Send Visual Features in PhishGuard pings

When a SBER user triggers an On Focus ping, extract visual features from
the login pages and attach them to the PhishGuard ping.

Bug: 922226
Change-Id: I4139270f98e717bb977914e5399ba9dec702f878
Reviewed-on: https://chromium-review.googlesource.com/c/1448809
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#628477}

components/safe_browsing/password_protection/password_protection_request.cc

@@ -13,8 +13,11 @@
 #include "components/password_manager/core/browser/password_reuse_detector.h"
 #include "components/safe_browsing/db/whitelist_checker_client.h"
 #include "components/safe_browsing/password_protection/password_protection_navigation_throttle.h"
+#include "components/safe_browsing/password_protection/visual_utils.h"
 #include "components/safe_browsing/web_ui/safe_browsing_ui.h"
+#include "components/zoom/zoom_controller.h"
 #include "content/public/browser/browser_task_traits.h"
+#include "content/public/browser/render_widget_host_view.h"
 #include "content/public/browser/web_contents.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
@@ -35,6 +38,20 @@ namespace {
 // the size of the report. UMA suggests 99.9% will have < 200 domains.
 const int kMaxReusedDomains = 200;
 
+// Parameters chosen to ensure privacy is preserved by visual features.
+const int kMinWidthForVisualFeatures = 576;
+const int kMinHeightForVisualFeatures = 576;
+const float kMaxZoomForVisualFeatures = 2.0;
+
+std::unique_ptr<VisualFeatures> ExtractVisualFeatures(
+    const SkBitmap& screenshot) {
+  auto features = std::make_unique<VisualFeatures>();
+  visual_utils::GetHistogramForImage(screenshot,
+                                     features->mutable_color_histogram());
+  visual_utils::GetBlurredImage(screenshot, features->mutable_image());
+  return features;
+}
+
 }  // namespace
 
 PasswordProtectionRequest::PasswordProtectionRequest(
@@ -139,7 +156,7 @@ void PasswordProtectionRequest::CheckCachedVerdicts() {
   if (verdict != LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED)
     Finish(RequestOutcome::RESPONSE_ALREADY_CACHED, std::move(cached_response));
   else
-    SendRequest();
+    FillRequestProto();
 }
 
 void PasswordProtectionRequest::FillRequestProto() {
@@ -212,11 +229,53 @@ void PasswordProtectionRequest::FillRequestProto() {
     default:
       NOTREACHED();
   }
+
+  if (trigger_type_ == LoginReputationClientRequest::UNFAMILIAR_LOGIN_PAGE &&
+      password_protection_service_->IsExtendedReporting() &&
+      zoom::ZoomController::GetZoomLevelForWebContents(web_contents_) <=
+          kMaxZoomForVisualFeatures &&
+      request_proto_->content_area_width() >= kMinWidthForVisualFeatures &&
+      request_proto_->content_area_height() >= kMinHeightForVisualFeatures) {
+    CollectVisualFeatures();
+  } else {
+    SendRequest();
+  }
+}
+
+void PasswordProtectionRequest::CollectVisualFeatures() {
+  content::RenderWidgetHostView* view =
+      web_contents_ ? web_contents_->GetRenderWidgetHostView() : nullptr;
+
+  if (!view)
+    SendRequest();
+
+  view->CopyFromSurface(
+      gfx::Rect(), gfx::Size(),
+      base::BindOnce(&PasswordProtectionRequest::OnScreenshotTaken,
+                     GetWeakPtr()));
+}
+
+void PasswordProtectionRequest::OnScreenshotTaken(const SkBitmap& screenshot) {
+  // Do the feature extraction on a worker thread, to avoid blocking the UI.
+  base::PostTaskWithTraitsAndReplyWithResult(
+      FROM_HERE,
+      {base::MayBlock(), base::TaskPriority::BEST_EFFORT,
+       base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
+      base::BindOnce(&ExtractVisualFeatures, screenshot),
+      base::BindOnce(&PasswordProtectionRequest::OnVisualFeatureCollectionDone,
+                     GetWeakPtr()));
+}
+
+void PasswordProtectionRequest::OnVisualFeatureCollectionDone(
+    std::unique_ptr<VisualFeatures> visual_features) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+  request_proto_->mutable_visual_features()->Swap(visual_features.get());
+  SendRequest();
 }
 
 void PasswordProtectionRequest::SendRequest() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  FillRequestProto();
 
   web_ui_token_ =
       WebUIInfoSingleton::GetInstance()->AddToPGPings(*request_proto_);

components/safe_browsing/password_protection/password_protection_request.h

@@ -10,7 +10,9 @@
 #include "base/task/cancelable_task_tracker.h"
 #include "components/safe_browsing/password_protection/metrics_util.h"
 #include "components/safe_browsing/password_protection/password_protection_service.h"
+#include "components/safe_browsing/proto/csd.pb.h"
 #include "content/public/browser/browser_thread.h"
+#include "third_party/skia/include/core/SkBitmap.h"
 
 #include <vector>
 
@@ -134,6 +136,16 @@ class PasswordProtectionRequest
   // Fill |request_proto_| with appropriate values.
   void FillRequestProto();
 
+  // Collects visual features from the current login page.
+  void CollectVisualFeatures();
+
+  // Processes the screenshot of the login page into visual features.
+  void OnScreenshotTaken(const SkBitmap& bitmap);
+
+  // Called when the visual feature extraction is complete.
+  void OnVisualFeatureCollectionDone(
+      std::unique_ptr<VisualFeatures> visual_features);
+
   // Initiates network request to Safe Browsing backend.
   void SendRequest();