zip_analyzer.cc revision 46d4c2bc3267f3f028f39e7e311b0f89aba2e4fd
12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// found in the LICENSE file. 42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/common/safe_browsing/zip_analyzer.h" 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/logging.h" 82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "chrome/common/safe_browsing/download_protection_util.h" 9c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "third_party/zlib/google/zip_reader.h" 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace safe_browsing { 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace zip_analyzer { 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1446d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles)void AnalyzeZipFile(base::File zip_file, Results* results) { 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) zip::ZipReader reader; 1646d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) // OpenFromPlatformFile may close the handle even when it fails, but there is 1746d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) // no way to know if it did that or not. Assume it did (that's the common 1846d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) // case). 1946d4c2bc3267f3f028f39e7e311b0f89aba2e4fdTorne (Richard Coles) if (!reader.OpenFromPlatformFile(zip_file.TakePlatformFile())) { 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) VLOG(1) << "Failed to open zip file"; 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) return; 222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) bool advanced = true; 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) for (; reader.HasMore(); advanced = reader.AdvanceToNextEntry()) { 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) if (!advanced) { 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) VLOG(1) << "Could not advance to next entry, aborting zip scan."; 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) return; 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (!reader.OpenCurrentEntryInZip()) { 312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) VLOG(1) << "Failed to open current entry in zip file"; 322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) continue; 332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const base::FilePath& file = reader.current_entry_info()->file_path(); 352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (download_protection_util::IsBinaryFile(file)) { 362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Don't consider an archived archive to be executable, but record 372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // a histogram. 382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) if (download_protection_util::IsArchiveFile(file)) { 392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) results->has_archive = true; 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } else { 412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) VLOG(2) << "Downloaded a zipped executable: " << file.value(); 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) results->has_executable = true; 432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) break; 442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } else { 462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) VLOG(3) << "Ignoring non-binary file: " << file.value(); 472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) } 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) results->success = true; 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} 512a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace zip_analyzer 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace safe_browsing 54