Closed
Bug 444136
Opened 16 years ago
Closed 15 years ago
Create framework to automatically scan add-ons for bad patterns
Categories
(addons.mozilla.org Graveyard :: Administration, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
5.0.9
People
(Reporter: fligtar, Assigned: rjwalsh)
References
Details
Attachments
(1 file)
310.75 KB,
image/png
|
Details |
Did this last summer and we should do it again. Grep all xpis for updateURL and extensions.update.url and contact any authors for hits. updateURLs may have been introduced from bug 443791 and we don't check for extensions.update.url on upload.
Comment 1•16 years ago
|
||
We should automate this. Justin, could you spend some time later this quarter planning a security and code scanning framework? I've seen quite a few of these bugs.
Comment 2•16 years ago
|
||
This is now a tracking bug for the scanning tool/framework. We should work on requirements so we can start work on this in Q1 2009.
Assignee: nobody → fligtar
Summary: grep add-ons for updateURLs → Create framework to automatically scan add-ons for bad patterns
Updated•16 years ago
|
Target Milestone: 5.0.2 → Future
Comment 4•15 years ago
|
||
Evolving spec is here: http://docs.google.com/Doc?id=dcfr9qrp_1c2pgcsfh
Updated•15 years ago
|
Assignee: fligtar → nobody
Comment 5•15 years ago
|
||
This is practically a dupe of bug 371210 but I'll leave it open for now. They both depend on each other though and the other bug has more discussion, specs, and a mockup.
Assignee: nobody → rjbuild1088
Depends on: 371210
Assignee | ||
Updated•15 years ago
|
Target Milestone: Future → 5.0.9
Comment 6•15 years ago
|
||
Framework is in, initial tests are in. We can improve as we go along in other bugs.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 7•15 years ago
|
||
Only one example of a potentially bad pattern, but there are others I've found, just haven't attached here.
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•