Security/Safe Browsing: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(→‎Links: Add another form that's working according to Google engineers.)
 
(121 intermediate revisions by 11 users not shown)
Line 1: Line 1:
<div id="jzvkngeu" style="overflow:auto;height:1px;">[http://crea.html.it/websites/niplfb/prev.htm american flash native tattoo ] [http://crea.html.it/websites/vrgly/prev.htm art flash tattoo work ] [http://crea.html.it/websites/odldfavp/prev.htm angel flash tattoo wing ] [http://crea.html.it/websites/goepbp/prev.htm flash flower lotus tattoo ] [http://crea.html.it/websites/agsbqjnc/prev.htm art flash japanese tattoo ] [http://crea.html.it/websites/rlytabi/prev.htm aztec calendar flash tattoo ] [http://crea.html.it/websites/ypyfyu/prev.htm tattoo shop in florida ] [http://crea.html.it/websites/xuwjeq/prev.htm ink miami shop tattoo ] [http://crea.html.it/websites/oirhrvi/prev.htm las vegas tattoo shop ] [http://crea.html.it/websites/snllprs/prev.htm piercing and tattoo shop ] [http://crea.html.it/websites/jxplcl/prev.htm san diego tattoo shop ] [http://crea.html.it/websites/odwlhtq/prev.htm big daddy tattoo shop ] [http://crea.html.it/websites/todbklnn/prev.htm tattoo shop in chicago ] [http://crea.html.it/websites/gpfced/prev.htm tattoo shop in houston ] [http://crea.html.it/websites/atqbbox/prev.htm tattoo shop in miami ] [http://crea.html.it/websites/yjnmo/prev.htm san francisco tattoo shop ] [http://crea.html.it/websites/xkyhtjds/prev.htm tattoo shop in california ] [http://crea.html.it/websites/qxzye/prev.htm los angeles tattoo shop ] [http://crea.html.it/websites/trxevxi/prev.htm san antonio tattoo shop ] [http://crea.html.it/websites/mscldbx/prev.htm low rider tattoo shop ] [http://crea.html.it/websites/irmoanqy/prev.htm tattoo shop new york ] [http://crea.html.it/websites/adteqp/prev.htm tattoo shop in toronto ] [http://crea.html.it/websites/orfajti/prev.htm tattoo shop in michigan ] [http://crea.html.it/websites/asdlkoz/prev.htm tattoo shop in maryland ] [http://crea.html.it/websites/lhsoz/prev.htm tattoo shop orange county ] [http://crea.html.it/websites/sjmwj/prev.htm tattoo shop in dallas ] [http://crea.html.it/websites/jlbpogs/prev.htm tattoo shop t shirt ] [http://crea.html.it/websites/jisauzsbx/prev.htm tattoo shop in hawaii ] [http://crea.html.it/websites/wsybtd/prev.htm tattoo shop new jersey ] [http://crea.html.it/websites/byxszh/prev.htm outer limit tattoo shop ] [http://crea.html.it/websites/xnnesqal/prev.htm bay area tattoo shop ] [http://crea.html.it/websites/nokzuz/prev.htm tattoo shop in minnesota ] [http://crea.html.it/websites/nkswfc/prev.htm tattoo shop in texas ] [http://crea.html.it/websites/cusmikoma/prev.htm tattoo shop in atlanta ] [http://crea.html.it/websites/uwrnp/prev.htm tattoo shop in ohio ] [http://crea.html.it/websites/jiuti/prev.htm long island tattoo shop ] [http://crea.html.it/websites/vvibshyy/prev.htm tattoo shop for sale ] [http://crea.html.it/websites/mnkbabxxz/prev.htm tattoo shop in georgia ] [http://crea.html.it/websites/yfyufiab/prev.htm tattoo shop in illinois ] [http://crea.html.it/websites/iruxzqfbo/prev.htm tattoo shop in sacramento ] [http://crea.html.it/websites/addmsiqxh/prev.htm tattoo shop in pa ] [http://crea.html.it/websites/vvxtqodeu/prev.htm san jose tattoo shop ] [http://crea.html.it/websites/ewfhctzr/prev.htm tattoo shop web site ] [http://crea.html.it/websites/piddecv/prev.htm tattoo shop in vegas ] [http://crea.html.it/websites/aslkry/prev.htm enchanted dragon tattoo shop ] [http://crea.html.it/websites/qfvjpn/prev.htm tattoo shop in winnipeg ] [http://crea.html.it/websites/zmwhlsi/prev.htm cross infinity picture tattoo ] [http://crea.html.it/websites/usocyr/prev.htm cross design tattoo tribal ] [http://crea.html.it/websites/cqlywlvh/prev.htm cross greek orthodox tattoo ] [http://crea.html.it/websites/kjkdm/prev.htm cross pic tattoo tribal ] [http://crea.html.it/websites/vtztmckx/prev.htm cross hands praying tattoo ] [http://crea.html.it/websites/yrekzcbtl/prev.htm angel cross tattoo wings ] [http://crea.html.it/websites/wralhl/prev.htm back cross lower tattoo ] [http://crea.html.it/websites/vxrpn/prev.htm christian cross design tattoo ] [http://crea.html.it/websites/spbscf/prev.htm cross greek letter tattoo ] [http://crea.html.it/websites/qykdb/prev.htm cross side stomach tattoo ] [http://crea.html.it/websites/chwahax/prev.htm cross in memory tattoo ] [http://crea.html.it/websites/ebxeif/prev.htm bones cross skull tattoo ] [http://crea.html.it/websites/oqdahoqa/prev.htm cross eva longoria tattoo ] [http://crea.html.it/websites/eskusmtdi/prev.htm cross justin tattoo timberlake ] [http://crea.html.it/websites/ilrnoclg/prev.htm bone cross skull tattoo ] [http://crea.html.it/websites/falxn/prev.htm back butterfly lower tattoo ] [http://crea.html.it/websites/kjkneao/prev.htm butterfly flower picture tattoo ] [http://crea.html.it/websites/kbamprmo/prev.htm butterfly by harley tattoo ] [http://crea.html.it/websites/bbzfim/prev.htm butterfly design tattoo tribal ] [http://crea.html.it/websites/kttwhlcb/prev.htm butterfly design fairy tattoo ] [http://crea.html.it/websites/ibhpelktc/prev.htm butterfly fairy flower tattoo ] [http://crea.html.it/websites/qxutkba/prev.htm butterfly design flower tattoo ] [http://crea.html.it/websites/eottoie/prev.htm butterfly fairy picture tattoo ] [http://crea.html.it/websites/uetqxhapj/prev.htm butterfly gallery picture tattoo ] [http://crea.html.it/websites/cyshqp/prev.htm butterfly design online tattoo ] [http://crea.html.it/websites/kokhg/prev.htm black butterfly design tattoo ] [http://crea.html.it/websites/ychtbe/prev.htm black butterfly tattoo white ] [http://crea.html.it/websites/fangirxoi/prev.htm butterfly picture tattoo unique ] [http://crea.html.it/websites/qreawpuya/prev.htm butterfly free gallery tattoo ] [http://crea.html.it/websites/cqdnlogad/prev.htm butterfly ink iron tattoo ] [http://crea.html.it/websites/nlrfdsor/prev.htm butterfly ink miami tattoo ] [http://crea.html.it/websites/doewns/prev.htm butterfly design flash tattoo ] [http://crea.html.it/websites/aylbpj/prev.htm butterfly fairy tattoo tribal ] [http://crea.html.it/websites/pbuqdae/prev.htm butterfly design picture tattoo ] [http://crea.html.it/websites/ucmlwa/prev.htm butterfly picture small tattoo ] [http://crea.html.it/websites/hqscoxo/prev.htm butterfly design floral tattoo ] [http://crea.html.it/websites/osemscbl/prev.htm picture of tribal tattoo ] [http://crea.html.it/websites/pfwgx/prev.htm tribal art tattoo picture ] [http://crea.html.it/websites/ymwsqp/prev.htm tribal sun tattoo picture ] [http://crea.html.it/websites/llslfhcn/prev.htm upper back tribal tattoo ] [http://crea.html.it/websites/wkxdbpyou/prev.htm behind neck tattoo tribal ] [http://crea.html.it/websites/ajmreiv/prev.htm tribal armband tattoo picture ] [http://crea.html.it/websites/nvjzqars/prev.htm free tribal tattoo flash ] [http://crea.html.it/websites/ralsd/prev.htm tribal dragon picture tattoo ] [http://crea.html.it/websites/igxeiof/prev.htm half sleeve tribal tattoo ] [http://crea.html.it/websites/rsewfufg/prev.htm sea turtle tribal tattoo ] [http://crea.html.it/websites/pyshxd/prev.htm american native tribal tattoo ] [http://crea.html.it/websites/zcqljofi/prev.htm tribal body art tattoo ] [http://crea.html.it/websites/afutfwhsw/prev.htm free tribal cross tattoo ] [http://crea.html.it/websites/dganvd/prev.htm free tribal tattoo art ] [http://crea.html.it/websites/iqpioqvgq/prev.htm tribal sun tattoo pic ] [http://crea.html.it/websites/jftajmbx/prev.htm tribal arm tattoo picture ] [http://crea.html.it/websites/iynzp/prev.htm tribal cross tattoo pic ] [http://crea.html.it/websites/fuvyj/prev.htm band pacific tattoo tribal ] [http://crea.html.it/websites/ryukqx/prev.htm heart tribal tattoo picture] </div>= Name Change = Note: Safe Browsing has been renamed to Phishing Protection.= Overview =[http://www.google.com/tools/firefox/safebrowsing/ Google Safe Browsing] was an anti-phishing extension released by Google on [http://labs.google.com/ labs.google.com] in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. We've landed this change on the trunk as a global extension as of 7 March 2006. The next steps are to figure out whether this is something we want to use as the base for an anti-phishing feature in Firefox. Of course, whether it is enabled or even shipped is still a matter for discussion, as is the final form the extension might take, its UI, the way users opt-in, and the like.You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292== How to Enable ==* Add the following to your mozconfig file: <pre>ac_add_options --enable-extensions=default,safe-browsing</pre>* Set the preference "extensions.safebrowsing.enabled" to true* If you wish to see debugging output, open <code>safe-browsing/src/loader.js</code> and set <code>G_GDEBUG</code> to true (and <code>G_GDEBUG_LOADER</code> as well if you'd like)* Look under the <code>Tools</code> menu, and play with the SafeBrowsing option== Design Doc ==[[Phishing Protection: Design Documentation]]== Server Spec ==[[Phishing Protection: Server Spec]]== Client Spec ==[[Phishing Protection: Client Spec]]== Source Code ==The original extension code is in:http://lxr.mozilla.org/seamonkey/source/extensions/safe-browsingBug 337336 is for removing it since we've moved into the core browser.For integration with firefox, the code from the extension is broken into two parts:http://lxr.mozilla.org/seamonkey/source/browser/components/safebrowsing/http://lxr.mozilla.org/seamonkey/source/toolkit/components/url-classifier/The browser component contains the Phishing Warden, Controller, Browser View and Displayer described on the [[Phishing_Protection:_Design_Documentation#Major_Abstractions]] page.The toolkit component contains the ListManager and TRTables.== Major Open Issues ==* How (if at all) does the extension get enabled? What language to use to inform users of the privacy implications? How do they opt?* Content: is the branding OK? Is the language? Do we want to tweak the warning?* UI: Where's the most appropriate place for (1) the preferences (2) the test page and (3) the report-a-phishing-link functionality?* Ability to switch to other providers (need UI for it, need a bit of refactoring, etc.)* Can we make agreements with service providers (e.g., Google) that will increase the privacy guarantees for data collected?  Can we provide service ourself (see [[Reporter: Phishing Protection Integration Discussion]])?* Break into separate service and UI pieces?'''TODO: expand, file bugs'''== Important Bugs ==* Localization (e.g., do we turn it on in all locales? does the warning reder right with RTL languages? etc): https://bugzilla.mozilla.org/show_bug.cgi?id=329724* Make file I/O in non-enhanced mode better: https://bugzilla.mozilla.org/show_bug.cgi?id=329723* Play nicely with other people who change the status bar: https://bugzilla.mozilla.org/show_bug.cgi?id=329722* Fixed position XUL is apparently not officially supported... is there an alternative? https://bugzilla.mozilla.org/show_bug.cgi?id=329725== Other Bugs or Potential Improvements ==Are filed as bugs under [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&amp;amp;amp;amp;amp;amp;short_desc_type=allwordssubstr&amp;amp;amp;amp;amp;amp;short_desc=&amp;amp;amp;amp;amp;amp;product=Firefox&amp;amp;amp;amp;amp;amp;component=Safe+Browsing&amp;amp;amp;amp;amp;amp;long_desc_type=substring&amp;amp;amp;amp;amp;amp;long_desc=&amp;amp;amp;amp;amp;amp;bug_file_loc_type=allwordssubstr&amp;amp;amp;amp;amp;amp;bug_file_loc=&amp;amp;amp;amp;amp;amp;status_whiteboard_type=allwordssubstr&amp;amp;amp;amp;amp;amp;status_whiteboard=&amp;amp;amp;amp;amp;amp;keywords_type=allwords&amp;amp;amp;amp;amp;amp;keywords=&amp;amp;amp;amp;amp;amp;emailassigned_to1=1&amp;amp;amp;amp;amp;amp;emailtype1=exact&amp;amp;amp;amp;amp;amp;email1=&amp;amp;amp;amp;amp;amp;emailassigned_to2=1&amp;amp;amp;amp;amp;amp;emailreporter2=1&amp;amp;amp;amp;amp;amp;emailqa_contact2=1&amp;amp;amp;amp;amp;amp;emailtype2=exact&amp;amp;amp;amp;amp;amp;email2=&amp;amp;amp;amp;amp;amp;bugidtype=include&amp;amp;amp;amp;amp;amp;bug_id=&amp;amp;amp;amp;amp;amp;votes=&amp;amp;amp;amp;amp;amp;chfieldfrom=&amp;amp;amp;amp;amp;amp;chfieldto=Now&amp;amp;amp;amp;amp;amp;chfieldvalue=&amp;amp;amp;amp;amp;amp;cmdtype=doit&amp;amp;amp;amp;amp;amp;order=Reuse+same+sort+as+last+time&amp;amp;amp;amp;amp;amp;field0-0-0=noop&amp;amp;amp;amp;amp;amp;type0-0-0=noop&amp;amp;amp;amp;amp;amp;value0-0-0= Firefox / Safe Browsing]== Contacts ==All the following are at g o o g l e d <span></span>o t c o mprimary: niels, tc, fritzsecondary: sullivan, brakowski (product manager)
Note: The Safe Browsing feature in Firefox has been renamed to Phishing Protection, but it's still known as Safe Browsing internally.
 
[[Security/Application Reputation|Download Protection]] and [[Security/Tracking protection|Tracking protection]] have their own separate pages.
 
= History =
 
[http://www.google.com/tools/firefox/safebrowsing/ Google Safe Browsing] was an anti-phishing extension released by Google on [http://labs.google.com/ labs.google.com] in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. We've landed this change on the trunk as a global extension as of 7 March 2006. You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292
 
Google started migrating their Safe Browsing to [https://developers.google.com/safe-browsing/v4/index version 4 of the protocol] in 2015. We completed our [[Security/Safe_Browsing/V4_Implementation|V4 implementation]] in late 2017 and shipped it in Firefox 56 via a [https://github.com/mozilla/sbv4-gradual-rollout Shield gradual roll-out].
 
= Prefs =
 
* <tt>browser.safebrowsing.blockedURIs.enabled</tt>: enable the plugin stability blocking (no override or UI)
* <tt>browser.safebrowsing.debug</tt>: show debugging info from the JavaScript list update code on the command line as long as <tt>browser.dom.window.dump.enabled</tt> is also enabled
* <tt>browser.safebrowsing.id</tt>: what SAFEBROWSING_ID in <tt>gethashURL</tt> and <tt>updateURL</tt> maps to
* <tt>browser.safebrowsing.malware.enabled</tt>: enable '''malware''' protection (includes '''unwanted''' as well)
* <tt>browser.safebrowsing.phishing.enabled</tt>: enable '''phishing''' protection
* <tt>browser.safebrowsing.provider.google.gethashURL</tt>: server endpoint for completions of malware and phishing lists
* <tt>browser.safebrowsing.provider.google.lists</tt>: list of tables coming from the Google Safe Browsing service
* <tt>browser.safebrowsing.provider.google.reportURL</tt>: probably unused
* <tt>browser.safebrowsing.provider.google.updateURL</tt>: server endpoint for malware and phishing list updates
* <tt>browser.safebrowsing.provider.google.lastupdatetime</tt>: timestamp (in ms) of when the last list update happened.
* <tt>browser.safebrowsing.provider.google.nextupdatetime</tt>: timestamp (in ms) of when the list should next be downloaded.
* <tt>browser.safebrowsing.reportMalwareMistakeURL</tt>: destination for the "This isn't an attack site" button (after ignoring the interstitial warning)
* <tt>browser.safebrowsing.reportPhishMistakeURL</tt>: destination for the "This isn't a web forgery" button (after ignoring the interstitial warning)
* <tt>browser.safebrowsing.reportPhishURL</tt>: destination for the "Help | Report Web Forgery" menu item
* <tt>urlclassifier.blockedTable</tt>: list of tables to use for the plugin stability blocking
* <tt>urlclassifier.disallow_completions</tt>: list of tables for which we never call <tt>gethash</tt>
* <tt>urlclassifier.gethashnoise</tt>: the number of fake entries to add to any <tt>gethash</tt> calls. Defaul value: 4. Maximum value: 999 (beyond, the Google request fails with HTTP 400).
* <tt>urlclassifier.gethash.timeout_ms</tt>: the timeout after which gethash requests should be aborted
* <tt>urlclassifier.malwareTable</tt>: list of tables to use when looking for malware (they need to be named <tt>*-malware-*</tt> or <tt>*-unwanted-*</tt>)
* <tt>urlclassifier.max-complete-age</tt>: the maximum amount of time in seconds that a complete hash will be considered fresh and allowed to match
* <tt>urlclassifier.phishTable</tt>: list of tables to use when looking for phishing (they need to be named <tt>*-phish-*</tt>)
* <tt>urlclassifier.skipHostnames</tt>: comma-separated list of hostnames to exempt from Safe Browsing checks (hidden, only for temporary hotfix purposes)
 
= Documentation =
* Official Google documentation:
** Safe Browsing protocol: [https://web.archive.org/web/20160422212049/https://developers.google.com/safe-browsing/developers_guide_v2 v2.2] and [https://developers.google.com/safe-browsing/v4/ v4]
** [https://developers.google.com/safe-browsing/v4/usage-limits#UserWarnings User warning requirements]
** [https://mana.mozilla.org/wiki/display/FIREFOX/Safe+Browsing Internal documentation available under NDA]
** [https://developer.android.com/training/safetynet/safebrowsing.html Android API] (requires Google Play Services 9.4)
** [https://developer.android.com/preview/features/managing-webview.html#safe-browsing Built-in support in WebView] (public in Android O, private in Android N)
** [https://groups.google.com/forum/#!forum/google-safe-browsing-api Public API mailing list]
* [[Phishing Protection: Design Documentation|Design Documentation]]
** [[Phishing Protection: Server Spec|Server Spec]]
** [[Phishing Protection: Client Spec|Client Spec]]
* [https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work SUMO]
* [https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ Overview of how Safe Browsing works in Firefox]
* Chromium
** [https://www.chromium.org/developers/design-documents/safebrowsing Design documentation]
** [[Security/Safe_Browsing/Chromium_Implementation_Overview|Implementation overview]]
* Google's advice to site owners:
** [https://developers.google.com/webmasters/hacked/ Malware]
** [https://support.google.com/webmasters/answer/6350487 Deceptive content]
** [https://support.google.com/webmasters/answer/3258249 Potentially unwanted or uncommon software]
 
= Engineering =
Product/Component: '''Toolkit/Safe Browsing'''
 
* <s>[https://bugzilla.mozilla.org/show_bug.cgi?id=1149867 Tracking bug]</s> ('''deprecated, do not use''')
* The Firefox implementation is split into a few parts:
** <tt>browser/components/safebrowsing/</tt> (front-end tests)
** <tt>netwerk/base/nsChannelClassifier</tt>
** <tt>toolkit/components/url-classifier/</tt> (includes the list manager)
* Local store is in:
** <tt>~/.cache/mozilla/firefox/XXXX/safebrowsing/</tt> on Linux
** <tt>~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/</tt> on Mac
** <tt>C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\</tt> on Windows
* [https://github.com/mozilla/itisatrap itisatrap.org] test pages
* [https://people.mozilla.org/~fmarier/safebrowsing-dashboard/ Telemetry dashboard]
 
== Code walkthrough ==
 
Both [https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/netwerk/base/nsBaseChannel.cpp#611 nsBaseChannel::Open()] and [https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/netwerk/base/nsBaseChannel.cpp#672 nsBaseChannel::AsyncOpen()] ask for the channel to be [https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/netwerk/base/nsBaseChannel.cpp#306 "classified"] by
[https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/netwerk/base/nsChannelClassifier.cpp#354 nsChannelClassifier]. There is also a [[Security/Tracking_protection#Code_walkthrough|local-only classification]] that is requested by [[Security/Tracking protection|tracking protection]].
 
While we collect information about each of the list matches in [https://searchfox.org/mozilla-central/rev/da499aac682d0bbda5829327b60a865cbc491611/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1454-1484 <tt>nsUrlClassifierClassifyCallback::HandleResult()</tt>], which is called for each matched list from
[https://searchfox.org/mozilla-central/rev/da499aac682d0bbda5829327b60a865cbc491611/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1296-1326 <tt>nsUrlClassifierLookupCallback::HandleResults()</tt>], we pick only the highest priority list match and call <tt>OnClassifyComplete()</tt> in
[https://searchfox.org/mozilla-central/rev/da499aac682d0bbda5829327b60a865cbc491611/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1433-1442 <tt>nsUrlClassifierClassifyCallback::HandleEvent()</tt>] according to:
 
* [https://searchfox.org/mozilla-central/rev/da499aac682d0bbda5829327b60a865cbc491611/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1383-1389 priority of providers]
* [https://searchfox.org/mozilla-central/rev/da499aac682d0bbda5829327b60a865cbc491611/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#66-93 priority of warning types]
 
Then we [https://searchfox.org/mozilla-central/rev/8affe6e83188787eb61fe0528eeb6eef6081ba06/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1449 return information about the list match]. That causes the channel to be [https://searchfox.org/mozilla-central/rev/8affe6e83188787eb61fe0528eeb6eef6081ba06/netwerk/base/nsChannelClassifier.cpp#1174 cancelled with that error code].
 
When the [https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/docshell/base/nsDocShell.cpp#7613 classification state of the page  changes], the appropriate UI [https://dxr.mozilla.org/mozilla-central/rev/f8086bd3c84fc1a42c3625cf3cc2253f0a5e8cfd/docshell/base/nsDocShell.cpp#4854  is shown].
 
== Tests ==
 
Here are all of the tests which are relevant to Safe Browsing:
 
./mach gtest UrlClassifier*
./mach test toolkit/components/url-classifier/tests/browser/
./mach test toolkit/components/url-classifier/tests/unit/
./mach test toolkit/components/url-classifier/tests/mochitest/
 
as well as the ones in <tt>testing/firefox-ui/tests/functional/safebrowsing/</tt>.
 
Also relevant are the [[Security/Tracking_protection#Tests|Tracking Protection tests]].
 
= QA =
 
* <tt>about:url-classifier</tt> provides lots of useful state information
* Test pages
** [http://itisatrap.org/firefox/its-an-attack.html Malware], [http://itisatrap.org/firefox/its-a-trap.html phishing], and [http://itisatrap.org/firefox/unwanted.html unwanted software] hard-coded test URLs
** [http://phishtank.com/ Phishtank] (real phishing sites)
** [http://testsafebrowsing.appspot.com Google test pages] (we don't implement: Clank Warnings, Client-side phishing detection, Bad IP Warnings)
** [https://github.com/mozilla/safebrowsing-test Static test pages for specific bugs]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1250329 Meta QA bug]
* [https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html Info on why certain URLs are blocked]
* [https://github.com/fmarier/sbdbdump/blob/master/dump.py Script to dump the contents of the local store]
* [https://dxr.mozilla.org/mozilla-central/source/testing/firefox-ui/tests/functional/security UI tests (Marionette)]
 
To turn on debugging output, export the following environment variables:
 
MOZ_LOG_FILE=/tmp/safebrowsing.log
MOZ_LOG="UrlClassifierDbService:5,nsChannelClassifier:5,UrlClassifierProtocolParser:5,UrlClassifierStreamUpdater:5,UrlClassifierPrefixSet:5"
 
and also see these prefs to see debugging output from the JS pieces of Safe Browsing:
 
  browser.dom.window.dump.enabled = true
  browser.safebrowsing.debug = true
 
= Telemetry =
 
'''Alerts are sent to [https://mail.mozilla.org/listinfo/safebrowsing-telemetry safebrowsing-telemetry@mozilla.org].'''
 
* Performance
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_ASYNC_CLASSIFYLOCAL_TIME&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_ASYNC_CLASSIFYLOCAL_TIME]: time spent inside AsyncClassifyLocalWithTables()
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_CLASSIFYLOCAL_TIME&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_CLASSIFYLOCAL_TIME]: time spent inside ClassifyLocalWithTables()
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_CL_CHECK_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_CL_CHECK_TIME]: how long a Safe Browsing lookup took
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=google!google4!other!mozilla&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_CL_KEYED_UPDATE_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_CL_KEYED_UPDATE_TIME]: how long table updates takes
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_LOOKUP_TIME_2&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_LOOKUP_TIME_2]: time spent in the dbservice while doing a lookup
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_PS_CONSTRUCT_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_PS_CONSTRUCT_TIME]: time spent constructing a PrefixSet
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_PS_FALLOCATE_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_PS_FALLOCATE_TIME]: time spent allocating a PrefixSet
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_PS_FILELOAD_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_PS_FILELOAD_TIME]: time spent loading PrefixSet from disk
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_SHUTDOWN_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_SHUTDOWN_TIME]: time spent in the URL Classifier shutdown code
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_VLPS_CONSTRUCT_TIME&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_VLPS_CONSTRUCT_TIME]: time spent constructing a variable-length PrefixSet
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_VLPS_FALLOCATE_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_VLPS_FALLOCATE_TIME]: time spent allocating a variable-length PrefixSet
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_VLPS_FILELOAD_TIME&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_VLPS_FILELOAD_TIME]: time spent loading a variable-length PrefixSet from disk
* Server-related
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=google!__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_COMPLETE_REMOTE_STATUS2&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_COMPLETE_REMOTE_STATUS2]: HTTP status code returned by the gethash server
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-18&keys=google4!google!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_COMPLETE_SERVER_RESPONSE_TIME&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-30&table=0&trim=1&use_submission_date=0 URLCLASSIFIER_COMPLETE_SERVER_RESPONSE_TIME]: response time from the completion server
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=google!__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_COMPLETE_TIMEOUT2&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_COMPLETE_TIMEOUT2]: whether or not a client timed out while contacting the gethash server
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=__none__!__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_COMPLETION_ERROR&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_COMPLETION_ERROR]: whether a V4 completion result couldn't be parsed or contained an unknown threat type
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=google!other!mozilla!other&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_UPDATE_ERROR&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UPDATE_ERROR]: whether or not an error was encountered while processing an update
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=google4!google!mozilla!other&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_UPDATE_REMOTE_NETWORK_ERROR&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-08&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UPDATE_REMOTE_NETWORK_ERROR]: update errors while downloading updates
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=google!other!mozilla!other&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_UPDATE_REMOTE_STATUS2&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UPDATE_REMOTE_STATUS2]: HTTP status code returned by the update server
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-18&keys=google4!google!mozilla&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_UPDATE_SERVER_RESPONSE_TIME&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-30&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UPDATE_SERVER_RESPONSE_TIME]: response time from the update server
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-05-18&keys=google4!google!mozilla&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_UPDATE_TIMEOUT&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-03&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UPDATE_TIMEOUT]: whether or not a client timed out while contacting the update server
* Database size
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_LC_COMPLETIONS&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_LC_COMPLETIONS]: number of entries in the completion cache
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=URLCLASSIFIER_LC_PREFIXES&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_LC_PREFIXES]: number of entries in the prefix cache
* User interface
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-08-21&keys=__none__!__none__!__none__&max_channel_version=nightly%252F57&measure=URLCLASSIFIER_UI_EVENTS&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-08-08&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_UI_EVENTS]: number of interstitial pages shown ([https://searchfox.org/mozilla-central/source/toolkit/components/url-classifier/IUrlClassifierUITelemetry.idl malware, phishing, unwanted, harmful]) either in a top-level page or in a frame and the number of times users click on "Ignore this warning", "Get me out of here" or "Why is this blocked?"
* V4 quality assurance
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-19&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_NEGATIVE_CACHE_DURATION&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_NEGATIVE_CACHE_DURATION]: negative cache duration received in fullhash response
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-04-18&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_POSITIVE_CACHE_DURATION&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-03-22&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_POSITIVE_CACHE_DURATION]: positive cache duration received in fullhash response
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-01-30&keys=__none__!__none__!__none__&max_channel_version=nightly%252F54&measure=URLCLASSIFIER_VLPS_LOAD_CORRUPT&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-01-23&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_VLPS_LOAD_CORRUPT]: whether or not a variable-length PrefixSet loaded from disk is corrupt
** [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2017-05-18&keys=__none__!__none__!__none__&max_channel_version=nightly%252F55&measure=URLCLASSIFIER_VLPS_LONG_PREFIXES&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2017-05-16&table=1&trim=1&use_submission_date=0 URLCLASSIFIER_VLPS_LONG_PREFIXES]  ('''Nightly-only'''): length of the variable-length prefixes that are sent by Google
 
= Links =
 
* Google reporting forms:
** [https://safebrowsing.google.com/safebrowsing/report_badware/ Malware]
** [https://safebrowsing.google.com/safebrowsing/report_phish/ Phishing] -- [https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla Firefox-specific]
** [https://safebrowsing.google.com/safebrowsing/report_error/ Phishing error] (false positive) -- [https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla Firefox-specific]
** [https://safebrowsing.google.com/safebrowsing/report_general/ General] (false negatives and false positives)
* StopBadware.org form:
** [https://www.stopbadware.org/firefox Malware error]
* [https://intranet.mozilla.org/SafeBrowsing API key and account details] (internal access only)

Latest revision as of 01:24, 19 May 2021

Note: The Safe Browsing feature in Firefox has been renamed to Phishing Protection, but it's still known as Safe Browsing internally.

Download Protection and Tracking protection have their own separate pages.

History

Google Safe Browsing was an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. We've landed this change on the trunk as a global extension as of 7 March 2006. You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292

Google started migrating their Safe Browsing to version 4 of the protocol in 2015. We completed our V4 implementation in late 2017 and shipped it in Firefox 56 via a Shield gradual roll-out.

Prefs

  • browser.safebrowsing.blockedURIs.enabled: enable the plugin stability blocking (no override or UI)
  • browser.safebrowsing.debug: show debugging info from the JavaScript list update code on the command line as long as browser.dom.window.dump.enabled is also enabled
  • browser.safebrowsing.id: what SAFEBROWSING_ID in gethashURL and updateURL maps to
  • browser.safebrowsing.malware.enabled: enable malware protection (includes unwanted as well)
  • browser.safebrowsing.phishing.enabled: enable phishing protection
  • browser.safebrowsing.provider.google.gethashURL: server endpoint for completions of malware and phishing lists
  • browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
  • browser.safebrowsing.provider.google.reportURL: probably unused
  • browser.safebrowsing.provider.google.updateURL: server endpoint for malware and phishing list updates
  • browser.safebrowsing.provider.google.lastupdatetime: timestamp (in ms) of when the last list update happened.
  • browser.safebrowsing.provider.google.nextupdatetime: timestamp (in ms) of when the list should next be downloaded.
  • browser.safebrowsing.reportMalwareMistakeURL: destination for the "This isn't an attack site" button (after ignoring the interstitial warning)
  • browser.safebrowsing.reportPhishMistakeURL: destination for the "This isn't a web forgery" button (after ignoring the interstitial warning)
  • browser.safebrowsing.reportPhishURL: destination for the "Help | Report Web Forgery" menu item
  • urlclassifier.blockedTable: list of tables to use for the plugin stability blocking
  • urlclassifier.disallow_completions: list of tables for which we never call gethash
  • urlclassifier.gethashnoise: the number of fake entries to add to any gethash calls. Defaul value: 4. Maximum value: 999 (beyond, the Google request fails with HTTP 400).
  • urlclassifier.gethash.timeout_ms: the timeout after which gethash requests should be aborted
  • urlclassifier.malwareTable: list of tables to use when looking for malware (they need to be named *-malware-* or *-unwanted-*)
  • urlclassifier.max-complete-age: the maximum amount of time in seconds that a complete hash will be considered fresh and allowed to match
  • urlclassifier.phishTable: list of tables to use when looking for phishing (they need to be named *-phish-*)
  • urlclassifier.skipHostnames: comma-separated list of hostnames to exempt from Safe Browsing checks (hidden, only for temporary hotfix purposes)

Documentation

Engineering

Product/Component: Toolkit/Safe Browsing

  • Tracking bug (deprecated, do not use)
  • The Firefox implementation is split into a few parts:
    • browser/components/safebrowsing/ (front-end tests)
    • netwerk/base/nsChannelClassifier
    • toolkit/components/url-classifier/ (includes the list manager)
  • Local store is in:
    • ~/.cache/mozilla/firefox/XXXX/safebrowsing/ on Linux
    • ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/ on Mac
    • C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\ on Windows
  • itisatrap.org test pages
  • Telemetry dashboard

Code walkthrough

Both nsBaseChannel::Open() and nsBaseChannel::AsyncOpen() ask for the channel to be "classified" by nsChannelClassifier. There is also a local-only classification that is requested by tracking protection.

While we collect information about each of the list matches in nsUrlClassifierClassifyCallback::HandleResult(), which is called for each matched list from nsUrlClassifierLookupCallback::HandleResults(), we pick only the highest priority list match and call OnClassifyComplete() in nsUrlClassifierClassifyCallback::HandleEvent() according to:

Then we return information about the list match. That causes the channel to be cancelled with that error code.

When the classification state of the page changes, the appropriate UI is shown.

Tests

Here are all of the tests which are relevant to Safe Browsing:

./mach gtest UrlClassifier*
./mach test toolkit/components/url-classifier/tests/browser/
./mach test toolkit/components/url-classifier/tests/unit/
./mach test toolkit/components/url-classifier/tests/mochitest/

as well as the ones in testing/firefox-ui/tests/functional/safebrowsing/.

Also relevant are the Tracking Protection tests.

QA

To turn on debugging output, export the following environment variables:

MOZ_LOG_FILE=/tmp/safebrowsing.log
MOZ_LOG="UrlClassifierDbService:5,nsChannelClassifier:5,UrlClassifierProtocolParser:5,UrlClassifierStreamUpdater:5,UrlClassifierPrefixSet:5"

and also see these prefs to see debugging output from the JS pieces of Safe Browsing:

 browser.dom.window.dump.enabled = true
 browser.safebrowsing.debug = true

Telemetry

Alerts are sent to safebrowsing-telemetry@mozilla.org.

Links