[ios][PhishGuard] Set and get cached verdict

Ports unit tests from: components/safe_browsing/content/password_protection/ password_protection_service_unittest.cc Bug: 1147967 Change-Id: I0f3b27b0304f49bf464b1f1ac6a3ac97dc976083 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2791925 Reviewed-by: Xinghui Lu <xinghuilu@chromium.org> Reviewed-by: Ali Juma <ajuma@chromium.org> Commit-Queue: edchin <edchin@chromium.org> Cr-Commit-Position: refs/heads/master@{#868009}
FairyWorld · Mar 31, 2021 · 3bcac62 · 3bcac62
1 parent ad26ee1
commit 3bcac62
Show file tree

Hide file tree

Showing 5 changed files with 440 additions and 0 deletions.
diff --git a/components/safe_browsing/core/common/safebrowsing_constants.cc b/components/safe_browsing/core/common/safebrowsing_constants.cc
@@ -20,6 +20,9 @@ const int kNetErrorCodeForSafeBrowsing = net::ERR_BLOCKED_BY_CLIENT;
 
 const char kSafeBrowsingEnabledHistogramName[] = "SafeBrowsing.Pref.General";
 
+const char kArtificialCachedPhishGuardVerdictFlag[] =
+    "mark_as_phish_guard_phishing";
+
 const std::vector<std::string> GetExcludedCountries() {
   // Safe Browsing endpoint doesn't exist.
   return {"cn"};

diff --git a/components/safe_browsing/core/common/safebrowsing_constants.h b/components/safe_browsing/core/common/safebrowsing_constants.h
@@ -28,6 +28,9 @@ extern const int kNetErrorCodeForSafeBrowsing;
 // The name of the histogram that records whether Safe Browsing is enabled.
 extern const char kSafeBrowsingEnabledHistogramName[];
 
+// Command-line flag for caching an artificial PhishGuard unsafe verdict.
+extern const char kArtificialCachedPhishGuardVerdictFlag[];
+
 // Countries that has no endpoint for Safe Browsing.
 const std::vector<std::string> GetExcludedCountries();
 

diff --git a/ios/chrome/browser/safe_browsing/chrome_password_protection_service.h b/ios/chrome/browser/safe_browsing/chrome_password_protection_service.h
@@ -55,6 +55,28 @@ class ChromePasswordProtectionService
       const std::string& verdict_token,
       safe_browsing::ReusedPasswordAccountType password_type) override;
 
+  // Stores |verdict| in the cache based on its |trigger_type|, |url|,
+  // reused |password_type|, |verdict| and |receive_time|.
+  void CacheVerdict(
+      const GURL& url,
+      safe_browsing::LoginReputationClientRequest::TriggerType trigger_type,
+      safe_browsing::ReusedPasswordAccountType password_type,
+      const safe_browsing::LoginReputationClientResponse& verdict,
+      const base::Time& receive_time) override;
+
+  // Looks up the cached verdict response. If verdict is not available or is
+  // expired, return VERDICT_TYPE_UNSPECIFIED. Can be called on any thread.
+  safe_browsing::LoginReputationClientResponse::VerdictType GetCachedVerdict(
+      const GURL& url,
+      safe_browsing::LoginReputationClientRequest::TriggerType trigger_type,
+      safe_browsing::ReusedPasswordAccountType password_type,
+      safe_browsing::LoginReputationClientResponse* out_response) override;
+
+  // Returns the number of saved verdicts for the given |trigger_type|.
+  int GetStoredVerdictCount(
+      safe_browsing::LoginReputationClientRequest::TriggerType trigger_type)
+      override;
+
   void MaybeReportPasswordReuseDetected(
       safe_browsing::PasswordProtectionRequest* request,
       const std::string& username,

diff --git a/ios/chrome/browser/safe_browsing/chrome_password_protection_service.mm b/ios/chrome/browser/safe_browsing/chrome_password_protection_service.mm
@@ -21,6 +21,7 @@
 #include "components/safe_browsing/core/common/safebrowsing_constants.h"
 #include "components/safe_browsing/core/common/utils.h"
 #include "components/safe_browsing/core/features.h"
+#include "components/safe_browsing/core/verdict_cache_manager.h"
 #include "components/safe_browsing/ios/password_protection/password_protection_request_ios.h"
 #include "components/signin/public/identity_manager/identity_manager.h"
 #include "components/strings/grit/components_strings.h"
@@ -35,6 +36,7 @@
 #include "ios/chrome/browser/passwords/ios_chrome_password_store_factory.h"
 #import "ios/chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "ios/chrome/browser/safe_browsing/user_population.h"
+#import "ios/chrome/browser/safe_browsing/verdict_cache_manager_factory.h"
 #include "ios/chrome/browser/signin/identity_manager_factory.h"
 #include "ios/chrome/browser/sync/ios_user_event_service_factory.h"
 #include "ios/chrome/browser/sync/profile_sync_service_factory.h"
@@ -75,6 +77,14 @@
 
 namespace {
 
+// Returns true if the command line has an artificial unsafe cached verdict.
+bool HasArtificialCachedVerdict() {
+  std::string phishing_url_string =
+      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          safe_browsing::kArtificialCachedPhishGuardVerdictFlag);
+  return !phishing_url_string.empty();
+}
+
 // Given a |web_state|, returns a timestamp of its last committed
 // navigation.
 int64_t GetLastCommittedNavigationTimestamp(web::WebState* web_state) {
@@ -168,6 +178,40 @@ int64_t GetLastCommittedNavigationTimestamp(web::WebState* web_state) {
   }
 }
 
+void ChromePasswordProtectionService::CacheVerdict(
+    const GURL& url,
+    LoginReputationClientRequest::TriggerType trigger_type,
+    ReusedPasswordAccountType password_type,
+    const LoginReputationClientResponse& verdict,
+    const base::Time& receive_time) {
+  if (!CanGetReputationOfURL(url) || IsIncognito())
+    return;
+  VerdictCacheManagerFactory::GetForBrowserState(browser_state_)
+      ->CachePhishGuardVerdict(trigger_type, password_type, verdict,
+                               receive_time);
+}
+
+LoginReputationClientResponse::VerdictType
+ChromePasswordProtectionService::GetCachedVerdict(
+    const GURL& url,
+    LoginReputationClientRequest::TriggerType trigger_type,
+    ReusedPasswordAccountType password_type,
+    LoginReputationClientResponse* out_response) {
+  if (HasArtificialCachedVerdict() ||
+      (url.is_valid() && CanGetReputationOfURL(url))) {
+    return VerdictCacheManagerFactory::GetForBrowserState(browser_state_)
+        ->GetCachedPhishGuardVerdict(url, trigger_type, password_type,
+                                     out_response);
+  }
+  return LoginReputationClientResponse::VERDICT_TYPE_UNSPECIFIED;
+}
+
+int ChromePasswordProtectionService::GetStoredVerdictCount(
+    LoginReputationClientRequest::TriggerType trigger_type) {
+  return VerdictCacheManagerFactory::GetForBrowserState(browser_state_)
+      ->GetStoredPhishGuardVerdictCount(trigger_type);
+}
+
 void ChromePasswordProtectionService::MaybeReportPasswordReuseDetected(
     safe_browsing::PasswordProtectionRequest* request,
     const std::string& username,