Blocklisting/Admin: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(First version)
 
(Fixed typo)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Blocklist entries are added through the AMO Admin Tools. Only authorized members of the Add-ons Team can manipulate the blocklist.
Blocklist entries are added through the Kinto Web Administration tool. Only authorized members of the Add-ons Team can manipulate the blocklist.
 
# Login via the [https://settings-writer.prod.mozaws.net/v1/admin/ Kinto admin page] (VPN connection is required)
# '''Authentication method''': Basic Auth
# '''Username''': jdoe@mozilla.com. This is your full LDAP email address.
# '''Password''': your_ldap_password
 
All blocks are first created in the '''staging''' bucket, are later moved to the '''blocklist-preview''' bucket for testing and review, and then deployed to the final '''blocklists''' bucket.


== Extension blocks ==
== Extension blocks ==
# Go to the [https://addons.mozilla.org/admin/models/blocklist/blocklistdetail/ blocklist detail page].
===Staging===
# Click on Add blocklist detail.
# Click on '''staging bucket''' :: '''addons'''
# Enter a clear name and descriptions for the block. End users will read these, so they need to be clear as to why the block was put in place and what options are available. If the extension being blocked is malware, add " (malware)" at the end of the name.
# Click on "Create" (or edit/delete icons if you need to change an existing record)
#* See the [https://addons.mozilla.org/firefox/blocked/ Blocked Add-ons page] for examples.
# Enter in the appropriate fields. Example below (see the current list<sup>1</sup> for more examples)
# Set the Bug field to the blocklist bug. The bug should also have instructions for end users if the add-on is heavily used.
#* Keep the '''Enabled''' checkbox checked.
# In the Blocklist Item #1 section, set the add-on GUID, version range (0 to * to cover all versions) OS and Severity.
#* You'll generally want to enter the '''Add-on ID''', '''Version Range''' (0 to * to block all versions), and '''Severity''' of the block.
#* The OS can be set to [https://developer.mozilla.org/en-US/docs/OS_TARGET any of these].
#* The '''OS''' can be set to [https://developer.mozilla.org/en-US/docs/OS_TARGET any of these], but OS-specific blocks are rarely needed.
#* The Severity should be 1 for soft blocks and 3 for hard blocks. A severity set to 2 (reserved for a medium block), or no severity will also produce a hard block. To avoid ambiguity, these options shouldn't be used. Hard blocks should be limited to malware.
#* The '''Target Application''' is only necessary for blocks that only target specific applications, which should also be very rare.
To limit a block to a specific application versions, the detail can be added with a Severity set to 0, or an invalid GUID, to keep it temporarily disabled. Then you can add a [https://addons.mozilla.org/admin/models/blocklist/blocklistapp/ blocklist app item] and link it to the detail item. Once that's done, the Severity or GUID can be set to their real values.
#* The '''Preferences''' fields are used in case the add-on changed important Firefox preferences that need to be reset.
#* The '''name''', '''why''', '''who''', and '''bug''' fields are shown to end users, so they need to be clear as to why the block was put in place and what options are available. If the extension being blocked is malware, add " (malware)" at the end of the name. '''bug''' should be a Bugzilla URL.
# When done, click on '''Create Record'''. This saves the block in the '''staging''' bucket.
# If you don't need to make more changes to the block, click on '''Request review''' back in the main bucket view. The block should be moved to the '''blocklists-preview''' bucket.
# Notify your reviewer/QA that the block is ready for testing.
 
<sup>1</sup> Data for the blocklist can be found in the [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons/records public JSON endpoint].
===Testing===
To test a staged block:
# You must first enable chrome debugging: in <code>about:config</code>, set <code>devtools.chrome.enabled</code> to <code>true</code>.
# Go to <code>about:config</code>, find the <code>extensions.blocklist.url</code> pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
# Open Browser Console (Tools > Web Developer > Browser Console)
#Paste and run this snippet:
  Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);


===XML Examples===
====JSON Example====
This is how the different block types look in blocklist.xml.


Soft block:
<pre>
<pre><emItem  blockID="i20" id="{AB2CE124-6272-4b12-94A9-7303C7397BD1}">
{
  <versionRange  minVersion="0.1" maxVersion="5.2.0.7164" severity="1">
  "guid":"{de71f09a-3342-48c5-95c1-4b0f17567554}",
  </versionRange>
  "blockID":"i1493",
</emItem></pre>
  "enabled":true,
  "last_modified":1484867614757,
  "details":{
      "who":"All users who have this add-on installed.",
      "created":"2017-01-12T22:17:59Z",
      "bug":"https://bugzilla.mozilla.org/show_bug.cgi?id=1329654",
      "name":"Search for Firefox Convertor (malware)",
      "why":"This is a malicious add-on that is installed using a fake name. It changes search and homepage settings."
  },
  "versionRange":[
      {
        "targetApplication":[


Soft block with target application:
        ],
<pre><emItem  blockID="i23" id="firefox@bandoo.com">
        "minVersion":"0",
  <versionRange  minVersion="5.0" maxVersion="5.0" severity="1">
        "maxVersion":"1.3.9",
    <targetApplication  id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
        "severity":3
       <versionRange  minVersion="3.7a1pre" maxVersion="*" />
       }
    </targetApplication>
  ],
  </versionRange>
  "prefs":[
</emItem></pre>


Hard block:
  ],
<pre><emItem  blockID="i73" id="a1g0a9g219d@a1.com">
  "id":"d6ec9f54-9945-088e-ba68-40117eaba24e",
  <versionRange  minVersion="0" maxVersion="*" severity="3">
  "schema":1484335370642
  </versionRange>
}
</emItem></pre>
</pre>
===Deploying===
# Click on '''staging bucket''' :: '''addons'''
# The staged blocks should be shown with an option to Approve.
# Approve :)


== Plugin blocks ==
== Plugin blocks ==
===Staging===
# Click on '''staging bucket''' :: '''plugins'''
# Click on "Create" (or edit/delete icons if you need to change an existing record)
# Enter in the appropriate fields. Example below (see the current list<sup>1</sup> for more examples)
#* Keep the '''Enabled checkbox''' checked.
#* Plugins are usually identified by their '''Filename'''. '''Name''' and '''Description''' regular expression matches are used when the '''Filename''' doesn't work. [http://mzl.la/SemegK Regexp Pal] is a good tool for testing regular expression blocks.
#* The '''OS''' can be set to [https://developer.mozilla.org/en-US/docs/OS_TARGET any of these]. It's generally only needed for Linux blocks, since Linux and Android distributions use the same filename and plugins are never blocked on Android.
#* The '''Version Range''' should always be set (0 to * to block all versions).
#* The '''Severity''' should always be set to 0 (click to activate).
#* The '''Vulnerability status''' should be set depending on whether the latest version is being blocked or not.
#* The '''OS''' can be set to [https://developer.mozilla.org/en-US/docs/OS_TARGET any of these], but OS-specific blocks are rarely needed.
#* The '''Target Application''' is only necessary for blocks that only target specific applications, which should be very rare.
#* The '''name''', '''why''', '''who''', and '''bug''' fields are shown to end users, so they need to be clear as to why the block was put in place and what options are available. '''bug''' should be a Bugzilla URL.
# When done, click on '''Create Record'''. This saves the block in the '''staging''' bucket.
# If you don't need to make more changes to the block, click on '''Request review''' back in the main bucket view. The block should be moved to the '''blocklists-preview''' bucket.
# Notify your reviewer/QA that the block is ready for testing.
<sup>1</sup> Data for the blocklist can be found in the [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/plugins/records public JSON endpoint].
===Testing===
To test a staged block:
# You must first enable chrome debugging: in <code>about:config</code>, set <code>devtools.chrome.enabled</code> to <code>true</code>.
# Go to <code>about:config</code>, find the <code>extensions.blocklist.url</code> pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
# Open Browser Console (Tools > Web Developer > Browser Console)
#Paste and run this snippet:
  Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);
===Deploying===
# Click on '''staging bucket''' :: '''plugins'''
# The staged blocks should be shown with an option to Approve.
# Approve :)
== Graphics card blocks ==
# Go to the [https://addons.mozilla.org/admin/models/blocklist/blocklistdetail/ blocklist detail page] and click on Add blocklist detail.
# Enter a name and descriptions for the block. These detail pages aren't exposed to users, so these descriptions aren't very important.
# Set the Bug field to the blocklist bug.
# In the Blocklist Gfx #1 section, set the data that should have been detailed on the blocklist bug.
===Staging===
# Click on '''staging bucket''' :: '''gfx'''
# Click on "Create" (or edit/delete icons if you need to change an existing record)
# Enter in the appropriate fields, which should be detailed in the bug report. Example below (see the current list<sup>1</sup> for more examples)
#* Keep the '''Enabled checkbox''' checked.
#* The '''name''' and '''bug''' fields are used for internal record keeping and won't be shown to users. '''bug''' should be a Bugzilla URL.
# When done, click on '''Create Record'''. This saves the block in the '''staging''' bucket.
# If you don't need to make more changes to the block, click on '''Request review''' back in the main bucket view. The block should be moved to the '''blocklists-preview''' bucket.
# Notify your reviewer/QA that the block is ready for testing.
<sup>1</sup> Data for the blocklist can be found in the [https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/plugins/records public JSON endpoint].
===Testing===
To test a staged block:
# You must first enable chrome debugging: in <code>about:config</code>, set <code>devtools.chrome.enabled</code> to <code>true</code>.
# Go to <code>about:config</code>, find the <code>extensions.blocklist.url</code> pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
# Open Browser Console (Tools > Web Developer > Browser Console)
#Paste and run this snippet:
  Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);
===Deploying===
# Click on '''staging bucket''' :: '''gfx'''
# The staged blocks should be shown with an option to Approve.
# Approve :)

Latest revision as of 20:25, 21 February 2017

Blocklist entries are added through the Kinto Web Administration tool. Only authorized members of the Add-ons Team can manipulate the blocklist.

  1. Login via the Kinto admin page (VPN connection is required)
  2. Authentication method: Basic Auth
  3. Username: jdoe@mozilla.com. This is your full LDAP email address.
  4. Password: your_ldap_password

All blocks are first created in the staging bucket, are later moved to the blocklist-preview bucket for testing and review, and then deployed to the final blocklists bucket.

Extension blocks

Staging

  1. Click on staging bucket :: addons
  2. Click on "Create" (or edit/delete icons if you need to change an existing record)
  3. Enter in the appropriate fields. Example below (see the current list1 for more examples)
    • Keep the Enabled checkbox checked.
    • You'll generally want to enter the Add-on ID, Version Range (0 to * to block all versions), and Severity of the block.
    • The OS can be set to any of these, but OS-specific blocks are rarely needed.
    • The Target Application is only necessary for blocks that only target specific applications, which should also be very rare.
    • The Preferences fields are used in case the add-on changed important Firefox preferences that need to be reset.
    • The name, why, who, and bug fields are shown to end users, so they need to be clear as to why the block was put in place and what options are available. If the extension being blocked is malware, add " (malware)" at the end of the name. bug should be a Bugzilla URL.
  4. When done, click on Create Record. This saves the block in the staging bucket.
  5. If you don't need to make more changes to the block, click on Request review back in the main bucket view. The block should be moved to the blocklists-preview bucket.
  6. Notify your reviewer/QA that the block is ready for testing.

1 Data for the blocklist can be found in the public JSON endpoint.

Testing

To test a staged block:

  1. You must first enable chrome debugging: in about:config, set devtools.chrome.enabled to true.
  2. Go to about:config, find the extensions.blocklist.url pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
  3. Open Browser Console (Tools > Web Developer > Browser Console)
  4. Paste and run this snippet:
 Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);

JSON Example

{
   "guid":"{de71f09a-3342-48c5-95c1-4b0f17567554}",
   "blockID":"i1493",
   "enabled":true,
   "last_modified":1484867614757,
   "details":{
      "who":"All users who have this add-on installed.",
      "created":"2017-01-12T22:17:59Z",
      "bug":"https://bugzilla.mozilla.org/show_bug.cgi?id=1329654",
      "name":"Search for Firefox Convertor (malware)",
      "why":"This is a malicious add-on that is installed using a fake name. It changes search and homepage settings."
   },
   "versionRange":[
      {
         "targetApplication":[

         ],
         "minVersion":"0",
         "maxVersion":"1.3.9",
         "severity":3
      }
   ],
   "prefs":[

   ],
   "id":"d6ec9f54-9945-088e-ba68-40117eaba24e",
   "schema":1484335370642
}

Deploying

  1. Click on staging bucket :: addons
  2. The staged blocks should be shown with an option to Approve.
  3. Approve :)

Plugin blocks

Staging

  1. Click on staging bucket :: plugins
  2. Click on "Create" (or edit/delete icons if you need to change an existing record)
  3. Enter in the appropriate fields. Example below (see the current list1 for more examples)
    • Keep the Enabled checkbox checked.
    • Plugins are usually identified by their Filename. Name and Description regular expression matches are used when the Filename doesn't work. Regexp Pal is a good tool for testing regular expression blocks.
    • The OS can be set to any of these. It's generally only needed for Linux blocks, since Linux and Android distributions use the same filename and plugins are never blocked on Android.
    • The Version Range should always be set (0 to * to block all versions).
    • The Severity should always be set to 0 (click to activate).
    • The Vulnerability status should be set depending on whether the latest version is being blocked or not.
    • The OS can be set to any of these, but OS-specific blocks are rarely needed.
    • The Target Application is only necessary for blocks that only target specific applications, which should be very rare.
    • The name, why, who, and bug fields are shown to end users, so they need to be clear as to why the block was put in place and what options are available. bug should be a Bugzilla URL.
  4. When done, click on Create Record. This saves the block in the staging bucket.
  5. If you don't need to make more changes to the block, click on Request review back in the main bucket view. The block should be moved to the blocklists-preview bucket.
  6. Notify your reviewer/QA that the block is ready for testing.

1 Data for the blocklist can be found in the public JSON endpoint.

Testing

To test a staged block:

  1. You must first enable chrome debugging: in about:config, set devtools.chrome.enabled to true.
  2. Go to about:config, find the extensions.blocklist.url pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
  3. Open Browser Console (Tools > Web Developer > Browser Console)
  4. Paste and run this snippet:
 Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);

Deploying

  1. Click on staging bucket :: plugins
  2. The staged blocks should be shown with an option to Approve.
  3. Approve :)

Graphics card blocks

  1. Go to the blocklist detail page and click on Add blocklist detail.
  2. Enter a name and descriptions for the block. These detail pages aren't exposed to users, so these descriptions aren't very important.
  3. Set the Bug field to the blocklist bug.
  4. In the Blocklist Gfx #1 section, set the data that should have been detailed on the blocklist bug.

Staging

  1. Click on staging bucket :: gfx
  2. Click on "Create" (or edit/delete icons if you need to change an existing record)
  3. Enter in the appropriate fields, which should be detailed in the bug report. Example below (see the current list1 for more examples)
    • Keep the Enabled checkbox checked.
    • The name and bug fields are used for internal record keeping and won't be shown to users. bug should be a Bugzilla URL.
  4. When done, click on Create Record. This saves the block in the staging bucket.
  5. If you don't need to make more changes to the block, click on Request review back in the main bucket view. The block should be moved to the blocklists-preview bucket.
  6. Notify your reviewer/QA that the block is ready for testing.

1 Data for the blocklist can be found in the public JSON endpoint.

Testing

To test a staged block:

  1. You must first enable chrome debugging: in about:config, set devtools.chrome.enabled to true.
  2. Go to about:config, find the extensions.blocklist.url pref and change its value to https://firefox.settings.services.mozilla.com/v1/preview/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
  3. Open Browser Console (Tools > Web Developer > Browser Console)
  4. Paste and run this snippet:
 Components.classes["@mozilla.org/extensions/blocklist;1"].getService(Components.interfaces.nsITimerCallback).notify(null);

Deploying

  1. Click on staging bucket :: gfx
  2. The staged blocks should be shown with an option to Approve.
  3. Approve :)
Retrieved from "https://wiki.mozilla.org/index.php?title=Blocklisting/Admin&oldid=1163482"