Run fake bulk validation to detect SDK add-ons that will break with the 1.4 update

RESOLVED FIXED in 6.4.0

Status

P4
normal
RESOLVED FIXED
7 years ago
3 years ago

People

(Reporter: jorgev, Assigned: basta)

Tracking

unspecified
6.4.0

Details

(URL)

(Reporter)

Description

7 years ago
SDK-based add-ons that hard-code absolute paths to files in their packages will break with the 1.4 update, due to changes in the way files are handled. More details here: https://wiki.mozilla.org/Labs/Jetpack/Release_Notes/1.4#Known_Issues

The Jetpack team want to identify these add-ons so that their developers can be contacted about it. What we need is a validator compatibility test that detects these cases and generates an error. Then we can run a fake Firefox 11 bump where only the developers with failing cases will be contacted. We would need to later remove this test when the real Firefox 11 validation is run.

The error message can be something like "This add-on references absolute resource URIs, which will break in the 1.4 SDK". Jeff should be able to provide an example of an add-on that wouldn't pass this test.
(Assignee)

Comment 1

7 years ago
How should this be detected? From the link, I'd say we should flag any JavaScript string literals and xul/html/xml elements with src/href attributes that start with "resource://" in Jetpack add-ons. Does this sound reasonable?
Matt: a slightly more refined pattern would be:

/\"resource:\/\/[\w\-]+?\-data\//

eg, all uris would *also* include the string '-data/' in the string, as the files being referenced are all contained in the 'data' directory of the Addon.

It would also be great if the script would ignore the addon-kit and api-utils directories in a given addon as these will produce some false positives.
(Assignee)

Comment 3

7 years ago
(In reply to Jeff Griffiths from comment #2)
> It would also be great if the script would ignore the addon-kit and
> api-utils directories in a given addon as these will produce some false
> positives.

Can you give an example of one of these URIs?
How many add-ons are we talking about?  Will MXR not work for this?
(Reporter)

Comment 5

7 years ago
(In reply to Wil Clouser [:clouserw] from comment #4)
> How many add-ons are we talking about?  Will MXR not work for this?

We tried using MXR, but it wasn't sufficient since there are too many matches coming from SDK library files and its regex features are very limited.
Here are two static uris that are generated using SDK 1.3:

resource://jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-copy-shorturl-data/js/find-short-url.js

resource://jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-copy-shorturl-data/img/ruler.png

We would want to find string literals like this in JavaScript and html files in addons. When scanning a given addon if possible it would be good to skip the directories in the addon that store the SDK's own libraries, for example given an addon with an id 'jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack'...

Scan inside these directories:

resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-copy-shorturl-lib/
resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-copy-shorturl-data/

DO NOT scan into these directories:

resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-api-utils-lib/
resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-api-utils-data/

resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-addon-kit-lib/
resources/jid0-odikjs9b4it3h1nylpkr0ndtlue-at-jetpack-addon-kit-data/
https://addons.mozilla.org/en-US/firefox/addon/read-later-fast/(In reply to Matt Basta from comment #3)
> (In reply to Jeff Griffiths from comment #2)
> > It would also be great if the script would ignore the addon-kit and
> > api-utils directories in a given addon as these will produce some false
> > positives.
> 
> Can you give an example of one of these URIs?

resources/jid0-ayilkqe9scrtfyorhwez2iaxcro-api-utils-lib/self.js

[https://mxr.mozilla.org/addons/source/303585/]
(Assignee)

Comment 8

7 years ago
> DO NOT scan into these directories:

Keep in mind that we currently don't scan any files in an add-on if it matches a hash from a file in the SDK.
Leveraging the bulk validation for this is kind of scary and not particularly related.  We should just make a command that selects the right add-ons, runs validation on them, and prints the output.

I'm assigning to mbasta for the logic in the validator for now.
Assignee: nobody → mattbasta
Priority: P2 → P3
Target Milestone: 6.3.8 → 6.3.9
Priority: P3 → P4
Target Milestone: 6.3.9 → 6.4.0
(Assignee)

Comment 10

7 years ago
Done

https://github.com/mozilla/amo-validator/pull/118

So here's how this works: any Jetpack add-on that contains the issue in this bug will throw a compatibility error, even if no versions to test for compatibility have been selected. This means that a bare compatibility run (with no "forced" version, like we'd use to test for compatibility with Firefox) will yield all add-ons that aren't compatible with the SDK 1.4.

If this is going to muck with things, I can get rid of the compatibility error and the error can be detected by iterating the messages like this:

any(m["id"][-1] == "jetpack_abs_uri" for m in messages)
(Assignee)

Comment 11

7 years ago
Merged:

https://github.com/mattbasta/amo-validator/commit/fb2c57b9d63f8becdaa155ce592fc8cfe9cd4bb9
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.