[subresource_filter] Add a finch param to disable using rules from the ruleset

This allows us to remotely turn off filtering rules while still enabling
other features like the strengthened popup blocker.

Bug: 737737
Change-Id: Ia77acc7bdb66009fae7204a259ce571bd680ba9f
Reviewed-on: https://chromium-review.googlesource.com/553597Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Commit-Queue: Charlie Harrison <csharrison@chromium.org>
Cr-Commit-Position: refs/heads/master@{#488256}

chrome/browser/subresource_filter/subresource_filter_browsertest.cc

@@ -1138,6 +1138,18 @@ IN_PROC_BROWSER_TEST_F(SubresourceFilterBrowserTest,
   observer.Wait();
 }
 
+IN_PROC_BROWSER_TEST_F(SubresourceFilterBrowserTest,
+                       DisableRuleset_SubresourceAllowed) {
+  Configuration config = Configuration::MakePresetForLiveRunOnPhishingSites();
+  config.activation_options.should_disable_ruleset_rules = true;
+  ResetConfiguration(std::move(config));
+
+  GURL url(GetTestUrl("subresource_filter/frame_with_included_script.html"));
+  ConfigureAsPhishingURL(url);
+  ui_test_utils::NavigateToURL(browser(), url);
+  EXPECT_TRUE(WasParsedScriptElementLoaded(web_contents()->GetMainFrame()));
+}
+
 IN_PROC_BROWSER_TEST_F(SubresourceFilterBrowserTest,
                        NoConfiguration_AllowCreatingNewWindows) {
   base::HistogramTester tester;
@@ -1183,10 +1195,8 @@ IN_PROC_BROWSER_TEST_F(SubresourceFilterBrowserTest, BlockCreatingNewWindows) {
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(web_contents, "openWindow()",
                                                    &opened_window));
   EXPECT_FALSE(opened_window);
-  // Do not force the UI if the popup was the only thing disallowed. The popup
-  // UI is good enough.
   tester.ExpectBucketCount(kSubresourceFilterActionsHistogram, kActionUIShown,
-                           0);
+                           1);
   // Make sure the popup UI was shown.
   EXPECT_TRUE(TabSpecificContentSettings::FromWebContents(web_contents)
                   ->IsContentBlocked(CONTENT_SETTINGS_TYPE_POPUPS));
@@ -1223,10 +1233,8 @@ IN_PROC_BROWSER_TEST_F(SubresourceFilterBrowserTest, BlockOpenURLFromTab) {
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   EXPECT_TRUE(content::ExecuteScript(web_contents, "openWindow()"));
-  // Do not force the UI if the popup was the only thing disallowed. The popup
-  // UI is good enough.
   tester.ExpectBucketCount(kSubresourceFilterActionsHistogram, kActionUIShown,
-                           0);
+                           1);
 
   EXPECT_TRUE(TabSpecificContentSettings::FromWebContents(web_contents)
                   ->IsContentBlocked(CONTENT_SETTINGS_TYPE_POPUPS));

chrome/browser/subresource_filter/subresource_filter_unittest.cc

@@ -147,3 +147,16 @@ TEST_F(SubresourceFilterTest, SimpleDisallowedLoad_WithObserver) {
   EXPECT_EQ(subresource_filter::LoadPolicy::DISALLOW,
             observer.GetSubframeLoadPolicy(disallowed_url).value());
 }
+
+TEST_F(SubresourceFilterTest, DisableRuleset_SubframeAllowed) {
+  subresource_filter::Configuration config(
+      subresource_filter::ActivationLevel::ENABLED,
+      subresource_filter::ActivationScope::ALL_SITES);
+  config.activation_options.should_disable_ruleset_rules = true;
+  scoped_configuration().ResetConfiguration(std::move(config));
+
+  GURL url("https://a.test");
+  ConfigureAsSubresourceFilterOnlyURL(url);
+  SimulateNavigateAndCommit(url, main_rfh());
+  EXPECT_TRUE(CreateAndNavigateDisallowedSubframe(main_rfh()));
+}

components/subresource_filter/content/browser/activation_state_computing_navigation_throttle.cc

@@ -138,13 +138,14 @@ ActivationStateComputingNavigationThrottle::filter() const {
 // when activation IPCs are not sent to the render process.
 std::unique_ptr<AsyncDocumentSubresourceFilter>
 ActivationStateComputingNavigationThrottle::ReleaseFilter() {
-  return will_send_activation_to_renderer_ ? std::move(async_filter_) : nullptr;
+  return could_send_activation_to_renderer_ ? std::move(async_filter_)
+                                            : nullptr;
 }
 
 void ActivationStateComputingNavigationThrottle::
-    WillSendActivationToRenderer() {
+    CouldSendActivationToRenderer() {
   DCHECK(async_filter_);
-  will_send_activation_to_renderer_ = true;
+  could_send_activation_to_renderer_ = true;
 }
 
 }  // namespace subresource_filter

components/subresource_filter/content/browser/activation_state_computing_navigation_throttle.h

@@ -71,7 +71,7 @@ class ActivationStateComputingNavigationThrottle
 
   AsyncDocumentSubresourceFilter* filter() const;
 
-  void WillSendActivationToRenderer();
+  void CouldSendActivationToRenderer();
 
  private:
   void OnActivationStateComputed(ActivationState state);
@@ -95,11 +95,12 @@ class ActivationStateComputingNavigationThrottle
   // Callback to be run in the destructor.
   base::OnceClosure destruction_closure_;
 
-  // Becomes true when the throttle manager reaches ReadyToCommitNavigation and
-  // sends an activation IPC to the render process. Makes sure a caller cannot
-  // take ownership of the subresource filter unless an activation IPC is sent
-  // to the renderer.
-  bool will_send_activation_to_renderer_ = false;
+  // Can become true when the throttle manager reaches ReadyToCommitNavigation.
+  // Makes sure a caller cannot take ownership of the subresource filter unless
+  // the throttle has reached this point. After this point the throttle manager
+  // can send an activation IPC to the render process. Note that an IPC is not
+  // always sent in case this activation is ignoring ruleset rules.
+  bool could_send_activation_to_renderer_ = false;
 
   base::WeakPtrFactory<ActivationStateComputingNavigationThrottle>
       weak_ptr_factory_;

components/subresource_filter/content/browser/activation_state_computing_navigation_throttle_unittest.cc

@@ -176,7 +176,7 @@ class ActivationStateComputingNavigationThrottleTest
       return;
     ASSERT_EQ(navigation_handle, test_throttle_->navigation_handle());
     if (test_throttle_->filter())
-      test_throttle_->WillSendActivationToRenderer();
+      test_throttle_->CouldSendActivationToRenderer();
 
     if (auto filter = test_throttle_->ReleaseFilter()) {
       EXPECT_NE(ActivationLevel::DISABLED,

components/subresource_filter/content/browser/content_subresource_filter_driver_factory.cc

@@ -105,6 +105,10 @@ bool ContentSubresourceFilterDriverFactory::AllowStrongPopupBlocking() {
   return activation_options_.should_strengthen_popup_blocker;
 }
 
+bool ContentSubresourceFilterDriverFactory::AllowRulesetRules() {
+  return !activation_options_.should_disable_ruleset_rules;
+}
+
 void ContentSubresourceFilterDriverFactory::DidStartNavigation(
     content::NavigationHandle* navigation_handle) {
   if (navigation_handle->IsInMainFrame() &&

components/subresource_filter/content/browser/content_subresource_filter_driver_factory.h

@@ -70,6 +70,7 @@ class ContentSubresourceFilterDriverFactory
   // ContentSubresourceFilterThrottleManager::Delegate:
   void OnFirstSubresourceLoadDisallowed() override;
   bool AllowStrongPopupBlocking() override;
+  bool AllowRulesetRules() override;
 
   ContentSubresourceFilterThrottleManager* throttle_manager() {
     return throttle_manager_.get();

components/subresource_filter/content/browser/content_subresource_filter_throttle_manager.cc

@@ -35,6 +35,10 @@ bool ContentSubresourceFilterThrottleManager::Delegate::
   return false;
 }
 
+bool ContentSubresourceFilterThrottleManager::Delegate::AllowRulesetRules() {
+  return true;
+}
+
 ContentSubresourceFilterThrottleManager::
     ContentSubresourceFilterThrottleManager(
         Delegate* delegate,
@@ -98,12 +102,17 @@ void ContentSubresourceFilterThrottleManager::ReadyToCommitNavigation(
       "ContentSubresourceFilterThrottleManager::ReadyToCommitNavigation",
       "activation_state", filter->activation_state().ToTracedValue());
 
-  throttle->WillSendActivationToRenderer();
-
-  content::RenderFrameHost* frame_host =
-      navigation_handle->GetRenderFrameHost();
-  frame_host->Send(new SubresourceFilterMsg_ActivateForNextCommittedLoad(
-      frame_host->GetRoutingID(), filter->activation_state()));
+  // Only send the IPC to the renderer if not actively ignoring rules from our
+  // ruleset. Note, if we ever want to do anything more complex in the renderer
+  // (other than just consume the rules), we will likely have to find a
+  // different solution here.
+  throttle->CouldSendActivationToRenderer();
+  if (delegate_->AllowRulesetRules()) {
+    content::RenderFrameHost* frame_host =
+        navigation_handle->GetRenderFrameHost();
+    frame_host->Send(new SubresourceFilterMsg_ActivateForNextCommittedLoad(
+        frame_host->GetRoutingID(), filter->activation_state()));
+  }
 }
 
 void ContentSubresourceFilterThrottleManager::DidFinishNavigation(
@@ -243,11 +252,14 @@ bool ContentSubresourceFilterThrottleManager::ShouldDisallowNewWindow(
   // isTrusted bit set to false. This bit is set to true if the event is
   // generated via a user action. See docs:
   // https://developer.mozilla.org/en-US/docs/Web/API/Event/isTrusted
+  bool should_block = true;
   if (open_url_params) {
-    return open_url_params->triggering_event_info ==
-           blink::WebTriggeringEventInfo::kFromUntrustedEvent;
+    should_block = open_url_params->triggering_event_info ==
+                   blink::WebTriggeringEventInfo::kFromUntrustedEvent;
   }
-  return true;
+  if (should_block)
+    delegate_->OnFirstSubresourceLoadDisallowed();
+  return should_block;
 }
 
 std::unique_ptr<SubframeNavigationFilteringThrottle>
@@ -256,6 +268,8 @@ ContentSubresourceFilterThrottleManager::
         content::NavigationHandle* navigation_handle) {
   if (navigation_handle->IsInMainFrame())
     return nullptr;
+  if (!delegate_->AllowRulesetRules())
+    return nullptr;
   AsyncDocumentSubresourceFilter* parent_filter =
       GetParentFrameFilter(navigation_handle);
   return parent_filter ? base::MakeUnique<SubframeNavigationFilteringThrottle>(

components/subresource_filter/content/browser/content_subresource_filter_throttle_manager.h

@@ -58,7 +58,13 @@ class ContentSubresourceFilterThrottleManager
     // The embedder may be interested in displaying UI to the user when the
     // first load is disallowed for a given page load.
     virtual void OnFirstSubresourceLoadDisallowed() {}
+
+    // Whether the stronger version of the popup blocker is enabled for this
+    // page load.
     virtual bool AllowStrongPopupBlocking();
+
+    // Whether we should be using ruleset rules for this page load.
+    virtual bool AllowRulesetRules();
   };
 
   ContentSubresourceFilterThrottleManager(

components/subresource_filter/core/browser/subresource_filter_features.cc

@@ -176,6 +176,9 @@ Configuration ParseExperimentalConfiguration(
       ParseBool(TakeVariationParamOrReturnEmpty(
           params, kStrengthenPopupBlockerParameterName));
 
+  configuration.activation_options.should_disable_ruleset_rules =
+      ParseBool(TakeVariationParamOrReturnEmpty(params, kDisableRulesetRules));
+
   // GeneralSettings:
   configuration.general_settings.ruleset_flavor =
       TakeVariationParamOrReturnEmpty(params, kRulesetFlavorParameterName);
@@ -264,6 +267,7 @@ const char kPerformanceMeasurementRateParameterName[] =
 const char kSuppressNotificationsParameterName[] = "suppress_notifications";
 const char kWhitelistSiteOnReloadParameterName[] = "whitelist_site_on_reload";
 const char kStrengthenPopupBlockerParameterName[] = "strengthen_popup_blocker";
+const char kDisableRulesetRules[] = "disable_ruleset_rules";
 
 const char kRulesetFlavorParameterName[] = "ruleset_flavor";
 
@@ -316,6 +320,7 @@ bool Configuration::operator==(const Configuration& rhs) const {
                     config.activation_options.should_whitelist_site_on_reload,
                     config.activation_options.should_suppress_notifications,
                     config.activation_options.should_strengthen_popup_blocker,
+                    config.activation_options.should_disable_ruleset_rules,
                     config.general_settings.ruleset_flavor);
   };
   return tie(*this) == tie(rhs);
@@ -349,6 +354,8 @@ std::unique_ptr<base::trace_event::TracedValue> Configuration::ToTracedValue()
                     activation_options.should_whitelist_site_on_reload);
   value->SetBoolean("should_strengthen_popup_blocker",
                     activation_options.should_strengthen_popup_blocker);
+  value->SetBoolean("should_disable_ruleset_rules",
+                    activation_options.should_disable_ruleset_rules);
   value->SetString("ruleset_flavor",
                    StreamToString(general_settings.ruleset_flavor));
   return value;

components/subresource_filter/core/browser/subresource_filter_features.h

@@ -88,6 +88,10 @@ struct Configuration {
 
     // Whether to apply a more powerful popup blocker on pages with activation.
     bool should_strengthen_popup_blocker = false;
+
+    // Whether to disable rules from the ruleset. In practice this might be used
+    // if e.g. only popup blocking behavior is desired.
+    bool should_disable_ruleset_rules = false;
   };
 
   // General settings that apply outside of the scope of a navigation.
@@ -208,6 +212,8 @@ extern const char kWhitelistSiteOnReloadParameterName[];
 
 extern const char kStrengthenPopupBlockerParameterName[];
 
+extern const char kDisableRulesetRules[];
+
 extern const char kRulesetFlavorParameterName[];
 
 extern const char kEnablePresetsParameterName[];