Closed Bug 1141653 Opened 5 years ago Closed 4 years ago

Get Google to add http://itisatrap.org/firefox/its-a-trap.html and http://itisatrap.org/firefox/its-an-attack.html to their phishing and malware lists

Categories

(Toolkit :: Safe Browsing, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: mmc, Unassigned)

Details

It would be great to get rid of addMozEntries https://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/SafeBrowsing.jsm#199 and just have Google add our test pages to their safebrowsing tables, so that visiting the test pages is a true end-to-end test.

I notice they support their own test pages off of

http://testsafebrowsing.appspot.com/
Assignee: nobody → francois
Status: NEW → ASSIGNED
Sounds like it's too hard to do on Google's end.
Assignee: francois → nobody
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
>http://testsafebrowsing.appspot.com/

Huh, I never knew about this!

This sounds like it might be useful to know about in the various QA test plans around SafeBrowsing. Do these get sent in the very first update you get from the server? (I would think so because otherwise it's hard to use, but let's make sure)

If they are, we should file a bug and have hskupin or someone else investigate if we can add this to our mozmill (or similar) tests.
Flags: needinfo?(francois)
I'm not sure if they get sent right away, but I think Monica was saying that they're not 100% reliable, which could be annoying if we were to use them in our automated tests.
Flags: needinfo?(francois)
On my machine they worked around half the time yesterday, for example.
Google just said they will add our test URLs (including the new http://itisatrap.org/firefox/unwanted.html) to their list this week.

Once we've checked how reliable these listings are, we can think about dropping the test-*-simple tables.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
This works for http://itisatrap.org/firefox/unwanted.html and http://itisatrap.org/firefox/its-an-attack.html (tested in Chromium). For some reason, our fake phishing URL isn't blocked.

However, we need to keep test-*-simple lists in order to avoid relying on the network for some of our automated tests.
Status: REOPENED → RESOLVED
Closed: 5 years ago4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.