SafeBrowsing: add hardcoded malicious URLs

This adds three hardcoded URLs as part of the chrome://safe-browsing/
domain:

 * chrome://safe-browsing/match?type=malware
 * chrome://safe-browsing/match?type=phishing
 * chrome://safe-browsing/match?type=unwanted

These URLs will be needed by WebView for CTS testing the various Safe
Browsing APIs.

Bug: 709626
Test: browser_tests --gtest_filter=SafeBrowsingBlockingPage*HardcodedUrls*
Change-Id: I56d6557e6474feda6b036f04aa39a8ad92dcc4d1
Reviewed-on: https://chromium-review.googlesource.com/572765Reviewed-by: Varun Khaneja <vakh@chromium.org>
Commit-Queue: Nate Fischer <ntfschr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487305}

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

@@ -40,6 +40,7 @@
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/browser/threat_details.h"
 #include "components/safe_browsing/common/safe_browsing_prefs.h"
+#include "components/safe_browsing/web_ui/constants.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "components/safe_browsing_db/test_database_manager.h"
 #include "components/safe_browsing_db/util.h"
@@ -802,6 +803,31 @@ IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, RedirectCanceled) {
   EXPECT_TRUE(YesInterstitial());
 }
 
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, HardcodedUrls) {
+  const GURL urls[] = {GURL(kChromeUISafeBrowsingMatchMalwareUrl),
+                       GURL(kChromeUISafeBrowsingMatchPhishingUrl),
+                       GURL(kChromeUISafeBrowsingMatchUnwantedUrl)};
+
+  for (const GURL& url : urls) {
+    ui_test_utils::NavigateToURL(browser(), url);
+    EXPECT_TRUE(WaitForReady(browser()));
+
+    EXPECT_EQ(VISIBLE, GetVisibility("primary-button"));
+    EXPECT_EQ(HIDDEN, GetVisibility("details"));
+    EXPECT_EQ(HIDDEN, GetVisibility("proceed-link"));
+    EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+    EXPECT_TRUE(Click("details-button"));
+    EXPECT_EQ(VISIBLE, GetVisibility("details"));
+    EXPECT_EQ(VISIBLE, GetVisibility("proceed-link"));
+    EXPECT_EQ(HIDDEN, GetVisibility("error-code"));
+    EXPECT_TRUE(ClickAndWaitForDetach("primary-button"));
+
+    AssertNoInterstitial(false);          // Assert the interstitial is gone
+    EXPECT_EQ(GURL(url::kAboutBlankURL),  // Back to "about:blank"
+              browser()->tab_strip_model()->GetActiveWebContents()->GetURL());
+  }
+}
+
 IN_PROC_BROWSER_TEST_P(SafeBrowsingBlockingPageBrowserTest, DontProceed) {
   SetupWarningAndNavigate(browser());
 

components/safe_browsing/BUILD.gn

@@ -28,6 +28,7 @@ source_set("safe_browsing") {
     "//base:base",
     "//base:i18n",
     "//components/safe_browsing/common:safe_browsing_prefs",
+    "//components/safe_browsing/web_ui:constants",
     "//components/safe_browsing_db:database_manager",
     "//components/security_interstitials/core:core",
     "//content/public/browser:browser",

components/safe_browsing/base_resource_throttle.cc

@@ -10,6 +10,7 @@
 #include "base/trace_event/trace_event.h"
 #include "base/values.h"
 #include "components/safe_browsing/base_ui_manager.h"
+#include "components/safe_browsing/web_ui/constants.h"
 #include "components/safe_browsing_db/util.h"
 #include "components/security_interstitials/content/unsafe_resource.h"
 #include "content/public/browser/browser_thread.h"
@@ -349,6 +350,10 @@ bool BaseResourceThrottle::CheckUrl(const GURL& url) {
   UMA_HISTOGRAM_ENUMERATION("SB2.ResourceTypes2.Checked", resource_type_,
                             content::RESOURCE_TYPE_LAST_TYPE);
 
+  if (CheckWebUIUrls(url)) {
+    return false;
+  }
+
   if (database_manager_->CheckBrowseUrl(url, threat_types_, this)) {
     threat_type_ = SB_THREAT_TYPE_SAFE;
     ui_manager_->LogPauseDelay(base::TimeDelta());  // No delay.
@@ -369,6 +374,28 @@ bool BaseResourceThrottle::CheckUrl(const GURL& url) {
   return false;
 }
 
+bool BaseResourceThrottle::CheckWebUIUrls(const GURL& url) {
+  DCHECK(threat_type_ == safe_browsing::SB_THREAT_TYPE_SAFE);
+  if (url == kChromeUISafeBrowsingMatchMalwareUrl) {
+    threat_type_ = safe_browsing::SB_THREAT_TYPE_URL_MALWARE;
+  } else if (url == kChromeUISafeBrowsingMatchPhishingUrl) {
+    threat_type_ = safe_browsing::SB_THREAT_TYPE_URL_PHISHING;
+  } else if (url == kChromeUISafeBrowsingMatchUnwantedUrl) {
+    threat_type_ = safe_browsing::SB_THREAT_TYPE_URL_UNWANTED;
+  }
+
+  if (threat_type_ != safe_browsing::SB_THREAT_TYPE_SAFE) {
+    state_ = STATE_CHECKING_URL;
+    url_being_checked_ = url;
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&BaseResourceThrottle::OnCheckBrowseUrlResult, AsWeakPtr(),
+                   url, threat_type_, ThreatMetadata()));
+    return true;
+  }
+  return false;
+}
+
 void BaseResourceThrottle::OnCheckUrlTimeout() {
   CHECK_EQ(state_, STATE_CHECKING_URL);
 

components/safe_browsing/base_resource_throttle.h

@@ -129,6 +129,11 @@ class BaseResourceThrottle
     DEFERRED_PROCESSING,
   };
 
+  // Checks if |url| is one of the hardcoded WebUI match URLs. Returns true if
+  // the URL is one of the hardcoded URLs and will post a task to
+  // OnCheckBrowseUrlResult.
+  bool CheckWebUIUrls(const GURL& url);
+
   scoped_refptr<BaseUIManager> ui_manager_;
 
   // Starts running |url| through the safe browsing check. Returns true if the

components/safe_browsing/web_ui/constants.cc

@@ -10,5 +10,11 @@ const char kChromeUISafeBrowsingURL[] = "chrome://safe-browsing/";
 const char kChromeUISafeBrowsingHost[] = "safe-browsing";
 const char kSbUnderConstruction[] =
     "The safe browsing page is under construction.";
+extern const char kChromeUISafeBrowsingMatchMalwareUrl[] =
+    "chrome://safe-browsing/match?type=malware";
+extern const char kChromeUISafeBrowsingMatchPhishingUrl[] =
+    "chrome://safe-browsing/match?type=phishing";
+extern const char kChromeUISafeBrowsingMatchUnwantedUrl[] =
+    "chrome://safe-browsing/match?type=unwanted";
 
 }  // namespace safe_browsing

components/safe_browsing/web_ui/constants.h

@@ -10,6 +10,9 @@ namespace safe_browsing {
 extern const char kChromeUISafeBrowsingURL[];
 extern const char kChromeUISafeBrowsingHost[];
 extern const char kSbUnderConstruction[];
+extern const char kChromeUISafeBrowsingMatchMalwareUrl[];
+extern const char kChromeUISafeBrowsingMatchPhishingUrl[];
+extern const char kChromeUISafeBrowsingMatchUnwantedUrl[];
 
 }  // namespace safe_browsing