Closed
Bug 1138721
Opened 10 years ago
Closed 10 years ago
Application reputation should check mac file extensions
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
People
(Reporter: mmc, Assigned: francois)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 3 obsolete files)
|
2.01 KB,
patch
|
Details | Diff | Splinter Review | |
|
11.61 KB,
patch
|
mmc
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
file.MatchesExtension(FILE_PATH_LITERAL(".dmg")) ||
file.MatchesExtension(FILE_PATH_LITERAL(".pkg")) ||
file.MatchesExtension(FILE_PATH_LITERAL(".osx")) ||
file.MatchesExtension(FILE_PATH_LITERAL(".app")) ||
These are new since application reputation was written.
|
Reporter | |
Updated•10 years ago
|
Blocks: downloadprotection
|
|
Reporter | |
Comment 1•10 years ago
|
||
|
Assignee | |
Comment 2•10 years ago
|
||
|
|
Reporter | |
Comment 3•10 years ago
|
||
Comment on attachment 8584293 [details] [diff] [review]
Fix the generate_csd.sh script
Review of attachment 8584293 [details] [diff] [review]:
-----------------------------------------------------------------
See https://bugzilla.mozilla.org/show_bug.cgi?id=1024774#c99. Please coordinate with fitzgen.
Attachment #8584293 -
Flags: review?(mmc)
|
|
Assignee | |
Comment 4•10 years ago
|
||
Part 0 of fitzgen's patch will add the missing MAC_EXECUTABLE enum value.
Depends on: 1024774
|
|
Assignee | |
Comment 5•10 years ago
|
||
I probably won't push the script as part of this bug, but I want to keep an updated copy of it.
Attachment #8584293 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 6•10 years ago
|
||
Monica, I'm thinking of landing this now so that it can be in Fx39, and then adding the Mac extensions once fitzgen has updated protobuf. What do you think?
Flags: needinfo?(mmc)
Attachment #8585293 -
Flags: review?(mmc)
|
|
Assignee | |
Comment 7•10 years ago
|
||
|
|
Reporter | |
Comment 8•10 years ago
|
||
Comment on attachment 8585293 [details] [diff] [review]
Include the download_type when doing remote lookups
Review of attachment 8585293 [details] [diff] [review]:
-----------------------------------------------------------------
LG, but missing a change to test_app_rep_windows to update the size of the request.
Attachment #8585293 -
Flags: review?(mmc)
|
|
Reporter | |
Comment 9•10 years ago
|
||
39 is merging today but you can land this before https://bugzilla.mozilla.org/show_bug.cgi?id=1024774 if you want to get it out of your queue. Since you turned on remote lookups for Mac in 39 I think it would make sense to uplift the mac extensions changes to 39.
Flags: needinfo?(mmc)
|
|
Assignee | |
Comment 10•10 years ago
|
||
Attachment #8585293 -
Attachment is obsolete: true
Attachment #8585294 -
Attachment is obsolete: true
Attachment #8586566 -
Flags: review?(mmc)
|
|
Reporter | |
Comment 11•10 years ago
|
||
Comment on attachment 8586566 [details] [diff] [review]
Add download type and mac extensions
Review of attachment 8586566 [details] [diff] [review]:
-----------------------------------------------------------------
Great, thank you.
Attachment #8586566 -
Flags: review?(mmc) → review+
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8585277 -
Attachment description: Small improvements to fitzgen's script → Small improvements to fitzgen's script (DO NOT LAND)
|
|
Assignee | |
Comment 12•10 years ago
|
||
Keywords: checkin-needed
|
||
Comment 13•10 years ago
|
||
Flags: in-testsuite+
Keywords: checkin-needed
|
||
Comment 14•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox40:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
|
Assignee | |
Updated•10 years ago
|
QA Contact: mwobensmith
|
|
Assignee | |
Comment 15•10 years ago
|
||
Comment on attachment 8586566 [details] [diff] [review]
Add download type and mac extensions
Approval Request Comment
[Feature/regressing bug #]: 1138721
[User impact if declined]: The patch for 1111741 in Fx 39 added safebrowsing download lookups on Mac but without this follow-up patch, the Mac file types aren't checked.
[Describe test coverage new/current, TreeHerder]: https://treeherder.mozilla.org/#/jobs?repo=try&revision=67de6e8b2e7d
[Risks and why]: If Mac remote lookups are broken in 1111741 then this patch will amplify the problem.
[String/UUID change made/needed]: None
Attachment #8586566 -
Flags: approval-mozilla-aurora?
|
||
Comment 16•10 years ago
|
||
Comment on attachment 8586566 [details] [diff] [review]
Add download type and mac extensions
Approved for uplift to aurora.
Attachment #8586566 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 17•10 years ago
|
||
status-firefox39:
--- → fixed
|
|
Assignee | |
Updated•10 years ago
|
Target Milestone: mozilla40 → mozilla39
|
|
Assignee | |
Updated•10 years ago
|
|
|
Assignee | |
Comment 18•10 years ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: We now submit metadata about downloaded Mac binaries (e.g. .dmg) to the Google detection service
[Suggested wording]: The malware detection service for downloads now covers common Mac extensions
[Links (documentation, blog post, etc)]:
relnote-firefox:
--- → ?
Keywords: relnote
|
|
||
Updated•10 years ago
|
|
|
||
Comment 19•10 years ago
|
||
Changing wording to "file extensions" for clarity
|
|
||
Comment 20•10 years ago
|
||
"file types", even. "extensions" is the part confusing people.
You need to log in
before you can comment on or make changes to this bug.
Description
•