Confirmed users
461
edits
SummerOfCode/2013/SecurityReport: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 18: | Line 18: | ||
Schedule of userCSP project deliverable: | Schedule of userCSP project deliverable: | ||
* June 17 - June 30 (two weeks): Capture "error" and "warn" messages | * June 17 - June 30 (two weeks): | ||
Capture "error" and "warn" messages from Error Console. In particular, register event listener on | |||
"nsIConsoleService" or listen for console-api-log-event topic of | "nsIConsoleService" or listen for console-api-log-event topic of | ||
"consoleAPI". | "consoleAPI". | ||
* July 1 - July 14 (two weeks): Capture security related information | * July 1 - July 14 (two weeks): | ||
Capture security related information | |||
about cookie. In particular, I will use "nsICookie2", | about cookie. In particular, I will use "nsICookie2", | ||
"nsICookieService", "nsICookieManager2" APIs to get access to | "nsICookieService", "nsICookieManager2" APIs to get access to | ||
| Line 29: | Line 30: | ||
addition, I will also check for absence of "http-only" field. | addition, I will also check for absence of "http-only" field. | ||
* July 15 - July 21 (one week): Project discussion with the mentor and | * July 15 - July 21 (one week): | ||
Project discussion with the mentor and | |||
community on the design and GUI of this addon. | community on the design and GUI of this addon. | ||
* July 22 - August 11 (three weeks): Validate SSL certificates, | * July 22 - August 11 (three weeks): | ||
Validate SSL certificates, | |||
session wise (for each browser session) maintain a whitelist of good | session wise (for each browser session) maintain a whitelist of good | ||
SSL certificate to avoid duplicate checking of SSL certificate | SSL certificate to avoid duplicate checking of SSL certificate | ||
| Line 40: | Line 43: | ||
(such as, CERT_REVOKED, CERT_EXPIRED, etc). | (such as, CERT_REVOKED, CERT_EXPIRED, etc). | ||
* August 12 - August 25 (two weeks): Integrate it in GCLI commands to | * August 12 - August 25 (two weeks): | ||
Integrate it in GCLI commands to | |||
invoke/show add-on UI, display security errors, hide add-on UI, etc. | invoke/show add-on UI, display security errors, hide add-on UI, etc. | ||
In particular, I will import "gcli.jsm" library from devtools and | In particular, I will import "gcli.jsm" library from devtools and | ||
| Line 49: | Line 53: | ||
displays only security report user in a bubble. | displays only security report user in a bubble. | ||
* August 26 - September 8 (two weeks): Identify what are the other | * August 26 - September 8 (two weeks): | ||
Identify what are the other | |||
types of errors (such as CORS, mixed content). In particular, detect | types of errors (such as CORS, mixed content). In particular, detect | ||
security errors occurred due to CORS request, mixed content in web | security errors occurred due to CORS request, mixed content in web | ||
page, etc and display it to users. | page, etc and display it to users. | ||
* September 9 - September 22 (two weeks): Develop test cases and test | * September 9 - September 22 (two weeks): | ||
Develop test cases and test | |||
add-on with a few websites that contain security errors. In | add-on with a few websites that contain security errors. In | ||
particular, check whether the add-on correctly reports all supported | particular, check whether the add-on correctly reports all supported | ||
security errors to user or not. | security errors to user or not. | ||
* September 23 - September 27 (5 days): Ensure code is available on | * September 23 - September 27 (5 days): | ||
Ensure code is available on | |||
Google Code and in the Mozilla addon repository. | Google Code and in the Mozilla addon repository. | ||