PFS2: Difference between revisions

PFS2 (view source)

Revision as of 04:42, 13 October 2009

606 bytes added , 13 October 2009

→‎General Algorithm: updating details

Aking

Confirmed users

1,136

edits

@@ Line 252: / Line 252: @@
 ## Take all the mime-types in the plugin
 ## For each mime type
-### Find The Plugin from the service by mime-type and other parameters
+### Normalize the mime-type
+### concatenate them into a space delimited list
+### Query the Plugin Finder Service by mime-type and other parameters
 #### Take all the plugin infos which is the response
 #### For each info
-##### Try to match the `name` in the response to the plugins name
+##### Try to match the alias literal `names` in the response to the plugins name
+##### Try to match the alisas regexs in the response to the plugins literal name
 ###### if there is a match, use the info from this mime-type. Check version and vulnerability
-###### else if there is no match, continue with the next mimetype
 ###### if all mime-types are exausted and no plugin name is matched, then this plugin is 'unknown', continue with next plugin
@@ Line 263: / Line 265: @@
 This is a fragile piece of the algorithm. The PFS2 server has a 'name' field in the response. The client will try to match this against
 # plugin.name
-A match will be if the name appears anywhere within these feilds. Example good match:
-  info { name: "Flash" }
-  plugins: [{name: "Adobe Flash 10.0.0.31"}]
-'''Question''': Do we want to have the results return a list of known names? Or how can we make this more betterish?
 == Quantity of calls per plugin ==
 Some plugins like Quicktime register 76 plugins. We'll want to have them all in the DB, so the first call by mime-type matches.
+The PFS2 Client has a limit on how many characters the mime-types can get, so multiple PFS requests will be made for plugins with an extreme amount of mime-types
+== Mime-Type Normalization ==
 Some Java Plugins like apples register many mime-types, because the mime-type includes platform version information like:
@@ Line 280: / Line 279: @@
 We can normalize these, since ; isn't a valid character in a MIME type.
-== Current, Out Dated, Vulnerable, or Unknown ==
+== Plugin Release Statuses ==
-These are the states of a plugin.
+For a given app id, platform, etc a list of releases of plugins are returned.
+The following are the status states a plugin can be in
+# DISABLE - "vulnerable" - also no newer release known
+# VULNERABLE - "vulnerable" An exploit is published against this specific release number
+# OUTDATED - "outdated" or version detection shows the plugin is known and older than a known plugin version
+# CURRENT - "latest" exact match of the latest known release
+# UNKNOWN - Either no plugin match was made, or the version of the plugin in the browser cannot be detected for some reason
 [https://bugzilla.mozilla.org/show_bug.cgi?id=514004 We need to spec out the vulnerability mechanism]
+== Generic Plugin Version Comparison ==
 Current vs Out of date compares version components from left to right. Example:
 .10.3 compared to 5.11
@@ Line 291: / Line 297: @@
 # compare 10 to 11, 5.11 is higher
-Unknown
+== Unknown and Newer plugins ==
 The client library will record unknown plugins by requesting a well known 1 pixel image and encode the plugin info into the request. These details can be harvested from web logs in a low tech way in bulk, at our leisure to discover popular plugins not in the DB.