Closed Bug 781147 Opened 12 years ago Closed 6 years ago

Experiment with a "Security Diagnostic" tool

Categories

(DevTools Graveyard :: Graphic Commandline and Toolbar, enhancement, P3)

Product:
DevTools Graveyard
Component:
Graphic Commandline and Toolbar
Platform:
x86
macOS
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: paul, Unassigned)

Details

Attachments

(1 file, 4 obsolete files)

experimental patch - v0.009?
17.00 KB, patch
Details | Diff | Splinter Review 
      No description provided.
Attached patch experimental patch - v0.007 (obsolete) — Splinter Review 

    
    

    
  
First approach:

How to use:
1) start tracking a page by typing: "security-report-start" in the command line
2) type "security-report-show" to open the report (click on the update button update the page)
3) "security-report-stop" stops the tracking process

Right now, it only tracks the number of click on the page (useless, just for testing purpose).

The interesting parts are:
- browser/devtools/security-report/security-recorder.jsm
Where you build the "tracking" process.
- browser/devtools/security-report/security-renderer.jsm
Where you render the collected data.

    
    

    
  
Looks like there is a bug in the makefile.  I did an hg pull and update, applied the patch, and tried to build.  I get this error:


make -C security-report export
make[7]: Entering directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg/browser/devtools/security-report'
Makefile:18: *** missing separator.  Stop.
make[7]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg/browser/devtools/security-report'
make[6]: *** [export] Error 2
make[6]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg/browser/devtools'
make[5]: *** [export] Error 2
make[5]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg/browser'
make[4]: *** [export_tier_app] Error 2
make[4]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg'
make[3]: *** [tier_app] Error 2
make[3]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg'
make[2]: *** [default] Error 2
make[2]: Leaving directory `/Users/tvyas/dev/mozilla-central/obj-ff-dbg'
make[1]: *** [realbuild] Error 2
make: *** [build] Error 2

    
    

    
  

      
      
      
      

        Attached patch
          
          
        experimental patch - v0.008 (obsolete)
        — Splinter Review
      

    


  
fixed build problem

    
  

        Attachment #650050 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        experimental patch - v0.009? (obsolete)
        — Splinter Review
      

    


  
Un-bitrotted

        Attachment #650818 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        experimental patch - v0.009? (obsolete)
        — Splinter Review
      

    


  
Un-bitrotted for Ameya to work on

        Attachment #668461 -
        Attachment is obsolete: true

    
    

    
  
Do we have any documentation regarding what kind of security properties we can/want to detect?

    
    

    
  
(In reply to David Rajchenbach Teller [:Yoric] from comment #7)
> Do we have any documentation regarding what kind of security properties we
> can/want to detect?

https://etherpad.mozilla.org/securityreport

    
    

    
  


  
Updated to reflect build changes

        Attachment #710666 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 726191 [details] [diff] [review]
experimental patch - v0.009?

Review of attachment 726191 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/devtools/commandline/CmdSecurityReport.jsm
@@ +17,5 @@
> + * Security Report commands
> + */
> +
> +gcli.addCommand({
> +  name: "security-report-show",

4 things:
- JSM loading is slow, so we should have fewer of them. We've been adding mostly to BuiltinCommands.jsm when there isn't a better owner, but this also goes for reporter/security-recorder/security-renderer also.
- We should consider using subcommands. See the 'addon' set of command in BuiltinCommands.jsm
- I think we need a strategy around reporting commands in general.
  We might need "report security start" or something. We'll need to think about this
- Perhaps the show should happen automatically with the stop?

@@ +29,5 @@
> +  },
> +});
> +
> +gcli.addCommand({
> +  name: "security-report-start",

Can we not be 'started' at all times? Does this slow things down?

::: browser/devtools/moz.build
@@ +19,5 @@
>      'responsivedesign',
>      'framework',
>      'profiler',
>      'fontinspector',
> +    'security-report',

Could we lose the '-' please?

::: browser/devtools/security-report/security-report.html
@@ +1,5 @@
> +<html xmlns="http://www.w3.org/1999/xhtml">
> +  <head>
> +    <title>Security Report</title>
> +    <link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/warning-16.png" />
> +    <style>

Perhaps we should split this out so it could be themed?
Severity: normal → enhancement
Component: Developer Tools → Developer Tools: Graphic Commandline and Toolbar
Priority: -- → P3

    
  
Product: Firefox → DevTools

    
    

    
  
Per bug 1491875, this component has been closed, and the affected code is being removed from Firefox. Closing this bug as incomplete.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE

    
  
Product: DevTools → DevTools Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: