Add the result of the inclusion whitelist to the OffDomainInclusionDetector's analysis.

chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc

Index: chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc
diff --git a/chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc b/chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc
index e40d6a5ad9c25ad21c5aab5d12a14d4cf2a406ef..108541e4043ba5e5acf15457a6d2565d2d6e9b98 100644
--- a/chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc
+++ b/chrome/browser/safe_browsing/incident_reporting/off_domain_inclusion_detector.cc
@@ -6,7 +6,10 @@
 
 #include <string>
 
+#include "base/logging.h"
 #include "base/metrics/histogram.h"
+#include "chrome/browser/safe_browsing/database_manager.h"
+#include "content/public/browser/browser_thread.h"
 #include "content/public/browser/resource_request_info.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/url_request/url_request.h"
@@ -14,12 +17,18 @@
 
 namespace safe_browsing {
 
-OffDomainInclusionDetector::OffDomainInclusionDetector() {
+OffDomainInclusionDetector::OffDomainInclusionDetector(
+    const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager)
+    : OffDomainInclusionDetector(database_manager,

[grt (UTC plus 2), 2015/01/07 14:35:48]

cool!

[gab, 2015/01/07 17:52:01]

Yay C++11 :-)!

+                                 ReportAnalysisEventCallback()) {
 }
 
 OffDomainInclusionDetector::OffDomainInclusionDetector(
+    const scoped_refptr<SafeBrowsingDatabaseManager>& database_manager,
     const ReportAnalysisEventCallback& report_analysis_event_callback)
-    : report_analysis_event_callback_(report_analysis_event_callback) {
+    : database_manager_(database_manager),
+      report_analysis_event_callback_(report_analysis_event_callback) {
+  DCHECK(database_manager);
 }
 
 OffDomainInclusionDetector::~OffDomainInclusionDetector() {
@@ -27,6 +36,11 @@ OffDomainInclusionDetector::~OffDomainInclusionDetector() {
 
 void OffDomainInclusionDetector::OnResourceRequest(
     const net::URLRequest* request) {
+  // Assumed to be called on the IO thread for now as it accesses the safe

[grt (UTC plus 2), 2015/01/07 14:35:48]

Assumed to? If there's a DCHECK here, then it "Must" be called on the IO thread.
Please update comment.

[gab, 2015/01/07 17:52:00]

Done.

+  // browsing database manager on it, but the analysis below could be made
+  // asynchronous if needed.
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+
   // Only look at actual net requests (e.g., not chrome-extensions://id/foo.js).
   if (!request->url().SchemeIsHTTPOrHTTPS())
     return;
@@ -105,11 +119,21 @@ void OffDomainInclusionDetector::OnResourceRequest(
             main_frame_url,
             net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
 
+    // Off-Domain Inclusion?
     if (!request->url().DomainIs(main_frame_domain.c_str())) {
-      UMA_HISTOGRAM_ENUMERATION("SBOffDomainInclusion.Detected",
-                                resource_type,
-                                content::RESOURCE_TYPE_LAST_TYPE);
-      analysis_event = AnalysisEvent::OFF_DOMAIN_INCLUSION_DETECTED;
+      // Whitelisted?
+      if (database_manager_->MatchInclusionWhitelistUrl(request->url())) {
+        UMA_HISTOGRAM_ENUMERATION("SBOffDomainInclusion.Whitelisted",
+                                  resource_type,
+                                  content::RESOURCE_TYPE_LAST_TYPE);
+        analysis_event = AnalysisEvent::OFF_DOMAIN_INCLUSION_WHITELISTED;
+
+      } else {
+        UMA_HISTOGRAM_ENUMERATION("SBOffDomainInclusion.Suspicious",
+                                  resource_type,
+                                  content::RESOURCE_TYPE_LAST_TYPE);
+        analysis_event = AnalysisEvent::OFF_DOMAIN_INCLUSION_SUSPICIOUS;
+      }
     }
   }