[tbb-commits] [tor-browser-spec/master] Update FF78/87 audits
sysrqb at torproject.org
sysrqb at torproject.org
Tue Apr 6 00:24:50 UTC 2021
commit 9e063f9d09855fb38770d06ea6b8afb00100e259
Author: Matthew Finkel <sysrqb at torproject.org>
Date: Mon Apr 5 22:09:37 2021 +0000
Update FF78/87 audits
---
audits/FF78_NETWORK_AUDIT | 2 +-
audits/FF87_NETWORK_AUDIT | 8 ++++----
audits/code_audit.sh | 2 ++
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/audits/FF78_NETWORK_AUDIT b/audits/FF78_NETWORK_AUDIT
index d73f450..6626dda 100644
--- a/audits/FF78_NETWORK_AUDIT
+++ b/audits/FF78_NETWORK_AUDIT
@@ -1,6 +1,6 @@
Summary of findings: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/34177
-`git diff 8da33f6c34c0ca5b1d7bca58ca86cb5e436333e8 bace0d2a46cabd36f5bdc738c000f15ae4a4225c`
+`git diff 8da33f6c34c0ca5b1d7bca58ca86cb5e436333e8 4735a392536150f49518c48aa9510cf313603b92`
and then go over all the changes containing the
above mentioned potentially dangerous calls and features. Grep the diff for
the following strings and examine surrounding usage.
diff --git a/audits/FF87_NETWORK_AUDIT b/audits/FF87_NETWORK_AUDIT
index 8874897..fba3a86 100644
--- a/audits/FF87_NETWORK_AUDIT
+++ b/audits/FF87_NETWORK_AUDIT
@@ -1,7 +1,7 @@
Start: fe9560804bef331ff346f3fd3b05e74122fdd30b # FIREFOX_86_0_BUILD2
-End: 1be3d58406ce4dd8af63a169482ae4ca1709d8e5 # FIREFOX_87_0b9_BUILD1
+End: 4068febfd76d9ec557591240d7496be42c27c17f # FIREFOX_87_0_BUILD3
-`git diff fe9560804bef331ff346f3fd3b05e74122fdd30b 1be3d58406ce4dd8af63a169482ae4ca1709d8e5`
+`git diff fe9560804bef331ff346f3fd3b05e74122fdd30b 4068febfd76d9ec557591240d7496be42c27c17f`
and then go over all the changes containing the
below mentioned potentially dangerous calls and features. Grep the diff for
the following strings and examine surrounding usage.
@@ -120,7 +120,7 @@ End: 1ee6b32f3ee569036fdf1015cf7ffc01ded2860f # v71.0.0
============ Android Components Portion =============
Start: 095c0ef007ada4dab8561bef69e43bf6db1d3298 # v72.0.15
-End: ecccbf2da2b0572a1d600cce447d47f2eae0de9a # v73.0.3
+End: bea80bbaccc431994a534a087b223563826ac256 # v73.0.11
# FF87 (using `java_audit.sh`)
# Commit 6edfec5fe464e4b1d0eb82ed8825526036d861c8
@@ -138,7 +138,7 @@ End: ecccbf2da2b0572a1d600cce447d47f2eae0de9a # v73.0.3
============ Fenix Portion =============
Start: db196d0e49eb0f69ab620856491deb8c4c7ccf57 # v86.1.0
-End: 82c8a64ca0b8bd5e6ea88395cba41c0db68d0a36 # v87.0.0-beta.4
+End: 9d91b8eeb9d287ee95937b5edfffde383982267a # v87.0.0-rc.1
# FF87: (using `java_audit.sh`)
# - c9b8f57f96e9188746391885a065428df62f3ff9
diff --git a/audits/code_audit.sh b/audits/code_audit.sh
index 3586470..c7c0848 100755
--- a/audits/code_audit.sh
+++ b/audits/code_audit.sh
@@ -53,6 +53,8 @@ initialize_java_symbols() {
KEYWORDS+=(AppLinksInterceptor)
KEYWORDS+=(AppLinksUseCases)
KEYWORDS+=(ActivityDelegate)
+ # Added in FF87 audit
+ KEYWORDS+=(AutofillService)
}
initialize_rust_symbols() {
More information about the tbb-commits
mailing list