Most of the code lives in <tt>toolkit/components/downloads/ApplicationReputation.cpp</tt>.
The Upstream list of file extensions that :* Shipped to Chrome submits for remote verification lives inside via a "File Type Policies" Chrome extension (see `<tt>chrome://components`</tt>) and uses this * [https://github.com/fmarier/safebrowsing-tools/blob/master/parse-filetypes.py Binary protobuf file as the source: extractor]* [https://cs.chromium.org/chromium/src/chrome/browser/resources/safe_browsing/download_file_types.asciipbSource protobuf]
== QA ==
