FSA: Restrict suggestedName extensions to 16 characters

a-sully · Chromium LUCI CQ · commit 028168a938a7 · 2022-08-22T17:36:05.000Z
Matches the extension length restriction for FilePickerOptions Bug: 1354505 Change-Id: I37d61aed0bcebbdf05d131a33cc0f14b117f04e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3841864 Commit-Queue: Daseul Lee <dslee@chromium.org> Reviewed-by: Daseul Lee <dslee@chromium.org> Auto-Submit: Austin Sullivan <asully@chromium.org> Cr-Commit-Position: refs/heads/main@{#1037829}
diff --git a/content/browser/file_system_access/file_system_chooser.cc b/content/browser/file_system_access/file_system_chooser.cc
@@ -4,23 +4,18 @@
 
 #include "content/browser/file_system_access/file_system_chooser.h"
 
-#include "base/bind.h"
 #include "base/files/file_path.h"
-#include "base/files/file_util.h"
 #include "base/i18n/file_util_icu.h"
 #include "base/i18n/rtl.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
-#include "content/browser/file_system_access/file_system_access_directory_handle_impl.h"
 #include "content/browser/file_system_access/file_system_access_error.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_client.h"
-#include "net/base/filename_util.h"
 #include "net/base/mime_util.h"
 #include "ui/gfx/text_elider.h"
 #include "ui/shell_dialogs/select_file_policy.h"
@@ -36,6 +31,10 @@ namespace {
 // size and underlying platform all influence how many characters will actually
 // be visible. As such this can be adjusted as needed.
 constexpr int kMaxDescriptionLength = 64;
+// The maximum number of unicode code points the extension of a file is
+// allowed to be. Any longer extensions will be stripped. This value should be
+// kept in sync with the extension length checks in the renderer.
+constexpr int kMaxExtensionLength = 16;
 
 std::string TypeToString(ui::SelectFileDialog::Type type) {
   switch (type) {
@@ -214,6 +213,12 @@ base::FilePath FileSystemChooser::Options::ResolveSuggestedNameExtension(
 
   auto suggested_extension = suggested_name.Extension();
 
+  if (suggested_extension.size() > kMaxExtensionLength) {
+    // Sanitize extensions longer than 16 characters.
+    file_types.include_all_files = true;
+    return suggested_name.RemoveExtension();
+  }
+
   if (file_types.extensions.empty() || suggested_extension.empty()) {
     file_types.include_all_files = true;
     return suggested_name;
diff --git a/content/browser/file_system_access/file_system_chooser_browsertest.cc b/content/browser/file_system_access/file_system_chooser_browsertest.cc
@@ -1620,6 +1620,12 @@ IN_PROC_BROWSER_TEST_F(FileSystemChooserBrowserTest, SuggestedName) {
                         true, "dangerous_extension.scf.png", true});
   name_infos.push_back({"dangerous_extension.url.png", ListValueOf(".png"),
                         true, "dangerous_extension.url.png", true});
+  // Extensions longer than 16 characters should be stripped.
+  name_infos.push_back({"long_extension.len10plus123456",
+                        ListValueOf(".len10plus123456"), true,
+                        "long_extension.len10plus123456", true});
+  name_infos.push_back({"long_extension.len10plus1234567", ListValueOf(".nope"),
+                        true, "long_extension", false});
   // Invalid characters should be sanitized.
   name_infos.push_back({R"(inv*l:d\\ch%rבאמת!a<ters🤓.txt)",
                         ListValueOf(".txt"), true,
