Update SafeBrowsingPrivateEventRouter for enterprise connectors.

1/ Pipes the access point to the router which will be needed eventually for event cleanup 2/ Removes dependency of the router on the protos directly 3/ Adds overloads for the MaybeReortXXX and ReportXXXBypass functions to accept the new protos. Bug: 1069068, 1069062 Change-Id: I0fc5e734a665ef88552aebabe5d63f1bb90bb0f5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2229600Reviewed-by: Daniel Rubery <drubery@chromium.org> Reviewed-by: Dominique Fauteux-Chapleau <domfc@chromium.org> Commit-Queue: Roger Tawa <rogerta@chromium.org> Cr-Commit-Position: refs/heads/master@{#779870}

Update SafeBrowsingPrivateEventRouter for enterprise connectors.
1/ Pipes the access point to the router which will be needed eventually for event cleanup 2/ Removes dependency of the router on the protos directly 3/ Adds overloads for the MaybeReortXXX and ReportXXXBypass functions to accept the new protos. Bug: 1069068, 1069062 Change-Id: I0fc5e734a665ef88552aebabe5d63f1bb90bb0f5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2229600Reviewed-by: Daniel Rubery <drubery@chromium.org> Reviewed-by: Dominique Fauteux-Chapleau <domfc@chromium.org> Commit-Queue: Roger Tawa <rogerta@chromium.org> Cr-Commit-Position: refs/heads/master@{#779870}
c2018705 · Roger Tawa · Commit Bot · a2d52b74 · c2018705 · c2018705
Commit c2018705 authored Jun 18, 2020 by Roger Tawa Committed by Commit Bot Jun 18, 2020
12 changed files
--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc
--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h
@@ -36,7 +36,8 @@ class DeviceManagementService;
 namespace safe_browsing {
 class BinaryUploadService;
-class DlpDeepScanningVerdict;
+enum class DeepScanAccessPoint;
+struct ContentAnalysisScanResult;
 }
 #if defined(OS_CHROMEOS)
@@ -70,13 +71,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
  static const char kKeyClickedThrough[];
  static const char kKeyTriggeredRuleId[];
  static const char kKeyTriggeredRuleName[];
-  static const char kKeyTriggeredRuleResourceName[];
-  static const char kKeyTriggeredRuleSeverity[];
  static const char kKeyTriggeredRuleAction[];
-  static const char kKeyMatchedDetectors[];
-  static const char kKeyMatchedDetectorId[];
-  static const char kKeyMatchedDetectorName[];
-  static const char kKeyMatchedDetectorType[];
  static const char kKeyTriggeredRuleInfo[];
  static const char kKeyThreatType[];
  static const char kKeyContentType[];
@@ -91,7 +86,8 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
  static const char kKeyUnscannedFileEvent[];
  static const char kKeyUnscannedReason[];
-  // String constants for the "trigger" event field.
+  // String constants for the "trigger" event field.  This corresponds to
+  // an enterprise connector.
  static const char kTriggerFileDownload[];
  static const char kTriggerFileUpload[];
  static const char kTriggerWebContentUpload[];
@@ -126,33 +122,26 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
                                       const std::string& reason,
                                       int net_error_code);
-  // Notifies listeners that deep scanning detected a dangerous download.
+  // Notifies listeners that the analysis connector detected a violation.
-  void OnDangerousDeepScanningResult(const GURL& url,
+  void OnAnalysisConnectorResult(
-                                     const std::string& file_name,
-                                     const std::string& download_digest_sha256,
-                                     const std::string& threat_type,
-                                     const std::string& mime_type,
-                                     const std::string& trigger,
-                                     const int64_t content_size);
-  // Notifies listeners that scanning for sensitive data detected a violation.
-  void OnSensitiveDataEvent(
-      const safe_browsing::DlpDeepScanningVerdict& verdict,
      const GURL& url,
      const std::string& file_name,
      const std::string& download_digest_sha256,
      const std::string& mime_type,
      const std::string& trigger,
+      safe_browsing::DeepScanAccessPoint access_point,
+      const safe_browsing::ContentAnalysisScanResult& result,
      const int64_t content_size);
-  // Notifies listeners that scanning for sensitive data detected a violation.
+  // Notifies listeners that an analysis connector violation was bypassed.
-  void OnSensitiveDataWarningBypassed(
+  void OnAnalysisConnectorWarningBypassed(
-      const safe_browsing::DlpDeepScanningVerdict& verdict,
      const GURL& url,
      const std::string& file_name,
      const std::string& download_digest_sha256,
      const std::string& mime_type,
      const std::string& trigger,
+      safe_browsing::DeepScanAccessPoint access_point,
+      const safe_browsing::ContentAnalysisScanResult& result,
      const int64_t content_size);
  // Notifies listeners that deep scanning failed, for the given |reason|.
@@ -161,6 +150,7 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
                            const std::string& download_digest_sha256,
                            const std::string& mime_type,
                            const std::string& trigger,
+                            safe_browsing::DeepScanAccessPoint access_point,
                            const std::string& reason,
                            const int64_t content_size);
@@ -257,6 +247,25 @@ class SafeBrowsingPrivateEventRouter : public KeyedService {
  // an empty string if the profile is not signed in.
  std::string GetProfileUserName() const;
+  // Notifies listeners that deep scanning detected a dangerous download.
+  void OnDangerousDeepScanningResult(const GURL& url,
+                                     const std::string& file_name,
+                                     const std::string& download_digest_sha256,
+                                     const std::string& threat_type,
+                                     const std::string& mime_type,
+                                     const std::string& trigger,
+                                     const int64_t content_size);
+  // Notifies listeners that the analysis connector detected a violation.
+  void OnSensitiveDataEvent(
+      const GURL& url,
+      const std::string& file_name,
+      const std::string& download_digest_sha256,
+      const std::string& mime_type,
+      const std::string& trigger,
+      const safe_browsing::ContentAnalysisScanResult& result,
+      const int64_t content_size);
  content::BrowserContext* context_;
  signin::IdentityManager* identity_manager_ = nullptr;
  EventRouter* event_router_ = nullptr;

--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc
@@ -18,6 +18,7 @@
 #include "chrome/browser/enterprise/connectors/common.h"
 #include "chrome/browser/enterprise/connectors/connectors_manager.h"
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/api/safe_browsing_private.h"
 #include "chrome/test/base/testing_browser_process.h"
@@ -46,6 +47,7 @@
 using ::testing::_;
 using ::testing::Mock;
+using ::testing::Return;
 using ::testing::SaveArg;
 namespace extensions {
@@ -187,41 +189,31 @@ class SafeBrowsingPrivateEventRouterTest : public testing::Test {
  }
  void TriggerOnSensitiveDataEvent() {
-    safe_browsing::DlpDeepScanningVerdict verdict;
+    safe_browsing::ContentAnalysisScanResult result;
-    verdict.set_status(safe_browsing::DlpDeepScanningVerdict::SUCCESS);
+    result.tag = "dlp";
-    safe_browsing::DlpDeepScanningVerdict::TriggeredRule* rule =
+    result.status = 1;
-        verdict.add_triggered_rules();
+    safe_browsing::ContentAnalysisTrigger trigger;
-    rule->set_action(
+    trigger.action = 3;
-        safe_browsing::DlpDeepScanningVerdict::TriggeredRule::BLOCK);
+    trigger.name = "fake rule";
-    rule->set_rule_name("fake rule");
+    trigger.id = "12345";
-    rule->set_rule_id(12345);
+    result.triggers.push_back(std::move(trigger));
-    rule->set_rule_resource_name("fake resource name");
-    rule->set_rule_severity("fake severity");
-    safe_browsing::DlpDeepScanningVerdict::MatchedDetector* detector =
-        rule->add_matched_detectors();
-    detector->set_detector_id("fake id");
-    detector->set_display_name("fake name");
-    detector->set_detector_type("fake type");
-    detector = rule->add_matched_detectors();
-    detector->set_detector_id("fake id2");
-    detector->set_display_name("fake name2");
-    detector->set_detector_type("fake type2");
    SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->OnSensitiveDataEvent(verdict,
+        ->OnAnalysisConnectorResult(
-                               GURL("https://evil.com/sensitive_data.txt"),
+            GURL("https://evil.com/sensitive_data.txt"), "sensitive_data.txt",
-                               "sensitive_data.txt", "sha256_of_data",
+            "sha256_of_data", "text/plain",
-                               "text/plain", "FILE_UPLOAD", 12345);
+            SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
+            safe_browsing::DeepScanAccessPoint::UPLOAD, result, 12345);
  }
  void TriggerOnUnscannedFileEvent() {
    SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->OnUnscannedFileEvent(GURL("https://evil.com/sensitive_data.txt"),
+        ->OnUnscannedFileEvent(
-                               "sensitive_data.txt", "sha256_of_data",
+            GURL("https://evil.com/sensitive_data.txt"), "sensitive_data.txt",
-                               "text/plain", "FILE_DOWNLOAD",
+            "sha256_of_data", "text/plain",
-                               "filePasswordProtected", 12345);
+            SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            safe_browsing::DeepScanAccessPoint::DOWNLOAD,
+            "filePasswordProtected", 12345);
  }
  void SetReportingPolicy(bool enabled) {
@@ -726,7 +718,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnSensitiveDataEvent) {
  EXPECT_EQ(
      "sensitive_data.txt",
      *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyFileName));
-  EXPECT_EQ("FILE_UPLOAD",
+  EXPECT_EQ(SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
            *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyTrigger));
  base::Value* triggered_rule_info =
@@ -741,27 +733,6 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnSensitiveDataEvent) {
  EXPECT_EQ("fake rule",
            *triggered_rule.FindStringKey(
                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleName));
-  EXPECT_EQ("fake resource name",
-            *triggered_rule.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleResourceName));
-  EXPECT_EQ("fake severity",
-            *triggered_rule.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleSeverity));
-  base::Value* matched_detectors = triggered_rule.FindKey(
-      SafeBrowsingPrivateEventRouter::kKeyMatchedDetectors);
-  ASSERT_NE(nullptr, matched_detectors);
-  ASSERT_EQ(2u, matched_detectors->GetList().size());
-  base::Value detector = std::move(matched_detectors->GetList()[0]);
-  EXPECT_EQ("fake id",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorId));
-  EXPECT_EQ("fake type",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorType));
-  EXPECT_EQ("fake name",
-            *detector.FindStringKey(
-                SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorName));
 }
 TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
@@ -798,7 +769,7 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestOnUnscannedFileEvent) {
  EXPECT_EQ(
      "sensitive_data.txt",
      *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyFileName));
-  EXPECT_EQ("FILE_DOWNLOAD",
+  EXPECT_EQ(SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
            *event->FindStringKey(SafeBrowsingPrivateEventRouter::kKeyTrigger));
  EXPECT_EQ("filePasswordProtected",
            *event->FindStringKey(
@@ -816,6 +787,8 @@ TEST_F(SafeBrowsingPrivateEventRouterTest, TestProfileUsername) {
      ->SetIdentityManagerForTesting(
          identity_test_environment.identity_manager());
+  EXPECT_CALL(*client_, UploadRealtimeReport_(_, _)).WillRepeatedly(Return());
  // With no primary account, we should not set the username.
  TriggerOnSecurityInterstitialShownEvent();
  base::RunLoop().RunUntilIdle();

--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate.cc
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate.cc
@@ -196,12 +196,12 @@ void DeepScanningDialogDelegate::BypassWarnings() {
    for (const base::string16& entry : data_.text)
      content_size += (entry.size() * sizeof(base::char16));
-    ReportSensitiveDataWarningBypass(
+    ReportAnalysisConnectorWarningBypass(
        Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
        web_contents_->GetLastCommittedURL(), "Text data", std::string(),
        "text/plain",
        extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-        content_size, text_response_.dlp_scan_verdict());
+        access_point_, content_size, text_response_.dlp_scan_verdict());
  }
  // Mark every "warning" file as complying and report a warning bypass.
@@ -209,12 +209,13 @@ void DeepScanningDialogDelegate::BypassWarnings() {
    size_t index = warning.first;
    result_.paths_results[index] = true;
-    ReportSensitiveDataWarningBypass(
+    ReportAnalysisConnectorWarningBypass(
        Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
        web_contents_->GetLastCommittedURL(), data_.paths[index].AsUTF8Unsafe(),
        file_info_[index].sha256, file_info_[index].mime_type,
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-        file_info_[index].size, warning.second.dlp_scan_verdict());
+        access_point_, file_info_[index].size,
+        warning.second.dlp_scan_verdict());
  }
  RunCallback();
@@ -426,7 +427,7 @@ void DeepScanningDialogDelegate::StringRequestCallback(
      web_contents_->GetLastCommittedURL(), "Text data", std::string(),
      "text/plain",
      extensions::SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      content_size, result, response);
+      access_point_, content_size, result, response);
  text_request_complete_ = true;
  bool text_complies = ResultShouldAllowDataUse(result, data_.settings) &&
@@ -459,7 +460,7 @@ void DeepScanningDialogDelegate::CompleteFileRequestCallback(
      web_contents_->GetLastCommittedURL(), path.AsUTF8Unsafe(),
      file_info_[index].sha256, mime_type,
      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      file_info_[index].size, result, response);
+      access_point_, file_info_[index].size, result, response);
  bool dlp_ok = DlpVerdictAllowsDataUse(response.dlp_scan_verdict());
  bool malware_ok = true;

--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate_browsertest.cc
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_dialog_delegate_browsertest.cc
@@ -408,7 +408,7 @@ IN_PROC_BROWSER_TEST_P(DeepScanningDialogDelegateSimpleBrowserTest, Texts) {
      // The hash should not be included for string requests.
      /*sha*/ "",
      /*trigger*/ SafeBrowsingPrivateEventRouter::kTriggerWebContentUpload,
-      /*dlp_verdict*/ response.dlp_scan_verdict(),
+      /*dlp_verdict*/ SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
      /*mimetype*/ TextMimeTypes(),
      /*size*/ 20);
@@ -822,7 +822,7 @@ IN_PROC_BROWSER_TEST_P(DeepScanningDialogDelegateDelayDeliveryUntilVerdictTest,
      /*threat_type*/ "DANGEROUS",
      /*trigger*/
      extensions::SafeBrowsingPrivateEventRouter::kTriggerFileUpload,
-      /*dlp_verdict*/ response.dlp_scan_verdict(),
+      /*dlp_verdict*/ SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
      /*mimetypes*/ DocMimeTypes(),
      /*size*/ std::string("foo content").size());

--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.cc
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.cc
@@ -4,6 +4,7 @@
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/enterprise/connectors/common.h"
@@ -186,7 +187,7 @@ void EventReportValidator::ExpectSensitiveDataEvent(
    const std::string& expected_filename,
    const std::string& expected_sha256,
    const std::string& expected_trigger,
-    const DlpDeepScanningVerdict& expected_dlp_verdict,
+    const ContentAnalysisScanResult& expected_dlp_verdict,
    const std::set<std::string>* expected_mimetypes,
    int expected_content_size) {
  event_key_ = SafeBrowsingPrivateEventRouter::kKeySensitiveDataEvent;
@@ -214,7 +215,7 @@ void EventReportValidator::
        const std::string& expected_sha256,
        const std::string& expected_threat_type,
        const std::string& expected_trigger,
-        const DlpDeepScanningVerdict& expected_dlp_verdict,
+        const ContentAnalysisScanResult& expected_dlp_verdict,
        const std::set<std::string>* expected_mimetypes,
        int expected_content_size) {
  event_key_ = SafeBrowsingPrivateEventRouter::kKeyDangerousDownloadEvent;
@@ -271,7 +272,6 @@ void EventReportValidator::ValidateReport(base::Value* report) {
                content_size_);
  ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyThreatType,
                threat_type_);
-  ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyReason, reason_);
  ValidateField(event, SafeBrowsingPrivateEventRouter::kKeyUnscannedReason,
                unscanned_reason_);
  ValidateMimeType(event);
@@ -298,54 +298,26 @@ void EventReportValidator::ValidateDlpVerdict(base::Value* value) {
  ASSERT_NE(nullptr, triggered_rules);
  ASSERT_EQ(base::Value::Type::LIST, triggered_rules->type());
  base::Value::ListView rules_list = triggered_rules->GetList();
-  int rules_size = rules_list.size();
+  size_t rules_size = rules_list.size();
-  ASSERT_EQ(rules_size, dlp_verdict_.value().triggered_rules_size());
+  ASSERT_EQ(rules_size, dlp_verdict_.value().triggers.size());
-  for (int i = 0; i < rules_size; ++i) {
+  for (size_t i = 0; i < rules_size; ++i) {
    base::Value* rule = &rules_list[i];
    ASSERT_EQ(base::Value::Type::DICTIONARY, rule->type());
-    ValidateDlpRule(rule, dlp_verdict_.value().triggered_rules(i));
+    ValidateDlpRule(rule, dlp_verdict_.value().triggers[i]);
  }
 }
 void EventReportValidator::ValidateDlpRule(
    base::Value* value,
-    const DlpDeepScanningVerdict::TriggeredRule& expected_rule) {
+    const ContentAnalysisTrigger& expected_rule) {
  ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleAction,
-                base::Optional<int>(expected_rule.action()));
+                base::Optional<int>(expected_rule.action));
  ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleName,
-                expected_rule.rule_name());
+                expected_rule.name);
+  int64_t rule_id;
+  ASSERT_TRUE(base::StringToInt64(expected_rule.id, &rule_id));
  ValidateField(value, SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleId,
-                base::Optional<int>(expected_rule.rule_id()));
+                base::Optional<int>(rule_id));
-  ValidateField(value,
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleSeverity,
-                expected_rule.rule_severity());
-  ValidateField(value,
-                SafeBrowsingPrivateEventRouter::kKeyTriggeredRuleResourceName,
-                expected_rule.rule_resource_name());
-  base::Value* matched_detectors =
-      value->FindListKey(SafeBrowsingPrivateEventRouter::kKeyMatchedDetectors);
-  ASSERT_NE(nullptr, matched_detectors);
-  ASSERT_EQ(base::Value::Type::LIST, matched_detectors->type());
-  base::Value::ListView detectors_list = matched_detectors->GetList();
-  int detectors_size = detectors_list.size();
-  ASSERT_EQ(detectors_size, expected_rule.matched_detectors_size());
-  for (int j = 0; j < detectors_size; ++j) {
-    base::Value* detector = &detectors_list[j];
-    ASSERT_EQ(base::Value::Type::DICTIONARY, detector->type());
-    const DlpDeepScanningVerdict::MatchedDetector& expected_detector =
-        expected_rule.matched_detectors(j);
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorId,
-                  expected_detector.detector_id());
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorName,
-                  expected_detector.display_name());
-    ValidateField(detector,
-                  SafeBrowsingPrivateEventRouter::kKeyMatchedDetectorType,
-                  expected_detector.detector_type());
-  }
 }
 void EventReportValidator::ValidateField(

--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h
@@ -10,8 +10,8 @@
 #include "base/callback.h"
 #include "base/optional.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
-#include "components/safe_browsing/core/proto/webprotect.pb.h"
 namespace base {
 class Value;
@@ -47,7 +47,7 @@ class EventReportValidator {
      const std::string& expected_filename,
      const std::string& expected_sha256,
      const std::string& expected_trigger,
-      const DlpDeepScanningVerdict& expected_dlp_verdict,
+      const ContentAnalysisScanResult& expected_dlp_verdict,
      const std::set<std::string>* expected_mimetypes,
      int expected_content_size);
@@ -57,7 +57,7 @@ class EventReportValidator {
      const std::string& expected_sha256,
      const std::string& expected_threat_type,
      const std::string& expected_trigger,
-      const DlpDeepScanningVerdict& expected_dlp_verdict,
+      const ContentAnalysisScanResult& expected_dlp_verdict,
      const std::set<std::string>* expected_mimetypes,
      int expected_content_size);
@@ -76,9 +76,8 @@ class EventReportValidator {
  void ValidateReport(base::Value* report);
  void ValidateMimeType(base::Value* value);
  void ValidateDlpVerdict(base::Value* value);
-  void ValidateDlpRule(
+  void ValidateDlpRule(base::Value* value,
-      base::Value* value,
+                       const ContentAnalysisTrigger& expected_rule);
-      const DlpDeepScanningVerdict::TriggeredRule& expected_rule);
  void ValidateField(base::Value* value,
                     const std::string& field_key,
                     const base::Optional<std::string>& expected_value);
@@ -96,9 +95,8 @@ class EventReportValidator {
  std::string filename_;
  std::string sha256_;
  std::string trigger_;
-  base::Optional<DlpDeepScanningVerdict> dlp_verdict_ = base::nullopt;
+  base::Optional<ContentAnalysisScanResult> dlp_verdict_ = base::nullopt;
  base::Optional<std::string> threat_type_ = base::nullopt;
-  base::Optional<std::string> reason_ = base::nullopt;
  base::Optional<std::string> unscanned_reason_ = base::nullopt;
  base::Optional<bool> clicked_through_ = base::nullopt;
  base::Optional<int> content_size_ = base::nullopt;

--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.cc
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.cc
--- a/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h
@@ -6,39 +6,51 @@
 #define CHROME_BROWSER_SAFE_BROWSING_CLOUD_CONTENT_SCANNING_DEEP_SCANNING_UTILS_H_
 #include <string>
+#include <vector>
 #include "base/time/time.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.h"
+#include "components/enterprise/common/proto/connectors.pb.h"
+#include "components/safe_browsing/core/proto/webprotect.pb.h"
 #include "url/gurl.h"
 class Profile;
+namespace enterprise_connectors {
+class ContentAnalysisResponse;
+}  // namespace enterprise_connectors
 namespace safe_browsing {
-// Helper function to examine a DeepScanningClientResponse and report the
-// appropriate events to the enterprise admin. |download_digest_sha256| must be
-// encoded using base::HexEncode.
-void MaybeReportDeepScanningVerdict(Profile* profile,
-                                    const GURL& url,
-                                    const std::string& file_name,
-                                    const std::string& download_digest_sha256,
-                                    const std::string& mime_type,
-                                    const std::string& trigger,
-                                    const int64_t content_size,
-                                    BinaryUploadService::Result result,
-                                    DeepScanningClientResponse response);
-// Helper function to report the user bypassed a warning to the enterprise
+// Represents a trigger that caused a a content analysis request to report a
-// admin. This is split from MaybeReportDeepScanningVerdict since it happens
+// violation.  This is a structure that abstracts the old and new protobufs,
-// after getting a response. |download_digest_sha256| must be encoded using
+// to diminish dependencies on them.
-// base::HexEncode.
+struct ContentAnalysisTrigger {
-void ReportSensitiveDataWarningBypass(Profile* profile,
+  ContentAnalysisTrigger();
-                                      const GURL& url,
+  ContentAnalysisTrigger(const ContentAnalysisTrigger& other);
-                                      const std::string& file_name,
+  ContentAnalysisTrigger(ContentAnalysisTrigger&& other);
-                                      const std::string& download_digest_sha256,
+  ~ContentAnalysisTrigger();
-                                      const std::string& mime_type,
+  ContentAnalysisTrigger& operator=(const ContentAnalysisTrigger& other);
-                                      const std::string& trigger,
-                                      const int64_t content_size,
+  int action;        // The action taken by chrome.
-                                      const DlpDeepScanningVerdict& verdict);
+  std::string id;    // The id of the trigger.
+  std::string name;  // A friendly name for the trigger.
+};
+// Represents the result of a sensitive data scan.  This is a structure that
+// abstracts the old and new protobugs, to diminish dependencies on them.
+struct ContentAnalysisScanResult {
+  ContentAnalysisScanResult();
+  ContentAnalysisScanResult(const ContentAnalysisScanResult& other);
+  ContentAnalysisScanResult(ContentAnalysisScanResult&& other);
+  ~ContentAnalysisScanResult();
+  ContentAnalysisScanResult& operator=(const ContentAnalysisScanResult& other);
+  std::string tag;  // The tag associated with the scan.
+  int status;       // The status of scan for the given tag.
+  std::vector<ContentAnalysisTrigger> triggers;  // Triggers, if any.
+};
 // Access points used to record UMA metrics and specify which code location is
 // initiating a deep scan. Any new caller of
@@ -64,6 +76,60 @@ enum class DeepScanAccessPoint {
 };
 std::string DeepScanAccessPointToString(DeepScanAccessPoint access_point);
+// Helper function to examine a DeepScanningClientResponse and report the
+// appropriate events to the enterprise admin. |download_digest_sha256| must be
+// encoded using base::HexEncode.
+void MaybeReportDeepScanningVerdict(Profile* profile,
+                                    const GURL& url,
+                                    const std::string& file_name,
+                                    const std::string& download_digest_sha256,
+                                    const std::string& mime_type,
+                                    const std::string& trigger,
+                                    DeepScanAccessPoint access_point,
+                                    const int64_t content_size,
+                                    BinaryUploadService::Result result,
+                                    const DeepScanningClientResponse& response);
+// Helper function to examine a ContentAnalysisResponse and report the
+// appropriate events to the enterprise admin. |download_digest_sha256| must be
+// encoded using base::HexEncode.
+void MaybeReportDeepScanningVerdict(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    BinaryUploadService::Result result,
+    const enterprise_connectors::ContentAnalysisResponse& response);
+// Helper function to report the user bypassed a warning to the enterprise
+// admin. This is split from MaybeReportDeepScanningVerdict since it happens
+// after getting a response. |download_digest_sha256| must be encoded using
+// base::HexEncode.
+void ReportAnalysisConnectorWarningBypass(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    const DlpDeepScanningVerdict& verdict);
+void ReportAnalysisConnectorWarningBypass(
+    Profile* profile,
+    const GURL& url,
+    const std::string& file_name,
+    const std::string& download_digest_sha256,
+    const std::string& mime_type,
+    const std::string& trigger,
+    DeepScanAccessPoint access_point,
+    const int64_t content_size,
+    const enterprise_connectors::ContentAnalysisResponse& response);
 // Helper functions to record DeepScanning UMA metrics for the duration of the
 // request split by its result and bytes/sec for successful requests.
 void RecordDeepScanMetrics(DeepScanAccessPoint access_point,
@@ -94,6 +160,19 @@ std::string BinaryUploadServiceResultToString(
    const BinaryUploadService::Result& result,
    bool success);
+// Converts legacy DeepScanningResponse protos or an enterprise connectors
+// ContentAnalysisResponse proto to ContentAnalysisScanResult used by the
+// reporting layer.  This indirection is used during the conversion to
+// connectors and possibly could be removed once the conversion is done.
+ContentAnalysisScanResult SensitiveDataVerdictToResult(
+    const safe_browsing::DlpDeepScanningVerdict& verdict);
+ContentAnalysisScanResult ContentAnalysisResultToResult(
+    const enterprise_connectors::ContentAnalysisResponse::Result& result);
+ContentAnalysisScanResult MalwareVerdictToResult(
+    const safe_browsing::MalwareDeepScanningVerdict& verdict);
+std::vector<ContentAnalysisScanResult> ContentAnalysisResponseToResults(
+    const enterprise_connectors::ContentAnalysisResponse& response);
 }  // namespace safe_browsing
 #endif  // CHROME_BROWSER_SAFE_BROWSING_CLOUD_CONTENT_SCANNING_DEEP_SCANNING_UTILS_H_
--- a/chrome/browser/safe_browsing/download_protection/deep_scanning_request.cc
+++ b/chrome/browser/safe_browsing/download_protection/deep_scanning_request.cc
@@ -283,7 +283,8 @@ void DeepScanningRequest::OnScanComplete(BinaryUploadService::Result result,
        base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
        item_->GetMimeType(),
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        item_->GetTotalBytes(), result, response);
+        DeepScanAccessPoint::DOWNLOAD, item_->GetTotalBytes(), result,
+        response);
  }
  DownloadCheckResult download_result = DownloadCheckResult::UNKNOWN;

--- a/chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc
+++ b/chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc
@@ -17,6 +17,7 @@
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_fcm_service.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_test_utils.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/browser/safe_browsing/dm_token_utils.h"
 #include "chrome/browser/safe_browsing/download_protection/download_protection_service.h"
 #include "chrome/browser/safe_browsing/download_protection/download_protection_util.h"
@@ -542,7 +543,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
        /*threat_type*/ "DANGEROUS",
        /*trigger*/
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
        /*mimetypes*/ ExeMimeTypes(),
        /*size*/ std::string("download contents").size());
@@ -579,7 +581,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
        /*threat_type*/ "POTENTIALLY_UNWANTED",
        /*trigger*/
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
        /*mimetypes*/ ExeMimeTypes(),
        /*size*/ std::string("download contents").size());
@@ -612,7 +615,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
        "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
        /*trigger*/
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
        /*mimetypes*/ ExeMimeTypes(),
        /*size*/ std::string("download contents").size());
@@ -645,7 +649,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
        "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
        /*trigger*/
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
        /*mimetypes*/ ExeMimeTypes(),
        /*size*/ std::string("download contents").size());
@@ -680,7 +685,8 @@ TEST_P(DeepScanningReportingTest, ProcessesResponseCorrectly) {
        "76E00EB33811F5778A5EE557512C30D9341D4FEB07646BCE3E4DB13F9428573C",
        /*trigger*/
        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-        /*dlp_verdict*/ response.dlp_scan_verdict(),
+        /*dlp_verdict*/
+        SensitiveDataVerdictToResult(response.dlp_scan_verdict()),
        /*mimetypes*/ ExeMimeTypes(),
        /*size*/ std::string("download contents").size());

--- a/chrome/browser/safe_browsing/download_protection/download_reporter.cc
+++ b/chrome/browser/safe_browsing/download_protection/download_reporter.cc
@@ -11,6 +11,7 @@
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
 #include "chrome/browser/profiles/profile_key.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "components/download/public/common/download_danger_type.h"
 #include "components/download/public/common/download_item.h"
@@ -85,21 +86,19 @@ void ReportDangerousDownloadWarningBypassed(
  }
 }
-void ReportSensitiveDataWarningBypassed(download::DownloadItem* download) {
+void ReportAnalysisConnectorWarningBypassed(download::DownloadItem* download) {
  content::BrowserContext* browser_context =
      content::DownloadItemUtils::GetBrowserContext(download);
  Profile* profile = Profile::FromBrowserContext(browser_context);
  if (profile) {
    std::string raw_digest_sha256 = download->GetHash();
-    // TODO(crbug/1069109): Use actual DlpDeepScanningVerdict that triggered the
-    // original warning here.
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
-        ->OnSensitiveDataWarningBypassed(
+        ->OnAnalysisConnectorWarningBypassed(
-            DlpDeepScanningVerdict(), download->GetURL(),
+            download->GetURL(), download->GetTargetFilePath().AsUTF8Unsafe(),
-            download->GetTargetFilePath().AsUTF8Unsafe(),
            base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
            download->GetMimeType(),
            extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+            DeepScanAccessPoint::DOWNLOAD, ContentAnalysisScanResult(),
            download->GetTotalBytes());
  }
 }
@@ -167,7 +166,7 @@ void DownloadReporter::OnDownloadUpdated(download::DownloadItem* download) {
  if (old_danger_type ==
          download::DOWNLOAD_DANGER_TYPE_SENSITIVE_CONTENT_WARNING &&
      current_danger_type == download::DOWNLOAD_DANGER_TYPE_USER_VALIDATED) {
-    ReportSensitiveDataWarningBypassed(download);
+    ReportAnalysisConnectorWarningBypassed(download);
  }
  danger_types_[download] = current_danger_type;