Closed Bug 1019933 Opened 6 years ago Closed 4 years ago

ApplicationReputation should warn if the remote verdict UNCOMMON or POTENTIALLY_UNWANTED

Categories

(Toolkit :: Downloads API, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: mmc, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

+++ This bug was initially created as a clone of Bug #1013558 +++

Currently we only return shouldBlock=true if the remote verdict is DANGEROUS, but the API has evolved since then.

UNKNOWN needs a slightly different one, e.g. "download.exe is not commonly downloaded and could be dangerous".

In the UNKNOWN case, Chrome does not delete the downloaded file but does display a warning.
Summary: ApplicationReputation should warn if the remote verdict UNKNOWN → ApplicationReputation should warn if the remote verdict UNKNOWN or POTENTIALLY_UNWANTED
Summary: ApplicationReputation should warn if the remote verdict UNKNOWN or POTENTIALLY_UNWANTED → ApplicationReputation should warn if the remote verdict UNCOMMON or POTENTIALLY_UNWANTED
Btw, strings for this case were decided in https://bugzilla.mozilla.org/show_bug.cgi?id=1053890, though I can't find right now where they actually landed.
It seems that the strings for POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, so an easy fix would just be to return shouldBlock = true if the verdict is POTENTIALLY_UNWANTED.

To support the UNCOMMON case, the API for application reputation has to change to return more than a simple boolean. That could be a followup bug.
No longer blocks: 1146911
Note that supporting these verdicts is still blocked by the full UI in bug 1068656, as the current minimal UI provides no way to distinguish the reason for blocking, and does not provide an obvious way to unblock (the option is in the context menu only).
Depends on: 1068656
(In reply to :Paolo Amadini from comment #6)
> Note that supporting these verdicts is still blocked by the full UI in bug
> 1068656, as the current minimal UI provides no way to distinguish the reason
> for blocking, and does not provide an obvious way to unblock (the option is
> in the context menu only).

That's too bad -- I thought that since the warning text for POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, it would be OK to collapse that one into the current behavior.
(In reply to [:mmc] Monica Chew (please use needinfo) from comment #7)
> That's too bad -- I thought that since the warning text for
> POTENTIALLY_UNWANTED and DANGEROUS/DANGEROUS_HOST are the same, it would be
> OK to collapse that one into the current behavior.

Are we talking about the same states? There are three states we will support eventually, and they have different strings, as well as different severity conveyed through the user interface:

http://mxr.mozilla.org/mozilla-central/source/browser/locales/en-US/chrome/browser/downloads/downloads.properties#41

See for example attachment 8483575 [details] from bug 1053890.
You are right, I was looking at the wrong strings from https://bug1053890.bugzilla.mozilla.org/attachment.cgi?id=8479351.
Component: DOM: Security → Download Manager
Product: Core → Toolkit
Duplicate of this bug: 1054019
Depends on: 1265359, 1265358
No longer depends on: 1068656
This landed in time for Fx48.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.