SummerOfCode/2013/SecurityReport: Difference between revisions

Jump to navigation Jump to search

SummerOfCode/2013/SecurityReport (view source)

Revision as of 08:15, 24 July 2013

2,647 bytes removed ,  24 July 2013
no edit summary
No edit summary
No edit summary
Line 13: Line 13:
<br/>
<br/>


 
<hr>
<font color="red"><b>Project Status </b></font>
<hr />
Tentative plan for Security Report tool for GSoC duration is given below:
 
* June 17 - June 30 (two weeks):
  Capture "error" and "warn" messages from Error Console. In particular, register event listener on
  "nsIConsoleService" or listen for console-api-log-event topic of "consoleAPI".
 
*  July 1 - July 14 (two weeks): 
  Capture security related information about cookie. In particular, I will use "nsICookie2", "nsICookieService",
  "nsICookieManager2" APIs to get access to cookies and check whether website set cookies as secure or not. In
  addition, I will also check for absence of "http-only" field.
 
*  July 15 - July 21 (one week):
** Project discussion with the mentor and community on the design and GUI of this add­on.
** UI Suggestion Link (Thanks to Jesse Ruderman): https://bugzilla.mozilla.org/show_bug.cgi?id=711816
 
*  July 22 - August 11 (three weeks):
  Validate SSL certificates, session wise (for each browser session) maintain a whitelist of good SSL certificate
  to avoid duplicate checking of SSL certificate within the same session. In particular, I will use
  "nsISSLStatusProvider" API to get SSL certificate details. The "nsIX509Cert" API to compare various status code
  for SSL certificate (such as, CERT_REVOKED, CERT_EXPIRED, etc).
 
*  August 12 - August 25 (two weeks):
  Integrate it in GCLI commands to invoke/show add-on UI, display security errors, hide add-on UI, etc.
  In particular, I will import "gcli.jsm" library from devtools and use "addCommand" method to add GCLI commands.
  For example,  "security-report[showUI, hideUI, print]". The "security-report showUI" command will display add-on UI.
  The "security-report hideUI" command hides add-on UI. The "security-report print" command displays only security 
  report user in a bubble.
 
*  August 26 - September 8 (two weeks):
  Identify what are the other types of errors (such as CORS, mixed content). In particular, detect security errors
  occurred due to CORS request, mixed content in web page, etc and display it to users.
 
*  September 9 - September 22 (two weeks):
  Develop test cases and test add-on with a few websites that contain security errors. In particular, check whether
  the add-on correctly reports all supported security errors to user or not.
 
*  September 23 - September 27 (5 days):
** Ensure code is available on Google Code and in the Mozilla add­on repository.
** It is currently available publicly on [[https://github.com/patilkr/securityReportTool|GitHub repository]]: https://github.com/patilkr/securityReportTool
<br />
<hr />


<b>Weekly Status Updates: </b> <br />
<b>Weekly Status Updates: </b> <br />
Patilkr
Confirmed users
461

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/683978"

Navigation menu