Closed Bug 946429 Opened 11 years ago Closed 11 years ago

Dedicated permission to see exploitability for Flash related crashes

Categories

(Socorro :: Webapp, task)

task
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: peterbe, Assigned: peterbe)

Details

(Whiteboard: [qa+])

Attachments

(1 file)

44 bytes, text/x-github-pull-request
Details | Review
On the signature summary, the "Exploitability:" section currently appears or does not appear depending on the `crashstats.view_exploitability` permission (aka "View Exploitability Results"). 

We need to add a new permission for "View Exploitability Flash Crashes" (good name?) that, if the "Flash™ Version:" (again, on the signature summary page) contains versions of Flash.
Kairo, any good suggestions for a first group name for this? I'm thinking "Flash Hackers" for now.
Assignee: nobody → peterbe
Status: NEW → ASSIGNED
To be clear, a signature summary where this Flash Exploitability permission is applicable is one where there is no "[blank]" version in the "Flash™ Version:" section. 
E.g. https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=F_855855466_____________________&version=Firefox%3A25.0.1
Ideally, I'd be happy with "if [blank] is <1% for that signature summary" so that something like https://crash-stats.mozilla.com/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=hang+|+SizeofResource&version=Firefox%3A25.0.1 is included, but I think the really interesting cases to Adobe developers will be those that have F* signatures and never have [blank] there.
Oh, and just so I don't forget, we should enable both the exploitability on the Signature summary (report/list) as well as the exploitability rating on single crashes (report/index) with this permission (both only for Flash crashes, of course).
Attached file Github PR
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #4)
> Oh, and just so I don't forget, we should enable both the exploitability on
> the Signature summary (report/list) as well as the exploitability rating on
> single crashes (report/index) with this permission (both only for Flash
> crashes, of course).

Noted that in bug 942272 as we regressed that display in report/index and first need to make it work again.
Commit pushed to master at https://github.com/mozilla/socorro

https://github.com/mozilla/socorro/commit/78a5ac299e4679dc10f702398eaf0765b2da59be
fixes bug 946429 - Dedicated permission to see exploitability for Flash related crashes, r=adrian
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 69
Steps to reproduce:

1. Sign in as someone who HAS the "View Flash Exploitability Results" but does NOT have the "View Exploitability Results" permission (best way to achieve this would be to sign in as a superuser in one browser and as a different user in another)

2. Find a crash signature that has ONLY Flash versions (see Comment 2). 
Expect to see the "Exploitability: " section at the bottom of the Signature Summary. 

3. Find a crash signature that HAS a version called "[blank]" (see Comment 3) 
Expect to NOT see the "Exploitability: " section at the bottom of the Signature Summary.
Whiteboard: qa+
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: qa+ → [qa+]
:peterbe:

1) stephen.donner@gmail.com has none of the 4 permissions, so granting that user "View Flash Exploitability Results" would be awesome, if you would
2) sdonner@mozilla.com has everything /*but*/ "View Flash Exploitability Results"
Thx, Peter!

Verified FIXED:

1) I blessed stephen.donner@gmail.com to only have "View Flash Exploitability" results, and when logged out, that user wasn't able to see the "Exploitability:" section
2) As soon as I logged in on staging with that user and viewed https://crash-stats.allizom.org/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=F_855855466_____________________&version=Firefox%3A25.0.1 again, I can now see it just fine
3) And, on https://crash-stats.allizom.org/report/list?product=Firefox&range_value=7&range_unit=days&date=2013-12-04&signature=hang+|+SizeofResource&version=Firefox%3A25.0.1 -- again when logged in with stephen.donner@gmail.com with "View Flash Exploitability," bit set, I don't see any "Exploitability:" section, because, as in comment 8, #3, that's not expected to show up when "[blank]" appears.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: