PlzNavigate: Improvements to RFHM commit logic.
[chromium-blink-merge.git] / net / base / mime_sniffer.cc
blob45e810f2b1a2c86fb4eabe78e5bd3e318044233a
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Detecting mime types is a tricky business because we need to balance
6 // compatibility concerns with security issues. Here is a survey of how other
7 // browsers behave and then a description of how we intend to behave.
8 //
9 // HTML payload, no Content-Type header:
10 // * IE 7: Render as HTML
11 // * Firefox 2: Render as HTML
12 // * Safari 3: Render as HTML
13 // * Opera 9: Render as HTML
15 // Here the choice seems clear:
16 // => Chrome: Render as HTML
18 // HTML payload, Content-Type: "text/plain":
19 // * IE 7: Render as HTML
20 // * Firefox 2: Render as text
21 // * Safari 3: Render as text (Note: Safari will Render as HTML if the URL
22 // has an HTML extension)
23 // * Opera 9: Render as text
25 // Here we choose to follow the majority (and break some compatibility with IE).
26 // Many folks dislike IE's behavior here.
27 // => Chrome: Render as text
28 // We generalize this as follows. If the Content-Type header is text/plain
29 // we won't detect dangerous mime types (those that can execute script).
31 // HTML payload, Content-Type: "application/octet-stream":
32 // * IE 7: Render as HTML
33 // * Firefox 2: Download as application/octet-stream
34 // * Safari 3: Render as HTML
35 // * Opera 9: Render as HTML
37 // We follow Firefox.
38 // => Chrome: Download as application/octet-stream
39 // One factor in this decision is that IIS 4 and 5 will send
40 // application/octet-stream for .xhtml files (because they don't recognize
41 // the extension). We did some experiments and it looks like this doesn't occur
42 // very often on the web. We choose the more secure option.
44 // GIF payload, no Content-Type header:
45 // * IE 7: Render as GIF
46 // * Firefox 2: Render as GIF
47 // * Safari 3: Download as Unknown (Note: Safari will Render as GIF if the
48 // URL has an GIF extension)
49 // * Opera 9: Render as GIF
51 // The choice is clear.
52 // => Chrome: Render as GIF
53 // Once we decide to render HTML without a Content-Type header, there isn't much
54 // reason not to render GIFs.
56 // GIF payload, Content-Type: "text/plain":
57 // * IE 7: Render as GIF
58 // * Firefox 2: Download as application/octet-stream (Note: Firefox will
59 // Download as GIF if the URL has an GIF extension)
60 // * Safari 3: Download as Unknown (Note: Safari will Render as GIF if the
61 // URL has an GIF extension)
62 // * Opera 9: Render as GIF
64 // Displaying as text/plain makes little sense as the content will look like
65 // gibberish. Here, we could change our minds and download.
66 // => Chrome: Render as GIF
68 // GIF payload, Content-Type: "application/octet-stream":
69 // * IE 7: Render as GIF
70 // * Firefox 2: Download as application/octet-stream (Note: Firefox will
71 // Download as GIF if the URL has an GIF extension)
72 // * Safari 3: Download as Unknown (Note: Safari will Render as GIF if the
73 // URL has an GIF extension)
74 // * Opera 9: Render as GIF
76 // We used to render as GIF here, but the problem is that some sites want to
77 // trigger downloads by sending application/octet-stream (even though they
78 // should be sending Content-Disposition: attachment). Although it is safe
79 // to render as GIF from a security perspective, we actually get better
80 // compatibility if we don't sniff from application/octet stream at all.
81 // => Chrome: Download as application/octet-stream
83 // XHTML payload, Content-Type: "text/xml":
84 // * IE 7: Render as XML
85 // * Firefox 2: Render as HTML
86 // * Safari 3: Render as HTML
87 // * Opera 9: Render as HTML
88 // The layout tests rely on us rendering this as HTML.
89 // But we're conservative in XHTML detection, as this runs afoul of the
90 // "don't detect dangerous mime types" rule.
92 // Note that our definition of HTML payload is much stricter than IE's
93 // definition and roughly the same as Firefox's definition.
95 #include <string>
97 #include "net/base/mime_sniffer.h"
99 #include "base/basictypes.h"
100 #include "base/logging.h"
101 #include "base/metrics/histogram.h"
102 #include "base/strings/string_util.h"
103 #include "url/gurl.h"
105 namespace net {
107 // The number of content bytes we need to use all our magic numbers. Feel free
108 // to increase this number if you add a longer magic number.
109 static const size_t kBytesRequiredForMagic = 42;
111 struct MagicNumber {
112 const char* const mime_type;
113 const char* const magic;
114 size_t magic_len;
115 bool is_string;
116 const char* const mask; // if set, must have same length as |magic|
119 #define MAGIC_NUMBER(mime_type, magic) \
120 { (mime_type), (magic), sizeof(magic)-1, false, NULL },
122 template <int MagicSize, int MaskSize>
123 class VerifySizes {
124 static_assert(MagicSize == MaskSize, "sizes must be equal");
126 public:
127 enum { SIZES = MagicSize };
130 #define verified_sizeof(magic, mask) \
131 VerifySizes<sizeof(magic), sizeof(mask)>::SIZES
133 #define MAGIC_MASK(mime_type, magic, mask) \
134 { (mime_type), (magic), verified_sizeof(magic, mask)-1, false, (mask) },
136 // Magic strings are case insensitive and must not include '\0' characters
137 #define MAGIC_STRING(mime_type, magic) \
138 { (mime_type), (magic), sizeof(magic)-1, true, NULL },
140 static const MagicNumber kMagicNumbers[] = {
141 // Source: HTML 5 specification
142 MAGIC_NUMBER("application/pdf", "%PDF-")
143 MAGIC_NUMBER("application/postscript", "%!PS-Adobe-")
144 MAGIC_NUMBER("image/gif", "GIF87a")
145 MAGIC_NUMBER("image/gif", "GIF89a")
146 MAGIC_NUMBER("image/png", "\x89" "PNG\x0D\x0A\x1A\x0A")
147 MAGIC_NUMBER("image/jpeg", "\xFF\xD8\xFF")
148 MAGIC_NUMBER("image/bmp", "BM")
149 // Source: Mozilla
150 MAGIC_NUMBER("text/plain", "#!") // Script
151 MAGIC_NUMBER("text/plain", "%!") // Script, similar to PS
152 MAGIC_NUMBER("text/plain", "From")
153 MAGIC_NUMBER("text/plain", ">From")
154 // Chrome specific
155 MAGIC_NUMBER("application/x-gzip", "\x1F\x8B\x08")
156 MAGIC_NUMBER("audio/x-pn-realaudio", "\x2E\x52\x4D\x46")
157 MAGIC_NUMBER("video/x-ms-asf",
158 "\x30\x26\xB2\x75\x8E\x66\xCF\x11\xA6\xD9\x00\xAA\x00\x62\xCE\x6C")
159 MAGIC_NUMBER("image/tiff", "I I")
160 MAGIC_NUMBER("image/tiff", "II*")
161 MAGIC_NUMBER("image/tiff", "MM\x00*")
162 MAGIC_NUMBER("audio/mpeg", "ID3")
163 MAGIC_NUMBER("image/webp", "RIFF....WEBPVP8 ")
164 MAGIC_NUMBER("video/webm", "\x1A\x45\xDF\xA3")
165 // TODO(abarth): we don't handle partial byte matches yet
166 // MAGIC_NUMBER("video/mpeg", "\x00\x00\x01\xB")
167 // MAGIC_NUMBER("audio/mpeg", "\xFF\xE")
168 // MAGIC_NUMBER("audio/mpeg", "\xFF\xF")
169 MAGIC_NUMBER("application/zip", "PK\x03\x04")
170 MAGIC_NUMBER("application/x-rar-compressed", "Rar!\x1A\x07\x00")
171 MAGIC_NUMBER("application/x-msmetafile", "\xD7\xCD\xC6\x9A")
172 MAGIC_NUMBER("application/octet-stream", "MZ") // EXE
173 // Sniffing for Flash:
175 // MAGIC_NUMBER("application/x-shockwave-flash", "CWS")
176 // MAGIC_NUMBER("application/x-shockwave-flash", "FLV")
177 // MAGIC_NUMBER("application/x-shockwave-flash", "FWS")
179 // Including these magic number for Flash is a trade off.
181 // Pros:
182 // * Flash is an important and popular file format
184 // Cons:
185 // * These patterns are fairly weak
186 // * If we mistakenly decide something is Flash, we will execute it
187 // in the origin of an unsuspecting site. This could be a security
188 // vulnerability if the site allows users to upload content.
190 // On balance, we do not include these patterns.
193 // The number of content bytes we need to use all our Microsoft Office magic
194 // numbers.
195 static const size_t kBytesRequiredForOfficeMagic = 8;
197 static const MagicNumber kOfficeMagicNumbers[] = {
198 MAGIC_NUMBER("CFB", "\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1")
199 MAGIC_NUMBER("OOXML", "PK\x03\x04")
202 enum OfficeDocType {
203 DOC_TYPE_WORD,
204 DOC_TYPE_EXCEL,
205 DOC_TYPE_POWERPOINT,
206 DOC_TYPE_NONE
209 struct OfficeExtensionType {
210 OfficeDocType doc_type;
211 const char* const extension;
212 size_t extension_len;
215 #define OFFICE_EXTENSION(type, extension) \
216 { (type), (extension), sizeof(extension) - 1 },
218 static const OfficeExtensionType kOfficeExtensionTypes[] = {
219 OFFICE_EXTENSION(DOC_TYPE_WORD, ".doc")
220 OFFICE_EXTENSION(DOC_TYPE_EXCEL, ".xls")
221 OFFICE_EXTENSION(DOC_TYPE_POWERPOINT, ".ppt")
222 OFFICE_EXTENSION(DOC_TYPE_WORD, ".docx")
223 OFFICE_EXTENSION(DOC_TYPE_EXCEL, ".xlsx")
224 OFFICE_EXTENSION(DOC_TYPE_POWERPOINT, ".pptx")
227 static const MagicNumber kExtraMagicNumbers[] = {
228 MAGIC_NUMBER("image/x-xbitmap", "#define")
229 MAGIC_NUMBER("image/x-icon", "\x00\x00\x01\x00")
230 MAGIC_NUMBER("image/svg+xml", "<?xml_version=")
231 MAGIC_NUMBER("audio/wav", "RIFF....WAVEfmt ")
232 MAGIC_NUMBER("video/avi", "RIFF....AVI LIST")
233 MAGIC_NUMBER("audio/ogg", "OggS")
234 MAGIC_MASK("video/mpeg", "\x00\x00\x01\xB0", "\xFF\xFF\xFF\xF0")
235 MAGIC_MASK("audio/mpeg", "\xFF\xE0", "\xFF\xE0")
236 MAGIC_NUMBER("video/3gpp", "....ftyp3g")
237 MAGIC_NUMBER("video/3gpp", "....ftypavcl")
238 MAGIC_NUMBER("video/mp4", "....ftyp")
239 MAGIC_NUMBER("video/quicktime", "....moov")
240 MAGIC_NUMBER("application/x-shockwave-flash", "CWS")
241 MAGIC_NUMBER("application/x-shockwave-flash", "FWS")
242 MAGIC_NUMBER("video/x-flv", "FLV")
243 MAGIC_NUMBER("audio/x-flac", "fLaC")
245 // RAW image types.
246 MAGIC_NUMBER("image/x-canon-cr2", "II\x2a\x00\x10\x00\x00\x00CR")
247 MAGIC_NUMBER("image/x-canon-crw", "II\x1a\x00\x00\x00HEAPCCDR")
248 MAGIC_NUMBER("image/x-minolta-mrw", "\x00MRM")
249 MAGIC_NUMBER("image/x-olympus-orf", "MMOR") // big-endian
250 MAGIC_NUMBER("image/x-olympus-orf", "IIRO") // little-endian
251 MAGIC_NUMBER("image/x-olympus-orf", "IIRS") // little-endian
252 MAGIC_NUMBER("image/x-fuji-raf", "FUJIFILMCCD-RAW ")
253 MAGIC_NUMBER("image/x-panasonic-raw",
254 "IIU\x00\x08\x00\x00\x00") // Panasonic .raw
255 MAGIC_NUMBER("image/x-panasonic-raw",
256 "IIU\x00\x18\x00\x00\x00") // Panasonic .rw2
257 MAGIC_NUMBER("image/x-phaseone-raw", "MMMMRaw")
258 MAGIC_NUMBER("image/x-x3f", "FOVb")
261 // Our HTML sniffer differs slightly from Mozilla. For example, Mozilla will
262 // decide that a document that begins "<!DOCTYPE SOAP-ENV:Envelope PUBLIC " is
263 // HTML, but we will not.
265 #define MAGIC_HTML_TAG(tag) \
266 MAGIC_STRING("text/html", "<" tag)
268 static const MagicNumber kSniffableTags[] = {
269 // XML processing directive. Although this is not an HTML mime type, we sniff
270 // for this in the HTML phase because text/xml is just as powerful as HTML and
271 // we want to leverage our white space skipping technology.
272 MAGIC_NUMBER("text/xml", "<?xml") // Mozilla
273 // DOCTYPEs
274 MAGIC_HTML_TAG("!DOCTYPE html") // HTML5 spec
275 // Sniffable tags, ordered by how often they occur in sniffable documents.
276 MAGIC_HTML_TAG("script") // HTML5 spec, Mozilla
277 MAGIC_HTML_TAG("html") // HTML5 spec, Mozilla
278 MAGIC_HTML_TAG("!--")
279 MAGIC_HTML_TAG("head") // HTML5 spec, Mozilla
280 MAGIC_HTML_TAG("iframe") // Mozilla
281 MAGIC_HTML_TAG("h1") // Mozilla
282 MAGIC_HTML_TAG("div") // Mozilla
283 MAGIC_HTML_TAG("font") // Mozilla
284 MAGIC_HTML_TAG("table") // Mozilla
285 MAGIC_HTML_TAG("a") // Mozilla
286 MAGIC_HTML_TAG("style") // Mozilla
287 MAGIC_HTML_TAG("title") // Mozilla
288 MAGIC_HTML_TAG("b") // Mozilla
289 MAGIC_HTML_TAG("body") // Mozilla
290 MAGIC_HTML_TAG("br")
291 MAGIC_HTML_TAG("p") // Mozilla
294 static base::HistogramBase* UMASnifferHistogramGet(const char* name,
295 int array_size) {
296 base::HistogramBase* counter =
297 base::LinearHistogram::FactoryGet(name, 1, array_size - 1, array_size,
298 base::HistogramBase::kUmaTargetedHistogramFlag);
299 return counter;
302 // Compare content header to a magic number where magic_entry can contain '.'
303 // for single character of anything, allowing some bytes to be skipped.
304 static bool MagicCmp(const char* magic_entry, const char* content, size_t len) {
305 while (len) {
306 if ((*magic_entry != '.') && (*magic_entry != *content))
307 return false;
308 ++magic_entry;
309 ++content;
310 --len;
312 return true;
315 // Like MagicCmp() except that it ANDs each byte with a mask before
316 // the comparison, because there are some bits we don't care about.
317 static bool MagicMaskCmp(const char* magic_entry,
318 const char* content,
319 size_t len,
320 const char* mask) {
321 while (len) {
322 if ((*magic_entry != '.') && (*magic_entry != (*mask & *content)))
323 return false;
324 ++magic_entry;
325 ++content;
326 ++mask;
327 --len;
329 return true;
332 static bool MatchMagicNumber(const char* content,
333 size_t size,
334 const MagicNumber& magic_entry,
335 std::string* result) {
336 const size_t len = magic_entry.magic_len;
338 // Keep kBytesRequiredForMagic honest.
339 DCHECK_LE(len, kBytesRequiredForMagic);
341 // To compare with magic strings, we need to compute strlen(content), but
342 // content might not actually have a null terminator. In that case, we
343 // pretend the length is content_size.
344 const char* end = static_cast<const char*>(memchr(content, '\0', size));
345 const size_t content_strlen =
346 (end != NULL) ? static_cast<size_t>(end - content) : size;
348 bool match = false;
349 if (magic_entry.is_string) {
350 if (content_strlen >= len) {
351 // String comparisons are case-insensitive
352 match = (base::strncasecmp(magic_entry.magic, content, len) == 0);
354 } else {
355 if (size >= len) {
356 if (!magic_entry.mask) {
357 match = MagicCmp(magic_entry.magic, content, len);
358 } else {
359 match = MagicMaskCmp(magic_entry.magic, content, len, magic_entry.mask);
364 if (match) {
365 result->assign(magic_entry.mime_type);
366 return true;
368 return false;
371 static bool CheckForMagicNumbers(const char* content, size_t size,
372 const MagicNumber* magic, size_t magic_len,
373 base::HistogramBase* counter,
374 std::string* result) {
375 for (size_t i = 0; i < magic_len; ++i) {
376 if (MatchMagicNumber(content, size, magic[i], result)) {
377 if (counter) counter->Add(static_cast<int>(i));
378 return true;
381 return false;
384 // Truncates |size| to |max_size| and returns true if |size| is at least
385 // |max_size|.
386 static bool TruncateSize(const size_t max_size, size_t* size) {
387 // Keep kMaxBytesToSniff honest.
388 DCHECK_LE(static_cast<int>(max_size), kMaxBytesToSniff);
390 if (*size >= max_size) {
391 *size = max_size;
392 return true;
394 return false;
397 // Returns true and sets result if the content appears to be HTML.
398 // Clears have_enough_content if more data could possibly change the result.
399 static bool SniffForHTML(const char* content,
400 size_t size,
401 bool* have_enough_content,
402 std::string* result) {
403 // For HTML, we are willing to consider up to 512 bytes. This may be overly
404 // conservative as IE only considers 256.
405 *have_enough_content &= TruncateSize(512, &size);
407 // We adopt a strategy similar to that used by Mozilla to sniff HTML tags,
408 // but with some modifications to better match the HTML5 spec.
409 const char* const end = content + size;
410 const char* pos;
411 for (pos = content; pos < end; ++pos) {
412 if (!IsAsciiWhitespace(*pos))
413 break;
415 static base::HistogramBase* counter(NULL);
416 if (!counter) {
417 counter = UMASnifferHistogramGet("mime_sniffer.kSniffableTags2",
418 arraysize(kSniffableTags));
420 // |pos| now points to first non-whitespace character (or at end).
421 return CheckForMagicNumbers(pos, end - pos,
422 kSniffableTags, arraysize(kSniffableTags),
423 counter, result);
426 // Returns true and sets result if the content matches any of kMagicNumbers.
427 // Clears have_enough_content if more data could possibly change the result.
428 static bool SniffForMagicNumbers(const char* content,
429 size_t size,
430 bool* have_enough_content,
431 std::string* result) {
432 *have_enough_content &= TruncateSize(kBytesRequiredForMagic, &size);
434 // Check our big table of Magic Numbers
435 static base::HistogramBase* counter(NULL);
436 if (!counter) {
437 counter = UMASnifferHistogramGet("mime_sniffer.kMagicNumbers2",
438 arraysize(kMagicNumbers));
440 return CheckForMagicNumbers(content, size,
441 kMagicNumbers, arraysize(kMagicNumbers),
442 counter, result);
445 // Returns true and sets result if the content matches any of
446 // kOfficeMagicNumbers, and the URL has the proper extension.
447 // Clears |have_enough_content| if more data could possibly change the result.
448 static bool SniffForOfficeDocs(const char* content,
449 size_t size,
450 const GURL& url,
451 bool* have_enough_content,
452 std::string* result) {
453 *have_enough_content &= TruncateSize(kBytesRequiredForOfficeMagic, &size);
455 // Check our table of magic numbers for Office file types.
456 std::string office_version;
457 if (!CheckForMagicNumbers(content, size,
458 kOfficeMagicNumbers, arraysize(kOfficeMagicNumbers),
459 NULL, &office_version))
460 return false;
462 OfficeDocType type = DOC_TYPE_NONE;
463 for (size_t i = 0; i < arraysize(kOfficeExtensionTypes); ++i) {
464 std::string url_path = url.path();
466 if (url_path.length() < kOfficeExtensionTypes[i].extension_len)
467 continue;
469 const char* extension =
470 &url_path[url_path.length() - kOfficeExtensionTypes[i].extension_len];
472 if (0 == base::strncasecmp(extension, kOfficeExtensionTypes[i].extension,
473 kOfficeExtensionTypes[i].extension_len)) {
474 type = kOfficeExtensionTypes[i].doc_type;
475 break;
479 if (type == DOC_TYPE_NONE)
480 return false;
482 if (office_version == "CFB") {
483 switch (type) {
484 case DOC_TYPE_WORD:
485 *result = "application/msword";
486 return true;
487 case DOC_TYPE_EXCEL:
488 *result = "application/vnd.ms-excel";
489 return true;
490 case DOC_TYPE_POWERPOINT:
491 *result = "application/vnd.ms-powerpoint";
492 return true;
493 case DOC_TYPE_NONE:
494 NOTREACHED();
495 return false;
497 } else if (office_version == "OOXML") {
498 switch (type) {
499 case DOC_TYPE_WORD:
500 *result = "application/vnd.openxmlformats-officedocument."
501 "wordprocessingml.document";
502 return true;
503 case DOC_TYPE_EXCEL:
504 *result = "application/vnd.openxmlformats-officedocument."
505 "spreadsheetml.sheet";
506 return true;
507 case DOC_TYPE_POWERPOINT:
508 *result = "application/vnd.openxmlformats-officedocument."
509 "presentationml.presentation";
510 return true;
511 case DOC_TYPE_NONE:
512 NOTREACHED();
513 return false;
517 NOTREACHED();
518 return false;
521 static bool IsOfficeType(const std::string& type_hint) {
522 return (type_hint == "application/msword" ||
523 type_hint == "application/vnd.ms-excel" ||
524 type_hint == "application/vnd.ms-powerpoint" ||
525 type_hint == "application/vnd.openxmlformats-officedocument."
526 "wordprocessingml.document" ||
527 type_hint == "application/vnd.openxmlformats-officedocument."
528 "spreadsheetml.sheet" ||
529 type_hint == "application/vnd.openxmlformats-officedocument."
530 "presentationml.presentation" ||
531 type_hint == "application/vnd.ms-excel.sheet.macroenabled.12" ||
532 type_hint == "application/vnd.ms-word.document.macroenabled.12" ||
533 type_hint == "application/vnd.ms-powerpoint.presentation."
534 "macroenabled.12" ||
535 type_hint == "application/mspowerpoint" ||
536 type_hint == "application/msexcel" ||
537 type_hint == "application/vnd.ms-word" ||
538 type_hint == "application/vnd.ms-word.document.12" ||
539 type_hint == "application/vnd.msword");
542 // This function checks for files that have a Microsoft Office MIME type
543 // set, but are not actually Office files.
545 // If this is not actually an Office file, |*result| is set to
546 // "application/octet-stream", otherwise it is not modified.
548 // Returns false if additional data is required to determine the file type, or
549 // true if there is enough data to make a decision.
550 static bool SniffForInvalidOfficeDocs(const char* content,
551 size_t size,
552 const GURL& url,
553 std::string* result) {
554 if (!TruncateSize(kBytesRequiredForOfficeMagic, &size))
555 return false;
557 // Check our table of magic numbers for Office file types. If it does not
558 // match one, the MIME type was invalid. Set it instead to a safe value.
559 std::string office_version;
560 if (!CheckForMagicNumbers(content, size,
561 kOfficeMagicNumbers, arraysize(kOfficeMagicNumbers),
562 NULL, &office_version)) {
563 *result = "application/octet-stream";
566 // We have enough information to determine if this was a Microsoft Office
567 // document or not, so sniffing is completed.
568 return true;
571 // Byte order marks
572 static const MagicNumber kMagicXML[] = {
573 // We want to be very conservative in interpreting text/xml content as
574 // XHTML -- we just want to sniff enough to make unit tests pass.
575 // So we match explicitly on this, and don't match other ways of writing
576 // it in semantically-equivalent ways.
577 MAGIC_STRING("application/xhtml+xml",
578 "<html xmlns=\"http://www.w3.org/1999/xhtml\"")
579 MAGIC_STRING("application/atom+xml", "<feed")
580 MAGIC_STRING("application/rss+xml", "<rss") // UTF-8
583 // Returns true and sets result if the content appears to contain XHTML or a
584 // feed.
585 // Clears have_enough_content if more data could possibly change the result.
587 // TODO(evanm): this is similar but more conservative than what Safari does,
588 // while HTML5 has a different recommendation -- what should we do?
589 // TODO(evanm): this is incorrect for documents whose encoding isn't a superset
590 // of ASCII -- do we care?
591 static bool SniffXML(const char* content,
592 size_t size,
593 bool* have_enough_content,
594 std::string* result) {
595 // We allow at most 300 bytes of content before we expect the opening tag.
596 *have_enough_content &= TruncateSize(300, &size);
597 const char* pos = content;
598 const char* const end = content + size;
600 // This loop iterates through tag-looking offsets in the file.
601 // We want to skip XML processing instructions (of the form "<?xml ...")
602 // and stop at the first "plain" tag, then make a decision on the mime-type
603 // based on the name (or possibly attributes) of that tag.
604 static base::HistogramBase* counter(NULL);
605 if (!counter) {
606 counter = UMASnifferHistogramGet("mime_sniffer.kMagicXML2",
607 arraysize(kMagicXML));
609 const int kMaxTagIterations = 5;
610 for (int i = 0; i < kMaxTagIterations && pos < end; ++i) {
611 pos = reinterpret_cast<const char*>(memchr(pos, '<', end - pos));
612 if (!pos)
613 return false;
615 if ((pos + sizeof("<?xml") - 1 <= end) &&
616 (base::strncasecmp(pos, "<?xml", sizeof("<?xml") - 1) == 0)) {
617 // Skip XML declarations.
618 ++pos;
619 continue;
620 } else if ((pos + sizeof("<!DOCTYPE") - 1 <= end) &&
621 (base::strncasecmp(pos, "<!DOCTYPE", sizeof("<!DOCTYPE") - 1) ==
622 0)) {
623 // Skip DOCTYPE declarations.
624 ++pos;
625 continue;
628 if (CheckForMagicNumbers(pos, end - pos,
629 kMagicXML, arraysize(kMagicXML),
630 counter, result))
631 return true;
633 // TODO(evanm): handle RSS 1.0, which is an RDF format and more difficult
634 // to identify.
636 // If we get here, we've hit an initial tag that hasn't matched one of the
637 // above tests. Abort.
638 return true;
641 // We iterated too far without finding a start tag.
642 // If we have more content to look at, we aren't going to change our mind by
643 // seeing more bytes from the network.
644 return pos < end;
647 // Byte order marks
648 static const MagicNumber kByteOrderMark[] = {
649 MAGIC_NUMBER("text/plain", "\xFE\xFF") // UTF-16BE
650 MAGIC_NUMBER("text/plain", "\xFF\xFE") // UTF-16LE
651 MAGIC_NUMBER("text/plain", "\xEF\xBB\xBF") // UTF-8
654 // Whether a given byte looks like it might be part of binary content.
655 // Source: HTML5 spec
656 static char kByteLooksBinary[] = {
657 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, // 0x00 - 0x0F
658 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, // 0x10 - 0x1F
659 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x20 - 0x2F
660 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x30 - 0x3F
661 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x40 - 0x4F
662 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x50 - 0x5F
663 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x60 - 0x6F
664 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x70 - 0x7F
665 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x80 - 0x8F
666 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0x90 - 0x9F
667 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xA0 - 0xAF
668 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xB0 - 0xBF
669 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xC0 - 0xCF
670 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xD0 - 0xDF
671 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xE0 - 0xEF
672 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0xF0 - 0xFF
675 // Returns true and sets result to "application/octet-stream" if the content
676 // appears to be binary data. Otherwise, returns false and sets "text/plain".
677 // Clears have_enough_content if more data could possibly change the result.
678 static bool SniffBinary(const char* content,
679 size_t size,
680 bool* have_enough_content,
681 std::string* result) {
682 // There is no concensus about exactly how to sniff for binary content.
683 // * IE 7: Don't sniff for binary looking bytes, but trust the file extension.
684 // * Firefox 3.5: Sniff first 4096 bytes for a binary looking byte.
685 // Here, we side with FF, but with a smaller buffer. This size was chosen
686 // because it is small enough to comfortably fit into a single packet (after
687 // allowing for headers) and yet large enough to account for binary formats
688 // that have a significant amount of ASCII at the beginning (crbug.com/15314).
689 const bool is_truncated = TruncateSize(kMaxBytesToSniff, &size);
691 // First, we look for a BOM.
692 static base::HistogramBase* counter(NULL);
693 if (!counter) {
694 counter = UMASnifferHistogramGet("mime_sniffer.kByteOrderMark2",
695 arraysize(kByteOrderMark));
697 std::string unused;
698 if (CheckForMagicNumbers(content, size,
699 kByteOrderMark, arraysize(kByteOrderMark),
700 counter, &unused)) {
701 // If there is BOM, we think the buffer is not binary.
702 result->assign("text/plain");
703 return false;
706 // Next we look to see if any of the bytes "look binary."
707 for (size_t i = 0; i < size; ++i) {
708 // If we a see a binary-looking byte, we think the content is binary.
709 if (kByteLooksBinary[static_cast<unsigned char>(content[i])]) {
710 result->assign("application/octet-stream");
711 return true;
715 // No evidence either way. Default to non-binary and, if truncated, clear
716 // have_enough_content because there could be a binary looking byte in the
717 // truncated data.
718 *have_enough_content &= is_truncated;
719 result->assign("text/plain");
720 return false;
723 static bool IsUnknownMimeType(const std::string& mime_type) {
724 // TODO(tc): Maybe reuse some code in net/http/http_response_headers.* here.
725 // If we do, please be careful not to alter the semantics at all.
726 static const char* const kUnknownMimeTypes[] = {
727 // Empty mime types are as unknown as they get.
729 // The unknown/unknown type is popular and uninformative
730 "unknown/unknown",
731 // The second most popular unknown mime type is application/unknown
732 "application/unknown",
733 // Firefox rejects a mime type if it is exactly */*
734 "*/*",
736 static base::HistogramBase* counter(NULL);
737 if (!counter) {
738 counter = UMASnifferHistogramGet("mime_sniffer.kUnknownMimeTypes2",
739 arraysize(kUnknownMimeTypes) + 1);
741 for (size_t i = 0; i < arraysize(kUnknownMimeTypes); ++i) {
742 if (mime_type == kUnknownMimeTypes[i]) {
743 counter->Add(i);
744 return true;
747 if (mime_type.find('/') == std::string::npos) {
748 // Firefox rejects a mime type if it does not contain a slash
749 counter->Add(arraysize(kUnknownMimeTypes));
750 return true;
752 return false;
755 // Returns true and sets result if the content appears to be a crx (Chrome
756 // extension) file.
757 // Clears have_enough_content if more data could possibly change the result.
758 static bool SniffCRX(const char* content,
759 size_t size,
760 const GURL& url,
761 const std::string& type_hint,
762 bool* have_enough_content,
763 std::string* result) {
764 static base::HistogramBase* counter(NULL);
765 if (!counter)
766 counter = UMASnifferHistogramGet("mime_sniffer.kSniffCRX", 3);
768 // Technically, the crx magic number is just Cr24, but the bytes after that
769 // are a version number which changes infrequently. Including it in the
770 // sniffing gives us less room for error. If the version number ever changes,
771 // we can just add an entry to this list.
773 // TODO(aa): If we ever have another magic number, we'll want to pass a
774 // histogram into CheckForMagicNumbers(), below, to see which one matched.
775 static const struct MagicNumber kCRXMagicNumbers[] = {
776 MAGIC_NUMBER("application/x-chrome-extension", "Cr24\x02\x00\x00\x00")
779 // Only consider files that have the extension ".crx".
780 static const char kCRXExtension[] = ".crx";
781 // Ignore null by subtracting 1.
782 static const int kExtensionLength = arraysize(kCRXExtension) - 1;
783 if (url.path().rfind(kCRXExtension, std::string::npos, kExtensionLength) ==
784 url.path().size() - kExtensionLength) {
785 counter->Add(1);
786 } else {
787 return false;
790 *have_enough_content &= TruncateSize(kBytesRequiredForMagic, &size);
791 if (CheckForMagicNumbers(content, size,
792 kCRXMagicNumbers, arraysize(kCRXMagicNumbers),
793 NULL, result)) {
794 counter->Add(2);
795 } else {
796 return false;
799 return true;
802 bool ShouldSniffMimeType(const GURL& url, const std::string& mime_type) {
803 static base::HistogramBase* should_sniff_counter(NULL);
804 if (!should_sniff_counter) {
805 should_sniff_counter =
806 UMASnifferHistogramGet("mime_sniffer.ShouldSniffMimeType2", 3);
808 bool sniffable_scheme = url.is_empty() ||
809 url.SchemeIsHTTPOrHTTPS() ||
810 url.SchemeIs("ftp") ||
811 #if defined(OS_ANDROID)
812 url.SchemeIs("content") ||
813 #endif
814 url.SchemeIsFile() ||
815 url.SchemeIsFileSystem();
816 if (!sniffable_scheme) {
817 should_sniff_counter->Add(1);
818 return false;
821 static const char* const kSniffableTypes[] = {
822 // Many web servers are misconfigured to send text/plain for many
823 // different types of content.
824 "text/plain",
825 // We want to sniff application/octet-stream for
826 // application/x-chrome-extension, but nothing else.
827 "application/octet-stream",
828 // XHTML and Atom/RSS feeds are often served as plain xml instead of
829 // their more specific mime types.
830 "text/xml",
831 "application/xml",
832 // Check for false Microsoft Office MIME types.
833 "application/msword",
834 "application/vnd.ms-excel",
835 "application/vnd.ms-powerpoint",
836 "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
837 "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
838 "application/vnd.openxmlformats-officedocument.presentationml.presentation",
839 "application/vnd.ms-excel.sheet.macroenabled.12",
840 "application/vnd.ms-word.document.macroenabled.12",
841 "application/vnd.ms-powerpoint.presentation.macroenabled.12",
842 "application/mspowerpoint",
843 "application/msexcel",
844 "application/vnd.ms-word",
845 "application/vnd.ms-word.document.12",
846 "application/vnd.msword",
848 static base::HistogramBase* counter(NULL);
849 if (!counter) {
850 counter = UMASnifferHistogramGet("mime_sniffer.kSniffableTypes2",
851 arraysize(kSniffableTypes) + 1);
853 for (size_t i = 0; i < arraysize(kSniffableTypes); ++i) {
854 if (mime_type == kSniffableTypes[i]) {
855 counter->Add(i);
856 should_sniff_counter->Add(2);
857 return true;
860 if (IsUnknownMimeType(mime_type)) {
861 // The web server didn't specify a content type or specified a mime
862 // type that we ignore.
863 counter->Add(arraysize(kSniffableTypes));
864 should_sniff_counter->Add(2);
865 return true;
867 should_sniff_counter->Add(1);
868 return false;
871 bool SniffMimeType(const char* content,
872 size_t content_size,
873 const GURL& url,
874 const std::string& type_hint,
875 std::string* result) {
876 DCHECK_LT(content_size, 1000000U); // sanity check
877 DCHECK(content);
878 DCHECK(result);
880 // By default, we assume we have enough content.
881 // Each sniff routine may unset this if it wasn't provided enough content.
882 bool have_enough_content = true;
884 // By default, we'll return the type hint.
885 // Each sniff routine may modify this if it has a better guess..
886 result->assign(type_hint);
888 // If the file has a Microsoft Office MIME type, we should only check that it
889 // is a valid Office file. Because this is the only reason we sniff files
890 // with a Microsoft Office MIME type, we can return early.
891 if (IsOfficeType(type_hint))
892 return SniffForInvalidOfficeDocs(content, content_size, url, result);
894 // Cache information about the type_hint
895 const bool hint_is_unknown_mime_type = IsUnknownMimeType(type_hint);
897 // First check for HTML
898 if (hint_is_unknown_mime_type) {
899 // We're only willing to sniff HTML if the server has not supplied a mime
900 // type, or if the type it did supply indicates that it doesn't know what
901 // the type should be.
902 if (SniffForHTML(content, content_size, &have_enough_content, result))
903 return true; // We succeeded in sniffing HTML. No more content needed.
906 // We're only willing to sniff for binary in 3 cases:
907 // 1. The server has not supplied a mime type.
908 // 2. The type it did supply indicates that it doesn't know what the type
909 // should be.
910 // 3. The type is "text/plain" which is the default on some web servers and
911 // could be indicative of a mis-configuration that we shield the user from.
912 const bool hint_is_text_plain = (type_hint == "text/plain");
913 if (hint_is_unknown_mime_type || hint_is_text_plain) {
914 if (!SniffBinary(content, content_size, &have_enough_content, result)) {
915 // If the server said the content was text/plain and it doesn't appear
916 // to be binary, then we trust it.
917 if (hint_is_text_plain) {
918 return have_enough_content;
923 // If we have plain XML, sniff XML subtypes.
924 if (type_hint == "text/xml" || type_hint == "application/xml") {
925 // We're not interested in sniffing these types for images and the like.
926 // Instead, we're looking explicitly for a feed. If we don't find one
927 // we're done and return early.
928 if (SniffXML(content, content_size, &have_enough_content, result))
929 return true;
930 return have_enough_content;
933 // CRX files (Chrome extensions) have a special sniffing algorithm. It is
934 // tighter than the others because we don't have to match legacy behavior.
935 if (SniffCRX(content, content_size, url, type_hint,
936 &have_enough_content, result))
937 return true;
939 // Check the file extension and magic numbers to see if this is an Office
940 // document. This needs to be checked before the general magic numbers
941 // because zip files and Office documents (OOXML) have the same magic number.
942 if (SniffForOfficeDocs(content, content_size, url,
943 &have_enough_content, result))
944 return true; // We've matched a magic number. No more content needed.
946 // We're not interested in sniffing for magic numbers when the type_hint
947 // is application/octet-stream. Time to bail out.
948 if (type_hint == "application/octet-stream")
949 return have_enough_content;
951 // Now we look in our large table of magic numbers to see if we can find
952 // anything that matches the content.
953 if (SniffForMagicNumbers(content, content_size,
954 &have_enough_content, result))
955 return true; // We've matched a magic number. No more content needed.
957 return have_enough_content;
960 bool SniffMimeTypeFromLocalData(const char* content,
961 size_t size,
962 std::string* result) {
963 // First check the extra table.
964 if (CheckForMagicNumbers(content, size, kExtraMagicNumbers,
965 arraysize(kExtraMagicNumbers), NULL, result))
966 return true;
967 // Finally check the original table.
968 return CheckForMagicNumbers(content, size, kMagicNumbers,
969 arraysize(kMagicNumbers), NULL, result);
972 } // namespace net