Generate reports for Safe Browsing about external app redirects

This CL creates ClientSafeBrowsingReportRequests for external app
redirects and sends them to Safe Browsing when appropriate.

Bug: 372064001
Change-Id: Icfe0f595e2e3b699e2fd70e76314c5d403919ff6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5914755
Reviewed-by: thefrog <[email protected]>
Commit-Queue: Daniel Rubery <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1367810}

Author: Daniel Rubery

chrome/browser/safe_browsing/BUILD.gn

@@ -123,6 +123,8 @@ static_library("safe_browsing") {
       "delayed_warning_navigation_throttle.h",
       "download_protection/download_protection_util.cc",
       "download_protection/download_protection_util.h",
+      "external_app_redirect_checking.cc",
+      "external_app_redirect_checking.h",
       "network_context_service.cc",
       "network_context_service.h",
       "network_context_service_factory.cc",

chrome/browser/safe_browsing/android/BUILD.gn

@@ -17,11 +17,13 @@ source_set("android") {
 
   deps = [
     ":jni_headers",
+    "//chrome/browser:browser_process",
     "//chrome/browser/profiles",
     "//chrome/browser/safe_browsing:advanced_protection",
     "//components/password_manager/core/browser/leak_detection",
     "//components/password_manager/core/common",
     "//components/prefs",
+    "//components/safe_browsing/content/browser:safe_browsing_service",
     "//components/safe_browsing/core/common:safe_browsing_prefs",
     "//components/safe_browsing/core/common/hashprefix_realtime:hash_realtime_utils",
     "//components/signin/public/identity_manager",

chrome/browser/safe_browsing/android/safe_browsing_bridge.cc

@@ -6,12 +6,14 @@
 #include "base/files/file_path.h"
 // NOTE: This target is transitively depended on by //chrome/browser and thus
 // can't depend on it.
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/advanced_protection_status_manager.h"
 #include "chrome/browser/safe_browsing/advanced_protection_status_manager_factory.h"
 #include "chrome/browser/signin/identity_manager_factory.h"  // nogncheck
 #include "components/password_manager/core/common/password_manager_pref_names.h"
 #include "components/prefs/pref_service.h"
+#include "components/safe_browsing/content/browser/safe_browsing_service_interface.h"
 #include "components/safe_browsing/content/common/file_type_policies.h"
 #include "components/safe_browsing/core/common/hashprefix_realtime/hash_realtime_utils.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
@@ -105,6 +107,10 @@ static void JNI_SafeBrowsingBridge_ReportIntent(
     JNIEnv* env,
     content::WebContents* web_contents,
     std::string& package_name,
-    std::string& uri) {}
+    std::string& uri) {
+  reinterpret_cast<SafeBrowsingServiceInterface*>(
+      g_browser_process->safe_browsing_service())
+      ->ReportExternalAppRedirect(web_contents, package_name, uri);
+}
 
 }  // namespace safe_browsing

chrome/browser/safe_browsing/external_app_redirect_checking.cc

@@ -0,0 +1,155 @@
+// Copyright 2024 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/safe_browsing/external_app_redirect_checking.h"
+
+#include "base/json/values_util.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/safe_browsing/chrome_user_population_helper.h"
+#include "chrome/browser/safe_browsing/safe_browsing_navigation_observer_manager_factory.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "components/prefs/pref_service.h"
+#include "components/safe_browsing/content/browser/safe_browsing_navigation_observer_manager.h"
+#include "components/safe_browsing/core/browser/db/database_manager.h"
+#include "components/safe_browsing/core/common/proto/csd.pb.h"
+#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
+#include "content/public/browser/web_contents.h"
+#include "services/preferences/public/cpp/dictionary_value_update.h"
+#include "services/preferences/public/cpp/scoped_pref_update.h"
+
+namespace safe_browsing {
+
+namespace {
+
+constexpr base::TimeDelta kRecentVisitThreshold = base::Days(30);
+
+// Keys in base::Value::Dict cannot contain periods.
+std::string SanitizeAppName(std::string_view app_name) {
+  std::string sanitized;
+  sanitized.reserve(app_name.size());
+  for (char c : app_name) {
+    if (c != '.') {
+      sanitized += c;
+    } else {
+      sanitized += '_';
+    }
+  }
+
+  return sanitized;
+}
+
+bool HasRecentAppVisit(PrefService& prefs, std::string_view app_name) {
+  const base::Value::Dict& timestamps =
+      prefs.GetDict(prefs::kExternalAppRedirectTimestamps);
+  std::optional<base::Time> app_timestamp =
+      base::ValueToTime(timestamps.Find(SanitizeAppName(app_name)));
+  if (!app_timestamp) {
+    return false;
+  }
+  return base::Time::Now() - *app_timestamp <= kRecentVisitThreshold;
+}
+
+void OnAllowlistCheckComplete(
+    base::OnceCallback<void(bool)> callback,
+    bool is_allowlisted,
+    std::optional<SafeBrowsingDatabaseManager::
+                      HighConfidenceAllowlistCheckLoggingDetails>) {
+  std::move(callback).Run(!is_allowlisted);
+}
+
+}  // namespace
+
+void ShouldReportExternalAppRedirect(
+    scoped_refptr<SafeBrowsingDatabaseManager> database_manager,
+    content::WebContents* web_contents,
+    std::string_view app_name,
+    base::OnceCallback<void(bool)> callback) {
+  if (!base::FeatureList::IsEnabled(kExternalAppRedirectTelemetry)) {
+    // Always run `callback` asynchronously, to make calling code simpler.
+    base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
+        FROM_HERE, base::BindOnce(std::move(callback), false));
+    return;
+  }
+
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  if (profile->IsOffTheRecord()) {
+    base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
+        FROM_HERE, base::BindOnce(std::move(callback), false));
+    return;
+  }
+
+  PrefService& prefs = *profile->GetPrefs();
+  if (!IsEnhancedProtectionEnabled(prefs)) {
+    base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
+        FROM_HERE, base::BindOnce(std::move(callback), false));
+    return;
+  }
+
+  if (app_name.empty() || HasRecentAppVisit(prefs, app_name)) {
+    base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
+        FROM_HERE, base::BindOnce(std::move(callback), false));
+    return;
+  }
+
+  database_manager->CheckUrlForHighConfidenceAllowlist(
+      web_contents->GetLastCommittedURL(),
+      base::BindOnce(&OnAllowlistCheckComplete, std::move(callback)));
+}
+
+void LogExternalAppRedirectTimestamp(PrefService& prefs,
+                                     std::string_view app_name) {
+  if (app_name.empty()) {
+    return;
+  }
+  prefs::ScopedDictionaryPrefUpdate update(
+      &prefs, prefs::kExternalAppRedirectTimestamps);
+  update->Set(SanitizeAppName(app_name), base::TimeToValue(base::Time::Now()));
+}
+
+void CleanupExternalAppRedirectTimestamps(PrefService& prefs) {
+  std::vector<std::string> to_remove;
+  for (const auto [app_name, timestamp_value] :
+       prefs.GetDict(prefs::kExternalAppRedirectTimestamps)) {
+    std::optional<base::Time> timestamp = base::ValueToTime(timestamp_value);
+    if (!timestamp || base::Time::Now() - *timestamp >= kRecentVisitThreshold) {
+      to_remove.push_back(app_name);
+    }
+  }
+
+  prefs::ScopedDictionaryPrefUpdate update(
+      &prefs, prefs::kExternalAppRedirectTimestamps);
+  for (const std::string& key : to_remove) {
+    update->Remove(key);
+  }
+}
+
+std::unique_ptr<ClientSafeBrowsingReportRequest> MakeExternalAppRedirectReport(
+    content::WebContents* web_contents,
+    std::string_view uri) {
+  constexpr int kReferrerChainUserGestureLimit = 2;
+
+  if (!web_contents) {
+    return nullptr;
+  }
+
+  auto report = std::make_unique<ClientSafeBrowsingReportRequest>();
+
+  report->set_type(ClientSafeBrowsingReportRequest::EXTERNAL_APP_REDIRECT);
+  report->set_url(std::string(uri));
+  report->set_page_url(web_contents->GetLastCommittedURL().spec());
+  *report->mutable_population() = GetUserPopulationForProfile(
+      Profile::FromBrowserContext(web_contents->GetBrowserContext()));
+  auto* navigation_observer_manager =
+      SafeBrowsingNavigationObserverManagerFactory::GetForBrowserContext(
+          web_contents->GetBrowserContext());
+
+  navigation_observer_manager->IdentifyReferrerChainByRenderFrameHost(
+      web_contents->GetPrimaryMainFrame(), kReferrerChainUserGestureLimit,
+      report->mutable_referrer_chain());
+  return report;
+}
+
+}  // namespace safe_browsing

chrome/browser/safe_browsing/external_app_redirect_checking.h

@@ -0,0 +1,46 @@
+// Copyright 2024 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SAFE_BROWSING_EXTERNAL_APP_REDIRECT_CHECKING_H_
+#define CHROME_BROWSER_SAFE_BROWSING_EXTERNAL_APP_REDIRECT_CHECKING_H_
+
+#include <string>
+
+#include "base/functional/bind.h"
+
+namespace content {
+class WebContents;
+}
+
+class PrefService;
+
+namespace safe_browsing {
+
+class ClientSafeBrowsingReportRequest;
+class SafeBrowsingDatabaseManager;
+
+// Asynchronously check whether we should report to Safe Browsing a redirect by
+// `web_contents` to `app_name`. Returns the result asynchronously through
+// `callback`.
+void ShouldReportExternalAppRedirect(
+    scoped_refptr<SafeBrowsingDatabaseManager> database_manager,
+    content::WebContents* web_contents,
+    std::string_view app_name,
+    base::OnceCallback<void(bool)> callback);
+
+// Log the current time as the most recent usage of a redirect to the given app.
+void LogExternalAppRedirectTimestamp(PrefService& prefs,
+                                     std::string_view app_name);
+
+// Clean up expired redirect timestamps.
+void CleanupExternalAppRedirectTimestamps(PrefService& prefs);
+
+// Create the report that will be sent to Safe Browsing, if appropriate.
+std::unique_ptr<ClientSafeBrowsingReportRequest> MakeExternalAppRedirectReport(
+    content::WebContents* web_contents,
+    std::string_view uri);
+
+}  // namespace safe_browsing
+
+#endif  // CHROME_BROWSER_SAFE_BROWSING_EXTERNAL_APP_REDIRECT_CHECKING_H_