Safety Tips: Check server-side allowlist.

This CL prevents Chrome from evaluating client- or server-side safety tip heuristics if the URL is present on the component-updater-provided allowlist. Bug: 1009518 Change-Id: Ieb8e88b7d4b1aa88caf68492b8ff1ce4eb6d9fc5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1849133Reviewed-by: Emily Stark <estark@chromium.org> Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org> Cr-Commit-Position: refs/heads/master@{#705128}

Safety Tips: Check server-side allowlist.
This CL prevents Chrome from evaluating client- or server-side safety tip heuristics if the URL is present on the component-updater-provided allowlist. Bug: 1009518 Change-Id: Ieb8e88b7d4b1aa88caf68492b8ff1ce4eb6d9fc5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1849133Reviewed-by: Emily Stark <estark@chromium.org> Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org> Cr-Commit-Position: refs/heads/master@{#705128}
87018823 · Joe DeBlasio · Commit Bot · da0e48ef · 87018823 · 87018823
Commit 87018823 authored Oct 11, 2019 by Joe DeBlasio Committed by Commit Bot Oct 11, 2019
4 changed files
--- a/chrome/browser/lookalikes/safety_tips/reputation_service.cc
+++ b/chrome/browser/lookalikes/safety_tips/reputation_service.cc
@@ -26,6 +26,7 @@
 namespace {
 using chrome_browser_safety_tips::FlaggedPage;
+using chrome_browser_safety_tips::UrlPattern;
 using lookalikes::DomainInfo;
 using lookalikes::LookalikeUrlNavigationThrottle;
 using lookalikes::LookalikeUrlService;
@@ -162,6 +163,43 @@ security_state::SafetyTipStatus FlagTypeToSafetyTipStatus(
  return security_state::SafetyTipStatus::kNone;
 }
+// Returns whether or not the Safety Tip should be suppressed for the given URL.
+// Checks SafeBrowsing-style permutations of |url| against the component updater
+// allowlist and returns whether the URL is explicitly allowed. Fails closed, so
+// that warnings are suppressed if the component is unavailable.
+bool ShouldSuppressWarning(const GURL& url) {
+  std::vector<std::string> patterns;
+  UrlToPatterns(url, &patterns);
+  auto* proto = safety_tips::GetRemoteConfigProto();
+  if (!proto) {
+    // This happens when the component hasn't downloaded yet. This should only
+    // happen for a short time after initial upgrade to M79.
+    //
+    // Disable all Safety Tips during that time. Otherwise, we would continue to
+    // flag on any known false positives until the client received the update.
+    return true;
+  }
+  auto allowed_pages = proto->allowed_pattern();
+  for (const auto& pattern : patterns) {
+    UrlPattern search_target;
+    search_target.set_pattern(pattern);
+    auto lower = std::lower_bound(
+        allowed_pages.begin(), allowed_pages.end(), search_target,
+        [](const UrlPattern& a, const UrlPattern& b) -> bool {
+          return a.pattern() < b.pattern();
+        });
+    if (lower != allowed_pages.end() && pattern == lower->pattern()) {
+      return true;
+    }
+  }
+  return false;
+}
 }  // namespace
 namespace safety_tips {
@@ -219,6 +257,15 @@ void ReputationService::GetReputationStatusWithEngagedSites(
    const std::vector<DomainInfo>& engaged_sites) {
  const DomainInfo navigated_domain = lookalikes::GetDomainInfo(url);
+  // 0. Server-side warning suppression.
+  // If the URL is on the allowlist list, do nothing else. This is only used to
+  // mitigate false positives, so no further processing should be done.
+  if (ShouldSuppressWarning(url)) {
+    std::move(callback).Run(security_state::SafetyTipStatus::kNone,
+                            IsIgnored(url), url, GURL());
+    return;
+  }
  // 1. Engagement check
  // Ensure that this URL is not already engaged. We can't use the synchronous
  // SiteEngagementService::IsEngagementAtLeast as it has side effects.  This

--- a/chrome/browser/lookalikes/safety_tips/safety_tip_test_utils.cc
+++ b/chrome/browser/lookalikes/safety_tips/safety_tip_test_utils.cc
@@ -4,15 +4,37 @@
 #include "chrome/browser/lookalikes/safety_tips/safety_tip_test_utils.h"
+#include <algorithm>
+#include <memory>
+#include <utility>
 #include "chrome/browser/lookalikes/safety_tips/safety_tips_config.h"
+namespace {
+// Retrieve existing config proto if set, or create a new one otherwise.
+std::unique_ptr<chrome_browser_safety_tips::SafetyTipsConfig> GetConfig() {
+  auto* old = safety_tips::GetRemoteConfigProto();
+  if (old) {
+    return std::make_unique<chrome_browser_safety_tips::SafetyTipsConfig>(*old);
+  }
+  auto conf = std::make_unique<chrome_browser_safety_tips::SafetyTipsConfig>();
+  // Any version ID will do.
+  conf->set_version_id(4);
+  return conf;
+}
+}  // namespace
+void InitializeSafetyTipConfig() {
+  safety_tips::SetRemoteConfigProto(GetConfig());
+}
 void SetSafetyTipPatternsWithFlagType(
    std::vector<std::string> patterns,
    chrome_browser_safety_tips::FlaggedPage::FlagType type) {
-  std::unique_ptr<chrome_browser_safety_tips::SafetyTipsConfig> config_proto =
+  auto config_proto = GetConfig();
-      std::make_unique<chrome_browser_safety_tips::SafetyTipsConfig>();
-  // Any version ID will do.
-  config_proto->set_version_id(4);
  std::sort(patterns.begin(), patterns.end());
  for (const auto& pattern : patterns) {
    chrome_browser_safety_tips::FlaggedPage* page =
@@ -28,3 +50,14 @@ void SetSafetyTipBadRepPatterns(std::vector<std::string> patterns) {
  SetSafetyTipPatternsWithFlagType(
      patterns, chrome_browser_safety_tips::FlaggedPage::BAD_REP);
 }
+void SetSafetyTipAllowlistPatterns(std::vector<std::string> patterns) {
+  auto config_proto = GetConfig();
+  std::sort(patterns.begin(), patterns.end());
+  for (const auto& pattern : patterns) {
+    chrome_browser_safety_tips::UrlPattern* page =
+        config_proto->add_allowed_pattern();
+    page->set_pattern(pattern);
+  }
+  safety_tips::SetRemoteConfigProto(std::move(config_proto));
+}
--- a/chrome/browser/lookalikes/safety_tips/safety_tip_test_utils.h
+++ b/chrome/browser/lookalikes/safety_tips/safety_tip_test_utils.h
@@ -6,9 +6,14 @@
 #define CHROME_BROWSER_LOOKALIKES_SAFETY_TIPS_SAFETY_TIP_TEST_UTILS_H_
 #include <string>
+#include <vector>
 #include "chrome/browser/lookalikes/safety_tips/safety_tips.pb.h"
+// Initialize component configuration. Necessary to enable Safety Tips for
+// testing, as no heuristics trigger if the allowlist is inaccessible.
+void InitializeSafetyTipConfig();
 // Sets the patterns included in component with the given flag type for tests.
 void SetSafetyTipPatternsWithFlagType(
    std::vector<std::string> pattern,
@@ -18,4 +23,7 @@ void SetSafetyTipPatternsWithFlagType(
 // calls SetSafetyTipPatternsWithFlagType with BAD_REPUTATION as the type.
 void SetSafetyTipBadRepPatterns(std::vector<std::string> pattern);
+// Sets allowlist patterns in the given proto for testing.
+void SetSafetyTipAllowlistPatterns(std::vector<std::string> patterns);
 #endif  // CHROME_BROWSER_LOOKALIKES_SAFETY_TIPS_SAFETY_TIP_TEST_UTILS_H_
--- a/chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc
+++ b/chrome/browser/ui/views/page_info/safety_tip_page_info_bubble_view_browsertest.cc
@@ -178,6 +178,7 @@ class SafetyTipPageInfoBubbleViewBrowserTest
            {});
    }
+    InitializeSafetyTipConfig();
    InProcessBrowserTest::SetUp();
  }
@@ -292,6 +293,25 @@ IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest, ShowOnBlock) {
  ASSERT_NO_FATAL_FAILURE(CheckPageInfoShowsSafetyTipInfo(browser()));
 }
+// Ensure explicitly-allowed sites don't get blocked when the site is otherwise
+// blocked server-side.
+IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest,
+                       NoShowOnAllowlist) {
+  auto kNavigatedUrl = GetURL("site1.com");
+  // Ensure a Safety Tip is triggered initially...
+  SetSafetyTipBadRepPatterns({"site1.com/"});
+  NavigateToURL(browser(), kNavigatedUrl, WindowOpenDisposition::CURRENT_TAB);
+  EXPECT_TRUE(IsUIShowingIfEnabled());
+  ASSERT_NO_FATAL_FAILURE(CheckPageInfoShowsSafetyTipInfo(browser()));
+  // ...but suppressed by the allowlist.
+  SetSafetyTipAllowlistPatterns({"site1.com/"});
+  NavigateToURL(browser(), kNavigatedUrl, WindowOpenDisposition::CURRENT_TAB);
+  EXPECT_FALSE(IsUIShowing());
+  ASSERT_NO_FATAL_FAILURE(CheckPageInfoDoesNotShowSafetyTipInfo(browser()));
+}
 // After the user clicks 'leave site', the user should end up on a safe domain.
 IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest,
                       LeaveSiteLeavesSite) {
@@ -435,6 +455,25 @@ IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest,
  ASSERT_NO_FATAL_FAILURE(CheckPageInfoDoesNotShowSafetyTipInfo(browser()));
 }
+// Tests that Safety Tips don't trigger on lookalike domains that are explicitly
+// allowed by the allowlist.
+IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest,
+                       NoTriggersOnLookalikeAllowlist) {
+  // This domain is a lookalike of a top domain not in the top 500.
+  const GURL kNavigatedUrl = GetURL("googlé.sk");
+  // Ensure a Safety Tip is triggered initially...
+  SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+  NavigateToURL(browser(), kNavigatedUrl, WindowOpenDisposition::CURRENT_TAB);
+  EXPECT_TRUE(IsUIShowingIfEnabled());
+  // ...but suppressed by the allowlist.
+  SetSafetyTipAllowlistPatterns({"xn--googl-fsa.sk/"});
+  SetEngagementScore(browser(), kNavigatedUrl, kLowEngagement);
+  NavigateToURL(browser(), kNavigatedUrl, WindowOpenDisposition::CURRENT_TAB);
+  EXPECT_FALSE(IsUIShowing());
+}
 // Tests that Safety Tips trigger (or not) on lookalike domains with edit
 // distance when enabled, and not otherwise.
 IN_PROC_BROWSER_TEST_P(SafetyTipPageInfoBubbleViewBrowserTest,