1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/filename_util.h"
6
7 #include "base/files/file_path.h"
8 #include "base/files/file_util.h"
9 #include "base/strings/string_util.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "base/test/test_file_util.h"
12 #include "build/build_config.h"
13 #include "build/chromeos_buildflags.h"
14 #include "net/base/mime_util.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16 #include "url/gurl.h"
17
18 namespace net {
19
20 namespace {
21
22 struct FileCase {
23 const wchar_t* file; // nullptr indicates expected to fail.
24 const char* url;
25 };
26
27 struct GenerateFilenameCase {
28 int lineno;
29 const char* url;
30 const char* content_disp_header;
31 const char* referrer_charset;
32 const char* suggested_filename;
33 const char* mime_type;
34 const wchar_t* default_filename;
35 const wchar_t* expected_filename;
36 };
37
38 // The expected filenames are coded as wchar_t for convenience.
39 // TODO(https://crbug.com/911896): Make these char16_t once std::u16string is
40 // std::u16string.
FilePathAsWString(const base::FilePath & path)41 std::wstring FilePathAsWString(const base::FilePath& path) {
42 #if BUILDFLAG(IS_WIN)
43 return path.value();
44 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
45 return base::UTF8ToWide(path.value());
46 #endif
47 }
WStringAsFilePath(const std::wstring & str)48 base::FilePath WStringAsFilePath(const std::wstring& str) {
49 #if BUILDFLAG(IS_WIN)
50 return base::FilePath(str);
51 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
52 return base::FilePath(base::WideToUTF8(str));
53 #endif
54 }
55
GetLocaleWarningString()56 std::string GetLocaleWarningString() {
57 #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID)
58 return "";
59 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
60 // The generate filename tests can fail on certain OS_POSIX platforms when
61 // LC_CTYPE is not "utf8" or "utf-8" because some of the string conversions
62 // fail.
63 // This warning text is appended to any test failures to save people time if
64 // this happens to be the cause of failure :)
65 // Note: some platforms (MACOSX, Chromecast) don't have this problem:
66 // setlocale returns "c" but it functions as utf8. And Android doesn't
67 // have setlocale at all.
68 std::string locale = setlocale(LC_CTYPE, nullptr);
69 return " this test may have failed because the current LC_CTYPE locale is "
70 "not utf8 (currently set to " +
71 locale + ")";
72 #endif
73 }
74
RunGenerateFileNameTestCase(const GenerateFilenameCase * test_case)75 void RunGenerateFileNameTestCase(const GenerateFilenameCase* test_case) {
76 std::string default_filename(base::WideToUTF8(test_case->default_filename));
77 base::FilePath file_path = GenerateFileName(
78 GURL(test_case->url), test_case->content_disp_header,
79 test_case->referrer_charset, test_case->suggested_filename,
80 test_case->mime_type, default_filename);
81 EXPECT_EQ(test_case->expected_filename, FilePathAsWString(file_path))
82 << "test case at line number: " << test_case->lineno << "; "
83 << GetLocaleWarningString();
84 }
85
86 constexpr const base::FilePath::CharType* kSafePortableBasenames[] = {
87 FILE_PATH_LITERAL("a"), FILE_PATH_LITERAL("a.txt"),
88 FILE_PATH_LITERAL("a b.txt"), FILE_PATH_LITERAL("a-b.txt"),
89 FILE_PATH_LITERAL("My Computer"),
90 };
91
92 constexpr const base::FilePath::CharType* kUnsafePortableBasenames[] = {
93 FILE_PATH_LITERAL(""),
94 FILE_PATH_LITERAL("."),
95 FILE_PATH_LITERAL(".."),
96 FILE_PATH_LITERAL("..."),
97 FILE_PATH_LITERAL("con"),
98 FILE_PATH_LITERAL("con.zip"),
99 FILE_PATH_LITERAL("NUL"),
100 FILE_PATH_LITERAL("NUL.zip"),
101 FILE_PATH_LITERAL(".a"),
102 FILE_PATH_LITERAL("a."),
103 FILE_PATH_LITERAL("a\"a"),
104 FILE_PATH_LITERAL("a<a"),
105 FILE_PATH_LITERAL("a>a"),
106 FILE_PATH_LITERAL("a?a"),
107 FILE_PATH_LITERAL("a/"),
108 FILE_PATH_LITERAL("a\\"),
109 FILE_PATH_LITERAL("a "),
110 FILE_PATH_LITERAL("a . ."),
111 FILE_PATH_LITERAL(" Computer"),
112 FILE_PATH_LITERAL("My Computer.{a}"),
113 FILE_PATH_LITERAL("My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}"),
114 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
115 FILE_PATH_LITERAL("a\\a"),
116 #endif
117 };
118
119 constexpr const base::FilePath::CharType* kUnsafePortableBasenamesForWin[] = {
120 FILE_PATH_LITERAL("con"), FILE_PATH_LITERAL("con.zip"),
121 FILE_PATH_LITERAL("NUL"), FILE_PATH_LITERAL("NUL.zip"),
122 };
123
124 constexpr const base::FilePath::CharType* kSafePortableRelativePaths[] = {
125 FILE_PATH_LITERAL("a/a"),
126 #if BUILDFLAG(IS_WIN)
127 FILE_PATH_LITERAL("a\\a"),
128 #endif
129 };
130
131 } // namespace
132
TEST(FilenameUtilTest,IsSafePortablePathComponent)133 TEST(FilenameUtilTest, IsSafePortablePathComponent) {
134 for (auto* basename : kSafePortableBasenames) {
135 EXPECT_TRUE(IsSafePortablePathComponent(base::FilePath(basename)))
136 << basename;
137 }
138 for (auto* basename : kUnsafePortableBasenames) {
139 EXPECT_FALSE(IsSafePortablePathComponent(base::FilePath(basename)))
140 << basename;
141 }
142 for (auto* path : kSafePortableRelativePaths) {
143 EXPECT_FALSE(IsSafePortablePathComponent(base::FilePath(path))) << path;
144 }
145 }
146
TEST(FilenameUtilTest,IsSafePortableRelativePath)147 TEST(FilenameUtilTest, IsSafePortableRelativePath) {
148 base::FilePath safe_dirname(FILE_PATH_LITERAL("a"));
149 for (auto* basename : kSafePortableBasenames) {
150 EXPECT_TRUE(IsSafePortableRelativePath(base::FilePath(basename)))
151 << basename;
152 EXPECT_TRUE(IsSafePortableRelativePath(
153 safe_dirname.Append(base::FilePath(basename))))
154 << basename;
155 }
156 for (auto* path : kSafePortableRelativePaths) {
157 EXPECT_TRUE(IsSafePortableRelativePath(base::FilePath(path))) << path;
158 EXPECT_TRUE(
159 IsSafePortableRelativePath(safe_dirname.Append(base::FilePath(path))))
160 << path;
161 }
162 for (auto* basename : kUnsafePortableBasenames) {
163 EXPECT_FALSE(IsSafePortableRelativePath(base::FilePath(basename)))
164 << basename;
165 if (!base::FilePath::StringType(basename).empty()) {
166 EXPECT_FALSE(IsSafePortableRelativePath(
167 safe_dirname.Append(base::FilePath(basename))))
168 << basename;
169 }
170 }
171 }
172
TEST(FilenameUtilTest,FileURLConversion)173 TEST(FilenameUtilTest, FileURLConversion) {
174 // a list of test file names and the corresponding URLs
175 const FileCase round_trip_cases[] = {
176 #if BUILDFLAG(IS_WIN)
177 {L"C:\\foo\\bar.txt", "file:///C:/foo/bar.txt"},
178 {L"\\\\some computer\\foo\\bar.txt",
179 "file://some%20computer/foo/bar.txt"}, // UNC
180 {L"D:\\Name;with%some symbols*#",
181 "file:///D:/Name%3Bwith%25some%20symbols*%23"},
182 // issue 14153: To be tested with the OS default codepage other than 1252.
183 {L"D:\\latin1\\caf\x00E9\x00DD.txt",
184 "file:///D:/latin1/caf%C3%A9%C3%9D.txt"},
185 {L"D:\\otherlatin\\caf\x0119.txt", "file:///D:/otherlatin/caf%C4%99.txt"},
186 {L"D:\\greek\\\x03B1\x03B2\x03B3.txt",
187 "file:///D:/greek/%CE%B1%CE%B2%CE%B3.txt"},
188 {L"D:\\Chinese\\\x6240\x6709\x4e2d\x6587\x7f51\x9875.doc",
189 "file:///D:/Chinese/%E6%89%80%E6%9C%89%E4%B8%AD%E6%96%87%E7%BD%91"
190 "%E9%A1%B5.doc"},
191 {L"D:\\plane1\\\xD835\xDC00\xD835\xDC01.txt", // Math alphabet "AB"
192 "file:///D:/plane1/%F0%9D%90%80%F0%9D%90%81.txt"},
193 // Other percent-encoded characters that are left alone when displaying a
194 // URL are decoded in a file path (https://crbug.com/585422).
195 {L"C:\\foo\\\U0001F512.txt",
196 "file:///C:/foo/%F0%9F%94%92.txt"}, // Blocked.
197 {L"C:\\foo\\\u2001.txt", "file:///C:/foo/%E2%80%81.txt"}, // Blocked.
198 {L"C:\\foo\\\a\tbar\n ", "file:///C:/foo/%07%09bar%0A%20"}, // Blocked.
199 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
200 {L"/foo/bar.txt", "file:///foo/bar.txt"},
201 {L"/foo/BAR.txt", "file:///foo/BAR.txt"},
202 {L"/C:/foo/bar.txt", "file:///C:/foo/bar.txt"},
203 {L"/foo/bar?.txt", "file:///foo/bar%3F.txt"},
204 {L"/foo/\a\tbar\n ", "file:///foo/%07%09bar%0A%20"},
205 // %5C ('\\') is not special on POSIX, and is therefore decoded as normal.
206 {L"/foo/..\\bar", "file:///foo/..%5Cbar"},
207 {L"/some computer/foo/bar.txt", "file:///some%20computer/foo/bar.txt"},
208 {L"/Name;with%some symbols*#", "file:///Name%3Bwith%25some%20symbols*%23"},
209 {L"/latin1/caf\x00E9\x00DD.txt", "file:///latin1/caf%C3%A9%C3%9D.txt"},
210 {L"/otherlatin/caf\x0119.txt", "file:///otherlatin/caf%C4%99.txt"},
211 {L"/greek/\x03B1\x03B2\x03B3.txt", "file:///greek/%CE%B1%CE%B2%CE%B3.txt"},
212 {L"/Chinese/\x6240\x6709\x4e2d\x6587\x7f51\x9875.doc",
213 "file:///Chinese/%E6%89%80%E6%9C%89%E4%B8%AD%E6%96%87%E7%BD"
214 "%91%E9%A1%B5.doc"},
215 {L"/plane1/\x1D400\x1D401.txt", // Math alphabet "AB"
216 "file:///plane1/%F0%9D%90%80%F0%9D%90%81.txt"},
217 // Other percent-encoded characters that are left alone when displaying a
218 // URL are decoded in a file path (https://crbug.com/585422).
219 {L"/foo/\U0001F512.txt", "file:///foo/%F0%9F%94%92.txt"}, // Blocked.
220 {L"/foo/\u2001.txt", "file:///foo/%E2%80%81.txt"}, // Blocked.
221 #endif
222 };
223
224 // First, we'll test that we can round-trip all of the above cases of URLs
225 base::FilePath output;
226 for (const auto& test_case : round_trip_cases) {
227 // convert to the file URL
228 GURL file_url(FilePathToFileURL(WStringAsFilePath(test_case.file)));
229 EXPECT_EQ(test_case.url, file_url.spec());
230
231 // Back to the filename.
232 EXPECT_TRUE(FileURLToFilePath(file_url, &output));
233 EXPECT_EQ(test_case.file, FilePathAsWString(output));
234 }
235
236 // Test that various file: URLs get decoded into the correct file type
237 FileCase url_cases[] = {
238 {nullptr, "http://foo/bar.txt"},
239 {nullptr, "http://localhost/foo/bar.txt"},
240 {nullptr, "https://localhost/foo/bar.txt"},
241 #if BUILDFLAG(IS_WIN)
242 {L"C:\\foo\\bar.txt", "file:c|/foo\\bar.txt"},
243 {L"C:\\foo\\bar.txt", "file:/c:/foo/bar.txt"},
244 {L"\\\\foo\\bar.txt", "file://foo\\bar.txt"},
245 {L"C:\\foo\\bar.txt", "file:///c:/foo/bar.txt"},
246 {L"\\\\foo\\bar.txt", "file:////foo\\bar.txt"},
247 {L"\\\\foo\\bar.txt", "file:/foo/bar.txt"},
248 {L"\\\\foo\\bar.txt", "file://foo\\bar.txt"},
249 {L"C:\\foo\\bar.txt", "file:\\\\\\c:/foo/bar.txt"},
250 // %2F ('/') should fail, because it might otherwise be interpreted as a
251 // path separator on Windows.
252 {nullptr, "file:///C:\\foo%2f..\\bar"},
253 // %5C ('\\') should fail, because it can't be represented in a Windows
254 // filename (and should not be considered a path separator).
255 {nullptr, "file:///foo\\..%5cbar"},
256 // %00 should fail, because it represents a null byte in a filename.
257 {nullptr, "file:///foo/%00bar.txt"},
258 // Other percent-encoded characters that are left alone when displaying a
259 // URL are decoded in a file path (https://crbug.com/585422).
260 {L"C:\\foo\\\n.txt", "file:///c:/foo/%0A.txt"}, // Control char.
261 {L"C:\\foo\\a=$b.txt", "file:///c:/foo/a%3D%24b.txt"}, // Reserved.
262 // Make sure that '+' isn't converted into ' '.
263 {L"C:\\foo\\romeo+juliet.txt", "file:/c:/foo/romeo+juliet.txt"},
264 // SAMBA share case.
265 {L"\\\\computername\\ShareName\\Path\\Foo.txt",
266 "file://computername/ShareName/Path/Foo.txt"},
267 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
268 {L"/c:/foo/bar.txt", "file:/c:/foo/bar.txt"},
269 {L"/c:/foo/bar.txt", "file:///c:/foo/bar.txt"},
270 {L"/foo/bar.txt", "file:/foo/bar.txt"},
271 {L"/c:/foo/bar.txt", "file:\\\\\\c:/foo/bar.txt"},
272 {L"/foo/bar.txt", "file:foo/bar.txt"},
273 {L"/foo/bar.txt", "file:///foo/bar.txt"},
274 {L"/foo/bar.txt", "file:////foo/bar.txt"},
275 {L"/foo/bar.txt", "file:////foo//bar.txt"},
276 {L"/foo/bar.txt", "file:////foo///bar.txt"},
277 {L"/foo/bar.txt", "file:////foo////bar.txt"},
278 {L"/c:/foo/bar.txt", "file:\\\\\\c:/foo/bar.txt"},
279 {L"/c:/foo/bar.txt", "file:c:/foo/bar.txt"},
280 // %2F ('/') should fail, because it can't be represented in a POSIX
281 // filename (and should not be considered a path separator).
282 {nullptr, "file:///foo%2f../bar"},
283 // %00 should fail, because it represents a null byte in a filename.
284 {nullptr, "file:///foo/%00bar.txt"},
285 // Other percent-encoded characters that are left alone when displaying a
286 // URL are decoded in a file path (https://crbug.com/585422).
287 {L"/foo/\n.txt", "file:///foo/%0A.txt"}, // Control char.
288 {L"/foo/a=$b.txt", "file:///foo/a%3D%24b.txt"}, // Reserved.
289 // Make sure that '+' isn't converted into ' '.
290 {L"/foo/romeo+juliet.txt", "file:///foo/romeo+juliet.txt"},
291 // Backslashes in a file URL are normalized as forward slashes.
292 {L"/bar.txt", "file://\\bar.txt"},
293 {L"/c|/foo/bar.txt", "file:c|/foo\\bar.txt"},
294 {L"/foo/bar.txt", "file:////foo\\bar.txt"},
295 // Accept obviously-local file URLs.
296 {L"/foo/bar.txt", "file:///foo/bar.txt"},
297 {L"/foo/bar.txt", "file://localhost/foo/bar.txt"},
298 {L"/foo/bar.txt", "file://127.0.0.1/foo/bar.txt"},
299 {L"/foo/bar.txt", "file://[::1]/foo/bar.txt"},
300 // Reject non-local file URLs.
301 {nullptr, "file://foo/bar.txt"},
302 {nullptr, "file://example.com/bar.txt"},
303 {nullptr, "file://192.168.1.1/foo/bar.txt"},
304 {nullptr, "file://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/foo/bar.txt"},
305 #endif
306 };
307 for (const auto& test_case : url_cases) {
308 EXPECT_EQ(test_case.file != nullptr,
309 FileURLToFilePath(GURL(test_case.url), &output));
310 if (test_case.file) {
311 EXPECT_EQ(test_case.file, FilePathAsWString(output));
312 } else {
313 EXPECT_EQ(L"", FilePathAsWString(output));
314 }
315 }
316
317 // Invalid UTF-8 tests can't be tested above because FilePathAsWString assumes
318 // the output is valid UTF-8.
319
320 // Invalid UTF-8 bytes in input.
321 {
322 const char invalid_utf8[] = "file:///d:/Blah/\x85\x99.doc";
323 EXPECT_TRUE(FileURLToFilePath(GURL(invalid_utf8), &output));
324 #if BUILDFLAG(IS_WIN)
325 // On Windows, invalid UTF-8 bytes are interpreted using the default ANSI
326 // code page. This defaults to Windows-1252 (which we assume here).
327 const base::FilePath::CharType expected_output[] =
328 FILE_PATH_LITERAL("D:\\Blah\\\u2026\u2122.doc");
329 EXPECT_EQ(expected_output, output.value());
330 #elif BUILDFLAG(IS_POSIX)
331 // No conversion should happen, and the invalid UTF-8 should be preserved.
332 const char expected_output[] = "/d:/Blah/\x85\x99.doc";
333 EXPECT_EQ(expected_output, output.value());
334 #endif
335 }
336
337 // Invalid UTF-8 percent-encoded bytes in input.
338 {
339 const char invalid_utf8[] = "file:///d:/Blah/%85%99.doc";
340 EXPECT_TRUE(FileURLToFilePath(GURL(invalid_utf8), &output));
341 #if BUILDFLAG(IS_WIN)
342 // On Windows, invalid UTF-8 bytes are interpreted using the default ANSI
343 // code page. This defaults to Windows-1252 (which we assume here).
344 const base::FilePath::CharType expected_output[] =
345 FILE_PATH_LITERAL("D:\\Blah\\\u2026\u2122.doc");
346 EXPECT_EQ(expected_output, output.value());
347 #elif BUILDFLAG(IS_POSIX)
348 // No conversion should happen, and the invalid UTF-8 should be preserved.
349 const char expected_output[] = "/d:/Blah/\x85\x99.doc";
350 EXPECT_EQ(expected_output, output.value());
351 #endif
352 }
353
354 // Test that if a file URL is malformed, we get a failure
355 EXPECT_FALSE(FileURLToFilePath(GURL("filefoobar"), &output));
356 }
357
TEST(FilenameUtilTest,GenerateSafeFileName)358 TEST(FilenameUtilTest, GenerateSafeFileName) {
359 const struct {
360 int line;
361 const char* mime_type;
362 const char* filename;
363 const char* expected_filename;
364 } safe_tests[] = {
365 {__LINE__, "text/html", "bar.htm", "bar.htm"},
366 {__LINE__, "text/html", "bar.html", "bar.html"},
367 {__LINE__, "application/x-chrome-extension", "bar", "bar.crx"},
368 {__LINE__, "image/png", "bar.html", "bar.html"},
369 {__LINE__, "text/html", "bar.exe", "bar.exe"},
370 {__LINE__, "image/gif", "bar.exe", "bar.exe"},
371 {__LINE__, "text/html", "google.com", "google.com"},
372 // Allow extension synonyms.
373 {__LINE__, "image/jpeg", "bar.jpg", "bar.jpg"},
374 {__LINE__, "image/jpeg", "bar.jpeg", "bar.jpeg"},
375
376 #if BUILDFLAG(IS_WIN)
377 // Device names
378 {__LINE__, "text/html", "con.htm", "_con.htm"},
379 {__LINE__, "text/html", "lpt1.htm", "_lpt1.htm"},
380 {__LINE__, "application/x-chrome-extension", "con", "_con.crx"},
381
382 // Looks like foo.{GUID} which get treated as namespace mounts on Windows.
383 {__LINE__, "text/html", "harmless.{not-really-this-may-be-a-guid}",
384 "harmless.download"},
385 {__LINE__, "text/html", "harmless.{mismatched-", "harmless.{mismatched-"},
386
387 // Dangerous extensions
388 {__LINE__, "text/html", "harmless.local", "harmless.download"},
389 {__LINE__, "text/html", "harmless.lnk", "harmless.download"},
390 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
391 // On Posix, none of the above set is particularly dangerous.
392 {__LINE__, "text/html", "con.htm", "con.htm"},
393 {__LINE__, "text/html", "lpt1.htm", "lpt1.htm"},
394 {__LINE__, "application/x-chrome-extension", "con", "con.crx"},
395 {__LINE__, "text/html", "harmless.{not-really-this-may-be-a-guid}",
396 "harmless.{not-really-this-may-be-a-guid}"},
397 {__LINE__, "text/html", "harmless.{mismatched-", "harmless.{mismatched-"},
398 {__LINE__, "text/html", "harmless.local", "harmless.local"},
399 {__LINE__, "text/html", "harmless.lnk", "harmless.lnk"},
400 #endif // BUILDFLAG(IS_WIN)
401 };
402
403 #if BUILDFLAG(IS_WIN)
404 base::FilePath base_path(FILE_PATH_LITERAL("C:\\foo"));
405 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
406 base::FilePath base_path("/foo");
407 #endif
408
409 for (const auto& test : safe_tests) {
410 base::FilePath file_path = base_path.AppendASCII(test.filename);
411 base::FilePath expected_path =
412 base_path.AppendASCII(test.expected_filename);
413 GenerateSafeFileName(test.mime_type, false, &file_path);
414 EXPECT_EQ(expected_path.value(), file_path.value())
415 << "Test case at line " << test.line;
416 }
417 }
418
TEST(FilenameUtilTest,GenerateFileName_Assumptions)419 TEST(FilenameUtilTest, GenerateFileName_Assumptions) {
420 base::FilePath::StringType extension;
421 EXPECT_TRUE(GetPreferredExtensionForMimeType("application/x-chrome-extension",
422 &extension));
423 EXPECT_EQ(base::FilePath::StringType(FILE_PATH_LITERAL("crx")), extension);
424 }
425
TEST(FilenameUtilTest,GenerateFileName)426 TEST(FilenameUtilTest, GenerateFileName) {
427 // Tests whether the correct filename is selected from the the given
428 // parameters and that Content-Disposition headers are properly
429 // handled including failovers when the header is malformed.
430 const GenerateFilenameCase selection_tests[] = {
431 {// Picks the filename from the C-D header.
432 __LINE__, "http://www.google.com/", "attachment; filename=test.html", "",
433 "", "", L"", L"test.html"},
434 {// Ditto. The C-D header uses a quoted string.
435 __LINE__, "http://www.google.com/", "attachment; filename=\"test.html\"",
436 "", "", "", L"", L"test.html"},
437 {// Ditto. Extra whilespace after the '=' sign.
438 __LINE__, "http://www.google.com/",
439 "attachment; filename= \"test.html\"", "", "", "", L"", L"test.html"},
440 {// Ditto. Whitespace before and after '=' sign.
441 __LINE__, "http://www.google.com/",
442 "attachment; filename = \"test.html\"", "", "", "", L"",
443 L"test.html"},
444 {// Filename is whitespace. Should failover to URL host
445 __LINE__, "http://www.google.com/", "attachment; filename= ", "", "",
446 "", L"", L"www.google.com"},
447 {// No filename.
448 __LINE__, "http://www.google.com/path/test.html", "attachment", "", "",
449 "", L"", L"test.html"},
450 {// Ditto
451 __LINE__, "http://www.google.com/path/test.html", "attachment;", "", "",
452 "", L"", L"test.html"},
453 {// No C-D, and no URL path.
454 __LINE__, "http://www.google.com/", "", "", "", "", L"",
455 L"www.google.com"},
456 {// No C-D. URL has a path.
457 __LINE__, "http://www.google.com/test.html", "", "", "", "", L"",
458 L"test.html"},
459 {// No C-D. URL's path ends in a slash which results in an empty final
460 // component.
461 __LINE__, "http://www.google.com/path/", "", "", "", "", L"",
462 L"www.google.com"},
463 {// No C-D. URL has a path, but the path has no extension.
464 __LINE__, "http://www.google.com/path", "", "", "", "", L"", L"path"},
465 {// No C-D. URL gives no filename hints.
466 __LINE__, "file:///", "", "", "", "", L"", L"download"},
467 {// file:// URL.
468 __LINE__, "file:///path/testfile", "", "", "", "", L"", L"testfile"},
469 {// Unknown scheme.
470 __LINE__, "non-standard-scheme:", "", "", "", "", L"", L"download"},
471 {// C-D overrides default
472 __LINE__, "http://www.google.com/",
473 "attachment; filename =\"test.html\"", "", "", "", L"download",
474 L"test.html"},
475 {// But the URL doesn't
476 __LINE__, "http://www.google.com/", "", "", "", "", L"download",
477 L"download"},
478 // Below is a small subset of cases taken from HttpContentDisposition
479 // tests.
480 {__LINE__, "http://www.google.com/",
481 "attachment; filename=\"%EC%98%88%EC%88%A0%20"
482 "%EC%98%88%EC%88%A0.jpg\"",
483 "", "", "", L"", L"\uc608\uc220 \uc608\uc220.jpg"},
484 {__LINE__,
485 "http://www.google.com/%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg", "",
486 "", "", "", L"download", L"\uc608\uc220 \uc608\uc220.jpg"},
487 {__LINE__, "http://www.google.com/", "attachment;", "", "", "",
488 L"\uB2E4\uC6B4\uB85C\uB4DC", L"\uB2E4\uC6B4\uB85C\uB4DC"},
489 {__LINE__, "http://www.google.com/",
490 "attachment; filename=\"=?EUC-JP?Q?=B7=DD=BD="
491 "D13=2Epng?=\"",
492 "", "", "", L"download", L"\u82b8\u88533.png"},
493 {__LINE__, "http://www.example.com/images?id=3",
494 "attachment; filename=caf\xc3\xa9.png", "iso-8859-1", "", "", L"",
495 L"caf\u00e9.png"},
496 {__LINE__, "http://www.example.com/images?id=3",
497 "attachment; filename=caf\xe5.png", "windows-1253", "", "", L"",
498 L"caf\u03b5.png"},
499 {// Invalid C-D header. Name value is skipped now.
500 __LINE__, "http://www.example.com/file?id=3",
501 "attachment; name=\xcf\xc2\xd4\xd8.zip", "GBK", "", "", L"", L"file"},
502 {// Invalid C-D header. Extracts filename from url.
503 __LINE__, "http://www.google.com/test.html",
504 "attachment; filename==?iiso88591?Q?caf=EG?=", "", "", "", L"",
505 L"test.html"},
506 // about: and data: URLs
507 {__LINE__, "about:chrome", "", "", "", "", L"", L"download"},
508 {__LINE__, "data:,looks/like/a.path", "", "", "", "", L"", L"download"},
509 {__LINE__, "data:text/plain;base64,VG8gYmUgb3Igbm90IHRvIGJlLg=", "", "",
510 "", "", L"", L"download"},
511 {__LINE__, "data:,looks/like/a.path", "", "", "", "",
512 L"default_filename_is_given", L"default_filename_is_given"},
513 {__LINE__, "data:,looks/like/a.path", "", "", "", "",
514 L"\u65e5\u672c\u8a9e", // Japanese Kanji.
515 L"\u65e5\u672c\u8a9e"},
516 {// The filename encoding is specified by the referrer charset.
517 __LINE__, "http://example.com/V%FDvojov%E1%20psychologie.doc", "",
518 "iso-8859-1", "", "", L"", L"V\u00fdvojov\u00e1 psychologie.doc"},
519 {// Suggested filename takes precedence over URL
520 __LINE__, "http://www.google.com/test", "", "", "suggested", "", L"",
521 L"suggested"},
522 {// The content-disposition has higher precedence over the suggested name.
523 __LINE__, "http://www.google.com/test", "attachment; filename=test.html",
524 "", "suggested", "", L"", L"test.html"},
525 {__LINE__, "http://www.google.com/test", "attachment; filename=test",
526 "utf-8", "", "image/png", L"", L"test"},
527 // Raw 8bit characters in C-D
528 {__LINE__, "http://www.example.com/images?id=3",
529 "attachment; filename=caf\xc3\xa9.png", "iso-8859-1", "", "image/png",
530 L"", L"caf\u00e9.png"},
531 {__LINE__, "http://www.example.com/images?id=3",
532 "attachment; filename=caf\xe5.png", "windows-1253", "", "image/png", L"",
533 L"caf\u03b5.png"},
534 {// No 'filename' keyword in the disposition, use the URL
535 __LINE__, "http://www.evil.com/my_download.txt", "a_file_name.txt", "",
536 "", "text/plain", L"download", L"my_download.txt"},
537 {// Spaces in the disposition file name
538 __LINE__, "http://www.frontpagehacker.com/a_download.exe",
539 "filename=My Downloaded File.exe", "", "", "application/octet-stream",
540 L"download", L"My Downloaded File.exe"},
541 {// % encoded
542 __LINE__, "http://www.examples.com/",
543 "attachment; "
544 "filename=\"%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg\"",
545 "", "", "application/x-chrome-extension", L"download",
546 L"\uc608\uc220 \uc608\uc220.jpg"},
547 {// Invalid C-D header. Name value is skipped now.
548 __LINE__, "http://www.examples.com/q.cgi?id=abc",
549 "attachment; name=abc de.pdf", "", "", "application/octet-stream",
550 L"download", L"q.cgi"},
551 {__LINE__, "http://www.example.com/path",
552 "filename=\"=?EUC-JP?Q?=B7=DD=BD=D13=2Epng?=\"", "", "", "image/png",
553 L"download",
554 L"\x82b8\x8853"
555 L"3.png"},
556 {// The following two have invalid CD headers and filenames come from the
557 // URL.
558 __LINE__, "http://www.example.com/test%20123",
559 "attachment; filename==?iiso88591?Q?caf=EG?=", "", "", "", L"download",
560 L"test 123"},
561 {__LINE__,
562 "http://www.google.com/%EC%98%88%EC%88%A0%20%EC%98%88%EC%88%A0.jpg",
563 "malformed_disposition", "", "", "", L"download",
564 L"\uc608\uc220 \uc608\uc220.jpg"},
565 {// Invalid C-D. No filename from URL. Falls back to 'download'.
566 __LINE__, "http://www.google.com/path1/path2/",
567 "attachment; filename==?iso88591?Q?caf=E3?", "", "", "", L"download",
568 L"download"},
569 };
570
571 // Tests filename generation. Once the correct filename is
572 // selected, they should be passed through the validation steps and
573 // a correct extension should be added if necessary.
574 const GenerateFilenameCase generation_tests[] = {
575 // Dotfiles. Ensures preceeding period(s) stripped.
576 {__LINE__, "http://www.google.com/.test.html", "", "", "", "", L"",
577 L"test.html"},
578 {__LINE__, "http://www.google.com/.test", "", "", "", "", L"", L"test"},
579 {__LINE__, "http://www.google.com/..test", "", "", "", "", L"", L"test"},
580 {// Disposition has relative paths, remove directory separators
581 __LINE__, "", "filename=../../../../././../a_file_name.txt", "", "",
582 "text/plain", L"download", L"_.._.._.._._._.._a_file_name.txt"},
583 {// Disposition has parent directories, remove directory separators
584 __LINE__, "", "filename=dir1/dir2/a_file_name.txt", "", "", "text/plain",
585 L"download", L"dir1_dir2_a_file_name.txt"},
586 {// Disposition has relative paths, remove directory separators
587 __LINE__, "", "filename=..\\..\\..\\..\\.\\.\\..\\a_file_name.txt", "", "",
588 "text/plain", L"download", L"_.._.._.._._._.._a_file_name.txt"},
589 {// Disposition has parent directories, remove directory separators
590 __LINE__, "", "filename=dir1\\dir2\\a_file_name.txt", "", "", "text/plain",
591 L"download", L"dir1_dir2_a_file_name.txt"},
592 {// Filename looks like HTML?
593 __LINE__, "", "filename=\"<blink>Hello kitty</blink>\"", "", "",
594 "text/plain", L"default", L"_blink_Hello kitty__blink_"},
595 {// A normal avi should get .avi and not .avi.avi
596 __LINE__, "https://example.com/misc/2.avi", "", "", "", "video/x-msvideo",
597 L"download", L"2.avi"},
598 {// Slashes are illegal, and should be replaced with underscores.
599 __LINE__, "http://example.com/foo%2f..%2fbar.jpg", "", "", "",
600 "text/plain", L"download", L"foo_.._bar.jpg"},
601 {// "%00" decodes to the NUL byte, which is illegal and should be replaced
602 // with an underscore. (Note: This can't be tested with a URL, since "%00"
603 // is illegal in a URL. Only applies to Content-Disposition.)
604 __LINE__, "http://example.com/download.py", "filename=foo%00bar.jpg", "",
605 "", "text/plain", L"download", L"foo_bar.jpg"},
606 {// Extension generation for C-D derived filenames.
607 __LINE__, "", "filename=my-cat", "", "", "image/jpeg", L"download",
608 L"my-cat"},
609 {// Unknown MIME type
610 __LINE__, "", "filename=my-cat", "", "", "dance/party", L"download",
611 L"my-cat"},
612 {// Known MIME type.
613 __LINE__, "", "filename=my-cat.jpg", "", "", "text/plain", L"download",
614 L"my-cat.jpg"},
615 #if BUILDFLAG(IS_WIN)
616 // Test truncation of trailing dots and spaces (Windows)
617 {__LINE__, "", "filename=evil.exe ", "", "", "binary/octet-stream",
618 L"download", L"evil.exe"},
619 {__LINE__, "", "filename=evil.exe.", "", "", "binary/octet-stream",
620 L"download", L"evil.exe_"},
621 {__LINE__, "", "filename=evil.exe. . .", "", "", "binary/octet-stream",
622 L"download", L"evil.exe_______"},
623 {__LINE__, "", "filename=evil.", "", "", "binary/octet-stream", L"download",
624 L"evil_"},
625 {__LINE__, "", "filename=. . . . .", "", "", "binary/octet-stream",
626 L"download", L"download"},
627 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
628 // Test truncation of trailing dots and spaces (non-Windows)
629 {__LINE__, "", "filename=evil.exe ", "", "", "binary/octet-stream",
630 L"download", L"evil.exe"},
631 {__LINE__, "", "filename=evil.exe.", "", "", "binary/octet-stream",
632 L"download", L"evil.exe"},
633 {__LINE__, "", "filename=evil.exe. . .", "", "", "binary/octet-stream",
634 L"download", L"evil.exe. . _"},
635 {__LINE__, "", "filename=evil.", "", "", "binary/octet-stream", L"download",
636 L"evil"},
637 {__LINE__, "", "filename=. . . . .", "", "", "binary/octet-stream",
638 L"download", L"_. . ._"},
639 #endif
640 {__LINE__, "", "attachment; filename=\"meh.exe\xC2\xA0\"", "", "",
641 "binary/octet-stream", L"", L"meh.exe_"},
642 // Disappearing directory references:
643 {__LINE__, "", "filename=.", "", "", "dance/party", L"download",
644 L"download"},
645 {__LINE__, "", "filename=..", "", "", "dance/party", L"download",
646 L"download"},
647 {__LINE__, "", "filename=...", "", "", "dance/party", L"download",
648 L"download"},
649 // Reserved words on Windows
650 {__LINE__, "", "filename=COM1", "", "", "application/foo-bar", L"download",
651 #if BUILDFLAG(IS_WIN)
652 L"_COM1"
653 #else
654 L"COM1"
655 #endif
656 },
657 {__LINE__, "", "filename=COM4.txt", "", "", "text/plain", L"download",
658 #if BUILDFLAG(IS_WIN)
659 L"_COM4.txt"
660 #else
661 L"COM4.txt"
662 #endif
663 },
664 {__LINE__, "", "filename=lpt1.TXT", "", "", "text/plain", L"download",
665 #if BUILDFLAG(IS_WIN)
666 L"_lpt1.TXT"
667 #else
668 L"lpt1.TXT"
669 #endif
670 },
671 {__LINE__, "", "filename=clock$.txt", "", "", "text/plain", L"download",
672 #if BUILDFLAG(IS_WIN)
673 L"_clock$.txt"
674 #else
675 L"clock$.txt"
676 #endif
677 },
678 {// Validation should also apply to sugested name
679 __LINE__, "", "", "", "clock$.txt", "text/plain", L"download",
680 #if BUILDFLAG(IS_WIN)
681 L"_clock$.txt"
682 #else
683 L"clock$.txt"
684 #endif
685 },
686 {// Device names only work when present at the start of the string.
687 __LINE__, "", "filename=mycom1.foo", "", "", "", L"download",
688 L"mycom1.foo"},
689 {__LINE__, "", "filename=Setup.exe.local", "", "", "", L"download",
690 #if BUILDFLAG(IS_WIN)
691 L"Setup.exe.download"
692 #else
693 L"Setup.exe.local"
694 #endif
695 },
696 {__LINE__, "", "filename=Setup.exe.local.local", "", "", "", L"download",
697 #if BUILDFLAG(IS_WIN)
698 L"Setup.exe.local.download"
699 #else
700 L"Setup.exe.local.local"
701 #endif
702 },
703 {__LINE__, "", "filename=Setup.exe.lnk", "", "", "", L"download",
704 #if BUILDFLAG(IS_WIN)
705 L"Setup.exe.download"
706 #else
707 L"Setup.exe.lnk"
708 #endif
709 },
710 {__LINE__, "", "filename=Desktop.ini", "", "", "", L"download",
711 #if BUILDFLAG(IS_WIN)
712 L"_Desktop.ini"
713 #else
714 L"Desktop.ini"
715 #endif
716 },
717 {__LINE__, "", "filename=Thumbs.db", "", "", "", L"download",
718 #if BUILDFLAG(IS_WIN)
719 L"_Thumbs.db"
720 #else
721 L"Thumbs.db"
722 #endif
723 },
724
725 // Regression tests for older issues:
726 {// http://crbug.com/5772.
727 __LINE__, "http://www.example.com/foo.tar.gz", "", "", "",
728 "application/x-tar", L"download", L"foo.tar.gz"},
729 {// http://crbug.com/52250.
730 __LINE__, "http://www.example.com/foo.tgz", "", "", "",
731 "application/x-tar", L"download", L"foo.tgz"},
732 {// http://crbug.com/7337.
733 __LINE__, "http://maged.lordaeron.org/blank.reg", "", "", "",
734 "text/x-registry", L"download", L"blank.reg"},
735 {__LINE__, "http://www.example.com/bar.tar", "", "", "",
736 "application/x-tar", L"download", L"bar.tar"},
737 {__LINE__, "http://www.example.com/bar.bogus", "", "", "",
738 "application/x-tar", L"download", L"bar.bogus"},
739 {// http://crbug.com/20337
740 __LINE__, "http://www.example.com/.download.txt", "filename=.download.txt",
741 "", "", "text/plain", L"-download", L"download.txt"},
742 {// http://crbug.com/56855.
743 __LINE__, "http://www.example.com/bar.sh", "", "", "", "application/x-sh",
744 L"download", L"bar.sh"},
745 {// http://crbug.com/61571
746 __LINE__, "http://www.example.com/npdf.php?fn=foobar.pdf", "", "", "",
747 "application/x-chrome-extension", L"download", L"npdf.crx"},
748 {// Shouldn't overwrite C-D specified extension.
749 __LINE__, "http://www.example.com/npdf.php?fn=foobar.pdf",
750 "filename=foobar.jpg", "", "", "text/plain", L"download", L"foobar.jpg"},
751 {// http://crbug.com/87719
752 __LINE__, "http://www.example.com/image.aspx?id=blargh", "", "", "",
753 "application/x-chrome-extension", L"download", L"image.crx"},
754 {__LINE__, "http://www.example.com/image.aspx?id=blargh", "", "", " .foo",
755 "", L"download", L"_.foo"},
756
757 // Note that the next 4 tests will not fail on all platforms on regression.
758 // They only fail if application/[x-]gzip has a default extension, which
759 // can vary across platforms (And even by OS install).
760 {__LINE__, "http://www.example.com/goat.tar.gz?wearing_hat=true", "", "",
761 "", "application/gzip", L"", L"goat.tar.gz"},
762 {__LINE__, "http://www.example.com/goat.tar.gz?wearing_hat=true", "", "",
763 "", "application/x-gzip", L"", L"goat.tar.gz"},
764 {__LINE__, "http://www.example.com/goat.tgz?wearing_hat=true", "", "", "",
765 "application/gzip", L"", L"goat.tgz"},
766 {__LINE__, "http://www.example.com/goat.tgz?wearing_hat=true", "", "", "",
767 "application/x-gzip", L"", L"goat.tgz"},
768
769 #if BUILDFLAG(IS_CHROMEOS_ASH)
770 {// http://crosbug.com/26028
771 __LINE__, "http://www.example.com/fooa%cc%88.txt", "", "", "",
772 "image/jpeg", L"foo\xe4", L"foo\xe4.txt"},
773 #endif
774
775 // U+3000 IDEOGRAPHIC SPACE (http://crbug.com/849794): In URL file name.
776 {__LINE__, "http://www.example.com/%E5%B2%A1%E3%80%80%E5%B2%A1.txt", "", "",
777 "", "text/plain", L"", L"\u5ca1\u3000\u5ca1.txt"},
778 // U+3000 IDEOGRAPHIC SPACE (http://crbug.com/849794): In
779 // Content-Disposition filename.
780 {__LINE__, "http://www.example.com/download.py",
781 "filename=%E5%B2%A1%E3%80%80%E5%B2%A1.txt", "utf-8", "", "text/plain", L"",
782 L"\u5ca1\u3000\u5ca1.txt"},
783 };
784
785 for (const auto& selection_test : selection_tests)
786 RunGenerateFileNameTestCase(&selection_test);
787
788 for (const auto& generation_test : generation_tests)
789 RunGenerateFileNameTestCase(&generation_test);
790
791 for (const auto& generation_test : generation_tests) {
792 GenerateFilenameCase test_case = generation_test;
793 test_case.referrer_charset = "GBK";
794 RunGenerateFileNameTestCase(&test_case);
795 }
796 }
797
TEST(FilenameUtilTest,IsReservedNameOnWindows)798 TEST(FilenameUtilTest, IsReservedNameOnWindows) {
799 for (auto* basename : kSafePortableBasenames) {
800 EXPECT_FALSE(IsReservedNameOnWindows(base::FilePath(basename).value()))
801 << basename;
802 }
803
804 for (auto* basename : kUnsafePortableBasenamesForWin) {
805 EXPECT_TRUE(IsReservedNameOnWindows(base::FilePath(basename).value()))
806 << basename;
807 }
808 }
809
810 } // namespace net
811
