Confirmed users
152
edits
Security/B2G/Contribute: Difference between revisions
m
adding some resources
(first commit) |
m (adding some resources) |
||
| (12 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
= How to contribute to Firefox OS Security = | = How to contribute to Firefox OS Security = | ||
If you are willing to help | If you are willing to help making Firefox OS safer for users, there are several ways to contribute: | ||
== Implementing OS features == | |||
The Firefox Os Security team is tracking a list of security-related features. | The Firefox Os Security team is tracking a list of security-related features to be explored or implemented. | ||
=== Writing security web apps | === Security features list === | ||
(This list is to be validated and improved by adding a first good bugs section) | |||
=====Improved privacy===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["1033580", "1081731", "1085240"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* Encrypted messaging | |||
* UI for controlling VPN settings (VPN) | |||
* VPN configuration importing | |||
=====Browser security features===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["769183", "919807", "1055426"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
=====Platform Security features===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["845191", "877541", "769183", "909498", "947897", "773117", "777948", "930258"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* [https://wiki.mozilla.org/Security/Sandbox Documentation about sandboxing] | |||
=====Improved permission management===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["961350", "910222", "943818", "967845", "970599", "1040348", "1055469", "940389"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* Global permission control for all apps and services | |||
* Per permission view for permissions (e.g. which apps have access to my contacts) | |||
* Security app center | |||
=== Good practices for contributing === | |||
For your contribution work to be successful, it is essential you follow some good practices: | |||
'''Get in touch with us early''' | |||
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. | |||
You can start by contacting us, we will help you get in touch with the right people: | |||
* IRC channel #FxOSSec on irc.mozilla.org | |||
* The ffos-secure@mozilla.org public mailing list is a good place to start discussing about security in the Firefox OS ecosystem. | |||
You can also start a discussion: | |||
* on [https://bugzilla.mozilla.org/ Bugzilla] if the feature already has a bug ticket open. | |||
* on the [https://lists.mozilla.org/listinfo/dev-b2g dev-b2g] and [https://lists.mozilla.org/listinfo/dev-gaia dev-gaia] mailing lists | |||
''' Learn how to use Bugzilla ''' | |||
You'll find plenty of useful resources on [https://developer.mozilla.org/en-US/docs/Mozilla/Bugzilla MDN], especially about [https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/How_to_Submit_a_Patch how to submit a patch]. | |||
'''Ask for feedback early''' | |||
It is recommended you ask for feedback early, if possible as soon as you have a working prototype (you can use the "feedback" tag on Bugzilla). This will enable you to make sure everybody (UX, OS, security people) is aware and agrees on the direction you're taking with your implementation, and you'll possibly receive good advice for the remaining implementation work. | |||
== Writing security web apps == | |||
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | ||
This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | ||
TO BE ADDED: list of apps to be ported on Firefox OS | |||
== Doing security reviews == | |||
=== Firefox OS reviews === | |||
The security team regularly reviews new features in Firefox OS: | The security team regularly reviews new features in Firefox OS: | ||
* Gaia (TODO) | * Gaia (TODO) | ||
* Gecko/Gonk (TODO) | * Gecko/Gonk (TODO) | ||
=== Apps reviews === | |||
Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is: | Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is: | ||
* [https://herdir.nohost.me/pad/p/appsreview List of known security apps on the Marketplace] | * [https://herdir.nohost.me/pad/p/appsreview List of known security apps on the Marketplace] | ||
Review guidelines for web apps | === Review guidelines for web apps === | ||
* [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | * [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | ||
* [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | * [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | ||
How to report a security issue: | To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, [https://developer.mozilla.org/en-US/docs/Tools/WebIDE WebIDE] or the [https://developer.mozilla.org/en-US/Firefox_OS/Using_the_App_Manager App Manager]): | ||
* install the app (on the [https://developer.mozilla.org/en-US/docs/Tools/Firefox_OS_Simulator simulator] or on a real device) | |||
* then use the DevTools to debug it and have access to the source code | |||
=== How to report a security issue: === | |||
* [https://www.mozilla.org/security/#For_Developers on Firefox OS] | * [https://www.mozilla.org/security/#For_Developers on Firefox OS] | ||
* on the Marketplace: contact the app developer | * on the Marketplace: contact the app developer | ||
== Translating security documentation on MDN == | |||
You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages: | You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages: | ||
| Line 40: | Line 108: | ||
For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | ||
== Learning resources == | |||
=== JavaScript === | |||
* Learning by reading: | |||
** [https://github.com/getify/You-Dont-Know-JS#titles You don't know JS] | |||
** [https://developer.mozilla.org/en-US/docs/Web/JavaScript JavaScript documentation and guides on MDN] | |||
* Learning by doing: | |||
** [https://www.codeschool.com/courses/javascript-road-trip-part-1 JavaScript Road Trip pt 1 on Code School] | |||
** [http://ejohn.org/apps/learn/ Learning Advanced JavaScript] | |||
** [https://webmaker.org/en-US/resources/literacy/weblit-CodingScripting WebMaker resources on JavaScript] | |||
** [http://nodeschool.io/ nodeschool.io] | |||