Protect: Add Threat History

[nateweller]

Proposed changes:

• https://github.com/Automattic/jetpack/pull/37903
• https://github.com/Automattic/jetpack/pull/37988
• https://github.com/Automattic/jetpack/pull/38325
• https://github.com/Automattic/jetpack/pull/38626
• https://github.com/Automattic/jetpack/pull/38656
• https://github.com/Automattic/jetpack/pull/38094
• https://github.com/Automattic/jetpack/pull/38637
• https://github.com/Automattic/jetpack/pull/38703

Other information:

• [ ] Have you written new tests for your changes, if applicable?
• [ ] Have you checked the E2E test CI results, and verified that your changes do not break them?
• [ ] Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

https://github.com/Automattic/jetpack-scan-team/issues/1225

Does this pull request change what data or activity we track or use?

No

Testing instructions:

• Ensure all included PRs have been reviewed and approved.
• Smoke test the Jetpack Protect plugin, specifically the new threat history section.

[github-actions[bot]]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• :white_check_mark: Include a description of your PR changes.
  
• :white_check_mark: Add a "[Status]" label (In Progress, Needs Team Review, ...).
  
• :white_check_mark: Add testing instructions.
  
• :white_check_mark: Specify whether this PR includes any changes to data or privacy.
  
• :white_check_mark: Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation :robot:

---

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

---

Once your PR is ready for review, check one last time that all required checks appearing at the bottom of this PR are passing or skipped. Then, add the "[Status] Needs Team Review" label and ask someone from your team review the code. Once reviewed, it can then be merged. If you need an extra review from someone familiar with the codebase, you can update the labels from "[Status] Needs Team Review" to "[Status] Needs Review", and in that case Jetpack Approvers will do a final review of your PR.

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen daily.
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly. The next release is scheduled for September 3, 2024 (scheduled code freeze on September 2, 2024).

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Backup plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Boost plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Search plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Social plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Starter Plugin plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Protect plugin:

• Next scheduled release: August 12, 2024.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Videopress plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Migration plugin:

• Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Wpcomsh plugin:

• Next scheduled release: on demand (usually Mondays if not sooner).

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[github-actions[bot]]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the add/protect-threat-history branch.

• To test on Simple, run the following command on your sandbox:

  bin/jetpack-downloader test jetpack add/protect-threat-history

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[dkmyta]

Something just came to mind while reviewing this, as part of Jetpack_Protect::plugin_deactivation we Status::delete_option(); should we also clear Scan_History options here?

I don’t think we clear all Protect/WAF options as part of deactivation currently, so I don’t know if its entirely necessary, just seems logical here since we do the same for Status (Scan_ and/or Protect_). Also realizing that this looks like it might only clear one or the other, so if you have both one will likely remain.

UPDATE: Just doubled checked this and it actually appears that neither are currently deleted on plugin deactivation. Seems the method is triggered but we aren't accurately detecting static::OPTION_NAME and static::OPTION_TIMESTAMP_NAME, because its instead accessing the values we define for these in the Status class. This is making me wonder if some of these other Status methods that use static variables are performing similarly.