Malicious site protection feature flags (#3719)

Task/Issue URL: https://app.asana.com/0/72649045549333/1207944134334659/f Tech Design URL: https://app.asana.com/0/1206329551987282/1207273224076495/f **Description**: Add Feature flag class as per tech design to check if malicious site protection feature is enabled and should check protection for domain based on the domain privacy preferences.
duckduckgo · Jan 14, 2025 · 3af5452 · 3af5452
1 parent cd64847
commit 3af5452
Show file tree

Hide file tree

Showing 4 changed files with 275 additions and 0 deletions.
diff --git a/Core/FeatureFlag.swift b/Core/FeatureFlag.swift
@@ -63,6 +63,10 @@ public enum FeatureFlag: String {
 
     /// https://app.asana.com/0/0/1208767141940869/f
     case freeTrials
+
+    /// Feature flag to enable / disable phishing and malware protection
+    /// https://app.asana.com/0/1206329551987282/1207149365636877/f
+    case maliciousSiteProtection
 }
 
 extension FeatureFlag: FeatureFlagDescribing {
@@ -146,6 +150,8 @@ extension FeatureFlag: FeatureFlagDescribing {
             return .remoteReleasable(.subfeature(PrivacyProSubfeature.isLaunchedROWOverride))
         case .freeTrials:
             return .remoteDevelopment(.subfeature(PrivacyProSubfeature.freeTrials))
+        case .maliciousSiteProtection:
+            return .remoteDevelopment(.subfeature(MaliciousSiteProtectionSubfeature.onByDefault))
         }
     }
 }

diff --git a/DuckDuckGo.xcodeproj/project.pbxproj b/DuckDuckGo.xcodeproj/project.pbxproj
@@ -771,6 +771,8 @@
 		98F3A1D8217B37010011A0D4 /* Theme.swift in Sources */ = {isa = PBXBuildFile; fileRef = 98F3A1D7217B37010011A0D4 /* Theme.swift */; };
 		98F6EA472863124100720957 /* ContentBlockerRulesLists.swift in Sources */ = {isa = PBXBuildFile; fileRef = 98F6EA462863124100720957 /* ContentBlockerRulesLists.swift */; };
 		98F78B8E22419093007CACF4 /* ThemableNavigationController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 98F78B8D22419093007CACF4 /* ThemableNavigationController.swift */; };
+		9F06EB752D09E8D200905426 /* MaliciousSiteProtectionFeatureFlags.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9F06EB732D09E8D200905426 /* MaliciousSiteProtectionFeatureFlags.swift */; };
+		9F06EB7B2D09EC2000905426 /* MaliciousSiteProtectionFeatureFlagsTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9F06EB792D09EC2000905426 /* MaliciousSiteProtectionFeatureFlagsTests.swift */; };
 		9F16230B2CA0F0190093C4FC /* DebouncerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9F16230A2CA0F0190093C4FC /* DebouncerTests.swift */; };
 		9F1798572CD2443F0073018B /* AddToDockPromoViewModelTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9F1798562CD2443F0073018B /* AddToDockPromoViewModelTests.swift */; };
 		9F23B8012C2BC94400950875 /* OnboardingBackground.swift in Sources */ = {isa = PBXBuildFile; fileRef = 9F23B8002C2BC94400950875 /* OnboardingBackground.swift */; };
@@ -2673,6 +2675,8 @@
 		98F3A1D7217B37010011A0D4 /* Theme.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Theme.swift; sourceTree = "<group>"; };
 		98F6EA462863124100720957 /* ContentBlockerRulesLists.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContentBlockerRulesLists.swift; sourceTree = "<group>"; };
 		98F78B8D22419093007CACF4 /* ThemableNavigationController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ThemableNavigationController.swift; sourceTree = "<group>"; };
+		9F06EB732D09E8D200905426 /* MaliciousSiteProtectionFeatureFlags.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MaliciousSiteProtectionFeatureFlags.swift; sourceTree = "<group>"; };
+		9F06EB792D09EC2000905426 /* MaliciousSiteProtectionFeatureFlagsTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MaliciousSiteProtectionFeatureFlagsTests.swift; sourceTree = "<group>"; };
 		9F16230A2CA0F0190093C4FC /* DebouncerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DebouncerTests.swift; sourceTree = "<group>"; };
 		9F1798562CD2443F0073018B /* AddToDockPromoViewModelTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AddToDockPromoViewModelTests.swift; sourceTree = "<group>"; };
 		9F23B8002C2BC94400950875 /* OnboardingBackground.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OnboardingBackground.swift; sourceTree = "<group>"; };
@@ -5140,6 +5144,22 @@
 			name = Themes;
 			sourceTree = "<group>";
 		};
+		9F06EB742D09E8D200905426 /* FeatureFlags */ = {
+			isa = PBXGroup;
+			children = (
+				9F06EB732D09E8D200905426 /* MaliciousSiteProtectionFeatureFlags.swift */,
+			);
+			path = FeatureFlags;
+			sourceTree = "<group>";
+		};
+		9F06EB7A2D09EC2000905426 /* MaliciousSiteProtection */ = {
+			isa = PBXGroup;
+			children = (
+				9F06EB792D09EC2000905426 /* MaliciousSiteProtectionFeatureFlagsTests.swift */,
+			);
+			path = MaliciousSiteProtection;
+			sourceTree = "<group>";
+		};
 		9F23B7FF2C2BABE000950875 /* OnboardingIntro */ = {
 			isa = PBXGroup;
 			children = (
@@ -5194,6 +5214,7 @@
 		9F254AA92CF47CD30063B308 /* MaliciousSiteProtection */ = {
 			isa = PBXGroup;
 			children = (
+				9F06EB742D09E8D200905426 /* FeatureFlags */,
 				9F254AAA2CF47DD50063B308 /* MaliciousSiteProtectionManager.swift */,
 			);
 			path = MaliciousSiteProtection;
@@ -6280,6 +6301,7 @@
 				83134D7F20E2E013006CE65D /* Feedback */,
 				8588026724E4249800C24AB6 /* iPad */,
 				851DFD88212C5ED600D95F20 /* Main */,
+				9F06EB7A2D09EC2000905426 /* MaliciousSiteProtection */,
 				EE56DE3A2A6038F500375C41 /* NetworkProtection */,
 				6F03CAFF2C32ED22004179A8 /* NewTabPage */,
 				F1D477C71F2139210031ED49 /* OmniBar */,
@@ -8292,6 +8314,7 @@
 				F13B4BC01F180D8A00814661 /* TabsModel.swift in Sources */,
 				8598D2E02CEB98B500C45685 /* Favicons.swift in Sources */,
 				8598D2E12CEB98B500C45685 /* NotFoundCachingDownloader.swift in Sources */,
+				9F06EB752D09E8D200905426 /* MaliciousSiteProtectionFeatureFlags.swift in Sources */,
 				8598D2E22CEB98B500C45685 /* FaviconRequestModifier.swift in Sources */,
 				CBAD0F102D0062A7006267B8 /* UIService.swift in Sources */,
 				8598D2E32CEB98B500C45685 /* FaviconUserScript.swift in Sources */,
@@ -8577,6 +8600,7 @@
 				83EDCC411F86B89C005CDFCD /* StatisticsLoaderTests.swift in Sources */,
 				564DE4572C4150E600D23241 /* NewTabPageControllerDaxDialogTests.swift in Sources */,
 				C14882E327F20D9A00D59F0C /* BookmarksExporterTests.swift in Sources */,
+				9F06EB7B2D09EC2000905426 /* MaliciousSiteProtectionFeatureFlagsTests.swift in Sources */,
 				85C29708247BDD060063A335 /* DaxDialogsBrowsingSpecTests.swift in Sources */,
 				9FE05CF12C36468A00D9046B /* OnboardingPixelReporterTests.swift in Sources */,
 				9FDEC7B42C8FD62F00C7A692 /* OnboardingAddressBarPositionPickerViewModelTests.swift in Sources */,

diff --git a/DuckDuckGo/MaliciousSiteProtection/FeatureFlags/MaliciousSiteProtectionFeatureFlags.swift b/DuckDuckGo/MaliciousSiteProtection/FeatureFlags/MaliciousSiteProtectionFeatureFlags.swift
@@ -0,0 +1,104 @@
+//
+//  MaliciousSiteProtectionFeatureFlags.swift
+//  DuckDuckGo
+//
+//  Copyright © 2024 DuckDuckGo. All rights reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+import Foundation
+import BrowserServicesKit
+import Core
+
+protocol MaliciousSiteProtectionFeatureFlagger {
+    /// A Boolean value indicating whether malicious site protection is enabled.
+    /// - Returns: `true` if malicious site protection is enabled; otherwise, `false`.
+    var isMaliciousSiteProtectionEnabled: Bool { get }
+
+    /// Checks if should detect malicious threats for a specific domain.
+    /// - Parameter domain: The domain to check for malicious threat.
+    /// - Returns: `true` if should check for malicious threats for the specified domain; otherwise, `false`.
+    func shouldDetectMaliciousThreat(forDomain domain: String?) -> Bool
+}
+
+protocol MaliciousSiteProtectionFeatureFlagsSettingsProvider {
+    /// The frequency, in minutes, at which the hash prefix should be updated.
+    var hashPrefixUpdateFrequency: Int { get }
+    /// The frequency, in minutes, at which the filter set should be updated.
+    var filterSetUpdateFrequency: Int { get }
+}
+
+/// An enum representing the different settings for malicious site protection feature flags.
+enum MaliciousSiteProtectionFeatureSettings: String {
+    /// The setting for hash prefix update frequency.
+    case hashPrefixUpdateFrequency
+    /// The setting for filter set update frequency.
+    case filterSetUpdateFrequency
+
+    var defaultValue: Int {
+        switch self {
+        case .hashPrefixUpdateFrequency: return 20 // Default frequency for hash prefix updates is 20 minutes.
+        case .filterSetUpdateFrequency: return 720 // Default frequency for filter set updates is 720 minutes (12 hours).
+        }
+    }
+}
+
+final class MaliciousSiteProtectionFeatureFlags {
+    private let featureFlagger: FeatureFlagger
+    private let privacyConfigManager: PrivacyConfigurationManaging
+
+    private var remoteSettings: PrivacyConfigurationData.PrivacyFeature.FeatureSettings {
+        privacyConfigManager.privacyConfig.settings(for: .maliciousSiteProtection)
+    }
+
+    init(
+        featureFlagger: FeatureFlagger = AppDependencyProvider.shared.featureFlagger,
+        privacyConfigManager: PrivacyConfigurationManaging = ContentBlocking.shared.privacyConfigurationManager
+    ) {
+        self.featureFlagger = featureFlagger
+        self.privacyConfigManager = privacyConfigManager
+    }
+}
+
+// MARK: - MaliciousSiteProtectionFeatureFlagger
+
+extension MaliciousSiteProtectionFeatureFlags: MaliciousSiteProtectionFeatureFlagger {
+
+    var isMaliciousSiteProtectionEnabled: Bool {
+        featureFlagger.isFeatureOn(.maliciousSiteProtection)
+    }
+
+    func shouldDetectMaliciousThreat(forDomain domain: String?) -> Bool {
+        isMaliciousSiteProtectionEnabled && privacyConfigManager.privacyConfig.isFeature(.maliciousSiteProtection, enabledForDomain: domain)
+    }
+
+}
+
+// MARK: - MaliciousSiteProtectionFeatureFlagsSettingsProvider
+
+extension MaliciousSiteProtectionFeatureFlags: MaliciousSiteProtectionFeatureFlagsSettingsProvider {
+
+    var hashPrefixUpdateFrequency: Int {
+        getSettings(MaliciousSiteProtectionFeatureSettings.hashPrefixUpdateFrequency)
+    }
+
+    var filterSetUpdateFrequency: Int {
+        getSettings(MaliciousSiteProtectionFeatureSettings.filterSetUpdateFrequency)
+    }
+
+    private func getSettings(_ value: MaliciousSiteProtectionFeatureSettings) -> Int {
+        remoteSettings[value.rawValue] as? Int ?? value.defaultValue
+    }
+
+}
diff --git a/DuckDuckGoTests/MaliciousSiteProtection/MaliciousSiteProtectionFeatureFlagsTests.swift b/DuckDuckGoTests/MaliciousSiteProtection/MaliciousSiteProtectionFeatureFlagsTests.swift
@@ -0,0 +1,141 @@
+//
+//  MaliciousSiteProtectionFeatureFlagsTests.swift
+//  DuckDuckGo
+//
+//  Copyright © 2024 DuckDuckGo. All rights reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+import Testing
+import BrowserServicesKit
+@testable import DuckDuckGo
+
+@Suite("Malicious Site Protection - Feature Flags", .serialized)
+final class MaliciousSiteProtectionFeatureFlagsTests {
+    private var sut: MaliciousSiteProtectionFeatureFlags!
+    private var featureFlaggerMock: MockFeatureFlagger!
+    private var configurationManagerMock: PrivacyConfigurationManagerMock!
+
+    init() async throws {
+        featureFlaggerMock = MockFeatureFlagger()
+        configurationManagerMock = PrivacyConfigurationManagerMock()
+        sut = MaliciousSiteProtectionFeatureFlags(featureFlagger: featureFlaggerMock, privacyConfigManager: configurationManagerMock)
+    }
+
+    // MARK: - Web Error Page
+
+    @Test("Check Threat Detection Enabled")
+    func whenThreatDetectionEnabled_AndFeatureFlagIsOn_ThenReturnTrue() throws {
+        // GIVEN
+        featureFlaggerMock.enabledFeatureFlags = [.maliciousSiteProtection]
+
+        // WHEN
+        let result = sut.isMaliciousSiteProtectionEnabled
+
+        // THEN
+        #expect(result)
+    }
+
+    @Test("Check Threat Detection Disabled")
+    func whenThreatDetectionEnabled_AndFeatureFlagIsOff_ThenReturnFalse() throws {
+        // GIVEN
+        featureFlaggerMock.enabledFeatureFlags = []
+
+        // WHEN
+        let result = sut.isMaliciousSiteProtectionEnabled
+
+        // THEN
+        #expect(!result)
+    }
+
+    @Test("Check Threat Detection Enabled For Domain")
+    func whenThreatDetectionEnabledForDomain_AndFeatureIsAvailableForDomain_ThenReturnTrue() throws {
+        // GIVEN
+        featureFlaggerMock.enabledFeatureFlags = [.maliciousSiteProtection]
+        let privacyConfigMock = try #require(configurationManagerMock.privacyConfig as? PrivacyConfigurationMock)
+        privacyConfigMock.enabledFeatures = [.maliciousSiteProtection: ["example.com"]]
+        let domain = "example.com"
+
+        // WHEN
+        let result = sut.shouldDetectMaliciousThreat(forDomain: domain)
+
+        // THEN
+        #expect(result)
+    }
+
+    @Test("Check Threat Detection Disabled For Domain When Protection For Domain Is Not Enabled")
+    func whenThreatDetectionCalledEnabledForDomain_AndFeatureIsNotAvailableForDomain_ThenReturnFalse() throws {
+        // GIVEN
+        featureFlaggerMock.enabledFeatureFlags = [.maliciousSiteProtection]
+        let privacyConfigMock = try #require(configurationManagerMock.privacyConfig as? PrivacyConfigurationMock)
+        privacyConfigMock.enabledFeatures = [.maliciousSiteProtection: []]
+        let domain = "example.com"
+
+        // WHEN
+        let result = sut.shouldDetectMaliciousThreat(forDomain: domain)
+
+        // THEN
+        #expect(!result)
+    }
+
+    @Test("Check Threat Detection Disabled For Domain When Feature Flag Is Off")
+    func whenThreatDetectionEnabledForDomain_AndPrivacyConfigFeatureFlagIsOn_AndThreatDetectionSubFeatureIsOff_ThenReturnTrue() throws {
+        // GIVEN
+        let privacyConfigMock = try #require(configurationManagerMock.privacyConfig as? PrivacyConfigurationMock)
+        privacyConfigMock.enabledFeatures = [.adClickAttribution: ["example.com"]]
+        let domain = "example.com"
+
+        // WHEN
+        let result = sut.shouldDetectMaliciousThreat(forDomain: domain)
+
+        // THEN
+        #expect(!result)
+    }
+
+    @Test("Feature Settings Return Remote Values")
+    func whenSettingIsDefinedReturnValue() throws {
+        // GIVEN
+        let privacyConfigMock = try #require(configurationManagerMock.privacyConfig as? PrivacyConfigurationMock)
+        privacyConfigMock.settings[.maliciousSiteProtection] = [
+            MaliciousSiteProtectionFeatureSettings.hashPrefixUpdateFrequency.rawValue: 10,
+            MaliciousSiteProtectionFeatureSettings.filterSetUpdateFrequency.rawValue: 50
+        ]
+        sut = MaliciousSiteProtectionFeatureFlags(featureFlagger: featureFlaggerMock, privacyConfigManager: configurationManagerMock)
+
+        // WHEN
+        let hashPrefixUpdateFrequency = sut.hashPrefixUpdateFrequency
+        let filterSetUpdateFrequency = sut.filterSetUpdateFrequency
+
+        // THEN
+        #expect(hashPrefixUpdateFrequency == 10)
+        #expect(filterSetUpdateFrequency == 50)
+    }
+
+    @Test("Feature Settings Return Default Values")
+    func whenSettingIsNotDefinedReturnDefaultValue() throws {
+        // GIVEN
+        let privacyConfigMock = try #require(configurationManagerMock.privacyConfig as? PrivacyConfigurationMock)
+        privacyConfigMock.settings[.maliciousSiteProtection] = [:]
+        sut = MaliciousSiteProtectionFeatureFlags(featureFlagger: featureFlaggerMock, privacyConfigManager: configurationManagerMock)
+
+        // WHEN
+        let hashPrefixUpdateFrequency = sut.hashPrefixUpdateFrequency
+        let filterSetUpdateFrequency = sut.filterSetUpdateFrequency
+
+        // THEN
+        #expect(hashPrefixUpdateFrequency == 20)
+        #expect(filterSetUpdateFrequency == 720)
+    }
+
+}