Safebrowsing check file extensions that open in IE.

Also add UMA values for some extra extensions.

BUG=547908

Review URL: https://codereview.chromium.org/1429523002

Cr-Commit-Position: refs/heads/master@{#357009}

chrome/browser/download/download_extensions.cc

@@ -67,6 +67,9 @@ const struct FileType {
     // installation.
     {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
+    // Included for parity with kSafeBrowsingFileTypes.
+    {"bin", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
+
     // Windows, all file categories. The list is in alphabetical order of
     // extensions. Exceptions are made for logical groupings of file types.
     //
@@ -172,9 +175,20 @@ const struct FileType {
     // Microsoft IIS Internet Communication Settings.
     {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
+    // InstallShield Compiled Script.
+    {"inx", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // InstallShield Uninstaller Script.
+    {"isu", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     // Microsoft IIS Internet Service Provider Settings.
     {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
+    // Windows Task Scheduler Job file. No handler is registered by default, so
+    // this is probably normally not dangerous unless saved into the task
+    // scheduler directory.
+    {"job", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     // JavaScript file. May open using Windows Script Host with user level
     // privileges.
     {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
@@ -228,6 +242,17 @@ const struct FileType {
     // Microsoft Office Profile Settings File.
     {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
+    // Portable Application Installer File.
+    {"paf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Extensions that will open in IE even when chrome is set as default
+    // browser.
+    {"partial", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"xrm-ms", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"svg", NOT_DANGEROUS, ALLOW_AUTO_OPEN},
+    {"xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"xsl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     // Microsoft Visual Test.
     {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
@@ -262,6 +287,9 @@ const struct FileType {
     // DISALLOW_AUTO_OPEN restriction.
     {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 
+    // Registry Script Windows.
+    {"rgs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     // Microsoft Windows Explorer Command.
     // See https://support.microsoft.com/kb/190355 for an example.
     {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
@@ -285,6 +313,9 @@ const struct FileType {
     // types of files.
     {"sys", DANGEROUS, DISALLOW_AUTO_OPEN},
 
+    // U3 Smart Application.
+    {"u3p", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     // Internet Shortcut (new since IE9). Both .url and .website are .ini files
     // that describe a shortcut that points to a URL. They can point at
     // anything. Dropping a download of this type and opening it automatically
@@ -297,6 +328,8 @@ const struct FileType {
     {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
     {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
     {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    // Some sites claim .vbscript is a valid extension for vbs files.
+    {"vbscript", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 
     {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
 
@@ -351,7 +384,13 @@ const struct FileType {
     {"tcsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 #if defined(OS_MACOSX)
+    // Automator Action.
+    {"action", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
     {"command", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // Automator Workflow.
+    {"workflow", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 
   // Package management formats. OS_WIN package formats are handled above.
@@ -361,6 +400,12 @@ const struct FileType {
 #if defined(OS_LINUX)
     {"deb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
     {"rpm", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+
+    // "common" executable file extensions for linux. There's not really much
+    // reason to block since they require execute bit to actually run. Included
+    // for histograms and to match kSafeBrowsingFileTypes.
+    {"out", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
+    {"run", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
 #endif
 #if defined(OS_ANDROID)
     {"dex", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},

chrome/common/safe_browsing/download_protection_util.cc

@@ -174,6 +174,24 @@ enum SBClientDownloadExtensions {
   EXTENSION_TAZ,
   EXTENSION_TBZ,
   EXTENSION_TBZ2,
+  EXTENSION_PARTIAL,
+  EXTENSION_SVG,
+  EXTENSION_XML,
+  EXTENSION_XRM_MS,
+  EXTENSION_XSL,
+  EXTENSION_ACTION,
+  EXTENSION_BIN,
+  EXTENSION_INX,
+  EXTENSION_IPA,
+  EXTENSION_ISU,
+  EXTENSION_JOB,
+  EXTENSION_OUT,
+  EXTENSION_PAD,
+  EXTENSION_PAF,
+  EXTENSION_RGS,
+  EXTENSION_U3P,
+  EXTENSION_VBSCRIPT,
+  EXTENSION_WORKFLOW,
 
   // New values go above this one.
   EXTENSION_MAX
@@ -189,6 +207,7 @@ struct SafeBrowsingFiletype {
 const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     // KEEP THIS LIST SORTED!
     {FILE_PATH_LITERAL(".7z"), EXTENSION_7Z, true, true},
+    {FILE_PATH_LITERAL(".action"), EXTENSION_ACTION, false, false},  // UMA.
     {FILE_PATH_LITERAL(".ade"), EXTENSION_ADE, true, false},
     {FILE_PATH_LITERAL(".adp"), EXTENSION_ADP, true, false},
     {FILE_PATH_LITERAL(".apk"), EXTENSION_APK, true, false},
@@ -201,6 +220,7 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".bas"), EXTENSION_BAS, true, false},
     {FILE_PATH_LITERAL(".bash"), EXTENSION_BASH, true, false},
     {FILE_PATH_LITERAL(".bat"), EXTENSION_BAT, true, false},
+    {FILE_PATH_LITERAL(".bin"), EXTENSION_BIN, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".bz2"), EXTENSION_BZ2, true, true},
     {FILE_PATH_LITERAL(".bzip2"), EXTENSION_BZIP2, true, true},
     {FILE_PATH_LITERAL(".cab"), EXTENSION_CAB, true, true},
@@ -235,9 +255,13 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".inf"), EXTENSION_INF, true, false},
     {FILE_PATH_LITERAL(".ini"), EXTENSION_INI, true, false},
     {FILE_PATH_LITERAL(".ins"), EXTENSION_INS, true, false},
+    {FILE_PATH_LITERAL(".inx"), EXTENSION_INX, false, false},  // UMA only.
+    {FILE_PATH_LITERAL(".ipa"), EXTENSION_IPA, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".isp"), EXTENSION_ISP, true, false},
+    {FILE_PATH_LITERAL(".isu"), EXTENSION_ISU, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".jar"), EXTENSION_JAR, true, false},
     {FILE_PATH_LITERAL(".jnlp"), EXTENSION_JNLP, true, false},
+    {FILE_PATH_LITERAL(".job"), EXTENSION_JOB, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".js"), EXTENSION_JS, true, false},
     {FILE_PATH_LITERAL(".jse"), EXTENSION_JSE, true, false},
     {FILE_PATH_LITERAL(".ksh"), EXTENSION_KSH, true, false},
@@ -281,6 +305,10 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".ocx"), EXTENSION_OCX, true, false},
     {FILE_PATH_LITERAL(".ops"), EXTENSION_OPS, true, false},
     {FILE_PATH_LITERAL(".osx"), EXTENSION_OSX, true, false},
+    {FILE_PATH_LITERAL(".out"), EXTENSION_OUT, false, false},  // UMA only.
+    {FILE_PATH_LITERAL(".pad"), EXTENSION_PAD, false, false},  // UMA only.
+    {FILE_PATH_LITERAL(".paf"), EXTENSION_PAF, false, false},  // UMA only.
+    {FILE_PATH_LITERAL(".partial"), EXTENSION_PARTIAL, true, false},
     {FILE_PATH_LITERAL(".pcd"), EXTENSION_PCD, true, false},
     {FILE_PATH_LITERAL(".pif"), EXTENSION_PIF, true, false},
     {FILE_PATH_LITERAL(".pkg"), EXTENSION_PKG, true, false},
@@ -301,6 +329,7 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".rar"), EXTENSION_RAR, true, true},
     {FILE_PATH_LITERAL(".rb"), EXTENSION_RB, true, false},
     {FILE_PATH_LITERAL(".reg"), EXTENSION_REG, true, false},
+    {FILE_PATH_LITERAL(".rgs"), EXTENSION_RGS, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".rpm"), EXTENSION_RPM, true, false},
     {FILE_PATH_LITERAL(".scf"), EXTENSION_SCF, true, false},
     {FILE_PATH_LITERAL(".scr"), EXTENSION_SCR, true, false},
@@ -310,6 +339,7 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".shb"), EXTENSION_SHB, true, false},
     {FILE_PATH_LITERAL(".shs"), EXTENSION_SHS, true, false},
     {FILE_PATH_LITERAL(".spl"), EXTENSION_SPL, true, false},
+    {FILE_PATH_LITERAL(".svg"), EXTENSION_SVG, true, false},
     {FILE_PATH_LITERAL(".swf"), EXTENSION_SWF, true, false},
     {FILE_PATH_LITERAL(".sys"), EXTENSION_SYS, true, false},
     {FILE_PATH_LITERAL(".tar"), EXTENSION_TAR, true, true},
@@ -319,10 +349,12 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".tcsh"), EXTENSION_TCSH, true, false},
     {FILE_PATH_LITERAL(".tgz"), EXTENSION_TGZ, true, true},
     {FILE_PATH_LITERAL(".torrent"), EXTENSION_TORRENT, true, false},
+    {FILE_PATH_LITERAL(".u3p"), EXTENSION_U3P, false, false},  // UMA only.
     {FILE_PATH_LITERAL(".url"), EXTENSION_URL, true, false},
     {FILE_PATH_LITERAL(".vb"), EXTENSION_VB, true, false},
     {FILE_PATH_LITERAL(".vbe"), EXTENSION_VBE, true, false},
     {FILE_PATH_LITERAL(".vbs"), EXTENSION_VBS, true, false},
+    {FILE_PATH_LITERAL(".vbscript"), EXTENSION_VBSCRIPT, false, false},  // UMA.
     {FILE_PATH_LITERAL(".vsd"), EXTENSION_VSD, true, false},
     {FILE_PATH_LITERAL(".vsmacros"), EXTENSION_VSMACROS, true, false},
     {FILE_PATH_LITERAL(".vss"), EXTENSION_VSS, true, false},
@@ -330,12 +362,16 @@ const SafeBrowsingFiletype kSafeBrowsingFileTypes[] = {
     {FILE_PATH_LITERAL(".vsw"), EXTENSION_VSW, true, false},
     {FILE_PATH_LITERAL(".website"), EXTENSION_WEBSITE, true, false},
     {FILE_PATH_LITERAL(".wim"), EXTENSION_WIM, true, true},
+    {FILE_PATH_LITERAL(".workflow"), EXTENSION_WORKFLOW, false, false},  // UMA.
     {FILE_PATH_LITERAL(".ws"), EXTENSION_WS, true, false},
     {FILE_PATH_LITERAL(".wsc"), EXTENSION_WSC, true, false},
     {FILE_PATH_LITERAL(".wsf"), EXTENSION_WSF, true, false},
     {FILE_PATH_LITERAL(".wsh"), EXTENSION_WSH, true, false},
     {FILE_PATH_LITERAL(".xbap"), EXTENSION_XBAP, true, false},
+    {FILE_PATH_LITERAL(".xml"), EXTENSION_XML, true, false},
     {FILE_PATH_LITERAL(".xnk"), EXTENSION_XNK, true, false},
+    {FILE_PATH_LITERAL(".xrm-ms"), EXTENSION_XRM_MS, true, false},
+    {FILE_PATH_LITERAL(".xsl"), EXTENSION_XSL, true, false},
     {FILE_PATH_LITERAL(".xz"), EXTENSION_XZ, true, true},
     {FILE_PATH_LITERAL(".z"), EXTENSION_Z, true, true},
     {FILE_PATH_LITERAL(".zip"), EXTENSION_ZIP, true, true},

content/browser/download/download_stats.cc

@@ -213,6 +213,24 @@ const base::FilePath::CharType* kDangerousFileTypes[] = {
   FILE_PATH_LITERAL(".gadget"),
   FILE_PATH_LITERAL(".efi"),
   FILE_PATH_LITERAL(".fon"),
+  FILE_PATH_LITERAL(".partial"),
+  FILE_PATH_LITERAL(".svg"),
+  FILE_PATH_LITERAL(".xml"),
+  FILE_PATH_LITERAL(".xrm_ms"),
+  FILE_PATH_LITERAL(".xsl"),
+  FILE_PATH_LITERAL(".action"),
+  FILE_PATH_LITERAL(".bin"),
+  FILE_PATH_LITERAL(".inx"),
+  FILE_PATH_LITERAL(".ipa"),
+  FILE_PATH_LITERAL(".isu"),
+  FILE_PATH_LITERAL(".job"),
+  FILE_PATH_LITERAL(".out"),
+  FILE_PATH_LITERAL(".pad"),
+  FILE_PATH_LITERAL(".paf"),
+  FILE_PATH_LITERAL(".rgs"),
+  FILE_PATH_LITERAL(".u3p"),
+  FILE_PATH_LITERAL(".vbscript"),
+  FILE_PATH_LITERAL(".workflow"),
 };
 
 // Maps extensions to their matching UMA histogram int value.

tools/metrics/histograms/histograms.xml

@@ -56485,6 +56485,24 @@ http://cs/file:chrome/histograms.xml - but prefer this file for new entries.
   <int value="138" label="gadget"/>
   <int value="139" label="efi"/>
   <int value="140" label="fon"/>
+  <int value="141" label="partial"/>
+  <int value="142" label="svg"/>
+  <int value="143" label="xml"/>
+  <int value="144" label="xrm_ms"/>
+  <int value="145" label="xsl"/>
+  <int value="146" label="action"/>
+  <int value="147" label="bin"/>
+  <int value="148" label="inx"/>
+  <int value="149" label="ipa"/>
+  <int value="150" label="isu"/>
+  <int value="151" label="job"/>
+  <int value="152" label="out"/>
+  <int value="153" label="pad"/>
+  <int value="154" label="paf"/>
+  <int value="155" label="rgs"/>
+  <int value="156" label="u3p"/>
+  <int value="157" label="vbscript"/>
+  <int value="158" label="workflow"/>
 </enum>
 
 <enum name="DownloadItem.DangerType" type="int">
@@ -71611,6 +71629,24 @@ To add a new entry, add it with any value and run test to compute valid value.
   <int value="150" label="TAZ"/>
   <int value="151" label="TBZ"/>
   <int value="152" label="TBZ2"/>
+  <int value="153" label="PARTIAL"/>
+  <int value="154" label="SVG"/>
+  <int value="155" label="XML"/>
+  <int value="156" label="XRM_MS"/>
+  <int value="157" label="XSL"/>
+  <int value="158" label="ACTION"/>
+  <int value="159" label="BIN"/>
+  <int value="160" label="INX"/>
+  <int value="161" label="IPA"/>
+  <int value="162" label="ISU"/>
+  <int value="163" label="JOB"/>
+  <int value="164" label="OUT"/>
+  <int value="165" label="PAD"/>
+  <int value="166" label="PAF"/>
+  <int value="167" label="RGS"/>
+  <int value="168" label="U3P"/>
+  <int value="169" label="VBSCRIPT"/>
+  <int value="170" label="WORKFLOW"/>
 </enum>
 
 <enum name="SBClientDownloadIsSignedBinary" type="int">