Confirmed users
396
edits
PFS2: Difference between revisions
m
→Related Information: use wiki links and {{bug}} template
LesOrchard (talk | contribs) No edit summary |
m (→Related Information: use wiki links and {{bug}} template) |
||
| (9 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
PFS2 is a simple HTTP service intended to: | PFS2 is a simple HTTP service intended to: | ||
# Assist in finding | # Assist in finding plugins for MIME types whose handling is unknown to the client | ||
# Offer version and security vulnerability data on installed plugins for upgrade recommendations | # Offer version and security vulnerability data on installed plugins for upgrade recommendations | ||
| Line 12: | Line 12: | ||
platform, OS, locale, & etc. | platform, OS, locale, & etc. | ||
* | * Production URL: http://www.mozilla.com/plugincheck/ | ||
* Staging URL: http://pfs2.stage.mozilla.com/ | |||
* Source code (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/ | * Source code (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/ | ||
* DB Schema (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/conf/schema.sql | * DB Schema (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/conf/schema.sql | ||
== Installation == | |||
* Requirements | |||
** Apache | |||
** PHP 5.2+ (both web server and CLI) | |||
** MySQL 5.x | |||
** Memcached | |||
* Configure Apache's document root to point at <tt>htdocs</tt> | |||
* Create a MySQL database from schema | |||
mysqladmin -uroot -p create pfs2 | |||
mysql -uroot -p pfs2 -e "grant all privileges on pfs2.* to pfs2@'localhost' identified by 'pfs2';" | |||
mysql -uroot -p pfs2 < conf/schema.sql | |||
* Update configuration | |||
cp conf/config.php-dist conf/config.php | |||
# edit the config file to reflect master and shadow databases, | |||
# as well as memcache server | |||
vim conf/config.php | |||
* Update database from plugin definitions | |||
php bin/update-db.php | |||
== Request Parameters == | == Request Parameters == | ||
| Line 20: | Line 41: | ||
Queries against PFS2 are performed using HTTP GET, with the following parameters supported: | Queries against PFS2 are performed using HTTP GET, with the following parameters supported: | ||
; mimetype : A space-separated list of mimetypes for a plugin. (Note: space can be encoded as <tt>+</tt> in URLs.) | ; <tt>mimetype</tt> : A space-separated list of mimetypes for a plugin. (Note: space can be encoded as <tt>+</tt> in URLs.) | ||
; clientOS : The client's OS (eg. <tt>navigator.oscpu</tt>, "Windows NT 5.1", "Intel Mac OS X 10.5") | ; <tt>clientOS</tt> : The client's OS (eg. <tt>navigator.oscpu</tt>, "Windows NT 5.1", "Intel Mac OS X 10.5") | ||
; chromeLocale : The client's locale (eg. <tt>navigator.language</tt>) | ; <tt>chromeLocale</tt> : The client's locale (eg. <tt>navigator.language</tt>) | ||
; appID : The client's app ID (eg. <tt>navigator.'''???'''</tt> (userAgent?), Firefox is "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}") | ; <tt>appID</tt> : The client's app ID (eg. <tt>navigator.'''???'''</tt> (userAgent?), Firefox is "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}") | ||
; appRelease : Client app release version (eg. <tt>navigator.'''???'''</tt> (userAgent?), "3.5.3") | ; <tt>appRelease</tt> : Client app release version (eg. <tt>navigator.'''???'''</tt> (userAgent?), "3.5.3") | ||
; appVersion : Client's application build version (eg. <tt>navigator.buildID</tt>, "20090824085414") | ; <tt>appVersion</tt> : Client's application build version (eg. <tt>navigator.buildID</tt>, "20090824085414") | ||
; callback : Function wrapper for JSON output, (see also: [http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/ JSONP technique]) | ; <tt>callback</tt> : Function wrapper for JSON output, (see also: [http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/ JSONP technique]) | ||
=== Example request === | === Example request === | ||
| Line 55: | Line 76: | ||
Plugin descriptions have the following overall structure: | Plugin descriptions have the following overall structure: | ||
{ | [ | ||
{ | |||
"aliases": { | |||
"releases": [ ... ] | "literal": [ ... ], | ||
"regex": [ ... ] | |||
}, | |||
"releases": { | |||
"latest": { ... }, | |||
"others": [ ... ] | |||
} | |||
} | } | ||
] | |||
=== Plugin name aliases === | === Plugin name aliases === | ||
The <tt>aliases</tt> property consists of | The <tt>aliases</tt> property consists of lists of names by which the | ||
plugin has been called | plugin has been called, separated into exact matches (<tt>literal</tt>) and | ||
regular expressions for pattern matches (<tt>regex</tt>). Since plugins change | |||
to assist in identifying installed | names between releases, and provide little else in the way of uniquely | ||
identifying details, these lists are meant to assist in identifying plugins | |||
already installed and matching them with PFS2 results. | |||
For example: | For example: | ||
[ | |||
{ | |||
"aliases": [ | "aliases": [ | ||
" | "literal": [ | ||
"Adobe Flash Player", | |||
" | "Shockwave Flash" | ||
], | |||
"regex": [ | |||
".*Flash.*" | |||
] | |||
], | ], | ||
"releases": [ ... ] | "releases": [ ... ] | ||
} | } | ||
] | |||
=== Plugin releases === | |||
The <tt>releases</tt> property points to an object, itself with two properties: | |||
; <tt>latest</tt> : The latest release for the plugin known by PFS2 | |||
; <tt>others</tt> : A list of other outdated and vulnerable releases of the plugin | |||
=== Plugin release descriptions === | === Plugin release descriptions === | ||
Each of the plugin releases are described by objects bearing some or all of the | |||
following properties: | following properties: | ||
; pfs_id : <tt>pfs_id</tt> of the plugin within PFS2 | ; <tt>pfs_id</tt> : <tt>pfs_id</tt> of the plugin within PFS2 | ||
; name : Name of the plugin | ; <tt>name</tt> : Name of the plugin | ||
; vendor : Name of the vendor providing the plugin | ; <tt>vendor</tt> : Name of the vendor providing the plugin | ||
; version : A dot-separated normalized version for the plugin, may differ from official vendor versioning scheme in order to maintain internal consistency in PFS2 | ; <tt>version</tt> : A dot-separated normalized version for the plugin, may differ from official vendor versioning scheme in order to maintain internal consistency in PFS2 | ||
; guid : A GUID for the plugin release, may differ between releases and platforms (unlike <tt>pfs_id</tt>) | ; <tt>guid</tt> : A GUID for the plugin release, may differ between releases and platforms (unlike <tt>pfs_id</tt>) | ||
; status : Current status of the release, eg. <tt>latest</tt>, <tt>outdated</tt>, <tt>vulnerable</tt> | ; <tt>status</tt> : Current status of the release, eg. <tt>latest</tt>, <tt>outdated</tt>, <tt>vulnerable</tt> | ||
; vulnerability_description : For status <tt>vulnerable</tt>, a short description of security vulnerabilities for the plugin release | ; <tt>vulnerability_description</tt> : For status <tt>vulnerable</tt>, a short description of security vulnerabilities for the plugin release | ||
; vulnerability_url : For status <tt>vulnerable</tt>, a URL detailing security vulnerabilities for the plugin release | ; <tt>vulnerability_url</tt> : For status <tt>vulnerable</tt>, a URL detailing security vulnerabilities for the plugin release | ||
; filename : Filename of the plugin as installed | ; <tt>filename</tt> : Filename of the plugin as installed | ||
; url : URL with details describing the plugin | ; <tt>url</tt> : URL with details describing the plugin | ||
; license_url : URL where the license for using the plugin may be found | ; <tt>license_url</tt> : URL where the license for using the plugin may be found | ||
; manual_installation_url : URL for a manually-launched executable installer for the plugin | ; <tt>manual_installation_url</tt> : URL for a manually-launched executable installer for the plugin | ||
; xpi_location : URL for an XPI-based installer for the plugin | ; <tt>xpi_location</tt> : URL for an XPI-based installer for the plugin | ||
; installer_location : URL for an executable installer for the plugin (mainly for Windows) | ; <tt>installer_location</tt> : URL for an executable installer for the plugin (mainly for Windows) | ||
; installer_hash : A hash of the installer's contents for verifying its integrity | ; <tt>installer_hash</tt> : A hash of the installer's contents for verifying its integrity | ||
; installer_shows_ui : (0/1) whether or not the installer displays a user interface | ; <tt>installer_shows_ui</tt> : (0/1) whether or not the installer displays a user interface | ||
; needs_restart : (0/1) whether or not the OS needs to restart after plugin installation | ; <tt>needs_restart</tt> : (0/1) whether or not the OS needs to restart after plugin installation | ||
; xpcomabi : '''''(Not sure, inherited from PFS1, need a description)''''' | ; <tt>xpcomabi</tt> : '''''(Not sure, inherited from PFS1, need a description)''''' | ||
; min : '''''(Not sure, inherited from PFS1, need a description)''''' | ; <tt>min</tt> : '''''(Not sure, inherited from PFS1, need a description)''''' | ||
; max : '''''(Not sure, inherited from PFS1, need a description)''''' | ; <tt>max</tt> : '''''(Not sure, inherited from PFS1, need a description)''''' | ||
; app_release : Client app release for which the plugin is intended (* is wildcard) | ; <tt>app_release</tt> : Client app release for which the plugin is intended (* is wildcard) | ||
; app_version : Client app version for which the plugin is intended (* is wildcard) | ; <tt>app_version</tt> : Client app version for which the plugin is intended (* is wildcard) | ||
; locale : Client app locale for which the plugin is intended (* is wildcard) | ; <tt>locale</tt> : Client app locale for which the plugin is intended (* is wildcard) | ||
; os_name : Client app OS for which the plugin is intended (* is wildcard) | ; <tt>os_name</tt> : Client app OS for which the plugin is intended (* is wildcard) | ||
; modified : Timestamp when last the release record was modified | ; <tt>modified</tt> : Timestamp when last the release record was modified | ||
=== Example response === | === Example response === | ||
| Line 119: | Line 157: | ||
$ curl -s 'http://dev.pfs2.mozilla.org/?mimetype=application/x-shockwave-flash&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appVersion=2008052906&appRelease=3.5&clientOS=mac&chromeLocale=ja-JP' | $ curl -s 'http://dev.pfs2.mozilla.org/?mimetype=application/x-shockwave-flash&appID=%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D&appVersion=2008052906&appRelease=3.5&clientOS=mac&chromeLocale=ja-JP' | ||
{ | [ | ||
{ | |||
"aliases": { | |||
"literal": [ | |||
"Adobe Flash Player", | |||
"Shockwave Flash" | |||
], | |||
"regex": [ | |||
".*Flash.*" | |||
] | |||
}, | |||
"releases": { | "releases": { | ||
" | "latest": { | ||
"status": "latest", | "status": "latest", | ||
"app_release": "3.5", | "app_release": "3.5", | ||
| Line 129: | Line 176: | ||
"pfs_id": "adobe-flash-player", | "pfs_id": "adobe-flash-player", | ||
"url": "http://www.adobe.com/go/getflashplayer", | "url": "http://www.adobe.com/go/getflashplayer", | ||
"modified": "2009-09- | "modified": "2009-09-18T23:09:55+00:00", | ||
"app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", | "app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", | ||
"locale": "ja-JP", | "locale": "ja-JP", | ||
| Line 138: | Line 185: | ||
"os_name": "mac", | "os_name": "mac", | ||
"name": "Adobe Flash Player" | "name": "Adobe Flash Player" | ||
}, | }, | ||
" | "others": [ | ||
{ | |||
"status": "vulnerable", | |||
"app_release": "*", | |||
"os_name": "*", | |||
"vendor": "Adobe", | |||
"pfs_id": "adobe-flash-player", | |||
"url": "http://www.adobe.com/go/getflashplayer", | |||
"modified": "2009-09-18T23:09:55+00:00", | |||
"app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", | |||
"vulnerability_url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html", | |||
" | "version": "9.0.159.0", | ||
"license_url": "http://www.adobe.com/go/eula_flashplayer", | |||
"locale": "*", | |||
"app_version": "*", | |||
"name": "Adobe Flash Player" | |||
}, | |||
{ | |||
"status": "vulnerable", | |||
"app_release": "*", | |||
"os_name": "*", | |||
"vendor": "Adobe", | |||
"pfs_id": "adobe-flash-player", | |||
"url": "http://www.adobe.com/go/getflashplayer", | |||
"modified": "2009-09-18T23:09:55+00:00", | |||
"app_id": "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", | |||
"vulnerability_url": "http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf", | |||
"version": "9.0.115.0", | |||
"license_url": "http://www.adobe.com/go/eula_flashplayer", | |||
"locale": "*", | |||
"app_version": "*", | |||
"name": "Adobe Flash Player" | |||
} | |||
] | |||
} | |||
} | } | ||
] | |||
= Client = | = Client = | ||
| Line 195: | Line 252: | ||
## Take all the mime-types in the plugin | ## Take all the mime-types in the plugin | ||
## For each mime type | ## For each mime type | ||
### | ### Normalize the mime-type | ||
### concatenate them into a space delimited list | |||
### Query the Plugin Finder Service by mime-type and other parameters | |||
#### Take all the plugin infos which is the response | #### Take all the plugin infos which is the response | ||
#### For each info | #### For each info | ||
##### Try to match the `name | ##### Try to match the alias literal `names` in the response to the plugins name | ||
##### Try to match the alisas regexs in the response to the plugins literal name | |||
###### if there is a match, use the info from this mime-type. Check version and vulnerability | ###### if there is a match, use the info from this mime-type. Check version and vulnerability | ||
###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin | ###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin | ||
| Line 206: | Line 265: | ||
This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against | This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against | ||
# plugin.name | # plugin.name | ||
== Quantity of calls per plugin == | == Quantity of calls per plugin == | ||
Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches. | Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches. | ||
The PFS2 Client limits on how many mime types will be concatentated together to keep the total characters below a configurable amount. If the mime-types exceed this, multiple PFS requests will be made for the plugin. | |||
== Mime-Type Normalization == | |||
Some Java Plugins like apples register many mime-types, because the mime-type includes platform version information like: | Some Java Plugins like apples register many mime-types, because the mime-type includes platform version information like: | ||
| Line 223: | Line 279: | ||
We can normalize these, since ; isn't a valid character in a MIME type. | We can normalize these, since ; isn't a valid character in a MIME type. | ||
== | == Plugin Release Statuses == | ||
For a given app id, platform, etc a list of releases of plugins are returned. | |||
The following are the status states a plugin can be in | |||
# DISABLE - "vulnerable" - also no newer release known | |||
# VULNERABLE - "vulnerable" An exploit is published against this specific release number | |||
# OUTDATED - "outdated" or version detection shows the plugin is known and older than a known plugin version | |||
# CURRENT - "latest" exact match of the latest known release | |||
# UNKNOWN - Either no plugin match was made, or the version of the plugin in the browser cannot be detected for some reason | |||
[https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism] | [https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism] | ||
== Generic Plugin Version Comparison == | |||
Current vs Out of date compares version components from left to right. Example: | Current vs Out of date compares version components from left to right. Example: | ||
5.10.3 compared to 5.11 | 5.10.3 compared to 5.11 | ||
| Line 234: | Line 297: | ||
# compare 10 to 11, 5.11 is higher | # compare 10 to 11, 5.11 is higher | ||
Unknown | == Unknown and Newer plugins == | ||
The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB. | The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB. | ||
= Related Information = | = Related Information = | ||
* | * [[Plugins:PluginCheck]] | ||
* | * [[Firefox/Projects/Plugin Update Referrals]] | ||
* | * [[Website/Sprints/PluginProblem]] | ||
* | * [[Security:ThePluginProblem]] | ||
* | * {{bug|465898}} | ||
* http://theunfocused.net/2009/08/22/status-update-2/ | * http://theunfocused.net/2009/08/22/status-update-2/ | ||