[WebLayer] Implement safebrowsing committed interstitials for subresources

This patch implements committed interstitials for safebrowsing
for subresources (as a follow-up to crrev.com/c/2003857).

In this patch:
- Make sure to only add safebrowsing navigation throttle for
  main frames when committed interstitials are enabled.
- Implement safe_browsing_subresource_helper and update
  safe_browsing_ui_manager to handle subresources (such as
  js files).
- Add a browsertest for testing safebrowsing interstitials
  for subresources (both with and without committed
  interstitials enabled).

BUG=1044593,1042662

Change-Id: I813e916aa27dcb262fcd39d9b20af0f6d5d41e1a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2030485
Commit-Queue: Tim Volodine <timvolodine@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737338}

weblayer/browser/content_browser_client_impl.cc

@@ -21,6 +21,7 @@
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/devtools_manager_delegate.h"
 #include "content/public/browser/generated_code_cache_settings.h"
+#include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/navigation_throttle.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/common/content_switches.h"
@@ -345,11 +346,15 @@ ContentBrowserClientImpl::CreateThrottlesForNavigation(
       base::BindOnce(&HandleSSLError), base::BindOnce(&IsInHostedApp)));
 
 #if defined(OS_ANDROID)
-  if (base::FeatureList::IsEnabled(features::kWebLayerSafeBrowsing) &&
-      base::FeatureList::IsEnabled(safe_browsing::kCommittedSBInterstitials) &&
-      IsSafebrowsingSupported()) {
-    throttles.push_back(
-        GetSafeBrowsingService()->CreateSafeBrowsingNavigationThrottle(handle));
+  if (handle->IsInMainFrame()) {
+    if (base::FeatureList::IsEnabled(features::kWebLayerSafeBrowsing) &&
+        base::FeatureList::IsEnabled(
+            safe_browsing::kCommittedSBInterstitials) &&
+        IsSafebrowsingSupported()) {
+      throttles.push_back(
+          GetSafeBrowsingService()->CreateSafeBrowsingNavigationThrottle(
+              handle));
+    }
   }
 #endif
   return throttles;

weblayer/browser/safe_browsing/BUILD.gn

@@ -14,6 +14,8 @@ source_set("safe_browsing") {
     "safe_browsing_navigation_throttle.h",
     "safe_browsing_service.cc",
     "safe_browsing_service.h",
+    "safe_browsing_subresource_helper.cc",
+    "safe_browsing_subresource_helper.h",
     "safe_browsing_ui_manager.cc",
     "safe_browsing_ui_manager.h",
     "url_checker_delegate_impl.cc",

weblayer/browser/safe_browsing/safe_browsing_browsertest.cc

@@ -50,6 +50,7 @@ class FakeSafeBrowsingApiHandler
       std::unique_ptr<URLCheckCallbackMeta> callback,
       const GURL& url,
       const safe_browsing::SBThreatTypeSet& threat_types) override {
+    LOG(INFO) << "BLA test handler url=" + url.spec();
     RunCallbackOnIOThread(std::move(callback), GetSafeBrowsingRestriction(url),
                           safe_browsing::ThreatMetadata());
   }
@@ -184,4 +185,14 @@ IN_PROC_BROWSER_TEST_P(SafeBrowsingBrowserTest, ShowsInterstitial_Billing) {
   NavigateWithThreatType(safe_browsing::SB_THREAT_TYPE_BILLING, true);
 }
 
+IN_PROC_BROWSER_TEST_P(SafeBrowsingBrowserTest,
+                       ShowsInterstitial_Malware_Subresource) {
+  GURL page_with_script_url =
+      embedded_test_server()->GetURL("/simple_page_with_script.html");
+  GURL script_url = embedded_test_server()->GetURL("/script.js");
+  fake_handler_->AddRestriction(script_url,
+                                safe_browsing::SB_THREAT_TYPE_URL_MALWARE);
+  Navigate(page_with_script_url, true);
+}
+
 }  // namespace weblayer
\ No newline at end of file

weblayer/browser/safe_browsing/safe_browsing_subresource_helper.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "weblayer/browser/safe_browsing/safe_browsing_subresource_helper.h"
+
+#include "components/security_interstitials/content/security_interstitial_tab_helper.h"
+#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/web_contents.h"
+#include "net/base/net_errors.h"
+#include "weblayer/browser/safe_browsing/safe_browsing_blocking_page.h"
+#include "weblayer/browser/safe_browsing/safe_browsing_ui_manager.h"
+
+namespace weblayer {
+
+// static
+void SafeBrowsingSubresourceHelper::CreateForWebContents(
+    content::WebContents* web_contents,
+    SafeBrowsingUIManager* ui_manager) {
+  if (FromWebContents(web_contents))
+    return;
+
+  web_contents->SetUserData(UserDataKey(),
+                            base::WrapUnique(new SafeBrowsingSubresourceHelper(
+                                web_contents, ui_manager)));
+}
+
+SafeBrowsingSubresourceHelper::~SafeBrowsingSubresourceHelper() {}
+
+void SafeBrowsingSubresourceHelper::ReadyToCommitNavigation(
+    content::NavigationHandle* navigation_handle) {
+  if (navigation_handle->GetNetErrorCode() == net::ERR_BLOCKED_BY_CLIENT) {
+    if (!ui_manager_)
+      return;
+
+    security_interstitials::UnsafeResource resource;
+    if (ui_manager_->PopUnsafeResourceForURL(navigation_handle->GetURL(),
+                                             &resource)) {
+      SafeBrowsingBlockingPage* blocking_page =
+          SafeBrowsingBlockingPage::CreateBlockingPage(
+              ui_manager_, navigation_handle->GetWebContents(),
+              navigation_handle->GetURL(), resource);
+      security_interstitials::SecurityInterstitialTabHelper::
+          AssociateBlockingPage(navigation_handle->GetWebContents(),
+                                navigation_handle->GetNavigationId(),
+                                base::WrapUnique(blocking_page));
+    }
+  }
+}
+
+SafeBrowsingSubresourceHelper::SafeBrowsingSubresourceHelper(
+    content::WebContents* web_contents,
+    SafeBrowsingUIManager* ui_manager)
+    : WebContentsObserver(web_contents), ui_manager_(ui_manager) {}
+
+WEB_CONTENTS_USER_DATA_KEY_IMPL(SafeBrowsingSubresourceHelper)
+
+}  // namespace weblayer

weblayer/browser/safe_browsing/safe_browsing_subresource_helper.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef WEBLAYER_BROWSER_SAFE_BROWSING_SAFE_BROWSING_SUBRESOURCE_HELPER_H_
+#define WEBLAYER_BROWSER_SAFE_BROWSING_SAFE_BROWSING_SUBRESOURCE_HELPER_H_
+
+#include "content/public/browser/web_contents_observer.h"
+#include "content/public/browser/web_contents_user_data.h"
+
+namespace content {
+class NavigationHandle;
+class WebContents;
+}  // namespace content
+
+namespace weblayer {
+class SafeBrowsingUIManager;
+
+// This observer creates a blocking page for the web contents if any subresource
+// triggered a safe browsing interstitial. Main frame safe browsing errors are
+// handled separately (in SafeBrowsingNavigationThrottle).
+class SafeBrowsingSubresourceHelper
+    : public content::WebContentsObserver,
+      public content::WebContentsUserData<SafeBrowsingSubresourceHelper> {
+ public:
+  ~SafeBrowsingSubresourceHelper() override;
+
+  static void CreateForWebContents(content::WebContents* web_contents,
+                                   SafeBrowsingUIManager* ui_manager);
+
+  // WebContentsObserver::
+  void ReadyToCommitNavigation(
+      content::NavigationHandle* navigation_handle) override;
+
+ private:
+  explicit SafeBrowsingSubresourceHelper(content::WebContents* web_contents,
+                                         SafeBrowsingUIManager* ui_manager);
+  friend class content::WebContentsUserData<SafeBrowsingSubresourceHelper>;
+
+  SafeBrowsingUIManager* ui_manager_;
+
+  WEB_CONTENTS_USER_DATA_KEY_DECL();
+  DISALLOW_COPY_AND_ASSIGN(SafeBrowsingSubresourceHelper);
+};
+
+}  // namespace weblayer
+
+#endif  // WEBLAYER_BROWSER_SAFE_BROWSING_SAFE_BROWSING_SUBRESOURCE_HELPER_H_

weblayer/browser/safe_browsing/safe_browsing_ui_manager.cc

@@ -5,6 +5,8 @@
 #include "weblayer/browser/safe_browsing/safe_browsing_ui_manager.h"
 
 #include "content/public/browser/browser_thread.h"
+#include "weblayer/browser/safe_browsing/safe_browsing_blocking_page.h"
+#include "weblayer/browser/safe_browsing/safe_browsing_subresource_helper.h"
 
 using content::BrowserThread;
 
@@ -23,4 +25,16 @@ void SafeBrowsingUIManager::SendSerializedThreatDetails(
   // Note the base implementation does not send anything.
 }
 
+safe_browsing::BaseBlockingPage*
+SafeBrowsingUIManager::CreateBlockingPageForSubresource(
+    content::WebContents* contents,
+    const GURL& blocked_url,
+    const UnsafeResource& unsafe_resource) {
+  SafeBrowsingSubresourceHelper::CreateForWebContents(contents, this);
+  SafeBrowsingBlockingPage* blocking_page =
+      SafeBrowsingBlockingPage::CreateBlockingPage(this, contents, blocked_url,
+                                                   unsafe_resource);
+  return blocking_page;
+}
+
 }  // namespace weblayer

weblayer/browser/safe_browsing/safe_browsing_ui_manager.h

@@ -6,6 +6,15 @@
 #define WEBLAYER_BROWSER_SAFE_BROWSING_SAFE_BROWSING_UI_MANAGER_H_
 
 #include "components/safe_browsing/content/base_ui_manager.h"
+#include "components/security_interstitials/core/unsafe_resource.h"
+
+namespace content {
+class WebContents;
+}
+
+namespace safe_browsing {
+class BaseBlockingPage;
+}
 
 namespace weblayer {
 
@@ -21,6 +30,11 @@ class SafeBrowsingUIManager : public safe_browsing::BaseUIManager {
   ~SafeBrowsingUIManager() override;
 
  private:
+  safe_browsing::BaseBlockingPage* CreateBlockingPageForSubresource(
+      content::WebContents* contents,
+      const GURL& blocked_url,
+      const UnsafeResource& unsafe_resource) override;
+
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingUIManager);
 };
 

weblayer/test/data/simple_page_with_script.html

+<html>
+<head><title>OK</title></head>
+<body>
+Basic html with script test.
+<script type="text/javascript" src="script.js"></script>
+</body>
+</html>