Use new SafeBrowsing redirect tracking code in CWS pings.

chrome/browser/extensions/webstore_inline_installer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/webstore_inline_installer.h"
 
 #include <utility>
 
 #include "base/json/json_writer.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/extensions/webstore_data_fetcher.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/safe_browsing/safe_browsing_navigation_observer_manager.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/exclusive_access/fullscreen_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/web_contents.h"
 
 using content::WebContents;
+using safe_browsing::SafeBrowsingNavigationObserverManager;
+using safe_browsing::ReferrerChain;
+
+namespace {
+
+// The number of user gestures to trace back for CWS pings.
+const int kExtensionReferrerUserGestureLimit = 2;
+}
 
 namespace extensions {
 
 const char kInvalidWebstoreResponseError[] =
     "Invalid Chrome Web Store response.";
 const char kNoVerifiedSitesError[] =
     "Inline installs can only be initiated for Chrome Web Store items that "
     "have one or more verified sites.";
 const char kNotFromVerifiedSitesError[] =
     "Installs can only be initiated by one of the Chrome Web Store item's "
@@ skipping 63 matching lines @@
     }
   }
   if (!requestor_is_ok) {
     *error = kNotFromVerifiedSitesError;
     return false;
   }
   *error = "";
   return true;
 }
 
+bool WebstoreInlineInstaller::SafeBrowsingNavigationEventsEnabled() const {
+  return SafeBrowsingNavigationObserverManager::IsEnabledAndReady(
+      Profile::FromBrowserContext(web_contents()->GetBrowserContext()));

[Devlin, 2017/04/21 17:10:33]

nit: profile()

[robertshield, 2017/04/25 18:02:17]

Done.

+}
+
 std::string WebstoreInlineInstaller::GetJsonPostData() {
   // web_contents() might return null during tab destruction. This object would
   // also be destroyed shortly thereafter but check to be on the safe side.
   if (!web_contents())
     return std::string();
 
-  content::NavigationController& navigation_controller =
-      web_contents()->GetController();
-  content::NavigationEntry* navigation_entry =
-      navigation_controller.GetLastCommittedEntry();
+  std::unique_ptr<base::ListValue> redirect_chain =

[Devlin, 2017/04/21 17:06:11]

optional: auto redirect_chain = base::MakeUnique<base::ListValue>();
MakeUnique<T> is clear that it will return a std::unique_ptr<T>, so auto is
acceptable, if you wanted to make it a bit shorter.

[robertshield, 2017/04/25 18:02:17]

Done.

+      base::MakeUnique<base::ListValue>();
 
-  if (navigation_entry) {
+  if (SafeBrowsingNavigationEventsEnabled()) {
+    // If we have it, use the new referrer checker.
+    safe_browsing::SafeBrowsingService* safe_browsing_service =
+        g_browser_process->safe_browsing_service();
+    // May be null in some tests.
+    if (!safe_browsing_service)
+      return std::string();
+
+    scoped_refptr<SafeBrowsingNavigationObserverManager>
+        navigation_observer_manager =
+            safe_browsing_service->navigation_observer_manager();
+    // This may be null if the navigation observer manager feature is
+    // disabled by experiment.
+    if (!navigation_observer_manager)
+      return std::string();
+
+    ReferrerChain referrer_chain;
+    SafeBrowsingNavigationObserverManager::AttributionResult result =
+        navigation_observer_manager->IdentifyReferrerChainByWebContents(
+            web_contents(), kExtensionReferrerUserGestureLimit,
+            &referrer_chain);
+    if (result !=
+        SafeBrowsingNavigationObserverManager::NAVIGATION_EVENT_NOT_FOUND) {
+      // For now the CWS post data is JSON encoded. Consider moving it to a
+      // proto.
+      for (const auto& referrer_chain_entry : referrer_chain) {
+        // Referrer chain entries are a list of URLs in reverse chronological
+        // order, so the final URL is the last thing in the list and the initial
+        // landing page is the first thing in the list.
+        // Furthermore each entry may contain a series of server redirects
+        // stored in the same order.
+        redirect_chain->AppendString(referrer_chain_entry.url());
+        for (const auto& server_side_redirect :
+             referrer_chain_entry.server_redirect_chain()) {
+          redirect_chain->AppendString(server_side_redirect.url());
+        }
+      }
+    }
+  } else {
+    content::NavigationController& navigation_controller =
+        web_contents()->GetController();
+    content::NavigationEntry* navigation_entry =
+        navigation_controller.GetLastCommittedEntry();
     const std::vector<GURL>& redirect_urls =
         navigation_entry->GetRedirectChain();

[Devlin, 2017/04/21 17:06:11]

We used to have a check for if (navigation_entry), since GetLastCommittedEntry()
can sometimes return null.  Was the removal of the if deliberate?  If so, why do
we know this is non-null?

[robertshield, 2017/04/25 18:02:17]

It was, but on further inspection, it was wrong. Added the check back, thanks
for noticing. 

-
-    if (!redirect_urls.empty()) {
-      base::DictionaryValue dictionary;
-      dictionary.SetString("id", id());
-      dictionary.SetString("referrer", requestor_url_.spec());
-      std::unique_ptr<base::ListValue> redirect_chain =
-          base::MakeUnique<base::ListValue>();
-      for (const GURL& url : redirect_urls) {
-        redirect_chain->AppendString(url.spec());
-      }
-      dictionary.Set("redirect_chain", std::move(redirect_chain));
-
-      std::string json;
-      base::JSONWriter::Write(dictionary, &json);
-      return json;
+    for (const GURL& url : redirect_urls) {
+      redirect_chain->AppendString(url.spec());
     }
   }
 
+  if (!redirect_chain->empty()) {
+    base::DictionaryValue dictionary;
+    dictionary.SetString("id", id());
+    dictionary.SetString("referrer", requestor_url_.spec());
+    dictionary.Set("redirect_chain", std::move(redirect_chain));
+
+    std::string json;
+    base::JSONWriter::Write(dictionary, &json);
+    return json;
+  }
+
   return std::string();
 }
 
 bool WebstoreInlineInstaller::CheckRequestorAlive() const {
   // The frame or tab may have gone away - cancel installation in that case.
   return host_ != nullptr && web_contents() != nullptr &&
          chrome::FindBrowserWithWebContents(web_contents()) != nullptr;
 }
 
 const GURL& WebstoreInlineInstaller::GetRequestorURL() const {
@@ skipping 142 matching lines @@
     DLOG(WARNING) << "Could not parse " << verified_site_pattern_spec <<
         " as URL pattern " << parse_result;
     return false;
   }
   verified_site_pattern.SetScheme("*");
 
   return verified_site_pattern.MatchesURL(requestor_url);
 }
 
 }  // namespace extensions