1237856 - Create new pref to enable/ignore certain Application Reputation verdicts

Status: RESOLVED FIXED

(Toolkit :: Safe Browsing, defect, P1)

Description

[François Marier [:francois]]

In order to allow users to choose which verdicts they would like to ignore, we should add a new pref that would initially be set to:

  browser.safebrowsing.apprep.badVerdicts = "DANGEROUS,DANGEROUS_HOST"

and then eventually it would contain these as well:

  UNCOMMON
  POTENTIALLY_UNWANTED

Comment 1

[Tony Mechelynck [:tonymec]]

A comma-separated string pref, or an integer pref (enumerated? bitwise?) or a collection of boolean prefs? For an example of the latter, filter about:config on security.warn_

Comment 2

[François Marier [:francois]]

(In reply to Tony Mechelynck [:tonymec] from comment #1)
> For an example of the latter, filter about:config on security.warn_

If I look on Nightly (Linux), I don't see any prefs that start with "security.warn_". In fact, the only pref that shows up when I filter for "warn_" is "accessibility.warn_on_browsewithcaret". Are they platform-specific or are they hidden prefs?

Comment 3

[Tony Mechelynck [:tonymec]]

(In reply to François Marier [:francois] from comment #2)
> (In reply to Tony Mechelynck [:tonymec] from comment #1)
> > For an example of the latter, filter about:config on security.warn_
> 
> If I look on Nightly (Linux), I don't see any prefs that start with
> "security.warn_". In fact, the only pref that shows up when I filter for
> "warn_" is "accessibility.warn_on_browsewithcaret". Are they
> platform-specific or are they hidden prefs?

Are they SeaMonkey-specific then? If they are, I didn't know it. Here are the ones I see in the about:config for the following build:

UA:"Mozilla/5.0 (X11; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0 SeaMonkey/2.43a1"
ID:20160109003001 en-US
c-c:4f4f6a3674c9e16efacf62fd8963c8be5a31b07c
m-c:0f363ae95dc90d593394ef464aa500804c824962

security.warn_entering_secure        default   boolean   false
security.warn_leaving_secure         default   boolean   false
security.warn_mixed_active_content   default   boolean   true
security.warn_mixed_display_content  default   boolean   true
security.warn_submit_insecure        default   boolean   false
security.warn_viewing_mixed          default   boolean   false

Then I see the same prefs with names prefixed with "services.sync.prefs.sync." which I suppose are used by SeaMonkey Sync, the SeaMonkey variant of Firefox Sync by which it is (or used to be) possible to sync prefs between Firefox and SeaMonkey; they all default to true.

If they were hidden, I wouldn't see them except as "user set" which is not the case.

They look like platform-agnostic but they might be obsolete on Firefox. I'm almost certain that at one time there was a UI for at least some of them in the SeaMonkey "Edit → Preferences" dialog, but I cannot find it back.

Comment 4

[François Marier [:francois]]

Attachment: bug1237856.patch

Comment 5

[Gian-Carlo Pascutto [:gcp]]

Comment on attachment 8714855 [details] [diff] [review]
bug1237856.patch

Review of attachment 8714855 [details] [diff] [review]:
-----------------------------------------------------------------

::: b2g/app/b2g.js
@@ +357,5 @@
>  pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
> +pref("browser.safebrowsing.downloads.remote.block_dangerous",            true);
> +pref("browser.safebrowsing.downloads.remote.block_dangerous_host",       true);
> +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
> +pref("browser.safebrowsing.downloads.remote.block_uncommon",             false);

The advantage of a list of booleans over a comma separated list is discoverability.

Comment 6

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/0df08c348657

Comment 7

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/0df08c348657