Confirmed users
908
edits
Security/Download Protection: Difference between revisions
→Documentation: Fix broken Chromium link.
(→Engineering: Link to the only user of the ApplicationReputationService.) |
(→Documentation: Fix broken Chromium link.) |
||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 27: | Line 27: | ||
* [https://github.com/fmarier/safebrowsing-tools/blob/master/parse-filetypes.py Binary protobuf extractor] | * [https://github.com/fmarier/safebrowsing-tools/blob/master/parse-filetypes.py Binary protobuf extractor] | ||
* [https://cs.chromium.org/chromium/src/chrome/browser/resources/safe_browsing/download_file_types.asciipb Source protobuf] | * [https://cs.chromium.org/chromium/src/chrome/browser/resources/safe_browsing/download_file_types.asciipb Source protobuf] | ||
=== Tests === | |||
Here are the download protection specific tests: | |||
./mach test toolkit/components/reputationservice/test/ | |||
Also relevant are the [[Security/Safe_Browsing#Tests|Safe Browsing tests]]. | |||
== QA == | == QA == | ||
| Line 32: | Line 40: | ||
* [http://testsafebrowsing.appspot.com Test page] | * [http://testsafebrowsing.appspot.com Test page] | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1250329 Meta QA bug for Safe Browsing] | * [https://bugzilla.mozilla.org/show_bug.cgi?id=1250329 Meta QA bug for Safe Browsing] | ||
* [https://urlhaus.abuse.ch/ URLhaus] (real malicious downloads) | |||
To turn on debugging output, export the following environment variable: | To turn on debugging output, export the following environment variable: | ||
| Line 41: | Line 50: | ||
'''Alerts are sent to [https://mail.mozilla.org/listinfo/safebrowsing-telemetry safebrowsing-telemetry@mozilla.org].''' | '''Alerts are sent to [https://mail.mozilla.org/listinfo/safebrowsing-telemetry safebrowsing-telemetry@mozilla.org].''' | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date= | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-09-04&keys=__none__!__none__!__none__&max_channel_version=nightly%252F63&measure=APPLICATION_REPUTATION_BINARY&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2018-08-09&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_BINARY]: whether the file examined by download protection is a binary type | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-09-04&keys=__none__!__none__!__none__&max_channel_version=nightly%252F63&measure=APPLICATION_REPUTATION_BINARY_ARCHIVE&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2018-08-09&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_BINARY_ARCHIVE]: whether the binary file examined by download protection is dmg, rar or zip | |||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_LOCAL]: results of the local checks (whitelist and blacklist) | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_LOCAL&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_LOCAL]: results of the local checks (whitelist and blacklist) | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-08-20&keys=__none__!__none__!__none__&max_channel_version=nightly%252F51&measure=APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT&min_channel_version=nightly%252F51&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-08-20&table=0&trim=1&use_submission_date=0 APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT]: whether or not a client timed out while contacting the remote lookup server | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-08-20&keys=__none__!__none__!__none__&max_channel_version=nightly%252F51&measure=APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT&min_channel_version=nightly%252F51&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-08-20&table=0&trim=1&use_submission_date=0 APPLICATION_REPUTATION_REMOTE_LOOKUP_TIMEOUT]: whether or not a client timed out while contacting the remote lookup server | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date= | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-09-04&keys=__none__!__none__!__none__&max_channel_version=nightly%252F63&measure=APPLICATION_REPUTATION_SERVER_2&min_channel_version=null&processType=*&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2018-08-09&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_SERVER_2]: whether the response from the remote server was valid, invalid (failed to parse as a protobuf) or failed in some other way (e.g. network error) | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_SERVER_VERDICT&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_SERVER_VERDICT]: results (verdict) we got back from the remote server lookup | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_SERVER_VERDICT&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_SERVER_VERDICT]: results (verdict) we got back from the remote server lookup | ||
* [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_SHOULD_BLOCK&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_SHOULD_BLOCK]: whether or not a download has been blocked due to an application reputation lookup (local or remote) | * [https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2016-06-06&keys=__none__!__none__!__none__&max_channel_version=nightly%252F49&measure=APPLICATION_REPUTATION_SHOULD_BLOCK&min_channel_version=null&product=Firefox&sanitize=1&sort_keys=submissions&start_date=2016-04-25&table=1&trim=1&use_submission_date=0 APPLICATION_REPUTATION_SHOULD_BLOCK]: whether or not a download has been blocked due to an application reputation lookup (local or remote) | ||
| Line 51: | Line 61: | ||
* [[Security/Features/Application_Reputation_Design_Doc]] | * [[Security/Features/Application_Reputation_Design_Doc]] | ||
* [https:// | * [https://mana.mozilla.org/wiki/display/FIREFOX/Application+Reputation Google API documentation] (internal access only) | ||
* [http://www.internetsociety.org/doc/camp-content-agnostic-malware-protection Content-Agnostic Malware Protection] (paper describing how the whole system is implemented) | * [http://www.internetsociety.org/doc/camp-content-agnostic-malware-protection Content-Agnostic Malware Protection] (paper describing how the whole system is implemented) | ||
* [https:// | * [https://source.chromium.org/chromium/chromium/src/+/master:components/safe_browsing/core/proto/csd.proto;l=465;drc=f0881a1b6bb18aade55c4d60769f53d1a850453e Chromium source code] | ||
* [http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html Announcement blog post] | * [http://monica-at-mozilla.blogspot.co.nz/2014/07/download-files-more-safely-with-firefox.html Announcement blog post] | ||