Audit calls to GURL::SchemeIs(url::kHttp*Scheme).

Check for correctness, safety, and generality. Now that we have
GURL::SchemeIsCryptographic, it may be a better callee in certain call sites.

BUG=486087

Review URL: https://codereview.chromium.org/1133593005

Cr-Commit-Position: refs/heads/master@{#333001}

8 files changed, 22 insertions, 11 deletions

diff --git a/chrome/browser/captive_portal/captive_portal_browsertest.cc b/chrome/browser/captive_portal/captive_portal_browsertest.cc
index 2c8e915..72fe2bf 100644
--- a/chrome/browser/captive_portal/captive_portal_browsertest.cc
+++ b/chrome/browser/captive_portal/captive_portal_browsertest.cc
@@ -342,7 +342,7 @@ void URLRequestTimeoutOnDemandJob::FailOrAbandonJobsOnIOThread(
                                 net::URLRequestStatus::FAILED,
                                 net::ERR_CONNECTION_TIMED_OUT));
     } else if (end_job_operation == FAIL_JOBS_WITH_CERT_ERROR) {
-      ASSERT_TRUE(job->request()->url().SchemeIs(url::kHttpsScheme));
+      DCHECK(job->request()->url().SchemeIsCryptographic());
       net::SSLInfo info;
       info.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
       info.cert = new net::X509Certificate(
diff --git a/chrome/browser/notifications/platform_notification_service_impl.cc b/chrome/browser/notifications/platform_notification_service_impl.cc
index cafd270..d1fb2b2 100644
--- a/chrome/browser/notifications/platform_notification_service_impl.cc
+++ b/chrome/browser/notifications/platform_notification_service_impl.cc
@@ -392,6 +392,8 @@ base::string16 PlatformNotificationServiceImpl::DisplayNameForOrigin(
 }
 
 // static
+// TODO(palmer): It might be good to replace this with a call to
+// |FormatUrlForSecurityDisplay|. crbug.com/496965
 base::string16 PlatformNotificationServiceImpl::WebOriginDisplayName(
     const GURL& origin,
     const std::string& languages) {
diff --git a/chrome/browser/ui/website_settings/website_settings.cc b/chrome/browser/ui/website_settings/website_settings.cc
index 74c37e9..d6b51f1 100644
--- a/chrome/browser/ui/website_settings/website_settings.cc
+++ b/chrome/browser/ui/website_settings/website_settings.cc
@@ -200,6 +200,14 @@ void WebsiteSettings::RecordWebsiteSettingsAction(
 
   // Use a separate histogram to record actions if they are done on a page with
   // an HTTPS URL. Note that this *disregards* security status.
+  //
+
+  // TODO(palmer): Consider adding a new histogram for
+  // GURL::SchemeIsCryptographic. (We don't want to replace this call with a
+  // call to that function because we don't want to change the meanings of
+  // existing metrics.) This would inform the decision to mark non-secure
+  // origins as Dubious or Non-Secure; the overall bug for that is
+  // crbug.com/454579.
   if (site_url_.SchemeIs(url::kHttpsScheme)) {
     UMA_HISTOGRAM_ENUMERATION("WebsiteSettings.Action.HttpsUrl",
                               action,
diff --git a/components/autofill/content/renderer/autofill_agent.cc b/components/autofill/content/renderer/autofill_agent.cc
index e09021e..b6686c3 100644
--- a/components/autofill/content/renderer/autofill_agent.cc
+++ b/components/autofill/content/renderer/autofill_agent.cc
@@ -296,8 +296,8 @@ void AutofillAgent::didRequestAutocomplete(
   content::SSLStatus ssl_status =
       render_frame()->GetRenderView()->GetSSLStatusOfFrame(
           form.document().frame());
-  bool is_safe = url.SchemeIs(url::kHttpsScheme) &&
-      !net::IsCertStatusError(ssl_status.cert_status);
+  bool is_safe = url.SchemeIsCryptographic() &&
+                 !net::IsCertStatusError(ssl_status.cert_status);
   bool allow_unsafe = base::CommandLine::ForCurrentProcess()->HasSwitch(
       ::switches::kReduceSecurityForTesting);
   FormData form_data;
diff --git a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config.cc b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config.cc
index 8c03c9a..6beee3c 100644
--- a/components/data_reduction_proxy/core/browser/data_reduction_proxy_config.cc
+++ b/components/data_reduction_proxy/core/browser/data_reduction_proxy_config.cc
@@ -324,8 +324,7 @@ bool DataReductionProxyConfig::AreDataReductionProxiesBypassed(
     return AreProxiesBypassed(
         request.context()->proxy_service()->proxy_retry_info(),
         data_reduction_proxy_config.proxy_rules(),
-        request.url().SchemeIs(url::kHttpsScheme),
-        min_retry_delay);
+        request.url().SchemeIsCryptographic(), min_retry_delay);
   }
 
   return false;
diff --git a/components/omnibox/base_search_provider.cc b/components/omnibox/base_search_provider.cc
index e0b6614..bb2db75 100644
--- a/components/omnibox/base_search_provider.cc
+++ b/components/omnibox/base_search_provider.cc
@@ -286,9 +286,10 @@ bool BaseSearchProvider::ZeroSuggestEnabled(
   if (!OmniboxFieldTrial::InZeroSuggestFieldTrial())
     return false;
 
-  // Make sure we are sending the suggest request through HTTPS to prevent
-  // exposing the current page URL or personalized results without encryption.
-  if (!suggest_url.SchemeIs(url::kHttpsScheme))
+  // Make sure we are sending the suggest request through a cryptographically
+  // secure channel to prevent exposing the current page URL or personalized
+  // results without encryption.
+  if (!suggest_url.SchemeIsCryptographic())
     return false;
 
   // Don't show zero suggest on the NTP.
diff --git a/components/search_engines/template_url.cc b/components/search_engines/template_url.cc
index 5f4633f..553c8f6 100644
--- a/components/search_engines/template_url.cc
+++ b/components/search_engines/template_url.cc
@@ -884,7 +884,7 @@ std::string TemplateURLRef::HandleReplacements(
           search_terms_args_without_aqs.assisted_query_stats.clear();
           GURL base_url(ReplaceSearchTerms(
               search_terms_args_without_aqs, search_terms_data, NULL));
-          if (base_url.SchemeIs(url::kHttpsScheme)) {
+          if (base_url.SchemeIsCryptographic()) {
             HandleReplacement(
                 "aqs", search_terms_args.assisted_query_stats, *i, &url);
           }
diff --git a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
index 9f4e3a9..3ee70f3 100644
--- a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
+++ b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
@@ -653,8 +653,9 @@ NSString* const kScriptImmediateName = @"crwebinvokeimmediate";
     return;
 
   // WKWebView will not load unauthenticated content.
-  item->GetSSL().security_style = item->GetURL().SchemeIs(url::kHttpsScheme) ?
-      web::SECURITY_STYLE_AUTHENTICATED : web::SECURITY_STYLE_UNAUTHENTICATED;
+  item->GetSSL().security_style = item->GetURL().SchemeIsCryptographic()
+                                      ? web::SECURITY_STYLE_AUTHENTICATED
+                                      : web::SECURITY_STYLE_UNAUTHENTICATED;
   int contentStatus = [_wkWebView hasOnlySecureContent] ?
       web::SSLStatus::NORMAL_CONTENT :
       web::SSLStatus::DISPLAYED_INSECURE_CONTENT;