Add Malicious Site Protection algorithm pixels (#5604)

Task/Issue URL: https://app.asana.com/0/488551667048375/1209304069660515

### Description
*  Add Malicious Site Protection algorithm pixels

### Steps to test this PR

_Feature 1_
- [x] Load
https://privacy-test-pages.site/security/badware/phishing-legit-iframe-loader.html
- [x] Check m_malicious-site-protection_iframe-loaded with params:
{category=phishing} is fired
- [x] Check m_malicious-site-protection_error-page-shown is fired

_Feature 2_
- [x] Set timeout to 10ms in override suspend fun matches(hashPrefix:
String): List<Match>
- [x] Load
https://privacy-test-pages.site/security/badware/phishing-legit-iframe-loader.html
- [x] Check no error page is shown and
m_malicious-site-protection_client-timeout is fired

_Feature 3_
- [x] Load https://privacy-test-pages.site/security/badware/
- [x] Click on "Phishing iFrame Loader"
- [x] Check m_malicious-site-protection_iframe-loaded and
m_malicious-site-protection_error-page-shown are fired only once

### UI changes
| Before  | After |
| ------ | ----- |
!(Upload before screenshot)|(Upload after screenshot)|

Author: CrisBarreiro

app/src/androidTest/java/com/duckduckgo/app/fakes/FakeMaliciousSiteBlockerWebViewIntegration.kt

@@ -41,7 +41,7 @@ class FakeMaliciousSiteBlockerWebViewIntegration : MaliciousSiteBlockerWebViewIn
         return Safe
     }
 
-    override fun onPageLoadStarted() {
+    override fun onPageLoadStarted(url: String) {
         // no-op
     }
 

app/src/main/java/com/duckduckgo/app/browser/BrowserTabViewModel.kt

@@ -3210,12 +3210,16 @@ class BrowserTabViewModel @Inject constructor(
     }
 
     override fun onReceivedMaliciousSiteWarning(url: Uri, feed: Feed, exempted: Boolean, clientSideHit: Boolean) {
+        val previousSite = site
         site = siteFactory.buildSite(url = url.toString(), tabId = tabId)
         site?.maliciousSiteStatus = when (feed) {
             MALWARE -> MaliciousSiteStatus.MALWARE
             PHISHING -> MaliciousSiteStatus.PHISHING
         }
+
         if (!exempted) {
+            if (currentBrowserViewState().maliciousSiteDetected && previousSite?.url == url.toString()) return
+            Timber.d("Received MaliciousSiteWarning for $url, feed: $feed, exempted: false, clientSideHit: $clientSideHit")
             val params = mapOf(CATEGORY_KEY to feed.name.lowercase(), CLIENT_SIDE_HIT_KEY to clientSideHit.toString())
             pixel.fire(AppPixelName.MALICIOUS_SITE_PROTECTION_ERROR_SHOWN, params)
             loadingViewState.postValue(

app/src/main/java/com/duckduckgo/app/browser/WebViewRequestInterceptor.kt

@@ -94,7 +94,7 @@ class WebViewRequestInterceptor(
 
     override fun onPageStarted(url: String) {
         requestFilterer.registerOnPageCreated(url)
-        maliciousSiteBlockerWebViewIntegration.onPageLoadStarted()
+        maliciousSiteBlockerWebViewIntegration.onPageLoadStarted(url)
     }
 
     /**

app/src/main/java/com/duckduckgo/app/browser/webview/MaliciousSiteBlockerWebViewIntegration.kt

@@ -24,8 +24,10 @@ import com.duckduckgo.app.browser.webview.ExemptedUrlsHolder.ExemptedUrl
 import com.duckduckgo.app.browser.webview.RealMaliciousSiteBlockerWebViewIntegration.IsMaliciousViewData
 import com.duckduckgo.app.di.AppCoroutineScope
 import com.duckduckgo.app.di.IsMainProcess
+import com.duckduckgo.app.pixels.AppPixelName
 import com.duckduckgo.app.pixels.remoteconfig.AndroidBrowserConfigFeature
 import com.duckduckgo.app.settings.db.SettingsDataStore
+import com.duckduckgo.app.statistics.pixels.Pixel
 import com.duckduckgo.common.utils.DispatcherProvider
 import com.duckduckgo.di.scopes.AppScope
 import com.duckduckgo.malicioussiteprotection.api.MaliciousSiteProtection
@@ -61,7 +63,7 @@ interface MaliciousSiteBlockerWebViewIntegration {
         confirmationCallback: (maliciousStatus: MaliciousStatus) -> Unit,
     ): IsMaliciousViewData
 
-    fun onPageLoadStarted()
+    fun onPageLoadStarted(url: String)
 
     fun onSiteExempted(
         url: Uri,
@@ -97,10 +99,11 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
     @AppCoroutineScope private val appCoroutineScope: CoroutineScope,
     private val exemptedUrlsHolder: ExemptedUrlsHolder,
     @IsMainProcess private val isMainProcess: Boolean,
+    private val pixel: Pixel,
 ) : MaliciousSiteBlockerWebViewIntegration, PrivacyConfigCallbackPlugin {
 
     @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
-    val processedUrls = mutableListOf<String>()
+    val processedUrls = mutableMapOf<String, MaliciousStatus>()
 
     private var isFeatureEnabled = false
     private val isSettingEnabled: Boolean
@@ -137,6 +140,7 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
         if (!isEnabled()) {
             return IsMaliciousViewData.Safe
         }
+
         val url = request.url.let {
             if (it.fragment != null) {
                 it.buildUpon().fragment(null).build()
@@ -147,35 +151,49 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
 
         val decodedUrl = decodeUrl(url)
 
-        if (processedUrls.contains(decodedUrl)) {
-            processedUrls.remove(decodedUrl)
-            Timber.tag("PhishingAndMalwareDetector").d("Already intercepted, skipping $decodedUrl")
-            return IsMaliciousViewData.Safe
-        }
-
         val exemptedUrl = exemptedUrlsHolder.exemptedMaliciousUrls.firstOrNull { it.url.toString() == decodedUrl }
 
         if (exemptedUrl != null) {
-            Timber.tag("MaliciousSiteDetector").d("Previously exempted, skipping $decodedUrl as ${exemptedUrl.feed}")
+            Timber.d("Previously exempted, skipping $decodedUrl as ${exemptedUrl.feed}")
             return IsMaliciousViewData.MaliciousSite(url, exemptedUrl.feed, true)
         }
 
+        processedUrls[decodedUrl]?.let {
+            processedUrls.remove(decodedUrl)
+            Timber.d("Already intercepted, skipping $decodedUrl, status: $it")
+            return when (it) {
+                is Safe -> IsMaliciousViewData.Safe
+                is Malicious -> IsMaliciousViewData.MaliciousSite(url, it.feed, false)
+            }
+        }
+
         val belongsToCurrentPage = documentUri?.host == request.requestHeaders["Referer"]?.toUri()?.host
-        if (request.isForMainFrame || (isForIframe(request) && belongsToCurrentPage)) {
-            when (val result = checkMaliciousUrl(decodedUrl, confirmationCallback)) {
+        val isForIframe = isForIframe(request) && belongsToCurrentPage
+        if (request.isForMainFrame || isForIframe) {
+            val result = checkMaliciousUrl(decodedUrl) {
+                if (isForIframe && it is Malicious) {
+                    firePixelForMaliciousIframe(it.feed)
+                }
+                confirmationCallback(it)
+            }
+            when (result) {
                 is ConfirmedResult -> {
+                    processedUrls[decodedUrl] = result.status
                     when (val status = result.status) {
                         is Malicious -> {
+                            if (isForIframe) {
+                                firePixelForMaliciousIframe(status.feed)
+                            }
                             return IsMaliciousViewData.MaliciousSite(url, status.feed, false)
                         }
+
                         is Safe -> {
-                            processedUrls.add(decodedUrl)
                             return IsMaliciousViewData.Safe
                         }
                     }
                 }
+
                 is WaitForConfirmation -> {
-                    processedUrls.add(decodedUrl)
                     return IsMaliciousViewData.WaitForConfirmation
                 }
             }
@@ -194,19 +212,22 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
             }
             val decodedUrl = decodeUrl(url)
 
-            if (processedUrls.contains(decodedUrl)) {
-                processedUrls.remove(decodedUrl)
-                Timber.tag("PhishingAndMalwareDetector").d("Already intercepted, skipping $decodedUrl")
-                return@runBlocking IsMaliciousViewData.Safe
-            }
-
             val exemptedUrl = exemptedUrlsHolder.exemptedMaliciousUrls.firstOrNull { it.url.toString() == decodedUrl }
 
             if (exemptedUrl != null) {
-                Timber.tag("MaliciousSiteDetector").d("Previously exempted, skipping $decodedUrl")
+                Timber.d("Previously exempted, skipping $decodedUrl")
                 return@runBlocking IsMaliciousViewData.MaliciousSite(url, exemptedUrl.feed, true)
             }
 
+            processedUrls[decodedUrl]?.let {
+                processedUrls.remove(decodedUrl)
+                Timber.d("Already intercepted, skipping $decodedUrl, status: $it")
+                return@runBlocking when (it) {
+                    is Safe -> IsMaliciousViewData.Safe
+                    is Malicious -> IsMaliciousViewData.MaliciousSite(url, it.feed, false)
+                }
+            }
+
             // iframes always go through the shouldIntercept method, so we only need to check the main frame here
             if (isForMainFrame) {
                 when (val result = checkMaliciousUrl(decodedUrl, confirmationCallback)) {
@@ -216,13 +237,12 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
                                 return@runBlocking IsMaliciousViewData.MaliciousSite(url, status.feed, false)
                             }
                             is Safe -> {
-                                processedUrls.add(decodedUrl)
+                                processedUrls[decodedUrl] = Safe
                                 return@runBlocking IsMaliciousViewData.Safe
                             }
                         }
                     }
                     is WaitForConfirmation -> {
-                        processedUrls.add(decodedUrl)
                         return@runBlocking IsMaliciousViewData.WaitForConfirmation
                     }
                 }
@@ -231,6 +251,10 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
         }
     }
 
+    private fun firePixelForMaliciousIframe(feed: Feed) {
+        pixel.fire(AppPixelName.MALICIOUS_SITE_DETECTED_IN_IFRAME, mapOf("category" to feed.name.lowercase()))
+    }
+
     private suspend fun checkMaliciousUrl(
         url: String,
         confirmationCallback: (maliciousStatus: MaliciousStatus) -> Unit,
@@ -243,7 +267,7 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
             } else {
                 Safe
             }
-            processedUrls.clear()
+            processedUrls[url] = it
             confirmationCallback(isMalicious)
         }
     }
@@ -257,6 +281,17 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
         return isFeatureEnabled && isSettingEnabled
     }
 
+    override fun onPageLoadStarted(url: String) {
+        val convertedUrl = URLDecoder.decode(url, "UTF-8").lowercase()
+        /* onPageLoadStarted is often called after shouldOverride/shouldIntercept, therefore, if the URL
+         * is already stored, we don't clear the processedUrls map to avoid re-checking the URL for the same
+         * page load.
+         */
+        if (!processedUrls.contains(convertedUrl)) {
+            processedUrls.clear()
+        }
+    }
+
     private fun decodeUrl(url: Uri): String {
         return try {
             URLDecoder.decode(url.toString(), "UTF-8").lowercase()
@@ -266,18 +301,12 @@ class RealMaliciousSiteBlockerWebViewIntegration @Inject constructor(
         }
     }
 
-    override fun onPageLoadStarted() {
-        processedUrls.clear()
-    }
-
     override fun onSiteExempted(
         url: Uri,
         feed: Feed,
     ) {
         val convertedUrl = decodeUrl(url)
         exemptedUrlsHolder.addExemptedMaliciousUrl(ExemptedUrl(convertedUrl.toUri(), feed))
-        Timber.tag("MaliciousSiteDetector").d(
-            "Added $url to exemptedUrls, contents: ${exemptedUrlsHolder.exemptedMaliciousUrls}",
-        )
+        Timber.d("Added $url to exemptedUrls")
     }
 }

app/src/main/java/com/duckduckgo/app/pixels/AppPixelName.kt

@@ -392,4 +392,6 @@ enum class AppPixelName(override val pixelName: String) : Pixel.PixelName {
     SET_AS_DEFAULT_PROMPT_CLICK("m_set-as-default_prompt_click"),
     SET_AS_DEFAULT_PROMPT_DISMISSED("m_set-as-default_prompt_dismissed"),
     SET_AS_DEFAULT_IN_MENU_CLICK("m_set-as-default_in-menu_click"),
+
+    MALICIOUS_SITE_DETECTED_IN_IFRAME("m_malicious-site-protection_iframe-loaded"),
 }