Confirmed users
152
edits
Security/B2G/Contribute: Difference between revisions
m
adding some resources
(adding some bugs) |
m (adding some resources) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 10: | Line 10: | ||
(This list is to be validated and improved by adding a first good bugs section) | (This list is to be validated and improved by adding a first good bugs section) | ||
=====Improved privacy===== | |||
<bugzilla>{ | <bugzilla>{ | ||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | ||
| Line 27: | Line 16: | ||
"include_fields": "id, summary, status, assigned_to" | "include_fields": "id, summary, status, assigned_to" | ||
}</bugzilla> | }</bugzilla> | ||
* Encrypted messaging | * Encrypted messaging | ||
* UI for controlling VPN settings (VPN) | |||
* VPN configuration importing | |||
=====Browser security features===== | |||
<bugzilla>{ | <bugzilla>{ | ||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | ||
| Line 41: | Line 27: | ||
}</bugzilla> | }</bugzilla> | ||
=====Platform Security features===== | |||
<bugzilla>{ | <bugzilla>{ | ||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | ||
"id": ["845191", "877541", "769183", "909498", "947897", "773117"], | "id": ["845191", "877541", "769183", "909498", "947897", "773117", "777948", "930258"], | ||
"include_fields": "id, summary, status, assigned_to" | "include_fields": "id, summary, status, assigned_to" | ||
}</bugzilla> | }</bugzilla> | ||
* [https://wiki.mozilla.org/Security/Sandbox Documentation about sandboxing] | |||
=====Improved permission management===== | |||
<bugzilla>{ | <bugzilla>{ | ||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | ||
"id": ["961350", "910222", "943818", "967845", "970599", "1040348", "1055469"], | "id": ["961350", "910222", "943818", "967845", "970599", "1040348", "1055469", "940389"], | ||
"include_fields": "id, summary, status, assigned_to" | "include_fields": "id, summary, status, assigned_to" | ||
}</bugzilla> | }</bugzilla> | ||
| Line 64: | Line 50: | ||
'''Get in touch with us early''' | '''Get in touch with us early''' | ||
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually | Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. | ||
You can start by contacting us, we will help you get in touch with the right people: | You can start by contacting us, we will help you get in touch with the right people: | ||
* IRC channel #FxOSSec on irc.mozilla.org | * IRC channel #FxOSSec on irc.mozilla.org | ||
| Line 84: | Line 70: | ||
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | ||
This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | ||
TO BE ADDED: list of apps to be ported on Firefox OS | |||
== Doing security reviews == | == Doing security reviews == | ||
| Line 100: | Line 89: | ||
* [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | * [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | ||
* [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | * [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | ||
To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, [https://developer.mozilla.org/en-US/docs/Tools/WebIDE WebIDE] or the [https://developer.mozilla.org/en-US/Firefox_OS/Using_the_App_Manager App Manager]): | |||
* install the app (on the [https://developer.mozilla.org/en-US/docs/Tools/Firefox_OS_Simulator simulator] or on a real device) | |||
* then use the DevTools to debug it and have access to the source code | |||
=== How to report a security issue: === | === How to report a security issue: === | ||
| Line 115: | Line 108: | ||
For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | ||
== Learning resources == | |||
=== JavaScript === | |||
* Learning by reading: | |||
** [https://github.com/getify/You-Dont-Know-JS#titles You don't know JS] | |||
** [https://developer.mozilla.org/en-US/docs/Web/JavaScript JavaScript documentation and guides on MDN] | |||
* Learning by doing: | |||
** [https://www.codeschool.com/courses/javascript-road-trip-part-1 JavaScript Road Trip pt 1 on Code School] | |||
** [http://ejohn.org/apps/learn/ Learning Advanced JavaScript] | |||
** [https://webmaker.org/en-US/resources/literacy/weblit-CodingScripting WebMaker resources on JavaScript] | |||
** [http://nodeschool.io/ nodeschool.io] | |||