Add-ons/QA/Testplan/Reviewer Tools Updates

From MozillaWiki
Jump to: navigation, search

Revision History

Date Version Author Description
22/01/2018 1.0 Alexandra Gal-Moga Created first draft

Overview

  • Reviewer Tools are an essential part inside the whole Add-ons project since they have to capture all add-ons that are uploaded in AMO. Their main role is to provide a platform where reviewers can easily verify, prioritize and inspect add-ons that are sitting on the AMO domain, in order to make sure that the end-user gets a secure and positive experience from using Firefox add-ons. Until recently, Reviewer Tools have not been a top priority for visual and functional enhancement, but now, there is a list of changes to be applied which will gradually improve the tools functionality.


Goals

  • Create a unified Reviewer's dashboard available to all reviewer groups and provide ease of access to tools relevant to the group a user belongs to
  • Create specialized Reviewer groups with specific permission sets for better segregation. The proposed groups are:
    • Improve the value of user feedback channels (abuse reports, ratings on AMO) so they can be used to prioritize post-reviews.
    • Better expose developers to documentation on add-on policies and rules during the submission process.


Entry Criteria

  • QA has access to PRD and some mocks (found in bugs)
  • The feature has landed in -dev

Current Status

  • The feature is under development

Exit Criteria

  • All related bugs triaged
  • All blockers fixed
  • All resolved bugs verified by QA
  • Found-fixed bugs rate going down in time

Scope

what's in scope?

1. Deploy Auto-approval

  • WebExtensions will continue to be submitted through the regular flow, and a command will be run regularly (~every hour) to evaluate and auto-approve some of them, based on criteria defined in the linked PRD.

2. Implement post-review queue for auto-approved add-ons

  • Add-ons that are auto-approved will appear in the post-review queue from Reviewer Tools.
  • List will contain: add-on name and version number (linking to the corresponding review page), last review (time since last manual review - in days), Flags and Weight (sorted after weight)

3. Changes to Reviewer Tools

  • If the last review for an add-on was done manually or the user looking at the page doesn’t have the Addons:PostReview permission, show the current reviewer page.
  • If the last review for an add-on was automatic and the user looking at the page has the Addons:PostReview permission, show the reviewer page with the following changes:
  1. Display recent user ratings (3 stars of fewer) and abuse reports (for the add-on or the developers, if there are any reports), with links to the full lists, below the add-on metadata and right above “More about this add-on”.
  2. The "Confirm Approval" resolution should be available, and shouldn’t display the form for comments and canned responses. Instead, it should only show the Save button. Confirming doesn’t send any information to the developer or change its status. It only records it so the last manually-approved version is used to calculate the code changes compared to the latest version.
  3. Reject Multiple Versions - should allow the reviewer to select a range of versions to reject (disable) with a single review message.
  4. Reviewer reply - should work the same as with regular reviews. (combined with the possibility of a more info request checkbox option).
  5. Requesting super-review - should increase weight if the add-on wasn’t flagged for super-review before.
  6. Adding a comment - should work the same as with regular reviews.

4. Post-review prioritization

  • The post-review list will be sorted according to a weighted sum of the following risk factors:
  1. The add-on has the admin review flag.
  2. Flags raised by static validation after webextension submission: eval(), document.write(), setInterval/setTimeout (with a string, not a function), document.write, innerHTML, or a custom CSP;
  3. Size of code changed since last manual approval.
  4. User feedback obtained from abuse reports (for the add-on and the developers).
  5. User feedback obtained from ratings left on add-on listings.
  6. Add-on reputation, set by admin reviewers.
  7. Number of active users.
  8. Past rejection history.

Note: Add-on Reputation - is an admin-set override that helps rank down popular add-ons that are known to be high-quality and would generally rank higher due to code complexity and high volume of user feedback. This also includes add-ons developed by Mozilla. The reputation is an integer ranging between 0 and 3, that is set per-add-on, defaulting to 0.

5. Submission process updates

  • The submission flow will have the following changes:
  1. New submissions should show the new Distribution Agreement/Review Policy with links to MDN .
  2. The last submission step should indicate the add-on will be available soon and not refer to waiting for review.
  3. After submission, the uploaded version should be publicly available on AMO within 15 minutes (probably less time than that).
  4. Check that the add-on status is appropriately updated in the Developer Hub.
  5. Check that the add-on appears in the auto-approval list (requires the tester to have the Addons:PostReview permission).
  6. Check the add-ons and weights to verify they are being calculated correctly based on the spec.

6. Remove auto-approval restrictions

  • All WebExtension submissions will be post-reviewed after this point

what's out of scope?

  • Add-ons/Webextensions functionality

Risks

  • This is major change in the way we review add-ons. The security implications are significant, so getting security review and approval as early as possible will ensure this project won’t be delayed.
  • The current reviewer team is trained to use the pre-review system, and are more familiar with legacy APIs than WebExtensions.
  • A group of contractors is in process of being hired to help with WebExtension reviews, and they would be the first to handle the post-review process. Any delays in their on-boarding will lead to insufficient post-review staffing and higher security risk.

Ownership

Product Manager: Jorge Villalobos; irc nick :jorgev
QA Manager: Krupa Raj; irc nick :krupa
QA Lead: Victor Carciu; irc nick :victorc
Add-ons QA: Valentina Virlics; irc nick :ValentinaV

Requirements for testing

Environments

  • Windows
  • Mac OS

Servers

Channels

  • Release

Test Strategy

Test Execution Schedule

The following table identifies the anticipated testing period available for test execution.

Project phase Date
Start project 14.03.2017
Study PRD/mocks received 20.04.2017
QA - Test plan creation 20.06.2017
QA - Test cases preparation 01.08.2017
QA - Test cases execution 01.09.2017
Release Date 15.09.2017

Testing Tools

Process Tool
Test plan creation Mozilla wiki
Test case creation TestRail / Google doc
Test case execution TestRail
Bugs management Github

References

Testcases

Test Areas

  • Review of extensions

Test suite

Full Test Suite.

Bug Work

Bug fix verification

Sign off

Criteria

Check list

  • All test cases should be executed
  • All blockers must be fixed and verified or have an agreed-upon timeline for being fixed