[Lookalikes] Make local allowlist apply to entire eTLD+1

This CL changes the local allowlist, used when a user ignores a safety
tip or interstitial, to apply eTLD+1-wide instead of just to a
particular origin.

This is particular important for the interstitial to avoid multiple
warnings on sites that redirect, for instance from a bare domain
(google.com) to a subdomain (www.google.com), or from nonsecure
(http://google.com) to secure (https://google.com).

A future CL, not merged back to M89, will adjust this allowlist to
handle pairs of domains (i.e. (lookalike domain, canonical domain)
pairs).

Bug: 1154702
Change-Id: Ic112ca11b4fd66ebbe393822da0651ee832f6aca
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2640741
Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845966}

chrome/browser/lookalikes/lookalike_url_navigation_throttle_browsertest.cc

@@ -1190,6 +1190,53 @@ IN_PROC_BROWSER_TEST_P(LookalikeUrlNavigationThrottleBrowserTest,
   }
 }
 
+// Verify that a warning, when ignored, applies to the entire eTLD+1, not just
+// the navigated origin.
+IN_PROC_BROWSER_TEST_P(LookalikeUrlNavigationThrottleBrowserTest,
+                       AllowlistAppliesToETLDPlusOne) {
+  {
+    const GURL kNavigatedUrl = GetURL("sub1.googlé.com");
+    SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+    LoadAndCheckInterstitialAt(browser(), kNavigatedUrl);
+    SendInterstitialCommandSync(browser(),
+                                SecurityInterstitialCommand::CMD_PROCEED);
+  }
+
+  // TestInterstitialNotShown assumes there's not an interstitial already
+  // showing (since otherwise it can't be sure that the navigation caused it).
+  NavigateToURLSync(browser(), GetURL("example.com"));
+
+  {
+    const GURL kNavigatedUrl = GetURL("sub2.googlé.com");
+    SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+    TestInterstitialNotShown(browser(), kNavigatedUrl);
+  }
+
+  // We respect private registries for this manual allowlisting so that
+  // different (independent) subdomains each show their own warning.
+  if (!target_embedding_enabled()) {
+    // Since subdomains are only used for target embedding, if that's not
+    // enabled, we can bail out now.
+    return;
+  }
+  NavigateToURLSync(browser(), GetURL("example.com"));
+  {
+    // Note: This uses blogspot.cv because blogspot.com is a top domain, and top
+    // domains don't show warnings.
+    const GURL kNavigatedUrl = GetURL("google-com.blogspot.cv");
+    SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+    LoadAndCheckInterstitialAt(browser(), kNavigatedUrl);
+    SendInterstitialCommandSync(browser(),
+                                SecurityInterstitialCommand::CMD_PROCEED);
+  }
+  NavigateToURLSync(browser(), GetURL("example.com"));
+  {
+    const GURL kNavigatedUrl = GetURL("google-com-unrelated.blogspot.cv");
+    SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+    LoadAndCheckInterstitialAt(browser(), kNavigatedUrl);
+  }
+}
+
 // Verify that the user action in UKM is recorded even when we navigate away
 // from the interstitial without interacting with it.
 IN_PROC_BROWSER_TEST_P(LookalikeUrlNavigationThrottleBrowserTest,

chrome/browser/reputation/reputation_service.cc

@@ -25,6 +25,7 @@
 #include "components/security_state/core/features.h"
 #include "components/security_state/core/security_state.h"
 #include "components/url_formatter/spoof_checks/top_domains/top500_domains.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "services/metrics/public/cpp/ukm_source_id.h"
 #include "url/url_constants.h"
 
@@ -92,6 +93,13 @@ bool ShouldSuppressWarning(Profile* profile, const GURL& url) {
   return reputation::IsUrlAllowlistedBySafetyTipsComponent(proto, url);
 }
 
+// Gets the eTLD+1 of the provided hostname, including private registries (e.g.
+// foo.blogspot.com returns blogspot.com.
+std::string GetETLDPlusOneWithPrivateRegistries(const std::string& hostname) {
+  return net::registry_controlled_domains::GetDomainAndRegistry(
+      hostname, net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
+}
+
 }  // namespace
 
 ReputationService::ReputationService(Profile* profile)
@@ -131,15 +139,18 @@ void ReputationService::GetReputationStatus(const GURL& url,
 }
 
 bool ReputationService::IsIgnored(const GURL& url) const {
-  return warning_dismissed_origins_.count(url::Origin::Create(url)) > 0;
+  return warning_dismissed_etld1s_.count(
+             GetETLDPlusOneWithPrivateRegistries(url.host())) > 0;
 }
 
 void ReputationService::SetUserIgnore(const GURL& url) {
-  warning_dismissed_origins_.insert(url::Origin::Create(url));
+  warning_dismissed_etld1s_.insert(
+      GetETLDPlusOneWithPrivateRegistries(url.host()));
 }
 
 void ReputationService::OnUIDisabledFirstVisit(const GURL& url) {
-  warning_dismissed_origins_.insert(url::Origin::Create(url));
+  warning_dismissed_etld1s_.insert(
+      GetETLDPlusOneWithPrivateRegistries(url.host()));
 }
 
 void ReputationService::SetSensitiveKeywordsForTesting(

chrome/browser/reputation/reputation_service.h

@@ -101,9 +101,9 @@ class ReputationService : public KeyedService {
       ReputationCheckCallback callback,
       const std::vector<DomainInfo>& engaged_sites);
 
-  // Set of origins that we've warned about, and the user has explicitly
+  // Set of eTLD+1s that we've warned about, and the user has explicitly
   // ignored.  Used to avoid re-warning the user.
-  std::set<url::Origin> warning_dismissed_origins_;
+  std::set<std::string> warning_dismissed_etld1s_;
 
   Profile* profile_;