Added initial outline for the sensitive keywords heuristic triggering a safety tip.

This CL adds an outline for the sensitive keywords safety tip logic that
will be implemented later. For now, the heuristic always returns false
(no sites are currently triggered by the heuristic, and safety tip
behavior should be unchanged).

Bug: 984725
Change-Id: I162830c08158358a4697d46441b1d5835e5752b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1842500Reviewed-by: Joe DeBlasio <jdeblasio@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Christopher Thompson <cthomp@chromium.org>
Commit-Queue: Aidan Beggs <beggs@google.com>
Cr-Commit-Position: refs/heads/master@{#703914}

chrome/browser/lookalikes/safety_tips/reputation_service.cc

@@ -70,6 +70,15 @@ bool ShouldTriggerSafetyTipFromLookalike(
   return true;
 }
 
+// TODO(crbug/984725): Implement Keyword Check
+bool ShouldTriggerSafetyTipFromKeywordInURL(
+    const GURL& url,
+    const DomainInfo& navigated_domain,
+    const std::vector<DomainInfo>& engaged_sites) {
+  // TODO(crbug/987754): Record metrics here.
+  return false;
+}
+
 // This factory helps construct and find the singleton ReputationService linked
 // to a Profile.
 class ReputationServiceFactory : public BrowserContextKeyedServiceFactory {
@@ -251,7 +260,15 @@ void ReputationService::GetReputationStatusWithEngagedSites(
     return;
   }
 
-  // TODO(crbug/984725): 5. Additional client-side heuristics
+  // 5. Keyword heuristics.
+  if (ShouldTriggerSafetyTipFromKeywordInURL(url, navigated_domain,
+                                             engaged_sites)) {
+    std::move(callback).Run(security_state::SafetyTipStatus::kBadKeyword,
+                            IsIgnored(url), url, GURL());
+    return;
+  }
+
+  // TODO(crbug/984725): 6. Additional client-side heuristics.
   std::move(callback).Run(security_state::SafetyTipStatus::kNone,
                           IsIgnored(url), url, GURL());
 }

chrome/browser/lookalikes/safety_tips/reputation_web_contents_observer.cc

@@ -5,6 +5,7 @@
 #include "chrome/browser/lookalikes/safety_tips/reputation_web_contents_observer.h"
 
 #include <string>
+#include <utility>
 
 #include "base/metrics/histogram_functions.h"
 #include "base/metrics/histogram_macros.h"
@@ -137,13 +138,12 @@ void ReputationWebContentsObserver::HandleReputationCheckResult(
   UMA_HISTOGRAM_ENUMERATION("Security.SafetyTips.SafetyTipShown",
                             safety_tip_status);
 
-  if (safety_tip_status == security_state::SafetyTipStatus::kNone) {
+  if (safety_tip_status == security_state::SafetyTipStatus::kNone ||
+      safety_tip_status == security_state::SafetyTipStatus::kBadKeyword) {
     MaybeCallReputationCheckCallback();
     return;
   }
 
-  // TODO(crbug/987754): Record metrics here.
-
   if (user_ignored) {
     UMA_HISTOGRAM_ENUMERATION("Security.SafetyTips.SafetyTipIgnoredPageLoad",
                               safety_tip_status);

chrome/browser/lookalikes/safety_tips/safety_tip_ui_helper.cc

@@ -66,6 +66,7 @@ base::string16 GetSafetyTipTitle(
           security_interstitials::common_string_util::GetFormattedHostName(
               url));
 #endif
+    case security_state::SafetyTipStatus::kBadKeyword:
     case security_state::SafetyTipStatus::kUnknown:
     case security_state::SafetyTipStatus::kNone:
       NOTREACHED();
@@ -87,6 +88,7 @@ base::string16 GetSafetyTipDescription(
           IDS_PAGE_INFO_SAFETY_TIP_LOOKALIKE_DESCRIPTION,
           security_interstitials::common_string_util::GetFormattedHostName(
               url));
+    case security_state::SafetyTipStatus::kBadKeyword:
     case security_state::SafetyTipStatus::kNone:
     case security_state::SafetyTipStatus::kUnknown:
       NOTREACHED();
@@ -106,6 +108,7 @@ int GetSafetyTipLeaveButtonId(security_state::SafetyTipStatus warning_type) {
     case security_state::SafetyTipStatus::kLookalike:
       return IDS_PAGE_INFO_SAFETY_TIP_LEAVE_BUTTON;
 #endif
+    case security_state::SafetyTipStatus::kBadKeyword:
     case security_state::SafetyTipStatus::kUnknown:
     case security_state::SafetyTipStatus::kNone:
       NOTREACHED();

chrome/browser/ui/page_info/page_info_ui.cc

@@ -35,7 +35,6 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_service.h"
-#include "components/vector_icons/vector_icons.h"
 #include "media/base/media_switches.h"
 #include "ui/gfx/color_palette.h"
 #include "ui/gfx/color_utils.h"
@@ -288,6 +287,9 @@ PageInfoUI::GetSecurityDescription(const IdentityInfo& identity_info) const {
     case security_state::SafetyTipStatus::kLookalike:
       // Lookalikes have their own strings, but they're suggestions, not
       // warnings, so we leave Page Info alone.
+    case security_state::SafetyTipStatus::kBadKeyword:
+      // Keyword safety tips are only used to collect metrics for now and are
+      // not visible to the user, so don't affect Page Info.
     case security_state::SafetyTipStatus::kNone:
     case security_state::SafetyTipStatus::kUnknown:
       break;

components/security_state/core/security_state.cc

@@ -82,7 +82,10 @@ std::string GetHistogramSuffixForSafetyTipStatus(
       return "SafetyTip_BadReputation";
     case security_state::SafetyTipStatus::kLookalike:
       return "SafetyTip_Lookalike";
-  };
+    case security_state::SafetyTipStatus::kBadKeyword:
+      NOTREACHED();
+      return std::string();
+  }
   NOTREACHED();
   return std::string();
 }

components/security_state/core/security_state.h

@@ -120,9 +120,12 @@ enum class SafetyTipStatus {
   kNone = 1,
   // The current page triggered a Safety Tip because it was bad reputation.
   kBadReputation = 2,
-  // The current page trigged a Safety Tip because it had a lookalike URL.
+  // The current page triggered a Safety Tip because it had a lookalike URL.
   kLookalike = 3,
-  kMaxValue = kLookalike,
+  // The current page triggered a Safety Tip because a suspicious keyword was
+  // found in its hostname.
+  kBadKeyword = 4,
+  kMaxValue = kBadKeyword,
 };
 
 // Contains the security state relevant to computing the SecurityLevel

tools/metrics/histograms/enums.xml

@@ -53115,6 +53115,7 @@ Called by update_net_trust_anchors.py.-->
   <int value="1" label="No Safety Tip"/>
   <int value="2" label="Safety Tip for bad reputation"/>
   <int value="3" label="Safety Tip for lookalike URL"/>
+  <int value="4" label="Safety Tip for a URL with a suspicious keyword"/>
 </enum>
 
 <enum name="SameSiteCookieContext">