// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include #include #include "chrome/browser/download/download_extensions.h" #include "base/macros.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "build/build_config.h" #include "net/base/mime_util.h" #include "net/base/net_util.h" namespace download_util { namespace { enum DownloadAutoOpenHint { ALLOW_AUTO_OPEN, // The file type should not be allowed to open automatically. // // Criteria for disallowing a file type from opening automatically: // // Includes file types that upon opening may either: // * ... execute arbitrary or harmful code with user privileges. // * ... change configuration of the system to cause harmful behavior // immediately or at some time in the future. // // Doesn't include file types that upon opening: // * ... sufficiently warn the user about the fact that: // - This file was downloaded from the internet. // - Opening it can make specified changes to the system. // (Note that any such warnings need to be displayed prior to the harmful // logic being executed). // * ... does nothing particularly dangerous, despite the act of downloading // itself being dangerous (E.g. .local and .manifest files). DISALLOW_AUTO_OPEN, }; // Guidelines for adding a new dangerous file type: // // * Include a comment above the file type that: // - Describes the file type. // - Justifies why it is considered dangerous if this isn't obvious from the // description. // - Justifies why the file type is disallowed from auto opening, if // necessary. // * Add the file extension to the kDangerousFileTypes array in // download_stats.cc. // // TODO(asanka): All file types listed below should have descriptions. const struct FileType { const char* extension; // Extension sans leading extension separator. DownloadDangerLevel danger_level; DownloadAutoOpenHint auto_open_hint; } kDownloadFileTypes[] = { // Some files are dangerous on all platforms. // Flash files downloaded locally can sometimes access the local filesystem. {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, // Chrome extensions should be obtained through the web store. Allowed to // open automatically because Chrome displays a prompt prior to // installation. {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Included for parity with kSafeBrowsingFileTypes. {"bin", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"rtf", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, // Archive file types. Not inherently dangerous, but could contain dangerous // files. Included for parity with kSafeBrowsingFileTypes. {"001", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"7z", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"ace", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"arc", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"arj", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"b64", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"balz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"bhx", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"bz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"bz2", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"bzip2", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"cab", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"cpio", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"fat", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"gz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"gzip", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"hfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"hqx", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"iso", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lha", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lpaq1", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lpaq5", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lpaq8", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lzh", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"lzma", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"mim", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"ntfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"paq8f", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"paq8jd", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"paq8l", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"paq8o", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"pea", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"quad", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r00", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r01", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r02", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r03", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r04", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r05", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r06", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r07", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r08", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r09", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r10", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r11", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r12", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r13", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r14", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r15", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r16", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r17", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r18", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r19", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r20", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r21", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r22", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r23", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r24", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r25", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r26", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r27", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r28", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"r29", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"rar", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"squashfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"swm", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tar", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"taz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tbz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tbz2", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tgz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tpz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"txz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"tz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"udf", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"uu", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"uue", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"vhd", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"vhdx", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, // Opens in IE, drops MOTW {"vmdk", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"wim", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"wrc", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"xar", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"xxe", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"xz", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"z", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"zip", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"zipx", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"zpaq", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, // Windows, all file categories. The list is in alphabetical order of // extensions. Exceptions are made for logical groupings of file types. // // Some file descriptions are based on // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cddc-17c3-4279-a30c-060ba0207372 #if defined(OS_WIN) {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Access related. {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project. {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut. {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut. {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut. {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut. {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut. {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures. {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut. {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut. {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page. {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in. {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data. {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information. {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template. // Executable Application. {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft ClickOnce depolyment manifest. By default, opens with // dfshim.dll which should prompt the user before running untrusted code. {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // ClickOnce application reference. Basically a .lnk for ClickOnce apps. {"appref-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Active Server Pages source file. {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Advanced Stream Redirector. Contains a playlist of media files. {"asx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Visual Basic source file. Opens by default in an editor. {"bas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Command script. {"bat", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"cfg", DANGEROUS, ALLOW_AUTO_OPEN}, // Windows Compiled HTML Help files. {"chi", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"chm", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Command script. {"cmd", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Windows legacy executable. {"com", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Control panel tool. Executable. {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Signed certificate file. {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows executables. {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, // Opens in Outlook. Not common, but could be exploited (CVE-2015-6172) {"eml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows executable {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Font file, uses Portable Executable or New Executable format. Not // supposed to contain executable code. {"fon", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Microsoft FoxPro Compiled Source. {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows Sidebar Gadget (Vista & Win 7). ZIP archive containing html + js. // Deprecated by Microsoft. Can run arbitrary code with user privileges. // (https://technet.microsoft.com/library/security/2719662) {"gadget", DANGEROUS, DISALLOW_AUTO_OPEN}, // MSProgramGroup (?). {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, // Windows legacy help file format. {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // HTML Application. Executes as a fully trusted application. {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Hypertext Template File. See https://support.microsoft.com/kb/181689. {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Device installation information. {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Generic configuration file. {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, // Microsoft IIS Internet Communication Settings. {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // InstallShield Compiled Script. {"inx", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // InstallShield Uninstaller Script. {"isu", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Microsoft IIS Internet Service Provider Settings. {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows Task Scheduler Job file. No handler is registered by default, so // this is probably normally not dangerous unless saved into the task // scheduler directory. {"job", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // JavaScript file. May open using Windows Script Host with user level // privileges. {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // JScript encoded script file. Usually produced by running Microsoft Script // Encoder over a .js file. // See https://msdn.microsoft.com/library/d14c8zsc.aspx {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Shortcuts. May open anything. {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // .local files affect DLL search path for .exe file with same base name. {"local", DANGEROUS, ALLOW_AUTO_OPEN}, // While being a generic name, having a .manifest file with the same // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search // order for the .exe file. Downloading this kind of file to the users' // download directory is almost always the wrong thing to do. {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, // Media Attachment Unit. {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Multipart HTML. {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, // Microsoft Management Console Snap-in. Contains executable code. {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Opens in Outlook. Not common, but could be exploited (CVE-2015-6172) {"msg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Shell. {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Windows Installer. {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // ActiveX Control. {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, // Microsoft Office Profile Settings File. {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Portable Application Installer File. {"paf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Extensions that will open in IE even when chrome is set as default // browser. {"partial", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"xrm-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"rels", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"svg", NOT_DANGEROUS, ALLOW_AUTO_OPEN}, {"xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"xsl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Microsoft Visual Test. {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Program Information File. Originally intended to configure execution // environment for legacy DOS files. They aren't meant to contain executable // code. But Windows may execute a PIF file that is sniffed as a PE file. {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Developer Studio Build Log. {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows System File. {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Program File. {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder // File. {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Windows PowerShell. {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Registry file. Opening may cause registry settings to change. Users still // need to click through a prompt. So we could consider relaxing the // DISALLOW_AUTO_OPEN restriction. {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Registry Script Windows. {"rgs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Microsoft Windows Explorer Command. // See https://support.microsoft.com/kb/190355 for an example. {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Windows Screen Saver. {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Microsoft Windows Script Component. Microsoft FoxPro Screen. // A Script Component is a COM component created using script. // See https://msdn.microsoft.com/library/aa233148.aspx for an example. {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Windows Shortcut into a document. // See https://support.microsoft.com/kb/212344 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Shell Scrap Object File. {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // System executable. Windows tries hard to prevent you from opening these // types of files. {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, // U3 Smart Application. {"u3p", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Internet Shortcut (new since IE9). Both .url and .website are .ini files // that describe a shortcut that points to a URL. They can point at // anything. Dropping a download of this type and opening it automatically // can in effect sidestep origin restrictions etc. {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, // VBScript files. My open with Windows Script Host and execute with user // privileges. {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Some sites claim .vbscript is a valid extension for vbs files. {"vbscript", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Visual Studio Binary-based Macro Project. {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Microsoft Visio Workspace. {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Windows Script Host related. {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // XAML Browser Application. {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, // Microsoft Exchange Public Folder Shortcut. {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, #endif // OS_WIN // Java. #if !defined(OS_CHROMEOS) {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, #endif #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) // Scripting languages. (Shells are handled below.) {"pl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"py", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"pyc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"pyw", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"rb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Extensible Firmware Interface executable. {"efi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif // Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above. #if defined(OS_POSIX) {"bash", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"csh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"ksh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"sh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"shar", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"tcsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif #if defined(OS_MACOSX) // Automator Action. {"action", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"command", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // Automator Workflow. {"workflow", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif // Package management formats. OS_WIN package formats are handled above. #if defined(OS_MACOSX) || defined(OS_LINUX) {"pkg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif #if defined(OS_LINUX) {"deb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"pet", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"pup", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"rpm", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"slp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, // "common" executable file extensions for linux. There's not really much // reason to block since they require execute bit to actually run. Included // for histograms and to match kSafeBrowsingFileTypes. {"out", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, {"run", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif #if defined(OS_ANDROID) {"dex", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, #endif }; // FileType for files with an empty extension. const FileType kEmptyFileType = {nullptr, NOT_DANGEROUS, DISALLOW_AUTO_OPEN}; // Default FileType for non-empty extensions that aren't in the list above. const FileType kUnknownFileType = {nullptr, NOT_DANGEROUS, ALLOW_AUTO_OPEN}; const FileType& GetFileType(const base::FilePath& path) { base::FilePath::StringType extension(path.FinalExtension()); if (extension.empty()) return kEmptyFileType; if (!base::IsStringASCII(extension)) return kUnknownFileType; #if defined(OS_WIN) std::string ascii_extension = base::UTF16ToASCII(extension); #elif defined(OS_POSIX) std::string ascii_extension = extension; #endif // Strip out leading dot if it's still there if (ascii_extension[0] == base::FilePath::kExtensionSeparator) ascii_extension.erase(0, 1); for (const auto& file_type : kDownloadFileTypes) { if (base::LowerCaseEqualsASCII(ascii_extension, file_type.extension)) return file_type; } return kUnknownFileType; } } // namespace DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { return GetFileType(path).danger_level; } bool IsAllowedToOpenAutomatically(const base::FilePath& path) { return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; } } // namespace download_util