Closed Bug 720196 Opened 14 years ago Closed 1 year ago

Flag use of nsITelemetry.registerAddonHistogram() and related addon telemetry APIs

Categories

(addons.mozilla.org Graveyard :: Add-on Validation, defect, P4)

Product:
addons.mozilla.org Graveyard
Component:
Add-on Validation
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: Unfocused, Unassigned)

References

Details

(Whiteboard: [ReviewTeam])

Bug 715927 will make telemetry support histograms associated with addons. Bug 717046 will make it so addons can register these histograms automatically via chrome.manifest. However, bug 715927 adds an API, nsITelemetry.registerAddonHistogram(), which addons can use to register telemetry histograms manually. Usage will be like: var telemetry = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry); telemetry.registerAddonHistogram(addonID, histrogramName, min, max, count, type); Potentially, addons can register histograms for *other* addons using this API. There may be a legitimate reason to do this, but in general addons should be doing it via chrome.manifest. But if they want to use the API, they normally should only be registering/using histograms for their own addon ID. Similarly, they could mess with data associated with *other* addons using the following APIs: telemetry.getAddonHistogram(addonID, histrogramName); telemetry.unregisterAddonHistograms(addonID); So I'd like to get usage of those APIs flagged, in order to check that addons aren't messing with telemetry data associated with other addons.
Er, I should note getAddonHistogram() will have to be used by any addon that wants to use telemetry. It's only unexpected when addons pass in an addon ID other than their own.
There's currently no way for us to differentiate which add-on ID is being passed in the vast majority of cases. All uses of getAddonHistogram/unregisterAddonHistograms would need to be flagged.
(In reply to Matt Basta [:basta] from comment #2) > There's currently no way for us to differentiate which add-on ID is being > passed in the vast majority of cases. All uses of > getAddonHistogram/unregisterAddonHistograms would need to be flagged. I don't think we should worry too much about getAddonHistogram. Looking at register/unregister is sufficient for now to spot misbehaving addons
Priority: -- → P4
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Whiteboard: [ReviewTeam]
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.