Security/Reviews/Marionette: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 28: | Line 28: | ||
{{miss|Miss}}</td> | {{miss|Miss}}</td> | ||
</tr> | </tr> | ||
<tr><td>marionette team</td><td>add verificaiton checking for AMO reivewers</td><td>before code migrates to aurora</td><td>{{new|new}}</td> | <tr><td>marionette team {{bug|741812}}</td><td>add verificaiton checking for AMO reivewers</td><td>before code migrates to aurora</td><td>{{new|new}}</td> | ||
</tr> | </tr> | ||
<tr><td>marionette team</td><td>prevent the default startup pref so it cannot be changed by adding a pref listener, and can only be enabled in prefs.js </td><td>before code migrates to aurora</td><td>{{Done|complete 2012-02-15}}</td> | <tr><td>marionette team {{bug|741813}}</td><td>prevent the default startup pref so it cannot be changed by adding a pref listener, and can only be enabled in prefs.js </td><td>before code migrates to aurora</td><td>{{Done|complete 2012-02-15}}</td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
}} | }} | ||
Revision as of 15:30, 3 April 2012
Please use "Edit with form" above to edit this page.
Item Reviewed
| Marionette | |
| Target | Marionette |
{{#set:SecReview name=Marionette |SecReview target=Marionette }}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- control and test remote machines
- log in and drive a remote test system
- use remote debugger protocol
- runs at gecko level and listens for connections
- all managed by remote debugger and client/server code
- used in a similar fashion to selenium
- only enabled in a build pref
- then prefed on and then listens on the given port (2828) and uses the JSON protocol
- Server: python client Marionet -Client
- navigate, click on element, exec JS
- can also run selenium tests
What solutions/approaches were considered other than the proposed solution?
- build something new from the ground up
Why was this solution chosen?
- already has support for the protocol and did not require a rewrite or new code
Any security threats already considered in the design and why?
`
Threat Brainstorming
' {{#set: SecReview feature goal=* control and test remote machines
- log in and drive a remote test system
- use remote debugger protocol
- runs at gecko level and listens for connections
- all managed by remote debugger and client/server code
- used in a similar fashion to selenium
- only enabled in a build pref
- then prefed on and then listens on the given port (2828) and uses the JSON protocol
- Server: python client Marionet -Client
- navigate, click on element, exec JS
- can also run selenium tests
|SecReview alt solutions=* build something new from the ground up |SecReview solution chosen=* already has support for the protocol and did not require a rewrite or new code |SecReview threats considered=' |SecReview threat brainstorming=' }}
Action Items
| Action Item Status | In Progress | ||||||||||||
| Release Target | Firefox 16 | ||||||||||||
| Action Items | |||||||||||||
|
|||||||||||||
{{#set:|SecReview action item status=In Progress
|Feature version=Firefox 16
|SecReview action items=
| Who | Action | By When | Completed date
[NEW] new [DONE] Done [MISSED] Miss |
| marionette team bug 741812 | add verificaiton checking for AMO reivewers | before code migrates to aurora | [NEW] new |
| marionette team bug 741813 | prevent the default startup pref so it cannot be changed by adding a pref listener, and can only be enabled in prefs.js | before code migrates to aurora | [DONE] complete 2012-02-15 |
}}