Persist deep scanning response for download warning bypasses

This is done by storing the response in the DownloadItem user data.

Bug: 1128046
Change-Id: I8c9711e428d94208a4965bfce400a2a36ef71a7a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2410587Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#807498}

chrome/browser/enterprise/connectors/common.cc

@@ -82,4 +82,9 @@ TriggeredRule::Action GetHighestPrecedenceAction(
   return TriggeredRule::ACTION_UNSPECIFIED;
 }
 
+const char ScanResult::kKey[] = "enterprise_connectors.scan_result_key";
+ScanResult::ScanResult(const ContentAnalysisResponse& response)
+    : response(response) {}
+ScanResult::~ScanResult() = default;
+
 }  // namespace enterprise_connectors

chrome/browser/enterprise/connectors/common.h

@@ -8,6 +8,7 @@
 #include <set>
 #include <string>
 
+#include "base/supports_user_data.h"
 #include "components/enterprise/common/proto/connectors.pb.h"
 #include "url/gurl.h"
 
@@ -80,6 +81,15 @@ TriggeredRule::Action GetHighestPrecedenceAction(
     const TriggeredRule::Action& action_1,
     const TriggeredRule::Action& action_2);
 
+// User data class to persist ContentAnalysisResponses in base::SupportsUserData
+// objects.
+struct ScanResult : public base::SupportsUserData::Data {
+  explicit ScanResult(const ContentAnalysisResponse& response);
+  ~ScanResult() override;
+  static const char kKey[];
+  ContentAnalysisResponse response;
+};
+
 }  // namespace enterprise_connectors
 
 #endif  // CHROME_BROWSER_ENTERPRISE_CONNECTORS_COMMON_H_

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc

@@ -535,8 +535,6 @@ void SafeBrowsingPrivateEventRouter::OnAnalysisConnectorWarningBypassed(
   if (!IsRealtimeReportingEnabled())
     return;
 
-  DCHECK_EQ("dlp", result.tag);
-
   ReportRealtimeEvent(
       kKeySensitiveDataEvent,
       base::BindOnce(

chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.cc

@@ -224,6 +224,10 @@ void ReportAnalysisConnectorWarningBypass(
 
   auto results = ContentAnalysisResponseToResults(response);
   for (auto result : results) {
+    // Only report results with triggered rules.
+    if (result.triggers.empty())
+      continue;
+
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
         ->OnAnalysisConnectorWarningBypassed(
             url, file_name, download_digest_sha256, mime_type, trigger,

chrome/browser/safe_browsing/download_protection/deep_scanning_request.cc

@@ -269,6 +269,10 @@ void DeepScanningRequest::OnScanComplete(
         extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
         DeepScanAccessPoint::DOWNLOAD, item_->GetTotalBytes(), result, response,
         event_result);
+
+    item_->SetUserData(
+        enterprise_connectors::ScanResult::kKey,
+        std::make_unique<enterprise_connectors::ScanResult>(response));
   }
 
   FinishRequest(download_result);

chrome/browser/safe_browsing/download_protection/download_reporter.cc

@@ -7,6 +7,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/download/simple_download_manager_coordinator_factory.h"
+#include "chrome/browser/enterprise/connectors/common.h"
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h"
 #include "chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_factory.h"
 #include "chrome/browser/profiles/profile_key.h"
@@ -16,7 +17,6 @@
 #include "components/download/public/common/download_danger_type.h"
 #include "components/download/public/common/download_item.h"
 #include "components/download/public/common/simple_download_manager_coordinator.h"
-#include "components/safe_browsing/core/proto/webprotect.pb.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/download_item_utils.h"
 
@@ -93,14 +93,19 @@ void ReportAnalysisConnectorWarningBypassed(download::DownloadItem* download) {
   Profile* profile = Profile::FromBrowserContext(browser_context);
   if (profile) {
     std::string raw_digest_sha256 = download->GetHash();
-    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile)
-        ->OnAnalysisConnectorWarningBypassed(
-            download->GetURL(), download->GetTargetFilePath().AsUTF8Unsafe(),
-            base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
-            download->GetMimeType(),
-            extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
-            DeepScanAccessPoint::DOWNLOAD, ContentAnalysisScanResult(),
-            download->GetTotalBytes());
+    enterprise_connectors::ScanResult* stored_result =
+        static_cast<enterprise_connectors::ScanResult*>(
+            download->GetUserData(enterprise_connectors::ScanResult::kKey));
+
+    ReportAnalysisConnectorWarningBypass(
+        profile, download->GetURL(),
+        download->GetTargetFilePath().AsUTF8Unsafe(),
+        base::HexEncode(raw_digest_sha256.data(), raw_digest_sha256.size()),
+        download->GetMimeType(),
+        extensions::SafeBrowsingPrivateEventRouter::kTriggerFileDownload,
+        DeepScanAccessPoint::DOWNLOAD, download->GetTotalBytes(),
+        stored_result ? stored_result->response
+                      : enterprise_connectors::ContentAnalysisResponse());
   }
 }