New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 853922 link

Starred by 1 user
Status: Fixed
Owner:
vakh@chromium.org
Closed: Jun 2018
Cc:
auk@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 750327



Sign in to add a comment

RAR analysis: If a contained file is archive, don't also mark it executable.

Project Member Reported by vakh@chromium.org, Jun 18 2018 
zip_analyzer marks a file as executable if it is not an archive and is a IsCheckedBinaryFile()

rar_analyzer does not consider whether the file is an archive, only checks IsCheckedBinaryFile().
Project Member

Comment 1 by bugdroid1@chromium.org, Jun 19 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4323e76d79dd29b802cdf07328c0a314266bba78

commit 4323e76d79dd29b802cdf07328c0a314266bba78
Author: Varun Khaneja <vakh@chromium.org>
Date: Tue Jun 19 02:11:08 2018

[s] Do not mark contained archives as executables.

This mimics the behavior of zip_analyzer.

Also, mark contained archives as ARCHIVE instead of
ZIPPED_ARCHIVE or RAR_COMPRESSED_ARCHIVE.

Bug:  853922 , 853971
Change-Id: I159126518c1de29029c0a3a0fd435fb997cb2952
Reviewed-on: https://chromium-review.googlesource.com/1105195
Reviewed-by: Jialiu Lin <jialiul@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Commit-Queue: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#568299}
[modify] https://crrev.com/4323e76d79dd29b802cdf07328c0a314266bba78/chrome/common/safe_browsing/rar_analyzer.cc
[modify] https://crrev.com/4323e76d79dd29b802cdf07328c0a314266bba78/chrome/common/safe_browsing/zip_analyzer.cc
[modify] https://crrev.com/4323e76d79dd29b802cdf07328c0a314266bba78/chrome/services/file_util/public/cpp/sandboxed_rar_analyzer_unittest.cc

Comment 2 by vakh@chromium.org, Jun 20 2018

Status: Fixed (was: Started)
{
   "archive_valid": true,
   "archived_binary": [ {
      "download_type": 6,
      "file_basename": "empty.zip",
      "length": 22
   } ],
   "download_type": 12,
   "file_basename": "has_archive.rar",
   "length": 86,
   "url": "https://aawc.gitlab.io/safebrowsing/s/has_archive.rar"
}

Sign in to add a comment