Do not block first party sites

Author: subsymbolic

app/src/androidTest/java/com/duckduckgo/app/browser/DuckDuckGoUrlDetectorTest.kt

@@ -26,7 +26,7 @@ class DuckDuckGoUrlDetectorTest {
     private lateinit var testee: DuckDuckGoUrlDetector
 
     @Before
-    fun setup(){
+    fun setup() {
         testee = DuckDuckGoUrlDetector()
     }
 

app/src/androidTest/java/com/duckduckgo/app/global/UriStringTest.kt

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2017 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.app.global
+
+import com.duckduckgo.app.global.UriString.Companion.sameOrSubdomain
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class UriStringTest {
+
+    @Test
+    fun whenUrlsHaveSameDomainThenSameOrSubdomainIsTrue() {
+        assertTrue(sameOrSubdomain("http://example.com/index.html", "http://example.com/home.html"))
+    }
+
+    @Test
+    fun whenUrlIsSubdomainThenSameOrSubdomainIsTrue() {
+        assertTrue(sameOrSubdomain("http://subdomain.example.com/index.html", "http://example.com/home.html"))
+    }
+
+    @Test
+    fun whenUrlIsAParentDomainThenSameOrSubdomainIsFalse() {
+        assertFalse(sameOrSubdomain("http://example.com/index.html", "http://parent.example.com/home.html"))
+    }
+
+    @Test
+    fun whenChildUrlIsMalformedThenSameOrSubdomainIsFalse() {
+        assertFalse(sameOrSubdomain("??.example.com/index.html", "http://example.com/home.html"))
+    }
+
+    @Test
+    fun whenParentUrlIsMalformedThenSameOrSubdomainIsFalse() {
+        assertFalse(sameOrSubdomain("http://example.com/index.html", "??.example.com/home.html"))
+    }
+
+}

app/src/androidTest/java/com/duckduckgo/app/trackerdetection/TrackerDetectorInstrumentationTest.kt

@@ -16,62 +16,107 @@
 
 package com.duckduckgo.app.trackerdetection
 
-
-import android.support.test.runner.AndroidJUnit4
-import com.duckduckgo.app.trackerdetection.Client.ClientName.EASYLIST
-import com.duckduckgo.app.trackerdetection.Client.ClientName.EASYPRIVACY
+import com.duckduckgo.app.trackerdetection.model.DisconnectTracker
+import com.duckduckgo.app.trackerdetection.model.NetworkTrackers
 import com.duckduckgo.app.trackerdetection.model.ResourceType
+import com.nhaarman.mockito_kotlin.any
+import com.nhaarman.mockito_kotlin.mock
+import com.nhaarman.mockito_kotlin.whenever
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
-import org.junit.Before
 import org.junit.Test
-import org.junit.runner.RunWith
+import org.mockito.ArgumentMatchers.anyString
+import java.util.*
 
 
-@RunWith(AndroidJUnit4::class)
 class TrackerDetectorInstrumentationTest {
 
+    private val networkTrackers = NetworkTrackers()
+    private val trackerDetector = TrackerDetector(networkTrackers)
+
     companion object {
-        private val documentUrl = "http://example.com"
         private val resourceType = ResourceType.UNKNOWN
+        private val network = "Network"
+    }
+
+    @Test
+    fun whenThereAreNoClientsThenShouldBlockIsFalse() {
+        assertFalse(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
+    }
+
+    @Test
+    fun whenAllClientsFailToMatchThenShouldBlockIsFalse() {
+        trackerDetector.addClient(neverMatchingClient())
+        trackerDetector.addClient(neverMatchingClient())
+        assertFalse(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
+    }
+
+    @Test
+    fun whenAllClientsMatchThenShouldBlockIsTrue() {
+        trackerDetector.addClient(alwaysMatchingClient())
+        trackerDetector.addClient(alwaysMatchingClient())
+        assertTrue(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
     }
 
-    private lateinit var testee: TrackerDetector
+    @Test
+    fun whenSomeClientsMatchThenShouldBlockIsTrue() {
+        trackerDetector.addClient(neverMatchingClient())
+        trackerDetector.addClient(alwaysMatchingClient())
+        assertTrue(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
+    }
+
+    @Test
+    fun whenUrlHasSameDomainAsDocumentThenShouldBlockIsFalse() {
+        trackerDetector.addClient(alwaysMatchingClient())
+        assertFalse(trackerDetector.shouldBlock("http://example.com/update.js", "http://example.com/index.com", resourceType))
+    }
 
-    @Before
-    fun before() {
-        val easylistAdblock = adblockClient(EASYLIST, "binary/easylist_sample")
-        val easyprivacyAdblock = adblockClient(EASYPRIVACY, "binary/easyprivacy_sample")
-        testee = TrackerDetector()
-        testee.addClient(easyprivacyAdblock)
-        testee.addClient(easylistAdblock)
+    @Test
+    fun whenUrlIsSubdomainOfDocumentThenShouldBlockIsFalse() {
+        trackerDetector.addClient(alwaysMatchingClient())
+        assertFalse(trackerDetector.shouldBlock("http://mobile.example.com/update.js", "http://example.com/index.com", resourceType))
     }
 
     @Test
-    fun whenUrlIsInEasyListThenShouldBlockIsTrue() {
-        val url = "http://imasdk.googleapis.com/js/sdkloader/ima3.js"
-        assertTrue(testee.shouldBlock(url, documentUrl, resourceType))
+    fun whenUrlIsParentOfDocumentThenShouldBlockIsFalse() {
+        trackerDetector.addClient(alwaysMatchingClient())
+        assertFalse(trackerDetector.shouldBlock("http://example.com/update.js", "http://mobile.example.com/index.com", resourceType))
     }
 
     @Test
-    fun whenUrlIsInEasyPrivacyListThenShouldBlockIsTrue() {
-        val url = "http://cdn.tagcommander.com/1705/tc_catalog.css"
-        assertTrue(testee.shouldBlock(url, documentUrl, resourceType))
+    fun whenUrlIsNetworkOfDocumentThenShouldBlockIsFalse() {
+        val networks = Arrays.asList(DisconnectTracker("example.com", "", network, "http://thirdparty.com/"))
+        networkTrackers.updateData(networks)
+        assertFalse(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
     }
 
     @Test
-    fun whenUrlIsNotInAnyTrackerListsThenShouldBlockIsFalse() {
-        val url = "https://duckduckgo.com/index.html"
-        assertFalse(testee.shouldBlock(url, documentUrl, resourceType))
+    fun whenDocumentIsNetworkOfUrlThenShouldBlockIsFalse() {
+        val networks = Arrays.asList(DisconnectTracker("thirdparty.com", "", network, "http://example.com"))
+        networkTrackers.updateData(networks)
+        assertFalse(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
+    }
+
+    @Test
+    fun whenUrlSharesSameNetworkAsDocumentThenShouldBlockIsFalse() {
+        val networks = Arrays.asList(
+                DisconnectTracker("thirdparty.com", "", network, "http://network.com"),
+                DisconnectTracker("example.com", "", network, "http://network.com")
+        )
+        networkTrackers.updateData(networks)
+        assertFalse(trackerDetector.shouldBlock("http://thirdparty.com/update.js", "http://example.com/index.com", resourceType))
+    }
+
+    private fun alwaysMatchingClient(): Client {
+        val client: Client = mock()
+        whenever(client.matches(anyString(), anyString(), any())).thenReturn(true)
+        return client
     }
 
-    private fun adblockClient(name: Client.ClientName, dataFile: String): Client {
-        val data = javaClass.classLoader.getResource(dataFile).readBytes()
-        val initialAdBlock = AdBlockClient(name)
-        initialAdBlock.loadBasicData(data)
-        val adblockWithProcessedData = AdBlockClient(name)
-        adblockWithProcessedData.loadProcessedData(initialAdBlock.getProcessedData())
-        return adblockWithProcessedData
+    private fun neverMatchingClient(): Client {
+        val client: Client = mock()
+        whenever(client.matches(anyString(), anyString(), any())).thenReturn(false)
+        return client
     }
 
 }

app/src/androidTest/java/com/duckduckgo/app/trackerdetection/TrackerDetectorListInstrumentationTest.kt

@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2017 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.app.trackerdetection
+
+
+import android.support.test.runner.AndroidJUnit4
+import com.duckduckgo.app.trackerdetection.Client.ClientName.EASYLIST
+import com.duckduckgo.app.trackerdetection.Client.ClientName.EASYPRIVACY
+import com.duckduckgo.app.trackerdetection.model.NetworkTrackers
+import com.duckduckgo.app.trackerdetection.model.ResourceType
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Before
+import org.junit.Test
+import org.junit.runner.RunWith
+
+
+@RunWith(AndroidJUnit4::class)
+class TrackerDetectorListInstrumentationTest {
+
+    companion object {
+        private val documentUrl = "http://example.com"
+        private val resourceType = ResourceType.UNKNOWN
+    }
+
+    private lateinit var testee: TrackerDetector
+
+    @Before
+    fun before() {
+        val easylistAdblock = adblockClient(EASYLIST, "binary/easylist_sample")
+        val easyprivacyAdblock = adblockClient(EASYPRIVACY, "binary/easyprivacy_sample")
+        testee = TrackerDetector(NetworkTrackers())
+        testee.addClient(easyprivacyAdblock)
+        testee.addClient(easylistAdblock)
+    }
+
+    @Test
+    fun whenUrlIsInEasyListThenShouldBlockIsTrue() {
+        val url = "http://imasdk.googleapis.com/js/sdkloader/ima3.js"
+        assertTrue(testee.shouldBlock(url, documentUrl, resourceType))
+    }
+
+    @Test
+    fun whenUrlIsInEasyPrivacyListThenShouldBlockIsTrue() {
+        val url = "http://cdn.tagcommander.com/1705/tc_catalog.css"
+        assertTrue(testee.shouldBlock(url, documentUrl, resourceType))
+    }
+
+    @Test
+    fun whenUrlIsNotInAnyTrackerListsThenShouldBlockIsFalse() {
+        val url = "https://duckduckgo.com/index.html"
+        assertFalse(testee.shouldBlock(url, documentUrl, resourceType))
+    }
+
+    private fun adblockClient(name: Client.ClientName, dataFile: String): Client {
+        val data = javaClass.classLoader.getResource(dataFile).readBytes()
+        val initialAdBlock = AdBlockClient(name)
+        initialAdBlock.loadBasicData(data)
+        val adblockWithProcessedData = AdBlockClient(name)
+        adblockWithProcessedData.loadProcessedData(initialAdBlock.getProcessedData())
+        return adblockWithProcessedData
+    }
+
+}

app/src/main/java/com/duckduckgo/app/browser/BrowserWebViewClient.kt

@@ -28,7 +28,6 @@ import com.duckduckgo.app.trackerdetection.model.ResourceType
 import com.duckduckgo.app.trackerdetection.model.TrackingEvent
 import io.reactivex.Observable
 import io.reactivex.android.schedulers.AndroidSchedulers
-import kotlinx.android.synthetic.main.activity_browser.view.*
 import timber.log.Timber
 import javax.inject.Inject
 
@@ -39,68 +38,68 @@ class BrowserWebViewClient @Inject constructor(
 ) : WebViewClient() {
 
     var webViewClientListener: WebViewClientListener? = null
+    private var currentUrl: String? = null
 
 
     override fun shouldOverrideUrlLoading(view: WebView, request: WebResourceRequest): Boolean {
-        Timber.v("Url ${request.url}")
-
         if (requestRewriter.shouldRewriteRequest(request)) {
             val newUri = requestRewriter.rewriteRequestWithCustomQueryParams(request.url)
             view.loadUrl(newUri.toString())
             return true
         }
-
-        if (block(request, view.url)) {
-            return true
-        }
-
         return false
     }
 
     override fun onPageStarted(view: WebView?, url: String?, favicon: Bitmap?) {
+        currentUrl = url
         webViewClientListener?.loadingStarted()
         webViewClientListener?.urlChanged(url)
     }
 
     override fun onPageFinished(view: WebView?, url: String?) {
         webViewClientListener?.loadingFinished()
-        webViewClientListener?.urlChanged(url)
     }
 
     @WorkerThread
     override fun shouldInterceptRequest(view: WebView, request: WebResourceRequest): WebResourceResponse? {
         Timber.v("Intercepting resource ${request.url}")
 
-        if (block(request, view.safeUrl())) {
+        if (view.elementClicked() == request.url.toString()) {
+            return null
+        }
+
+        if (block(request, currentUrl)) {
             return WebResourceResponse(null, null, null)
         }
 
         return null
     }
 
     private fun block(request: WebResourceRequest, documentUrl: String?): Boolean {
-
         val url = request.url.toString()
+
         if (documentUrl != null && trackerDetector.shouldBlock(url, documentUrl, ResourceType.from(request))) {
-            Timber.v("WAS BLOCKED $url")
             webViewClientListener?.trackerDetected(TrackingEvent(url, documentUrl, true))
             return true
         }
-
-        Timber.v("NOT blocked $url")
+        
         return false
     }
 
+    private fun WebView.elementClicked(): String? {
+        return safeHitTestResult()?.extra
+    }
 
     /**
-     * Access the webview url from any thread; jumps onto the main thread to achieve this
+     * Access the webview hit test result from any thread; jumps onto the main thread to achieve this
      */
     @AnyThread
-    private fun WebView.safeUrl(): String? {
-        return Observable.just(webView)
+    private fun WebView.safeHitTestResult(): WebView.HitTestResult {
+        return Observable.just(this)
                 .observeOn(AndroidSchedulers.mainThread())
-                .map { webView -> webView.url }
+                .map { webView ->
+                    webView.hitTestResult
+                }
                 .blockingFirst()
     }
-
 }

app/src/main/java/com/duckduckgo/app/di/NetworkModule.kt

@@ -18,8 +18,8 @@ package com.duckduckgo.app.di
 
 import android.content.Context
 import com.duckduckgo.app.browser.R
-import com.duckduckgo.app.trackerdetection.api.TrackerListService
 import com.duckduckgo.app.trackerdetection.api.DisconnectJsonAdapter
+import com.duckduckgo.app.trackerdetection.api.TrackerListService
 import com.squareup.moshi.Moshi
 import dagger.Module
 import dagger.Provides