[Merge M-52] Verify PPAPI initiated downloads against SafeBrowsing.

PPAPI support for saving a file locally doesn't lend itself easily to integrating with the Chromium DownloadManager. Hence, it also doesn't integrate well with SafeBrowsing. This patch introduces a new SafeBrowsing server ping based on the source information available at PPAPI download initiation. It also removes the server-side experiment which controlled the types of files that can be downloaded via PPAPI. BUG=533579 Review-Url: https://codereview.chromium.org/1846783002 Cr-Commit-Position: refs/heads/master@{#395088} (cherry picked from commit ef1f387) Review URL: https://codereview.chromium.org/2045183003 . Cr-Commit-Position: refs/branch-heads/2743@{#291} Cr-Branched-From: 2b3ae3b-refs/heads/master@{#394939}
crosswalk-project · Jun 9, 2016 · 62fe6f3 · 62fe6f3
1 parent 89c1f3f
commit 62fe6f3
Show file tree

Hide file tree

Showing 24 changed files with 838 additions and 1,036 deletions.
diff --git a/chrome/browser/file_select_helper.cc b/chrome/browser/file_select_helper.cc
@@ -48,7 +48,8 @@
 #endif
 
 #if defined(FULL_SAFE_BROWSING)
-#include "chrome/browser/safe_browsing/unverified_download_policy.h"
+#include "chrome/browser/safe_browsing/download_protection_service.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #endif
 
 using content::BrowserThread;
@@ -85,6 +86,37 @@ bool IsValidProfile(Profile* profile) {
   return g_browser_process->profile_manager()->IsValidProfile(profile);
 }
 
+#if defined(FULL_SAFE_BROWSING)
+
+bool IsDownloadAllowedBySafeBrowsing(
+    safe_browsing::DownloadProtectionService::DownloadCheckResult result) {
+  using Result = safe_browsing::DownloadProtectionService::DownloadCheckResult;
+  switch (result) {
+    // Only allow downloads that are marked as SAFE or UNKNOWN by SafeBrowsing.
+    // All other types are going to be blocked. UNKNOWN could be the result of a
+    // failed safe browsing ping.
+    case Result::UNKNOWN:
+    case Result::SAFE:
+      return true;
+
+    case Result::DANGEROUS:
+    case Result::UNCOMMON:
+    case Result::DANGEROUS_HOST:
+    case Result::POTENTIALLY_UNWANTED:
+      return false;
+  }
+  NOTREACHED();
+  return false;
+}
+
+void InterpretSafeBrowsingVerdict(
+    const base::Callback<void(bool)>& recipient,
+    safe_browsing::DownloadProtectionService::DownloadCheckResult result) {
+  recipient.Run(IsDownloadAllowedBySafeBrowsing(result));
+}
+
+#endif
+
 }  // namespace
 
 struct FileSelectHelper::ActiveDirectoryEnumeration {
@@ -462,44 +494,55 @@ void FileSelectHelper::GetSanitizedFilenameOnUIThread(
     std::unique_ptr<FileChooserParams> params) {
   base::FilePath default_file_path = profile_->last_selected_directory().Append(
       GetSanitizedFileName(params->default_file_name));
+#if defined(FULL_SAFE_BROWSING)
+  CheckDownloadRequestWithSafeBrowsing(default_file_path, std::move(params));
+#else
+  RunFileChooserOnUIThread(default_file_path, std::move(params));
+#endif
+}
 
 #if defined(FULL_SAFE_BROWSING)
+void FileSelectHelper::CheckDownloadRequestWithSafeBrowsing(
+    const base::FilePath& default_file_path,
+    std::unique_ptr<FileChooserParams> params) {
+  safe_browsing::SafeBrowsingService* sb_service =
+      g_browser_process->safe_browsing_service();
+
+  if (!sb_service || !sb_service->download_protection_service() ||
+      !sb_service->download_protection_service()->enabled()) {
+    RunFileChooserOnUIThread(default_file_path, std::move(params));
+    return;
+  }
+
   std::vector<base::FilePath::StringType> alternate_extensions;
   if (select_file_types_) {
-    for (const auto& extensions : select_file_types_->extensions) {
-      alternate_extensions.insert(alternate_extensions.end(),
-                                  extensions.begin(), extensions.end());
+    for (const auto& extensions_list : select_file_types_->extensions) {
+      for (const auto& extension_in_list : extensions_list) {
+        base::FilePath::StringType extension =
+            default_file_path.ReplaceExtension(extension_in_list)
+                .FinalExtension();
+        alternate_extensions.push_back(extension);
+      }
     }
   }
 
-  // Note that FileChooserParams::requestor is not considered a trusted field
-  // since it's provided by the renderer and not validated browserside.
-  if (params->mode == FileChooserParams::Save &&
-      (!params->default_file_name.empty() || !alternate_extensions.empty())) {
-    GURL requestor = params->requestor;
-    safe_browsing::CheckUnverifiedDownloadPolicy(
-        requestor, default_file_path, alternate_extensions,
-        base::Bind(&FileSelectHelper::ApplyUnverifiedDownloadPolicy, this,
-                   default_file_path, base::Passed(&params)));
-    return;
-  }
-#endif
-
-  RunFileChooserOnUIThread(default_file_path, std::move(params));
+  GURL requestor_url = params->requestor;
+  sb_service->download_protection_service()->CheckPPAPIDownloadRequest(
+      requestor_url, default_file_path, alternate_extensions,
+      base::Bind(&InterpretSafeBrowsingVerdict,
+                 base::Bind(&FileSelectHelper::ProceedWithSafeBrowsingVerdict,
+                            this, default_file_path, base::Passed(&params))));
 }
 
-#if defined(FULL_SAFE_BROWSING)
-void FileSelectHelper::ApplyUnverifiedDownloadPolicy(
-    const base::FilePath& default_path,
-    std::unique_ptr<FileChooserParams> params,
-    safe_browsing::UnverifiedDownloadPolicy policy) {
-  DCHECK(params);
-  if (policy == safe_browsing::UnverifiedDownloadPolicy::DISALLOWED) {
+void FileSelectHelper::ProceedWithSafeBrowsingVerdict(
+    const base::FilePath& default_file_path,
+    std::unique_ptr<content::FileChooserParams> params,
+    bool allowed_by_safe_browsing) {
+  if (!allowed_by_safe_browsing) {
     NotifyRenderViewHostAndEnd(std::vector<ui::SelectedFileInfo>());
     return;
   }
-
-  RunFileChooserOnUIThread(default_path, std::move(params));
+  RunFileChooserOnUIThread(default_file_path, std::move(params));
 }
 #endif
 

diff --git a/chrome/browser/file_select_helper.h b/chrome/browser/file_select_helper.h
@@ -21,10 +21,6 @@
 #include "net/base/directory_lister.h"
 #include "ui/shell_dialogs/select_file_dialog.h"
 
-#if defined(FULL_SAFE_BROWSING)
-#include "chrome/browser/safe_browsing/unverified_download_policy.h"
-#endif
-
 class Profile;
 
 namespace content {
@@ -101,10 +97,13 @@ class FileSelectHelper : public base::RefCountedThreadSafe<
   void GetSanitizedFilenameOnUIThread(
       std::unique_ptr<content::FileChooserParams> params);
 #if defined(FULL_SAFE_BROWSING)
-  void ApplyUnverifiedDownloadPolicy(
+  void CheckDownloadRequestWithSafeBrowsing(
+      const base::FilePath& default_path,
+      std::unique_ptr<content::FileChooserParams> params);
+  void ProceedWithSafeBrowsingVerdict(
       const base::FilePath& default_path,
       std::unique_ptr<content::FileChooserParams> params,
-      safe_browsing::UnverifiedDownloadPolicy policy);
+      bool allowed_by_safe_browsing);
 #endif
   void RunFileChooserOnUIThread(
       const base::FilePath& default_path,