Override all danger levels with download flag

[fmarier]

Fixes brave/brave-browser#35561

This is a follow-up to brave/brave-browser#28917 which was an incomplete fix for the underlying issue.

Sec review: https://github.com/brave/reviews/issues/1306

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Needs to be tested on all three platforms (Windows, Mac, Linux), but no need to test on different flavours of each OS.

1. Open https://fmarier.org/files/safebrowsing-test.html in a new browser profile.

2. Set Safe Browsing to No protection in brave://settings/security.

3. [Windows] Click on test.exe and then Save. The download should be blocked and you should see a warning in the download manager:
   
   
   

4. [Windows] Click on test.ini and then Save. The download should be blocked and you should see the same warning in the download manager.

5. [Mac] Click on test.dmg and then Save. The download should be blocked and you should see the same warning in the download manager.

6. [Linux] Click on test.deb and then Save. The download should be blocked and you should see the same warning in the download manager.

7. [Windows/Mac/Linux] Click on test.txt and then Save. The download should succeed without any warnings.

8. Set chrome://flags/#brave-override-download-danger-level to Enabled and relaunch the browser.

9. Repeat steps 4-7. All of the downloads should succeed without warnings.

[cdesouza-chromium]

LGTM

[cdesouza-chromium]

I've approved, but I wonder if some sort of browser testing should be added here, since this has been an issue that kept being fixed.

[fmarier]

I've approved, but I wonder if some sort of browser testing should be added here, since this has been an issue that kept being fixed.

Do you mean it has broken during Chromium upgrades? Because I'm not aware of it breaking in release. This particular issue (.dll files not being overriddable) has been there since the beginning and was due to an incomplete manual test plan in the first PR.

[cdesouza-chromium]

I've approved, but I wonder if some sort of browser testing should be added here, since this has been an issue that kept being fixed.

Do you mean it has broken during Chromium upgrades? Because I'm not aware of it breaking in release. This particular issue (.dll files not being overriddable) has been there since the beginning and was due to an incomplete manual test plan in the first PR.

Sorry I've expressed myself correctly. I wasn't referring to version bumps. As I understand, isn't this PR fixing an issue?

This is a follow-up to brave/brave-browser#28917 which was an incomplete fix for the underlying issue.

I mean to say a browser test could help in demonstrate that the issue was properly fixed. I'm not sure if it is necessary, but it is always useful to have tests.

[fmarier]

I see what you mean. I think in this case, even if we had had a browser test, it would have been insufficient to catch this issue.

The problem is that I tested a bunch of extensions, but didn't realize that .dll (and 5 other ones like .ini) is special. There are just over 400 extensions in the current download_file_types.asciipb file so it wouldn't be practical to test them all :)

That said, this override now override all DownloadFileType and so I don't expect similar problems to come up later.

[fmarier]

I'll merge and try to see if a browser test would be easy to do (as a follow-up).