Closed Bug 1397546 Opened 2 years ago Closed 9 months ago
Allow Application Reputation lookups when the blacklist/whitelist is missing
Bug 1397546 - Allow Application Reputation lookups when the blacklist/whitelist is missing. r?francois
47 bytes, text/x-phabricator-request
|Details | Review|
Currently, we disable remote Application Reputation lookups if either the blacklist or whitelist are empty: https://searchfox.org/mozilla-central/rev/67f38de2443e6b613d874fcf4d2cd1f2fc3d5e97/toolkit/components/downloads/ApplicationReputation.cpp#1266-1287 Chrome, on the other hand will happily do it even if the whitelist is not available: https://cs.chromium.org/chromium/src/components/safe_browsing_db/v4_local_database_manager.cc?l=417&rcl=bd5b0a0372ff4d793715cda5269b9d5c7f806b2e That's a safer default.
Assignee: nobody → dlee
Status: NEW → ASSIGNED
I confirmed that the latest Chromium source code did what francois mentioned in the bug description. I'll provide the patch later, since this may impact the server, we will check with Google before landing the patch.
Before landing this patch, download protection doesn't trigger a remote lookup when blocklist or allowlist is empty. After landing this patch, download protection triggers a remote lookup regardless if blocklist or allowlist is empty. This is safer default behavior in download protection.
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/b7e40bdc132e Allow Application Reputation lookups when the blacklist/whitelist is missing. r=francois
You need to log in before you can comment on or make changes to this bug.