Skip to content

Enhance page source monitoring and threat response #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JohnDuprey merged 12 commits into from
Dec 17, 2025
Merged

Enhance page source monitoring and threat response #112

JohnDuprey merged 12 commits into from
Dec 17, 2025

Conversation

@Zacgoose
Copy link
Contributor

@Zacgoose Zacgoose commented Nov 24, 2025

Added functions to compute page source hash and check for significant changes. Implemented scheduling for threat-triggered re-scans with progressive delays.

Copilot AI review requested due to automatic review settings November 24, 2025 09:33
Copilot AI reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the security extension's page monitoring capabilities by adding source hash-based change detection and implementing a threat-triggered re-scan mechanism with progressive delays to catch late-loading malicious content.

Key changes:

  • Implemented djb2-based hashing with intelligent sampling to efficiently detect page source changes
  • Added automated re-scan scheduling when threats are detected, with progressive delays (800ms, 2000ms) and a maximum of 2 follow-up scans
  • Integrated page source change detection into the rate limiting logic to avoid unnecessary re-scans when content hasn't actually changed

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Zacgoose Zacgoose marked this pull request as draft December 4, 2025 00:21
@Zacgoose
Copy link
Contributor Author

Zacgoose commented Dec 5, 2025

do not worry, I will squash and rebase if required...

@Zacgoose Zacgoose requested a review from Copilot December 5, 2025 10:58
Copilot AI reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 32 out of 33 changed files in this pull request and generated 7 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Zacgoose Zacgoose requested a review from Copilot December 6, 2025 03:57
Copilot AI reviewed Dec 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 37 out of 38 changed files in this pull request and generated 5 comments.

Comments suppressed due to low confidence (1)

scripts/content.js:1713

  • Unused variable result.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Zacgoose
Add Firefox support and documentation updates
eb19ae8 
Introduces full Firefox 109+ support, including new manifest, browser polyfill, and enterprise deployment via policies.json. Updates documentation to cover Firefox installation, deployment, and configuration. Adds new settings (e.g., validPageBadgeTimeout), expands detection rule documentation for code-driven logic, and updates branding and general settings guides for cross-browser compatibility.
@Zacgoose Zacgoose marked this pull request as ready for review December 6, 2025 04:09
JohnDuprey and others added 11 commits December 6, 2025 14:40
@JohnDuprey
update webhooks to send to both CIPP and generic on event
597a77a
@JohnDuprey
Refactor webhook and CIPP reporting logic
d778436 
Webhooks and CIPP reports are now sent only via explicit message handlers to avoid duplicate reporting. Updated logic for sending and defanging URLs in webhook payloads, improved logging, and enhanced code consistency and formatting throughout content.js and background.js.
@Zacgoose
code driven support for page legitimacy detection
83dde1c
@Zacgoose
Merge pull request #10 from Zacgoose/copilot/improve-phishing-detecti…
92963c2 
…on-rules

Add bypass techniques research, testing framework, and code-driven detection rules for phishing detection
@Zacgoose
Update detection-rules.json
8ae4b1b 
Signed-off-by: Zacgoose <[email protected]>
@Zacgoose
some extra debugging
f736cd1
@Zacgoose
Merge pull request #11 from Zacgoose/test-m365maps-fixes
2498801 
Make secondary checks less heavy and some extra logging
@Zacgoose
Allow manual rescan to bypass re-scan blocking mechanism and show mor…
fc1783c 
…e phishing logs and indicators
@Zacgoose
Merge pull request #12 from Zacgoose/copilot/fix-rescan-button-blocking
d9cfed6 
Fix manual re-scan blocking and service worker wake-up
@Zacgoose
Reduce false positives and improve some rules
8722b2d
@Zacgoose
Merge pull request #14 from Zacgoose/reduce-false-positive
046a8e5 
Reduce false positives and improve some rules
@JohnDuprey JohnDuprey merged commit 0489153 into CyberDrain:dev Dec 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zacgoose @JohnDuprey