Network traffic annotation added to base_ping_manager.

components/safe_browsing/base_ping_manager.cc

 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/safe_browsing/base_ping_manager.h"
 
 #include <utility>
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "google_apis/google_api_keys.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/log/net_log_source_type.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 
 namespace {
 // Returns a dictionary with "url"=|url-spec| and "data"=|payload| for
@@ skipping 18 matching lines @@
     const net::URLRequestStatus& status,
     net::NetLogCaptureMode) {
   std::unique_ptr<base::DictionaryValue> event_params(
       new base::DictionaryValue());
   event_params->SetInteger("status", status.status());
   event_params->SetInteger("error", status.error());
   net_log.source().AddToEventParameters(event_params.get());
   return std::move(event_params);
 }
 
+net::NetworkTrafficAnnotationTag kTrafficAnnotation =
+    net::DefineNetworkTrafficAnnotation("safe_browsing_extended_reporting", R"(
+      semantics {
+        sender: "Safe Browsing Extended Reporting"
+        description:
+          "When a user is opted in to automatically reporting 'possible "
+          "security incidents to Google,' and they reach a bad page that's "
+          "flagged by Safe Browsing, Chrome will send a report to Google "
+          "with information about the threat. This helps Safe Browsing learn "
+          "where threats originate and thus protect more users."
+        trigger:
+          "When an red interstitial is show, and the user is opted-in."

[msramek, 2017/05/04 10:56:15]

typo: s/an/a/

[Ramin Halavati, 2017/05/05 07:07:08]

Done.

+        data:
+          "URLs and referrers from from the page along with other security-"

[msramek, 2017/05/04 10:56:15]

Nathan, the plural (URLs) means URLs of subresources? Can we be explicit about
that?

Could we also elaborate a bit on the security-relevant data? I know that SBER is
evolving a lot these days, so I'm not asking for a full enumeration, just a few
interesting examples. Thanks!

[Nathan Parker, 2017/05/04 15:44:43]

Sure, how about:

data: The report includes the URL and referrer chain of the page. If the warning
is triggered by a subresource on a partially loaded page, the report will
include the URL and referrer chain of sub frames and resources loaded into the
page.  It may also include a subset of headers for resources loaded, and some
Google ad identifiers to help block malicious ads.

[Ramin Halavati, 2017/05/05 07:07:08]

Done.

+          "relevant data from the page contents."
+        destination: GOOGLE_OWNED_SERVICE
+      }
+      policy {
+        cookies_allowed: true
+        cookies_store: "Safe Browsing Cookie Store"
+        setting:
+          "Users can enable or disable this feature by toggling "
+          "'Automatically report details of possible security incidents to "
+          "Google' in Chrome's settings under 'Privcay'. The feature is "

[msramek, 2017/05/04 10:56:16]

typo: Privacy

[Ramin Halavati, 2017/05/05 07:07:08]

Done.

+          "enabled by default."

[Nathan Parker, 2017/05/04 15:44:43]

The feature is DISABLED by default.

[Ramin Halavati, 2017/05/05 07:07:08]

Done.

+        chrome_policy {
+          SafeBrowsingExtendedReportingOptInAllowed {
+            policy_options {mode: MANDATORY}
+            SafeBrowsingExtendedReportingOptInAllowed: false
+          }
+        }
+      })");
+
 }  // namespace
 
 namespace safe_browsing {
 
 // SafeBrowsingPingManager implementation ----------------------------------
 
 // static
 std::unique_ptr<BasePingManager> BasePingManager::Create(
     net::URLRequestContextGetter* request_context_getter,
     const SafeBrowsingProtocolConfig& config) {
@@ skipping 37 matching lines @@
 }
 
 // Sends a SafeBrowsing "hit" report.
 void BasePingManager::ReportSafeBrowsingHit(
     const safe_browsing::HitReport& hit_report) {
   GURL report_url = SafeBrowsingHitUrl(hit_report);
   std::unique_ptr<net::URLFetcher> report_ptr = net::URLFetcher::Create(
       report_url,
       hit_report.post_data.empty() ? net::URLFetcher::GET
                                    : net::URLFetcher::POST,
-      this);
+      this, kTrafficAnnotation);
   net::URLFetcher* report = report_ptr.get();
   data_use_measurement::DataUseUserData::AttachToFetcher(
       report, data_use_measurement::DataUseUserData::SAFE_BROWSING);
   report_ptr->SetLoadFlags(net::LOAD_DISABLE_CACHE);
   report_ptr->SetRequestContext(request_context_getter_.get());
   std::string post_data_base64;
   if (!hit_report.post_data.empty()) {
     report_ptr->SetUploadData("text/plain", hit_report.post_data);
     base::Base64Encode(hit_report.post_data, &post_data_base64);
   }
 
   net_log_.BeginEvent(
       net::NetLogEventType::SAFE_BROWSING_PING,
       base::Bind(&NetLogPingStartCallback, net_log_,
                  report_ptr->GetOriginalURL(), post_data_base64));
 
   report->Start();
   safebrowsing_reports_.insert(std::move(report_ptr));
 }
 
 // Sends threat details for users who opt-in.
 void BasePingManager::ReportThreatDetails(const std::string& report) {
   GURL report_url = ThreatDetailsUrl();
-  std::unique_ptr<net::URLFetcher> fetcher =
-      net::URLFetcher::Create(report_url, net::URLFetcher::POST, this);
+  std::unique_ptr<net::URLFetcher> fetcher = net::URLFetcher::Create(
+      report_url, net::URLFetcher::POST, this, kTrafficAnnotation);
   data_use_measurement::DataUseUserData::AttachToFetcher(
       fetcher.get(), data_use_measurement::DataUseUserData::SAFE_BROWSING);
   fetcher->SetLoadFlags(net::LOAD_DISABLE_CACHE);
   fetcher->SetRequestContext(request_context_getter_.get());
   fetcher->SetUploadData("application/octet-stream", report);
   // Don't try too hard to send reports on failures.
   fetcher->SetAutomaticallyRetryOn5xx(false);
 
   std::string report_base64;
   base::Base64Encode(report, &report_base64);
@@ skipping 93 matching lines @@
       url_prefix_.c_str(), client_name_.c_str(), version_.c_str());
   std::string api_key = google_apis::GetAPIKey();
   if (!api_key.empty()) {
     base::StringAppendF(&url, "&key=%s",
                         net::EscapeQueryParamValue(api_key, true).c_str());
   }
   return GURL(url);
 }
 
 }  // namespace safe_browsing