Closed
Bug 946429
Opened 11 years ago
Closed 11 years ago
Dedicated permission to see exploitability for Flash related crashes
Categories
(Socorro :: Webapp, task)
Socorro
Webapp
Tracking
(Not tracked)
VERIFIED
FIXED
69
People
(Reporter: peterbe, Assigned: peterbe)
Details
(Whiteboard: [qa+])
Attachments
(1 file)
On the signature summary, the "Exploitability:" section currently appears or does not appear depending on the `crashstats.view_exploitability` permission (aka "View Exploitability Results").
We need to add a new permission for "View Exploitability Flash Crashes" (good name?) that, if the "Flash™ Version:" (again, on the signature summary page) contains versions of Flash.
Assignee | ||
Comment 1•11 years ago
|
||
Kairo, any good suggestions for a first group name for this? I'm thinking "Flash Hackers" for now.
Assignee: nobody → peterbe
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•11 years ago
|
||
To be clear, a signature summary where this Flash Exploitability permission is applicable is one where there is no "[blank]" version in the "Flash™ Version:" section.
E.g. https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=F_855855466_____________________&version=Firefox%3A25.0.1
Comment 3•11 years ago
|
||
Ideally, I'd be happy with "if [blank] is <1% for that signature summary" so that something like https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=hang+|+SizeofResource&version=Firefox%3A25.0.1 is included, but I think the really interesting cases to Adobe developers will be those that have F* signatures and never have [blank] there.
Comment 4•11 years ago
|
||
Oh, and just so I don't forget, we should enable both the exploitability on the Signature summary (report/list) as well as the exploitability rating on single crashes (report/index) with this permission (both only for Flash crashes, of course).
Assignee | ||
Comment 5•11 years ago
|
||
Comment 6•11 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #4)
> Oh, and just so I don't forget, we should enable both the exploitability on
> the Signature summary (report/list) as well as the exploitability rating on
> single crashes (report/index) with this permission (both only for Flash
> crashes, of course).
Noted that in bug 942272 as we regressed that display in report/index and first need to make it work again.
Comment 7•11 years ago
|
||
Commit pushed to master at https://github.com/mozilla/socorro
https://github.com/mozilla/socorro/commit/78a5ac299e4679dc10f702398eaf0765b2da59be
fixes bug 946429 - Dedicated permission to see exploitability for Flash related crashes, r=adrian
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Target Milestone: --- → 69
Assignee | ||
Comment 8•11 years ago
|
||
Steps to reproduce:
1. Sign in as someone who HAS the "View Flash Exploitability Results" but does NOT have the "View Exploitability Results" permission (best way to achieve this would be to sign in as a superuser in one browser and as a different user in another)
2. Find a crash signature that has ONLY Flash versions (see Comment 2).
Expect to see the "Exploitability: " section at the bottom of the Signature Summary.
3. Find a crash signature that HAS a version called "[blank]" (see Comment 3)
Expect to NOT see the "Exploitability: " section at the bottom of the Signature Summary.
Whiteboard: qa+
Updated•11 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: qa+ → [qa+]
Comment 9•11 years ago
|
||
:peterbe:
1) stephen.donner@gmail.com has none of the 4 permissions, so granting that user "View Flash Exploitability Results" would be awesome, if you would
2) sdonner@mozilla.com has everything /*but*/ "View Flash Exploitability Results"
Thx, Peter!
Verified FIXED:
1) I blessed stephen.donner@gmail.com to only have "View Flash Exploitability" results, and when logged out, that user wasn't able to see the "Exploitability:" section
2) As soon as I logged in on staging with that user and viewed https://crash-stats.allizom.org/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=F_855855466_____________________&version=Firefox%3A25.0.1 again, I can now see it just fine
3) And, on https://crash-stats.allizom.org/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=hang+|+SizeofResource&version=Firefox%3A25.0.1 -- again when logged in with stephen.donner@gmail.com with "View Flash Exploitability," bit set, I don't see any "Exploitability:" section, because, as in comment 8, #3, that's not expected to show up when "[blank]" appears.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•