Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malicious site protection App settings #3734

Open
wants to merge 48 commits into
base: alessandro/malicious-site-protection-navigation-detection-integration
Choose a base branch
from
Open

Malicious site protection App settings #3734

wants to merge 48 commits into from

Conversation

alessandroboron
Copy link
Contributor

Task/Issue URL: https://app.asana.com/0/72649045549333/1207944134334660/f
Tech Design URL: https://app.asana.com/0/72649045549333/1207273224076495/f
CC: @not-a-rootkit

Description:

Adds the Malicious Site Protection Settings in the General App Settings.

Steps to test this PR:

Prerequisites: Ensure that MaliciousSiteProtectionFeatureFlags.swift -> isMaliciousSiteProtectionEnabled and shouldDetectMaliciousThreat(forDomain domain: String?) return true.

Scenario 1 - Malicious Site Protection section should not show in settings

  1. Ensure that MaliciousSiteProtectionFeatureFlags.swift -> isMaliciousSiteProtectionEnabled returns false
  2. Open App Settings.
  3. Tap on “General”.
  4. Malicious Site Protection section should not be visible in the App settings.

Scenario 2 - Malicious Site Protection section shows in settings

  1. Ensure that MaliciousSiteProtectionFeatureFlags.swift -> isMaliciousSiteProtectionEnabled returns true
  2. Open App Settings.
  3. Tap on “General”.
  4. Malicious Site Protection section should be visible in the App settings.

Scenario 3 - Disabling Malicious Site Protection does not show special error pages

  1. Ensure that MaliciousSiteProtectionFeatureFlags.swift -> isMaliciousSiteProtectionEnabled and shouldDetectMaliciousThreat(forDomain domain: String?) return true.
  2. Open App Settings.
  3. Tap on “General”.
  4. Disable Malicious Site Protection.
  5. Navigate to http://privacy-test-pages.site/security/badware/phishing.html.
  6. Ensure that the special error page is not shown.

Scenario 4 - Enabling Malicious Site Protection shows special error pages

  1. Ensure that MaliciousSiteProtectionFeatureFlags.swift -> isMaliciousSiteProtectionEnabled and shouldDetectMaliciousThreat(forDomain domain: String?) return true.
  2. Open App Settings.
  3. Tap on “General”.
  4. Enable Malicious Site Protection.
  5. Navigate to http://privacy-test-pages.site/security/badware/phishing.html.
  6. Ensure that the special error page is shown.

Scenario 5 - Malicious Site Protection preference is remembered across app launches

  1. Open App Settings.
  2. Tap on “General”.
  3. Change the value of the Malicious Site Protection toggle.
  4. Restart the App.
  5. Ensure that the new value is persisted across app launches

Scenario 6 - Malicious Site Protection Learn More opens a tab

  1. Open App Settings.
  2. Tap on “General”.
  3. Tap the Malicious Site Protection “Learn More” Button.
  4. Ensure that the App opens a new tab and load the DDG learn more website.

Scenario 7 - Disabling Malicious Site Protection shows a warning message to the user

  1. Open App Settings.
  2. Tap on “General”.
  3. Disable Malicious Site Protection.
  4. Ensure that a warning message (in red) is shown to the user.
  5. Enable Malicious site Protection.
  6. Ensure that the warning message disappears.

Definition of Done (Internal Only):

Copy Testing:

  • Use of correct apostrophes in new copy, ie rather than '

Orientation Testing:

  • Portrait
  • Landscape

Device Testing:

  • iPhone SE (1st Gen)
  • iPhone 8
  • iPhone X
  • iPhone 14 Pro
  • iPad

OS Testing:

  • iOS 15
  • iOS 16
  • iOS 17

Theme Testing:

  • Light theme
  • Dark theme
Internal references:

Software Engineering Expectations
Technical Design Template

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 17, 2024
edited
Loading

Messages
📖

You seem to be updating localized strings. Make sure that you request translations and include translated strings before you ship your change. See Localization Guidelines for more information.

Generated by 🚫 dangerJS against 5be55a9

@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-navigation-detection-integration branch from ed4e32b to b5fe830 Compare December 19, 2024 12:49
@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-settings branch from 9cbec1b to 74e9353 Compare December 19, 2024 12:52
@github-actions GitHub Actions
Copy link

This PR has been inactive for more than 7 days and will be automatically closed 7 days from now.

@github-actions github-actions bot added the stale label Dec 27, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 4, 2025

This PR has been closed after 14 days of inactivity. Feel free to reopen it if you plan to continue working on it or have further discussions.

@github-actions github-actions bot closed this Jan 4, 2025
@alessandroboron
Add Detection Logic
1360413
@alessandroboron
Integrate MaliciousSiteProtection
ef254a4
@alessandroboron
Hardcode malicious site detection
5c548fc
@alessandroboron
Use isSpecialErrorPageRequest flag to avoid navigation loops
ff38770
@alessandroboron
Clean up due to integration with BSK
2677c74
@alessandroboron
Add test for malicious site navigation handler
d4e9dff
@alessandroboron
Disable adding redirect to examption URLs
413e3fe
@alessandroboron
Re-set bypassed threat kind at every page load
29c4ce3
@alessandroboron
Refactor MaliciousSiteProtectionNavigationHandler
0948220
@alessandroboron
Refactor SpecialErrorPageNavigationHandler and handle synchronisation
1951870
@alessandroboron
Fix typo for Malicious site Navigation Handler method
a3b09c0
@alessandroboron
Update the logic for handling malicious site protection
ab8d26a
@alessandroboron
Close Tab when leaving malicious site
1e34d32
@alessandroboron
Update BSK version
937bcab
@alessandroboron
Clean up
c187557
@alessandroboron
Update BSK after rebasing
1c0bc9d
@alessandroboron
Address PR comments
18405b2
@alessandroboron
Update BSK after merge conflicts resolve
c3dbd41
@alessandroboron
Rename AppState -> Testing to AppTesting
72ba9b3
@alessandroboron
Update privacy icon for special error pages
83cb6f0
@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-navigation-detection-integration branch from d8212aa to 966f6cc Compare January 10, 2025 01:42
@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-navigation-detection-integration branch from 966f6cc to 4d87dab Compare January 10, 2025 07:25
@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-settings branch from fae19a7 to 5be55a9 Compare January 10, 2025 07:33
SabrinaTardio
SabrinaTardio approved these changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@SabrinaTardio SabrinaTardio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as described!

DuckDuckGo/en.lproj/Localizable.strings
@@ -1629,6 +1629,18 @@ https://duckduckgo.com/mac";
/* Title for the Mac Waitlist feature */
"mac-waitlist.title" = "DuckDuckGo App for Mac";

/* Button that redirect the user to a web page explaining what Malicious Site Protection is */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume we are gonna add the translations later on? maybe it’s worth getting them soon (I assume the copy should be confirmed since it is live on macOS)

@alessandroboron alessandroboron force-pushed the alessandro/malicious-site-protection-navigation-detection-integration branch from 4d87dab to 91622ac Compare January 14, 2025 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SabrinaTardio SabrinaTardio SabrinaTardio approved these changes

@jaceklyp jaceklyp Awaiting requested review from jaceklyp

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alessandroboron @SabrinaTardio