Add SSLStatus flags to feed HTTP_WARNING security level

components/security_state/security_state_model.h

Index: components/security_state/security_state_model.h
diff --git a/components/security_state/security_state_model.h b/components/security_state/security_state_model.h
index e2fefa7cedd498ae16fe023558adfae05498d13a..5d06d2a7a05c7c51d09ae46effa0f81c8e14db3d 100644
--- a/components/security_state/security_state_model.h
+++ b/components/security_state/security_state_model.h
@@ -175,6 +175,10 @@ class SecurityStateModel {
     bool ran_content_with_cert_errors;
     // True if PKP was bypassed due to a local trust anchor.
     bool pkp_bypassed;
+    // True if the page was an HTTP page that displayed a password field.
+    bool displayed_nonsecure_password_field;

[felt, 2016/09/20 06:09:41]

nit, here and elsewhere:

let's say HTTP instead of non-secure, to be clear. at least until we invent a
less confusing phrase.

[estark, 2016/09/20 17:53:33]

Oh yes, I forgot about that. Done. I find "displayed_http_password_field"
confusing because it could be interpreted as a password field in a form that
*submits* to http, so I made it |displayed_password_field_on_http|, and similar
elsewhere.

+    // True if the page was an HTTP page that displayed a credit card field.
+    bool displayed_nonsecure_credit_card_field;
   };
 
   // These security levels describe the treatment given to pages that