Google Git
Sign in
chromium / chromium / src / 5a080f017c68b6230a6acea6cca89414d12db661 / . / chrome / browser / download / download_extensions.cc
blob: 8808a34eca9a2a0cd5250ad75598b7cd91106d3c [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <set>
#include <string>
#include "chrome/browser/download/download_extensions.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "net/base/mime_util.h"
#include "net/base/net_util.h"
namespace download_util {
namespace {
enum DownloadAutoOpenHint {
ALLOW_AUTO_OPEN,
// The file type should not be allowed to open automatically.
//
// Criteria for disallowing a file type from opening automatically:
//
// Includes file types that upon opening may either:
// * ... execute arbitrary or harmful code with user privileges.
// * ... change configuration of the system to cause harmful behavior
// immediately or at some time in the future.
//
// Doesn't include file types that upon opening:
// * ... sufficiently warn the user about the fact that:
// - This file was downloaded from the internet.
// - Opening it can make specified changes to the system.
// (Note that any such warnings need to be displayed prior to the harmful
// logic being executed).
// * ... does nothing particularly dangerous, despite the act of downloading
// itself being dangerous (E.g. .local and .manifest files).
DISALLOW_AUTO_OPEN,
};
// Guidelines for adding a new dangerous file type:
//
// * Include a comment above the file type that:
// - Describes the file type.
// - Justifies why it is considered dangerous if this isn't obvious from the
// description.
// - Justifies why the file type is disallowed from auto opening, if
// necessary.
// * Add the file extension to the kDangerousFileTypes array in
// download_stats.cc.
//
// TODO(asanka): All file types listed below should have descriptions.
const struct FileType {
const char* extension; // Extension sans leading extension separator.
DownloadDangerLevel danger_level;
DownloadAutoOpenHint auto_open_hint;
} kDownloadFileTypes[] = {
// Some files are dangerous on all platforms.
// Flash files downloaded locally can sometimes access the local filesystem.
{"swf", DANGEROUS, DISALLOW_AUTO_OPEN},
{"spl", DANGEROUS, DISALLOW_AUTO_OPEN},
// Chrome extensions should be obtained through the web store. Allowed to
// open automatically because Chrome displays a prompt prior to
// installation.
{"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Included for parity with kSafeBrowsingFileTypes.
{"bin", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
// Archive file types. Not inherently dangerous, but could contain dangerous
// files. Included for parity with kSafeBrowsingFileTypes.
{"001", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"7z", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"ace", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"arc", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"arj", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"b64", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"balz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"bhx", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"bz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"bz2", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"bzip2", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"cab", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"cpio", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"fat", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"gz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"gzip", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"hfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"hqx", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"iso", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lha", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lpaq1", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lpaq5", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lpaq8", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lzh", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"lzma", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"mim", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"ntfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"paq8f", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"paq8jd", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"paq8l", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"paq8o", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"pea", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"quad", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r00", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r01", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r02", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r03", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r04", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r05", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r06", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r07", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r08", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r09", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r10", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r11", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r12", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r13", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r14", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r15", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r16", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r17", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r18", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r19", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r20", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r21", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r22", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r23", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r24", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r25", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r26", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r27", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r28", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"r29", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"rar", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"squashfs", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"swm", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tar", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"taz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tbz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tbz2", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tgz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tpz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"txz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"tz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"udf", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"uu", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"uue", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"vhd", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"vmdk", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"wim", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"wrc", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"xar", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"xxe", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"xz", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"z", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"zip", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"zipx", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"zpaq", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
// Windows, all file categories. The list is in alphabetical order of
// extensions. Exceptions are made for logical groupings of file types.
//
// Some file descriptions are based on
// https://support.office.com/article/Blocked-attachments-in-Outlook-3811cddc-17c3-4279-a30c-060ba0207372
#if defined(OS_WIN)
{"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Access related.
{"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension
{"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project.
{"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut.
{"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut.
{"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut.
{"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut.
{"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut.
{"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures.
{"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut.
{"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut.
{"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page.
{"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in.
{"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
{"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
{"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data.
{"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information.
{"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template.
// Executable Application.
{"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft ClickOnce depolyment manifest. By default, opens with
// dfshim.dll which should prompt the user before running untrusted code.
{"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// ClickOnce application reference. Basically a .lnk for ClickOnce apps.
{"appref-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Active Server Pages source file.
{"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Advanced Stream Redirector. Contains a playlist of media files.
{"asx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Visual Basic source file. Opens by default in an editor.
{"bas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Command script.
{"bat", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"cfg", DANGEROUS, ALLOW_AUTO_OPEN},
// Windows Compiled HTML Help files.
{"chi", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"chm", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Command script.
{"cmd", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Windows legacy executable.
{"com", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Control panel tool. Executable.
{"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Signed certificate file.
{"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Windows executables.
{"dll", DANGEROUS, DISALLOW_AUTO_OPEN},
{"drv", DANGEROUS, DISALLOW_AUTO_OPEN},
{"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Font file, uses Portable Executable or New Executable format. Not
// supposed to contain executable code.
{"fon", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft FoxPro Compiled Source.
{"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Windows Sidebar Gadget (Vista & Win 7). ZIP archive containing html + js.
// Deprecated by Microsoft. Can run arbitrary code with user privileges.
// (https://technet.microsoft.com/library/security/2719662)
{"gadget", DANGEROUS, DISALLOW_AUTO_OPEN},
// MSProgramGroup (?).
{"grp", DANGEROUS, ALLOW_AUTO_OPEN},
// Windows legacy help file format.
{"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// HTML Application. Executes as a fully trusted application.
{"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Hypertext Template File. See https://support.microsoft.com/kb/181689.
{"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Device installation information.
{"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Generic configuration file.
{"ini", DANGEROUS, ALLOW_AUTO_OPEN},
// Microsoft IIS Internet Communication Settings.
{"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// InstallShield Compiled Script.
{"inx", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// InstallShield Uninstaller Script.
{"isu", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft IIS Internet Service Provider Settings.
{"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Windows Task Scheduler Job file. No handler is registered by default, so
// this is probably normally not dangerous unless saved into the task
// scheduler directory.
{"job", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// JavaScript file. May open using Windows Script Host with user level
// privileges.
{"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// JScript encoded script file. Usually produced by running Microsoft Script
// Encoder over a .js file.
// See https://msdn.microsoft.com/library/d14c8zsc.aspx
{"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Shortcuts. May open anything.
{"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// .local files affect DLL search path for .exe file with same base name.
{"local", DANGEROUS, ALLOW_AUTO_OPEN},
// While being a generic name, having a .manifest file with the same
// basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search
// order for the .exe file. Downloading this kind of file to the users'
// download directory is almost always the wrong thing to do.
{"manifest", DANGEROUS, ALLOW_AUTO_OPEN},
// Media Attachment Unit.
{"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Multipart HTML.
{"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"mof", DANGEROUS, ALLOW_AUTO_OPEN},
// Microsoft Management Console Snap-in. Contains executable code.
{"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft Shell.
{"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Windows Installer.
{"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// ActiveX Control.
{"ocx", DANGEROUS, DISALLOW_AUTO_OPEN},
// Microsoft Office Profile Settings File.
{"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Portable Application Installer File.
{"paf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Extensions that will open in IE even when chrome is set as default
// browser.
{"partial", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"xrm-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"svg", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
{"xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"xsl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft Visual Test.
{"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Program Information File. Originally intended to configure execution
// environment for legacy DOS files. They aren't meant to contain executable
// code. But Windows may execute a PIF file that is sniffed as a PE file.
{"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Developer Studio Build Log.
{"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Windows System File.
{"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Program File.
{"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder
// File.
{"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Windows PowerShell.
{"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Registry file. Opening may cause registry settings to change. Users still
// need to click through a prompt. So we could consider relaxing the
// DISALLOW_AUTO_OPEN restriction.
{"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Registry Script Windows.
{"rgs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft Windows Explorer Command.
// See https://support.microsoft.com/kb/190355 for an example.
{"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Windows Screen Saver.
{"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Microsoft Windows Script Component. Microsoft FoxPro Screen.
// A Script Component is a COM component created using script.
// See https://msdn.microsoft.com/library/aa233148.aspx for an example.
{"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Windows Shortcut into a document.
// See https://support.microsoft.com/kb/212344
{"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Shell Scrap Object File.
{"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// System executable. Windows tries hard to prevent you from opening these
// types of files.
{"sys", DANGEROUS, DISALLOW_AUTO_OPEN},
// U3 Smart Application.
{"u3p", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Internet Shortcut (new since IE9). Both .url and .website are .ini files
// that describe a shortcut that points to a URL. They can point at
// anything. Dropping a download of this type and opening it automatically
// can in effect sidestep origin restrictions etc.
{"url", DANGEROUS, DISALLOW_AUTO_OPEN},
{"website", DANGEROUS, DISALLOW_AUTO_OPEN},
// VBScript files. My open with Windows Script Host and execute with user
// privileges.
{"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Some sites claim .vbscript is a valid extension for vbs files.
{"vbscript", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Visual Studio Binary-based Macro Project.
{"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
{"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Microsoft Visio Workspace.
{"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
// Windows Script Host related.
{"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// XAML Browser Application.
{"xbap", DANGEROUS, DISALLOW_AUTO_OPEN},
// Microsoft Exchange Public Folder Shortcut.
{"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
#endif // OS_WIN
// Java.
#if !defined(OS_CHROMEOS)
{"class", DANGEROUS, DISALLOW_AUTO_OPEN},
{"jar", DANGEROUS, DISALLOW_AUTO_OPEN},
{"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN},
#endif
#if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
// Scripting languages. (Shells are handled below.)
{"pl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"py", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"pyc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"pyw", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"rb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Extensible Firmware Interface executable.
{"efi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
// Shell languages. (OS_ANDROID is OS_POSIX.) OS_WIN shells are handled above.
#if defined(OS_POSIX)
{"bash", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"csh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"ksh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"sh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"shar", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"tcsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
#if defined(OS_MACOSX)
// Automator Action.
{"action", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"command", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// Automator Workflow.
{"workflow", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
// Package management formats. OS_WIN package formats are handled above.
#if defined(OS_MACOSX) || defined(OS_LINUX)
{"pkg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
#if defined(OS_LINUX)
{"deb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"pet", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"pup", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"rpm", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"slp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
// "common" executable file extensions for linux. There's not really much
// reason to block since they require execute bit to actually run. Included
// for histograms and to match kSafeBrowsingFileTypes.
{"out", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
{"run", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
#if defined(OS_ANDROID)
{"dex", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
#endif
};
// FileType for files with an empty extension.
const FileType kEmptyFileType = {nullptr, NOT_DANGEROUS, DISALLOW_AUTO_OPEN};
// Default FileType for non-empty extensions that aren't in the list above.
const FileType kUnknownFileType = {nullptr, NOT_DANGEROUS, ALLOW_AUTO_OPEN};
const FileType& GetFileType(const base::FilePath& path) {
base::FilePath::StringType extension(path.FinalExtension());
if (extension.empty())
return kEmptyFileType;
if (!base::IsStringASCII(extension))
return kUnknownFileType;
#if defined(OS_WIN)
std::string ascii_extension = base::UTF16ToASCII(extension);
#elif defined(OS_POSIX)
std::string ascii_extension = extension;
#endif
// Strip out leading dot if it's still there
if (ascii_extension[0] == base::FilePath::kExtensionSeparator)
ascii_extension.erase(0, 1);
for (const auto& file_type : kDownloadFileTypes) {
if (base::LowerCaseEqualsASCII(ascii_extension, file_type.extension))
return file_type;
}
return kUnknownFileType;
}
} // namespace
DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) {
return GetFileType(path).danger_level;
}
bool IsAllowedToOpenAutomatically(const base::FilePath& path) {
return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN;
}
} // namespace download_util