Closed Bug 1291024 Opened 8 years ago Closed 8 years ago

Intermittent toolkit/components/url-classifier/tests/mochitest/test_gethash.html | Should not import bad css - didn't expect "hidden", but got it

Categories

(Toolkit :: Safe Browsing, defect, P1)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox50 --- fixed
firefox51 --- fixed

People

(Reporter: RyanVM, Assigned: dlee)

References

Details

(Keywords: intermittent-failure, Whiteboard: #sbv4-m1)

Attachments

(2 files)

Patch
4.00 KB, patch
hchang
: feedback+
Details | Diff | Splinter Review
Bug 1291024 - Avoid caching safebrowsing testcase resources.
58 bytes, text/x-review-board-request
francois
: review+
Details 
Dimi, is this bug related to bug 1289028?
Are we working on this?
Flags: needinfo?(dlee)
(In reply to Ethan Tseng [:ethan] from comment #3)
> Dimi, is this bug related to bug 1289028?
> Are we working on this?

No, that's different.
I will check this one.
Assignee: nobody → dlee
Status: NEW → ASSIGNED
Flags: needinfo?(dlee)
Priority: -- → P2
Whiteboard: #sbv4-m1
Attached patch PatchSplinter Review 
Some testcase share same html file including the resources html load.
Caching cause load bypass classifier check
Attachment #8783463 - Flags: review?(hchang)
Comment on attachment 8783463 [details] [diff] [review]
Patch

Review of attachment 8783463 [details] [diff] [review]:
-----------------------------------------------------------------

Everything makes sense to me :) I only wonder if the network predictor is potentially conflicting to safe browsing.

Thanks!

::: toolkit/components/url-classifier/tests/mochitest/test_gethash.html
@@ +141,5 @@
>  
>  SimpleTest.waitForExplicitFinish();
> +
> +// 'network.predictor.enabled' is disabled because it may cause
> +// we load cached resouce(evil.js, evil.css, bad.css) and bypass classifier check

Does it mean the network predictor feature is unsafe?
Attachment #8783463 - Flags: review?(hchang) → feedback+
Priority: P2 → P1
(In reply to Henry Chang [:henry][:hchang] from comment #6)
> Comment on attachment 8783463 [details] [diff] [review]
> Patch
> 
> Review of attachment 8783463 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> Everything makes sense to me :) I only wonder if the network predictor is
> potentially conflicting to safe browsing.
> 
> Thanks!
> 
> ::: toolkit/components/url-classifier/tests/mochitest/test_gethash.html
> @@ +141,5 @@
> >  
> >  SimpleTest.waitForExplicitFinish();
> > +
> > +// 'network.predictor.enabled' is disabled because it may cause
> > +// we load cached resouce(evil.js, evil.css, bad.css) and bypass classifier check
> 
> Does it mean the network predictor feature is unsafe?

Not exactly, in this case both cache and network predictor requires successful connection to resource.
If we always block the malware url, then network predictor won't take affect.

The evil.js ...etc will be loaded because in the following testcase we want to test gethash failure.
https://dxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/tests/mochitest/test_gethash.html#131
Comment on attachment 8783852 [details]
Bug 1291024 - Avoid caching safebrowsing testcase resources.

https://reviewboard.mozilla.org/r/73520/#review71578
Attachment #8783852 - Flags: review?(francois) → review+
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/c857c69bd739
Avoid caching safebrowsing testcase resources. r=francois
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/c857c69bd739
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox51: affectedfixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: