Closed Bug 782330 Opened 8 years ago Closed 8 years ago

Whine emails show the summary of security sensitive bugs

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: ehsan, Assigned: dkl)

References

Details

Attachments

(1 file)

Thee emails are not encrypted, so third-parties could read the summary of those emails by intercepting them.
Component: General → Extensions: SecureMail
OS: Mac OS X → All
Hardware: x86 → All
Question: Should we encrypt the whole email if one or more of the bugs list is a secure bug and leave the summary and other bug attributes intact, or should we create a hook and go through each list of bugs returned and remove the summary other information and leave a sanitized version of the summary in its place?

Number 1 would analyze the email bodies for bug ids, and then if one or more is secure, then encrypt the entire multipart message. Slightly less maintainable if the whine templates change slightly.

Number 2 could be done fairly simply by adding a hook into whine.pl that SecureMail could use that looks through the bug list before it is sent to the mail templates. Then we would just replace the summary for the secure bugs with a sanitized subject and leave the email unencrypted. 

Preferences? I tend to lean towards number 2 although we would need to push the hook upstream as well whereas number 1 could be done entirely in SecureMail extension.

dkl
I don't really have a strong preference either way, so I'll leave this for you to decide.  :-)
I'd prefer number 2. If we encrypt the whole email, that's just another barrier to people reading and acting on it :-)

Gerv
Ok. Will work on a patch for #2.
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Comment on attachment 651821 [details] [diff] [review]
Patch to filter secure bug data in whine emails (v1)

Looks good to me. Did you test it?

Gerv
Attachment #651821 - Flags: review?(gerv) → review+
(In reply to Gervase Markham [:gerv] from comment #6)
> Looks good to me. Did you test it?
> 
> Gerv

Of course :) Well in that I created two bugs, one secure and one not. Then created a saved search that included those two bug ids. Then scheduled a new whine that used that saved search as the query and sent it to myself. When viewing the data/mailer.testfile, I observed that the secure bug had all attributes scrubbed and the summary stated (Secure bug) while the insecure bug was untouched. It all seemed correct to me.

dkl
(In reply to comment #7)
> (In reply to Gervase Markham [:gerv] from comment #6)
> > Looks good to me. Did you test it?
> > 
> > Gerv
> 
> Of course :) Well in that I created two bugs, one secure and one not. Then
> created a saved search that included those two bug ids. Then scheduled a new
> whine that used that saved search as the query and sent it to myself. When
> viewing the data/mailer.testfile, I observed that the secure bug had all
> attributes scrubbed and the summary stated (Secure bug) while the insecure bug
> was untouched. It all seemed correct to me.

FWIW this scenatio matches mine almost perfectly.
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0
modified whine.pl
modified extensions/SecureMail/Extension.pm
Committed revision 8275.

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2  
modified whine.pl
modified extensions/SecureMail/Extension.pm                                    
Committed revision 8299.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Can we make sure this hook gets pushed upstream?
(In reply to Reed Loden [:reed] from comment #10)
> Can we make sure this hook gets pushed upstream?

Yep. Was getting ready to file the bug :)

dkl
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Depends on: 783325
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Reed Loden [:reed] from comment #10)
> > Can we make sure this hook gets pushed upstream?
> 
> Yep. Was getting ready to file the bug :)
> 
> dkl

bug 783107
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
(In reply to comment #2)
> I don't really have a strong preference either way, so I'll leave this for you
> to decide.  :-)

Actually with this deployed, I changed my mind.  It would be really good if those emails can be encrypted.  Without that, my security bug whines have turned pretty useless. :(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Blocks: 784578
since this has been deployed, i've filed a bug 784578 for your request (we can't track to different requests on the same bug).
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
(In reply to comment #14)
> since this has been deployed, i've filed a bug 784578 for your request (we
> can't track to different requests on the same bug).

Sounds good, thanks!
Component: Extensions: SecureMail → Extensions
You need to log in before you can comment on or make changes to this bug.