components/services/quarantine/quarantine_mac.mm - chromium/src - Git at Google

 // Copyright 2016 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "components/services/quarantine/quarantine.h"

 #import <ApplicationServices/ApplicationServices.h>
 #import <Foundation/Foundation.h>

 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/mac/bridging.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/threading/scoped_blocking_call.h"
 #include "components/services/quarantine/common.h"
 #include "components/services/quarantine/common_mac.h"
 #include "url/gurl.h"

 #if !defined(__has_feature) || !__has_feature(objc_arc)
 #error "This file requires ARC support."
 #endif

 namespace quarantine {

 namespace {

 extern "C" {
 Boolean MDItemSetAttribute(MDItemRef, CFStringRef, CFTypeRef);
 }

 // As of Mac OS X 10.4 ("Tiger"), files can be tagged with metadata describing
 // various attributes. Metadata is integrated with the system's Spotlight
 // feature and is searchable. Ordinarily, metadata can only be set by
 // Spotlight importers, which requires that the importer own the target file.
 // However, there's an attribute intended to describe the origin of a
 // file, that can store the source URL and referrer of a downloaded file.
 // It's stored as a "com.apple.metadata:kMDItemWhereFroms" extended attribute,
 // structured as a binary1-format plist containing a list of sources. This
 // attribute can only be populated by the downloader, not a Spotlight importer.
 // Safari on 10.4 and later populates this attribute.
 //
 // With this metadata set, you can locate downloads by performing a Spotlight
 // search for their source or referrer URLs, either from within the Spotlight
 // UI or from the command line:
 //     mdfind 'kMDItemWhereFroms == "http://releases.mozilla.org/*"'
 //
 // The most modern metadata API is NSMetadata, with this attribute available as
 // `NSMetadataItemWhereFromsKey`, but NSMetadata offers a query-only interface.
 // The original metadata API is the Metadata.framework in CoreServices, and
 // while it too offers a query-only interface, at least it has a private call to
 // set the metadata. Therefore, use Metadata.framework.
 bool AddOriginMetadataToFile(const base::FilePath& file,
                              const GURL& source,
                              const GURL& referrer) {
   base::ScopedBlockingCall scoped_blocking_call(FROM_HERE,
                                                 base::BlockingType::MAY_BLOCK);

   NSString* file_path = base::mac::FilePathToNSString(file);
   if (!file_path) {
     return false;
   }

   base::ScopedCFTypeRef<MDItemRef> md_item(
       MDItemCreate(kCFAllocatorDefault, base::mac::NSToCFPtrCast(file_path)));
   if (!md_item) {
     LOG(WARNING) << "MDItemCreate failed for path " << file.value();
     return false;
   }

   // We won't put any more than 2 items into the attribute.
   NSMutableArray* list = [NSMutableArray arrayWithCapacity:2];

   // Follow Safari's lead: the first item in the list is the source URL of the
   // downloaded file. If the referrer is known, store that, too. The URLs may be
   // empty (e.g. files downloaded in Incognito mode); don't add empty URLs.
   NSString* origin_url = base::SysUTF8ToNSString(source.spec());
   if (origin_url && origin_url.length) {
     [list addObject:origin_url];
   }
   NSString* referrer_url = base::SysUTF8ToNSString(referrer.spec());
   if (referrer_url && referrer_url.length) {
     [list addObject:referrer_url];
   }

   if (list.count) {
     return MDItemSetAttribute(md_item, kMDItemWhereFroms,
                               base::mac::NSToCFPtrCast(list));
   }

   return true;
 }

 }  // namespace

 void QuarantineFile(const base::FilePath& file,
                     const GURL& source_url_unsafe,
                     const GURL& referrer_url_unsafe,
                     const std::string& client_guid,
                     mojom::Quarantine::QuarantineFileCallback callback) {
   if (!base::PathExists(file)) {
     std::move(callback).Run(QuarantineFileResult::FILE_MISSING);
     return;
   }

   // By default, all items downloaded from Chromium are quarantined, due to the
   // LSFileQuarantineEnabled in the Info.plist. As of macOS 12.4, additional
   // metadata added to the quarantine database is ignored (see
   // https://crbug.com/1334495#c26), so don't bother including it. Do continue
   // to populate the origin metadata, though, as it's useful to an end-user.

   GURL source_url = SanitizeUrlForQuarantine(source_url_unsafe);
   GURL referrer_url = SanitizeUrlForQuarantine(referrer_url_unsafe);

   // Don't consider it an error if we fail to add origin metadata.
   AddOriginMetadataToFile(file, source_url, referrer_url);

   std::move(callback).Run(QuarantineFileResult::OK);
 }

 }  // namespace quarantine
	// Copyright 2016 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "components/services/quarantine/quarantine.h"

	#import <ApplicationServices/ApplicationServices.h>
	#import <Foundation/Foundation.h>

	#include "base/files/file_path.h"
	#include "base/files/file_util.h"
	#include "base/logging.h"
	#include "base/mac/bridging.h"
	#include "base/mac/foundation_util.h"
	#include "base/mac/mac_logging.h"
	#include "base/mac/mac_util.h"
	#include "base/mac/scoped_cftyperef.h"
	#include "base/strings/sys_string_conversions.h"
	#include "base/threading/scoped_blocking_call.h"
	#include "components/services/quarantine/common.h"
	#include "components/services/quarantine/common_mac.h"
	#include "url/gurl.h"

	#if !defined(__has_feature) \|\| !__has_feature(objc_arc)
	#error "This file requires ARC support."
	#endif

	namespace quarantine {

	namespace {

	extern "C" {
	Boolean MDItemSetAttribute(MDItemRef, CFStringRef, CFTypeRef);
	}

	// As of Mac OS X 10.4 ("Tiger"), files can be tagged with metadata describing
	// various attributes. Metadata is integrated with the system's Spotlight
	// feature and is searchable. Ordinarily, metadata can only be set by
	// Spotlight importers, which requires that the importer own the target file.
	// However, there's an attribute intended to describe the origin of a
	// file, that can store the source URL and referrer of a downloaded file.
	// It's stored as a "com.apple.metadata:kMDItemWhereFroms" extended attribute,
	// structured as a binary1-format plist containing a list of sources. This
	// attribute can only be populated by the downloader, not a Spotlight importer.
	// Safari on 10.4 and later populates this attribute.
	//
	// With this metadata set, you can locate downloads by performing a Spotlight
	// search for their source or referrer URLs, either from within the Spotlight
	// UI or from the command line:
	// mdfind 'kMDItemWhereFroms == "http://releases.mozilla.org/*"'
	//
	// The most modern metadata API is NSMetadata, with this attribute available as
	// `NSMetadataItemWhereFromsKey`, but NSMetadata offers a query-only interface.
	// The original metadata API is the Metadata.framework in CoreServices, and
	// while it too offers a query-only interface, at least it has a private call to
	// set the metadata. Therefore, use Metadata.framework.
	bool AddOriginMetadataToFile(const base::FilePath& file,
	const GURL& source,
	const GURL& referrer) {
	base::ScopedBlockingCall scoped_blocking_call(FROM_HERE,
	base::BlockingType::MAY_BLOCK);

	NSString* file_path = base::mac::FilePathToNSString(file);
	if (!file_path) {
	return false;
	}

	base::ScopedCFTypeRef<MDItemRef> md_item(
	MDItemCreate(kCFAllocatorDefault, base::mac::NSToCFPtrCast(file_path)));
	if (!md_item) {
	LOG(WARNING) << "MDItemCreate failed for path " << file.value();
	return false;
	}

	// We won't put any more than 2 items into the attribute.
	NSMutableArray* list = [NSMutableArray arrayWithCapacity:2];

	// Follow Safari's lead: the first item in the list is the source URL of the
	// downloaded file. If the referrer is known, store that, too. The URLs may be
	// empty (e.g. files downloaded in Incognito mode); don't add empty URLs.
	NSString* origin_url = base::SysUTF8ToNSString(source.spec());
	if (origin_url && origin_url.length) {
	[list addObject:origin_url];
	}
	NSString* referrer_url = base::SysUTF8ToNSString(referrer.spec());
	if (referrer_url && referrer_url.length) {
	[list addObject:referrer_url];
	}

	if (list.count) {
	return MDItemSetAttribute(md_item, kMDItemWhereFroms,
	base::mac::NSToCFPtrCast(list));
	}

	return true;
	}

	} // namespace

	void QuarantineFile(const base::FilePath& file,
	const GURL& source_url_unsafe,
	const GURL& referrer_url_unsafe,
	const std::string& client_guid,
	mojom::Quarantine::QuarantineFileCallback callback) {
	if (!base::PathExists(file)) {
	std::move(callback).Run(QuarantineFileResult::FILE_MISSING);
	return;
	}

	// By default, all items downloaded from Chromium are quarantined, due to the
	// LSFileQuarantineEnabled in the Info.plist. As of macOS 12.4, additional
	// metadata added to the quarantine database is ignored (see
	// https://crbug.com/1334495#c26), so don't bother including it. Do continue
	// to populate the origin metadata, though, as it's useful to an end-user.

	GURL source_url = SanitizeUrlForQuarantine(source_url_unsafe);
	GURL referrer_url = SanitizeUrlForQuarantine(referrer_url_unsafe);

	// Don't consider it an error if we fail to add origin metadata.
	AddOriginMetadataToFile(file, source_url, referrer_url);

	std::move(callback).Run(QuarantineFileResult::OK);
	}

	} // namespace quarantine