Include full redirect chain in downloads safebrowsing ping.

BUG=80097
TEST=tcpdump

Review URL: http://codereview.chromium.org/6935032

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84861 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 35 insertions, 14 deletions

diff --git a/chrome/browser/download/download_manager_unittest.cc b/chrome/browser/download/download_manager_unittest.cc
index 7b10e86..9365846 100644
--- a/chrome/browser/download/download_manager_unittest.cc
+++ b/chrome/browser/download/download_manager_unittest.cc
@@ -348,6 +348,7 @@ TEST_F(DownloadManagerTest, DownloadRenameTest) {
     DownloadCreateInfo* info(new DownloadCreateInfo);
     info->download_id = static_cast<int>(i);
     info->prompt_user_for_save_location = false;
+    info->url_chain.push_back(GURL());
     info->is_dangerous_file = kDownloadRenameCases[i].is_dangerous_file;
     info->is_dangerous_url = kDownloadRenameCases[i].is_dangerous_url;
     FilePath new_path(kDownloadRenameCases[i].suggested_path);
@@ -402,6 +403,7 @@ TEST_F(DownloadManagerTest, DownloadInterruptTest) {
   DownloadCreateInfo* info(new DownloadCreateInfo);
   info->download_id = static_cast<int>(0);
   info->prompt_user_for_save_location = false;
+  info->url_chain.push_back(GURL());
   info->is_dangerous_file = false;
   info->is_dangerous_url = false;
   const FilePath new_path(FILE_PATH_LITERAL("foo.zip"));
@@ -467,6 +469,7 @@ TEST_F(DownloadManagerTest, DownloadCancelTest) {
   DownloadCreateInfo* info(new DownloadCreateInfo);
   info->download_id = static_cast<int>(0);
   info->prompt_user_for_save_location = false;
+  info->url_chain.push_back(GURL());
   info->is_dangerous_file = false;
   info->is_dangerous_url = false;
   const FilePath new_path(FILE_PATH_LITERAL("foo.zip"));
@@ -545,6 +548,7 @@ TEST_F(DownloadManagerTest, DownloadOverwriteTest) {
   DownloadCreateInfo* info(new DownloadCreateInfo);
   info->download_id = static_cast<int>(0);
   info->prompt_user_for_save_location = true;
+  info->url_chain.push_back(GURL());
   info->is_dangerous_file = false;
   info->is_dangerous_url = false;
 
diff --git a/chrome/browser/download/download_safe_browsing_client.cc b/chrome/browser/download/download_safe_browsing_client.cc
index 3e0577c..36cf5fb 100644
--- a/chrome/browser/download/download_safe_browsing_client.cc
+++ b/chrome/browser/download/download_safe_browsing_client.cc
@@ -28,6 +28,7 @@ DownloadSBClient::DownloadSBClient(int32 download_id,
     url_chain_(url_chain),
     referrer_url_(referrer_url) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  DCHECK(!url_chain.empty());
   ResourceDispatcherHost* rdh = g_browser_process->resource_dispatcher_host();
   if (rdh)
     sb_service_ = rdh->safe_browsing_service();
@@ -158,11 +159,16 @@ void DownloadSBClient::SafeBrowsingCheckHashDone(
 
 void DownloadSBClient::ReportMalware(
     SafeBrowsingService::UrlCheckResult result) {
+  std::string post_data;
+  for (size_t i = 0; i < url_chain_.size(); ++i)
+    post_data += url_chain_[i].spec() + "\n";
+
   sb_service_->ReportSafeBrowsingHit(url_chain_.back(),  // malicious_url
                                      url_chain_.front(), // page_url
                                      referrer_url_,
                                      true,
-                                     result);
+                                     result,
+                                     post_data);
 }
 
 void DownloadSBClient::UpdateDownloadCheckStats(SBStatsType stat_type) {
diff --git a/chrome/browser/safe_browsing/protocol_manager.cc b/chrome/browser/safe_browsing/protocol_manager.cc
index 52a2927..37ae77d 100644
--- a/chrome/browser/safe_browsing/protocol_manager.cc
+++ b/chrome/browser/safe_browsing/protocol_manager.cc
@@ -649,13 +649,17 @@ void SafeBrowsingProtocolManager::ReportSafeBrowsingHit(
     const GURL& page_url,
     const GURL& referrer_url,
     bool is_subresource,
-    SafeBrowsingService::UrlCheckResult threat_type) {
+    SafeBrowsingService::UrlCheckResult threat_type,
+    const std::string& post_data) {
   GURL report_url = SafeBrowsingHitUrl(malicious_url, page_url,
                                        referrer_url, is_subresource,
                                        threat_type);
-  URLFetcher* report = new URLFetcher(report_url, URLFetcher::GET, this);
+  URLFetcher* report = new URLFetcher(
+      report_url, post_data.empty() ? URLFetcher::GET : URLFetcher::POST, this);
   report->set_load_flags(net::LOAD_DISABLE_CACHE);
   report->set_request_context(request_context_getter_);
+  if (!post_data.empty())
+    report->set_upload_data("text/plain", post_data);
   report->Start();
   safebrowsing_reports_.insert(report);
 }
diff --git a/chrome/browser/safe_browsing/protocol_manager.h b/chrome/browser/safe_browsing/protocol_manager.h
index 11a264e0..2b3db3a 100644
--- a/chrome/browser/safe_browsing/protocol_manager.h
+++ b/chrome/browser/safe_browsing/protocol_manager.h
@@ -132,13 +132,14 @@ class SafeBrowsingProtocolManager : public URLFetcher::Delegate {
   void OnChunkInserted();
 
   // For UMA users we report to Google when a SafeBrowsing interstitial is shown
-  // to the user.  We assume that the threat type is either URL_MALWARE or
-  // URL_PHISHING.
+  // to the user.  |threat_type| should be one of the types known by
+  // SafeBrowsingHitUrl.
   void ReportSafeBrowsingHit(const GURL& malicious_url,
                              const GURL& page_url,
                              const GURL& referrer_url,
                              bool is_subresource,
-                             SafeBrowsingService::UrlCheckResult threat_type);
+                             SafeBrowsingService::UrlCheckResult threat_type,
+                             const std::string& post_data);
 
   // Users can opt-in on the SafeBrowsing interstitial to send detailed
   // malware reports. |report| is the serialized report.
diff --git a/chrome/browser/safe_browsing/safe_browsing_service.cc b/chrome/browser/safe_browsing/safe_browsing_service.cc
index 0d9caf1..9aceb11 100644
--- a/chrome/browser/safe_browsing/safe_browsing_service.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_service.cc
@@ -1026,7 +1026,7 @@ void SafeBrowsingService::DoDisplayBlockingPage(
       page_url = resource.original_url;
     }
     ReportSafeBrowsingHit(resource.url, page_url, referrer_url, is_subresource,
-                          resource.threat_type);
+                          resource.threat_type, std::string() /* post_data */);
   }
 
   SafeBrowsingBlockingPage::ShowBlockingPage(this, resource);
@@ -1039,7 +1039,8 @@ void SafeBrowsingService::ReportSafeBrowsingHit(
     const GURL& page_url,
     const GURL& referrer_url,
     bool is_subresource,
-    SafeBrowsingService::UrlCheckResult threat_type) {
+    SafeBrowsingService::UrlCheckResult threat_type,
+    const std::string& post_data) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   if (!CanReportStats())
     return;
@@ -1053,7 +1054,8 @@ void SafeBrowsingService::ReportSafeBrowsingHit(
           page_url,
           referrer_url,
           is_subresource,
-          threat_type));
+          threat_type,
+          post_data));
 }
 
 void SafeBrowsingService::ReportSafeBrowsingHitOnIOThread(
@@ -1061,7 +1063,8 @@ void SafeBrowsingService::ReportSafeBrowsingHitOnIOThread(
     const GURL& page_url,
     const GURL& referrer_url,
     bool is_subresource,
-    SafeBrowsingService::UrlCheckResult threat_type) {
+    SafeBrowsingService::UrlCheckResult threat_type,
+    const std::string& post_data) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   if (!enabled_)
     return;
@@ -1071,7 +1074,7 @@ void SafeBrowsingService::ReportSafeBrowsingHitOnIOThread(
            << threat_type;
   protocol_manager_->ReportSafeBrowsingHit(malicious_url, page_url,
                                            referrer_url, is_subresource,
-                                           threat_type);
+                                           threat_type, post_data);
 }
 
 // If the user had opted-in to send MalwareDetails, this gets called
diff --git a/chrome/browser/safe_browsing/safe_browsing_service.h b/chrome/browser/safe_browsing/safe_browsing_service.h
index 85a7f9fe..0803a578 100644
--- a/chrome/browser/safe_browsing/safe_browsing_service.h
+++ b/chrome/browser/safe_browsing/safe_browsing_service.h
@@ -248,12 +248,14 @@ class SafeBrowsingService
   virtual void SendSerializedMalwareDetails(const std::string& serialized);
 
   // Report hits to the unsafe contents (malware, phishing, unsafe download URL)
-  // to the server. Can only be called on UI thread.
+  // to the server. Can only be called on UI thread.  If |post_data| is
+  // non-empty, the request will be sent as a POST instead of a GET.
   void ReportSafeBrowsingHit(const GURL& malicious_url,
                              const GURL& page_url,
                              const GURL& referrer_url,
                              bool is_subresource,
-                             UrlCheckResult threat_type);
+                             UrlCheckResult threat_type,
+                             const std::string& post_data);
 
  protected:
   // Creates the safe browsing service.  Need to initialize before using.
@@ -367,7 +369,8 @@ class SafeBrowsingService
                                        const GURL& page_url,
                                        const GURL& referrer_url,
                                        bool is_subresource,
-                                       UrlCheckResult threat_type);
+                                       UrlCheckResult threat_type,
+                                       const std::string& post_data);
 
   // Checks the download hash on safe_browsing_thread_.
   void CheckDownloadHashOnSBThread(SafeBrowsingCheck* check);