Phishing Detection Library Implementation #3336
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
not-a-rootkit
added a commit
to duckduckgo/BrowserServicesKit
that referenced
this pull request
Sep 9, 2024
<!-- Note: This checklist is a reminder of our shared engineering expectations. --> Please review the release process for BrowserServicesKit [here](https://app.asana.com/0/1200194497630846/1200837094583426). **Required**: Task/Issue URL: https://app.asana.com/0/1204023833050360/1207976613228509/f iOS PR: duckduckgo/iOS#3336 macOS PR: duckduckgo/macos-browser#3206 What kind of version bump will this require?: Minor **Optional**: Tech Design URL: https://app.asana.com/0/481882893211075/1207156899292810/f CC: https://app.asana.com/0/481882893211075/1207220724600204/f **Description**: Implement Phishing Detection library to facilitate end-to-end phishing detection feature. Including: 1. Background data updates 2. API client for updating data 3. Embedded datasets 4. Detection logic 5. Event firing <!-- Tagging instructions If this PR isn't ready to be merged for whatever reason it should be marked with the `DO NOT MERGE` label (particularly if it's a draft) If it's pending Product Review/PFR, please add the `Pending Product Review` label. If at any point it isn't actively being worked on/ready for review/otherwise moving forward (besides the above PR/PFR exception) strongly consider closing it (or not opening it in the first place). If you decide not to close it, make sure it's labelled to make it clear the PRs state and comment with more information. --> **Steps to test this PR**: 1. Build on macOS 2. Ensure signed in via use-login.duckduckgo.com (only available internally) 3. Quit the app 4. Visit https://privacy-test-pages.site/security/badware/phishing.html 5. Ensure error page is thrown 6. Click advanced 7. Click "Accept Risk" 8. Ensure page loads 9. Play around with navigations (back/forward, etc.) 10. Disable the feature in Settings>General 11. Try other test pages: - https://bad.third-party.site/security/badware/phishing-iframe-loader.html - https://bad.third-party.site/security/badware/phishing-meta-redirect.html - https://bad.third-party.site/security/badware/phishing-js-redirector-helper.html <!-- Before submitting a PR, please ensure you have tested the combinations you expect the reviewer to test, then delete configurations you *know* do not need explicit testing. Using a simulator where a physical device is unavailable is acceptable. --> **OS Testing**: * [ ] iOS 14 * [ ] iOS 15 * [ ] iOS 16 * [ ] macOS 10.15 * [ ] macOS 11 * [ ] macOS 12 --- ###### Internal references: [Software Engineering Expectations](https://app.asana.com/0/59792373528535/199064865822552) [Technical Design Template](https://app.asana.com/0/59792373528535/184709971311943) --------- Co-authored-by: Sabrina Tardio <[email protected]>
6 tasks
not-a-rootkit
added a commit
to duckduckgo/BrowserServicesKit
that referenced
this pull request
Sep 10, 2024
<!-- Note: This checklist is a reminder of our shared engineering expectations. --> Please review the release process for BrowserServicesKit [here](https://app.asana.com/0/1200194497630846/1200837094583426). **Required**: Task/Issue URL: https://app.asana.com/0/1204023833050360/1207976613228509/f iOS PR: duckduckgo/iOS#3336 macOS PR: duckduckgo/macos-browser#3206 What kind of version bump will this require?: Major **Optional**: Tech Design URL: https://app.asana.com/0/481882893211075/1207156899292810/f CC: https://app.asana.com/0/481882893211075/1207220724600204/f **Description**: Implement Phishing Detection library to facilitate end-to-end phishing detection feature. Including: 1. Background data updates 2. API client for updating data 3. Embedded datasets 4. Detection logic 5. Event firing <!-- Tagging instructions If this PR isn't ready to be merged for whatever reason it should be marked with the `DO NOT MERGE` label (particularly if it's a draft) If it's pending Product Review/PFR, please add the `Pending Product Review` label. If at any point it isn't actively being worked on/ready for review/otherwise moving forward (besides the above PR/PFR exception) strongly consider closing it (or not opening it in the first place). If you decide not to close it, make sure it's labelled to make it clear the PRs state and comment with more information. --> **Steps to test this PR**: 1. Build on macOS 2. Ensure signed in via use-login.duckduckgo.com (only available internally) 3. Quit the app 4. Visit https://privacy-test-pages.site/security/badware/phishing.html 5. Ensure error page is thrown 6. Click advanced 7. Click "Accept Risk" 8. Ensure page loads 9. Play around with navigations (back/forward, etc.) 10. Disable the feature in Settings>General 11. Try edge-case test pages: - https://bad.third-party.site/security/badware/phishing-iframe-loader.html - https://bad.third-party.site/security/badware/phishing-meta-redirect.html - currently not working - https://bad.third-party.site/security/badware/phishing-js-redirector-helper.html - currently not working The last two failing test cases are to be addressed in follow-up work. Currently this feature is hidden behind a feature-flag for internal-only builds. <!-- Before submitting a PR, please ensure you have tested the combinations you expect the reviewer to test, then delete configurations you *know* do not need explicit testing. Using a simulator where a physical device is unavailable is acceptable. --> **OS Testing**: * [ ] iOS 14 * [ ] iOS 15 * [ ] iOS 16 * [ ] macOS 10.15 * [ ] macOS 11 * [ ] macOS 12 --- ###### Internal references: [Software Engineering Expectations](https://app.asana.com/0/59792373528535/199064865822552) [Technical Design Template](https://app.asana.com/0/59792373528535/184709971311943) --------- Co-authored-by: Sabrina Tardio <[email protected]>
not-a-rootkit
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Task/Issue URL: https://app.asana.com/0/0/1208253815417552/f
Tech Design URL:
CC:
Description:
iOS integration for BSK to implement phishing detection on macOS.
macOS PR: duckduckgo/BrowserServicesKit#935
BSK PR: duckduckgo/macos-browser#3206
Steps to test this PR:
1.
Definition of Done (Internal Only):
Copy Testing:
’rather than'Orientation Testing:
Device Testing:
OS Testing:
Theme Testing:
Internal references:
Software Engineering Expectations
Technical Design Template