SummerOfCode/2013/SecurityReport/WeeklyUpdates/2013-07-08

From MozillaWiki
Jump to: navigation, search

This Week

Monday, 08 July

  • Created a sample patch that generates observer notification for SSL error and has SSL error code in 3rd parameter of observer notification.
  • Uploaded the patch file on Bugzilla for comments.
  • I am working on adding observer notifications for security related errors. Observer notifications will be helpful to our security report tool as well as for others security related tools in future.
    • CSP errors already have observer notification. But CORS, mixed-content, SSL, HSTS, etc not yet having observer notifications.
    • To start working in this direction I have added observer notification for SSL error that sends SSL error code. I have added you as a reviewer for that patch.

Tuesday, 09 July

  • I used mxr.mozilla.org service to search for the placed where mixed-content notifications are generated.
  • I found "content/base/src/nsMixedContentBlocker.cpp" file generates mixed-content notifications for Browser Console.

Wednesday, 10 July

  • I read code of "nsMixedContentBlocker.cpp" and added observer notification with aTopic="report-mixed-content" , aSubject = URI of content generated error/warning and aData=URI of document on which mixed-content error/warning is generated.
  • Patch was submitted on bugzilla for feedback from Mark.

Thursday, 11 July

Friday, 12 July

  • I tried to capture SSL errors/warnings in the security report tool using nsIConsoleService.
  • However, I observed that SSL errors do not have error category at all. They are not instance of nsIScriptError.
  • This implies that the only option I will have to use string matching (which is a worst approach) to capture SSL errors.
Retrieved from "https://wiki.mozilla.org/index.php?title=SummerOfCode/2013/SecurityReport/WeeklyUpdates/2013-07-08&oldid=683966"