Report bypasses of DLP warnings

We currently only report DLP bypasses if they are opened within Chrome
(by clicking on the download shelf item, or selecting "Open" from the
download item dropdown, for example). We should be reporting any time
a user recovers a file that showed a DLP warning. This CL adds code
to do that.

Bug: 1046527
Change-Id: I2ecf6704d4040ee3bdb39d8e40b49f021eb0ddb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2025931Reviewed-by: Xinghui Lu <xinghuilu@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#736508}

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc

@@ -442,6 +442,7 @@ void SafeBrowsingPrivateEventRouter::OnSensitiveDataEvent(
             if (content_size >= 0)
               event.SetIntKey(kKeyContentSize, content_size);
             event.SetStringKey(kKeyTrigger, trigger);
+            event.SetBoolKey(kKeyClickedThrough, false);
 
             base::ListValue triggered_rule_info;
             for (const auto& rule : verdict.triggered_rules()) {
@@ -480,6 +481,44 @@ void SafeBrowsingPrivateEventRouter::OnSensitiveDataEvent(
           GetProfileUserName(), mime_type, trigger, content_size));
 }
 
+void SafeBrowsingPrivateEventRouter::OnSensitiveDataWarningBypassed(
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    const int64_t content_size) {
+  if (!IsRealtimeReportingEnabled())
+    return;
+
+  ReportRealtimeEvent(
+      kKeySensitiveDataEvent,
+      base::BindOnce(
+          [](const std::string& url, const std::string& file_name,
+             const std::string& download_digest_sha256,
+             const std::string& profile_user_name, const std::string& mime_type,
+             const std::string& trigger, const int64_t content_size) {
+            // Create a real-time event dictionary from the arguments and
+            // report it.
+            base::Value event(base::Value::Type::DICTIONARY);
+            event.SetStringKey(kKeyUrl, url);
+            event.SetStringKey(kKeyFileName, file_name);
+            event.SetStringKey(kKeyDownloadDigestSha256,
+                               download_digest_sha256);
+            event.SetStringKey(kKeyProfileUserName, profile_user_name);
+            event.SetStringKey(kKeyContentType, mime_type);
+            // |content_size| can be set to -1 to indicate an unknown size, in
+            // which case the field is not set.
+            if (content_size >= 0)
+              event.SetIntKey(kKeyContentSize, content_size);
+            event.SetStringKey(kKeyTrigger, trigger);
+            event.SetBoolKey(kKeyClickedThrough, true);
+            return event;
+          },
+          url.spec(), file_name, download_digest_sha256, GetProfileUserName(),
+          mime_type, trigger, content_size));
+}
+
 void SafeBrowsingPrivateEventRouter::OnUnscannedFileEvent(
     const GURL& url,
     const std::string& file_name,

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h

@@ -145,6 +145,14 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
       const std::string& trigger,
       const int64_t content_size);
 
+  // Notifies listeners that scanning for sensitive data detected a violation.
+  void OnSensitiveDataWarningBypassed(const GURL& url,
+                                      const std::string& file_name,
+                                      const std::string& download_digest_sha256,
+                                      const std::string& mime_type,
+                                      const std::string& trigger,
+                                      const int64_t content_size);
+
   // Notifies listeners that deep scanning failed, for the given |reason|.
   void OnUnscannedFileEvent(const GURL& url,
                             const std::string& file_name,

chrome/browser/safe_browsing/download_protection/download_reporter.cc

@@ -84,6 +84,22 @@ void ReportDangerousDownloadWarningBypassed(
   }
 }
 
+void ReportSensitiveDataWarningBypassed(download::DownloadItem* download) {
+  content::BrowserContext* browser_context =
+      content::DownloadItemUtils::GetBrowserContext(download);
+  Profile* profile = Profile::FromBrowserContext(browser_context);
+  if (profile) {
+    std::string raw_digest_sha256 = download->GetHash();
+    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
+        ->OnSensitiveDataWarningBypassed(
+            download->GetURL(), download->GetTargetFilePath().AsUTF8Unsafe(),
+            base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
+            download->GetMimeType(),
+            extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            download->GetTotalBytes());
+  }
+}
+
 }  // namespace
 
 DownloadReporter::DownloadReporter() {
@@ -144,6 +160,12 @@ void DownloadReporter::OnDownloadUpdated(download::DownloadItem* download) {
     ReportDangerousDownloadWarningBypassed(download, old_danger_type);
   }
 
+  if (old_danger_type ==
+          download::DOWNLOAD_DANGER_TYPE_SENSITIVE_CONTENT_WARNING &&
+      current_danger_type == download::DOWNLOAD_DANGER_TYPE_USER_VALIDATED) {
+    ReportSensitiveDataWarningBypassed(download);
+  }
+
   danger_types_[download] = current_danger_type;
 }