Create CanGetReputationOfUrl in safe_browsing/core/common/utils

PasswordProtectionService::CanGetReputationOfURL and
RealTimeUrlLookupServiceBase::CanCheckUrl both check whether
Safe Browsing backend can get a reliable reputation of a URL. Move
this check to a central place.

Bug: 1126130
Change-Id: Ia6f1f197024a8436cf3c116291829007f1ce4a2c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2441376
Commit-Queue: Xinghui Lu <xinghuilu@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813998}

components/safe_browsing/content/password_protection/password_protection_service.cc

@@ -77,12 +77,11 @@ PasswordProtectionService::~PasswordProtectionService() {
 }
 
 bool PasswordProtectionService::CanGetReputationOfURL(const GURL& url) {
-  if (!url.is_valid() || !url.SchemeIsHTTPOrHTTPS() || net::IsLocalhost(url))
+  if (!safe_browsing::CanGetReputationOfUrl(url)) {
     return false;
-
+  }
   const std::string hostname = url.HostNoBrackets();
-  return !net::IsHostnameNonUnique(hostname) &&
-         hostname.find('.') != std::string::npos;
+  return !net::IsHostnameNonUnique(hostname);
 }
 
 #if defined(ON_FOCUS_PING_ENABLED)

components/safe_browsing/core/common/utils.cc

@@ -11,6 +11,8 @@
 #include "components/policy/core/browser/browser_policy_connector.h"
 #include "components/prefs/pref_service.h"
 #include "crypto/sha2.h"
+#include "net/base/ip_address.h"
+#include "net/base/url_util.h"
 
 #if defined(OS_WIN)
 #include "base/enterprise_util.h"
@@ -74,4 +76,30 @@ base::TimeDelta GetDelayFromPref(PrefService* prefs, const char* pref_name) {
     return next_event - now;
 }
 
+bool CanGetReputationOfUrl(const GURL& url) {
+  if (!url.is_valid() || !url.SchemeIsHTTPOrHTTPS() || net::IsLocalhost(url)) {
+    return false;
+  }
+  const std::string hostname = url.host();
+  // A valid hostname should be longer than 3 characters and have at least 1
+  // dot.
+  if (hostname.size() < 4 || base::STLCount(hostname, '.') < 1) {
+    return false;
+  }
+
+  if (net::IsLocalhost(url)) {
+    // Includes: "//localhost/", "//localhost.localdomain/", "//127.0.0.1/"
+    return false;
+  }
+
+  net::IPAddress ip_address;
+  if (url.HostIsIPAddress() && ip_address.AssignFromIPLiteral(hostname) &&
+      !ip_address.IsPubliclyRoutable()) {
+    // Includes: "//192.168.1.1/", "//172.16.2.2/", "//10.1.1.1/"
+    return false;
+  }
+
+  return true;
+}
+
 }  // namespace safe_browsing

components/safe_browsing/core/common/utils.h

@@ -41,6 +41,15 @@ void SetDelayInPref(PrefService* prefs,
                     const base::TimeDelta& delay);
 base::TimeDelta GetDelayFromPref(PrefService* prefs, const char* pref_name);
 
+// Safe Browsing backend cannot get a reliable reputation of a URL if
+// (1) URL is not valid
+// (2) URL doesn't have http or https scheme
+// (3) It maps to a local host.
+// (4) Its hostname is an IP Address that is assigned from IP literal.
+// (5) Its hostname is a dotless domain.
+// (6) Its hostname is less than 4 characters.
+bool CanGetReputationOfUrl(const GURL& url);
+
 }  // namespace safe_browsing
 
 #endif  // COMPONENTS_SAFE_BROWSING_CORE_COMMON_UTILS_H_

components/safe_browsing/core/realtime/BUILD.gn

@@ -64,6 +64,7 @@ static_library("url_lookup_service_base") {
     "//components/safe_browsing/core:features",
     "//components/safe_browsing/core:realtimeapi_proto",
     "//components/safe_browsing/core:verdict_cache_manager",
+    "//components/safe_browsing/core/common:common",
     "//components/safe_browsing/core/common:safe_browsing_prefs",
     "//components/safe_browsing/core/common:thread_utils",
     "//components/safe_browsing/core/db:v4_protocol_manager_util",

components/safe_browsing/core/realtime/url_lookup_service_base.cc

@@ -15,6 +15,7 @@
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
 #include "components/safe_browsing/core/common/thread_utils.h"
+#include "components/safe_browsing/core/common/utils.h"
 #include "components/safe_browsing/core/verdict_cache_manager.h"
 #include "components/sync/driver/sync_service.h"
 #include "net/base/ip_address.h"
@@ -133,25 +134,10 @@ RealTimeUrlLookupServiceBase::~RealTimeUrlLookupServiceBase() = default;
 
 // static
 bool RealTimeUrlLookupServiceBase::CanCheckUrl(const GURL& url) {
-  if (!url.SchemeIsHTTPOrHTTPS()) {
-    return false;
-  }
-
-  if (net::IsLocalhost(url) &&
-      !VerdictCacheManager::has_artificial_unsafe_url()) {
-    // Includes: "//localhost/", "//localhost.localdomain/", "//127.0.0.1/"
-    return false;
-  }
-
-  net::IPAddress ip_address;
-  if (url.HostIsIPAddress() && ip_address.AssignFromIPLiteral(url.host()) &&
-      !ip_address.IsPubliclyRoutable() &&
-      !VerdictCacheManager::has_artificial_unsafe_url()) {
-    // Includes: "//192.168.1.1/", "//172.16.2.2/", "//10.1.1.1/"
-    return false;
-  }
-
+  if (VerdictCacheManager::has_artificial_unsafe_url()) {
     return true;
+  }
+  return CanGetReputationOfUrl(url);
 }
 
 // static

components/safe_browsing/core/realtime/url_lookup_service_unittest.cc

@@ -527,10 +527,11 @@ TEST_F(RealTimeUrlLookupServiceTest, TestCanCheckUrl) {
                              {"http://10.1.1.1/path", false},
                              {"http://10.1.1.1.1/path", true},
                              {"http://example.test/path", true},
-                             {"https://example.test/path", true}};
-  for (size_t i = 0; i < base::size(can_check_url_cases); i++) {
-    GURL url(can_check_url_cases[i].url);
-    bool expected_can_check = can_check_url_cases[i].can_check;
+                             {"http://nodothost/path", false},
+                             {"http://x.x/shorthost", false}};
+  for (auto& can_check_url_case : can_check_url_cases) {
+    GURL url(can_check_url_case.url);
+    bool expected_can_check = can_check_url_case.can_check;
     EXPECT_EQ(expected_can_check, CanCheckUrl(url));
   }
 }