Properly encode raw digest of a download to make it UTF8 safe

DownloadItem::GetHash() returns raw SHA-256 hash that is not hex encoded. This may cause DCHCEK failure when passing on the DangerousDownloadInfo::ToValue() since the raw hash may not be UTF8. Therefore, this CL HexEncode the raw sha256 first before passing onto the event router. Bug: 846156,796087 Change-Id: Iab51535d7de0b37841851b4887ffca9cf099bd39 Reviewed-on: https://chromium-review.googlesource.com/1079436Reviewed-by: Varun Khaneja <vakh@chromium.org> Commit-Queue: Varun Khaneja <vakh@chromium.org> Commit-Queue: Jialiu Lin <jialiul@chromium.org> Cr-Commit-Position: refs/heads/master@{#563039}

Properly encode raw digest of a download to make it UTF8 safe
DownloadItem::GetHash() returns raw SHA-256 hash that is not hex encoded. This may cause DCHCEK failure when passing on the DangerousDownloadInfo::ToValue() since the raw hash may not be UTF8. Therefore, this CL HexEncode the raw sha256 first before passing onto the event router. Bug: 846156,796087 Change-Id: Iab51535d7de0b37841851b4887ffca9cf099bd39 Reviewed-on: https://chromium-review.googlesource.com/1079436Reviewed-by: Varun Khaneja <vakh@chromium.org> Commit-Queue: Varun Khaneja <vakh@chromium.org> Commit-Queue: Jialiu Lin <jialiul@chromium.org> Cr-Commit-Position: refs/heads/master@{#563039}
99dd319a · Jialiu Lin · Commit Bot · a7235f97 · 99dd319a · 99dd319a
Commit 99dd319a authored May 30, 2018 by Jialiu Lin Committed by Commit Bot May 30, 2018
2 changed files
--- a/chrome/browser/safe_browsing/download_protection/download_protection_service.cc
+++ b/chrome/browser/safe_browsing/download_protection/download_protection_service.cc
@@ -498,10 +498,12 @@ void DownloadProtectionService::OnDangerousDownloadOpened(
      signin_manager ? signin_manager->GetAuthenticatedAccountInfo().email
                     : std::string();

+  std::string raw_digest_sha256 = item->GetHash();
  extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
-      ->OnDangerousDownloadOpened(item->GetURL(),
-                                  item->GetTargetFilePath().AsUTF8Unsafe(),
-                                  item->GetHash(), username);
+      ->OnDangerousDownloadOpened(
+          item->GetURL(), item->GetTargetFilePath().AsUTF8Unsafe(),
+          base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
+          username);
 }

 }  // namespace safe_browsing
--- a/chrome/browser/safe_browsing/download_protection/download_protection_service_unittest.cc
+++ b/chrome/browser/safe_browsing/download_protection/download_protection_service_unittest.cc
@@ -2528,7 +2528,8 @@ TEST_F(DownloadProtectionServiceTest, VerifyDangerousDownloadOpenedAPICall) {
  auto captured_args = event_observer.PassEventArgs().GetList()[0].Clone();
  EXPECT_EQ("http://example.com/a.exe",
            captured_args.FindKey("url")->GetString());
-  EXPECT_EQ(hash, captured_args.FindKey("downloadDigestSha256")->GetString());
+  EXPECT_EQ(base::HexEncode(hash.data(), hash.size()),
+            captured_args.FindKey("downloadDigestSha256")->GetString());
  EXPECT_EQ(target_path.MaybeAsASCII(),
            captured_args.FindKey("fileName")->GetString());