-
Notifications
You must be signed in to change notification settings - Fork 868
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Android] Select the highest priority threat from SafetyNetClient.loo… #26195
Conversation
c7ff526
to
6e7daf6
Compare
...sing/android/java/src/org/chromium/components/safe_browsing/BraveSafeBrowsingApiHandler.java
Outdated
Show resolved
Hide resolved
..._browsing/android/java/src/org/chromium/components/safe_browsing/BraveSafeBrowsingUtils.java
Show resolved
Hide resolved
..._browsing/android/java/src/org/chromium/components/safe_browsing/BraveSafeBrowsingUtils.java
Outdated
Show resolved
Hide resolved
The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "safebrowsing" and so security team members have been added as reviewers to take a look. |
…nts/safe_browsing/BraveSafeBrowsingApiHandler.java Co-authored-by: Francois Marier <francois@brave.com>
…nts/safe_browsing/BraveSafeBrowsingUtils.java Co-authored-by: Francois Marier <francois@brave.com>
cdb294c
to
9a47774
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++
Released in v1.73.49 |
This PR changes the way how BraveSafeBrowsingApiHandler handles the case when SafetyNet reports more than one threat.
Before: the first one was taken.
Now: the most prioritized is taken, threats are arranged by priorities at
SAFETY_NET_THREAT_PRIORITIES
array.SAFETY_NET_THREAT_PRIORITIES
can be changed after the review, the test must be updated accordingly then.The codes returned from https://testsafebrowsing.appspot.com/ are:
[A/W/M/L/C] Should show a phishing warning
- 5 -SafetyNetJavaThreatType.SOCIAL_ENGINEERING
[A/W/M/L/C/D] Should show a malware warning
- 4 -SafetyNetJavaThreatType.POTENTIALLY_HARMFUL_APPLICATION
[W/M/L/C] Should show a unwanted software warning
- 3 -SafetyNetJavaThreatType.UNWANTED_SOFTWARE
[A/W/M/L/C] Should show a billing warning
- 15 -SafetyNetJavaThreatType.BILLING
Resolves brave/brave-browser#41581
This is a follow-up for #25842.
Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
wikinpm run presubmit
wiki,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan:
There is no a strict test plan, because I never saw the website which had more than one threat reported by SafetyNet.
The basic sanity check though is