Confirmed users
396
edits
PFS2: Difference between revisions
m
→Related Information: use wiki links and {{bug}} template
LesOrchard (talk | contribs) (→Server) |
m (→Related Information: use wiki links and {{bug}} template) |
||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 12: | Line 12: | ||
platform, OS, locale, & etc. | platform, OS, locale, & etc. | ||
* Production URL: | * Production URL: http://www.mozilla.com/plugincheck/ | ||
* Staging URL: http://pfs2.stage.mozilla.com/ | * Staging URL: http://pfs2.stage.mozilla.com/ | ||
* Source code (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/ | * Source code (in SVN): http://svn.mozilla.org/projects/pfs2/trunk/ | ||
| Line 20: | Line 20: | ||
* Requirements | * Requirements | ||
** PHP (both web server and CLI) | ** Apache | ||
** PHP 5.2+ (both web server and CLI) | |||
** MySQL 5.x | ** MySQL 5.x | ||
** Memcached | ** Memcached | ||
* Configure Apache's document root to point at <tt>htdocs</tt> | |||
* Create a MySQL database from schema | * Create a MySQL database from schema | ||
mysqladmin -uroot -p create pfs2 | mysqladmin -uroot -p create pfs2 | ||
| Line 29: | Line 31: | ||
* Update configuration | * Update configuration | ||
cp conf/config.php-dist conf/config.php | cp conf/config.php-dist conf/config.php | ||
# edit the config file to reflect | # edit the config file to reflect master and shadow databases, | ||
# as well as memcache server | |||
vim conf/config.php | vim conf/config.php | ||
* Update database from plugin definitions | * Update database from plugin definitions | ||
php bin/update-db.php | php bin/update-db.php | ||
== Request Parameters == | == Request Parameters == | ||
| Line 251: | Line 252: | ||
## Take all the mime-types in the plugin | ## Take all the mime-types in the plugin | ||
## For each mime type | ## For each mime type | ||
### | ### Normalize the mime-type | ||
### concatenate them into a space delimited list | |||
### Query the Plugin Finder Service by mime-type and other parameters | |||
#### Take all the plugin infos which is the response | #### Take all the plugin infos which is the response | ||
#### For each info | #### For each info | ||
##### Try to match the `name | ##### Try to match the alias literal `names` in the response to the plugins name | ||
##### Try to match the alisas regexs in the response to the plugins literal name | |||
###### if there is a match, use the info from this mime-type. Check version and vulnerability | ###### if there is a match, use the info from this mime-type. Check version and vulnerability | ||
###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin | ###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin | ||
| Line 262: | Line 265: | ||
This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against | This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against | ||
# plugin.name | # plugin.name | ||
== Quantity of calls per plugin == | == Quantity of calls per plugin == | ||
Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches. | Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches. | ||
The PFS2 Client limits on how many mime types will be concatentated together to keep the total characters below a configurable amount. If the mime-types exceed this, multiple PFS requests will be made for the plugin. | |||
== Mime-Type Normalization == | |||
Some Java Plugins like apples register many mime-types, because the mime-type includes platform version information like: | Some Java Plugins like apples register many mime-types, because the mime-type includes platform version information like: | ||
| Line 279: | Line 279: | ||
We can normalize these, since ; isn't a valid character in a MIME type. | We can normalize these, since ; isn't a valid character in a MIME type. | ||
== | == Plugin Release Statuses == | ||
For a given app id, platform, etc a list of releases of plugins are returned. | |||
The following are the status states a plugin can be in | |||
# DISABLE - "vulnerable" - also no newer release known | |||
# VULNERABLE - "vulnerable" An exploit is published against this specific release number | |||
# OUTDATED - "outdated" or version detection shows the plugin is known and older than a known plugin version | |||
# CURRENT - "latest" exact match of the latest known release | |||
# UNKNOWN - Either no plugin match was made, or the version of the plugin in the browser cannot be detected for some reason | |||
[https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism] | [https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism] | ||
== Generic Plugin Version Comparison == | |||
Current vs Out of date compares version components from left to right. Example: | Current vs Out of date compares version components from left to right. Example: | ||
5.10.3 compared to 5.11 | 5.10.3 compared to 5.11 | ||
| Line 290: | Line 297: | ||
# compare 10 to 11, 5.11 is higher | # compare 10 to 11, 5.11 is higher | ||
Unknown | == Unknown and Newer plugins == | ||
The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB. | The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB. | ||
= Related Information = | = Related Information = | ||
* | * [[Plugins:PluginCheck]] | ||
* | * [[Firefox/Projects/Plugin Update Referrals]] | ||
* | * [[Website/Sprints/PluginProblem]] | ||
* | * [[Security:ThePluginProblem]] | ||
* | * {{bug|465898}} | ||
* http://theunfocused.net/2009/08/22/status-update-2/ | * http://theunfocused.net/2009/08/22/status-update-2/ | ||