Separate pre-classification checks for client-side malware and phishing

chrome/browser/safe_browsing/browser_feature_extractor.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/browser_feature_extractor.h"
 
 #include <map>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 244 matching lines @@
       FROM_HERE,
       base::Bind(&BrowserFeatureExtractor::StartExtractFeatures,
                  weak_factory_.GetWeakPtr(), request, callback));
 }
 
 void BrowserFeatureExtractor::ExtractMalwareFeatures(
     BrowseInfo* info,
     ClientMalwareRequest* request,
     const MalwareDoneCallback& callback) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
-  DCHECK_EQ(0U, request->url().find("http:"));

[mattm, 2014/03/18 02:19:06]

why is this removed?

[noé, 2014/03/20 17:01:45]

For malware we also look at HTTPS websites.  This is similar to what we do for
malicious download protection. 

[mattm, 2014/03/20 22:51:40]

Ah, I had forgotten the HTTP check done in PhishingClassifier. (Seems a little
weird that's not part of the pre-classification checks here. ah well.)

[noé, 2014/03/21 00:08:38]

You're right.  Added a pre-classification check for that but didn't change the
classifier for now.

   DCHECK(!callback.is_null());
 
   // Grab the IPs because they might go away before we're done
   // checking them against the IP blacklist on the IO thread.
   scoped_ptr<IPUrlMap> ips(new IPUrlMap);
   ips->swap(info->ips);
 
   IPUrlMap* ips_ptr = ips.get();
 
   // The API doesn't take a scoped_ptr because the API gets mocked and we
@@ skipping 257 matching lines @@
     // Limit the number of matched bad IPs in one request to control
     // the request's size
     if (matched_bad_ips >= kMaxMalwareIPPerRequest) {
       break;
     }
   }
   callback.Run(true, request.Pass());
 }
 
 }  // namespace safe_browsing