[Downloads] Correctly test page transition when calculating danger level.

chrome/browser/download/download_target_determiner.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/download/download_target_determiner.h"
 
 #include "base/location.h"
 #include "base/rand_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/stringprintf.h"
@@ skipping 866 matching lines @@
 
   // Anything the user has marked auto-open is OK if it's user-initiated.
   if (download_prefs_->IsAutoOpenEnabledBasedOnExtension(virtual_path_) &&
       download_->HasUserGesture())
     return DownloadFileType::NOT_DANGEROUS;
 
   DownloadFileType::DangerLevel danger_level =
       safe_browsing::FileTypePolicies::GetInstance()->GetFileDangerLevel(
           virtual_path_.BaseName());
 
-  // If the danger level is ALLOW_ON_USER_GESTURE and we have a user gesture AND
-  // there was a recorded visit to the referrer prior to today, then we are
-  // going to downgrade the danger_level to NOT_DANGEROUS. This prevents
-  // spurious prompting for moderately dangerous files that are downloaded from
-  // familiar sites.
-  // TODO(asanka): Check PAGE_TRANSITION_FROM_ADDRESS_BAR bit instead of
-  // comparing all bits with PageTransitionTypeIncludingQualifiersIs().
+  // A danger level of ALLOW_ON_USER_GESTURE is used to label potentially
+  // dangerous file types that have a high frequency of legitimate use. We would
+  // like to avoid prompting for the legitimate cases as much as possible. To
+  // that end, we consider a download to be legitimate if one of the following
+  // is true, and avoid prompting:
+  //
+  // * If the user navigated to the download URL via the omnibox (either by

[Peter Kasting, 2016/06/29 23:35:01]

Nit: Remove "If" from both of these bullets (you already said it above)

[asanka, 2016/06/30 15:48:52]

Done.

+  //   typing the URL, pasting it, or using search).
+  //
+  // * If the navigation that initiated the download has a user gesture
+  //   associated with it AND the user the user is familiar with the referring
+  //   origin.
+  //
+  // A user is considered familiar with a referring origin if a visit for a page

[Peter Kasting, 2016/06/29 23:35:01]

Nit: I'd move this to the end of the second bullet.

[asanka, 2016/06/30 15:48:52]

Done.

+  // from the same origin was recorded on the previous day or earlier.
   if (danger_level == DownloadFileType::ALLOW_ON_USER_GESTURE &&
-      (ui::PageTransitionTypeIncludingQualifiersIs(
-          download_->GetTransitionType(),
-          ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) ||
+      ((download_->GetTransitionType() &
+        ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) != 0 ||
        (download_->HasUserGesture() && visits == VISITED_REFERRER)))
     return DownloadFileType::NOT_DANGEROUS;
   return danger_level;
 }
 
 void DownloadTargetDeterminer::OnDownloadDestroyed(
     DownloadItem* download) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   DCHECK_EQ(download_, download);
   CancelOnFailureAndDeleteSelf();
@@ skipping 17 matching lines @@
     const base::FilePath& suggested_path) {
   return base::FilePath(suggested_path.value() + kCrdownloadSuffix);
 }
 
 #if defined(OS_WIN)
 // static
 bool DownloadTargetDeterminer::IsAdobeReaderUpToDate() {
   return g_is_adobe_reader_up_to_date_;
 }
 #endif