[Desktop] Billing Interstitial UI

This CL implements downloading the billing blacklist and then triggering the billing interstitial UI. The page info bubble is updated to support the billing interstitial. The billing page info and the interstitial UI is placed behind a new safebrowsing feature flag, "BillingInterstitial". Bug: 867518 Change-Id: Id87463b272a9dcc4a3e3d95faaa48a942a2cb664 Reviewed-on: https://chromium-review.googlesource.com/1163286Reviewed-by: Adrienne Porter Felt <felt@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Commit-Queue: Sarah Chan <spqchan@chromium.org> Cr-Commit-Position: refs/heads/master@{#582283}

[Desktop] Billing Interstitial UI
This CL implements downloading the billing blacklist and then triggering the billing interstitial UI. The page info bubble is updated to support the billing interstitial. The billing page info and the interstitial UI is placed behind a new safebrowsing feature flag, "BillingInterstitial". Bug: 867518 Change-Id: Id87463b272a9dcc4a3e3d95faaa48a942a2cb664 Reviewed-on: https://chromium-review.googlesource.com/1163286Reviewed-by: Adrienne Porter Felt <felt@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Commit-Queue: Sarah Chan <spqchan@chromium.org> Cr-Commit-Position: refs/heads/master@{#582283}
6da308ad · spqchan · Commit Bot · 8b141623 · 6da308ad · 6da308ad
Commit 6da308ad authored Aug 10, 2018 by spqchan Committed by Commit Bot Aug 10, 2018
16 changed files
--- a/chrome/browser/safe_browsing/url_checker_delegate_impl.cc
+++ b/chrome/browser/safe_browsing/url_checker_delegate_impl.cc
@@ -64,7 +64,8 @@ UrlCheckerDelegateImpl::UrlCheckerDelegateImpl(
      threat_types_(CreateSBThreatTypeSet({
 // TODO(crbug.com/835961): Enable on Android when list is available.
 #if defined(SAFE_BROWSING_DB_LOCAL)
-        safe_browsing::SB_THREAT_TYPE_SUSPICIOUS_SITE,
+            safe_browsing::SB_THREAT_TYPE_BILLING,
+            safe_browsing::SB_THREAT_TYPE_SUSPICIOUS_SITE,
 #endif
            safe_browsing::SB_THREAT_TYPE_URL_MALWARE,
            safe_browsing::SB_THREAT_TYPE_URL_PHISHING,

--- a/chrome/browser/ssl/security_state_tab_helper.cc
+++ b/chrome/browser/ssl/security_state_tab_helper.cc
@@ -284,10 +284,6 @@ SecurityStateTabHelper::GetMaliciousContentStatus() const {
    switch (threat_type) {
      case safe_browsing::SB_THREAT_TYPE_UNUSED:
      case safe_browsing::SB_THREAT_TYPE_SAFE:
-      // TODO(https://crbug.com/867518): Create a malicious billing enum and
-      // return it.
-      case safe_browsing::SB_THREAT_TYPE_BILLING:
-        break;
      case safe_browsing::SB_THREAT_TYPE_URL_PHISHING:
      case safe_browsing::SB_THREAT_TYPE_URL_CLIENT_SIDE_PHISHING:
        return security_state::MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING;
@@ -324,6 +320,10 @@ SecurityStateTabHelper::GetMaliciousContentStatus() const {
        // social engineering content status.
        return security_state::MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING;
 #endif
+      case safe_browsing::SB_THREAT_TYPE_BILLING:
+        return base::FeatureList::IsEnabled(safe_browsing::kBillingInterstitial)
+                   ? security_state::MALICIOUS_CONTENT_STATUS_BILLING
+                   : security_state::MALICIOUS_CONTENT_STATUS_NONE;
      case safe_browsing::
          DEPRECATED_SB_THREAT_TYPE_URL_PASSWORD_PROTECTION_PHISHING:
      case safe_browsing::SB_THREAT_TYPE_URL_BINARY_MALWARE:

--- a/chrome/browser/ui/page_info/page_info.cc
+++ b/chrome/browser/ui/page_info/page_info.cc
@@ -1050,6 +1050,12 @@ void PageInfo::GetSiteIdentityByMaliciousContentStatus(
                     ? password_protection_service_->GetWarningDetailText(
                           PasswordReuseEvent::ENTERPRISE_PASSWORD)
                     : base::string16();
+#endif
+      break;
+    case security_state::MALICIOUS_CONTENT_STATUS_BILLING:
+#if defined(SAFE_BROWSING_DB_LOCAL)
+      *status = PageInfo::SITE_IDENTITY_STATUS_BILLING;
+      *details = l10n_util::GetStringUTF16(IDS_PAGE_INFO_BILLING_DETAILS);
 #endif
      break;
  }

--- a/chrome/browser/ui/page_info/page_info.h
+++ b/chrome/browser/ui/page_info/page_info.h
@@ -93,6 +93,7 @@ class PageInfo : public TabSpecificContentSettings::SiteDataObserver,
    SITE_IDENTITY_STATUS_UNWANTED_SOFTWARE,
    SITE_IDENTITY_STATUS_SIGN_IN_PASSWORD_REUSE,
    SITE_IDENTITY_STATUS_ENTERPRISE_PASSWORD_REUSE,
+    SITE_IDENTITY_STATUS_BILLING,
  };

  // Events for UMA. Do not reorder or change! Exposed in header so enum is

--- a/chrome/browser/ui/page_info/page_info_ui.cc
+++ b/chrome/browser/ui/page_info/page_info_ui.cc
@@ -294,6 +294,12 @@ PageInfoUI::GetSecurityDescription(const IdentityInfo& identity_info) const {
 #if defined(SAFE_BROWSING_DB_LOCAL)
      return CreateSecurityDescriptionForPasswordReuse(
          /*is_enterprise_password=*/true);
+#endif
+    case PageInfo::SITE_IDENTITY_STATUS_BILLING:
+#if defined(SAFE_BROWSING_DB_LOCAL)
+      return CreateSecurityDescription(SecuritySummaryColor::RED,
+                                       IDS_PAGE_INFO_BILLING_SUMMARY,
+                                       IDS_PAGE_INFO_BILLING_DETAILS);
 #endif
    case PageInfo::SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM:
    case PageInfo::SITE_IDENTITY_STATUS_UNKNOWN:

--- a/components/page_info_strings.grdp
+++ b/components/page_info_strings.grdp
@@ -420,4 +420,12 @@
      </message>
    </if>
  </if>
+
+     <!-- Billing -->
+    <message name="IDS_PAGE_INFO_BILLING_SUMMARY" desc="A one-line summary at the top of the Page Info bubble (which shows when you click the security indicator) if the website has been flagged for a billing interstitial">
+      The page ahead may try to charge you money
+    </message>
+    <message name="IDS_PAGE_INFO_BILLING_DETAILS" desc="A one-line summary at the top of the Page Info bubble (which shows when you click the security indicator) if the website has been flagged for a billing interstitial.">
+      These charges could be one-time or recurring and may not be obvious.
+    </message>
 </grit-part>
--- a/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_DETAILS.png.sha1
+++ b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_DETAILS.png.sha1
+f6a8c9fb2f9ea8a760454538cb50604a8b04bcf6
\ No newline at end of file
--- a/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_SUMMARY.png.sha1
+++ b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_SUMMARY.png.sha1
+f6a8c9fb2f9ea8a760454538cb50604a8b04bcf6
\ No newline at end of file
--- a/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc
+++ b/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc
@@ -7,6 +7,7 @@
 #include "base/metrics/histogram_macros.h"
 #include "base/trace_event/trace_event.h"
 #include "components/safe_browsing/browser/url_checker_delegate.h"
+#include "components/safe_browsing/features.h"
 #include "components/safe_browsing/web_ui/constants.h"
 #include "components/security_interstitials/content/unsafe_resource.h"
 #include "content/public/browser/browser_thread.h"
@@ -135,7 +136,9 @@ void SafeBrowsingUrlCheckerImpl::OnCheckBrowseUrlResult(
      threat_type == SB_THREAT_TYPE_SAFE ? "safe" : "unsafe");

  if (threat_type == SB_THREAT_TYPE_SAFE ||
-      threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE) {
+      threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE ||
+      (!base::FeatureList::IsEnabled(safe_browsing::kBillingInterstitial) &&
+       threat_type == SB_THREAT_TYPE_BILLING)) {
    state_ = STATE_NONE;

    if (threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE) {

--- a/components/safe_browsing/db/safebrowsing.proto
+++ b/components/safe_browsing/db/safebrowsing.proto
@@ -289,6 +289,9 @@ enum ThreatType {

  // Entities that are suspected to present a threat.
  SUSPICIOUS = 14;
+
+  // Billing threat list. The internal proto's enum name is different
+  BILLING = 15;
 }

 // Types of platforms.

--- a/components/safe_browsing/db/v4_local_database_manager.cc
+++ b/components/safe_browsing/db/v4_local_database_manager.cc
@@ -80,6 +80,8 @@ ListInfos GetListInfos() {
      ListInfo(kSyncOnlyOnChromeBuilds, "ChromeUrlClientIncident.store",
               GetChromeUrlClientIncidentId(),
               SB_THREAT_TYPE_BLACKLISTED_RESOURCE),
+      ListInfo(kSyncAlways, "UrlBilling.store", GetUrlBillingId(),
+               SB_THREAT_TYPE_BILLING),
      ListInfo(kSyncOnlyOnChromeBuilds, "UrlCsdDownloadWhitelist.store",
               GetUrlCsdDownloadWhitelistId(), SB_THREAT_TYPE_UNUSED),
      ListInfo(kSyncOnlyOnChromeBuilds, "UrlCsdWhitelist.store",
@@ -113,6 +115,8 @@ ThreatSeverity GetThreatSeverity(const ListIdentifier& list_id) {
      return 3;
    case SUSPICIOUS:
      return 4;
+    case BILLING:
+      return 15;
    default:
      NOTREACHED() << "Unexpected ThreatType encountered: "
                   << list_id.threat_type();
@@ -135,6 +139,9 @@ ListIdentifier GetUrlIdFromSBThreatType(SBThreatType sb_threat_type) {
    case SB_THREAT_TYPE_SUSPICIOUS_SITE:
      return GetUrlSuspiciousSiteId();

+    case SB_THREAT_TYPE_BILLING:
+      return GetUrlBillingId();
+
    default:
      NOTREACHED();
      // Compiler requires a return statement here.

--- a/components/safe_browsing/db/v4_protocol_manager_util.cc
+++ b/components/safe_browsing/db/v4_protocol_manager_util.cc
@@ -115,6 +115,10 @@ ListIdentifier GetIpMalwareId() {
  return ListIdentifier(GetCurrentPlatformType(), IP_RANGE, MALWARE_THREAT);
 }

+ListIdentifier GetUrlBillingId() {
+  return ListIdentifier(GetCurrentPlatformType(), URL, BILLING);
+}
+
 ListIdentifier GetUrlCsdDownloadWhitelistId() {
  return ListIdentifier(GetCurrentPlatformType(), URL, CSD_DOWNLOAD_WHITELIST);
 }
@@ -181,6 +185,7 @@ bool SBThreatTypeSetIsValidForCheckBrowseUrl(const SBThreatTypeSet& set) {
      case SB_THREAT_TYPE_URL_MALWARE:
      case SB_THREAT_TYPE_URL_UNWANTED:
      case SB_THREAT_TYPE_SUSPICIOUS_SITE:
+      case SB_THREAT_TYPE_BILLING:
        break;

      default:

--- a/components/safe_browsing/db/v4_protocol_manager_util.h
+++ b/components/safe_browsing/db/v4_protocol_manager_util.h
@@ -196,6 +196,7 @@ ListIdentifier GetChromeExtMalwareId();
 ListIdentifier GetChromeUrlApiId();
 ListIdentifier GetChromeUrlClientIncidentId();
 ListIdentifier GetIpMalwareId();
+ListIdentifier GetUrlBillingId();
 ListIdentifier GetUrlCsdDownloadWhitelistId();
 ListIdentifier GetUrlCsdWhitelistId();
 ListIdentifier GetUrlMalBinId();

--- a/components/safe_browsing/features.cc
+++ b/components/safe_browsing/features.cc
@@ -22,6 +22,10 @@ namespace safe_browsing {
 const base::Feature kAdSamplerTriggerFeature{"SafeBrowsingAdSamplerTrigger",
                                             base::FEATURE_DISABLED_BY_DEFAULT};

+// Controls the billing interstitial UI.
+const base::Feature kBillingInterstitial{"BillingInterstitial",
+                                         base::FEATURE_DISABLED_BY_DEFAULT};
+
 // If enabled in pre-network-service world, SafeBrowsing URL checks are done by
 // applying SafeBrowsing's URLLoaderThrottle subclasses to ThrottlingURLLoader.
 //
@@ -61,6 +65,7 @@ constexpr struct {
  bool probabilistically_enabled;
 } kExperimentalFeatures[]{
    {&kAdSamplerTriggerFeature, false},
+    {&kBillingInterstitial, false},
    {&kCheckByURLLoaderThrottle, true},
    {&kForceEnableResetPasswordWebUI, true},
    {&kInspectDownloadedRarFiles, true},

--- a/components/safe_browsing/features.h
+++ b/components/safe_browsing/features.h
@@ -22,6 +22,9 @@ namespace safe_browsing {
 extern const base::Feature kAdSamplerTriggerFeature;
 extern const base::Feature kCheckByURLLoaderThrottle;

+// Controls the billing interstitial UI.
+extern const base::Feature kBillingInterstitial;
+
 // Specifies which non-resource HTML Elements to collect based on their tag and
 // attributes. It's a single param containing a comma-separated list of pairs.
 // For example: "tag1,id,tag1,height,tag2,foo" - this will collect elements with

--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -92,6 +92,7 @@ enum MaliciousContentStatus {
  MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING,
  MALICIOUS_CONTENT_STATUS_SIGN_IN_PASSWORD_REUSE,
  MALICIOUS_CONTENT_STATUS_ENTERPRISE_PASSWORD_REUSE,
+  MALICIOUS_CONTENT_STATUS_BILLING,
 };

 // Describes the security status of a page or request. This is the