procedural filtering

[antonok-edm]

Resolves brave/brave-browser#16935

Please see self-review notes here before reviewing!

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

1. In brave://settings/shields/filters, subscribe to https://antonok.com/tmp/procedural-filter-tests/test-extended-css-rules.txt.
2. Visit https://antonok.com/tmp/procedural-filter-tests/index.html
3. All of the following numbered test cases should pass:

• 1
• 2
• 3
• 6
• 7
• 8
• 9
• 20
• 21
• 24
• 26
• 28
• 29

Test notes

The tests are from https://testcases.agrd.dev/Filters/extended-css-rules/test-extended-css-rules, with slight modifications to disable autostart. Autostart must be disabled because Brave executes some cosmetic filters with batched operations for performance reasons. The test code runs immediately and synchronously, but those batched operations can occur after the page test logic already declares the tests failed.

Other failures on the test page are expected. Many of the test cases use AdGuard-specific syntax extensions or other features that are not currently supported by this initial implementation - we'll get to those in some followups 😄

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[bridiver]

Why is this in a separate helper file? If this is just for testing, you should add a friend test so it can be a private method in the adblock service

[bridiver]

or is this to make it accessible to ios?

[antonok-edm]

We have two other unit-tested helper methods in there too, seemed like it fit with those.

I don't think we have a mockable version of AdBlockService just yet, moving it there would mean we need to use browsertests.

[bridiver]

I guess this is fine for now, but I'm not a fan of exposing these as public methods. Can we at least move it into an internal target and restrict visibility? This should ideally be the case with any classes that shouldn't be used outside the component.

[antonok-edm]

moved

[github-actions]

[puLL-Merge] - brave/brave-core@24688

Description

This PR introduces support for procedural cosmetic filtering in Brave's ad-blocking engine. It updates the adblock Rust library from version 0.8.12 to 0.9.0 and adds new functionality to handle procedural filters like :has-text(), :upward(), and others. The changes span across multiple components, including the core ad-blocking logic, content scripts, and test files.

Changes

Changes

1. browser/about_flags.cc:

   • Added a new feature flag for procedural filtering.

2. browser/brave_shields/ad_block_service_browsertest.cc:

   • Added new tests for procedural filtering functionality.

3. components/brave_shields/adblock/rs/Cargo.toml:

   • Updated adblock dependency to version 0.9.0.

4. components/brave_shields/content/browser/ad_block_service.cc:

   • Modified UrlCosmeticResources to handle procedural filters.

5. components/brave_shields/core/browser/internal/ad_block_service_helper.cc:

   • Added StripProceduralFilters function to handle standard blocking mode.

6. components/cosmetic_filters/browser/cosmetic_filters_resources.cc:

   • Updated to handle procedural actions in cosmetic resources.

7. components/cosmetic_filters/renderer/cosmetic_filters_js_handler.cc:

   • Modified to support procedural filtering in the renderer.

8. components/cosmetic_filters/resources/data/content_cosmetic.ts:

   • Significant updates to support procedural filtering in content scripts.

9. components/cosmetic_filters/resources/data/procedural_filters.ts:

   • Added new file to implement procedural filtering logic in JavaScript.

10. ios/brave-ios/:

    • Various updates to support procedural filtering on iOS.

11. test/data/cosmetic_filtering.html:

    • Added test cases for procedural filtering.

Possible Issues

1. Performance impact of procedural filtering, especially on large web pages or with complex filters.
2. Potential for increased memory usage due to the additional JavaScript logic for procedural filters.
3. Compatibility issues with existing content scripts or extensions that may interact with the new filtering logic.

Security Hotspots

1. components/cosmetic_filters/resources/data/procedural_filters.ts:

   • The new procedural filtering logic introduces complex DOM manipulation. Ensure proper sanitization and error handling to prevent potential XSS vulnerabilities.

2. components/cosmetic_filters/renderer/cosmetic_filters_js_handler.cc:

   • The changes in script injection and evaluation could potentially expose new attack surfaces. Careful review of the script execution context and permissions is necessary.

3. components/brave_shields/content/browser/ad_block_service.cc:

   • The modification of cosmetic resources to include procedural actions should be carefully reviewed to ensure no malicious filters can be injected.

Overall, this PR significantly enhances Brave's ad-blocking capabilities but introduces complexity that requires careful testing and security review, especially around the new JavaScript-based procedural filtering logic.

[atuchin-m]

@antonok-edm @bridiver
This results in significant increasing the JS inject size to every frame.

I hope you estimated the extra loading delay somehow. Could you share the numbers?

[ShivanKaul]

@atuchin-m to make sure I understand, there's an increase in load times? Does that happen on every page, or only pages with an active filter rule that uses a procedural filter? And does it happen in Standard mode, or also Aggressive mode?

[atuchin-m]

@ShivanKaul
It add an overhead to any page load (we always inject the script if Shields aren't down)
The script size changed in 2x times:

I don't see any major changes in high-level metrics on the dashboard now, but every such change (+10k JS inject) makes Brave harder to compete against Chrome.