Merge branch 'main' into sam/fix-codeql-xcode-version

* main:
  Fix syncing empty favorites folders (#546)
  Alert user about abnormal app conditions (#539)
  Bump Tests/BrowserServicesKitTests/Resources/privacy-reference-tests (#543)
  NetP iOS notifications settings (#541)
  Secure vault app group support (#532)
  Update autofill to 9.0.0 (#537)
  linting (#542)
  feat(dashboard): updating feedback form (#533)
  Improved IPC support (#536)
  bump C-S-S for duckplayer on big sur (#538) (#540)
  Append build number to metricKit crash version (#534)

Package.resolved

@@ -14,17 +14,17 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/duckduckgo/content-scope-scripts",
       "state" : {
-        "revision" : "aa279a3b006a0b1e009707311283c7fcaed24fb7",
-        "version" : "4.39.0"
+        "revision" : "254b23cf292140498650421bb31fd05740f4579b",
+        "version" : "4.40.0"
       }
     },
     {
       "identity" : "duckduckgo-autofill",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/duckduckgo/duckduckgo-autofill.git",
       "state" : {
-        "revision" : "6dd7d696d4e666cedb2f1890a46fe53615226646",
-        "version" : "8.4.2"
+        "revision" : "c8e895c8fd50dc76e8d8dc827a636ad77b7f46ff",
+        "version" : "9.0.0"
       }
     },
     {
@@ -41,8 +41,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/duckduckgo/privacy-dashboard",
       "state" : {
-        "revision" : "51e2b46f413bf3ef18afefad631ca70f2c25ef70",
-        "version" : "1.4.0"
+        "revision" : "b4ac92a444e79d5651930482623b9f6dc9265667",
+        "version" : "2.0.0"
       }
     },
     {

Package.swift

@@ -17,6 +17,7 @@ let package = Package(
         .library(name: "DDGSync", targets: ["DDGSync"]),
         .library(name: "Persistence", targets: ["Persistence"]),
         .library(name: "Bookmarks", targets: ["Bookmarks"]),
+        .library(name: "BloomFilterWrapper", targets: ["BloomFilterWrapper"]),
         .library(name: "UserScript", targets: ["UserScript"]),
         .library(name: "Crashes", targets: ["Crashes"]),
         .library(name: "ContentBlocking", targets: ["ContentBlocking"]),
@@ -31,13 +32,13 @@ let package = Package(
         .library(name: "SecureStorage", targets: ["SecureStorage"])
     ],
     dependencies: [
-        .package(url: "https://github.com/duckduckgo/duckduckgo-autofill.git", exact: "8.4.2"),
+        .package(url: "https://github.com/duckduckgo/duckduckgo-autofill.git", exact: "9.0.0"),
         .package(url: "https://github.com/duckduckgo/GRDB.swift.git", exact: "2.2.0"),
         .package(url: "https://github.com/duckduckgo/TrackerRadarKit", exact: "1.2.1"),
         .package(url: "https://github.com/duckduckgo/sync_crypto", exact: "0.2.0"),
         .package(url: "https://github.com/gumob/PunycodeSwift.git", exact: "2.1.0"),
-        .package(url: "https://github.com/duckduckgo/content-scope-scripts", exact: "4.39.0"),
-        .package(url: "https://github.com/duckduckgo/privacy-dashboard", exact: "1.4.0"),
+        .package(url: "https://github.com/duckduckgo/content-scope-scripts", exact: "4.40.0"),
+        .package(url: "https://github.com/duckduckgo/privacy-dashboard", exact: "2.0.0"),
         .package(url: "https://github.com/httpswift/swifter.git", exact: "1.5.0"),
         .package(url: "https://github.com/duckduckgo/bloom_cpp.git", exact: "3.0.0"),
         .package(url: "https://github.com/duckduckgo/wireguard-apple", exact: "1.1.1")
@@ -87,11 +88,16 @@ let package = Package(
                 "Bookmarks"
             ]
         ),
-         .target(
-            name: "BloomFilterWrapper",
+        .target(
+            name: "BloomFilterObjC",
             dependencies: [
                 .product(name: "BloomFilter", package: "bloom_cpp")
             ]),
+        .target(
+            name: "BloomFilterWrapper",
+            dependencies: [
+                "BloomFilterObjC"
+            ]),
         .target(
             name: "Crashes"
         ),
@@ -196,6 +202,9 @@ let package = Package(
                 .target(name: "WireGuardC"),
                 .product(name: "WireGuard", package: "wireguard-apple"),
                 "Common"
+            ],
+            swiftSettings: [
+                .define("DEBUG", .when(configuration: .debug))
             ]),
         .target(
             name: "SecureStorage",

Sources/BloomFilterWrapper/BloomFilterWrapper.mm → Sources/BloomFilterObjC/BloomFilterObjC.mm

@@ -17,15 +17,15 @@
 //  limitations under the License.
 //
 
-#import "BloomFilterWrapper.h"
+#import "BloomFilterObjC.h"
 #import "BloomFilter.hpp"
 
-@interface BloomFilterWrapper() {
+@interface BloomFilterObjC() {
     BloomFilter *filter;
 }
 @end
 
-@implementation BloomFilterWrapper
+@implementation BloomFilterObjC
 
 - (instancetype)initFromPath:(NSString*)path withBitCount:(int)bitCount andTotalItems:(int)totalItems {
     self = [super init];

Sources/BloomFilterWrapper/include/BloomFilterWrapper.h → Sources/BloomFilterObjC/include/BloomFilterObjC.h

@@ -18,7 +18,7 @@
 //
 #import <Foundation/Foundation.h>
 
-@interface BloomFilterWrapper : NSObject
+@interface BloomFilterObjC: NSObject
 - (instancetype)initFromPath:(NSString*)path withBitCount:(int)bitCount andTotalItems:(int)totalItems;
 - (instancetype)initWithTotalItems:(int)count errorRate:(double)errorRate;
 - (void)dealloc;

Sources/BloomFilterWrapper/include/module.modulemap → Sources/BloomFilterObjC/include/module.private.modulemap

@@ -1,4 +1,4 @@
 module BloomFilterWrapper {
-    header "BloomFilterWrapper.h"
+    header "BloomFilterObjC.h"
     export *
 }

Sources/BloomFilterWrapper/BloomFilterWrapper.swift

@@ -0,0 +1,40 @@
+//
+//  BloomFilterWrapper.swift
+//
+//  Copyright © 2023 DuckDuckGo. All rights reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+import Foundation
+@_implementationOnly import BloomFilterObjC
+
+public final class BloomFilterWrapper {
+    private let bloomFilter: BloomFilterObjC
+
+    public init(fromPath path: String, withBitCount bitCount: Int32, andTotalItems totalItems: Int32) {
+        bloomFilter = BloomFilterObjC(fromPath: path, withBitCount: bitCount, andTotalItems: totalItems)
+    }
+
+    public init(totalItems count: Int32, errorRate: Double) {
+        bloomFilter = BloomFilterObjC(totalItems: count, errorRate: errorRate)
+    }
+
+    public func add(_ entry: String) {
+        bloomFilter.add(entry)
+    }
+
+    public func contains(_ entry: String) -> Bool {
+        bloomFilter.contains(entry)
+    }
+}

Sources/BrowserServicesKit/ContentBlocking/ContentBlockerRulesManager.swift

@@ -116,6 +116,7 @@ public class ContentBlockerRulesManager: CompiledRuleListsSource {
     public var updatesPublisher: AnyPublisher<UpdateEvent, Never> {
         updatesSubject.eraseToAnyPublisher()
     }
+    public var onCriticalError: (() -> Void)?
 
     private let errorReporting: EventMapping<ContentBlockerDebugEvents>?
     private let getLog: () -> OSLog
@@ -288,6 +289,7 @@ public class ContentBlockerRulesManager: CompiledRuleListsSource {
                 sourceManager = ContentBlockerRulesSourceManager(rulesList: rulesList,
                                                                  exceptionsSource: self.exceptionsSource,
                                                                  errorReporting: self.errorReporting,
+                                                                 onCriticalError: self.onCriticalError,
                                                                  log: log)
                 self.sourceManagers[rulesList.name] = sourceManager
             }

Sources/BrowserServicesKit/ContentBlocking/ContentBlockerRulesSourceManager.swift

@@ -96,6 +96,7 @@ public class ContentBlockerRulesSourceManager {
     public private(set) var fallbackTDSFailure = false
 
     private let errorReporting: EventMapping<ContentBlockerDebugEvents>?
+    private let onCriticalError: (() -> Void)?
     private let getLog: () -> OSLog
     private var log: OSLog {
         getLog()
@@ -105,10 +106,12 @@ public class ContentBlockerRulesSourceManager {
     init(rulesList: ContentBlockerRulesList,
          exceptionsSource: ContentBlockerRulesExceptionsSource,
          errorReporting: EventMapping<ContentBlockerDebugEvents>? = nil,
+         onCriticalError: (() -> Void)? = nil,
          log: @escaping @autoclosure () -> OSLog = .disabled) {
         self.rulesList = rulesList
         self.exceptionsSource = exceptionsSource
         self.errorReporting = errorReporting
+        self.onCriticalError = onCriticalError
         self.getLog = log
     }
 
@@ -186,7 +189,7 @@ public class ContentBlockerRulesSourceManager {
             compilationFailed(for: input, with: error, brokenSources: brokenSources)
             return
         }
-        
+
         compilationFailed(for: input, with: error, brokenSources: brokenSources)
     }
 
@@ -196,6 +199,7 @@ public class ContentBlockerRulesSourceManager {
     private func compilationFailed(for input: ContentBlockerRulesSourceIdentifiers,
                                    with error: Error,
                                    brokenSources: RulesSourceBreakageInfo) {
+
         if input.tdsIdentifier != rulesList.fallbackTrackerData.etag {
             os_log(.debug, log: log, "Falling back to embedded TDS")
             // We failed compilation for non-embedded TDS, marking it as broken.
@@ -243,10 +247,19 @@ public class ContentBlockerRulesSourceManager {
                                  parameters: params,
                                  onComplete: { _ in
                 if input.name == DefaultContentBlockerRulesListsSource.Constants.trackerDataSetRulesListName {
-                    fatalError("Could not compile embedded rules list")
+                    self.handleCriticalError()
                 }
             })
             fallbackTDSFailure = true
         }
     }
+
+    private func handleCriticalError() {
+        if let onCriticalError = self.onCriticalError {
+            onCriticalError()
+        } else {
+            fatalError("Could not compile embedded rules list")
+        }
+    }
+
 }

Sources/BrowserServicesKit/Email/EmailManager.swift

@@ -104,8 +104,10 @@ public protocol EmailManagerRequestDelegate: AnyObject {
                       httpBody: Data?,
                       timeoutInterval: TimeInterval) async throws -> Data
 
-    func emailManagerKeychainAccessFailed(accessType: EmailKeychainAccessType, error: EmailKeychainAccessError)
-
+    func emailManagerKeychainAccessFailed(_ emailManager: EmailManager,
+                                          accessType: EmailKeychainAccessType, 
+                                          error: EmailKeychainAccessError)
+
 }
 // swiftlint:enable function_parameter_count
 
@@ -164,6 +166,7 @@ public class EmailManager {
 
     public enum NotificationParameter {
         public static let cohort = "cohort"
+        public static let isForcedSignOut = "isForcedSignOut"
     }
 
     private lazy var emailUrls = EmailUrls()
@@ -184,7 +187,7 @@ public class EmailManager {
             return try storage.getUsername()
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .getUsername, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .getUsername, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -203,7 +206,7 @@ public class EmailManager {
             return try storage.getToken()
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .getToken, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .getToken, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -222,7 +225,7 @@ public class EmailManager {
             return try storage.getAlias()
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .getAlias, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .getAlias, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -241,7 +244,7 @@ public class EmailManager {
             return try storage.getCohort()
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .getCohort, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .getCohort, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -260,7 +263,7 @@ public class EmailManager {
             return try storage.getLastUseDate() ?? ""
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .getLastUseData, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .getLastUseData, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -281,7 +284,7 @@ public class EmailManager {
             try storage.store(lastUseDate: dateString)
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .storeLastUseDate, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .storeLastUseDate, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -314,7 +317,7 @@ public class EmailManager {
         dateFormatter.timeZone = TimeZone(identifier: "America/New_York") // Use ET time zone
     }
 
-    public func signOut() throws {
+    public func signOut(isForced: Bool = false) throws {
         Self.lock.lock()
         defer {
             Self.lock.unlock()
@@ -331,19 +334,24 @@ public class EmailManager {
             if let currentCohortValue = currentCohortValue {
                 notificationParameters[NotificationParameter.cohort] = currentCohortValue
             }
+            notificationParameters[NotificationParameter.isForcedSignOut] = isForced ? "true" : nil
 
             NotificationCenter.default.post(name: .emailDidSignOut, object: self, userInfo: notificationParameters)
 
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                self.requestDelegate?.emailManagerKeychainAccessFailed(accessType: .deleteAuthenticationState, error: error)
+                self.requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .deleteAuthenticationState, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
             throw error
         }
     }
 
+    public func forceSignOut() {
+        try? signOut(isForced: true)
+    }
+
     public func emailAddressFor(_ alias: String) -> String {
         return alias + "@" + Self.emailDomain
     }
@@ -540,7 +548,7 @@ public extension EmailManager {
 
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                requestDelegate?.emailManagerKeychainAccessFailed(accessType: .storeTokenUsernameCohort, error: error)
+                requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .storeTokenUsernameCohort, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -597,7 +605,7 @@ private extension EmailManager {
             try storage.deleteAlias()
         } catch {
             if let error = error as? EmailKeychainAccessError {
-                self.requestDelegate?.emailManagerKeychainAccessFailed(accessType: .deleteAlias, error: error)
+                self.requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .deleteAlias, error: error)
             } else {
                 assertionFailure("Expected EmailKeychainAccessFailure")
             }
@@ -642,7 +650,7 @@ private extension EmailManager {
                 try self.storage.store(alias: alias)
             } catch {
                 if let error = error as? EmailKeychainAccessError {
-                    self.requestDelegate?.emailManagerKeychainAccessFailed(accessType: .storeAlias, error: error)
+                    self.requestDelegate?.emailManagerKeychainAccessFailed(self, accessType: .storeAlias, error: error)
                 } else {
                     assertionFailure("Expected EmailKeychainAccessFailure")
                 }

Sources/BrowserServicesKit/SmarterEncryption/HTTPSUpgradeStore.swift

@@ -17,6 +17,7 @@
 //
 
 import BloomFilterWrapper
+import Foundation
 
 public protocol HTTPSUpgradeStore {
 

Sources/BrowserServicesKit/SmarterEncryption/Store/AppHTTPSUpgradeStore.swift

@@ -102,7 +102,7 @@ public struct AppHTTPSUpgradeStore: HTTPSUpgradeStore {
         let wrapper = BloomFilterWrapper(fromPath: bloomFilterDataURL.path,
                                          withBitCount: Int32(specification.bitCount),
                                          andTotalItems: Int32(specification.totalEntries))
-        return BloomFilter(wrapper: wrapper!, specification: specification)
+        return BloomFilter(wrapper: wrapper, specification: specification)
     }
 
     func loadStoredBloomFilterSpecification() -> HTTPSBloomFilterSpecification? {