-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intercept requests and add skeleton for malicious site detection #5369
base: develop
Are you sure you want to change the base?
Intercept requests and add skeleton for malicious site detection #5369
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
...st/java/com/duckduckgo/app/browser/webview/RealMaliciousSiteBlockerWebViewIntegrationTest.kt
Outdated
Show resolved
Hide resolved
8d0f3b0
to
0b7f33d
Compare
...c/main/java/com/duckduckgo/app/browser/webview/RealMaliciousSiteBlockerWebViewIntegration.kt
Outdated
Show resolved
Hide resolved
7fd8100
to
c24dff3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just testing the changes (haven't started the code review yet)
Sharing something I've found:
- when clicking any link in this URL https://www.yahoo.com/?guccounter=1, the url changes but I don't see it in the logs.
- After some normal browsing on a tab, testing back and forward navigation between sites, I don't see some URLs appearing, and that I can repro. (edit: actually I think this never works, and the urls I see is just some requests the site triggers)
- I think this one is fine but just fyi, in the logs I see http://domain.com and https://domain.com (just changing schema http -> https)
Friendly reminder about updating the description of the PR to include what's included and giving some context 🙏
app/src/main/java/com/duckduckgo/app/browser/BrowserWebViewClient.kt
Outdated
Show resolved
Hide resolved
...l/src/main/kotlin/com/duckduckgo/malicioussiteprotection/impl/RealMaliciousSiteProtection.kt
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/WebViewRequestInterceptor.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/WebViewRequestInterceptor.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockerWebViewIntegration.kt
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockerWebViewIntegration.kt
Show resolved
Hide resolved
3fb96e8
to
601db6b
Compare
Discussed over zoom, there are no requests to such pages when navigating to an article. Documented here |
2c3627c
to
cfc8cea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Suggested to remove the state from the singleton if we can do that.
app/src/main/java/com/duckduckgo/app/browser/urlextraction/UrlExtractingWebViewClient.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/com/duckduckgo/app/pixels/remoteconfig/AndroidBrowserConfigFeature.kt
Outdated
Show resolved
Hide resolved
@@ -424,12 +415,11 @@ class BrowserWebViewClient @Inject constructor( | |||
// See https://app.asana.com/0/0/1206159443951489/f (WebView limitations) | |||
if (it != ABOUT_BLANK && start == null) { | |||
start = currentTimeProvider.elapsedRealtime() | |||
maliciousSiteProtectionWebViewIntegration.onPageLoadStarted() | |||
requestInterceptor.onPageStarted(url) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to check if moving requestInterceptor.onPageStarted(url)
here has any unintended side-effect. This is because onPageStarted can be called several times when a page is loaded
c418e0f
to
db4d9bc
Compare
db4d9bc
to
bad45a7
Compare
Task/Issue URL: https://app.asana.com/0/1205008441501016/1207151848931035/f
Description
Adds logic to intercept requests using shouldOverrideUrlLoading and shouldInterceptRequest, when the request matches the following conditions
Steps to test this PR
Feature 1
Timber.tag("MaliciousSiteProtection").d("isMalicious $url")
for all mainframe and iframe requests (only for internal builds).UI changes