Bug 1013558: ApplicationReputation should block if verdict is DANGEROUS_HOST (r=gcp)

toolkit/components/downloads/ApplicationReputation.cpp

@@ -980,12 +980,17 @@ PendingLookup::OnStopRequestInternal(nsIRequest *aRequest,
     return NS_ERROR_CANNOT_CONVERT_DATA;
   }
 
-  // There are several more verdicts, but we only respect one for now and treat
-  // everything else as SAFE.
+  // There are several more verdicts, but we only respect DANGEROUS and
+  // DANGEROUS_HOST for now and treat everything else as SAFE.
   Accumulate(mozilla::Telemetry::APPLICATION_REPUTATION_SERVER,
     SERVER_RESPONSE_VALID);
-  if (response.verdict() == safe_browsing::ClientDownloadResponse::DANGEROUS) {
-    *aShouldBlock = true;
+  switch(response.verdict()) {
+    case safe_browsing::ClientDownloadResponse::DANGEROUS:
+    case safe_browsing::ClientDownloadResponse::DANGEROUS_HOST:
+      *aShouldBlock = true;
+      break;
+    default:
+      break;
   }
 
   return NS_OK;

toolkit/components/downloads/generate_csd.sh

@@ -2,7 +2,9 @@
 # A script to generate toolkit/components/downloads/csd.pb.{cc,h} for use in
 # nsIApplicationReputationQuery. This script assumes you have downloaded and
 # installed the protocol buffer compiler.
-
+# As of June 26 2014, csd.proto contains many protobufs that are currently
+# unused by ApplicationReputation. You may want to strip csd.proto of these
+# before running the protocol compiler on it.
 if [ -n $PROTOC_PATH ]; then
   PROTOC_PATH=/usr/local/bin/protoc
 fi