Fixes for Safe Browsing with unrelated pending navigations.

chrome/browser/ui/webui/interstitials/interstitial_ui.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
 
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/grit/browser_resources.h"
 #include "components/grit/components_resources.h"
 #include "content/public/browser/interstitial_page_delegate.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_ui.h"
 #include "content/public/browser/web_ui_controller.h"
 #include "content/public/browser/web_ui_data_source.h"
 #include "net/base/net_errors.h"
 #include "net/base/url_util.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #include "ui/base/resource/resource_bundle.h"
 
@@ skipping 150 matching lines @@
   safe_browsing::SBThreatType threat_type =
       safe_browsing::SB_THREAT_TYPE_URL_MALWARE;
   GURL request_url("http://example.com");
   std::string url_param;
   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
                                  "url",
                                  &url_param)) {
     if (GURL(url_param).is_valid())
       request_url = GURL(url_param);
   }
+  GURL main_frame_url(request_url);
+  // TODO(mattm): add flag to change main_frame_url or add dedicated flag to
+  // test subresource interstitials.
   std::string type_param;
   if (net::GetValueForKeyInQuery(web_contents->GetURL(),
                                  "type",
                                  &type_param)) {
+    // TODO(mattm): add param for SB_THREAT_TYPE_URL_UNWANTED.
     if (type_param == "malware") {
-      threat_type =  safe_browsing::SB_THREAT_TYPE_URL_MALWARE;
+      threat_type = safe_browsing::SB_THREAT_TYPE_URL_MALWARE;
     } else if (type_param == "phishing") {
       threat_type = safe_browsing::SB_THREAT_TYPE_URL_PHISHING;
     } else if (type_param == "clientside_malware") {
       threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL;
     } else if (type_param == "clientside_phishing") {
       threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL;
-      // Interstitials for client side phishing urls load after the page loads
-      // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should
-      // either be a new navigation entry, or there shouldn't be any pending
-      // entries. Clear any pending navigation entries.
-      content::NavigationController* controller =
-          &web_contents->GetController();
-      controller->DiscardNonCommittedEntries();
     }
   }
   safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource;
   resource.url = request_url;
-  resource.threat_type =  threat_type;
-  // Create a blocking page without showing the interstitial.
+  resource.is_subresource = request_url != main_frame_url;
+  resource.is_subframe = false;
+  resource.threat_type = threat_type;
+  resource.render_process_host_id =
+      web_contents->GetRenderProcessHost()->GetID();
+  resource.render_view_id = web_contents->GetRenderViewHost()->GetRoutingID();
+  resource.threat_source = safe_browsing::ThreatSource::LOCAL_PVER3;
+  // Normally safebrowsing interstitial types which block the main page load

[Charlie Reis, 2015/12/11 05:39:25]

nit: Blank line before.

[mattm, 2015/12/15 01:42:25]

Done.

+  // (SB_THREAT_TYPE_URL_MALWARE, SB_THREAT_TYPE_URL_PHISHING, and
+  // SB_THREAT_TYPE_URL_UNWANTED on main-frame loads) would expect there to be a
+  // pending navigation when the SafeBrowsingBlockingPage is created. This test

[Charlie Reis, 2015/12/11 05:39:25]

"This test" -> I'm confused.  This isn't test code.

[mattm, 2015/12/15 01:42:25]

I couldn't quite think of proper wording. This isn't a test, but it's not a real
safebrowsing hit either. You can go to chrome://interstitials to view an example
of various interstitial pages. I replaced it with "demo".

[Charlie Reis, 2015/12/17 19:24:18]

Ah, cool!  I didn't realize that page existed.

+  // creates a SafeBrowsingBlockingPage but does not actually show a real
+  // interstitial. Instead it extracts the html and displays it manually, so the
+  // parts which depend on the NavigationEntry are not hit.
   return safe_browsing::SafeBrowsingBlockingPage::CreateBlockingPage(
       g_browser_process->safe_browsing_service()->ui_manager().get(),
-      web_contents,
-      resource);
+      web_contents, resource, main_frame_url);
 }
 
 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
 CaptivePortalBlockingPage* CreateCaptivePortalBlockingPage(
     content::WebContents* web_contents) {
   bool is_wifi_connection = false;
   GURL landing_url("https://captive.portal/login");
   GURL request_url("https://google.com");
   // Not initialized to a default value, since non-empty wifi_ssid is
   // considered a wifi connection, even if is_wifi_connection is false.
@@ skipping 95 matching lines @@
     html = interstitial_delegate.get()->GetHTMLContents();
   } else {
     html = ResourceBundle::GetSharedInstance()
                           .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML)
                           .as_string();
   }
   scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
   html_bytes->data().assign(html.begin(), html.end());
   callback.Run(html_bytes.get());
 }