Security/Safe Browsing/V4 Implementation: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Update M3 to M4.)
(Split Milestone 9 into two (i.e. move the Fennec work to 58))
 
(30 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Quick Links =
* [[Security/Safe_Browsing/V4_Implementation/Dashboard|Dashboard]]
* [[Security/Safe_Browsing/V4_Implementation/Dashboard|Dashboard]]
* [https://bugzilla.mozilla.org/showdependencytree.cgi?id=1167038&hide_resolved=1 Bug Dependency Tree]
* [https://bugzilla.mozilla.org/showdependencytree.cgi?id=1167038&hide_resolved=1 Bug Dependency Tree]


= Introduction =
= Introduction =
Safe Browsing v4 is designed to reduce network bandwidth and disk storage (mainly for mobile devices). The usage of partial URL hashes (aka prefixes) and complete hashes remains the same but the way we get those prefixes and complete hashes is changed. The update and hash completion API will be based on protobuf and content compression (in additional to HTTP compression) is introduced. For further information, see https://developers.google.com/safe-browsing/v4 (The public specification is not complete. For example, the protobuf is not mentioned.)
Safe Browsing v4 is designed to reduce network bandwidth and disk storage (mainly for mobile devices). The usage of partial URL hashes (aka prefixes) and complete hashes remains the same but the way we get those prefixes and complete hashes is changed. The update and hash completion API will be based on protobuf and content compression (in additional to HTTP compression) is introduced. For further information, see https://developers.google.com/safe-browsing/v4 (The public specification is not complete. For example, the protobuf is not mentioned.)
= Timeline =
Given that ESR 52.8 will be the last supported version of Firefox using the V2 servers, we have the following '''deadlines''':
* Firefox 59 (Desktop): merge on 2017-11-13, release on 2018-03-06
* Firefox 61 (Android): merge on 2018-03-05, release on 2018-06-26
We will therefore '''target''' the following releases:
* Firefox 58 (Desktop): merge on 2017-09-20, release on 2018-01-16
* Firefox 60 (Android): merge on 2018-01-15, release on 2018-05-01


= Design and Implementation =
= Design and Implementation =
Line 11: Line 23:
When '''ListManager''' and '''HashCompleter''' (and any other related components like ProtocolParser) sees table names suffixed by "-proto", they would behave differently. For example, in '''listmanager.js''', while making update request for table '''goog-phish-proto''', ''nsIUrlClassifier.makeUpdateRequestV4'' will be called to build a v4 specific request. (See {{Bug|1264885}} and {{Bug|1275507}} for more information.)
When '''ListManager''' and '''HashCompleter''' (and any other related components like ProtocolParser) sees table names suffixed by "-proto", they would behave differently. For example, in '''listmanager.js''', while making update request for table '''goog-phish-proto''', ''nsIUrlClassifier.makeUpdateRequestV4'' will be called to build a v4 specific request. (See {{Bug|1264885}} and {{Bug|1275507}} for more information.)


= Using custom API key =
== Using custom API key ==
We are required to have a API key to access google services like geolocation and safe browsing. The nightly/beta/aurora/release Firefox builds will have a proper API key associated with mozilla. However, if you are using the Firefox built on your own, the API key will be substituted with "no-google-api-key", which is apparently not available. There are a couple of ways to use a working API key for Safe Browsing. The most recommended way is to prepare a key file and add the path to mozconfig:
We are required to have a API key to access Google services like geolocation and Safe Browsing. The nightly/beta/aurora/release Firefox builds will have a proper API key associated with Mozilla. However, if you build your own Firefox, the API key will be substituted with the string <tt>"no-google-api-key"</tt>, which is not a valid key.
 
Here's how to get your own key:


# Obtain a Safe Browsing google API key from https://console.developers.google.com
# Obtain a Safe Browsing Google API key from https://console.developers.google.com and put it in <tt>~/.gapi.data</tt>
#* If you don't know how to get a API key, buy hchang@mozilla.com a beer and ask him :p
# Add <tt>ac_add_options --with-google-api-keyfile=/home/foobar/.gapi.data</tt> to your <tt>.mozconfig</tt>
# Create a key file which only contains the API key.
# Rebuild and check if <tt>config.status</tt> has something like <tt>'MOZ_GOOGLE_API_KEY': b'AIzaSooxxxxoxoxoxoxooxx'</tt>
# Add "ac_add_options --with-google-api-keyfile=/path/to/your/keyfile" to mozconfig
 
# Rebuild and check if config.status has something like 'MOZ_GOOGLE_API_KEY': b'AIzaSooxxxxoxoxoxoxooxx'
== Try Google Safe Browsing V4! ==
 
To use Google Safe Browsing V4, set the following preferences:
 
# <tt>urlclassifier.downloadAllowTable</tt> to <tt>goog-downloadwhite-proto</tt>
# <tt>urlclassifier.downloadBlockTable</tt> to <tt>goog-badbinurl-proto</tt>
# <tt>urlclassifier.phishTable</tt> to <tt>goog-phish-proto,test-phish-simple</tt>
# <tt>urlclassifier.malwareTable</tt> to <tt>goog-malware-proto,goog-unwanted-proto,test-malware-simple,test-unwanted-simple</tt>
 
To use both V4 and V2 at the same time:
 
# <tt>urlclassifier.downloadAllowTable</tt> to <tt>goog-downloadwhite-proto,goog-downloadwhite-digest256</tt>
# <tt>urlclassifier.downloadBlockTable</tt> to <tt>goog-badbinurl-proto,goog-badbinurl-shavar</tt>
# <tt>urlclassifier.phishTable</tt> to <tt>goog-phish-proto,goog-phish-shavar,test-phish-simple</tt>
# <tt>urlclassifier.malwareTable</tt> to <tt>goog-malware-proto,goog-unwanted-proto,goog-malware-shavar,goog-unwanted-shavar,test-malware-simple,test-unwanted-simple</tt>


= Milestones =
= Milestones =
Line 33: Line 61:
# To test M0 features, modify the following preferences:
# To test M0 features, modify the following preferences:
#* '''urlclassifier.malwareTable''' ==> Add ''goog-malware-proto'' and ''goog-unwanted-proto''
#* '''urlclassifier.malwareTable''' ==> Add ''goog-malware-proto'' and ''goog-unwanted-proto''
#* '''urlclassifier.phishTable''' ==> Add ''googpub-phish-proto''
#* '''urlclassifier.phishTable''' ==> Add ''goog-phish-proto''


=== Bugs ===
=== Bugs ===
Line 74: Line 102:
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M3 Dashboard for M3 bugs]
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M3 Dashboard for M3 bugs]


== M4 (Deadline TBD) ==
== M4 (2017/1/23) ==
=== Deliverables ===
=== Deliverables ===
# Do and use v4 complete hashes (in addition to v2) but ignore the result
# Enable update by default
# v2/v4 URL hash matching consistency telemetry
# Fix crashes and regressions


=== Bugs ===
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M4 Dashboard for M4 bugs]
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M4 Dashboard for M4 bugs]


== M5 (Deadline TBD) ==
== M5 (2017/3/6) ==
=== Deliverables ===
=== Deliverables ===
# Cache
# Enable v4 completion on nightly but ignore the result
# Anything else
# Add V4 table for Download protection.
# v2/v4 URL hash matching consistency telemetry


=== Bugs ===
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M5 Dashboard for M5 bugs]
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M5 Dashboard for M5 bugs]


== M6 (Deadline TBD) ==
== M6 (2017/4/18) ==
=== Deliverables ===
=== Deliverables ===
# Enable v4 by default!
# Caching
# Enable both V4 and V2 on Nightly 55


=== Bugs ===
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M6 Dashboard for M6 bugs]
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M6 Dashboard for M6 bugs]
== M7 (2017/6/12) ==
=== Deliverables ===
# V4 is feature complete
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M7 Dashboard for M7 bugs]
== M8 (2017/8/7) ==
=== Deliverables ===
# V4 only in Nightly 56
# Initial Soft Vision tests
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M8 Dashboard for M8 bugs]
== M9 (2017/09/20) ==
=== Deliverables ===
# Shipping to release
# Crash comparison on beta
# Gradual roll-out on release
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M9 Dashboard for M9 bugs]
== M10 (2017/11/13) ==
=== Deliverables ===
# V4 working on Fennec
# Follow-ups completed
=== Bugs ===
[https://wiki.mozilla.org/Security/Safe_Browsing/V4_Implementation/Dashboard#M10 Dashboard for M10 bugs]

Latest revision as of 19:48, 17 August 2017

Introduction

Safe Browsing v4 is designed to reduce network bandwidth and disk storage (mainly for mobile devices). The usage of partial URL hashes (aka prefixes) and complete hashes remains the same but the way we get those prefixes and complete hashes is changed. The update and hash completion API will be based on protobuf and content compression (in additional to HTTP compression) is introduced. For further information, see https://developers.google.com/safe-browsing/v4 (The public specification is not complete. For example, the protobuf is not mentioned.)

Timeline

Given that ESR 52.8 will be the last supported version of Firefox using the V2 servers, we have the following deadlines:

  • Firefox 59 (Desktop): merge on 2017-11-13, release on 2018-03-06
  • Firefox 61 (Android): merge on 2018-03-05, release on 2018-06-26

We will therefore target the following releases:

  • Firefox 58 (Desktop): merge on 2017-09-20, release on 2018-01-16
  • Firefox 60 (Android): merge on 2018-01-15, release on 2018-05-01

Design and Implementation

To have v2 and v4 run in parallel, we must carefully refactor some core components like ListManager and HashCompleter. Instead of having a master preference to switch between v2 and v4, we take the "table name driven" approach. The plan is to add a separate provider called google4, which owns v4 tables: goog-phish-proto, goog-unwanted-proto and goog-malware-proto. The suffix "-proto" indicates that the table should be updated and completed via protobuf. Besides, the new provider google4 has its own updateURL and gethashURL. You can consider google4 yet another provider like mozilla.

When ListManager and HashCompleter (and any other related components like ProtocolParser) sees table names suffixed by "-proto", they would behave differently. For example, in listmanager.js, while making update request for table goog-phish-proto, nsIUrlClassifier.makeUpdateRequestV4 will be called to build a v4 specific request. (See bug 1264885 and bug 1275507 for more information.)

Using custom API key

We are required to have a API key to access Google services like geolocation and Safe Browsing. The nightly/beta/aurora/release Firefox builds will have a proper API key associated with Mozilla. However, if you build your own Firefox, the API key will be substituted with the string "no-google-api-key", which is not a valid key.

Here's how to get your own key:

  1. Obtain a Safe Browsing Google API key from https://console.developers.google.com and put it in ~/.gapi.data
  2. Add ac_add_options --with-google-api-keyfile=/home/foobar/.gapi.data to your .mozconfig
  3. Rebuild and check if config.status has something like 'MOZ_GOOGLE_API_KEY': b'AIzaSooxxxxoxoxoxoxooxx'

Try Google Safe Browsing V4!

To use Google Safe Browsing V4, set the following preferences:

  1. urlclassifier.downloadAllowTable to goog-downloadwhite-proto
  2. urlclassifier.downloadBlockTable to goog-badbinurl-proto
  3. urlclassifier.phishTable to goog-phish-proto,test-phish-simple
  4. urlclassifier.malwareTable to goog-malware-proto,goog-unwanted-proto,test-malware-simple,test-unwanted-simple

To use both V4 and V2 at the same time:

  1. urlclassifier.downloadAllowTable to goog-downloadwhite-proto,goog-downloadwhite-digest256
  2. urlclassifier.downloadBlockTable to goog-badbinurl-proto,goog-badbinurl-shavar
  3. urlclassifier.phishTable to goog-phish-proto,goog-phish-shavar,test-phish-simple
  4. urlclassifier.malwareTable to goog-malware-proto,goog-unwanted-proto,goog-malware-shavar,goog-unwanted-shavar,test-malware-simple,test-unwanted-simple

Milestones

M0 (2016/7/31)

Deliverables

  1. Send v4 update request on time
  2. Parse v4 update response but not store to disk
  3. Use v4 request backoff settings
  4. v2 will still be up and running

Notes

  1. v4 table download/update will be opt-in.
  2. To test M0 features, modify the following preferences:
    • urlclassifier.malwareTable ==> Add goog-malware-proto and goog-unwanted-proto
    • urlclassifier.phishTable ==> Add goog-phish-proto

Bugs

Dashboard for M0 bugs


M1 (2016/9/30)

Deliverables

  1. Store v4 tables to disk (including fixed and variable length prefixes)
  2. Store table states
  3. Split v4 tables to different directory per provider

Bugs

Dashboard for M1 bugs

Workweek in Vancouver

  1. Etherpad: https://public.etherpad-mozilla.org/p/sbv4yvr

M2 (TBC, maybe 10/15)

The intention of M2 is to push the date where we "enable v4 list update on nightly by default" to two weeks later because we have identified some issues and lacks in M0 and M1 in Vancouver SBv4 work week. The target date is the end of second week in October.

Deliverables

  1. bug 1305486 to enable v4 table update on nightly by default (The most important!)
  2. bug 1305567 so that we won't get 400 error while doing list update. (landed)
  3. bug 1305581 to examine checksum against the updated lists.
  4. bug 1285848 to support compressed list update. (under review)
  5. bug 1305801 to store v4 list to disk. (landed)
  6. bug 1305484 to store v4 list states to disk rather than preference.

Bugs

Dashboard for M2 bugs

M3 (Right before Hawaii Workweek)

Deliverables

  1. Check v4 prefixes (in addition to v4) but ignore the result
  2. v2/v4 prefix matching consistency telemetry (e.g. v2/v4 should both 'have' or 'not have' certain URL hash)
    1. Be careful of the variable length prefixes: it's possible to get a 32-bit prefix match for foo.com in V2 and no match on V4 because that entry uses a 48-bit prefix instead

Bugs

Dashboard for M3 bugs

M4 (2017/1/23)

Deliverables

  1. Enable update by default
  2. Fix crashes and regressions

Bugs

Dashboard for M4 bugs

M5 (2017/3/6)

Deliverables

  1. Enable v4 completion on nightly but ignore the result
  2. Add V4 table for Download protection.
  3. v2/v4 URL hash matching consistency telemetry

Bugs

Dashboard for M5 bugs

M6 (2017/4/18)

Deliverables

  1. Caching
  2. Enable both V4 and V2 on Nightly 55

Bugs

Dashboard for M6 bugs

M7 (2017/6/12)

Deliverables

  1. V4 is feature complete

Bugs

Dashboard for M7 bugs

M8 (2017/8/7)

Deliverables

  1. V4 only in Nightly 56
  2. Initial Soft Vision tests

Bugs

Dashboard for M8 bugs

M9 (2017/09/20)

Deliverables

  1. Shipping to release
  2. Crash comparison on beta
  3. Gradual roll-out on release

Bugs

Dashboard for M9 bugs

M10 (2017/11/13)

Deliverables

  1. V4 working on Fennec
  2. Follow-ups completed

Bugs

Dashboard for M10 bugs

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Safe_Browsing/V4_Implementation&oldid=1178648"