Security/Download Protection: Difference between revisions

Latest revision as of 20:19, 15 June 2020

This feature protects users against malware downloads. It is based on Safe Browsing.

browser.safebrowsing.downloads.enabled: enables application reputation checks for downloaded files
browser.safebrowsing.downloads.remote.enabled: enables remote lookups (requires the previous pref)
browser.safebrowsing.downloads.remote.timeout_ms: timeout for the remote lookups
browser.safebrowsing.downloads.remote.url: server endpoint for remote lookups
browser.safebrowsing.malware.enabled: enables malware checks (required by application reputation)
browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
urlclassifier.downloadAllowTable: list of trusted certificates which suppress remote lookups (Windows-only)
urlclassifier.downloadBlockTable: list of URLs serving malware binaries

Product/Component: Toolkit/Safe Browsing

Most of the code lives in toolkit/components/downloads/ApplicationReputation.cpp. The lookup is requested from within toolkit/components/jsdownloads/src/DownloadIntegration.jsm.

Upstream list of file extensions:

Shipped to Chrome via a "File Type Policies" Chrome extension (see chrome://components)
Binary protobuf extractor
Source protobuf

Here are the download protection specific tests:

./mach test toolkit/components/reputationservice/test/

Also relevant are the Safe Browsing tests.

To turn on debugging output, export the following environment variable:

MOZ_LOG_FILE=/tmp/apprep.log
MOZ_LOG="ApplicationReputation:5"

APPLICATION_REPUTATION_BINARY: whether the file examined by download protection is a binary type
APPLICATION_REPUTATION_BINARY_ARCHIVE: whether the binary file examined by download protection is dmg, rar or zip
APPLICATION_REPUTATION_LOCAL: results of the local checks (whitelist and blacklist)
APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT: whether or not a client timed out while contacting the remote lookup server
APPLICATION_REPUTATION_SERVER_2: whether the response from the remote server was valid, invalid (failed to parse as a protobuf) or failed in some other way (e.g. network error)
APPLICATION_REPUTATION_SERVER_VERDICT: results (verdict) we got back from the remote server lookup
APPLICATION_REPUTATION_SHOULD_BLOCK: whether or not a download has been blocked due to an application reputation lookup (local or remote)

@@ Line 63: / Line 63: @@
 * [https://mana.mozilla.org/wiki/display/FIREFOX/Application+Reputation Google API documentation] (internal access only)
 * [http://www.internetsociety.org/doc/camp-content-agnostic-malware-protection Content-Agnostic Malware Protection] (paper describing how the whole system is implemented)
-* [https://code.google.com/p/chromium/codesearch#chromium/src/chrome/common/safe_browsing/csd.proto&q=csd&sq=package:chromium&l=229 Chromium source code]
+* [https://source.chromium.org/chromium/chromium/src/+/master:components/safe_browsing/core/proto/csd.proto;l=465;drc=f0881a1b6bb18aade55c4d60769f53d1a850453e Chromium source code]
 * [http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html Announcement blog post]