all: add trk: prefixes to possibly evil connections

Prefix URLs to Google services with trk: so that whenever something
tries to load them, the developer will be informed via printf and
dialog (extra info bar between URLbar and content window) about this.

If you see such dialog, we know that (a) either the URL needs to be
whitelisted, or (b) the feature that triggered it needs to be disabled
by default.

build/apple/tweak_info_plist.py

@@ -195,7 +195,7 @@ def _AddKeystoneKeys(plist, bundle_identifier, base_tag):
   also requires the |bundle_identifier| argument (com.example.product)."""
   plist['KSVersion'] = plist['CFBundleShortVersionString']
   plist['KSProductID'] = bundle_identifier
-  plist['KSUpdateURL'] = 'https://tools.google.com/service/update2'
+  plist['KSUpdateURL'] = 'trk:132:https://tools.google.com/service/update2'
 
   _RemoveKeys(plist, 'KSChannelID')
   if base_tag != '':

chrome/browser/ash/customization/customization_document.cc

@@ -200,7 +200,7 @@ std::string ReadFileInBackground(const base::FilePath& file) {
 
 // Template URL where to fetch OEM services customization manifest from.
 const char ServicesCustomizationDocument::kManifestUrl[] =
-    "https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
+    "trk:151:https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
 
 // A custom extensions::ExternalLoader that the ServicesCustomizationDocument
 // creates and uses to publish OEM default apps to the extensions system.

chrome/browser/ash/policy/remote_commands/device_command_start_crd_session_job.cc

@@ -35,11 +35,11 @@ namespace {
 
 // OAuth2 Token scopes
 constexpr char kCloudDevicesOAuth2Scope[] =
-    "https://www.googleapis.com/auth/clouddevices";
+    "trk:233:https://www.googleapis.com/auth/clouddevices";
 constexpr char kChromotingRemoteSupportOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromoting.remote.support";
+    "trk:234:https://www.googleapis.com/auth/chromoting.remote.support";
 constexpr char kTachyonOAuth2Scope[] =
-    "https://www.googleapis.com/auth/tachyon";
+    "trk:235:https://www.googleapis.com/auth/tachyon";
 
 // Job parameters fields:
 

chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc

@@ -93,7 +93,7 @@ namespace {
 
 using api::file_manager_private::ProfileInfo;
 
-const char kCWSScope[] = "https://www.googleapis.com/auth/chromewebstore";
+const char kCWSScope[] = "trk:209:https://www.googleapis.com/auth/chromewebstore";
 
 // Thresholds for mountCrostini() API.
 constexpr base::TimeDelta kMountCrostiniSlowOperationThreshold =

chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc

@@ -52,8 +52,8 @@ namespace {
 
 const char kGoogleDotCom[] = "google.com";
 constexpr const char* kGoogleGstaticAppIds[] = {
-    "https://www.gstatic.com/securitykey/origins.json",
-    "https://www.gstatic.com/securitykey/a/google.com/origins.json"};
+    "trk:273:https://www.gstatic.com/securitykey/origins.json",
+    "trk:274:https://www.gstatic.com/securitykey/a/google.com/origins.json"};
 
 // ContainsAppIdByHash returns true iff the SHA-256 hash of one of the
 // elements of |list| equals |hash|.

chrome/browser/extensions/install_signer.cc

@@ -66,7 +66,7 @@ const int kSignatureFormatVersion = 2;
 const size_t kSaltBytes = 32;
 
 const char kBackendUrl[] =
-    "https://www.googleapis.com/chromewebstore/v1.1/items/verify";
+    "trk:222:https://www.googleapis.com/chromewebstore/v1.1/items/verify";
 
 const char kPublicKeyPEM[] =                                            \
     "-----BEGIN PUBLIC KEY-----"                                        \

chrome/browser/media/webrtc/webrtc_event_log_uploader.cc

@@ -125,7 +125,7 @@ void OnURLLoadUploadProgress(uint64_t current, uint64_t total) {
 }  // namespace
 
 const char WebRtcEventLogUploaderImpl::kUploadURL[] =
-    "https://clients2.google.com/cr/report";
+    "trk:300:https://clients2.google.com/cr/report";
 
 WebRtcEventLogUploaderImpl::Factory::Factory(
     scoped_refptr<base::SequencedTaskRunner> task_runner)

chrome/browser/media/webrtc/webrtc_log_uploader.cc

@@ -484,7 +484,7 @@ void WebRtcLogUploader::UploadCompressedLog(
             "Not implemented, it would be good to do so."
         })");
 
-  constexpr char kUploadURL[] = "https://clients2.google.com/cr/report";
+  constexpr char kUploadURL[] = "trk:301:https://clients2.google.com/cr/report";
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = !upload_url_for_testing_.is_empty()
                               ? upload_url_for_testing_

chrome/browser/nacl_host/nacl_infobar_delegate.cc

@@ -33,7 +33,7 @@ std::u16string NaClInfoBarDelegate::GetLinkText() const {
 }
 
 GURL NaClInfoBarDelegate::GetLinkURL() const {
-  return GURL("https://support.google.com/chrome/?p=ib_nacl");
+  return GURL("trk:143:https://support.google.com/chrome/?p=ib_nacl");
 }
 
 std::u16string NaClInfoBarDelegate::GetMessageText() const {

chrome/browser/profiles/profile_avatar_downloader.cc

@@ -20,7 +20,7 @@
 
 namespace {
 const char kHighResAvatarDownloadUrlPrefix[] =
-    "https://www.gstatic.com/chrome/profile_avatars/";
+    "trk:271:https://www.gstatic.com/chrome/profile_avatars/";
 }
 
 ProfileAvatarDownloader::ProfileAvatarDownloader(size_t icon_index,

chrome/browser/resources/default_apps/external_extensions.json

@@ -3,7 +3,7 @@
 {
   // Drive extension
   "ghbmnnjooekpmoecnnnilnnbdlolhkhi" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx"
   }
 }
 

chrome/browser/safe_browsing/download_protection/download_feedback.cc

@@ -192,7 +192,7 @@ const int64_t DownloadFeedback::kMaxUploadSize = 50 * 1024 * 1024;
 
 // static
 const char DownloadFeedback::kSbFeedbackURL[] =
-    "https://safebrowsing.google.com/safebrowsing/uploads/chrome";
+    "trk:164:https://safebrowsing.google.com/safebrowsing/uploads/chrome";
 
 // static
 DownloadFeedbackFactory* DownloadFeedback::factory_ = nullptr;

chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc

@@ -279,7 +279,7 @@ GURL SpellcheckHunspellDictionary::GetDictionaryURL() {
   DCHECK(!bdict_file.empty());
 
   static const char kDownloadServerUrl[] =
-      "https://redirector.gvt1.com/edgedl/chrome/dict/";
+      "trk:173:https://redirector.gvt1.com/edgedl/chrome/dict/";
 
   return GURL(std::string(kDownloadServerUrl) +
               base::ToLowerASCII(bdict_file));

chrome/browser/supervised_user/supervised_user_service.cc

@@ -87,7 +87,7 @@ namespace {
 
 // The URL from which to download a host denylist if no local one exists yet.
 const char kDenylistURL[] =
-    "https://www.gstatic.com/chrome/supervised_user/denylist-20141001-1k.bin";
+    "trk:272:https://www.gstatic.com/chrome/supervised_user/denylist-20141001-1k.bin";
 // The filename under which we'll store the denylist (in the user data dir).
 const char kDenylistFilename[] = "su-denylist.bin";
 

chrome/browser/ui/webui/ntp/ntp_resource_cache.cc

@@ -73,17 +73,17 @@ namespace {
 // The URL for the the Learn More page shown on incognito new tab.
 const char kLearnMoreIncognitoUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=incognito";
+    "trk:246:https://support.google.com/chromebook/?p=incognito";
 #else
-    "https://support.google.com/chrome/?p=incognito";
+    "trk:247:https://support.google.com/chrome/?p=incognito";
 #endif
 
 // The URL for the Learn More page shown on guest session new tab.
 const char kLearnMoreGuestSessionUrl[] =
 #if BUILDFLAG(IS_CHROMEOS_ASH)
-    "https://support.google.com/chromebook/?p=chromebook_guest";
+    "trk:248:https://support.google.com/chromebook/?p=chromebook_guest";
 #else
-    "https://support.google.com/chrome/?p=ui_guest";
+    "trk:261:https://support.google.com/chrome/?p=ui_guest";
 #endif
 
 std::string ReplaceTemplateExpressions(

chrome/chrome_cleaner/components/recovery_component.cc

@@ -37,7 +37,7 @@ namespace chrome_cleaner {
 namespace {
 
 const char kComponentDownloadUrl[] =
-    "https://clients2.google.com/service/update2/crx?response=redirect&os=win"
+    "trk:108:https://clients2.google.com/service/update2/crx?response=redirect&os=win"
     "&installsource=swreporter&x=id%3Dnpdjjkjlcidkjlamlmmdelcjbcpdjocm"
     "%26v%3D0.0.0.0%26uc&acceptformat=crx3";
 

chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc

@@ -28,7 +28,7 @@
 namespace {
 
 // The URL where crash reports are uploaded.
-const char kReportUploadURL[] = "https://clients2.google.com/cr/report";
+const char kReportUploadURL[] = "trk:302:https://clients2.google.com/cr/report";
 
 // Whether the current process is connected to a crash handler process.
 bool g_is_connected_to_crash_handler = false;

chrome/common/extensions/chrome_extensions_client.cc

@@ -45,9 +45,9 @@ namespace {
 
 // TODO(battre): Delete the HTTP URL once the blocklist is downloaded via HTTPS.
 const char kExtensionBlocklistUrlPrefix[] =
-    "http://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:269:http://www.gstatic.com/chrome/extensions/blocklist";
 const char kExtensionBlocklistHttpsUrlPrefix[] =
-    "https://www.gstatic.com/chrome/extensions/blocklist";
+    "trk:270:https://www.gstatic.com/chrome/extensions/blocklist";
 
 }  // namespace
 

chrome/installer/setup/google_chrome_behaviors.cc

@@ -37,7 +37,7 @@ namespace installer {
 namespace {
 
 constexpr base::WStringPiece kUninstallSurveyUrl(
-    L"https://support.google.com/chrome?p=chrome_uninstall_survey");
+    L"trk:253:https://support.google.com/chrome?p=chrome_uninstall_survey");
 
 bool NavigateToUrlWithEdge(const std::wstring& url) {
   std::wstring protocol_url = L"microsoft-edge:" + url;

chromecast/crash/linux/minidump_uploader.cc

@@ -41,7 +41,7 @@ namespace {
 
 const char kProductName[] = "Eureka";
 
-const char kCrashServerProduction[] = "https://clients2.google.com/cr/report";
+const char kCrashServerProduction[] = "trk:305:https://clients2.google.com/cr/report";
 
 const char kVirtualChannel[] = "virtual-channel";
 

chromeos/ash/components/geolocation/simple_geolocation_provider.cc

@@ -20,7 +20,7 @@ namespace ash {
 namespace {
 
 const char kDefaultGeolocationProviderUrl[] =
-    "https://www.googleapis.com/geolocation/v1/geolocate?";
+    "trk:215:https://www.googleapis.com/geolocation/v1/geolocate?";
 
 }  // namespace
 

chromeos/ash/services/assistant/service.cc

@@ -51,7 +51,7 @@ namespace ash::assistant {
 namespace {
 
 constexpr char kScopeAssistant[] =
-    "https://www.googleapis.com/auth/assistant-sdk-prototype";
+    "trk:230:https://www.googleapis.com/auth/assistant-sdk-prototype";
 
 constexpr base::TimeDelta kMinTokenRefreshDelay = base::Milliseconds(1000);
 constexpr base::TimeDelta kMaxTokenRefreshDelay = base::Milliseconds(60 * 1000);

components/component_updater/component_updater_url_constants.cc

@@ -18,6 +18,6 @@ const char kUpdaterJSONDefaultUrl[] =
     "trk:171:https://update.googleapis.com/service/update2/json";
 
 const char kUpdaterJSONFallbackUrl[] =
-    "trk:171:http://update.googleapis.com/service/update2/json";
+    "trk:101:http://update.googleapis.com/service/update2/json";
 
 }  // namespace component_updater

components/drive/service/drive_api_service.cc

@@ -76,9 +76,9 @@ namespace drive {
 namespace {
 
 // OAuth2 scopes for Drive API.
-const char kDriveScope[] = "https://www.googleapis.com/auth/drive";
+const char kDriveScope[] = "trk:217:https://www.googleapis.com/auth/drive";
 const char kDriveAppsReadonlyScope[] =
-    "https://www.googleapis.com/auth/drive.apps.readonly";
+    "trk:218:https://www.googleapis.com/auth/drive.apps.readonly";
 const char kDriveAppsScope[] = "https://www.googleapis.com/auth/drive.apps";
 
 // Mime type to create a directory.

components/feedback/feedback_uploader.cc

@@ -37,7 +37,7 @@ constexpr base::FilePath::CharType kFeedbackReportPath[] =
     FILE_PATH_LITERAL("Feedback Reports");
 
 constexpr char kFeedbackPostUrl[] =
-    "https://www.google.com/tools/feedback/chrome/__submit";
+    "trk:232:https://www.google.com/tools/feedback/chrome/__submit";
 
 constexpr char kProtoBufMimeType[] = "application/x-protobuf";
 

components/google/core/common/google_util.cc

@@ -139,7 +139,7 @@ bool IsGoogleSearchSubdomainUrl(const GURL& url) {
 
 // Global functions -----------------------------------------------------------
 
-const char kGoogleHomepageURL[] = "https://www.google.com/";
+const char kGoogleHomepageURL[] = "trk:113:https://www.google.com/";
 
 bool HasGoogleSearchQueryParam(base::StringPiece str) {
   url::Component query(0, static_cast<int>(str.length())), key, value;

components/history/core/browser/web_history_service.cc

@@ -45,13 +45,13 @@ namespace history {
 namespace {
 
 const char kHistoryOAuthScope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:138:https://www.googleapis.com/auth/chromesync";
 
 const char kHistoryQueryHistoryUrl[] =
-    "https://history.google.com/history/api/lookup?client=chrome";
+    "trk:139:https://history.google.com/history/api/lookup?client=chrome";
 
 const char kHistoryDeleteHistoryUrl[] =
-    "https://history.google.com/history/api/delete?client=chrome";
+    "trk:140:https://history.google.com/history/api/delete?client=chrome";
 
 const char kHistoryAudioHistoryUrl[] =
     "https://history.google.com/history/api/lookup?client=audio";

components/metrics/url_constants.cc

@@ -7,7 +7,7 @@
 namespace metrics {
 
 const char kNewMetricsServerUrl[] =
-    "https://clientservices.googleapis.com/uma/v2";
+    "trk:265:https://clientservices.googleapis.com/uma/v2";
 
 const char kNewMetricsServerUrlInsecure[] =
     "http://clientservices.googleapis.com/uma/v2";

components/password_manager/core/browser/old_google_credentials_cleaner.cc

@@ -41,10 +41,10 @@ void OldGoogleCredentialCleaner::OnGetPasswordStoreResults(
 
   auto IsOldGoogleForm = [&cutoff](const std::unique_ptr<PasswordForm>& form) {
     return (form->scheme == PasswordForm::Scheme::kHtml &&
-            (form->signon_realm == "http://www.google.com" ||
-             form->signon_realm == "http://www.google.com/" ||
-             form->signon_realm == "https://www.google.com" ||
-             form->signon_realm == "https://www.google.com/")) &&
+            (form->signon_realm == "trk:187:http://www.google.com" ||
+             form->signon_realm == "trk:188:http://www.google.com/" ||
+             form->signon_realm == "trk:189:https://www.google.com" ||
+             form->signon_realm == "trk:190:https://www.google.com/")) &&
            form->date_created < cutoff;
   };
 

components/safe_browsing/content/browser/client_side_detection_service.cc

@@ -63,7 +63,7 @@ const int ClientSideDetectionService::kNegativeCacheIntervalDays = 1;
 const int ClientSideDetectionService::kPositiveCacheIntervalMinutes = 30;
 
 const char ClientSideDetectionService::kClientReportPhishingUrl[] =
-    "https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
+    "trk:148:https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
 
 struct ClientSideDetectionService::ClientPhishingReportInfo {
   std::unique_ptr<network::SimpleURLLoader> loader;

components/safe_search_api/safe_search/safe_search_url_checker_client.cc

@@ -28,7 +28,7 @@ namespace safe_search_api {
 namespace {
 
 const char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 const char kDataContentType[] = "application/x-www-form-urlencoded";
 const char kDataFormat[] = "key=%s&urls=%s";
 

components/safe_search_api/stub_url_checker.cc

@@ -21,7 +21,7 @@ namespace safe_search_api {
 namespace {
 
 constexpr char kSafeSearchApiUrl[] =
-    "https://safesearch.googleapis.com/v1:classify";
+    "trk:238:https://safesearch.googleapis.com/v1:classify";
 
 std::string BuildResponse(bool is_porn) {
   base::Value::Dict dict;

components/translate/core/browser/translate_url_fetcher.cc

@@ -99,6 +99,7 @@ bool TranslateURLFetcher::Request(const GURL& url,
   if (!extra_request_header_.empty())
     resource_request->headers.AddHeaderFromString(extra_request_header_);
 
+  fprintf(stderr, "translator: fetching something from %s\n", url_.spec().c_str());
   simple_loader_ =
       variations::CreateSimpleURLLoaderWithVariationsHeaderUnknownSignedIn(
           std::move(resource_request),

components/translate/core/common/translate_util.cc

@@ -21,7 +21,7 @@ const char kDetectLanguageInSubFrames[] = "detect_language_in_sub_frames";
 
 }  // namespace
 
-const char kSecurityOrigin[] = "https://translate.googleapis.com/";
+const char kSecurityOrigin[] = "trk:220:https://translate.googleapis.com/";
 
 BASE_FEATURE(kTranslateSubFrames,
              "TranslateSubFrames",

components/variations/variations_url_constants.cc

@@ -8,7 +8,7 @@ namespace variations {
 
 // Default server of Variations seed info.
 const char kDefaultServerUrl[] =
-    "https://clientservices.googleapis.com/chrome-variations/seed";
+    "trk:142:https://clientservices.googleapis.com/chrome-variations/seed";
 
 const char kDefaultInsecureServerUrl[] =
     "http://clientservices.googleapis.com/chrome-variations/seed";

content/browser/speech/speech_recognition_engine.cc

@@ -33,7 +33,7 @@ namespace content {
 namespace {
 
 const char kWebServiceBaseUrl[] =
-    "https://www.google.com/speech-api/full-duplex/v1";
+    "trk:184:https://www.google.com/speech-api/full-duplex/v1";
 const char kDownstreamUrl[] = "/down?";
 const char kUpstreamUrl[] = "/up?";
 

content/shell/browser/shell_browser_main_parts.cc

@@ -85,7 +85,7 @@ GURL GetStartupURL() {
 #else
   const base::CommandLine::StringVector& args = command_line->GetArgs();
   if (args.empty())
-    return GURL("https://www.google.com/");
+    return GURL("trk:183:https://www.google.com/");
 
 #if BUILDFLAG(IS_WIN)
   GURL url(base::WideToUTF16(args[0]));