blob: 0952ccad919eac73a24480c5c7a44689771f6f7d [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains the rar file analysis implementation for download
// protection, which runs in a sandbox. The reason for running in a sandbox is
// to isolate the browser and other renderer processes from any vulnerabilities
// that the attacker-controlled download file may try to exploit.
// Here's the call flow for inspecting .rar files upon download:
// 1. File is downloaded.
// 2. |CheckClientDownloadRequest::AnalyzeFile()| is called to analyze the Safe
// Browsing reputation of the downloaded file.
// 3. It calls |CheckClientDownloadRequest::StartExtractRarFeatures()|, which
// creates an instance of |SandboxedRarAnalyzer|, and calls |Start()|.
// 4. |SandboxedRarAnalyzer::Start()| leads to a mojo call to
// |SafeArchiveAnalyzer::AnalyzeRarFile()| in a sandbox.
// 5. Finally, |SafeArchiveAnalyzer::AnalyzeRarFile()| calls |AnalyzeRarFile()|
// defined in this file to actually inspect the file.
#include "base/files/file.h"
namespace safe_browsing {
struct ArchiveAnalyzerResults;
namespace rar_analyzer {
// |rar_file| is a platform-agnostic handle to the file, and |temp_file| is a
// handle for a temporary file the sandbox can write to. Since |AnalyzeRarFile|
// runs inside a sandbox, it isn't allowed to open file handles. So both files
// are opened in |SandboxedRarAnalyzer|, which runs in the browser process, and
// the handles are passed here. The function populates the various fields in
// |results| based on the results of parsing the rar file. If the parsing fails
// for any reason, including crashing the sandbox process, the browser process
// considers the file safe.
void AnalyzeRarFile(base::File rar_file,
base::File temp_file,
ArchiveAnalyzerResults* results);
} // namespace rar_analyzer
} // namespace safe_browsing