Show interstitial on a password on focus ping with PHISHING verdict.

chrome/browser/safe_browsing/chrome_password_protection_service.cc

Index: chrome/browser/safe_browsing/chrome_password_protection_service.cc
diff --git a/chrome/browser/safe_browsing/chrome_password_protection_service.cc b/chrome/browser/safe_browsing/chrome_password_protection_service.cc
index d64377c01dd9be254b270e1dd8e4356993cd7888..63168e7a331f686676b5cdad6f2d84817c6821d8 100644
--- a/chrome/browser/safe_browsing/chrome_password_protection_service.cc
+++ b/chrome/browser/safe_browsing/chrome_password_protection_service.cc
@@ -12,11 +12,17 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_navigation_observer_manager.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
+#include "chrome/common/pref_names.h"
 #include "components/browser_sync/profile_sync_service.h"
+#include "components/prefs/pref_service.h"
 #include "components/safe_browsing/common/safe_browsing_prefs.h"
 #include "components/safe_browsing/password_protection/password_protection_request.h"
 #include "components/safe_browsing_db/database_manager.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/web_contents.h"
 
 using content::BrowserThread;
 
@@ -39,6 +45,7 @@ ChromePasswordProtectionService::ChromePasswordProtectionService(
               profile,
               ServiceAccessType::EXPLICIT_ACCESS),
           HostContentSettingsMapFactory::GetForProfile(profile)),
+      ui_manager_(sb_service->ui_manager()),
       profile_(profile),
       navigation_observer_manager_(sb_service->navigation_observer_manager()) {
   DCHECK(profile_);
@@ -82,6 +89,13 @@ bool ChromePasswordProtectionService::IsIncognito() {
 bool ChromePasswordProtectionService::IsPingingEnabled(
     const base::Feature& feature,
     RequestOutcome* reason) {
+  // Don't start pinging on an invalid profile, or if user turns off Safe
+  // Browsing service.
+  if (!profile_ ||
+      !profile_->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled)) {
+    return false;
+  }
+
   DCHECK(feature.name == kProtectedPasswordEntryPinging.name ||
          feature.name == kPasswordFieldOnFocusPinging.name);
   if (!base::FeatureList::IsEnabled(feature)) {
@@ -123,6 +137,33 @@ bool ChromePasswordProtectionService::IsHistorySyncEnabled() {
          sync->GetActiveDataTypes().Has(syncer::HISTORY_DELETE_DIRECTIVES);
 }
 
-ChromePasswordProtectionService::ChromePasswordProtectionService()
-    : PasswordProtectionService(nullptr, nullptr, nullptr, nullptr) {}
+void ChromePasswordProtectionService::ShowPhishingInterstitial(
+    const GURL& phishing_url,
+    const std::string& token,
+    content::WebContents* web_contents) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  if (!ui_manager_)
+    return;
+  security_interstitials::UnsafeResource resource;
+  resource.url = phishing_url;
+  resource.original_url = phishing_url;
+  resource.is_subresource = false;
+  resource.threat_type = SB_THREAT_TYPE_PASSWORD_PROTECTION_PHISHING_URL;
+  resource.threat_source =
+      safe_browsing::ThreatSource::PASSWORD_PROTECTION_SERVICE;
+  resource.web_contents_getter =
+      safe_browsing::SafeBrowsingUIManager::UnsafeResource::
+          GetWebContentsGetter(web_contents->GetRenderProcessHost()->GetID(),
+                               web_contents->GetMainFrame()->GetRoutingID());
+  resource.token = token;
+  if (!ui_manager_->IsWhitelisted(resource)) {
+    web_contents->GetController().DiscardNonCommittedEntries();
+  }
+  ui_manager_->DisplayBlockingPage(resource);
+}
+
+ChromePasswordProtectionService::ChromePasswordProtectionService(
+    Profile* profile)
+    : PasswordProtectionService(nullptr, nullptr, nullptr, nullptr),
+      profile_(profile) {}
 }  // namespace safe_browsing