SummerOfCode/2013/SecurityReport/WeeklyUpdates/2013-07-08: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
* Created a sample patch that generates observer notification for SSL error and has SSL error code in 3rd parameter of observer notification. | * Created a sample patch that generates observer notification for SSL error and has SSL error code in 3rd parameter of observer notification. | ||
* Uploaded patch file on Bugzilla for comments. | * Uploaded the patch file on Bugzilla for comments. | ||
* I am working on adding observer notifications for security related errors. Observer notifications will be helpful to our security report tool as well as for others security related tools in future. | * I am working on adding observer notifications for security related errors. Observer notifications will be helpful to our security report tool as well as for others security related tools in future. | ||
| Line 10: | Line 10: | ||
** To start working in this direction I have added observer notification for SSL error that sends SSL error code. I have added you as a reviewer for that patch. | ** To start working in this direction I have added observer notification for SSL error that sends SSL error code. I have added you as a reviewer for that patch. | ||
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} === | |||
* I worked on Bug 890224 (https://bugzilla.mozilla.org/show_bug.cgi?id=890224) to add observer notification for mixed-contents. | |||
* I used mxr.mozilla.org service to search for the placed where mixed-content notifications are generated. | |||
* I found "content/base/src/nsMixedContentBlocker.cpp" file generates mixed-content notifications for Browser Console. | |||
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} === | === Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} === | ||
* I read code of "nsMixedContentBlocker.cpp" and added observer notification with aTopic="report-mixed-content" , aSubject = URI of content generated error/warning and aData=URI of document on which mixed-content error/warning is generated. | |||
* Patch was submitted on bugzilla for feedback from Mark. | |||
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | === Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | ||
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} === | === Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} === | ||
* I tried to capture SSL errors/warnings in the security report tool using nsIConsoleService. | |||
* However, I observed that SSL errors do not have error category at all. They are not instance of nsIScriptError. | |||
* This implies that the only option I will have to use string matching (which is a worst approach) to capture SSL errors. | |||
Latest revision as of 07:47, 24 July 2013
This Week
Monday, 08 July
- Created a sample patch that generates observer notification for SSL error and has SSL error code in 3rd parameter of observer notification.
- Uploaded the patch file on Bugzilla for comments.
- I am working on adding observer notifications for security related errors. Observer notifications will be helpful to our security report tool as well as for others security related tools in future.
- CSP errors already have observer notification. But CORS, mixed-content, SSL, HSTS, etc not yet having observer notifications.
- To start working in this direction I have added observer notification for SSL error that sends SSL error code. I have added you as a reviewer for that patch.
Tuesday, 09 July
- I worked on Bug 890224 (https://bugzilla.mozilla.org/show_bug.cgi?id=890224) to add observer notification for mixed-contents.
- I used mxr.mozilla.org service to search for the placed where mixed-content notifications are generated.
- I found "content/base/src/nsMixedContentBlocker.cpp" file generates mixed-content notifications for Browser Console.
Wednesday, 10 July
- I read code of "nsMixedContentBlocker.cpp" and added observer notification with aTopic="report-mixed-content" , aSubject = URI of content generated error/warning and aData=URI of document on which mixed-content error/warning is generated.
- Patch was submitted on bugzilla for feedback from Mark.
Thursday, 11 July
Friday, 12 July
- I tried to capture SSL errors/warnings in the security report tool using nsIConsoleService.
- However, I observed that SSL errors do not have error category at all. They are not instance of nsIScriptError.
- This implies that the only option I will have to use string matching (which is a worst approach) to capture SSL errors.