[M110][URLFiltering] Hook event reporting to new enterprise verdicts …

…from RealTimeUrlLookup Bug:1402746 (cherry picked from commit 2f1cf47) Change-Id: I05e5b1d9d4b0b830caa9e9c6a70364af81bdb6cb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4092701 Reviewed-by: Emily Stark <estark@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Commit-Queue: Sneha Nagpaul <snehanagpaul@google.com> Reviewed-by: Xinghui Lu <xinghuilu@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1084411} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4134129 Cr-Commit-Position: refs/branch-heads/5481@{#133} Cr-Branched-From: 130f3e4-refs/heads/main@{#1084008}
chromium · Jan 5, 2023 · 6bd8e7e · 6bd8e7e
1 parent c2ef2d3
commit 6bd8e7e
Show file tree

Hide file tree

Showing 16 changed files with 158 additions and 31 deletions.
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
@@ -2266,6 +2266,7 @@ static_library("browser") {
     "//components/safe_browsing/core/common",
     "//components/safe_browsing/core/common:safe_browsing_policy_handler",
     "//components/safe_browsing/core/common/proto:csd_proto",
+    "//components/safe_browsing/core/common/proto:realtimeapi_proto",
     "//components/safe_search_api",
     "//components/safe_search_api:safe_search_client",
     "//components/saved_tab_groups:core",

diff --git a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc
@@ -65,6 +65,21 @@ namespace {
 
 const char16_t kMaskedUsername[] = u"*****";
 
+safe_browsing::EventResult GetEventResultFromThreatType(
+    std::string threat_type) {
+  if (threat_type == "ENTERPRISE_WARNED_SEEN") {
+    return safe_browsing::EventResult::WARNED;
+  }
+  if (threat_type == "ENTERPRISE_WARNED_BYPASS") {
+    return safe_browsing::EventResult::BYPASSED;
+  }
+  if (threat_type == "ENTERPRISE_BLOCKED_SEEN") {
+    return safe_browsing::EventResult::BLOCKED;
+  }
+  NOTREACHED();
+  return safe_browsing::EventResult::UNKNOWN;
+}
+
 void AddAnalysisConnectorVerdictToEvent(
     const enterprise_connectors::ContentAnalysisResponse::Result& result,
     base::Value::Dict& event) {
@@ -966,8 +981,7 @@ void SafeBrowsingPrivateEventRouter::OnPasswordBreach(
 void SafeBrowsingPrivateEventRouter::OnUrlFilteringInterstitial(
     const GURL& url,
     const std::string& threat_type,
-    const safe_browsing::RTLookupResponse& response,
-    safe_browsing::EventResult event_result) {
+    const safe_browsing::RTLookupResponse& response) {
   absl::optional<enterprise_connectors::ReportingSettings> settings =
       reporting_client_->GetReportingSettings();
   if (!settings.has_value() || settings->enabled_event_names.count(
@@ -977,6 +991,8 @@ void SafeBrowsingPrivateEventRouter::OnUrlFilteringInterstitial(
   base::Value::Dict event;
   event.Set(kKeyUrl, url.spec());
   event.Set(kKeyProfileUserName, GetProfileUserName());
+  safe_browsing::EventResult event_result =
+      GetEventResultFromThreatType(threat_type);
   event.Set(kKeyClickedThrough,
             event_result == safe_browsing::EventResult::BYPASSED);
   event.Set(kKeyThreatType, threat_type);

diff --git a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h
@@ -246,8 +246,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
   void OnUrlFilteringInterstitial(
       const GURL& url,
       const std::string& threat_type,
-      const safe_browsing::RTLookupResponse& response,
-      safe_browsing::EventResult event_result);
+      const safe_browsing::RTLookupResponse& response);
 
   void SetIdentityManagerForTesting(signin::IdentityManager* identity_manager);
 

diff --git a/...owser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc b/...owser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc
@@ -198,16 +198,14 @@ class SafeBrowsingPrivateEventRouterTestBase : public testing::Test {
             event_result);
   }
 
-  void TriggerOnUrlFilteringInterstitial(
-      safe_browsing::EventResult event_result,
-      const std::string& threat_type) {
+  void TriggerOnUrlFilteringInterstitial(const std::string& threat_type) {
     safe_browsing::RTLookupResponse response;
     auto* threat_info = response.add_threat_info();
-    if (event_result == safe_browsing::EventResult::WARNED ||
-        event_result == safe_browsing::EventResult::BYPASSED) {
+    if (threat_type == "ENTERPRISE_WARNED_SEEN" ||
+        threat_type == "ENTERPRISE_WARNED_BYPASS") {
       threat_info->set_verdict_type(
           safe_browsing::RTLookupResponse::ThreatInfo::WARN);
-    } else if (event_result == safe_browsing::EventResult::BLOCKED) {
+    } else if (threat_type == "ENTERPRISE_BLOCKED_SEEN") {
       threat_info->set_verdict_type(
           safe_browsing::RTLookupResponse::ThreatInfo::DANGEROUS);
     }
@@ -219,7 +217,7 @@ class SafeBrowsingPrivateEventRouterTestBase : public testing::Test {
 
     SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
         ->OnUrlFilteringInterstitial(GURL("https://filteredurl.com"),
-                                     threat_type, response, event_result);
+                                     threat_type, response);
   }
 
   void TriggerOnUnscannedFileEvent(safe_browsing::EventResult result) {
@@ -1066,8 +1064,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest,
   EXPECT_CALL(*client_, UploadSecurityEventReport_(_, _, _, _))
       .WillOnce(CaptureArg(&report));
 
-  TriggerOnUrlFilteringInterstitial(safe_browsing::EventResult::BLOCKED,
-                                    "ENTERPRISE_BLOCKED_SEEN");
+  TriggerOnUrlFilteringInterstitial("ENTERPRISE_BLOCKED_SEEN");
   base::RunLoop().RunUntilIdle();
 
   Mock::VerifyAndClearExpectations(client_.get());
@@ -1106,8 +1103,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest,
   EXPECT_CALL(*client_, UploadSecurityEventReport_(_, _, _, _))
       .WillOnce(CaptureArg(&report));
 
-  TriggerOnUrlFilteringInterstitial(safe_browsing::EventResult::WARNED,
-                                    "ENTERPRISE_WARNED_SEEN");
+  TriggerOnUrlFilteringInterstitial("ENTERPRISE_WARNED_SEEN");
   base::RunLoop().RunUntilIdle();
 
   Mock::VerifyAndClearExpectations(client_.get());
@@ -1146,8 +1142,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest,
   EXPECT_CALL(*client_, UploadSecurityEventReport_(_, _, _, _))
       .WillOnce(CaptureArg(&report));
 
-  TriggerOnUrlFilteringInterstitial(safe_browsing::EventResult::BYPASSED,
-                                    "ENTERPRISE_WARNED_BYPASS");
+  TriggerOnUrlFilteringInterstitial("ENTERPRISE_WARNED_BYPASS");
   base::RunLoop().RunUntilIdle();
 
   Mock::VerifyAndClearExpectations(client_.get());

diff --git a/chrome/browser/interstitials/enterprise_util.cc b/chrome/browser/interstitials/enterprise_util.cc
@@ -7,6 +7,7 @@
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h"
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
 #include "chrome/browser/profiles/profile.h"
+#include "components/safe_browsing/core/common/proto/realtimeapi.pb.h"
 #include "content/public/browser/web_contents.h"
 #include "extensions/buildflags/buildflags.h"
 
@@ -58,3 +59,21 @@ void MaybeTriggerSecurityInterstitialProceededEvent(
                                                 net_error_code);
 #endif
 }
+
+#if !BUILDFLAG(IS_ANDROID)
+void MaybeTriggerUrlFilteringInterstitialEvent(
+    content::WebContents* web_contents,
+    const GURL& page_url,
+    const std::string& threat_type,
+    safe_browsing::RTLookupResponse rt_lookup_response) {
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  extensions::SafeBrowsingPrivateEventRouter* event_router =
+      GetEventRouter(web_contents);
+  if (!event_router) {
+    return;
+  }
+  event_router->OnUrlFilteringInterstitial(page_url, threat_type,
+                                           rt_lookup_response);
+#endif
+}
+#endif
diff --git a/chrome/browser/interstitials/enterprise_util.h b/chrome/browser/interstitials/enterprise_util.h
@@ -5,7 +5,9 @@
 #ifndef CHROME_BROWSER_INTERSTITIALS_ENTERPRISE_UTIL_H_
 #define CHROME_BROWSER_INTERSTITIALS_ENTERPRISE_UTIL_H_
 
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/safe_browsing/core/browser/db/v4_protocol_manager_util.h"
+#include "components/safe_browsing/core/common/proto/realtimeapi.pb.h"
 
 namespace content {
 class WebContents;
@@ -27,4 +29,14 @@ void MaybeTriggerSecurityInterstitialProceededEvent(
     const std::string& reason,
     int net_error_code);
 
+#if !BUILDFLAG(IS_ANDROID)
+// If user is not in incognito mode, triggers
+// "safeBrowsingPrivate.onUrlFilteringInterstitial" extension event.
+void MaybeTriggerUrlFilteringInterstitialEvent(
+    content::WebContents* web_contents,
+    const GURL& page_url,
+    const std::string& threat_type,
+    safe_browsing::RTLookupResponse rt_lookup_response);
+#endif
+
 #endif  // CHROME_BROWSER_INTERSTITIALS_ENTERPRISE_UTIL_H_
diff --git a/chrome/browser/safe_browsing/chrome_ui_manager_delegate.cc b/chrome/browser/safe_browsing/chrome_ui_manager_delegate.cc
@@ -51,6 +51,18 @@ void ChromeSafeBrowsingUIManagerDelegate::
                                                  net_error_code);
 }
 
+#if !BUILDFLAG(IS_ANDROID)
+void ChromeSafeBrowsingUIManagerDelegate::
+    TriggerUrlFilteringInterstitialExtensionEventIfDesired(
+        content::WebContents* web_contents,
+        const GURL& page_url,
+        const std::string& threat_type,
+        safe_browsing::RTLookupResponse rt_lookup_response) {
+  MaybeTriggerUrlFilteringInterstitialEvent(web_contents, page_url, threat_type,
+                                            rt_lookup_response);
+}
+#endif
+
 prerender::NoStatePrefetchContents*
 ChromeSafeBrowsingUIManagerDelegate::GetNoStatePrefetchContentsIfExists(
     content::WebContents* web_contents) {

diff --git a/chrome/browser/safe_browsing/chrome_ui_manager_delegate.h b/chrome/browser/safe_browsing/chrome_ui_manager_delegate.h
@@ -33,6 +33,13 @@ class ChromeSafeBrowsingUIManagerDelegate
       const GURL& page_url,
       const std::string& reason,
       int net_error_code) override;
+#if !BUILDFLAG(IS_ANDROID)
+  void TriggerUrlFilteringInterstitialExtensionEventIfDesired(
+      content::WebContents* web_contents,
+      const GURL& page_url,
+      const std::string& threat_type,
+      safe_browsing::RTLookupResponse rt_lookup_response) override;
+#endif
   prerender::NoStatePrefetchContents* GetNoStatePrefetchContentsIfExists(
       content::WebContents* web_contents) override;
   bool IsHostingExtension(content::WebContents* web_contents) override;

diff --git a/components/safe_browsing/content/browser/safe_browsing_navigation_throttle.cc b/components/safe_browsing/content/browser/safe_browsing_navigation_throttle.cc
@@ -66,27 +66,43 @@ SafeBrowsingNavigationThrottle::WillFailRequest() {
       blocking_page =
           manager_->blocking_page_factory()->CreateEnterpriseWarnPage(
               manager_, handle->GetWebContents(), handle->GetURL(), {resource});
+
+      manager_->ForwardUrlFilteringInterstitialExtensionEventToEmbedder(
+          handle->GetWebContents(), handle->GetURL(), "ENTERPRISE_WARNED_SEEN",
+          resource.rt_lookup_response);
     } else if (resource.threat_type ==
                SBThreatType::SB_THREAT_TYPE_MANAGED_POLICY_BLOCK) {
       blocking_page =
           manager_->blocking_page_factory()->CreateEnterpriseBlockPage(
               manager_, handle->GetWebContents(), handle->GetURL(), {resource});
+
+      manager_->ForwardUrlFilteringInterstitialExtensionEventToEmbedder(
+          handle->GetWebContents(), handle->GetURL(), "ENTERPRISE_BLOCKED_SEEN",
+          resource.rt_lookup_response);
     } else {
       blocking_page = manager_->blocking_page_factory()->CreateSafeBrowsingPage(
           manager_, handle->GetWebContents(), handle->GetURL(), {resource},
           true);
+
+      manager_->ForwardSecurityInterstitialShownExtensionEventToEmbedder(
+          handle->GetWebContents(), handle->GetURL(),
+          SafeBrowsingUIManager::GetThreatTypeStringForInterstitial(
+              resource.threat_type),
+          /*net_error_code=*/0);
     }
 
 #else
+
     blocking_page = manager_->blocking_page_factory()->CreateSafeBrowsingPage(
         manager_, handle->GetWebContents(), handle->GetURL(), {resource}, true);
-#endif
 
     manager_->ForwardSecurityInterstitialShownExtensionEventToEmbedder(
         handle->GetWebContents(), handle->GetURL(),
         SafeBrowsingUIManager::GetThreatTypeStringForInterstitial(
             resource.threat_type),
         /*net_error_code=*/0);
+#endif
+
     std::string error_page_content = blocking_page->GetHTMLContents();
     security_interstitials::SecurityInterstitialTabHelper::
         AssociateBlockingPage(handle, base::WrapUnique(blocking_page));

diff --git a/components/safe_browsing/content/browser/ui_manager.cc b/components/safe_browsing/content/browser/ui_manager.cc
@@ -353,5 +353,15 @@ void SafeBrowsingUIManager::
   delegate_->TriggerSecurityInterstitialShownExtensionEventIfDesired(
       web_contents, page_url, reason, net_error_code);
 }
-
+#if !BUILDFLAG(IS_ANDROID)
+void SafeBrowsingUIManager::
+    ForwardUrlFilteringInterstitialExtensionEventToEmbedder(
+        content::WebContents* web_contents,
+        const GURL& page_url,
+        const std::string& threat_type,
+        safe_browsing::RTLookupResponse rt_lookup_response) {
+  delegate_->TriggerUrlFilteringInterstitialExtensionEventIfDesired(
+      web_contents, page_url, threat_type, rt_lookup_response);
+}
+#endif
 }  // namespace safe_browsing
diff --git a/components/safe_browsing/content/browser/ui_manager.h b/components/safe_browsing/content/browser/ui_manager.h
@@ -89,6 +89,13 @@ class SafeBrowsingUIManager : public BaseUIManager {
         const GURL& page_url,
         const std::string& reason,
         int net_error_code) = 0;
+#if !BUILDFLAG(IS_ANDROID)
+    virtual void TriggerUrlFilteringInterstitialExtensionEventIfDesired(
+        content::WebContents* web_contents,
+        const GURL& page_url,
+        const std::string& threat_type,
+        safe_browsing::RTLookupResponse rt_lookup_response) = 0;
+#endif
 
     // Gets the NoStatePrefetchContents instance associated with |web_contents|
     // if one exists (i.e., if |web_contents| is being prerendered).
@@ -181,6 +188,15 @@ class SafeBrowsingUIManager : public BaseUIManager {
       const std::string& reason,
       int net_error_code);
 
+#if !BUILDFLAG(IS_ANDROID)
+  // Invokes TriggerUrlFilteringInterstitialExtensionEventIfDesired() on
+  // |delegate_|.
+  void ForwardUrlFilteringInterstitialExtensionEventToEmbedder(
+      content::WebContents* web_contents,
+      const GURL& page_url,
+      const std::string& threat_type,
+      safe_browsing::RTLookupResponse rt_lookup_response);
+#endif
   SafeBrowsingBlockingPageFactory* blocking_page_factory() {
     return blocking_page_factory_.get();
   }

diff --git a/components/safe_browsing/content/browser/ui_manager_unittest.cc b/components/safe_browsing/content/browser/ui_manager_unittest.cc
@@ -190,6 +190,13 @@ class TestSafeBrowsingUIManagerDelegate
       const GURL& page_url,
       const std::string& reason,
       int net_error_code) override {}
+#if !BUILDFLAG(IS_ANDROID)
+  void TriggerUrlFilteringInterstitialExtensionEventIfDesired(
+      content::WebContents* web_contents,
+      const GURL& page_url,
+      const std::string& threat_type,
+      safe_browsing::RTLookupResponse rt_lookup_response) override {}
+#endif
   prerender::NoStatePrefetchContents* GetNoStatePrefetchContentsIfExists(
       content::WebContents* web_contents) override {
     return nullptr;