Bug 1526885 - P2. Add MS Office files to the list of executable extensions in download protection. r=gcp
authorDimi Lee <dlee@mozilla.com>
Thu, 14 Feb 2019 13:30:38 +0000
changeset 517025 e7e5611f9bdc7b8aaff1a72382aa92de73b4ecda
parent 517024 b7ccbea196c94034e862feb09cb655700a33fd51
child 517026 39bb681343d6f429ced7ea706649e48890d27c28
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1526885
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1526885 - P2. Add MS Office files to the list of executable extensions in download protection. r=gcp Sync with the list in chrome, chrome adds office docs because they have been abused in the past through embedded executables. Differential Revision: https://phabricator.services.mozilla.com/D19759
toolkit/components/reputationservice/ApplicationReputation.cpp
--- a/toolkit/components/reputationservice/ApplicationReputation.cpp
+++ b/toolkit/components/reputationservice/ApplicationReputation.cpp
@@ -482,58 +482,60 @@ static const char* const kBinaryFileExte
     ".class",      // Java
     ".cmd",        // Windows executable
     ".com",        // Windows executable
     ".command",    // Mac script
     ".cpgz",       // Mac archive
     ".cpi",        // Control Panel Item. Executable used for adding icons
                    // to Control Panel
     //".cpio",
-    ".cpl",         // Windows executable
-    ".crt",         // Windows signed certificate
-    ".crx",         // Chrome extensions
-    ".csh",         // Linux shell
+    ".cpl",  // Windows executable
+    ".crt",  // Windows signed certificate
+    ".crx",  // Chrome extensions
+    ".csh",  // Linux shell
     //".csv",
     ".dart",        // Mac disk image
     ".dc42",        // Apple DiskCopy Image
     ".deb",         // Linux package
     ".desktop",     // A shortcut that runs other files
     ".dex",         // Android
     ".dhtml",       // HTML
     ".dhtm",        // HTML
     ".dht",         // HTML
     ".diskcopy42",  // Apple DiskCopy Image
     ".dll",         // Windows executable
     ".dmg",         // Mac disk image
     ".dmgpart",     // Mac disk image
-    //".doc",
-    //".docb", // MS Office
-    //".docm", // MS Word
-    //".docx", // MS Word
-    //".dotm", // MS Word
-    //".dott", // MS Office
-    ".drv",   // Windows driver
-    ".dvdr",  // Mac Disk image
-    ".efi",   // Firmware
-    ".eml",   // MS Outlook
-    ".exe",   // Windows executable
+    ".doc",         // MS Office
+    ".docb",        // MS Office
+    ".docm",        // MS Word
+    ".docx",        // MS Word
+    ".dot",         // MS Word
+    ".dotm",        // MS Word
+    ".dott",        // MS Office
+    ".dotx",        // MS Word
+    ".drv",         // Windows driver
+    ".dvdr",        // Mac Disk image
+    ".efi",         // Firmware
+    ".eml",         // MS Outlook
+    ".exe",         // Windows executable
     //".fat",
     ".fon",     // Windows font
     ".fxp",     // MS FoxPro
     ".gadget",  // Windows
     //".gif",
-    ".grp",     // Windows
-    ".gz",      // Linux archive (gzip)
-    ".gzip",    // Linux archive (gzip)
-    ".hfs",     // Mac disk image
-    ".hlp",     // Windows Help
-    ".hqx",     // Mac archive
-    ".hta",     // HTML trusted application
+    ".grp",   // Windows
+    ".gz",    // Linux archive (gzip)
+    ".gzip",  // Linux archive (gzip)
+    ".hfs",   // Mac disk image
+    ".hlp",   // Windows Help
+    ".hqx",   // Mac archive
+    ".hta",   // HTML trusted application
     ".htm", ".html",
-    ".htt",      // MS HTML template
+    ".htt",  // MS HTML template
     //".ica",
     ".img",      // Mac disk image
     ".imgpart",  // Mac disk image
     ".inf",      // Windows installer
     ".ini",      // Generic config file
     ".ins",      // IIS config
     //".inx", // InstallShield
     ".iso",  // CD image
@@ -572,34 +574,34 @@ static const char* const kBinaryFileExte
     ".mde",       // MS Access
     ".mdt",       // MS Access
     ".mdw",       // MS Access
     ".mdz",       // MS Access
     ".mht",       // MS HTML
     ".mhtml",     // MS HTML
     ".mim",       // MS Mail
     //".mkv",
-    ".mmc",       // MS Office
-    ".mof",       // Windows
+    ".mmc",  // MS Office
+    ".mof",  // Windows
     //".mov",
     //".mp3",
     //".mp4",
-    ".mpkg",      // Mac installer
-    ".msc",       // Windows executable
-    ".msg",       // MS Outlook
-    ".msh",       // Windows shell
-    ".msh1",      // Windows shell
-    ".msh1xml",   // Windows shell
-    ".msh2",      // Windows shell
-    ".msh2xml",   // Windows shell
-    ".mshxml",    // Windows
-    ".msi",       // Windows installer
-    ".msp",       // Windows installer
-    ".mst",       // Windows installer
-    ".ndif",      // Mac disk image
+    ".mpkg",     // Mac installer
+    ".msc",      // Windows executable
+    ".msg",      // MS Outlook
+    ".msh",      // Windows shell
+    ".msh1",     // Windows shell
+    ".msh1xml",  // Windows shell
+    ".msh2",     // Windows shell
+    ".msh2xml",  // Windows shell
+    ".mshxml",   // Windows
+    ".msi",      // Windows installer
+    ".msp",      // Windows installer
+    ".mst",      // Windows installer
+    ".ndif",     // Mac disk image
     //".ntfs", // 7z
     ".ocx",   // ActiveX
     ".ops",   // MS Office
     ".osas",  // AppleScript
     ".osax",  // AppleScript
     //".out", // Linux binary
     ".oxt",  // OpenOffice extension, can execute arbitrary code
     //".package",
@@ -614,22 +616,26 @@ static const char* const kBinaryFileExte
     ".pdf",      // Adobe Acrobat
     //".pea",
     ".pet",  // Linux package
     ".pif",  // Windows
     ".pkg",  // Mac installer
     ".pl",   // Perl script
     ".plg",  // MS Visual Studio
     //".png",
-    //".potx", // MS PowerPoint
-    //".ppam", // MS PowerPoint
-    //".ppsx", // MS PowerPoint
-    //".ppt",
-    //".pptm", // MS PowerPoint
-    //".pptx", // MS PowerPoint
+    ".pot",     // MS PowerPoint
+    ".potm",    // MS PowerPoint
+    ".potx",    // MS PowerPoint
+    ".ppam",    // MS PowerPoint
+    ".pps",     // MS PowerPoint
+    ".ppsm",    // MS PowerPoint
+    ".ppsx",    // MS PowerPoint
+    ".ppt",     // MS PowerPoint
+    ".pptm",    // MS PowerPoint
+    ".pptx",    // MS PowerPoint
     ".prf",     // MS Outlook
     ".prg",     // Windows
     ".ps1",     // Windows shell
     ".ps1xml",  // Windows shell
     ".ps2",     // Windows shell
     ".ps2xml",  // Windows shell
     ".psc1",    // Windows shell
     ".psc2",    // Windows shell
@@ -672,59 +678,59 @@ static const char* const kBinaryFileExte
     //".r28",
     //".r29",
     //".rar",
     ".rb",    // Ruby script
     ".reg",   // Windows Registry
     ".rels",  // MS Office
     //".rgs", // Windows Registry
     ".rpm",  // Linux package
-    //".rtf", // MS Office
+    ".rtf",  // MS Office
     //".run", // Linux shell
     ".scf",                // Windows shell
     ".scpt",               // AppleScript
     ".scptd",              // AppleScript
     ".scr",                // Windows
     ".sct",                // Windows shell
     ".search-ms",          // Windows
     ".seplugin",           // AppleScript
     ".settingcontent-ms",  // Windows settings
     ".sh",                 // Linux shell
     ".shar",               // Linux shell
     ".shb",                // Windows
     ".shs",                // Windows shell
     ".shtml",              // HTML
     ".shtm",               // HTML
     ".sht",                // HTML
-    //".sldm", // MS PowerPoint
-    //".sldx", // MS PowerPoint
-    ".slk",           // MS Excel
-    ".slp",           // Linux package
-    ".smi",           // Mac disk image
-    ".sparsebundle",  // Mac disk image
-    ".sparseimage",   // Mac disk image
-    ".spl",           // Adobe Flash
+    ".sldm",               // MS PowerPoint
+    ".sldx",               // MS PowerPoint
+    ".slk",                // MS Excel
+    ".slp",                // Linux package
+    ".smi",                // Mac disk image
+    ".sparsebundle",       // Mac disk image
+    ".sparseimage",        // Mac disk image
+    ".spl",                // Adobe Flash
     //".squashfs",
     ".svg",
     ".swf",   // Adobe Flash
     ".swm",   // Windows Imaging
     ".sys",   // Windows
     ".tar",   // Linux archive
     ".taz",   // Linux archive (bzip2)
     ".tbz",   // Linux archive (bzip2)
     ".tbz2",  // Linux archive (bzip2)
     ".tcsh",  // Linux shell
     //".tif",
-    ".tgz",   // Linux archive (gzip)
+    ".tgz",  // Linux archive (gzip)
     //".toast", // Roxio disk image
     ".torrent",  // Bittorrent
     ".tpz",      // Linux archive (gzip)
     //".txt",
-    ".txz",      // Linux archive (xz)
-    ".tz",       // Linux archive (gzip)
+    ".txz",  // Linux archive (xz)
+    ".tz",   // Linux archive (gzip)
     //".u3p", // U3 Smart Apps
     ".udf",   // MS Excel
     ".udif",  // Mac disk image
     ".url",   // Windows
     //".uu",
     //".uue",
     ".vb",   // Visual Basic script
     ".vbe",  // Visual Basic script
@@ -744,34 +750,42 @@ static const char* const kBinaryFileExte
     ".vst",       // MS Visio
     ".vstm",      // MS Visio
     ".vstx",      // MS Visio
     ".vsw",       // MS Visio
     ".vsx",       // MS Visio
     ".vtx",       // MS Visio
     //".wav",
     //".webp",
-    ".website",   // Windows
-    ".wim",       // Windows Imaging
+    ".website",  // Windows
+    ".wim",      // Windows Imaging
     //".workflow", // Mac Automator
     //".wrc", // FreeArc archive
     ".ws",    // Windows script
     ".wsc",   // Windows script
     ".wsf",   // Windows script
     ".wsh",   // Windows script
     ".xar",   // MS Excel
     ".xbap",  // XAML Browser Application
     ".xhtml", ".xhtm", ".xht",
-    ".xip",  // Mac archive
-    //".xls",
-    //".xlsm", // MS Excel
-    //".xlsx", // MS Excel
-    //".xltm", // MS Excel
-    //".xltx", // MS Excel
-    ".xml",
+    ".xip",     // Mac archive
+    ".xla",     // MS Excel
+    ".xlam",    // MS Excel
+    ".xldm",    // MS Excel
+    ".xll",     // MS Excel
+    ".xlm",     // MS Excel
+    ".xls",     // MS Excel
+    ".xlsb",    // MS Excel
+    ".xlsm",    // MS Excel
+    ".xlsx",    // MS Excel
+    ".xlt",     // MS Excel
+    ".xltm",    // MS Excel
+    ".xltx",    // MS Excel
+    ".xlw",     // MS Excel
+    ".xml",     // MS Excel
     ".xnk",     // MS Exchange
     ".xrm-ms",  // Windows
     ".xsl",     // XML Stylesheet
     //".xxe",
     ".xz",     // Linux archive (xz)
     ".z",      // InstallShield
 #ifdef XP_WIN  // disable on Mac/Linux, see 1167493
     ".zip",    // Generic archive