Chromium Code Reviews Chromium Code Reviews
Issue 9762002:
Disable downloads from "file:" or "data:" URLs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <sstream> | 5 #include <sstream> |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 11 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/scoped_temp_dir.h" | 13 #include "base/scoped_temp_dir.h" |
| 14 #include "base/stl_util.h" | 14 #include "base/stl_util.h" |
| 15 #include "base/stringprintf.h" | 15 #include "base/stringprintf.h" |
| 16 #include "base/test/test_file_util.h" | 16 #include "base/test/test_file_util.h" |
| 17 #include "base/test/thread_test_helper.h" | |
| 17 #include "base/utf_string_conversions.h" | 18 #include "base/utf_string_conversions.h" |
| 18 #include "chrome/app/chrome_command_ids.h" | 19 #include "chrome/app/chrome_command_ids.h" |
| 19 #include "chrome/browser/browser_process.h" | 20 #include "chrome/browser/browser_process.h" |
| 20 #include "chrome/browser/cancelable_request.h" | 21 #include "chrome/browser/cancelable_request.h" |
| 21 #include "chrome/browser/download/chrome_download_manager_delegate.h" | 22 #include "chrome/browser/download/chrome_download_manager_delegate.h" |
| 22 #include "chrome/browser/download/download_crx_util.h" | 23 #include "chrome/browser/download/download_crx_util.h" |
| 23 #include "chrome/browser/download/download_history.h" | 24 #include "chrome/browser/download/download_history.h" |
| 24 #include "chrome/browser/download/download_prefs.h" | 25 #include "chrome/browser/download/download_prefs.h" |
| 25 #include "chrome/browser/download/download_request_limiter.h" | 26 #include "chrome/browser/download/download_request_limiter.h" |
| 26 #include "chrome/browser/download/download_service.h" | 27 #include "chrome/browser/download/download_service.h" |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 38 #include "chrome/browser/ui/browser.h" | 39 #include "chrome/browser/ui/browser.h" |
| 39 #include "chrome/browser/ui/browser_list.h" | 40 #include "chrome/browser/ui/browser_list.h" |
| 40 #include "chrome/browser/ui/browser_window.h" | 41 #include "chrome/browser/ui/browser_window.h" |
| 41 #include "chrome/browser/ui/webui/chromeos/active_downloads_ui.h" | 42 #include "chrome/browser/ui/webui/chromeos/active_downloads_ui.h" |
| 42 #include "chrome/common/chrome_notification_types.h" | 43 #include "chrome/common/chrome_notification_types.h" |
| 43 #include "chrome/common/chrome_paths.h" | 44 #include "chrome/common/chrome_paths.h" |
| 44 #include "chrome/common/pref_names.h" | 45 #include "chrome/common/pref_names.h" |
| 45 #include "chrome/common/url_constants.h" | 46 #include "chrome/common/url_constants.h" |
| 46 #include "chrome/test/base/in_process_browser_test.h" | 47 #include "chrome/test/base/in_process_browser_test.h" |
| 47 #include "chrome/test/base/ui_test_utils.h" | 48 #include "chrome/test/base/ui_test_utils.h" |
| 49 #include "content/public/browser/browser_thread.h" | |
| 48 #include "content/public/browser/download_item.h" | 50 #include "content/public/browser/download_item.h" |
| 49 #include "content/public/browser/download_manager.h" | 51 #include "content/public/browser/download_manager.h" |
| 50 #include "content/public/browser/download_persistent_store_info.h" | 52 #include "content/public/browser/download_persistent_store_info.h" |
| 51 #include "content/public/browser/download_save_info.h" | 53 #include "content/public/browser/download_save_info.h" |
| 52 #include "content/public/browser/notification_source.h" | 54 #include "content/public/browser/notification_source.h" |
| 53 #include "content/public/browser/render_view_host.h" | 55 #include "content/public/browser/render_view_host.h" |
| 54 #include "content/public/browser/resource_context.h" | 56 #include "content/public/browser/resource_context.h" |
| 55 #include "content/public/browser/web_contents.h" | 57 #include "content/public/browser/web_contents.h" |
| 56 #include "content/public/common/context_menu_params.h" | 58 #include "content/public/common/context_menu_params.h" |
| 57 #include "content/public/common/page_transition_types.h" | 59 #include "content/public/common/page_transition_types.h" |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 308 enum SizeTestType { | 310 enum SizeTestType { |
| 309 SIZE_TEST_TYPE_KNOWN, | 311 SIZE_TEST_TYPE_KNOWN, |
| 310 SIZE_TEST_TYPE_UNKNOWN, | 312 SIZE_TEST_TYPE_UNKNOWN, |
| 311 }; | 313 }; |
| 312 | 314 |
| 313 // Location of the file source (the place from which it is downloaded). | 315 // Location of the file source (the place from which it is downloaded). |
| 314 FilePath OriginFile(FilePath file) { | 316 FilePath OriginFile(FilePath file) { |
| 315 return test_dir_.Append(file); | 317 return test_dir_.Append(file); |
| 316 } | 318 } |
| 317 | 319 |
| 320 GURL OriginFileUrl(FilePath file) { | |
| 321 std::string file_str = test_dir_.Append(file).MaybeAsASCII(); | |
| 322 DCHECK(!file_str.empty()); // We only expect ASCII paths in tests. | |
| 323 return GURL("file://" + file_str); | |
| 324 } | |
| 325 | |
| 318 // Location of the file destination (place to which it is downloaded). | 326 // Location of the file destination (place to which it is downloaded). |
| 319 FilePath DestinationFile(Browser* browser, FilePath file) { | 327 FilePath DestinationFile(Browser* browser, FilePath file) { |
| 320 return GetDownloadDirectory(browser).Append(file); | 328 return GetDownloadDirectory(browser).Append(file); |
| 321 } | 329 } |
| 322 | 330 |
| 323 // Must be called after browser creation. Creates a temporary | 331 // Must be called after browser creation. Creates a temporary |
| 324 // directory for downloads that is auto-deleted on destruction. | 332 // directory for downloads that is auto-deleted on destruction. |
| 325 // Returning false indicates a failure of the function, and should be asserted | 333 // Returning false indicates a failure of the function, and should be asserted |
| 326 // in the caller. | 334 // in the caller. |
| 327 bool CreateAndSetDownloadsDirectory(Browser* browser) { | 335 bool CreateAndSetDownloadsDirectory(Browser* browser) { |
| (...skipping 2132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2460 | 2468 |
| 2461 DownloadTestObserver* observer(DangerousDownloadWaiter( | 2469 DownloadTestObserver* observer(DangerousDownloadWaiter( |
| 2462 browser(), 1, DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT)); | 2470 browser(), 1, DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_ACCEPT)); |
| 2463 ui_test_utils::NavigateToURL(browser(), blob_url); | 2471 ui_test_utils::NavigateToURL(browser(), blob_url); |
| 2464 observer->WaitForFinished(); | 2472 observer->WaitForFinished(); |
| 2465 blob_controller->RemoveBlob(blob_url); | 2473 blob_controller->RemoveBlob(blob_url); |
| 2466 | 2474 |
| 2467 EXPECT_EQ(1u, observer->NumDownloadsSeenInState(DownloadItem::COMPLETE)); | 2475 EXPECT_EQ(1u, observer->NumDownloadsSeenInState(DownloadItem::COMPLETE)); |
| 2468 EXPECT_EQ(1u, observer->NumDangerousDownloadsSeen()); | 2476 EXPECT_EQ(1u, observer->NumDangerousDownloadsSeen()); |
| 2469 } | 2477 } |
| 2478 | |
| 2479 IN_PROC_BROWSER_TEST_F(DownloadTest, TestFileDataBlocker) { | |
| 2480 ASSERT_TRUE(InitialSetup(false)); | |
| 2481 FilePath file(FILE_PATH_LITERAL("download-test1.lib")); | |
| 2482 GURL urls[] = { | |
| 2483 // file: URL | |
| 2484 OriginFileUrl(file), | |
| 2485 | |
| 2486 // data: URL | |
| 2487 GURL("data:application/octet-stream,abcdefghijklmnop%01%02%03l") | |
| 2488 }; | |
| 2489 | |
| 2490 for (size_t i = 0; i < arraysize(urls); i++) { | |
|
ahendrickson
2012/03/20 19:56:35
Nit: Use ARRAYSIZE_UNSAFE()?
Randy Smith (Not in Mondays)
2012/03/21 19:48:36
Andy and I talked offline, and agreed that by the
| |
| 2491 // Navigate & block until navigation is done. | |
| 2492 ui_test_utils::NavigateToURLWithDisposition( | |
| 2493 browser(), urls[i], CURRENT_TAB, | |
| 2494 ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION); | |
| 2495 | |
| 2496 // Do a round trip to the IO thread to increase chances of any download | |
| 2497 // showing up on the UI thread. | |
| 2498 scoped_refptr<base::ThreadTestHelper> flushIO( | |
| 2499 new base::ThreadTestHelper( | |
| 2500 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO))); | |
| 2501 | |
| 2502 ASSERT_TRUE(flushIO->Run()); | |
| 2503 | |
| 2504 // Confirm no downloads | |
| 2505 std::vector<DownloadItem*> downloads; | |
| 2506 GetDownloads(browser(), &downloads); | |
| 2507 EXPECT_EQ(0u, downloads.size()); | |
| 2508 | |
| 2509 DownloadManagerForBrowser(browser())->RemoveAllDownloads(); | |
| 2510 | |
| 2511 // Try the same thing with a direct download. Also check that the | |
| 2512 // callback gives the right error. | |
| 2513 WebContents* web_contents = browser()->GetSelectedWebContents(); | |
| 2514 ASSERT_TRUE(web_contents); | |
| 2515 scoped_refptr<DownloadTestItemCreationObserver> creation_observer( | |
| 2516 new DownloadTestItemCreationObserver); | |
| 2517 // Only for cleanup if a download is actually created. | |
| 2518 DownloadTestObserverTerminal backup_observer( | |
| 2519 DownloadManagerForBrowser(browser()), | |
| 2520 1, | |
| 2521 false, | |
| 2522 DownloadTestObserver::ON_DANGEROUS_DOWNLOAD_FAIL); | |
| 2523 | |
| 2524 DownloadManagerForBrowser(browser())->DownloadUrl( | |
| 2525 urls[i], GURL(), "", false, -1, content::DownloadSaveInfo(), | |
| 2526 web_contents, creation_observer->callback()); | |
| 2527 | |
| 2528 creation_observer->WaitForDownloadItemCreation(); | |
| 2529 | |
| 2530 EXPECT_FALSE(creation_observer->succeeded()); | |
| 2531 EXPECT_EQ(net::ERR_DISALLOWED_URL_SCHEME, creation_observer->error()); | |
| 2532 EXPECT_EQ(content::DownloadId::Invalid(), creation_observer->download_id()); | |
| 2533 downloads.clear(); | |
| 2534 GetDownloads(browser(), &downloads); | |
| 2535 EXPECT_EQ(0u, downloads.size()); | |
| 2536 | |
| 2537 if (creation_observer->succeeded()) { | |
| 2538 // Wait until the download is done. We don't care how it's finished. | |
| 2539 backup_observer.WaitForFinished(); | |
| 2540 } | |
| 2541 DownloadManagerForBrowser(browser())->RemoveAllDownloads(); | |
| 2542 } | |
| 2543 } | |
| OLD | NEW |
