Add SSLStatus flags to feed HTTP_WARNING security level

components/security_state/security_state_model.cc

Index: components/security_state/security_state_model.cc
diff --git a/components/security_state/security_state_model.cc b/components/security_state/security_state_model.cc
index c3ece04867774b6d35ba81c60361d5e323b2ad9c..35c21be7dd398a0b05fc1bef059dbe2b0abb1b0b 100644
--- a/components/security_state/security_state_model.cc
+++ b/components/security_state/security_state_model.cc
@@ -18,35 +18,79 @@ namespace security_state {
 
 namespace {
 
-SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
+// Do not change or reorder this enum, and add new values at the end. It is used
+// in the MarkNonSecureAs histogram.
+enum MarkNonSecureStatus {
+  NEUTRAL,
+  DUBIOUS,

[felt, 2016/09/20 06:09:41]

since you're updating the histogram anyway, what do you think of making a new
one (replacement histogram) without DUBIOUS?

[estark, 2016/09/20 17:53:33]

Done.

+  NON_SECURE,
+  HTTP_WARNING,
+  LAST_STATUS
+};
+
+// If |switch_or_field_trial_group| corresponds to a valid
+// MarkNonSecureAs group, sets |*level| and |*histogram_status| to the
+// appropriate values and returns true. Otherwise, returns false.
+bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+    std::string switch_or_field_trial_group,
+    bool displayed_nonsecure_password_field,
+    bool displayed_nonsecure_credit_card_field,
+    SecurityStateModel::SecurityLevel* level,
+    MarkNonSecureStatus* histogram_status) {
+  if (switch_or_field_trial_group == switches::kMarkNonSecureAsNeutral) {
+    *level = SecurityStateModel::NONE;
+    *histogram_status = NEUTRAL;
+    return true;
+  }
+
+  if (switch_or_field_trial_group == switches::kMarkNonSecureAsNonSecure) {
+    *level = SecurityStateModel::SECURITY_ERROR;
+    *histogram_status = NON_SECURE;
+    return true;
+  }
+
+  if (switch_or_field_trial_group ==
+      switches::kMarkNonSecureWithPasswordsOrCcAsNonSecure) {
+    if (displayed_nonsecure_password_field ||
+        displayed_nonsecure_credit_card_field) {
+      *level = SecurityStateModel::HTTP_WARNING;
+      *histogram_status = HTTP_WARNING;
+    } else {
+      *level = SecurityStateModel::NONE;
+      *histogram_status = NEUTRAL;
+    }
+    return true;
+  }
+
+  return false;
+}
+
+SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
+    bool displayed_nonsecure_password_field,
+    bool displayed_nonsecure_credit_card_field) {
   std::string choice =
       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
           switches::kMarkNonSecureAs);
   std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
 
-  // Do not change this enum. It is used in the histogram.
-  enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS };
   const char kEnumeration[] = "MarkNonSecureAs";
 
   SecurityStateModel::SecurityLevel level = SecurityStateModel::NONE;
   MarkNonSecureStatus status;
 
-  if (choice == switches::kMarkNonSecureAsNeutral) {
-    status = NEUTRAL;
-    level = SecurityStateModel::NONE;
-  } else if (choice == switches::kMarkNonSecureAsNonSecure) {
-    status = NON_SECURE;
-    level = SecurityStateModel::SECURITY_ERROR;
-  } else if (group == switches::kMarkNonSecureAsNeutral ||
-             group == switches::kMarkNonSecureWithPasswordsOrCcAsNonSecure) {
-    status = NEUTRAL;
-    level = SecurityStateModel::NONE;
-  } else if (group == switches::kMarkNonSecureAsNonSecure) {
-    status = NON_SECURE;
-    level = SecurityStateModel::SECURITY_ERROR;
-  } else {
-    status = NEUTRAL;
-    level = SecurityStateModel::NONE;
+  // If the command-line switch is set, then it takes precedence over
+  // the field trial group.
+  if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+          choice, displayed_nonsecure_password_field,
+          displayed_nonsecure_credit_card_field, &level, &status)) {
+    if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+            group, displayed_nonsecure_password_field,
+            displayed_nonsecure_credit_card_field, &level, &status)) {
+      // If neither the command-line switch nor field trial group is set, then
+      // nonsecure defaults to neutral.
+      status = NEUTRAL;
+      level = SecurityStateModel::NONE;
+    }
   }
 
   UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS);
@@ -102,8 +146,11 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
   switch (visible_security_state.initial_security_level) {
     case SecurityStateModel::NONE:
     case SecurityStateModel::HTTP_WARNING: {
-      if (!client->IsOriginSecure(url) && url.IsStandard())
-        return GetSecurityLevelForNonSecureFieldTrial();
+      if (!client->IsOriginSecure(url) && url.IsStandard()) {
+        return GetSecurityLevelForNonSecureFieldTrial(
+            visible_security_state.displayed_nonsecure_password_field,
+            visible_security_state.displayed_nonsecure_credit_card_field);
+      }
       return SecurityStateModel::NONE;
     }
 
@@ -299,7 +346,9 @@ SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
       ran_mixed_content(false),
       displayed_content_with_cert_errors(false),
       ran_content_with_cert_errors(false),
-      pkp_bypassed(false) {}
+      pkp_bypassed(false),
+      displayed_nonsecure_password_field(false),
+      displayed_nonsecure_credit_card_field(false) {}
 
 SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {}
 
@@ -319,7 +368,11 @@ bool SecurityStateModel::VisibleSecurityState::operator==(
           displayed_content_with_cert_errors ==
               other.displayed_content_with_cert_errors &&
           ran_content_with_cert_errors == other.ran_content_with_cert_errors &&
-          pkp_bypassed == other.pkp_bypassed);
+          pkp_bypassed == other.pkp_bypassed &&
+          displayed_nonsecure_password_field ==
+              other.displayed_nonsecure_password_field &&
+          displayed_nonsecure_credit_card_field ==
+              other.displayed_nonsecure_credit_card_field);
 }
 
 }  // namespace security_state