Closed Bug 608881 Opened 15 years ago Closed 15 years ago

Add-on validator should not output warnings for the Jetpack SDK core

Categories

(addons.mozilla.org Graveyard :: Developer Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Developer Pages
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 563522

People

(Reporter: ehsan.akhgari, Unassigned)

Details

When uploading add-ons built with the jetpack SDK, I get the following validation result: General results Back to Top All tests passed. Show passes L10n results Back to Top No test results found. Security results Back to Top Unsafe JavaScript Tests [help] bootstrap.js (69) : Matched Pattern: "/mozIJSSubScriptLoader/" var loader = Cc["@mozilla.org/moz/jssubscript-loader;1"] .getService(Ci.mozIJSSubScriptLoader); loader.loadSubScript(path, harness); bootstrap.js (92) : Matched Pattern: "/wrappedJSObject/" var harnessService = factory.createInstance(null, Ci.nsISupports); harnessService = harnessService.wrappedJSObject; components/harness.js (281) : Matched Pattern: "/wrappedJSObject/" function HarnessService() { this.wrappedJSObject = this; } Show 42 more results Unsafe Settings Tests [help] resources/jid0-qbniplfdfa4lpdrjhac6vbqn20q-jetpack-core-lib/localization.js (54) : Matched Pattern: "/general\.useragent/" // common pool service object let locale = prefs.get("general.useragent.locale", "en-US"); let programID = require('self').id; Remote JavaScript Tests [help] Remote JavaScript Tests Common Library Checksum Tests [help] Common Library Checksum Tests Flagged Code Snippets [help] Flagged Code Snippets [help] Extension-specific security results Back to Top All tests passed. Show passes None of these warnings are from code that I've wrote myself, and they're not useful. We shouldn't be showing these warnings to users.
We have the ability to verify hashes (eg. someone includes a minified jquery, we can verify that's what it is), but the addon-sdk is a subdirectory of files. Judging from what's pasted here, I'll assume we won't be able to clean up the code to avoid these warnings. Basta, is there a good way to whitelist a directory without making it easy to hide malicious stuff in it? Otherwise we might have to checksum the whole thing. :-/
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Commenting on 563522
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.