Refactor deep scanning download tests to use Connector policies directly

This CL refactors tests in downloads deep scanning to use Connector
policies directly instead of the indirect helpers that map to legacy
policies.

Bug: 1109242
Change-Id: I040ae5acbc96008cfc70eb98d2bce0a806a26d12
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2521850Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#824860}

chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc

@@ -52,6 +52,41 @@ namespace {
 
 constexpr char kUserName[] = "test@chromium.org";
 
+constexpr char kScanForDlpAndMalware[] = R"(
+{
+  "service_provider": "google",
+  "enable": [
+    {
+      "url_list": ["*"],
+      "tags": ["dlp", "malware"]
+    }
+  ]
+})";
+
+constexpr char kScanForMalware[] = R"(
+{
+  "service_provider": "google",
+  "enable": [
+    {
+      "url_list": ["*"],
+      "tags": ["malware"]
+    }
+  ]
+})";
+
+constexpr char kScanForDlp[] = R"(
+{
+  "service_provider": "google",
+  "enable": [
+    {
+      "url_list": ["*"],
+      "tags": ["dlp"]
+    }
+  ]
+})";
+
+constexpr char kNoScan[] = R"({"service_provider": "google"})";
+
 const std::set<std::string>* ExeMimeTypes() {
   static std::set<std::string> set = {"application/x-msdownload",
                                       "application/x-ms-dos-executable",
@@ -236,8 +271,8 @@ class DeepScanningRequestTest : public testing::Test {
 };
 
 TEST_F(DeepScanningRequestTest, ChecksFeatureFlags) {
-  SetDlpPolicyForConnectors(CHECK_UPLOADS_AND_DOWNLOADS);
-  SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                       kScanForDlpAndMalware);
 
   // Try each request with settings indicating both DLP and Malware requests
   // should be sent to show features work correctly.
@@ -287,8 +322,8 @@ TEST_F(DeepScanningRequestTest, GeneratesCorrectRequestFromPolicy) {
   EnableAllFeatures();
 
   {
-    SetDlpPolicyForConnectors(CHECK_UPLOADS_AND_DOWNLOADS);
-    SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                         kScanForDlpAndMalware);
     DeepScanningRequest request(
         &item_, DeepScanningRequest::DeepScanTrigger::TRIGGER_POLICY,
         base::DoNothing(), &download_protection_service_, settings().value());
@@ -311,8 +346,8 @@ TEST_F(DeepScanningRequestTest, GeneratesCorrectRequestFromPolicy) {
   }
 
   {
-    SetDlpPolicyForConnectors(CHECK_NONE);
-    SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                         kScanForMalware);
     DeepScanningRequest request(
         &item_, DeepScanningRequest::DeepScanTrigger::TRIGGER_POLICY,
         base::DoNothing(), &download_protection_service_, settings().value());
@@ -327,12 +362,7 @@ TEST_F(DeepScanningRequestTest, GeneratesCorrectRequestFromPolicy) {
   }
 
   {
-    SetDlpPolicyForConnectors(CHECK_UPLOADS_AND_DOWNLOADS);
-    // The Connector policies need at least 1 pattern to be enabled, so adding
-    // this pattern is necessary to have equivalent behaviour.
-    AddUrlToListForConnectors(prefs::kURLsToCheckComplianceOfDownloadedContent,
-                              tab_url_.host());
-    SetMalwarePolicyForConnectors(DO_NOT_SCAN);
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, kScanForDlp);
     DeepScanningRequest request(
         &item_, DeepScanningRequest::DeepScanTrigger::TRIGGER_POLICY,
         base::DoNothing(), &download_protection_service_, settings().value());
@@ -346,8 +376,7 @@ TEST_F(DeepScanningRequestTest, GeneratesCorrectRequestFromPolicy) {
   }
 
   {
-    SetDlpPolicyForConnectors(CHECK_NONE);
-    SetMalwarePolicyForConnectors(DO_NOT_SCAN);
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, kNoScan);
     EXPECT_FALSE(settings().has_value());
     DeepScanningRequest request(
         &item_, DeepScanningRequest::DeepScanTrigger::TRIGGER_POLICY,
@@ -434,12 +463,8 @@ class DeepScanningReportingTest : public DeepScanningRequestTest {
 };
 
 TEST_F(DeepScanningReportingTest, ProcessesResponseCorrectly) {
-  SetDlpPolicyForConnectors(CHECK_UPLOADS_AND_DOWNLOADS);
-  // The Connector policies need at least 1 pattern to be enabled, so adding
-  // this pattern is necessary to have equivalent behaviour.
-  AddUrlToListForConnectors(prefs::kURLsToCheckComplianceOfDownloadedContent,
-                            tab_url_.host());
-  SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                       kScanForDlpAndMalware);
 
   {
     DeepScanningRequest request(
@@ -870,8 +895,7 @@ TEST_P(DeepScanningDownloadRestrictionsTest, GeneratesCorrectReport) {
 TEST_F(DeepScanningRequestTest, ShouldUploadBinary_MalwareListPolicy) {
   SetFeatures(/*enabled*/ {enterprise_connectors::kEnterpriseConnectorsEnabled},
               /*disabled*/ {});
-  SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
-  ClearUrlsToCheckComplianceOfDownloadsForConnectors();
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, kScanForMalware);
 
   content::DownloadItemUtils::AttachInfo(&item_, profile_, nullptr);
   EXPECT_CALL(item_, GetURL()).WillRepeatedly(ReturnRef(download_url_));
@@ -886,14 +910,24 @@ TEST_F(DeepScanningRequestTest, ShouldUploadBinary_MalwareListPolicy) {
 
   // With the new malware policy list set, the item should not be uploaded since
   // DeepScanningRequest honours that policy.
-  AddUrlToListForConnectors(prefs::kURLsToNotCheckForMalwareOfDownloadedContent,
-                            download_url_.host());
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                       base::StringPrintf(
+                           R"({
+                            "service_provider": "google",
+                            "enable": [
+                              {"url_list": ["*"], "tags": ["malware"]}
+                            ],
+                            "disable": [
+                              {"url_list": ["%s"], "tags": ["malware"]}
+                            ]
+                          })",
+                           download_url_.host().c_str()));
   EXPECT_FALSE(settings().has_value());
 }
 
 TEST_F(DeepScanningRequestTest, PopulatesRequest) {
-  SetDlpPolicyForConnectors(CHECK_UPLOADS_AND_DOWNLOADS);
-  SetMalwarePolicyForConnectors(SEND_UPLOADS_AND_DOWNLOADS);
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                       kScanForDlpAndMalware);
 
   EnableAllFeatures();
   DeepScanningRequest request(

chrome/browser/safe_browsing/download_protection/download_protection_service_unittest.cc

@@ -606,31 +606,6 @@ class DownloadProtectionServiceTestBase
     update.Get()->AppendString(domain);
   }
 
-  void SetPasswordProtectedAllowedPref(
-      AllowPasswordProtectedFilesValues value) {
-    SetAllowPasswordProtectedFilesPolicyForConnectors(value);
-  }
-
-  void SetBlockLargeFilesPref(BlockLargeFileTransferValues value) {
-    SetBlockLargeFileTransferPolicyForConnectors(value);
-  }
-
-  void SetBlockUnsupportedFiletypePref(BlockUnsupportedFiletypesValues value) {
-    SetBlockUnsupportedFileTypesPolicyForConnectors(value);
-  }
-
-  void SetSendFilesForMalwareCheckPref(SendFilesForMalwareCheckValues value) {
-    SetMalwarePolicyForConnectors(value);
-  }
-
-  void SetCheckContentCompliancePref(CheckContentComplianceValues value) {
-    SetDlpPolicyForConnectors(value);
-  }
-
-  void SetUrlToCheckContentCompliance(const std::string& url_pattern) {
-    AddUrlsToCheckComplianceOfDownloadsForConnectors({url_pattern});
-  }
-
   // Helper function to simulate a user gesture, then a link click.
   // The usual NavigateAndCommit is unsuitable because it creates
   // browser-initiated navigations, causing us to drop the referrer.
@@ -3036,10 +3011,15 @@ TEST_P(DeepScanningDownloadTest, PasswordProtectedArchivesBlockedByPreference) {
       BinaryUploadService::Result::FILE_ENCRYPTED,
       enterprise_connectors::ContentAnalysisResponse());
 
-  for (AllowPasswordProtectedFilesValues pref : {ALLOW_NONE, ALLOW_UPLOADS}) {
-    SetSendFilesForMalwareCheckPref(
-        SendFilesForMalwareCheckValues::SEND_DOWNLOADS);
-    SetPasswordProtectedAllowedPref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["*"], "tags": ["malware"]}
+                           ],
+                           "block_password_protected": true
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3052,9 +3032,15 @@ TEST_P(DeepScanningDownloadTest, PasswordProtectedArchivesBlockedByPreference) {
     EXPECT_TRUE(HasClientDownloadRequest());
   }
 
-  for (AllowPasswordProtectedFilesValues pref :
-       {ALLOW_DOWNLOADS, ALLOW_UPLOADS_AND_DOWNLOADS}) {
-    SetPasswordProtectedAllowedPref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["*"], "tags": ["malware"]}
+                           ],
+                           "block_password_protected": false
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3098,11 +3084,15 @@ TEST_P(DeepScanningDownloadTest, LargeFileBlockedByPreference) {
       BinaryUploadService::Result::FILE_TOO_LARGE,
       enterprise_connectors::ContentAnalysisResponse());
 
-  for (BlockLargeFileTransferValues pref :
-       {BLOCK_LARGE_DOWNLOADS, BLOCK_LARGE_UPLOADS_AND_DOWNLOADS}) {
-    SetSendFilesForMalwareCheckPref(
-        SendFilesForMalwareCheckValues::SEND_DOWNLOADS);
-    SetBlockLargeFilesPref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["*"], "tags": ["malware"]}
+                           ],
+                           "block_large_files": true
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3115,8 +3105,15 @@ TEST_P(DeepScanningDownloadTest, LargeFileBlockedByPreference) {
     EXPECT_TRUE(HasClientDownloadRequest());
   }
 
-  for (BlockLargeFileTransferValues pref : {BLOCK_NONE, BLOCK_LARGE_UPLOADS}) {
-    SetBlockLargeFilesPref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["*"], "tags": ["malware"]}
+                           ],
+                           "block_large_files": false
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3161,19 +3158,21 @@ TEST_P(DeepScanningDownloadTest, UnsupportedFiletypeBlockedByPreference) {
               MatchDownloadWhitelistUrl(_))
       .WillRepeatedly(Return(false));
   EXPECT_CALL(*binary_feature_extractor_.get(), CheckSignature(tmp_path_, _))
-      .Times(4);
+      .Times(2);
   EXPECT_CALL(*binary_feature_extractor_.get(),
               ExtractImageFeatures(
                   tmp_path_, BinaryFeatureExtractor::kDefaultOptions, _, _))
-      .Times(4);
-
-  SetCheckContentCompliancePref(CheckContentComplianceValues::CHECK_DOWNLOADS);
-  SetUrlToCheckContentCompliance("www.evil.com");
+      .Times(2);
 
-  for (BlockUnsupportedFiletypesValues pref :
-       {BLOCK_UNSUPPORTED_FILETYPES_DOWNLOADS,
-        BLOCK_UNSUPPORTED_FILETYPES_UPLOADS_AND_DOWNLOADS}) {
-    SetBlockUnsupportedFiletypePref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["evil.com"], "tags": ["dlp"]}
+                           ],
+                           "block_unsupported_file_types": true
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3186,10 +3185,15 @@ TEST_P(DeepScanningDownloadTest, UnsupportedFiletypeBlockedByPreference) {
     EXPECT_TRUE(HasClientDownloadRequest());
   }
 
-  for (BlockUnsupportedFiletypesValues pref :
-       {BLOCK_UNSUPPORTED_FILETYPES_NONE,
-        BLOCK_UNSUPPORTED_FILETYPES_UPLOADS}) {
-    SetBlockUnsupportedFiletypePref(pref);
+  {
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["evil.com"], "tags": ["dlp"]}
+                           ],
+                           "block_unsupported_file_types": false
+                         })");
     PrepareResponse(ClientDownloadResponse::SAFE, net::HTTP_OK, net::OK);
 
     RunLoop run_loop;
@@ -3886,8 +3890,16 @@ TEST_P(DeepScanningDownloadTest, PolicyEnabled) {
               ExtractImageFeatures(
                   tmp_path_, BinaryFeatureExtractor::kDefaultOptions, _, _));
 
-  SetSendFilesForMalwareCheckPref(
-      SendFilesForMalwareCheckValues::SEND_DOWNLOADS);
+  SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED,
+                       R"({
+                            "service_provider": "google",
+                            "enable": [
+                              {
+                                "url_list": ["*"],
+                                "tags": ["malware"]
+                              }
+                            ]
+                          })");
 
   TestBinaryUploadService* test_upload_service =
       static_cast<TestBinaryUploadService*>(
@@ -3933,7 +3945,7 @@ TEST_P(DeepScanningDownloadTest, PolicyDisabled) {
               ExtractImageFeatures(
                   tmp_path_, BinaryFeatureExtractor::kDefaultOptions, _, _));
 
-  SetSendFilesForMalwareCheckPref(SendFilesForMalwareCheckValues::DO_NOT_SCAN);
+  ClearAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED);
 
   TestBinaryUploadService* test_upload_service =
       static_cast<TestBinaryUploadService*>(
@@ -3980,11 +3992,15 @@ TEST_P(DeepScanningDownloadTest, SafeVerdictPrecedence) {
                 ExtractImageFeatures(
                     tmp_path_, BinaryFeatureExtractor::kDefaultOptions, _, _));
 
-    SetSendFilesForMalwareCheckPref(
-        SendFilesForMalwareCheckValues::SEND_DOWNLOADS);
-    SetCheckContentCompliancePref(
-        CheckContentComplianceValues::CHECK_DOWNLOADS);
-    SetUrlToCheckContentCompliance("evil.com");
+    SetAnalysisConnector(enterprise_connectors::FILE_DOWNLOADED, R"(
+                         {
+                           "service_provider": "google",
+                           "enable": [
+                             {"url_list": ["*"], "tags": ["malware"]},
+                             {"url_list": ["evil.com"], "tags": ["dlp"]}
+                           ],
+                           "block_password_protected": true
+                         })");
 
     TestBinaryUploadService* test_upload_service =
         static_cast<TestBinaryUploadService*>(