Closed Bug 1058420 Opened 6 years ago Closed 2 years ago

Add a MozMill test for Application Reputation


(Mozilla QA Graveyard :: Mozmill Tests, defect, P1)

Windows 7


(Not tracked)



(Reporter: gcp, Unassigned)



(Whiteboard: [blocked by bug 908649])

As per

Things to cover:

1) Wait for initial SafeBrowsing DB update
2) Test a download of a file that is whitelisted (I'd suggest a previous Firefox release)
3) Test a download of a file that need a remote lookup (A .zip file on a domain)
4) Test a download of a file that is ignored by extension (none of these:


5) Test a download of a file that is blacklisted (harder to come by, we'd need to host malware on some domain)
Before we can start on this test, the patch on bug 908649 has to be landed. It will happen hopefully soon. But it should not stop us from starting to investigate what's necessary here regards of testcase data. Andreea, who could collect the necessary data, and make those available on

Please keep in mind that this is a Windows only test. I'm setting the priority to P1 due to the major regression in Firefox 32.0 beta.
Blocks: 1057764
Depends on: 908649
Priority: -- → P1
Whiteboard: [blocked by bug 908649]
Andrei will look into that and file a testcase-data bug.
Gian-Carlo, would you mind helping me out with some additional info?
I'm having a hard time finding relevant information for this stuff.

a) Where can I find the "whitelist" mentioned in 1)? Can we modify the list (ie. to add a resource / domain into it so we are sure it is whitelisted?

b) For 2) we would like to use I think that _should_ trigger a remote lookup. But then again, since its hosted in SCL3 and our test machines are in the same network I'm not sure how the DNS resolving works and if this will be considered a "remote lookup". Do you have any pointers on how to test this?

c) For 5) is there a way for us a add a custom blacklist?
Flags: needinfo?(gpascutto)
a) The list comes from Google and we cannot (directly) read or modify it. However AFAIK is whitelisted.
b) The lookups are by domain, IP or network is irrelevant.
c) Yes, but that would mean we test our custom blacklist, not the list the users use. Which means the test would be useless. We should not do that.

If you have a Firefox built with logging, then
export NSPR_LOG_MODULES=nsUrlClassifierDBService:5
should get you the relevant logs to see if a lookup is remote or not.

Monica knows this feature best, needinfoing her to see if she has anything to add.
Flags: needinfo?(gpascutto) → needinfo?(mmc)
gcp covered all of the points here. For 2) and 3) the binary must be unsigned. In all three cases the user-visible outcome will be that the download succeeds as normal.
Flags: needinfo?(mmc)
Mozmill is dead, WONTFIX the remaining bugs.
Closed: 2 years ago
Resolution: --- → WONTFIX
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in before you can comment on or make changes to this bug.