Security/Reviews/Marionette

Item Reviewed

{{#set:SecReview name=Marionette |SecReview target=Marionette }}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

• control and test remote machines
  • log in and drive a remote test system
• use remote debugger protocol
  • runs at gecko level and listens for connections
  • all managed by remote debugger and client/server code
• used in a similar fashion to selenium
• only enabled in a build pref
  • then prefed on and then listens on the given port (2828) and uses the JSON protocol
• Server: python client Marionet -Client
  • navigate, click on element, exec JS
• can also run selenium tests

What solutions/approaches were considered other than the proposed solution?

• build something new from the ground up

Why was this solution chosen?

• already has support for the protocol and did not require a rewrite or new code

Any security threats already considered in the design and why?

`

Threat Brainstorming

' {{#set: SecReview feature goal=* control and test remote machines

• • log in and drive a remote test system
• use remote debugger protocol
  • runs at gecko level and listens for connections
  • all managed by remote debugger and client/server code
• used in a similar fashion to selenium
• only enabled in a build pref
  • then prefed on and then listens on the given port (2828) and uses the JSON protocol
• Server: python client Marionet -Client
  • navigate, click on element, exec JS
• can also run selenium tests

|SecReview alt solutions=* build something new from the ground up |SecReview solution chosen=* already has support for the protocol and did not require a rewrite or new code |SecReview threats considered=' |SecReview threat brainstorming=' }}

Action Items

{{#set:|SecReview action item status=Complete

|Feature version=Firefox 16

|SecReview action items=

}}