Add security feature to ProvisionalSavePassword

components/password_manager/core/browser/password_manager.cc

Index: components/password_manager/core/browser/password_manager.cc
diff --git a/components/password_manager/core/browser/password_manager.cc b/components/password_manager/core/browser/password_manager.cc
index dc06e20c4e8d73bb9c0a8fd03124d6a5b86714f6..9cda00edd51a5383da0800b073c6072125c388a3 100644
--- a/components/password_manager/core/browser/password_manager.cc
+++ b/components/password_manager/core/browser/password_manager.cc
@@ -271,6 +271,13 @@ void PasswordManager::ProvisionallySavePassword(const PasswordForm& form) {
     return;
   }
 
+  if (ShouldBlockPasswordForSameOriginButDifferentScheme(form)) {
+    if (logger)
+      logger->LogMessage(
+          Logger::STRING_BLOCK_PASSWORD_SAME_ORIGIN_INSECURE_SCHEME);
+    return;
+  }
+
   auto matched_manager_it = pending_login_managers_.end();
   PasswordFormManager::MatchResultMask current_match_result =
       PasswordFormManager::RESULT_NO_MATCH;
@@ -560,6 +567,14 @@ bool PasswordManager::CanProvisionalManagerSave() {
   return true;
 }
 
+bool PasswordManager::ShouldBlockPasswordForSameOriginButDifferentScheme(
+    const PasswordForm& form) const {
+  const GURL& old_origin = main_frame_url_.GetOrigin();
+  const GURL& new_origin = form.origin.GetOrigin();
+  return URLsEqualUpToScheme(old_origin, new_origin) &&
+         old_origin != new_origin && !new_origin.SchemeIsCryptographic();

[jdoerrie, 2017/01/04 16:55:18]

Using |provisional_save_manager_| does not work here, which is why I am
comparing against main_frame_url_. Ideally we would keep a vector of visited
origins in the past, so that we can do the analysis that is mentioned in the
doc.  I would like to hear your feedback here, though. 

[vasilii, 2017/01/05 11:26:11]

The problem with implementing it in PasswordManager is that you don't know the
state of the UI. The following is possible:
- I submit an HTTPS form and save the password.
- Then I browse the HTTP pages of the same site.
- I submit an HTTP form on that site. The bubble doesn't appear.
Maybe that behavior is even justifiable. However, if I open the same form in
another tab then the bubble will appear. That sounds broken indeed.
Not sure how the vector of origins helps you. You can though add a code to the
UI layer to notify PasswordManager when the bubble is gone. So PasswordManager
will use ShouldBlockPasswordForSameOriginButDifferentScheme logic only while the
UI is active.
Usage of |main_frame_url_| seems reasonable to me. What's the concern  with it?

[jdoerrie, 2017/01/05 18:11:30]

Discussed offline, the current solution is not ideal, but very simple and does
address the issue raised in the doc.

+}
+
 bool PasswordManager::ShouldPromptUserToSavePassword() const {
   return !client_->IsAutomaticPasswordSavingEnabled() &&
          (provisional_save_manager_->IsNewLogin() ||