Closed Bug 977236 Opened 11 years ago Closed 11 years ago

Use referrer for blocklisting and for remote query in ApplicationReputation check

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30

People

(Reporter: mmc, Assigned: mmc)

References

(Blocks 1 open bug)

Details

Attachments

(1 file, 3 obsolete files)

Use referrer for application reputation checks (
(deleted), patch
mmc
: review+
Details | Diff | Splinter Review
+++ This bug was initially created as a clone of Bug #933432 +++ We need to pass the referrer and also check it against the blocklist.
Blocks: 933432
No longer depends on: 933432
No longer depends on: 895476, 928536, 964465, 966557, 967298
Assignee: nobody → mmc
Status: NEW → ASSIGNED
Attachment #8390269 - Attachment is obsolete: true
Attachment #8390271 - Attachment is obsolete: true
Comment on attachment 8390277 [details] [diff] [review] Use referrer for application reputation checks ( Review of attachment 8390277 [details] [diff] [review]: ----------------------------------------------------------------- gcp, after I wrote https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc I realized that blocklisting trumps allowlisting. Also since we're supposed to eventually check the redirect chain against the blocklist, I went ahead and split that array up into 2. Paolo, please review Download changes. Thanks, Monica
Attachment #8390277 - Flags: review?(paolo.mozmail)
Attachment #8390277 - Flags: review?(gpascutto)
Comment on attachment 8390277 [details] [diff] [review] Use referrer for application reputation checks ( Review of attachment 8390277 [details] [diff] [review]: ----------------------------------------------------------------- I only looked at DownloadIntegration.jsm, I get the other files are all for gcp to review? DownloadIntegration.jsm only needs the change below (no need to ask for review again on that file). ::: toolkit/components/jsdownloads/src/DownloadIntegration.jsm @@ +523,5 @@ > } > let deferred = Promise.defer(); > gApplicationReputationService.queryReputation({ > sourceURI: NetUtil.newURI(aDownload.source.url), > + referrerURI: NetUtil.newURI(aDownload.source.referrer), aDownload.source.referrer may be null or empty, in this case we shouldn't call newURI but just pass null.
Attachment #8390277 - Flags: review?(paolo.mozmail)
Attachment #8390277 - Flags: review?(gpascutto) → review+
Thanks kwierso. I thought my try was green but I see now that the mac builds never finished: https://tbpl.mozilla.org/?tree=Try&rev=f09134d814aa
Flags: needinfo?(mmc)
(In reply to Monica Chew [:mmc] (please use needinfo) from comment #7) > Thanks kwierso. I thought my try was green but I see now that the mac builds > never finished: > > https://tbpl.mozilla.org/?tree=Try&rev=f09134d814aa Argh, now they are finished, and still green for tests that broke on inbound :(
Attachment #8390277 - Attachment is obsolete: true
I forgot the uuid change, which explains why it was green on try on broke inbound.
Keywords: checkin-needed
https://hg.mozilla.org/integration/fx-team/rev/8f1f641ad257
Flags: in-testsuite+
Keywords: checkin-needed
Whiteboard: [fixed-in-fx-team]
https://hg.mozilla.org/mozilla-central/rev/8f1f641ad257
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → mozilla30
Depends on: 984160
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: