Confirmed users
1,136
edits
PFS2: Difference between revisions
Adding a General Algorithm
(Adding background information) |
(Adding a General Algorithm) |
||
| Line 87: | Line 87: | ||
* stage - https://www.authstage.mozilla.com/ | * stage - https://www.authstage.mozilla.com/ | ||
* prod - http://www.mozilla.com/ | * prod - http://www.mozilla.com/ | ||
= General Algorithm = | |||
# Taking all the plugins in the browser | |||
# For each Plugin | |||
## Take all the mime-types in the plugin | |||
## For each mime type | |||
### Find The Plugin from the service by mime-type and other parameters | |||
#### Take all the plugin infos which is the response | |||
#### For each info | |||
##### Try to match the `name` in the response to the plugins name | |||
###### if there is a match, use the info from this mime-type. Check version and vulnerability | |||
###### else if there is no match, continue with the next mimetype | |||
###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin | |||
== Matching info name to plugin name == | |||
This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against | |||
# plugin.name | |||
A match will be if the name appears anywhere within these feilds. Example good match: | |||
info { name: "Flash" } | |||
plugins: [{name: "Adobe Flash 10.0.0.31"}] | |||
'''Question''': Do we want to have the results return a list of known names? Or how can we make this more betterish? | |||
== Quantity of calls per plugin == | |||
Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches. | |||
== Current, Out Dated, Vulnerable, or Unknown == | |||
These are the states of a plugin. | |||
[https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism] | |||
Current vs Out of date compares version components from left to right. Example: | |||
5.10.3 compared to 5.11 | |||
# explode verison on '.' | |||
# compare 5 to 5 | |||
# compare 10 to 11, 5.11 is higher | |||
Unknown | |||
The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB. | |||
= Related Information = | = Related Information = | ||