Commonly spoofed domains should be suffix of saved passwords domains

Commonly spoofed domains are mostly only raw domains
but the matching domains to the reuse saved passwords
are now eTLD+1. (i.e. login.live.com vs live.com).
Thus, the matching domains should either be equal
to the raw domains or have the suffix of "."
concatenated with the commonly spoofed domains. The
first part of this was  https://crrev.com/c/2133974.

Screenshot:
http://screen/xGQJbODneQe.png

Bug: 1067401,1069578
Change-Id: I3d50f768c7bd4c445cd050c286ec0c510e0c39c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2140623Reviewed-by: Varun Khaneja <vakh@chromium.org>
Commit-Queue: Bettina Dea <bdea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#758358}

chrome/browser/safe_browsing/chrome_password_protection_service.cc

@@ -5,12 +5,14 @@
 #include "chrome/browser/safe_browsing/chrome_password_protection_service.h"
 
 #include <memory>
+#include <string>
 
 #include "base/bind.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
@@ -1056,12 +1058,33 @@ ChromePasswordProtectionService::GetPlaceholdersForSavedPasswordWarningText()
   const std::list<std::string>& spoofed_domains = common_spoofed_domains();
 
   // Show most commonly spoofed domains first.
+  // This looks through the top priority spoofed domains and then checks to see
+  // if it's in the matching domains.
   std::vector<base::string16> placeholders;
   for (auto priority_domain_iter = spoofed_domains.begin();
        priority_domain_iter != spoofed_domains.end(); ++priority_domain_iter) {
-    if (std::find(matching_domains.begin(), matching_domains.end(),
-                  *priority_domain_iter) != matching_domains.end()) {
-      placeholders.push_back(base::UTF8ToUTF16(*priority_domain_iter));
+    std::string matching_domain = "";
+
+    // Check if any of the matching domains is equal or a suffix to the current
+    // priority domain.
+    if (std::find_if(matching_domains.begin(), matching_domains.end(),
+                     [priority_domain_iter,
+                      &matching_domain](const std::string& domain) {
+                       // Assigns the matching_domain to add into the priority
+                       // placeholders. This value is only used if the return
+                       // value of this function is true.
+                       matching_domain = domain;
+                       const base::StringPiece domainStringPiece(domain);
+                       // Checks for two cases:
+                       // 1. if the matching domain is equal to the current
+                       // priority domain or
+                       // 2. if "," + the current priority is a suffix of the
+                       // matching domain The second case covers eTLD+1.
+                       return (domain == *priority_domain_iter) ||
+                              domainStringPiece.ends_with(
+                                  "." + *priority_domain_iter);
+                     }) != matching_domains.end()) {
+      placeholders.push_back(base::UTF8ToUTF16(matching_domain));
     }
   }
 

chrome/browser/safe_browsing/chrome_password_protection_service_unittest.cc

@@ -1315,11 +1315,11 @@ TEST_F(ChromePasswordProtectionServiceTest,
 
   // Default domains should be prioritzed over other domains.
   placeholder_offsets.clear();
-  domains.push_back("amazon.com");
+  domains.push_back("yahoo.com");
   service_->set_saved_passwords_matching_domains(domains);
   warning_text = l10n_util::GetStringFUTF16(
       IDS_PAGE_INFO_CHANGE_PASSWORD_DETAILS_SAVED_3_DOMAINS,
-      base::UTF8ToUTF16("amazon.com"), base::UTF8ToUTF16(domains[0]),
+      base::UTF8ToUTF16("yahoo.com"), base::UTF8ToUTF16(domains[0]),
       base::UTF8ToUTF16(domains[1]));
   EXPECT_EQ(warning_text, service_->GetWarningDetailText(reused_password_type,
                                                          &placeholder_offsets));
@@ -1327,6 +1327,22 @@ TEST_F(ChromePasswordProtectionServiceTest,
   service_->GetWarningDetailTextForSavedPasswords(
       &expected_placeholder_offsets);
   EXPECT_EQ(expected_placeholder_offsets, placeholder_offsets);
+
+  // Matching domains that have a suffix of a default domains should be
+  // prioritzed over other non common spoofed domains.
+  placeholder_offsets.clear();
+  domains.push_back("login.amazon.com");
+  service_->set_saved_passwords_matching_domains(domains);
+  warning_text = l10n_util::GetStringFUTF16(
+      IDS_PAGE_INFO_CHANGE_PASSWORD_DETAILS_SAVED_3_DOMAINS,
+      base::UTF8ToUTF16("yahoo.com"), base::UTF8ToUTF16("login.amazon.com"),
+      base::UTF8ToUTF16(domains[0]));
+  EXPECT_EQ(warning_text, service_->GetWarningDetailText(reused_password_type,
+                                                         &placeholder_offsets));
+  expected_placeholder_offsets.clear();
+  service_->GetWarningDetailTextForSavedPasswords(
+      &expected_placeholder_offsets);
+  EXPECT_EQ(expected_placeholder_offsets, placeholder_offsets);
 }
 
 TEST_F(ChromePasswordProtectionServiceTest,