Add Malicious Site Protection algorithm pixels #5604
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
from
2592f74 to
39aa159
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
3 times, most recently
from
3d36dce to
79c5789
Compare
CrisBarreiro
changed the base branch from
develop
to
feature/cris/malicious-site-protection/do-not-auto-focus-omnibar-on-resume
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/do-not-auto-focus-omnibar-on-resume
branch
from
7001024 to
97b9ac5
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
from
79c5789 to
40577d8
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
from
40577d8 to
3cff846
Compare
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
3 times, most recently
from
3910261 to
d3e8362
Compare
| @@ -243,7 +270,7 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor( | |||
| } else { | |||
| Safe | |||
| } | |||
| processedUrls.clear() | |||
| processedUrls[url] = isMalicious | |||
There was a problem hiding this comment.
We have a previous check if (checkId == currentCheckId.get()) that validates this is related to the latest site trying to load. If we detect another site has started loading, we return safe to avoid showing the phishing page in the wrong context. However, we are assigning Safe to possible phishing pages here. I believe the right value here is processedUrls[url] = it.
There was a problem hiding this comment.
That makes a lot of sense, thanks!
| @@ -397,4 +397,6 @@ enum class AppPixelName(override val pixelName: String) : Pixel.PixelName { | |||
| SET_AS_DEFAULT_PROMPT_CLICK("m_set-as-default_prompt_click"), | |||
| SET_AS_DEFAULT_PROMPT_DISMISSED("m_set-as-default_prompt_dismissed"), | |||
| SET_AS_DEFAULT_IN_MENU_CLICK("m_set-as-default_in-menu_click"), | |||
|
|
|||
| MALICIOUS_SITE_DETECTED_IN_IFRAME("m_malicious-site-protection_iframe-loaded"), | |||
There was a problem hiding this comment.
why is this one here if we have MaliciousSitePixelName? this should be inside malicious module.
There was a problem hiding this comment.
Because MaliciousSitePixelName belongs to the MSP implementation module, and the MSP module knows nothing about iframes, that happens on the browser level
| Match(it.hostname, it.url, it.regex, it.hash, feed) | ||
| } else { | ||
| null | ||
| withTimeout(1000) { |
There was a problem hiding this comment.
I haven't found why 1000 is the timeout here in the pixel definition, or in Asana. Do we have it somewhere? would be good to move it into a const, and leave a comment or link with context.
There was a problem hiding this comment.
@cmonfortep, I believe this was discussed on a meeting. We recently created a task to document timeouts and it looks like all other platforms are using a different value, so I'll probably need to update this one. We also want to update the timeout for dataset downloads, and I've created a task for it, so for now I'm just extracting it to a constant. I've asked whether we want to update this timeout in particular to 5s, so in case the answer is yes, I'll use the task for dataset downloads timeout to also update this one
| if (!exempted) { | ||
| if (currentBrowserViewState().maliciousSiteDetected && previousSite?.url == url.toString()) return | ||
| Timber.tag("Cris").d("Received MaliciousSiteWarning for $url, feed: $feed, exempted: false, clientSideHit: $clientSideHit") |
There was a problem hiding this comment.
if you want to keep this log, we should use a the right tag.
There was a problem hiding this comment.
I removed the tag, since we don't seem to be setting any specific one for this class
| @@ -137,6 +140,9 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor( | |||
| if (!isEnabled()) { | |||
| return IsMaliciousViewData.Safe | |||
| } | |||
|
|
|||
| Timber.d("shouldIntercept ${request.url}") | |||
| val exemptedUrl = exemptedUrlsHolder.exemptedMaliciousUrls.firstOrNull { it.url.toString() == decodedUrl } | ||
|
|
||
| if (exemptedUrl != null) { | ||
| Timber.tag("MaliciousSiteDetector").d("Previously exempted, skipping $decodedUrl as ${exemptedUrl.feed}") | ||
| Timber.d("Previously exempted, skipping $decodedUrl as ${exemptedUrl.feed}") |
There was a problem hiding this comment.
I see we've removed tag, not sure if intentional
There was a problem hiding this comment.
Yes, similar to #5604 (comment), we don't use tag for other logs in this class
CrisBarreiro
force-pushed
the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
from
d3e8362 to
991e53b
Compare
CrisBarreiro
deleted the
feature/cris/malicious-site-protection/add-algorithm-pixels
branch
Task/Issue URL: https://app.asana.com/0/488551667048375/1209304069660515
Description
Steps to test this PR
Feature 1
Feature 2
Feature 3
UI changes