Add a histogram for each time the HTTP Bad UI is shown

chrome/browser/ssl/chrome_security_state_model_client.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include <openssl/ssl.h>
 
 #include <vector>
 
@@ skipping 320 matching lines @@
 void ChromeSecurityStateModelClient::VisibleSSLStateChanged() {
   if (logged_http_warning_on_current_navigation_)
     return;
 
   security_state::SecurityStateModel::SecurityInfo security_info;
   GetSecurityInfo(&security_info);
   if (!security_info.displayed_private_user_data_input_on_http)
     return;
 
   std::string warning;
+  bool warning_is_user_visible = false;
   switch (security_info.security_level) {
     case security_state::SecurityStateModel::HTTP_SHOW_WARNING:
       warning =
           "This page includes a password or credit card input in a non-secure "
           "context. A warning has been added to the URL bar. For more "
           "information, see https://goo.gl/zmWq3m.";
+      warning_is_user_visible = true;
       break;
     case security_state::SecurityStateModel::NONE:
+    case security_state::SecurityStateModel::DANGEROUS:

[estark, 2016/10/26 21:29:46]

Two notes about this (no changes needed):

1. One could argue that this change belongs in a separate CL because it changes
functionality other than the main thing you're doing in this CL (which is adding
the histogram). Since it's so simple, I think it's fine to leave it here, just
making a note of it.

2. One could also argue that there should be a browser test for a console
message on DANGEROUS, along the lines of
https://cs.chromium.org/chromium/src/chrome/browser/ssl/chrome_security_state....
However... those tests are so long and ugly that I can't bear the thought of
adding another one. So I filed a bug for this missing test
(https://crbug.com/659801), blocking on a change that will allow these tests to
be much simpler (https://crbug.com/658099)

       warning =
           "This page includes a password or credit card input in a non-secure "
           "context. A warning will be added to the URL bar in Chrome 56 (Jan "
           "2017). For more information, see https://goo.gl/zmWq3m.";
       break;
     default:
       return;
   }
 
   logged_http_warning_on_current_navigation_ = true;
   web_contents_->GetMainFrame()->AddMessageToConsole(
       content::CONSOLE_MESSAGE_LEVEL_WARNING, warning);
+  UMA_HISTOGRAM_BOOLEAN("Security.HTTPBad.UserWarnedAboutSensitiveInput",
+                        warning_is_user_visible);
 }
 
 void ChromeSecurityStateModelClient::DidFinishNavigation(
     content::NavigationHandle* navigation_handle) {
   if (navigation_handle->IsInMainFrame() &&
       !navigation_handle->IsSynchronousNavigation()) {
     // Only reset the console message flag for main-frame navigations,
     // and not for synchronous navigations like reference fragments and
     // pushState.
     logged_http_warning_on_current_navigation_ = false;
@@ skipping 56 matching lines @@
       !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS);
   state->displayed_password_field_on_http =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
   state->displayed_credit_card_field_on_http =
       !!(ssl.content_status &
          content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP);
 
   CheckSafeBrowsingStatus(entry, web_contents_, state);
 }