Update reporting of kKeyUnscannedFileEvent to include kKeyEventResult.

Bug: 1088131
Change-Id: I89a6daac836f7576c6819e3927cf3ab9652c920d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2288811
Commit-Queue: Roger Tawa <rogerta@chromium.org>
Reviewed-by: Dominique Fauteux-Chapleau <domfc@chromium.org>
Reviewed-by: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#787930}

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc

@@ -142,6 +142,7 @@ const char SafeBrowsingPrivateEventRouter::kKeyThreatType[] = "threatType";
 const char SafeBrowsingPrivateEventRouter::kKeyContentType[] = "contentType";
 const char SafeBrowsingPrivateEventRouter::kKeyContentSize[] = "contentSize";
 const char SafeBrowsingPrivateEventRouter::kKeyTrigger[] = "trigger";
+const char SafeBrowsingPrivateEventRouter::kKeyEventResult[] = "result";
 
 const char SafeBrowsingPrivateEventRouter::kKeyPasswordReuseEvent[] =
     "passwordReuseEvent";
@@ -555,7 +556,8 @@ void SafeBrowsingPrivateEventRouter::OnUnscannedFileEvent(
     const std::string& trigger,
     safe_browsing::DeepScanAccessPoint access_point,
     const std::string& reason,
-    const int64_t content_size) {
+    const int64_t content_size,
+    safe_browsing::EventResult event_result) {
   if (!IsRealtimeReportingEnabled())
     return;
 
@@ -567,7 +569,8 @@ void SafeBrowsingPrivateEventRouter::OnUnscannedFileEvent(
              const std::string& profile_user_name, const std::string& mime_type,
              const std::string& trigger,
              safe_browsing::DeepScanAccessPoint access_point,
-             const std::string& reason, const int64_t content_size) {
+             const std::string& reason, const int64_t content_size,
+             safe_browsing::EventResult event_result) {
             // Create a real-time event dictionary from the arguments and
             // report it.
             base::Value event(base::Value::Type::DICTIONARY);
@@ -583,10 +586,14 @@ void SafeBrowsingPrivateEventRouter::OnUnscannedFileEvent(
             if (content_size >= 0)
               event.SetIntKey(kKeyContentSize, content_size);
             event.SetStringKey(kKeyTrigger, trigger);
+            event.SetStringKey(
+                kKeyEventResult,
+                safe_browsing::EventResultToString(event_result));
             return event;
           },
           url.spec(), file_name, download_digest_sha256, GetProfileUserName(),
-          mime_type, trigger, access_point, reason, content_size));
+          mime_type, trigger, access_point, reason, content_size,
+          event_result));
 }
 
 void SafeBrowsingPrivateEventRouter::OnDangerousDownloadWarning(

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h

@@ -13,6 +13,7 @@
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "base/values.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/keyed_service/core/keyed_service.h"
 
 namespace content {
@@ -77,6 +78,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
   static const char kKeyContentType[];
   static const char kKeyContentSize[];
   static const char kKeyTrigger[];
+  static const char kKeyEventResult[];
 
   static const char kKeyPasswordReuseEvent[];
   static const char kKeyPasswordChangedEvent[];
@@ -152,7 +154,8 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
                             const std::string& trigger,
                             safe_browsing::DeepScanAccessPoint access_point,
                             const std::string& reason,
-                            const int64_t content_size);
+                            const int64_t content_size,
+                            safe_browsing::EventResult event_result);
 
   // Notifies listeners that the user saw a download warning.
   // - |url| is the download URL

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc

@@ -208,14 +208,14 @@ class SafeBrowsingPrivateEventRouterTest : public testing::Test {
             safe_browsing::DeepScanAccessPoint::UPLOAD, result, 12345);
   }
 
-  void TriggerOnUnscannedFileEvent() {
+  void TriggerOnUnscannedFileEvent(safe_browsing::EventResult result) {
     SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
         ->OnUnscannedFileEvent(
             GURL("https://evil.com/sensitive_data.txt"), "sensitive_data.txt",
             "sha256_of_data", "text/plain",
             SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
             safe_browsing::DeepScanAccessPoint::DOWNLOAD,
-            "filePasswordProtected", 12345);
+            "filePasswordProtected", 12345, result);
   }
 
   void SetReportingPolicy(bool enabled) {
@@ -741,14 +741,14 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnSensitiveDataEvent) {
                 SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleName));
 }
 
-TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
+TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent_Allowed) {
   SetUpRouters(/*realtime_reporting_enable=*/true, /*authorized=*/true);
 
   base::Value report;
   EXPECT_CALL(*client_, UploadRealtimeReport_(_, _))
       .WillOnce(CaptureArg(&report));
 
-  TriggerOnUnscannedFileEvent();
+  TriggerOnUnscannedFileEvent(safe_browsing::EventResult::ALLOWED);
   base::RunLoop().RunUntilIdle();
 
   Mock::VerifyAndClearExpectations(client_.get());
@@ -780,6 +780,53 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
   EXPECT_EQ("filePasswordProtected",
             *event->FindStringKey(
                 SafeBrowsingPrivateEventRouter::kKeyUnscannedReason));
+  EXPECT_EQ(
+      EventResultToString(safe_browsing::EventResult::ALLOWED),
+      *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyEventResult));
+}
+
+TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent_Blocked) {
+  SetUpRouters(/*realtime_reporting_enable=*/true, /*authorized=*/true);
+
+  base::Value report;
+  EXPECT_CALL(*client_, UploadRealtimeReport_(_, _))
+      .WillOnce(CaptureArg(&report));
+
+  TriggerOnUnscannedFileEvent(safe_browsing::EventResult::BLOCKED);
+  base::RunLoop().RunUntilIdle();
+
+  Mock::VerifyAndClearExpectations(client_.get());
+  EXPECT_EQ(base::Value::Type::DICTIONARY, report.type());
+  base::Value* event_list =
+      report.FindKey(policy::RealtimeReportingJobConfiguration::kEventListKey);
+  ASSERT_NE(nullptr, event_list);
+  EXPECT_EQ(base::Value::Type::LIST, event_list->type());
+  base::Value::ListView mutable_list = event_list->GetList();
+  ASSERT_EQ(1, (int)mutable_list.size());
+  base::Value wrapper = std::move(mutable_list[0]);
+  EXPECT_EQ(base::Value::Type::DICTIONARY, wrapper.type());
+  base::Value* event =
+      wrapper.FindKey(SafeBrowsingPrivateEventRouter::kKeyUnscannedFileEvent);
+  ASSERT_NE(nullptr, event);
+
+  EXPECT_EQ(12345, *event->FindIntKey(
+                       SafeBrowsingPrivateEventRouter::kKeyContentSize));
+  EXPECT_EQ("text/plain", *event->FindStringKey(
+                              SafeBrowsingPrivateEventRouter::kKeyContentType));
+  EXPECT_EQ("sha256_of_data",
+            *event->FindStringKey(
+                SafeBrowsingPrivateEventRouter::kKeyDownloadDigestSha256));
+  EXPECT_EQ(
+      "sensitive_data.txt",
+      *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyFileName));
+  EXPECT_EQ(SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyTrigger));
+  EXPECT_EQ("filePasswordProtected",
+            *event->FindStringKey(
+                SafeBrowsingPrivateEventRouter::kKeyUnscannedReason));
+  EXPECT_EQ(
+      EventResultToString(safe_browsing::EventResult::BLOCKED),
+      *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyEventResult));
 }
 
 TEST_F(SafeBrowsingPrivateEventRouterTest, TestProfileUsername) {

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate.cc

@@ -191,6 +191,11 @@ bool* UIEnabledStorage() {
   return &enabled;
 }
 
+EventResult CalculateEventResult(bool allowed, bool should_warn) {
+  return allowed ? EventResult::ALLOWED
+                 : (should_warn ? EventResult::WARNED : EventResult::BLOCKED);
+}
+
 }  // namespace
 
 DeepScanningDialogDelegate::Data::Data() = default;
@@ -474,21 +479,23 @@ void DeepScanningDialogDelegate::StringRequestCallback(
                         base::TimeTicks::Now() - upload_start_time_,
                         content_size, result, response);
 
-  MaybeReportDeepScanningVerdict(
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
-      web_contents_->GetLastCommittedURL(), "Text data", std::string(),
-      "text/plain",
-      extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      access_point_, content_size, result, response);
-
   text_request_complete_ = true;
   bool text_complies = ResultShouldAllowDataUse(result, data_.settings) &&
                        DlpVerdictAllowsDataUse(response.dlp_scan_verdict());
+  bool should_warn = ShouldShowWarning(response.dlp_scan_verdict());
   std::fill(result_.text_results.begin(), result_.text_results.end(),
             text_complies);
 
+  MaybeReportDeepScanningVerdict(
+      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
+      web_contents_->GetLastCommittedURL(), "Text data", std::string(),
+      "text/plain",
+      extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
+      access_point_, content_size, result, response,
+      CalculateEventResult(text_complies, should_warn));
+
   if (!text_complies) {
-    if (ShouldShowWarning(response.dlp_scan_verdict())) {
+    if (should_warn) {
       text_warning_ = true;
       text_response_ = std::move(response);
       UpdateFinalResult(DeepScanningFinalResult::WARNING);
@@ -510,23 +517,26 @@ void DeepScanningDialogDelegate::ConnectorStringRequestCallback(
                         base::TimeTicks::Now() - upload_start_time_,
                         content_size, result, response);
 
-  MaybeReportDeepScanningVerdict(
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
-      web_contents_->GetLastCommittedURL(), "Text data", std::string(),
-      "text/plain",
-      extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      access_point_, content_size, result, response);
-
   text_request_complete_ = true;
   auto action = enterprise_connectors::GetHighestPrecedenceAction(response);
   bool text_complies = ResultShouldAllowDataUse(result, data_.settings) &&
                        ContentAnalysisActionAllowsDataUse(action);
+  bool should_warn = action == enterprise_connectors::ContentAnalysisResponse::
+                                   Result::TriggeredRule::WARN;
+
   std::fill(result_.text_results.begin(), result_.text_results.end(),
             text_complies);
 
+  MaybeReportDeepScanningVerdict(
+      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
+      web_contents_->GetLastCommittedURL(), "Text data", std::string(),
+      "text/plain",
+      extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
+      access_point_, content_size, result, response,
+      CalculateEventResult(text_complies, should_warn));
+
   if (!text_complies) {
-    if (action == enterprise_connectors::ContentAnalysisResponse::Result::
-                      TriggeredRule::WARN) {
+    if (should_warn) {
       text_warning_ = true;
       content_analysis_text_response_ = std::move(response);
       UpdateFinalResult(DeepScanningFinalResult::WARNING);
@@ -545,12 +555,6 @@ void DeepScanningDialogDelegate::CompleteFileRequestCallback(
     DeepScanningClientResponse response,
     std::string mime_type) {
   file_info_[index].mime_type = mime_type;
-  MaybeReportDeepScanningVerdict(
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
-      web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
-      file_info_[index].sha256, mime_type,
-      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      access_point_, file_info_[index].size, result, response);
 
   bool dlp_ok = DlpVerdictAllowsDataUse(response.dlp_scan_verdict());
   bool malware_ok = true;
@@ -561,8 +565,17 @@ void DeepScanningDialogDelegate::CompleteFileRequestCallback(
 
   bool file_complies =
       ResultShouldAllowDataUse(result, data_.settings) && dlp_ok && malware_ok;
+  bool should_warn = ShouldShowWarning(response.dlp_scan_verdict());
   result_.paths_results[index] = file_complies;
 
+  MaybeReportDeepScanningVerdict(
+      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
+      web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
+      file_info_[index].sha256, mime_type,
+      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
+      access_point_, file_info_[index].size, result, response,
+      CalculateEventResult(file_complies, should_warn));
+
   ++file_result_count_;
 
   if (!file_complies) {
@@ -570,7 +583,7 @@ void DeepScanningDialogDelegate::CompleteFileRequestCallback(
       UpdateFinalResult(DeepScanningFinalResult::LARGE_FILES);
     } else if (result == BinaryUploadService::Result::FILE_ENCRYPTED) {
       UpdateFinalResult(DeepScanningFinalResult::ENCRYPTED_FILES);
-    } else if (ShouldShowWarning(response.dlp_scan_verdict())) {
+    } else if (should_warn) {
       file_warnings_[index] = std::move(response);
       UpdateFinalResult(DeepScanningFinalResult::WARNING);
     } else {
@@ -588,18 +601,22 @@ void DeepScanningDialogDelegate::CompleteConnectorFileRequestCallback(
     enterprise_connectors::ContentAnalysisResponse response,
     std::string mime_type) {
   file_info_[index].mime_type = mime_type;
-  MaybeReportDeepScanningVerdict(
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
-      web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
-      file_info_[index].sha256, mime_type,
-      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      access_point_, file_info_[index].size, result, response);
 
   auto action = GetHighestPrecedenceAction(response);
   bool file_complies = ResultShouldAllowDataUse(result, data_.settings) &&
                        ContentAnalysisActionAllowsDataUse(action);
+  bool should_warn = action == enterprise_connectors::ContentAnalysisResponse::
+                                   Result::TriggeredRule::WARN;
   result_.paths_results[index] = file_complies;
 
+  MaybeReportDeepScanningVerdict(
+      Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
+      web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
+      file_info_[index].sha256, mime_type,
+      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
+      access_point_, file_info_[index].size, result, response,
+      CalculateEventResult(file_complies, should_warn));
+
   ++file_result_count_;
 
   if (!file_complies) {
@@ -607,8 +624,7 @@ void DeepScanningDialogDelegate::CompleteConnectorFileRequestCallback(
       UpdateFinalResult(DeepScanningFinalResult::LARGE_FILES);
     } else if (result == BinaryUploadService::Result::FILE_ENCRYPTED) {
       UpdateFinalResult(DeepScanningFinalResult::ENCRYPTED_FILES);
-    } else if (action == enterprise_connectors::ContentAnalysisResponse::
-                             Result::TriggeredRule::WARN) {
+    } else if (should_warn) {
       content_analysis_file_warnings_[index] = std::move(response);
       UpdateFinalResult(DeepScanningFinalResult::WARNING);
     } else {

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate_browsertest.cc

@@ -629,7 +629,11 @@ IN_PROC_BROWSER_TEST_P(
       /*reason*/ "FILE_PASSWORD_PROTECTED",
       /*mimetypes*/ ZipMimeTypes(),
       // du chrome/test/data/safe_browsing/download_protection/encrypted.zip -b
-      /*size*/ 20015);
+      /*size*/ 20015,
+      /*result*/
+      expected_result()
+          ? EventResultToString(safe_browsing::EventResult::ALLOWED)
+          : EventResultToString(safe_browsing::EventResult::BLOCKED));
 
   // Start test.
   DeepScanningDialogDelegate::ShowForWebContents(
@@ -721,7 +725,11 @@ IN_PROC_BROWSER_TEST_P(
       /*trigger*/ SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
       /*reason*/ "DLP_SCAN_UNSUPPORTED_FILE_TYPE",
       /*mimetype*/ ShellScriptMimeTypes(),
-      /*size*/ std::string("file content").size());
+      /*size*/ std::string("file content").size(),
+      /*result*/
+      expected_result()
+          ? EventResultToString(safe_browsing::EventResult::ALLOWED)
+          : EventResultToString(safe_browsing::EventResult::BLOCKED));
 
   bool called = false;
   base::RunLoop run_loop;
@@ -822,7 +830,11 @@ IN_PROC_BROWSER_TEST_P(
       /*trigger*/ SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
       /*reason*/ "FILE_TOO_LARGE",
       /*mimetypes*/ DocMimeTypes(),
-      /*size*/ BinaryUploadService::kMaxUploadSizeBytes + 1);
+      /*size*/ BinaryUploadService::kMaxUploadSizeBytes + 1,
+      /*result*/
+      expected_result()
+          ? EventResultToString(safe_browsing::EventResult::ALLOWED)
+          : EventResultToString(safe_browsing::EventResult::BLOCKED));
 
   bool called = false;
   base::RunLoop run_loop;

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.cc

@@ -139,7 +139,8 @@ void EventReportValidator::ExpectUnscannedFileEvent(
     const std::string& expected_trigger,
     const std::string& expected_reason,
     const std::set<std::string>* expected_mimetypes,
-    int expected_content_size) {
+    int expected_content_size,
+    const std::string& expected_result) {
   event_key_ = SafeBrowsingPrivateEventRouter::kKeyUnscannedFileEvent;
   url_ = expected_url;
   filename_ = expected_filename;
@@ -148,6 +149,7 @@ void EventReportValidator::ExpectUnscannedFileEvent(
   trigger_ = expected_trigger;
   unscanned_reason_ = expected_reason;
   content_size_ = expected_content_size;
+  result_ = expected_result;
   EXPECT_CALL(*client_, UploadRealtimeReport_(_, _))
       .WillOnce([this](base::Value& report,
                        base::OnceCallback<void(bool)>& callback) {
@@ -270,6 +272,8 @@ void EventReportValidator::ValidateReport(base::Value* report) {
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyTrigger, trigger_);
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyContentSize,
                 content_size_);
+  ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyEventResult,
+                result_);
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyThreatType,
                 threat_type_);
   ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyUnscannedReason,

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h

@@ -67,7 +67,8 @@ class EventReportValidator {
                                 const std::string& expected_trigger,
                                 const std::string& expected_reason,
                                 const std::set<std::string>* expected_mimetypes,
-                                int expected_content_size);
+                                int expected_content_size,
+                                const std::string& expected_result);
 
   // Closure to run once all expected events are validated.
   void SetDoneClosure(base::RepeatingClosure closure);
@@ -101,6 +102,7 @@ class EventReportValidator {
   base::Optional<bool> clicked_through_ = base::nullopt;
   base::Optional<int> content_size_ = base::nullopt;
   const std::set<std::string>* mimetypes_ = nullptr;
+  base::Optional<std::string> result_ = base::nullopt;
 
   base::RepeatingClosure done_closure_;
 };

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.cc

@@ -68,17 +68,17 @@ ContentAnalysisScanResult::~ContentAnalysisScanResult() = default;
 ContentAnalysisScanResult& ContentAnalysisScanResult::operator=(
     const ContentAnalysisScanResult& other) = default;
 
-void MaybeReportDeepScanningVerdict(
-    Profile* profile,
-    const GURL& url,
-    const std::string& file_name,
-    const std::string& download_digest_sha256,
-    const std::string& mime_type,
-    const std::string& trigger,
-    DeepScanAccessPoint access_point,
-    const int64_t content_size,
-    BinaryUploadService::Result result,
-    const DeepScanningClientResponse& response) {
+void MaybeReportDeepScanningVerdict(Profile* profile,
+                                    const GURL& url,
+                                    const std::string& file_name,
+                                    const std::string& download_digest_sha256,
+                                    const std::string& mime_type,
+                                    const std::string& trigger,
+                                    DeepScanAccessPoint access_point,
+                                    const int64_t content_size,
+                                    BinaryUploadService::Result result,
+                                    const DeepScanningClientResponse& response,
+                                    EventResult event_result) {
   DCHECK(std::all_of(download_digest_sha256.begin(),
                      download_digest_sha256.end(), [](const char& c) {
                        return (c >= '0' && c <= '9') ||
@@ -90,7 +90,7 @@ void MaybeReportDeepScanningVerdict(
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
         ->OnUnscannedFileEvent(url, file_name, download_digest_sha256,
                                mime_type, trigger, access_point,
-                               unscanned_reason, content_size);
+                               unscanned_reason, content_size, event_result);
   }
 
   if (result != BinaryUploadService::Result::SUCCESS)
@@ -100,9 +100,9 @@ void MaybeReportDeepScanningVerdict(
       response.malware_scan_verdict().verdict() ==
           MalwareDeepScanningVerdict::SCAN_FAILURE) {
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
-        ->OnUnscannedFileEvent(url, file_name, download_digest_sha256,
-                               mime_type, trigger, access_point,
-                               "MALWARE_SCAN_FAILED", content_size);
+        ->OnUnscannedFileEvent(
+            url, file_name, download_digest_sha256, mime_type, trigger,
+            access_point, "MALWARE_SCAN_FAILED", content_size, event_result);
   }
 
   if (response.has_dlp_scan_verdict() &&
@@ -110,7 +110,7 @@ void MaybeReportDeepScanningVerdict(
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
         ->OnUnscannedFileEvent(url, file_name, download_digest_sha256,
                                mime_type, trigger, access_point,
-                               "DLP_SCAN_FAILED", content_size);
+                               "DLP_SCAN_FAILED", content_size, event_result);
   }
 
   if (response.malware_scan_verdict().verdict() ==
@@ -147,7 +147,8 @@ void MaybeReportDeepScanningVerdict(
     DeepScanAccessPoint access_point,
     const int64_t content_size,
     BinaryUploadService::Result result,
-    const enterprise_connectors::ContentAnalysisResponse& response) {
+    const enterprise_connectors::ContentAnalysisResponse& response,
+    EventResult event_result) {
   DCHECK(std::all_of(download_digest_sha256.begin(),
                      download_digest_sha256.end(), [](const char& c) {
                        return (c >= '0' && c <= '9') ||
@@ -159,7 +160,7 @@ void MaybeReportDeepScanningVerdict(
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
         ->OnUnscannedFileEvent(url, file_name, download_digest_sha256,
                                mime_type, trigger, access_point,
-                               unscanned_reason, content_size);
+                               unscanned_reason, content_size, event_result);
   }
 
   if (result != BinaryUploadService::Result::SUCCESS)
@@ -171,7 +172,8 @@ void MaybeReportDeepScanningVerdict(
       extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
           ->OnUnscannedFileEvent(url, file_name, download_digest_sha256,
                                  mime_type, trigger, access_point,
-                                 "ANALYSIS_CONNECTOR_FAILED", content_size);
+                                 "ANALYSIS_CONNECTOR_FAILED", content_size,
+                                 event_result);
     } else if (result.triggered_rules_size() > 0) {
       extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
           ->OnAnalysisConnectorResult(url, file_name, download_digest_sha256,
@@ -228,6 +230,23 @@ void ReportAnalysisConnectorWarningBypass(
   }
 }
 
+std::string EventResultToString(EventResult result) {
+  switch (result) {
+    case EventResult::UNKNOWN:
+      return "EVENT_RESULT_UNKNOWN";
+    case EventResult::ALLOWED:
+      return "EVENT_RESULT_ALLOWED";
+    case EventResult::WARNED:
+      return "EVENT_RESULT_WARNED";
+    case EventResult::BLOCKED:
+      return "EVENT_RESULT_BLOCKED";
+    case EventResult::BYPASSED:
+      return "EVENT_RESULT_BYPASSED";
+  }
+  NOTREACHED();
+  return "";
+}
+
 std::string DeepScanAccessPointToString(DeepScanAccessPoint access_point) {
   switch (access_point) {
     case DeepScanAccessPoint::DOWNLOAD:

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h

@@ -80,9 +80,30 @@ enum class DeepScanAccessPoint {
 };
 std::string DeepScanAccessPointToString(DeepScanAccessPoint access_point);
 
+// The resulting action that chrome performed in response to a scan request.
+// This maps to the event result in the real-time reporting.
+enum class EventResult {
+  UNKNOWN,
+
+  // The user was allowed to use the data without restriction.
+  ALLOWED,
+
+  // The user was allowed to use the data but was warned that it may violate
+  // enterprise rules.
+  WARNED,
+
+  // The user was not allowed to use the data.
+  BLOCKED,
+
+  // The user has chosen to use the data even though it violated enterprise
+  // rules.
+  BYPASSED,
+};
+
 // Helper function to examine a DeepScanningClientResponse and report the
 // appropriate events to the enterprise admin. |download_digest_sha256| must be
-// encoded using base::HexEncode.
+// encoded using base::HexEncode.  |event_result| indicates whether the user was
+// ultimately allowed to access the text or file.
 void MaybeReportDeepScanningVerdict(Profile* profile,
                                     const GURL& url,
                                     const std::string& file_name,
@@ -92,11 +113,13 @@ void MaybeReportDeepScanningVerdict(Profile* profile,
                                     DeepScanAccessPoint access_point,
                                     const int64_t content_size,
                                     BinaryUploadService::Result result,
-                                    const DeepScanningClientResponse& response);
+                                    const DeepScanningClientResponse& response,
+                                    EventResult event_result);
 
 // Helper function to examine a ContentAnalysisResponse and report the
 // appropriate events to the enterprise admin. |download_digest_sha256| must be
-// encoded using base::HexEncode.
+// encoded using base::HexEncode.  |event_result| indicates whether the user was
+// ultimately allowed to access the text or file.
 void MaybeReportDeepScanningVerdict(
     Profile* profile,
     const GURL& url,
@@ -107,7 +130,8 @@ void MaybeReportDeepScanningVerdict(
     DeepScanAccessPoint access_point,
     const int64_t content_size,
     BinaryUploadService::Result result,
-    const enterprise_connectors::ContentAnalysisResponse& response);
+    const enterprise_connectors::ContentAnalysisResponse& response,
+    EventResult event_result);
 
 // Helper function to report the user bypassed a warning to the enterprise
 // admin. This is split from MaybeReportDeepScanningVerdict since it happens
@@ -164,6 +188,10 @@ DeepScanningClientResponse SimpleDeepScanningClientResponseForTesting(
     base::Optional<bool> dlp_success,
     base::Optional<bool> malware_success);
 
+// Helper function to convert a EventResult to a string that.  The format of
+// string returned is processed by the sever.
+std::string EventResultToString(EventResult result);
+
 // Helper function to convert a BinaryUploadService::Result to a CamelCase
 // string.
 std::string BinaryUploadServiceResultToString(

chrome/browser/safe_browsing/download_protection/deep_scanning_request.cc

@@ -384,19 +384,6 @@ void DeepScanningRequest::OnScanComplete(BinaryUploadService::Result result,
       /*duration=*/base::TimeTicks::Now() - upload_start_time_,
       /*total_size=*/item_->GetTotalBytes(), /*result=*/result,
       /*response=*/response);
-  Profile* profile = Profile::FromBrowserContext(
-      content::DownloadItemUtils::GetBrowserContext(item_));
-  if (profile && trigger_ == DeepScanTrigger::TRIGGER_POLICY) {
-    std::string raw_digest_sha256 = item_->GetHash();
-    MaybeReportDeepScanningVerdict(
-        profile, item_->GetURL(), item_->GetTargetFilePath().AsUTF8Unsafe(),
-        base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
-        item_->GetMimeType(),
-        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        DeepScanAccessPoint::DOWNLOAD, item_->GetTotalBytes(), result,
-        response);
-  }
-
   DownloadCheckResult download_result = DownloadCheckResult::UNKNOWN;
   if (result == BinaryUploadService::Result::SUCCESS) {
     ResponseToDownloadCheckResult(response, &download_result);
@@ -422,6 +409,49 @@ void DeepScanningRequest::OnScanComplete(BinaryUploadService::Result result,
       download_result = DownloadCheckResult::BLOCKED_UNSUPPORTED_FILE_TYPE;
   }
 
+  // Determine if the user is allowed to access the downloaded file.
+  EventResult event_result = EventResult::UNKNOWN;
+  switch (download_result) {
+    case DownloadCheckResult::UNKNOWN:
+    case DownloadCheckResult::SAFE:
+    case DownloadCheckResult::WHITELISTED_BY_POLICY:
+    case DownloadCheckResult::DEEP_SCANNED_SAFE:
+      event_result = EventResult::ALLOWED;
+      break;
+
+    case DownloadCheckResult::UNCOMMON:
+    case DownloadCheckResult::POTENTIALLY_UNWANTED:
+    case DownloadCheckResult::SENSITIVE_CONTENT_WARNING:
+    case DownloadCheckResult::DANGEROUS:
+    case DownloadCheckResult::DANGEROUS_HOST:
+      event_result = EventResult::WARNED;
+      break;
+
+    case DownloadCheckResult::BLOCKED_PASSWORD_PROTECTED:
+    case DownloadCheckResult::BLOCKED_TOO_LARGE:
+    case DownloadCheckResult::SENSITIVE_CONTENT_BLOCK:
+    case DownloadCheckResult::BLOCKED_UNSUPPORTED_FILE_TYPE:
+      event_result = EventResult::BLOCKED;
+      break;
+
+    default:
+      NOTREACHED() << "Should never be final result";
+      break;
+  }
+
+  Profile* profile = Profile::FromBrowserContext(
+      content::DownloadItemUtils::GetBrowserContext(item_));
+  if (profile && trigger_ == DeepScanTrigger::TRIGGER_POLICY) {
+    std::string raw_digest_sha256 = item_->GetHash();
+    MaybeReportDeepScanningVerdict(
+        profile, item_->GetURL(), item_->GetTargetFilePath().AsUTF8Unsafe(),
+        base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
+        item_->GetMimeType(),
+        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+        DeepScanAccessPoint::DOWNLOAD, item_->GetTotalBytes(), result, response,
+        event_result);
+  }
+
   FinishRequest(download_result);
 }
 

chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc

@@ -947,7 +947,9 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         /*reason*/
         use_legacy_policies() ? "DLP_SCAN_FAILED" : "ANALYSIS_CONNECTOR_FAILED",
         /*mimetypes*/ ExeMimeTypes(),
-        /*size*/ std::string("download contents").size());
+        /*size*/ std::string("download contents").size(),
+        /*result*/
+        EventResultToString(EventResult::ALLOWED));
 
     request.Start();
 
@@ -992,7 +994,9 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
         use_legacy_policies() ? "MALWARE_SCAN_FAILED"
                               : "ANALYSIS_CONNECTOR_FAILED",
         /*mimetypes*/ ExeMimeTypes(),
-        /*size*/ std::string("download contents").size());
+        /*size*/ std::string("download contents").size(),
+        /*result*/
+        EventResultToString(EventResult::ALLOWED));
 
     request.Start();