Skip invalid URL in PasswordCSVReader

If a CSV file contains a record with an invalid URL (such as ":") in the 'url'
column, such record should be skipped.

Bug: 786937
Change-Id: I59a6d85fd6ed099332b09d960784ad22190b94e3
Reviewed-on: https://chromium-review.googlesource.com/781919Reviewed-by: Christos Froussios <cfroussios@chromium.org>
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#518331}

components/password_manager/core/browser/import/password_csv_reader.cc

@@ -103,6 +103,8 @@ bool PasswordCSVReader::RecordToPasswordForm(
     return false;
   }
   origin = GURL(origin_in_record->second);
+  if (!origin.is_valid())
+    return false;
 
   base::string16 username_value;
   auto username_in_record = record.find(username_field_name_);

components/password_manager/core/browser/import/password_csv_reader_unittest.cc

@@ -122,4 +122,23 @@ TEST(PasswordCSVReaderTest, DeserializePasswords_NonASCIIUrl) {
   EXPECT_EQ(base::UTF8ToUTF16("password"), passwords[0].password_value);
 }
 
+// If the URL is invalid, the record should be rejected.
+TEST(PasswordCSVReaderTest, DeserializePasswords_InvalidUrl) {
+  const char kCSVInput[] =
+      ",url,user,password\n"
+      ",:,,\n"
+      ",https://example.com/,user,password\n";
+  std::vector<autofill::PasswordForm> passwords;
+  PasswordCSVReader reader;
+  EXPECT_EQ(PasswordImporter::SUCCESS,
+            reader.DeserializePasswords(kCSVInput, &passwords));
+  // The first record should be ignored, the second imported.
+  EXPECT_EQ(1u, passwords.size());
+  GURL expected_origin("https://example.com");
+  EXPECT_EQ(expected_origin, passwords[0].origin);
+  EXPECT_EQ(expected_origin.GetOrigin().spec(), passwords[0].signon_realm);
+  EXPECT_EQ(base::UTF8ToUTF16("user"), passwords[0].username_value);
+  EXPECT_EQ(base::UTF8ToUTF16("password"), passwords[0].password_value);
+}
+
 }  // namespace password_manager