Componentize SafeBrowsingBlockingPage for WebView use

components/safe_browsing/base_ui_manager.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/safe_browsing/base_ui_manager.h"
 
 #include "base/bind.h"
 #include "base/callback.h"
-#include "base/macros.h"
+#include "base/i18n/rtl.h"
+#include "base/metrics/histogram_macros.h"
+#include "base/supports_user_data.h"
+#include "components/safe_browsing/base_safe_browsing_blocking_page.h"
+#include "components/safe_browsing_db/metadata.pb.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/web_contents.h"
 
 using content::BrowserThread;
 using content::NavigationEntry;
 using content::WebContents;
 using safe_browsing::HitReport;
 using safe_browsing::SBThreatType;
 
@@ skipping 68 matching lines @@
   return site_list;
 }
 
 }  // namespace
 
 namespace safe_browsing {
 
 BaseSafeBrowsingUIManager::BaseSafeBrowsingUIManager() {}
 
 void BaseSafeBrowsingUIManager::StopOnIOThread(bool shutdown) {
+  LOG(ERROR) << "This should not be called";

[meacer, 2017/01/10 21:18:21]

Forgot to remove? :)

[Jialiu Lin, 2017/01/11 00:50:06]

ye..s....I forgot...

   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // TODO(ntfschr): implement this once SafeBrowsingService is componentized
   return;
 }
 
 BaseSafeBrowsingUIManager::~BaseSafeBrowsingUIManager() {}
 
 bool BaseSafeBrowsingUIManager::IsWhitelisted(const UnsafeResource& resource) {
   NavigationEntry* entry = nullptr;
   if (resource.is_subresource) {
@@ skipping 56 matching lines @@
     } else if (web_contents) {
       // |web_contents| doesn't exist if the tab has been closed.
       RemoveFromPendingWhitelistUrlSet(whitelist_url, web_contents);
     }
   }
 }
 
 void BaseSafeBrowsingUIManager::DisplayBlockingPage(
     const UnsafeResource& resource) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  // TODO(ntfschr): implement this once SafeBrowsingBlockingPage is
-  // componentized
-  return;
+  if (resource.is_subresource && !resource.is_subframe) {
+    // Sites tagged as serving Unwanted Software should only show a warning for
+    // main-frame or sub-frame resource. Similar warning restrictions should be
+    // applied to malware sites tagged as "landing sites" (see "Types of
+    // Malware sites" under
+    // https://developers.google.com/safe-browsing/developers_guide_v3#UserWarnings).
+    MalwarePatternType proto;

[meacer, 2017/01/10 21:18:21]

This doesn't seem to be used, remove?

[Jialiu Lin, 2017/01/11 00:50:06]

Hmm.. I wonder what's the story of this line. I copied this part of code from
SafeBrowsingUIManager. Need to remove this line from SafeBrowsingUIManager too. 

+    if (resource.threat_type == SB_THREAT_TYPE_URL_UNWANTED ||
+        (resource.threat_type == SB_THREAT_TYPE_URL_MALWARE &&
+         resource.threat_metadata.threat_pattern_type ==
+             ThreatPatternType::MALWARE_LANDING)) {
+      if (!resource.callback.is_null()) {
+        DCHECK(resource.callback_thread);
+        resource.callback_thread->PostTask(FROM_HERE,
+                                           base::Bind(resource.callback, true));
+      }
+
+      return;
+    }
+  }
+
+  // The tab might have been closed. If it was closed, just act as if "Don't
+  // Proceed" had been chosen.
+  WebContents* web_contents = resource.web_contents_getter.Run();
+  if (!web_contents) {
+    std::vector<UnsafeResource> resources;

[meacer, 2017/01/10 21:18:21]

nit: Maybe inline this?

OnBlockingPageDone(std::vector<UnsafeResource>{resource}, false, ...);
return;

[Jialiu Lin, 2017/01/11 00:50:06]

Done.

+    resources.push_back(resource);
+    OnBlockingPageDone(resources, false, web_contents,
+                       GetMainFrameWhitelistUrlForResource(resource));
+    return;
+  }
+
+  // Check if the user has already ignored a SB warning for the same WebContents
+  // and top-level domain.
+  if (IsWhitelisted(resource)) {
+    if (!resource.callback.is_null()) {
+      DCHECK(resource.callback_thread);
+      resource.callback_thread->PostTask(FROM_HERE,
+                                         base::Bind(resource.callback, true));
+    }
+    return;
+  }
+
+  // TODO(jialiul): BaseUIManager currently don't send HitReport.

[meacer, 2017/01/10 21:18:21]

nit: The todo seemed a bit abstract, perhaps file a bug and point to it
TODO(crbug/1234567) style?

[Jialiu Lin, 2017/01/11 00:50:06]

I probably should make it a comment instead of TODO. It's up to its subclasses
to implement the reporting logic. 

+
+  AddToWhitelistUrlSet(GetMainFrameWhitelistUrlForResource(resource),
+                       resource.web_contents_getter.Run(),
+                       true /* A decision is now pending */,
+                       resource.threat_type);
+  BaseSafeBrowsingBlockingPage::ShowBlockingPage(this, resource);
 }
 
 void BaseSafeBrowsingUIManager::EnsureWhitelistCreated(
     WebContents* web_contents) {
   GetOrCreateWhitelist(web_contents);
 }
 
 void BaseSafeBrowsingUIManager::LogPauseDelay(base::TimeDelta time) {
+  UMA_HISTOGRAM_LONG_TIMES("SB2.Delay", time);
   return;
 }
 
 // A safebrowsing hit is sent after a blocking page for malware/phishing
 // or after the warning dialog for download urls, only for
 // UMA || extended_reporting users.
 void BaseSafeBrowsingUIManager::MaybeReportSafeBrowsingHit(
     const HitReport& hit_report) {
+  LOG(ERROR) << "This should not be called: "
+                "BaseSafeBrowsingUIManager::MaybeReportSafeBrowsingHit";

[meacer, 2017/01/10 21:18:21]

nit: Remove?

[Jialiu Lin, 2017/01/11 00:50:06]

Done.

   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   // TODO(ntfschr): implement this once we support reporting in WebView
   return;
 }
 
 void BaseSafeBrowsingUIManager::ReportSafeBrowsingHitOnIOThread(
     const HitReport& hit_report) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   // TODO(ntfschr): implement this once we support reporting in WebView
   return;
@@ skipping 29 matching lines @@
   if (pending) {
     site_list->InsertPending(whitelist_url, threat_type);
   } else {
     site_list->Insert(whitelist_url, threat_type);
   }
 
   // Notify security UI that security state has changed.
   web_contents->DidChangeVisibleSecurityState();
 }
 
-void BaseSafeBrowsingUIManager::AddObserver(Observer* observer) {
-  DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  observer_list_.AddObserver(observer);
+const std::string BaseSafeBrowsingUIManager::app_locale() {
+  return base::i18n::GetConfiguredLocale();
 }
 
-void BaseSafeBrowsingUIManager::RemoveObserver(Observer* observer) {
-  DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  observer_list_.RemoveObserver(observer);
+history::HistoryService* BaseSafeBrowsingUIManager::history_service(
+    content::WebContents* web_contents) {
+  // TODO(jialiul): figure out how to get HistoryService from webview.
+  return nullptr;
+}
+
+const GURL BaseSafeBrowsingUIManager::default_safe_page() {
+  return GURL(url::kAboutBlankURL);
 }
 
 void BaseSafeBrowsingUIManager::RemoveFromPendingWhitelistUrlSet(
     const GURL& whitelist_url,
     WebContents* web_contents) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
   // A WebContents might not exist if the tab has been closed.
   if (!web_contents)
     return;
@@ skipping 19 matching lines @@
   // remove the main-frame URL from the pending whitelist, so the
   // main-frame URL will have already been removed when the subsequent
   // blocking pages are dismissed.
   if (site_list->ContainsPending(whitelist_url, nullptr))
     site_list->RemovePending(whitelist_url);
 
   // Notify security UI that security state has changed.
   web_contents->DidChangeVisibleSecurityState();
 }
 
+// static
+GURL BaseSafeBrowsingUIManager::GetMainFrameWhitelistUrlForResource(
+    const security_interstitials::UnsafeResource& resource) {
+  if (resource.is_subresource) {
+    NavigationEntry* entry = resource.GetNavigationEntryForResource();
+    if (!entry)
+      return GURL();
+    return entry->GetURL().GetWithEmptyPath();
+  }
+  return resource.url.GetWithEmptyPath();
+}
+
 }  // namespace safe_browsing