Home | History | Annotate | Download | only in browser
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include <shlobj.h>
      6 #include <shobjidl.h>
      7 
      8 #include "content/browser/safe_util_win.h"
      9 
     10 #include "base/files/file_path.h"
     11 #include "base/logging.h"
     12 #include "base/path_service.h"
     13 #include "base/strings/string_util.h"
     14 #include "base/strings/utf_string_conversions.h"
     15 #include "base/win/scoped_comptr.h"
     16 #include "ui/base/win/shell.h"
     17 #include "url/gurl.h"
     18 
     19 namespace content {
     20 namespace {
     21 
     22 // Sets the Zone Identifier on the file to "Internet" (3). Returns true if the
     23 // function succeeds, false otherwise. A failure is expected on system where
     24 // the Zone Identifier is not supported, like a machine with a FAT32 filesystem.
     25 // This function does not invoke Windows Attachment Execution Services.
     26 //
     27 // |full_path| is the path to the downloaded file.
     28 bool SetInternetZoneIdentifierDirectly(const base::FilePath& full_path) {
     29   const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
     30   std::wstring path = full_path.value() + L":Zone.Identifier";
     31   HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL,
     32                            OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
     33   if (INVALID_HANDLE_VALUE == file)
     34     return false;
     35 
     36   static const char kIdentifier[] = "[ZoneTransfer]\r\nZoneId=3\r\n";
     37   // Don't include trailing null in data written.
     38   static const DWORD kIdentifierSize = arraysize(kIdentifier) - 1;
     39   DWORD written = 0;
     40   BOOL result = WriteFile(file, kIdentifier, kIdentifierSize, &written, NULL);
     41   BOOL flush_result = FlushFileBuffers(file);
     42   CloseHandle(file);
     43 
     44   if (!result || !flush_result || written != kIdentifierSize) {
     45     NOTREACHED();
     46     return false;
     47   }
     48 
     49   return true;
     50 }
     51 
     52 }  // namespace
     53 
     54 HRESULT AVScanFile(const base::FilePath& full_path,
     55                    const std::string& source_url,
     56                    const GUID& client_guid) {
     57   base::win::ScopedComPtr<IAttachmentExecute> attachment_services;
     58   HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
     59 
     60   if (FAILED(hr)) {
     61     // The thread must have COM initialized.
     62     DCHECK_NE(CO_E_NOTINITIALIZED, hr);
     63 
     64     // We don't have Attachment Execution Services, it must be a pre-XP.SP2
     65     // Windows installation, or the thread does not have COM initialized. Try to
     66     // set the zone information directly. Failure is not considered an error.
     67     SetInternetZoneIdentifierDirectly(full_path);
     68     return hr;
     69   }
     70 
     71   if (!IsEqualGUID(client_guid, GUID_NULL)) {
     72     hr = attachment_services->SetClientGuid(client_guid);
     73     if (FAILED(hr))
     74       return hr;
     75   }
     76 
     77   hr = attachment_services->SetLocalPath(full_path.value().c_str());
     78   if (FAILED(hr))
     79     return hr;
     80 
     81   // Note: SetSource looks like it needs to be called, even if empty.
     82   // Docs say it is optional, but it appears not calling it at all sets
     83   // a zone that is too restrictive.
     84   hr = attachment_services->SetSource(UTF8ToWide(source_url).c_str());
     85   if (FAILED(hr))
     86     return hr;
     87 
     88   // A failure in the Save() call below could result in the downloaded file
     89   // being deleted.
     90   return attachment_services->Save();
     91 }
     92 
     93 }  // namespace content
     94