Add VirusTotal scan results to add-on details

[seanbudd]

Link to issue number:

Replaces #16510 and #16316
Related discussion #16241

Summary of the issue:

• Add-ons have been scanned by VirusTotal, but there is no easy way for a user to use this information to make an informed decision before installing an add-on
• Our warning about the safety/security of add-ons could include additional information on researching the safety of add-ons

Description of user facing changes:

• A new action for add-ons in the add-on store to view the scan results of an add-on
• Added information in the details panel of an add-on: summary of scan results, and scan URL
• Updated the user guide

Description of developer facing changes:

None

Description of development approach:

• Created a new VirusTotalScanResults structure to capture results from the add-on store metadata JSON

Testing strategy:

• Tested viewing the scan results for an add-on in the store
• Tested that an add-on with no scan results (externally installed) can be viewed properly from within the store

Known issues with pull request:

None

Code Review Checklist:

• Documentation:
  • Change log entry
  • User Documentation
  • Developer / Technical Documentation
  • Context sensitive help for GUI changes
• Testing:
  • Unit tests
  • System (end to end) tests
  • Manual testing
• UX of all users considered:
  • Speech
  • Braille
  • Low Vision
  • Different web browsers
  • Localization in other languages / culture than English
• API is compatible with existing add-ons.
• Security precautions taken.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull Request Overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Adriani90]

This is a great improvement, thank you Sean for this nice work.
Is there a way to run virus total scans on add-on updates as well? So users can see the scan results before updating?

[seanbudd]

@Adriani90 - add-ons are scanned when they are submitted to the store. You should be able to view the scan results before updating.

[Qchristensen]

Reads well. Showing VirusTotal results is a good inclusion for user peace of mind.

It is also worth noting that the new warning text is not in response to any incident or malicious add-on, but simply ensuring users are aware of the scope of access add-ons have always had. We have a robust and healthy add-on ecosystem - their power can make them very useful, but it is important to be aware of their potential access before downloading particularly from an unknown source.