Persist saved passwords low reputation reuse bit

Previously, we only store phished saved password bit in compomised_credentials only when it's reused on a phishing site. However, when a saved password is reused on a low reputation site, it should also be persisted. Bug: 1026006 Change-Id: Ie4dd0431690a1e91521e493225375ae4221f167f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1922948 Commit-Queue: Bettina Dea <bdea@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#716890}

Persist saved passwords low reputation reuse bit
Previously, we only store phished saved password bit in compomised_credentials only when it's reused on a phishing site. However, when a saved password is reused on a low reputation site, it should also be persisted. Bug: 1026006 Change-Id: Ie4dd0431690a1e91521e493225375ae4221f167f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1922948 Commit-Queue: Bettina Dea <bdea@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#716890}
5421614a · Bettina · Commit Bot · 69a33675 · 5421614a
Commit 5421614a authored Nov 20, 2019 by Bettina Committed by Commit Bot Nov 20, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 6 deletions

components/safe_browsing/password_protection/password_protection_service.cc ...owsing/password_protection/password_protection_service.cc +8 -6

No files found.
--- a/components/safe_browsing/password_protection/password_protection_service.cc
+++ b/components/safe_browsing/password_protection/password_protection_service.cc
@@ -312,17 +312,19 @@ void PasswordProtectionService::RequestFinished(
    auto verdict =
        response ? response->verdict_type()
                 : LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
-    auto is_phishing_url = verdict == LoginReputationClientResponse::PHISHING;
 #if defined(SYNC_PASSWORD_REUSE_WARNING_ENABLED)
-    MaybeReportPasswordReuseDetected(request->web_contents(),
+    MaybeReportPasswordReuseDetected(
-                                     request->username(),
+        request->web_contents(), request->username(), request->password_type(),
-                                     request->password_type(), is_phishing_url);
+        verdict == LoginReputationClientResponse::PHISHING);
 #endif
    // Persist a bit in CompromisedCredentials table when saved password is
-    // reused on a phishing site.
+    // reused on a phishing or low reputation site.
-    if (is_phishing_url) {
+    auto is_unsafe_url =
+        verdict == LoginReputationClientResponse::PHISHING ||
+        verdict == LoginReputationClientResponse::LOW_REPUTATION;
+    if (is_unsafe_url) {
      PersistPhishedSavedPasswordCredential(request->username(),
                                            request->matching_domains());
    }