Don't trigger Phishguard pings if we cannot compute URL reputation.

components/safe_browsing/password_protection/password_protection_service_unittest.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "components/safe_browsing/password_protection/password_protection_service.h"
 
 #include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/test/histogram_tester.h"
@@ skipping 147 matching lines @@
   void TearDown() override { content_setting_map_->ShutdownOnUIThread(); }
 
   // Sets up |database_manager_| and |requests_| as needed.
   void InitializeAndStartPasswordOnFocusRequest(bool match_whitelist,
                                                 int timeout_in_ms) {
     GURL target_url(kTargetUrl);
     EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
         .WillRepeatedly(testing::Return(match_whitelist));
 
     request_ = new PasswordProtectionRequest(
-        target_url, GURL(kFormActionUrl), GURL(kPasswordFrameUrl),
+        nullptr, target_url, GURL(kFormActionUrl), GURL(kPasswordFrameUrl),
         std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE,
         password_protection_service_.get(), timeout_in_ms);
     request_->Start();
   }
 
   void InitializeAndStartPasswordEntryRequest(bool match_whitelist,
                                               int timeout_in_ms) {
     GURL target_url(kTargetUrl);
     EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
         .WillRepeatedly(testing::Return(match_whitelist));
 
     request_ = new PasswordProtectionRequest(
-        target_url, GURL(), GURL(), std::string(kSavedDomain),
+        nullptr, target_url, GURL(), GURL(), std::string(kSavedDomain),
         LoginReputationClientRequest::PASSWORD_REUSE_EVENT,
         password_protection_service_.get(), timeout_in_ms);
     request_->Start();
   }
 
   bool PathVariantsMatchCacheExpression(const GURL& url,
                                         const std::string& cache_expression) {
     std::vector<std::string> paths;
     PasswordProtectionService::GeneratePathVariantsWithoutQuery(url, &paths);
     return PasswordProtectionService::PathVariantsMatchCacheExpression(
@@ skipping 197 matching lines @@
             password_protection_service_->GetCachedVerdict(
                 GURL("http://bar.com"), &actual_verdict));
 
   // If delete all history. All password protection content settings should be
   // gone.
   password_protection_service_->RemoveContentSettingsOnURLsDeleted(
       true /* all_history */, history::URLRows());
   EXPECT_EQ(0U, GetStoredVerdictCount());
 }
 
-TEST_F(PasswordProtectionServiceTest,
-       TestNoRequestCreatedIfMainFrameURLIsNotValid) {
-  ASSERT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
-  password_protection_service_->MaybeStartPasswordFieldOnFocusRequest(
-      GURL(), GURL("http://foo.com/submit"), GURL("http://foo.com/frame"));
-  EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
-}
+TEST_F(PasswordProtectionServiceTest, VerifyCanGetReputationOfURL) {
+  // Invalid main frame URL.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(GURL()));
 
-TEST_F(PasswordProtectionServiceTest,
-       TestNoRequestCreatedIfMainFrameURLIsNotHttpOrHttps) {
-  ASSERT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
-  // If main frame url is data url, don't create request.
-  password_protection_service_->MaybeStartPasswordFieldOnFocusRequest(
-      GURL("data:text/html, <p>hellow"), GURL("http://foo.com/submit"),
-      GURL("http://foo.com/frame"));
-  EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
+  // Main frame URL scheme is not HTTP or HTTPS.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("data:text/html, <p>hellow")));
 
-  // If main frame url is ftp, don't create request.
-  password_protection_service_->MaybeStartPasswordFieldOnFocusRequest(
-      GURL("ftp://foo.com:21"), GURL("http://foo.com/submit"),
-      GURL("http://foo.com/frame"));
-  EXPECT_EQ(0u, password_protection_service_->GetPendingRequestsCount());
+  // Main frame URL is a local host.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://localhost:80")));
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://127.0.0.1")));
+
+  // Main frame URL is a private IP address or anything in an IANA-reserved
+  // range.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://192.168.1.0/")));
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://10.0.1.0/")));
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://FEED::BEEF")));
+
+  // Main frame URL is a no-yet-assigned y ICANN gTLD.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://intranet")));
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://host.intranet.example")));
+
+  // Main frame URL is a dotless domain.
+  EXPECT_FALSE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://go/example")));
+
+  // Main frame URL is anything else.
+  EXPECT_TRUE(PasswordProtectionService::CanGetReputationOfURL(
+      GURL("http://www.chromium.org")));
 }
 
 TEST_F(PasswordProtectionServiceTest, TestNoRequestSentForWhitelistedURL) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   InitializeAndStartPasswordOnFocusRequest(true /* match whitelist */,
                                            10000 /* timeout in ms*/);
   base::RunLoop().RunUntilIdle();
   EXPECT_EQ(nullptr, password_protection_service_->latest_response());
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
@@ skipping 89 matching lines @@
   EXPECT_EQ(expected_response.cache_duration_sec(),
             actual_response->cache_duration_sec());
 }
 
 TEST_F(PasswordProtectionServiceTest, TestTearDownWithPendingRequests) {
   histograms_.ExpectTotalCount(kPasswordOnFocusRequestOutcomeHistogramName, 0);
   GURL target_url(kTargetUrl);
   EXPECT_CALL(*database_manager_.get(), MatchCsdWhitelistUrl(target_url))
       .WillRepeatedly(testing::Return(false));
   password_protection_service_->StartRequest(
-      target_url, GURL("http://foo.com/submit"), GURL("http://foo.com/frame"),
-      std::string(), LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE);
+      nullptr, target_url, GURL("http://foo.com/submit"),
+      GURL("http://foo.com/frame"), std::string(),
+      LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE);
 
   // Destroy password_protection_service_ while there is one request pending.
   password_protection_service_.reset();
   base::RunLoop().RunUntilIdle();
 
   EXPECT_THAT(
       histograms_.GetAllSamples(kPasswordOnFocusRequestOutcomeHistogramName),
       testing::ElementsAre(base::Bucket(2 /* CANCELED */, 1)));
 }
 
@@ skipping 89 matching lines @@
   EXPECT_EQ(1, actual_request->frames_size());
   EXPECT_EQ(kTargetUrl, actual_request->frames(0).url());
   ASSERT_TRUE(actual_request->has_password_reuse_event());
   ASSERT_EQ(1, actual_request->password_reuse_event()
                    .password_reused_original_origins_size());
   EXPECT_EQ(kSavedDomain, actual_request->password_reuse_event()
                               .password_reused_original_origins(0));
 }
 
 }  // namespace safe_browsing