12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved.
22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// found in the LICENSE file.
42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/common/safe_browsing/zip_analyzer.h"
62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/logging.h"
82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/common/safe_browsing/download_protection_util.h"
9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "third_party/zlib/google/zip_reader.h"
102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace safe_browsing {
122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace zip_analyzer {
132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
1446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)void AnalyzeZipFile(base::File zip_file, Results* results) {
152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)  zip::ZipReader reader;
1646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)  // OpenFromPlatformFile may close the handle even when it fails, but there is
1746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)  // no way to know if it did that or not. Assume it did (that's the common
1846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)  // case).
1946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)  if (!reader.OpenFromPlatformFile(zip_file.TakePlatformFile())) {
202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    VLOG(1) << "Failed to open zip file";
212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    return;
222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)  }
232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  bool advanced = true;
25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)  for (; reader.HasMore(); advanced = reader.AdvanceToNextEntry()) {
26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    if (!advanced) {
27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)      VLOG(1) << "Could not advance to next entry, aborting zip scan.";
28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)      return;
29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)    }
302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    if (!reader.OpenCurrentEntryInZip()) {
312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      VLOG(1) << "Failed to open current entry in zip file";
322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      continue;
332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    }
342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    const base::FilePath& file = reader.current_entry_info()->file_path();
352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    if (download_protection_util::IsBinaryFile(file)) {
362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      // Don't consider an archived archive to be executable, but record
372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      // a histogram.
382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      if (download_protection_util::IsArchiveFile(file)) {
392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        results->has_archive = true;
402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      } else {
412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        VLOG(2) << "Downloaded a zipped executable: " << file.value();
422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        results->has_executable = true;
432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)        break;
442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      }
452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    } else {
462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)      VLOG(3) << "Ignoring non-binary file: " << file.value();
472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)    }
482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)  }
492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)  results->success = true;
502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}
512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)
522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}  // namespace zip_analyzer
532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)}  // namespace safe_browsing
54