATH_LITERAL("a"), + FILE_PATH_LITERAL("a.txt"), + FILE_PATH_LITERAL("a b.txt"), + FILE_PATH_LITERAL("a-b.txt"), + FILE_PATH_LITERAL("My Computer"), + FILE_PATH_LITERAL(" Computer"), +}; + +static const base::FilePath::CharType* kUnsafePortableBasenames[] = { + FILE_PATH_LITERAL(""), + FILE_PATH_LITERAL("."), + FILE_PATH_LITERAL(".."), + FILE_PATH_LITERAL("..."), + FILE_PATH_LITERAL("con"), + FILE_PATH_LITERAL("con.zip"), + FILE_PATH_LITERAL("NUL"), + FILE_PATH_LITERAL("NUL.zip"), + FILE_PATH_LITERAL(".a"), + FILE_PATH_LITERAL("a."), + FILE_PATH_LITERAL("a\"a"), + FILE_PATH_LITERAL("a<a"), + FILE_PATH_LITERAL("a>a"), + FILE_PATH_LITERAL("a?a"), + FILE_PATH_LITERAL("a/"), + FILE_PATH_LITERAL("a\\"), + FILE_PATH_LITERAL("a "), + FILE_PATH_LITERAL("a . ."), + FILE_PATH_LITERAL("My Computer.{a}"), + FILE_PATH_LITERAL("My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}"), +#if !defined(OS_WIN) + FILE_PATH_LITERAL("a\\a"), +#endif +}; + +static const base::FilePath::CharType* kSafePortableRelativePaths[] = { + FILE_PATH_LITERAL("a/a"), +#if defined(OS_WIN) + FILE_PATH_LITERAL("a\\a"), +#endif +}; + +TEST(FilenameUtilTest, IsSafePortablePathComponent) { + for (size_t i = 0 ; i < arraysize(kSafePortableBasenames); ++i) { + EXPECT_TRUE(IsSafePortablePathComponent(base::FilePath( + kSafePortableBasenames[i]))) << kSafePortableBasenames[i]; + } + for (size_t i = 0 ; i < arraysize(kUnsafePortableBasenames); ++i) { + EXPECT_FALSE(IsSafePortablePathComponent(base::FilePath( + kUnsafePortableBasenames[i]))) << kUnsafePortableBasenames[i]; + } + for (size_t i = 0 ; i < arraysize(kSafePortableRelativePaths); ++i) { + EXPECT_FALSE(IsSafePortablePathComponent(base::FilePath( + kSafePortableRelativePaths[i]))) << kSafePortableRelativePaths[i]; + } +} + +TEST(FilenameUtilTest, IsSafePortableRelativePath) { + base::FilePath safe_dirname(FILE_PATH_LITERAL("a")); + for (size_t i = 0 ; i < arraysize(kSafePortableBasenames); ++i) { + EXPECT_TRUE(IsSafePortableRelativePath(base::FilePath( + kSafePortableBasenames[i]))) << kSafePortableBasenames[i]; + EXPECT_TRUE(IsSafePortableRelativePath(safe_dirname.Append(base::FilePath( + kSafePortableBasenames[i])))) << kSafePortableBasenames[i]; + } + for (size_t i = 0 ; i < arraysize(kSafePortableRelativePaths); ++i) { + EXPECT_TRUE(IsSafePortableRelativePath(base::FilePath( + kSafePortableRelativePaths[i]))) << kSafePortableRelativePaths[i]; + EXPECT_TRUE(IsSafePortableRelativePath(safe_dirname.Append(base::FilePath( + kSafePortableRelativePaths[i])))) << kSafePortableRelativePaths[i]; + } + for (size_t i = 0 ; i < arraysize(kUnsafePortableBasenames); ++i) { + EXPECT_FALSE(IsSafePortableRelativePath(base::FilePath( + kUnsafePortableBasenames[i]))) << kUnsafePortableBasenames[i]; + if (!base::FilePath::StringType(kUnsafePortableBasenames[i]).empty()) { + EXPECT_FALSE(IsSafePortableRelativePath(safe_dirname.Append( + base::FilePath(kUnsafePortableBasenames[i])))) + << kUnsafePortableBasenames[i]; + } + } +} + +TEST(FilenameUtilTest, FileURLConversion) { + // a list of test file names and the corresponding URLs + const FileCase round_trip_cases[] = { +#if defined(OS_WIN) + {L"C:\\foo\\bar.txt", "file:///C:/foo/bar.txt"}, + {L"\\\\some computer\\foo\\bar.txt", + "file://some%20computer/foo/bar.txt"}, // UNC + {L"D:\\Name;with%some symbols*#", + "file:///D:/Name%3Bwith%25some%20symbols*%23"}, + // issue 14153: To be tested with the OS default codepage other than 1252. + {L"D:\\latin1\\caf\x00E9\x00DD.txt", + "file:///D:/latin1/caf%C3%A9%C3%9D.txt"}, + {L"D:\\otherlatin\\caf\x0119.txt", + "file:///D:/otherlatin/caf%C4%99.txt"}, + {L"D:\\greek\\\x03B1\x03B2\x03B3.txt", + "file:///D:/greek/%CE%B1%CE%B2%CE%B3.txt"}, + {L"D:\\Chinese\\\x6240\x6709\x4e2d\x6587\x7f51\x9875.doc", + "file:///D:/Chinese/%E6%89%80%E6%9C%89%E4%B8%AD%E6%96%87%E7%BD%91" + "%E9%A1%B5.doc"}, + {L"D:\\plane1\\\xD835\xDC00\xD835\xDC01.txt", // Math alphabet "AB" + "file:///D:/plane1/%F0%9D%90%80%F0%9D%90%81.txt"}, +#elif defined(OS_POSIX) + {L"/foo/bar.txt", "file:///foo/bar.txt"}, + {L"/foo/BAR.txt", "file:///foo/BAR.txt"}, + {L"/C:/foo/bar.txt", "file:///C:/foo/bar.txt"}, + {L"/foo/bar?.txt", "file:///foo/bar%3F.txt"}, + {L"/some computer/foo/bar.txt", "file:///some%20computer/foo/bar.txt"}, + {L"/Name;with%some symbols*#", "file:///Name%3Bwith%25some%20symbols*%23"}, + {L"/latin1/caf\x00E9\x00DD.txt", "file:///latin1/caf%C3%A9%C3%9D.txt"}, + {L"/otherlatin/caf\x0119.txt", "file:///otherlatin/caf%C4%99.txt"}, + {L"/greek/\x03B1\x03B2\x03B3.txt", "file:///greek/%CE%B1%CE%B2%CE%B3.txt"}, + {L"/Chinese/\x6240\x6709\x4e2d\x6587\x7f51\x9875.doc", + "file:///Chinese/%E6%89%80%E6%9C%89%E4%B8%AD%E6%96%87%E7%BD" + "%91%E9%A1%B5.doc"}, + {L"/plane1/\x1D400\x1D401.txt", // Math alphabet "AB" + "file:///plane1/%F0%9D%90%80%F0%9D%90%81.txt"}, +#endif + }; + + // First, we'll test that we can round-trip all of the above cases of URLs + base::FilePath output; + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(round_trip_cases); i++) { + // convert to the file URL + GURL file_url(FilePathToFileURL( + file_util::WStringAsFilePath(round_trip_cases[i].file))); + EXPECT_EQ(round_trip_cases[i].url, file_url.spec()); + + // Back to the filename. + EXPECT_TRUE(FileURLToFilePath(file_url, &output)); + EXPECT_EQ(round_trip_cases[i].file, file_util::FilePathAsWString(output)); + } + + // Test that various file: URLs get decoded into the correct file type + FileCase url_cases[] = { +#if defined(OS_WIN) + {L"C:\\foo\\bar.txt", "file:c|/foo\\bar.txt"}, + {L"C:\\foo\\bar.txt", "file:/c:/foo/bar.txt"}, + {L"\\\\foo\\bar.txt", "file://foo\\bar.txt"}, + {L"C:\\foo\\bar.txt", "file:///c:/foo/bar.txt"}, + {L"\\\\foo\\bar.txt", "file:////foo\\bar.txt"}, + {L"\\\\foo\\bar.txt", "file:/foo/bar.txt"}, + {L"\\\\foo\\bar.txt", "file://foo\\bar.txt"}, + {L"C:\\foo\\bar.txt", "file:\\\\\\c:/foo/bar.txt"}, +#elif defined(OS_POSIX) + {L"/c:/foo/bar.txt", "file:/c:/foo/bar.txt"}, + {L"/c:/foo/bar.txt", "file:///c:/foo/bar.txt"}, + {L"/foo/bar.txt", "file:/foo/bar.txt"}, + {L"/c:/foo/bar.txt", "file:\\\\\\c:/foo/bar.txt"}, + {L"/foo/bar.txt", "file:foo/bar.txt"}, + {L"/bar.txt", "file://foo/bar.txt"}, + {L"/foo/bar.txt", "file:///foo/bar.txt"}, + {L"/foo/bar.txt", "file:////foo/bar.txt"}, + {L"/foo/bar.txt", "file:////foo//bar.txt"}, + {L"/foo/bar.txt", "file:////foo///bar.txt"}, + {L"/foo/bar.txt", "file:////foo////bar.txt"}, + {L"/c:/foo/bar.txt", "file:\\\\\\c:/foo/bar.txt"}, + {L"/c:/foo/bar.txt", "file:c:/foo/bar.txt"}, + // We get these wrong because GURL turns back slashes into forward + // slashes. + //{L"/foo%5Cbar.txt", "file://foo\\bar.txt"}, + //{L"/c|/foo%5Cbar.txt", "file:c|/foo\\bar.txt"}, + //{L"/foo%5Cbar.txt", "file://foo\\bar.txt"}, + //{L"/foo%5Cbar.txt", "file:////foo\\bar.txt"}, + //{L"/foo%5Cbar.txt", "file://foo\\bar.txt"}, +#endif + }; + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(url_cases); i++) { + FileURLToFilePath(GURL(url_cases[i].url), &output); + EXPECT_EQ(url_cases[i].file, file_util::FilePathAsWString(output)); + } + + // Unfortunately, UTF8ToWide discards invalid UTF8 input. +#ifdef BUG_878908_IS_FIXED + // Test that no conversion happens if the UTF-8 input is invalid, and that + // the input is preserved in UTF-8 + const char invalid_utf8[] = "file:///d:/Blah/\xff.doc"; + const wchar_t invalid_wide[] = L"D:\\Blah\\\xff.doc"; + EXPECT_TRUE(FileURLToFilePath( + GURL(std::string(invalid_utf8)), &output)); + EXPECT_EQ(std::wstring(invalid_wide), output); +#endif + + // Test that if a file URL is malformed, we get a failure + EXPECT_FALSE(FileURLToFilePath(GURL("filefoobar"), &output)); +} + +#if defined(OS_WIN) +#define JPEG_EXT L".jpg" +#define HTML_EXT L".htm" +#elif defined(OS_MACOSX) +#define JPEG_EXT L".jpeg" +#define HTML_EXT L".html" +#else +#define JPEG_EXT L".jpg" +#define HTML_EXT L".html" +#endif +#define TXT_EXT L".txt" +#define TAR_EXT L".tar" + +TEST(FilenameUtilTest, GenerateSafeFileName) { + const struct { + const char* mime_type; + const base::FilePath::CharType* filename; + const base::FilePath::CharType* expected_filename; + } safe_tests[] = { +#if defined(OS_WIN) + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\bar.htm"), + FILE_PATH_LITERAL("C:\\foo\\bar.htm") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\bar.html"), + FILE_PATH_LITERAL("C:\\foo\\bar.html") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\bar"), + FILE_PATH_LITERAL("C:\\foo\\bar.htm") + }, + { + "image/png", + FILE_PATH_LITERAL("C:\\bar.html"), + FILE_PATH_LITERAL("C:\\bar.html") + }, + { + "image/png", + FILE_PATH_LITERAL("C:\\bar"), + FILE_PATH_LITERAL("C:\\bar.png") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\bar.exe"), + FILE_PATH_LITERAL("C:\\foo\\bar.exe") + }, + { + "image/gif", + FILE_PATH_LITERAL("C:\\foo\\bar.exe"), + FILE_PATH_LITERAL("C:\\foo\\bar.exe") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\google.com"), + FILE_PATH_LITERAL("C:\\foo\\google.com") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\con.htm"), + FILE_PATH_LITERAL("C:\\foo\\_con.htm") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\con"), + FILE_PATH_LITERAL("C:\\foo\\_con.htm") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\harmless.{not-really-this-may-be-a-guid}"), + FILE_PATH_LITERAL("C:\\foo\\harmless.download") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\harmless.local"), + FILE_PATH_LITERAL("C:\\foo\\harmless.download") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\harmless.lnk"), + FILE_PATH_LITERAL("C:\\foo\\harmless.download") + }, + { + "text/html", + FILE_PATH_LITERAL("C:\\foo\\harmless.{mismatched-"), + FILE_PATH_LITERAL("C:\\foo\\harmless.{mismatched-") + }, + // Allow extension synonyms. + { + "image/jpeg", + FILE_PATH_LITERAL("C:\\foo\\bar.jpg"), + FILE_PATH_LITERAL("C:\\foo\\bar.jpg") + }, + { + "image/jpeg", + FILE_PATH_LITERAL("C:\\foo\\bar.jpeg"), + FILE_PATH_LITERAL("C:\\foo\\bar.jpeg") + }, +#else // !defined(OS_WIN) + { + "text/html", + FILE_PATH_LITERAL("/foo/bar.htm"), + FILE_PATH_LITERAL("/foo/bar.htm") + }, + { + "text/html", + FILE_PATH_LITERAL("/foo/bar.html"), + FILE_PATH_LITERAL("/foo/bar.html") + }, + { + "text/html", + FILE_PATH_LITERAL("/foo/bar"), + FILE_PATH_LITERAL("/foo/bar.html") + }, + { + "image/png", + FILE_PATH_LITERAL("/bar.html"), + FILE_PATH_LITERAL("/bar.html") + }, + { + "image/png", + FILE_PATH_LITERAL("/bar"), + FILE_PATH_LITERAL("/bar.png") + }, + { + "image/gif", + FILE_PATH_LITERAL("/foo/bar.exe"), + FILE_PATH_LITERAL("/foo/bar.exe") + }, + { + "text/html", + FILE_PATH_LITERAL("/foo/google.com"), + FILE_PATH_LITERAL("/foo/google.com") + }, + { + "text/html", + FILE_PATH_LITERAL("/foo/con.htm"), + FILE_PATH_LITERAL("/foo/con.htm") + }, + { + "text/html", + FILE_PATH_LITERAL("/foo/con"), + FILE_PATH_LITERAL("/foo/con.html") + }, + // Allow extension synonyms. + { + "image/jpeg", + FILE_PATH_LITERAL("/bar.jpg"), + FILE_PATH_LITERAL("/bar.jpg") + }, + { + "image/jpeg", + FILE_PATH_LITERAL("/bar.jpeg"), + FILE_PATH_LITERAL("/bar.jpeg") + }, +#endif // !defined(OS_WIN) + }; + + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(safe_tests); ++i) { + base::FilePath file_path(safe_tests[i].filename); + GenerateSafeFileName(safe_tests[i].mime_type, false, &file_path); + EXPECT_EQ(safe_tests[i].expected_filename, file_path.value()) + << "Iteration " << i; + } +} + +TEST(FilenameUtilTest, GenerateFileName) { +#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) + // This test doesn't run when the locale is not UTF-8 because some of the + // string conversions fail. This is OK (we have the default value) but they + // don't match our expectations. + std::string locale = setlocale(LC_CTYPE, NULL); + StringToLowerASCII(&locale); + EXPECT_TRUE(locale.find("utf-8") != std::string::npos || + locale.find("utf8") != std::string::npos) + << "Your locale (" << locale << ") must be set to UTF-8 " + << "for this test to pass!"; +#endif + + // Tests whether the correct filename is selected from the the given + // parameters and that Content-Disposition headers are properly + // handled including failovers when the header is malformed. + const GenerateFilenameCase selection_tests[] = { + { + __LINE__, + "http://www.google.com/", + "attachment; filename=test.html", + "", + "", + "", + L"", + L"test.html" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"test.html\"", + "", + "", + "", + L"", + L"test.html" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename= \"test.html\"", + "", + "", + "", + L"", + L"test.html" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename = \"test.html\"", + "", + "", + "", + L"", + L"test.html" + }, + { // filename is whitespace. Should failover to URL host + __LINE__, + "http://www.google.com/", + "attachment; filename= ", + "", + "", + "", + L"", + L"www.google.com" + }, + { // No filename. + __LINE__, + "http://www.google.com/path/test.html", + "attachment", + "", + "", + "", + L"", + L"test.html" + }, + { // Ditto + __LINE__, + "http://www.google.com/path/test.html", + "attachment;", + "", + "", + "", + L"", + L"test.html" + }, + { // No C-D + __LINE__, + "http://www.google.com/", + "", + "", + "", + "", + L"", + L"www.google.com" + }, + { + __LINE__, + "http://www.google.com/test.html", + "", + "", + "", + "", + L"", + L"test.html" + }, + { // Now that we use src/url's ExtractFileName, this case falls back to + // the hostname. If this behavior is not desirable, we'd better change + // ExtractFileName (in url_parse). + __LINE__, + "http://www.google.com/path/", + "", + "", + "", + "", + L"", + L"www.google.com" + }, + { + __LINE__, + "http://www.google.com/path", + "", + "", + "", + "", + L"", + L"path" + }, + { + __LINE__, + "file:///", + "", + "", + "", + "", + L"", + L"download" + }, + { + __LINE__, + "file:///path/testfile", + "", + "", + "", + "", + L"", + L"testfile" + }, + { + __LINE__, + "non-standard-scheme:", + "", + "", + "", + "", + L"", + L"download" + }, + { // C-D should override default + __LINE__, + "http://www.google.com/", + "attachment; filename =\"test.html\"", + "", + "", + "", + L"download", + L"test.html" + }, + { // But the URL shouldn't + __LINE__, + "http://www.google.com/", + "", + "", + "", + "", + L"download", + L"download" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"../test.html\"", + "", + "", + "", + L"", + L"-test.html" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"..\\test.html\"", + "", + "", + "", + L"", + L"test.html" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"..\\\\test.html\"", + "", + "", + "", + L"", + L"-test.html" + }, + { // Filename disappears after leading and trailing periods are removed. + __LINE__, + "http://www.google.com/", + "attachment; filename=\"..\"", + "", + "", + "", + L"default", + L"default" + }, + { // C-D specified filename disappears. Failover to final filename. + __LINE__, + "http://www.google.com/test.html", + "attachment; filename=\"..\"", + "", + "", + "", + L"default", + L"default" + }, + // Below is a small subset of cases taken from HttpContentDisposition tests. + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"%EC%98%88%EC%88%A0%20" + "%EC%98%88%EC%88%A0.jpg\"", + "", + "", + "", + L"", + L"\uc608\uc220 \uc608\uc220.jpg" + }, + { + __LINE__, + "http://www.google.com/%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg", + "", + "", + "", + "", + L"download", + L"\uc608\uc220 \uc608\uc220.jpg" + }, + { + __LINE__, + "http://www.google.com/", + "attachment;", + "", + "", + "", + L"\uB2E4\uC6B4\uB85C\uB4DC", + L"\uB2E4\uC6B4\uB85C\uB4DC" + }, + { + __LINE__, + "http://www.google.com/", + "attachment; filename=\"=?EUC-JP?Q?=B7=DD=BD=" + "D13=2Epng?=\"", + "", + "", + "", + L"download", + L"\u82b8\u88533.png" + }, + { + __LINE__, + "http://www.example.com/images?id=3", + "attachment; filename=caf\xc3\xa9.png", + "iso-8859-1", + "", + "", + L"", + L"caf\u00e9.png" + }, + { + __LINE__, + "http://www.example.com/images?id=3", + "attachment; filename=caf\xe5.png", + "windows-1253", + "", + "", + L"", + L"caf\u03b5.png" + }, + { + __LINE__, + "http://www.example.com/file?id=3", + "attachment; name=\xcf\xc2\xd4\xd8.zip", + "GBK", + "", + "", + L"", + L"\u4e0b\u8f7d.zip" + }, + { // Invalid C-D header. Extracts filename from url. + __LINE__, + "http://www.google.com/test.html", + "attachment; filename==?iiso88591?Q?caf=EG?=", + "", + "", + "", + L"", + L"test.html" + }, + // about: and data: URLs + { + __LINE__, + "about:chrome", + "", + "", + "", + "", + L"", + L"download" + }, + { + __LINE__, + "data:,looks/like/a.path", + "", + "", + "", + "", + L"", + L"download" + }, + { + __LINE__, + "data:text/plain;base64,VG8gYmUgb3Igbm90IHRvIGJlLg=", + "", + "", + "", + "", + L"", + L"download" + }, + { + __LINE__, + "data:,looks/like/a.path", + "", + "", + "", + "", + L"default_filename_is_given", + L"default_filename_is_given" + }, + { + __LINE__, + "data:,looks/like/a.path", + "", + "", + "", + "", + L"\u65e5\u672c\u8a9e", // Japanese Kanji. + L"\u65e5\u672c\u8a9e" + }, + { // The filename encoding is specified by the referrer charset. + __LINE__, + "http://example.com/V%FDvojov%E1%20psychologie.doc", + "", + "iso-8859-1", + "", + "", + L"", + L"V\u00fdvojov\u00e1 psychologie.doc" + }, + { // Suggested filename takes precedence over URL + __LINE__, + "http://www.google.com/test", + "", + "", + "suggested", + "", + L"", + L"suggested" + }, + { // The content-disposition has higher precedence over the suggested name. + __LINE__, + "http://www.google.com/test", + "attachment; filename=test.html", + "", + "suggested", + "", + L"", + L"test.html" + }, +#if 0 + { // The filename encoding doesn't match the referrer charset, the system + // charset, or UTF-8. + // TODO(jshin): we need to handle this case. + __LINE__, + "http://example.com/V%FDvojov%E1%20psychologie.doc", + "", + "utf-8", + "", + "", + L"", + L"V\u00fdvojov\u00e1 psychologie.doc", + }, +#endif + // Raw 8bit characters in C-D + { + __LINE__, + "http://www.example.com/images?id=3", + "attachment; filename=caf\xc3\xa9.png", + "iso-8859-1", + "", + "image/png", + L"", + L"caf\u00e9.png" + }, + { + __LINE__, + "http://www.example.com/images?id=3", + "attachment; filename=caf\xe5.png", + "windows-1253", + "", + "image/png", + L"", + L"caf\u03b5.png" + }, + { // No 'filename' keyword in the disposition, use the URL + __LINE__, + "http://www.evil.com/my_download.txt", + "a_file_name.txt", + "", + "", + "text/plain", + L"download", + L"my_download.txt" + }, + { // Spaces in the disposition file name + __LINE__, + "http://www.frontpagehacker.com/a_download.exe", + "filename=My Downloaded File.exe", + "", + "", + "application/octet-stream", + L"download", + L"My Downloaded File.exe" + }, + { // % encoded + __LINE__, + "http://www.examples.com/", + "attachment; " + "filename=\"%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg\"", + "", + "", + "image/jpeg", + L"download", + L"\uc608\uc220 \uc608\uc220.jpg" + }, + { // name= parameter + __LINE__, + "http://www.examples.com/q.cgi?id=abc", + "attachment; name=abc de.pdf", + "", + "", + "application/octet-stream", + L"download", + L"abc de.pdf" + }, + { + __LINE__, + "http://www.example.com/path", + "filename=\"=?EUC-JP?Q?=B7=DD=BD=D13=2Epng?=\"", + "", + "", + "image/png", + L"download", + L"\x82b8\x8853" L"3.png" + }, + { // The following two have invalid CD headers and filenames come from the + // URL. + __LINE__, + "http://www.example.com/test%20123", + "attachment; filename==?iiso88591?Q?caf=EG?=", + "", + "", + "image/jpeg", + L"download", + L"test 123" JPEG_EXT + }, + { + __LINE__, + "http://www.google.com/%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg", + "malformed_disposition", + "", + "", + "image/jpeg", + L"download", + L"\uc608\uc220 \uc608\uc220.jpg" + }, + { // Invalid C-D. No filename from URL. Falls back to 'download'. + __LINE__, + "http://www.google.com/path1/path2/", + "attachment; filename==?iso88591?Q?caf=E3?", + "", + "", + "image/jpeg", + L"download", + L"download" JPEG_EXT + }, + }; + + // Tests filename generation. Once the correct filename is + // selected, they should be passed through the validation steps and + // a correct extension should be added if necessary. + const GenerateFilenameCase generation_tests[] = { + // Dotfiles. Ensures preceeding period(s) stripped. + { + __LINE__, + "http://www.google.com/.test.html", + "", + "", + "", + "", + L"", + L"test.html" + }, + { + __LINE__, + "http://www.google.com/.test", + "", + "", + "", + "", + L"", + L"test" + }, + { + __LINE__, + "http://www.google.com/..test", + "", + "", + "", + "", + L"", + L"test" + }, + { // Disposition has relative paths, remove directory separators + __LINE__, + "http://www.evil.com/my_download.txt", + "filename=../../../../././../a_file_name.txt", + "", + "", + "text/plain", + L"download", + L"-..-..-..-.-.-..-a_file_name.txt" + }, + { // Disposition has parent directories, remove directory separators + __LINE__, + "http://www.evil.com/my_download.txt", + "filename=dir1/dir2/a_file_name.txt", + "", + "", + "text/plain", + L"download", + L"dir1-dir2-a_file_name.txt" + }, + { // Disposition has relative paths, remove directory separators + __LINE__, + "http://www.evil.com/my_download.txt", + "filename=..\\..\\..\\..\\.\\.\\..\\a_file_name.txt", + "", + "", + "text/plain", + L"download", + L"-..-..-..-.-.-..-a_file_name.txt" + }, + { // Disposition has parent directories, remove directory separators + __LINE__, + "http://www.evil.com/my_download.txt", + "filename=dir1\\dir2\\a_file_name.txt", + "", + "", + "text/plain", + L"download", + L"dir1-dir2-a_file_name.txt" + }, + { // No useful information in disposition or URL, use default + __LINE__, + "http://www.truncated.com/path/", + "", + "", + "", + "text/plain", + L"download", + L"download" TXT_EXT + }, + { // Filename looks like HTML? + __LINE__, + "http://www.evil.com/get/malware/here", + "filename=\"<blink>Hello kitty</blink>\"", + "", + "", + "text/plain", + L"default", + L"-blink-Hello kitty--blink-" TXT_EXT + }, + { // A normal avi should get .avi and not .avi.avi + __LINE__, + "https://blah.google.com/misc/2.avi", + "", + "", + "", + "video/x-msvideo", + L"download", + L"2.avi" + }, + { // Extension generation + __LINE__, + "http://www.example.com/my-cat", + "filename=my-cat", + "", + "", + "image/jpeg", + L"download", + L"my-cat" JPEG_EXT + }, + { + __LINE__, + "http://www.example.com/my-cat", + "filename=my-cat", + "", + "", + "text/plain", + L"download", + L"my-cat.txt" + }, + { + __LINE__, + "http://www.example.com/my-cat", + "filename=my-cat", + "", + "", + "text/html", + L"download", + L"my-cat" HTML_EXT + }, + { // Unknown MIME type + __LINE__, + "http://www.example.com/my-cat", + "filename=my-cat", + "", + "", + "dance/party", + L"download", + L"my-cat" + }, + { + __LINE__, + "http://www.example.com/my-cat.jpg", + "filename=my-cat.jpg", + "", + "", + "text/plain", + L"download", + L"my-cat.jpg" + }, + // Windows specific tests +#if defined(OS_WIN) + { + __LINE__, + "http://www.goodguy.com/evil.exe", + "filename=evil.exe", + "", + "", + "image/jpeg", + L"download", + L"evil.exe" + }, + { + __LINE__, + "http://www.goodguy.com/ok.exe", + "filename=ok.exe", + "", + "", + "binary/octet-stream", + L"download", + L"ok.exe" + }, + { + __LINE__, + "http://www.goodguy.com/evil.dll", + "filename=evil.dll", + "", + "", + "dance/party", + L"download", + L"evil.dll" + }, + { + __LINE__, + "http://www.goodguy.com/evil.exe", + "filename=evil", + "", + "", + "application/rss+xml", + L"download", + L"evil" + }, + // Test truncation of trailing dots and spaces + { + __LINE__, + "http://www.goodguy.com/evil.exe ", + "filename=evil.exe ", + "", + "", + "binary/octet-stream", + L"download", + L"evil.exe" + }, + { + __LINE__, + "http://www.goodguy.com/evil.exe.", + "filename=evil.exe.", + "", + "", + "binary/octet-stream", + L"download", + L"evil.exe-" + }, + { + __LINE__, + "http://www.goodguy.com/evil.exe. . .", + "filename=evil.exe. . .", + "", + "", + "binary/octet-stream", + L"download", + L"evil.exe-------" + }, + { + __LINE__, + "http://www.goodguy.com/evil.", + "filename=evil.", + "", + "", + "binary/octet-stream", + L"download", + L"evil-" + }, + { + __LINE__, + "http://www.goodguy.com/. . . . .", + "filename=. . . . .", + "", + "", + "binary/octet-stream", + L"download", + L"download" + }, + { + __LINE__, + "http://www.badguy.com/attachment?name=meh.exe%C2%A0", + "attachment; filename=\"meh.exe\xC2\xA0\"", + "", + "", + "binary/octet-stream", + L"", + L"meh.exe-" + }, +#endif // OS_WIN + { + __LINE__, + "http://www.goodguy.com/utils.js", + "filename=utils.js", + "", + "", + "application/x-javascript", + L"download", + L"utils.js" + }, + { + __LINE__, + "http://www.goodguy.com/contacts.js", + "filename=contacts.js", + "", + "", + "application/json", + L"download", + L"contacts.js" + }, + { + __LINE__, + "http://www.goodguy.com/utils.js", + "filename=utils.js", + "", + "", + "text/javascript", + L"download", + L"utils.js" + }, + { + __LINE__, + "http://www.goodguy.com/utils.js", + "filename=utils.js", + "", + "", + "text/javascript;version=2", + L"download", + L"utils.js" + }, + { + __LINE__, + "http://www.goodguy.com/utils.js", + "filename=utils.js", + "", + "", + "application/ecmascript", + L"download", + L"utils.js" + }, + { + __LINE__, + "http://www.goodguy.com/utils.js", + "filename=utils.js", + "", + "", + "application/ecmascript;version=4", + L"download", + L"utils.js" + }, + { + __LINE__, + "http://www.goodguy.com/program.exe", + "filename=program.exe", + "", + "", + "application/foo-bar", + L"download", + L"program.exe" + }, + { + __LINE__, + "http://www.evil.com/../foo.txt", + "filename=../foo.txt", + "", + "", + "text/plain", + L"download", + L"-foo.txt" + }, + { + __LINE__, + "http://www.evil.com/..\\foo.txt", + "filename=..\\foo.txt", + "", + "", + "text/plain", + L"download", + L"-foo.txt" + }, + { + __LINE__, + "http://www.evil.com/.hidden", + "filename=.hidden", + "", + "", + "text/plain", + L"download", + L"hidden" TXT_EXT + }, + { + __LINE__, + "http://www.evil.com/trailing.", + "filename=trailing.", + "", + "", + "dance/party", + L"download", +#if defined(OS_WIN) + L"trailing-" +#else + L"trailing" +#endif + }, + { + __LINE__, + "http://www.evil.com/trailing.", + "filename=trailing.", + "", + "", + "text/plain", + L"download", +#if defined(OS_WIN) + L"trailing-" TXT_EXT +#else + L"trailing" TXT_EXT +#endif + }, + { + __LINE__, + "http://www.evil.com/.", + "filename=.", + "", + "", + "dance/party", + L"download", + L"download" + }, + { + __LINE__, + "http://www.evil.com/..", + "filename=..", + "", + "", + "dance/party", + L"download", + L"download" + }, + { + __LINE__, + "http://www.evil.com/...", + "filename=...", + "", + "", + "dance/party", + L"download", + L"download" + }, + { // Note that this one doesn't have "filename=" on it. + __LINE__, + "http://www.evil.com/", + "a_file_name.txt", + "", + "", + "image/jpeg", + L"download", + L"download" JPEG_EXT + }, + { + __LINE__, + "http://www.evil.com/", + "filename=", + "", + "", + "image/jpeg", + L"download", + L"download" JPEG_EXT + }, + { + __LINE__, + "http://www.example.com/simple", + "filename=simple", + "", + "", + "application/octet-stream", + L"download", + L"simple" + }, + // Reserved words on Windows + { + __LINE__, + "http://www.goodguy.com/COM1", + "filename=COM1", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"_COM1" +#else + L"COM1" +#endif + }, + { + __LINE__, + "http://www.goodguy.com/COM4.txt", + "filename=COM4.txt", + "", + "", + "text/plain", + L"download", +#if defined(OS_WIN) + L"_COM4.txt" +#else + L"COM4.txt" +#endif + }, + { + __LINE__, + "http://www.goodguy.com/lpt1.TXT", + "filename=lpt1.TXT", + "", + "", + "text/plain", + L"download", +#if defined(OS_WIN) + L"_lpt1.TXT" +#else + L"lpt1.TXT" +#endif + }, + { + __LINE__, + "http://www.goodguy.com/clock$.txt", + "filename=clock$.txt", + "", + "", + "text/plain", + L"download", +#if defined(OS_WIN) + L"_clock$.txt" +#else + L"clock$.txt" +#endif + }, + { // Validation should also apply to sugested name + __LINE__, + "http://www.goodguy.com/blah$.txt", + "filename=clock$.txt", + "", + "clock$.txt", + "text/plain", + L"download", +#if defined(OS_WIN) + L"_clock$.txt" +#else + L"clock$.txt" +#endif + }, + { + __LINE__, + "http://www.goodguy.com/mycom1.foo", + "filename=mycom1.foo", + "", + "", + "text/plain", + L"download", + L"mycom1.foo" + }, + { + __LINE__, + "http://www.badguy.com/Setup.exe.local", + "filename=Setup.exe.local", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"Setup.exe.download" +#else + L"Setup.exe.local" +#endif + }, + { + __LINE__, + "http://www.badguy.com/Setup.exe.local", + "filename=Setup.exe.local.local", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"Setup.exe.local.download" +#else + L"Setup.exe.local.local" +#endif + }, + { + __LINE__, + "http://www.badguy.com/Setup.exe.lnk", + "filename=Setup.exe.lnk", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"Setup.exe.download" +#else + L"Setup.exe.lnk" +#endif + }, + { + __LINE__, + "http://www.badguy.com/Desktop.ini", + "filename=Desktop.ini", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"_Desktop.ini" +#else + L"Desktop.ini" +#endif + }, + { + __LINE__, + "http://www.badguy.com/Thumbs.db", + "filename=Thumbs.db", + "", + "", + "application/foo-bar", + L"download", +#if defined(OS_WIN) + L"_Thumbs.db" +#else + L"Thumbs.db" +#endif + }, + { + __LINE__, + "http://www.hotmail.com", + "filename=source.jpg", + "", + "", + "application/x-javascript", + L"download", + L"source.jpg" + }, + { // http://crbug.com/5772. + __LINE__, + "http://www.example.com/foo.tar.gz", + "", + "", + "", + "application/x-tar", + L"download", + L"foo.tar.gz" + }, + { // http://crbug.com/52250. + __LINE__, + "http://www.example.com/foo.tgz", + "", + "", + "", + "application/x-tar", + L"download", + L"foo.tgz" + }, + { // http://crbug.com/7337. + __LINE__, + "http://maged.lordaeron.org/blank.reg", + "", + "", + "", + "text/x-registry", + L"download", + L"blank.reg" + }, + { + __LINE__, + "http://www.example.com/bar.tar", + "", + "", + "", + "application/x-tar", + L"download", + L"bar.tar" + }, + { + __LINE__, + "http://www.example.com/bar.bogus", + "", + "", + "", + "application/x-tar", + L"download", + L"bar.bogus" + }, + { // http://crbug.com/20337 + __LINE__, + "http://www.example.com/.download.txt", + "filename=.download.txt", + "", + "", + "text/plain", + L"-download", + L"download.txt" + }, + { // http://crbug.com/56855. + __LINE__, + "http://www.example.com/bar.sh", + "", + "", + "", + "application/x-sh", + L"download", + L"bar.sh" + }, + { // http://crbug.com/61571 + __LINE__, + "http://www.example.com/npdf.php?fn=foobar.pdf", + "", + "", + "", + "text/plain", + L"download", + L"npdf" TXT_EXT + }, + { // Shouldn't overwrite C-D specified extension. + __LINE__, + "http://www.example.com/npdf.php?fn=foobar.pdf", + "filename=foobar.jpg", + "", + "", + "text/plain", + L"download", + L"foobar.jpg" + }, + { // http://crbug.com/87719 + __LINE__, + "http://www.example.com/image.aspx?id=blargh", + "", + "", + "", + "image/jpeg", + L"download", + L"image" JPEG_EXT + }, +#if defined(OS_CHROMEOS) + { // http://crosbug.com/26028 + __LINE__, + "http://www.example.com/fooa%cc%88.txt", + "", + "", + "", + "image/jpeg", + L"foo\xe4", + L"foo\xe4.txt" + }, +#endif + }; + + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(selection_tests); ++i) + RunGenerateFileNameTestCase(&selection_tests[i]); + + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(generation_tests); ++i) + RunGenerateFileNameTestCase(&generation_tests[i]); + + for (size_t i = 0; i < ARRAYSIZE_UNSAFE(generation_tests); ++i) { + GenerateFilenameCase test_case = generation_tests[i]; + test_case.referrer_charset = "GBK"; + RunGenerateFileNameTestCase(&test_case); + } +} + +} // namespace net |