Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

My Jetpack: Add red bubble & notice when Protect threats detected #40719

Open
wants to merge 6 commits into
base: add/protect-fix-threats-status
Choose a base branch
from

Conversation

elliottprogrammer
Copy link
Contributor

@elliottprogrammer elliottprogrammer commented Dec 21, 2024

This PR adds the redbubble and notice/banner when Protect detects any vulnerability threats.

Fixes https://github.com/Automattic/jetpack-roadmap/issues/1431

Other information:

  • Have you written new tests for your changes, if applicable?
  • Have you checked the E2E test CI results, and verified that your changes do not break them?
  • Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

Project Thread: pbNhbs-bJN-p2
Design post: p1HpG7-umC-p2

Does this pull request change what data or activity we track or use?

Testing instructions:

  • Install/activate Jetpack Protect with a paid Scan upgrade/plan
  • Using the Scan Helper in the Jetpack Debug Helper/Tools plugin, select the first EIACAR Threats selection to Add five EICAR threats to the site (one for every severity).
  • Run a scan to detect them - ensure threats are detected.
  • Go to My Jetpack page.
  • Verify you see a red bubble on the top level "Jetpack" menu item, and you see the notice/banner at the top of the page (See screenshot):

Screen Shot 2024-12-21 at 10 17 55

  • Verify the notice/banner is an error notice (has a red border and a a red error icon).
  • Now, using the Scan Helper in the Jetpack Debug Helper/Tools plugin again, remove the first EIACAR Threats selection and add a different threat (like maybe a vulnerable plugin threat) - This one will be 'non-critical'.
  • Run a new scan to detect the new threat changes.
  • Now verify the notice/banner is an warning notice (has a yellow border and a yellow warning icon). See screenshot:

Screen Shot on 2024-12-21 at 11-20-32

  • Check the CTA's. Verify the Primary CTA leads to the Protect plugin dashboard, and the secondary CTA leads to the Jetpack.com /support/scan/#how-do-i-fix-threats page.
  • Check the notice/banner in all viewport sizes.
  • Disable the Protect standalone plugin and activate only the Main Jetpack plugin.
  • Verify everything seems the same except the references to "Protect" now say "Scan", and that the primary CTA leads to the Scan dashboard in Jetpack cloud, instead of the Protect plugin. See screenshot:

Screen Shot 2024-12-21 at 11 50 42

Copy link
Contributor

github-actions bot commented Dec 21, 2024

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the add/protect-redbubble-and-notice branch.

  • To test on Simple, run the following command on your sandbox:

    bin/jetpack-downloader test jetpack add/protect-redbubble-and-notice
    

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

Copy link
Contributor

github-actions bot commented Dec 21, 2024

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  • 🔴 Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖


The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.


Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Choose a review path based on your changes:
    • A. Team Review: add the "[Status] Needs Team Review" label
      • For most changes, including minor cross-team impacts.
      • Example: Updating a team-specific component or a small change to a shared library.
    • B. Crew Review: add the "[Status] Needs Review" label
      • For significant changes to core functionality.
      • Example: Major updates to a shared library or complex features.
    • C. Both: Start with Team, then request Crew
      • For complex changes or when you need extra confidence.
      • Example: Refactor affecting multiple systems.
  3. Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

@elliottprogrammer elliottprogrammer requested a review from a team December 21, 2024 17:01
@github-actions github-actions bot added the [Status] Needs Author Reply We would need you to make some changes or provide some more details about your PR. Thank you! label Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[Package] My Jetpack [Status] Needs Author Reply We would need you to make some changes or provide some more details about your PR. Thank you! [Status] Needs Team Review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant