Add fields for threat insights

This adds fields in ContentAnalysisResponse::Result for malware_family
and malware_category, and corresponding fields in reporting events.

This should be removed once a better propagation for this info is
agreed upon.

Bug: 1147036
Change-Id: I0a74882830d5c4799fd5007e4aa3a8cee30178eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2526163Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825391}

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc

@@ -132,6 +132,10 @@ const char SafeBrowsingPrivateEventRouter::kKeyContentType[] = "contentType";
 const char SafeBrowsingPrivateEventRouter::kKeyContentSize[] = "contentSize";
 const char SafeBrowsingPrivateEventRouter::kKeyTrigger[] = "trigger";
 const char SafeBrowsingPrivateEventRouter::kKeyEventResult[] = "eventResult";
+const char SafeBrowsingPrivateEventRouter::kKeyMalwareFamily[] =
+    "malwareFamily";
+const char SafeBrowsingPrivateEventRouter::kKeyMalwareCategory[] =
+    "malwareCategory";
 
 const char SafeBrowsingPrivateEventRouter::kKeyPasswordReuseEvent[] =
     "passwordReuseEvent";
@@ -422,7 +426,8 @@ void SafeBrowsingPrivateEventRouter::OnAnalysisConnectorResult(
     OnDangerousDeepScanningResult(
         url, file_name, download_digest_sha256,
         MalwareRuleToThreatType(result.triggered_rules(0).rule_name()),
-        mime_type, trigger, content_size, event_result);
+        mime_type, trigger, content_size, event_result, result.malware_family(),
+        result.malware_category());
   } else if (result.tag() == "dlp") {
     OnSensitiveDataEvent(url, file_name, download_digest_sha256, mime_type,
                          trigger, result, content_size, event_result);
@@ -437,7 +442,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
     const std::string& mime_type,
     const std::string& trigger,
     const int64_t content_size,
-    safe_browsing::EventResult event_result) {
+    safe_browsing::EventResult event_result,
+    const std::string& malware_family,
+    const std::string& malware_category) {
   if (!IsRealtimeReportingEnabled())
     return;
 
@@ -449,7 +456,9 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
              const std::string& profile_user_name,
              const std::string& threat_type, const std::string& mime_type,
              const std::string& trigger, const int64_t content_size,
-             safe_browsing::EventResult event_result) {
+             safe_browsing::EventResult event_result,
+             const std::string& malware_family,
+             const std::string& malware_category) {
             // Create a real-time event dictionary from the arguments and
             // report it.
             base::Value event(base::Value::Type::DICTIONARY);
@@ -471,10 +480,15 @@ void SafeBrowsingPrivateEventRouter::OnDangerousDeepScanningResult(
             event.SetBoolKey(
                 kKeyClickedThrough,
                 event_result == safe_browsing::EventResult::BYPASSED);
+            if (!malware_family.empty())
+              event.SetStringKey(kKeyMalwareFamily, malware_family);
+            if (!malware_category.empty())
+              event.SetStringKey(kKeyMalwareCategory, malware_category);
             return event;
           },
           url.spec(), file_name, download_digest_sha256, GetProfileUserName(),
-          threat_type, mime_type, trigger, content_size, event_result));
+          threat_type, mime_type, trigger, content_size, event_result,
+          malware_family, malware_category));
 }
 
 void SafeBrowsingPrivateEventRouter::OnSensitiveDataEvent(

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h

@@ -80,6 +80,8 @@ class SafeBrowsingPrivateEventRouter
   static const char kKeyContentSize[];
   static const char kKeyTrigger[];
   static const char kKeyEventResult[];
+  static const char kKeyMalwareFamily[];
+  static const char kKeyMalwareCategory[];
 
   static const char kKeyPasswordReuseEvent[];
   static const char kKeyPasswordChangedEvent[];
@@ -266,7 +268,9 @@ class SafeBrowsingPrivateEventRouter
                                      const std::string& mime_type,
                                      const std::string& trigger,
                                      const int64_t content_size,
-                                     safe_browsing::EventResult event_result);
+                                     safe_browsing::EventResult event_result,
+                                     const std::string& malware_family,
+                                     const std::string& malware_category);
 
   // Notifies listeners that the analysis connector detected a violation.
   void OnSensitiveDataEvent(

components/enterprise/common/proto/connectors.proto

@@ -102,6 +102,11 @@ message ContentAnalysisResponse {
       optional string rule_id = 3;
     }
     repeated TriggeredRule triggered_rules = 3;
+
+    // TODO(crbug.com/1147036): Remove fields 4-5 once a definitive approach is
+    // agreed upon.
+    optional string malware_family = 4;
+    optional string malware_category = 5;
   }
   repeated Result results = 4;