Display warning page for malicious sites #5416
Merged
+642
−25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Dec 19, 2024
Merged
This stack of pull requests is managed by Graphite. Learn more about stacking. |
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/blocking-algorithm
branch
from
ef6e36e to
75f7e5d
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
2 times, most recently
from
dc04edf to
97e340a
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/blocking-algorithm
branch
from
8cb9ae8 to
08a01f5
Compare
Base automatically changed from
feature/cris/malicious-site-protection/blocking-algorithm
to
feature/cris/malicious-site-protection/load-initial-dataset
January 10, 2025 16:29
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/load-initial-dataset
branch
5 times, most recently
from
7e348f0 to
1ca9aeb
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
2 times, most recently
from
48ba45d to
def68f6
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/load-initial-dataset
branch
from
95a99e2 to
d77fac9
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
from
34176e8 to
cae18b1
Compare
CrisBarreiro
commented
Jan 24, 2025
app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockerWebViewIntegration.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/BrowserTabViewModel.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/BrowserTabViewModel.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/BrowserTabViewModel.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/omnibar/OmnibarLayoutViewModel.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockedWarningLayout.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockerWebViewIntegration.kt
Outdated
Show resolved
Hide resolved
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/load-initial-dataset
branch
from
d77fac9 to
1c4cd9e
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
from
1e884da to
e7697fe
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/load-initial-dataset
branch
2 times, most recently
from
f20c37b to
9622274
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
from
bbdf911 to
7acab25
Compare
CrisBarreiro
commented
Jan 30, 2025
|
|
||
| @SingleInstanceIn(AppScope::class) | ||
| class ExemptedUrlsHolder @Inject constructor() { | ||
| val exemptedMaliciousUrls = mutableSetOf<String>() |
There was a problem hiding this comment.
we shouldn't expose a mutable set, but rather provide a method for exemptions to be added
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/load-initial-dataset
branch
from
9622274 to
8770d6e
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
from
7acab25 to
9142bc0
Compare
CrisBarreiro
added a commit
that referenced
this pull request
Jan 30, 2025
Task/Issue URL: https://app.asana.com/0/72649045549333/1207151848931036/f Also includes: https://app.asana.com/0/72649045549333/1208870183150418/f ### Description * Add logic to keep a malicious site dataset up-to-date * Add blocking algorithm for malicious sites (temporarily show a snackbar whenever a site is identified as malicious) * Add algorithm to determine whether a URL is malicious or not. Details are described [here](https://app.asana.com/0/481882893211075/1207273224076497/f) (Approach A, _"Implement MaliciousSiteDetection client library that"_ section). API was discussed [here](https://app.asana.com/0/1202552961248957/1208934234411796/f) ### Steps to test this PR _Pre-requisites_ - [x] Enable `enableMaliciousSiteProtection` under `androidBrowserConfig` > [!NOTE] > Since this implementation only shows a toast, my recommendation is to do the testing along with #5416 _Feature 1_ - [x] Open https://privacy-test-pages.site/security/badware/, check snackbar isn't shown - [x] Check a Snackbar informing of a malicious site is shown for the following tests - [ ] [Standard Phishing Test](https://privacy-test-pages.site/security/badware/phishing.html) - [ ] [Standard Malware Test](https://privacy-test-pages.site/security/badware/malware.html) - [ ] [Phishing iFrame Loader](https://privacy-test-pages.site/security/badware/phishing-iframe-loader.html) - [ ] [Phishing JS Redirector (Direct)](https://privacy-test-pages.site/security/badware/phishing-js-redirector-helper.html) - [ ] [Phishing JS Redirector (Indirect)](https://privacy-test-pages.site/security/badware/phishing-js-redirector.html) - [ ] [Phishing Legit iFrame Loader](https://privacy-test-pages.site/security/badware/phishing-legit-iframe-loader.html) - [ ] [Phishing Redirect via Meta Refresh (Not Flagged in Dataset)](https://privacy-test-pages.site/security/badware/phishing-meta-redirect-clean.html) - [ ] [Phishing Redirect via Meta Refresh (Flagged in Dataset)](https://privacy-test-pages.site/security/badware/phishing-meta-redirect.html) - [ ] [Phishing Open via Popups](https://privacy-test-pages.site/security/badware/phishing-popups.html) - [ ] [Phishing Opening with URL Tampering](https://privacy-test-pages.site/security/badware/phishing-url-tampering.html) - [ ] [Phishing Form Submission](https://privacy-test-pages.site/security/badware/phishing-form-submission.html) -> Submit form - [ ] [Phishing Service Worker](https://privacy-test-pages.site/security/badware/phishing-service-worker.html) - Only navigate, not fetch - [ ] [HTTP 301 Redirect to Main Phishing Test Page](https://privacy-test-pages.site/security/badware/phishing-redirect/) - [ ] [HTTP 302 Redirect to Main Phishing Test Page](https://privacy-test-pages.site/security/badware/phishing-redirect/302) - [ ] [HTTP Redirect to Phishing JS Redirector (Indirect)](https://privacy-test-pages.site/security/badware/phishing-redirect/js) - [ ] [HTTP Redirect to Phishing JS Redirector (Direct)](https://privacy-test-pages.site/security/badware/phishing-redirect/js2) - [ ] [HTTP Redirect to Phishing iFrame Loader](https://privacy-test-pages.site/security/badware/phishing-redirect/iframe) - [ ] [HTTP Redirect to Clean Meta Refresh Redirector](https://privacy-test-pages.site/security/badware/phishing-redirect/meta) - [ ] [HTTP Redirect to Flagged Meta Refresh Redirector](https://privacy-test-pages.site/security/badware/phishing-redirect/meta2) ### UI changes n/a, toast is temporary, an error page will be added in the next PR
Base automatically changed from
feature/cris/malicious-site-protection/load-initial-dataset
to
develop
January 30, 2025 14:03
(cherry picked from commit 51d4367)
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/error-page
branch
from
9142bc0 to
6ea4903
Compare
4 tasks
cmonfortep
approved these changes
Jan 31, 2025
There was a problem hiding this comment.
(@CrisBarreiro has reviewed the PR but she can't approve it since she created the PR)
CrisBarreiro
deleted the
feature/cris/malicious-site-protection/error-page
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Task/Issue URL: https://app.asana.com/0/72649045549333/1208836754662807/f
Description
Steps to test this PR
Pre-requisites
Feature 1
Feature 2
Feature 3
Feature 4
Feature 5
Feature 6
UI changes