| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <shlobj.h> | 5 #include <shlobj.h> |
| 6 #include <shobjidl.h> | 6 #include <shobjidl.h> |
| 7 | 7 |
| 8 #include "content/browser/safe_util_win.h" | 8 #include "content/browser/safe_util_win.h" |
| 9 | 9 |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
| 15 #include "base/win/scoped_comptr.h" | 15 #include "base/win/scoped_comptr.h" |
| 16 #include "ui/base/win/shell.h" | 16 #include "ui/base/win/shell.h" |
| 17 #include "url/gurl.h" | 17 #include "url/gurl.h" |
| 18 | 18 |
| 19 namespace content { | 19 namespace content { |
| 20 namespace { | 20 namespace { |
| 21 | 21 |
| 22 // This GUID is associated with any 'don't ask me again' settings that the | |
| 23 // user can select for different file types. | |
| 24 // {2676A9A2-D919-4fee-9187-152100393AB2} | |
| 25 static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee, | |
| 26 { 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } }; | |
| 27 | |
| 28 // Sets the Zone Identifier on the file to "Internet" (3). Returns true if the | 22 // Sets the Zone Identifier on the file to "Internet" (3). Returns true if the |
| 29 // function succeeds, false otherwise. A failure is expected on system where | 23 // function succeeds, false otherwise. A failure is expected on system where |
| 30 // the Zone Identifier is not supported, like a machine with a FAT32 filesystem. | 24 // the Zone Identifier is not supported, like a machine with a FAT32 filesystem. |
| 31 // This function does not invoke Windows Attachment Execution Services. | 25 // This function does not invoke Windows Attachment Execution Services. |
| 32 // | 26 // |
| 33 // |full_path| is the path to the downloaded file. | 27 // |full_path| is the path to the downloaded file. |
| 34 bool SetInternetZoneIdentifierDirectly(const base::FilePath& full_path) { | 28 bool SetInternetZoneIdentifierDirectly(const base::FilePath& full_path) { |
| 35 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; | 29 const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE; |
| 36 std::wstring path = full_path.value() + L":Zone.Identifier"; | 30 std::wstring path = full_path.value() + L":Zone.Identifier"; |
| 37 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL, | 31 HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 48 CloseHandle(file); | 42 CloseHandle(file); |
| 49 | 43 |
| 50 if (!result || !flush_result || written != kIdentifierSize) { | 44 if (!result || !flush_result || written != kIdentifierSize) { |
| 51 NOTREACHED(); | 45 NOTREACHED(); |
| 52 return false; | 46 return false; |
| 53 } | 47 } |
| 54 | 48 |
| 55 return true; | 49 return true; |
| 56 } | 50 } |
| 57 | 51 |
| 58 } | 52 } // namespace |
| 59 | 53 |
| 60 // This function implementation is based on the attachment execution | 54 HRESULT AVScanFile(const base::FilePath& full_path, |
| 61 // services functionally deployed with IE6 or Service pack 2. This | 55 const std::string& source_url, |
| 62 // functionality is exposed in the IAttachmentExecute COM interface. | 56 const GUID& client_guid) { |
| 63 // more information at: | |
| 64 // http://msdn2.microsoft.com/en-us/library/ms647048.aspx | |
| 65 bool SaferOpenItemViaShell(HWND hwnd, const std::wstring& window_title, | |
| 66 const base::FilePath& full_path, | |
| 67 const std::wstring& source_url) { | |
| 68 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; | |
| 69 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); | |
| 70 if (FAILED(hr)) { | |
| 71 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 | |
| 72 // Windows installation, or the thread does not have COM initialized. | |
| 73 if (hr == CO_E_NOTINITIALIZED) { | |
| 74 NOTREACHED(); | |
| 75 return false; | |
| 76 } | |
| 77 return ui::win::OpenItemViaShell(full_path); | |
| 78 } | |
| 79 | |
| 80 attachment_services->SetClientGuid(kClientID); | |
| 81 | |
| 82 if (!window_title.empty()) | |
| 83 attachment_services->SetClientTitle(window_title.c_str()); | |
| 84 | |
| 85 // To help windows decide if the downloaded file is dangerous we can provide | |
| 86 // what the documentation calls evidence. Which we provide now: | |
| 87 // | |
| 88 // Set the file itself as evidence. | |
| 89 hr = attachment_services->SetLocalPath(full_path.value().c_str()); | |
| 90 if (FAILED(hr)) | |
| 91 return false; | |
| 92 // Set the origin URL as evidence. | |
| 93 hr = attachment_services->SetSource(source_url.c_str()); | |
| 94 if (FAILED(hr)) | |
| 95 return false; | |
| 96 | |
| 97 // Now check the windows policy. | |
| 98 if (attachment_services->CheckPolicy() != S_OK) { | |
| 99 // It is possible that the above call returns an undocumented result | |
| 100 // equal to 0x800c000e which seems to indicate that the URL failed the | |
| 101 // the security check. If you proceed with the Prompt() call the | |
| 102 // Shell might show a dialog that says: | |
| 103 // "windows found that this file is potentially harmful. To help protect | |
| 104 // your computer, Windows has blocked access to this file." | |
| 105 // Upon dismissal of the dialog windows will delete the file (!!). | |
| 106 // So, we can 'return' in that case but maybe is best to let it happen to | |
| 107 // fail on the safe side. | |
| 108 | |
| 109 ATTACHMENT_ACTION action; | |
| 110 // We cannot control what the prompt says or does directly but it | |
| 111 // is a pretty decent dialog; for example, if an executable is signed it can | |
| 112 // decode and show the publisher and the certificate. | |
| 113 hr = attachment_services->Prompt(hwnd, ATTACHMENT_PROMPT_EXEC, &action); | |
| 114 if (FAILED(hr) || (ATTACHMENT_ACTION_CANCEL == action)) { | |
| 115 // The user has declined opening the item. | |
| 116 return false; | |
| 117 } | |
| 118 } | |
| 119 return ui::win::OpenItemViaShellNoZoneCheck(full_path); | |
| 120 } | |
| 121 | |
| 122 HRESULT ScanAndSaveDownloadedFile(const base::FilePath& full_path, | |
| 123 const GURL& source_url) { | |
| 124 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; | 57 base::win::ScopedComPtr<IAttachmentExecute> attachment_services; |
| 125 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); | 58 HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices); |
| 126 | 59 |
| 127 if (FAILED(hr)) { | 60 if (FAILED(hr)) { |
| 128 // The thread must have COM initialized. | 61 // The thread must have COM initialized. |
| 129 DCHECK_NE(CO_E_NOTINITIALIZED, hr); | 62 DCHECK_NE(CO_E_NOTINITIALIZED, hr); |
| 130 | 63 |
| 131 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 | 64 // We don't have Attachment Execution Services, it must be a pre-XP.SP2 |
| 132 // Windows installation, or the thread does not have COM initialized. Try to | 65 // Windows installation, or the thread does not have COM initialized. Try to |
| 133 // set the zone information directly. Failure is not considered an error. | 66 // set the zone information directly. Failure is not considered an error. |
| 134 SetInternetZoneIdentifierDirectly(full_path); | 67 SetInternetZoneIdentifierDirectly(full_path); |
| 135 return hr; | 68 return hr; |
| 136 } | 69 } |
| 137 | 70 |
| 138 hr = attachment_services->SetClientGuid(kClientID); | 71 if (!IsEqualGUID(client_guid, GUID_NULL)) { |
| 139 if (FAILED(hr)) | 72 hr = attachment_services->SetClientGuid(client_guid); |
| 140 return hr; | 73 if (FAILED(hr)) |
| 74 return hr; |
| 75 } |
| 141 | 76 |
| 142 hr = attachment_services->SetLocalPath(full_path.value().c_str()); | 77 hr = attachment_services->SetLocalPath(full_path.value().c_str()); |
| 143 if (FAILED(hr)) | 78 if (FAILED(hr)) |
| 144 return hr; | 79 return hr; |
| 145 | 80 |
| 146 hr = attachment_services->SetSource(UTF8ToWide(source_url.spec()).c_str()); | 81 // Note: SetSource looks like it needs to be called, even if empty. |
| 82 // Docs say it is optional, but it appears not calling it at all sets |
| 83 // a zone that is too restrictive. |
| 84 hr = attachment_services->SetSource(UTF8ToWide(source_url).c_str()); |
| 147 if (FAILED(hr)) | 85 if (FAILED(hr)) |
| 148 return hr; | 86 return hr; |
| 149 | 87 |
| 150 // A failure in the Save() call below could result in the downloaded file | 88 // A failure in the Save() call below could result in the downloaded file |
| 151 // being deleted. | 89 // being deleted. |
| 152 return attachment_services->Save(); | 90 return attachment_services->Save(); |
| 153 } | 91 } |
| 154 | 92 |
| 155 } // namespace content | 93 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 21355004:
[Downloads] Move client guid for AV scanning of downloaded files to chrome/ (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src