Add a few more file types variants on MDB and CRT.

This CL adds a few variants on the MDB and CRT extension to download_file_types.asciipb, so that they have reasonable failure behavior in the event Safe Browsing is unavailable. Fixed: 1022257, 1022265, 1022732, 1022737, 1022316 Change-Id: I01cd8f79c6ac7b061acdcdf95533e80406074f26 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1911283 Auto-Submit: Daniel Rubery <drubery@chromium.org> Commit-Queue: Varun Khaneja <vakh@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Cr-Commit-Position: refs/heads/master@{#714820}

Add a few more file types variants on MDB and CRT.
This CL adds a few variants on the MDB and CRT extension to download_file_types.asciipb, so that they have reasonable failure behavior in the event Safe Browsing is unavailable. Fixed: 1022257, 1022265, 1022732, 1022737, 1022316 Change-Id: I01cd8f79c6ac7b061acdcdf95533e80406074f26 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1911283 Auto-Submit: Daniel Rubery <drubery@chromium.org> Commit-Queue: Varun Khaneja <vakh@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Cr-Commit-Position: refs/heads/master@{#714820}
5badceb5 · Daniel Rubery · Commit Bot · b5c398b5 · 5badceb5 · 5badceb5
Commit 5badceb5 authored Nov 13, 2019 by Daniel Rubery Committed by Commit Bot Nov 13, 2019
3 changed files
--- a/chrome/browser/resources/safe_browsing/download_file_types.asciipb
+++ b/chrome/browser/resources/safe_browsing/download_file_types.asciipb
@@ -8,7 +8,7 @@
 ##
 ## Top level settings
 ##
-version_id: 38
+version_id: 39
 sampled_ping_probability: 0.01
 max_archived_binaries_to_report: 10
 default_file_type {
@@ -1235,6 +1235,42 @@ file_types {
    auto_open_hint: ALLOW_AUTO_OPEN
  }
 }
+file_types {
+  # MS Access database
+  # Similar to mdb
+  extension: "accde"
+  uma_value: 389
+  ping_setting: FULL_PING
+  platform_settings {
+    platform: PLATFORM_WINDOWS
+    danger_level: ALLOW_ON_USER_GESTURE
+    auto_open_hint: ALLOW_AUTO_OPEN
+  }
+}
+file_types {
+  # MS Access database
+  # Similar to mdb
+  extension: "accdr"
+  uma_value: 390
+  ping_setting: FULL_PING
+  platform_settings {
+    platform: PLATFORM_WINDOWS
+    danger_level: ALLOW_ON_USER_GESTURE
+    auto_open_hint: ALLOW_AUTO_OPEN
+  }
+}
+file_types {
+  # MS Access database
+  # Similar to mdb
+  extension: "accda"
+  uma_value: 391
+  ping_setting: FULL_PING
+  platform_settings {
+    platform: PLATFORM_WINDOWS
+    danger_level: ALLOW_ON_USER_GESTURE
+    auto_open_hint: ALLOW_AUTO_OPEN
+  }
+}
 file_types {
  # ActiveX Control
  extension: "ocx"
@@ -2011,6 +2047,28 @@ file_types {
    auto_open_hint: ALLOW_AUTO_OPEN
  }
 }
+file_types {
+  # Signed certificate file.
+  extension: "cer"
+  uma_value: 392
+  ping_setting: FULL_PING
+  platform_settings {
+    platform: PLATFORM_WINDOWS
+    danger_level: ALLOW_ON_USER_GESTURE
+    auto_open_hint: ALLOW_AUTO_OPEN
+  }
+}
+file_types {
+  # Signed certificate file.
+  extension: "der"
+  uma_value: 393
+  ping_setting: FULL_PING
+  platform_settings {
+    platform: PLATFORM_WINDOWS
+    danger_level: ALLOW_ON_USER_GESTURE
+    auto_open_hint: ALLOW_AUTO_OPEN
+  }
+}
 file_types {
  # HTML-like file. This extension can be abused by UwS campaigns to evade
  # referrer attribution via a two-level download scheme. crbug.com/719784

--- a/components/download/internal/common/download_stats.cc
+++ b/components/download/internal/common/download_stats.cc
@@ -472,6 +472,11 @@ constexpr const base::FilePath::CharType* kDangerousFileTypes[] = {
    FILE_PATH_LITERAL(".webm"),             // 386
    FILE_PATH_LITERAL(".xbm"),              // 387
    FILE_PATH_LITERAL(".accdb"),            // 388
+    FILE_PATH_LITERAL(".accde"),            // 389
+    FILE_PATH_LITERAL(".accdr"),            // 390
+    FILE_PATH_LITERAL(".accda"),            // 391
+    FILE_PATH_LITERAL(".cer"),              // 392
+    FILE_PATH_LITERAL(".der"),              // 393
    // NOTE! When you add a type here, please add the UMA value as a comment.
    // These must all match DownloadItem.DangerousFileType in
    // enums.xml. From 263 onward, they should also match

--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -15887,6 +15887,11 @@ Called by update_net_error_codes.py.-->
  <int value="386" label="webm"/>
  <int value="387" label="xbm"/>
  <int value="388" label="accdb"/>
+  <int value="389" label="accde"/>
+  <int value="390" label="accdr"/>
+  <int value="391" label="accda"/>
+  <int value="392" label="cer"/>
+  <int value="393" label="der"/>
 </enum>

 <enum name="DownloadItem.DangerType">
@@ -55426,6 +55431,11 @@ Called by update_net_trust_anchors.py.-->
  <int value="386" label="WEBM"/>
  <int value="387" label="XBM"/>
  <int value="388" label="ACCDB"/>
+  <int value="389" label="ACCDE"/>
+  <int value="390" label="ACCDR"/>
+  <int value="391" label="ACCDA"/>
+  <int value="392" label="CER"/>
+  <int value="393" label="DER"/>
 </enum>

 <enum name="SBClientDownloadIsSignedBinary">