Closed Bug 1058420 Opened 6 years ago Closed 2 years ago
Add a Moz
Mill test for Application Reputation
As per https://bugzilla.mozilla.org/show_bug.cgi?id=1057764#c46 Things to cover: 1) Wait for initial SafeBrowsing DB update 2) Test a download of a file that is whitelisted (I'd suggest a previous Firefox release) 3) Test a download of a file that need a remote lookup (A .zip file on a non-mozilla.org/com domain) 4) Test a download of a file that is ignored by extension (none of these: http://dxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/ApplicationReputation.cpp#371) Ideally: 5) Test a download of a file that is blacklisted (harder to come by, we'd need to host malware on some non-mozilla.org/com domain)
Before we can start on this test, the patch on bug 908649 has to be landed. It will happen hopefully soon. But it should not stop us from starting to investigate what's necessary here regards of testcase data. Andreea, who could collect the necessary data, and make those available on mozqa.com? Please keep in mind that this is a Windows only test. I'm setting the priority to P1 due to the major regression in Firefox 32.0 beta.
Andrei will look into that and file a testcase-data bug.
Gian-Carlo, would you mind helping me out with some additional info? I'm having a hard time finding relevant information for this stuff. a) Where can I find the "whitelist" mentioned in 1)? Can we modify the list (ie. to add a resource / domain into it so we are sure it is whitelisted? b) For 2) we would like to use mozqa.com. I think that _should_ trigger a remote lookup. But then again, since its hosted in SCL3 and our test machines are in the same network I'm not sure how the DNS resolving works and if this will be considered a "remote lookup". Do you have any pointers on how to test this? c) For 5) is there a way for us a add a custom blacklist?
a) The list comes from Google and we cannot (directly) read or modify it. However AFAIK mozilla.org is whitelisted. b) The lookups are by domain, IP or network is irrelevant. c) Yes, but that would mean we test our custom blacklist, not the list the users use. Which means the test would be useless. We should not do that. If you have a Firefox built with logging, then export NSPR_LOG_MODULES=nsUrlClassifierDBService:5 should get you the relevant logs to see if a lookup is remote or not. Monica knows this feature best, needinfoing her to see if she has anything to add.
Flags: needinfo?(gpascutto) → needinfo?(mmc)
gcp covered all of the points here. For 2) and 3) the binary must be unsigned. In all three cases the user-visible outcome will be that the download succeeds as normal.
Mozmill is dead, WONTFIX the remaining bugs.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.