Malicious site protection navigation detection

[alessandroboron]

Task/Issue URL: https://app.asana.com/0/1206329551987282/1207151848931030
Tech Design URL: https://app.asana.com/0/1206329551987282/1207273224076495/f
Cc: @not-a-rootkit

Description:

This PR adds the navigation logic for detecting a malicious site and navigating to a special error page if the site is malicious.

The original idea in the tech design was to intercept the Request in decidePolicyForNavigationAction and check whether a site is malicious cancelling the request accordingly.

We noticed that the above approach increases the page load time of websites due to the logic check.

I opted for an approach where in decidePolicyForNavigationAction we start the detection task in parallel without waiting and in decidePolicyForNavigationResponse we evaluate the task’s result.

Another approach I thought of was to perform the logic in the background in didStartProvisionalNavigation. The problem with this approach is that is called only for navigation that starts from the main frame so it would not be possible to intercept malicious iFrame URLs.

NOTE
BSK Threat detection is currently mocked. Its integration and tests will follow in an upcoming PR.

Steps to test this PR:

Scenario 1 - Phishing Website should show special error page

1. Ensure that http://privacy-test-pages.site/security/badware/phishing.html shows the phishing special error page with the copy “This website may be impersonating a legitimate site...".

Scenario 2 - Malware Website should show special error page

1. Ensure that http://privacy-test-pages.site/security/badware/malware.html shows the malware special error page with the copy “DuckDuckGo blocked this page because it may be distributing malware...".

Scenario 3 - Allow visit a malicious website should not show the error again if navigating back to the site

1. Visit one of the malicious sites above.
2. Tap the “Advanced” button
3. Tap the “Accept Risk and Visit Site” link
4. Wait for malicious site to load.
5. Refresh page.
6. Ensure the website load without showing the error again.
7. Close tab.
8. Paste the same URL again.
9. Ensure the special error page is shown again.

Scenario 4 - Leave a malicious site should close the Tab

1. Visit one of the malicious sites above.
2. Tap the “Leave Site” button.
3. Ensure that the tab is closed.

Definition of Done (Internal Only):

• Does this PR satisfy our Definition of Done?

Copy Testing:

• Use of correct apostrophes in new copy, ie ’ rather than '

Orientation Testing:

• Portrait
• Landscape

Device Testing:

• iPhone SE (1st Gen)
• iPhone 8
• iPhone X
• iPhone 14 Pro
• iPad

OS Testing:

• iOS 15
• iOS 16
• iOS 17

Theme Testing:

• Light theme
• Dark theme

---

Internal references:

Software Engineering Expectations
Technical Design Template

[github-actions]

	Warnings
⚠️	PR has more than 500 lines of code changing. Consider splitting into smaller PRs if possible.

Generated by 🚫 dangerJS against b6dbf5c

[alessandroboron]

I’m a bit on the fence with this.
The idea was to have a generic protocol that all the sub-special error handlers should conform to.
For MaliciousSiteProtectionNavigationHandler I need to pass the URL and SpecialErrorData but I don’t need them for the SSL handler. So I feel I’m violating the Interface Segregation principle. what do you think?

[alessandroboron]

I will look more into iFrame logic when I integrate with BSK

[alessandroboron]

Will address this TODO in upcoming PR

[alessandroboron]

See comment https://github.com/duckduckgo/iOS/pull/3707/files#r1878050527