Expose malware/phishing/etc. distinction from SafeBrowsingUIManager

components/security_state/security_state_model.cc

Index: components/security_state/security_state_model.cc
diff --git a/components/security_state/security_state_model.cc b/components/security_state/security_state_model.cc
index 7ed1a53347d4e314bed110ed5b8ee1f46bd8e92a..4b8330e1449da26400b8f5ed0bec5d2fedf55772 100644
--- a/components/security_state/security_state_model.cc
+++ b/components/security_state/security_state_model.cc
@@ -125,12 +125,15 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
     SecurityStateModel::ContentStatus mixed_content_status,
     SecurityStateModel::ContentStatus content_with_cert_errors_status) {
   DCHECK(visible_security_state.connection_info_initialized ||
-         visible_security_state.fails_malware_check);
+         visible_security_state.malicious_content_status !=
+             SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE);
 
   // Override the connection security information if the website failed the
   // browser's malware checks.
-  if (visible_security_state.fails_malware_check)
+  if (visible_security_state.malicious_content_status !=
+      SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE) {
     return SecurityStateModel::DANGEROUS;
+  }
 
   GURL url = visible_security_state.url;
 
@@ -208,9 +211,10 @@ void SecurityInfoForRequest(
     SecurityStateModel::SecurityInfo* security_info) {
   if (!visible_security_state.connection_info_initialized) {
     *security_info = SecurityStateModel::SecurityInfo();
-    security_info->fails_malware_check =
-        visible_security_state.fails_malware_check;
-    if (security_info->fails_malware_check) {
+    security_info->malicious_content_status =
+        visible_security_state.malicious_content_status;
+    if (security_info->malicious_content_status !=
+        SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE) {

[Nathan Parker, 2016/11/10 00:13:03]

I don't understand what this logic does, but I trust you do. It appears to
mirror the old code.

[estark, 2016/11/11 20:28:14]

Yeah the whole |connection_info_initialized| thing is kinda weird and probably
unnecessary (a byproduct of https://crbug.com/655220, I think). IIRC this is
basically handling the case where if the navigation hasn't committed yet, we
won't have connection security info yet, but we still want to reflect the
Dangerous status in the omnibox if the URL is marked bad because of SB.

       security_info->security_level = GetSecurityLevelForRequest(
           visible_security_state, client, SecurityStateModel::UNKNOWN_SHA1,
           SecurityStateModel::CONTENT_STATUS_UNKNOWN,
@@ -239,8 +243,8 @@ void SecurityInfoForRequest(
   security_info->sct_verify_statuses =
       visible_security_state.sct_verify_statuses;
 
-  security_info->fails_malware_check =
-      visible_security_state.fails_malware_check;
+  security_info->malicious_content_status =
+      visible_security_state.malicious_content_status;
 
   security_info->displayed_private_user_data_input_on_http =
       visible_security_state.displayed_password_field_on_http ||
@@ -263,7 +267,8 @@ const SecurityStateModel::SecurityLevel
 
 SecurityStateModel::SecurityInfo::SecurityInfo()
     : security_level(SecurityStateModel::NONE),
-      fails_malware_check(false),
+      malicious_content_status(
+          SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE),
       sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1),
       mixed_content_status(SecurityStateModel::CONTENT_STATUS_NONE),
       content_with_cert_errors_status(SecurityStateModel::CONTENT_STATUS_NONE),
@@ -294,7 +299,8 @@ void SecurityStateModel::SetClient(SecurityStateModelClient* client) {
 }
 
 SecurityStateModel::VisibleSecurityState::VisibleSecurityState()
-    : fails_malware_check(false),
+    : malicious_content_status(
+          SecurityStateModel::MALICIOUS_CONTENT_STATUS_NONE),
       connection_info_initialized(false),
       cert_status(0),
       connection_status(0),
@@ -313,7 +319,7 @@ SecurityStateModel::VisibleSecurityState::~VisibleSecurityState() {}
 bool SecurityStateModel::VisibleSecurityState::operator==(
     const SecurityStateModel::VisibleSecurityState& other) const {
   return (url == other.url &&
-          fails_malware_check == other.fails_malware_check &&
+          malicious_content_status == other.malicious_content_status &&
           !!certificate == !!other.certificate &&

[Nathan Parker, 2016/11/10 00:13:03]

ooo I like all the the !!'s.  That mirrors my mood today.

           (certificate ? certificate->Equals(other.certificate.get()) : true) &&
           connection_status == other.connection_status &&