GitLab

morgan pushed to branch main at The Tor Project / Applications / tor-browser-spec

Commits:

1472857c

by Richard Pospesel at 2024-06-27T04:18:44+00:00

Create bugzilla2gitlab script for ESR resolved issue audits

- fetches all resolved bugs for a firefox release
- outputs gitlab markdown for each entry which:
  - displays bugzilla issue number, title
  - links to bugzilla issue
  - shows a button which when clicked populates a review issue prepopulated with:
    - bugzilla information
    - appropriate gitlab labels
    - links to parent audit issue
- provides checklist for engineers to mark blocks as triaged

aaf00ad7

by Morgan at 2024-10-22T18:49:55+00:00

updated code_audit.sh script to handle .mjs js files and some minor tweaks

d3418425
by Morgan at 2024-10-22T18:50:15+00:00
```
FF116-FF128 Audits
```

15 changed files:

+ audits/FF116_AUDIT
+ audits/FF117_AUDIT
+ audits/FF118_AUDIT
+ audits/FF119_AUDIT
+ audits/FF120_AUDIT
+ audits/FF121_AUDIT
+ audits/FF122_AUDIT
+ audits/FF123_AUDIT
+ audits/FF124_AUDIT
+ audits/FF125_AUDIT
+ audits/FF126_AUDIT
+ audits/FF127_AUDIT
+ audits/FF128_AUDIT
+ audits/bugzilla2gitlab.sh
audits/code_audit.sh

Changes:

audits/FF116_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: `9c13862f3e084cec78650fa01450f6d18aec1530` ( `FIREFOX_ESR_115_BASE` )
 +- End: `ff486626d0de0e7f34d65ef000c657080ddf564d` ( `FIREFOX_116_0_3_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF117_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: ff486626d0de0e7f34d65ef000c657080ddf564d ( `FIREFOX_116_0_3_RELEASE` )
 +- End:   6f3830e39c76ae6d0ab19b4f9289d434d424cbe3  ( `FIREFOX_117_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF118_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@6f3830e39c76ae6d0ab19b4f9289d434d424cbe3  ( `FIREFOX_117_0_RELEASE` )
 +- End:   tor-browser@a928b6c0612a2690852fa3b5d13efc2a80868a90 ( `FIREFOX_118_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF119_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@a928b6c0612a2690852fa3b5d13efc2a80868a90 ( `FIREFOX_118_0_RELEASE` )
 +- End:   tor-browser@7ab3cc0103090dd7bfa02e072a529b9fc784ab4e ( `FIREFOX_119_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF120_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@7ab3cc0103090dd7bfa02e072a529b9fc784ab4e ( `FIREFOX_119_0_RELEASE` )
 +- End: tor-browser@dedee7a8c6cbabc80294733634360f6fbeeeadc0  ( `FIREFOX_120_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF121_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start:  tor-browser@dedee7a8c6cbabc80294733634360f6fbeeeadc0  ( `FIREFOX_120_0_RELEASE` )
 +- End:  tor-browser@a32b8662993085139ac91212a297123b632fc1c0 ( `FIREFOX_121_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +#### 1add9d4c13a6493e670d01b38f4eb839c53bf1ba
 +- Mozilla 1815739: Support using Firefox as default PDF reader on Android
 +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43159
 +- Review Result: SAFE
++
 +#### a6562d5849a78c58340bb3d9b975f1208db4401d
 +- Mozilla 1852340: Implement a new "report broken site" feature for desktop Firefox
 +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43160
 +- Review Result: SAFE

audits/FF122_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start:  tor-browser@a32b8662993085139ac91212a297123b632fc1c0 ( `FIREFOX_121_0_RELEASE` )
 +- End:  tor-browser@7e38fabb90748649da04ed45a2f80d68423362d9 ( `FIREFOX_122_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF123_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@7e38fabb90748649da04ed45a2f80d68423362d9 ( `FIREFOX_122_0_RELEASE` )
 +- End: tor-browser@f8704c84a751716bad093b9bdc482db53fe5b3ea ( `FIREFOX_123_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)
++
 +#### 14797b7fa8c5df0332ba5d422803dbcdf548c056
 +#### eb73825495faf333a4fe812316ac38e138f5bf8d
 +#### 818788a96a700c6d44a17ab1e932de96cc45eac6
 +#### c0aa048b3918e367e9fd84442695f1fbb2087f30
 +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161
 +- Mozilla 1852900: Pass HTTPS requests to native resolver thread
 +- Mozilla 1852902: Allow nsINativeDNSResolverOverride to override native HTTPS records
 +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161
 +- Review Result: SAFE

audits/FF124_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@f8704c84a751716bad093b9bdc482db53fe5b3ea ( `FIREFOX_123_0_RELEASE` )
 +- End: tor-browser@eb063e98ca624ff7d430a9b9aa356381f49e2e5a ( `FIREFOX_124_0_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF125_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@eb063e98ca624ff7d430a9b9aa356381f49e2e5a ( `FIREFOX_124_0_RELEASE` )
 +- End: tor-browser@59577ab1445892568bafb39124e5757a307177f2  ( `FIREFOX_125_0_BUILD1` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF126_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: 59577ab1445892568bafb39124e5757a307177f2  ( `FIREFOX_125_0_BUILD1` )
 +- End:  5889d9823cc5975561827262efeb24464360402c ( `FIREFOX_126_0_BUILD1` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF127_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: 5889d9823cc5975561827262efeb24464360402c ( `FIREFOX_126_0_BUILD1` )
 +- End: e480e7382673f60d2f8590e7018d291b52e982b0 ( `FIREFOX_127_0b1_RELEASE` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/FF128_AUDIT

 +# General
++
 +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
++
 +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
++
 +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
++
 +## Firefox: https://github.com/mozilla/gecko-dev.git
++
 +- Start: tor-browser@e480e7382673f60d2f8590e7018d291b52e982b0 ( `FIREFOX_127_0b1_RELEASE` )
 +- End: tor-browser@9352d2be309c27f0e93471e2bb3352d7cfb76052 ( `FIREFOX_128_0b1_BUILD1` )
++
 +### Languages:
 +- [x] java
 +- [x] cpp
 +- [x] js
 +- [x] rust
++
 +Nothing of interest (using `code_audit.sh`)

audits/bugzilla2gitlab.sh

 +#!/usr/bin/env bash
++
 +echoerr() { echo "$@" 1>&2; }
++
 +if [ "$#" -lt 3 ]; then
 +    echoerr "Usage: $0 firefox-version gitlab-audit-issue-number reviewers... > output.md"
 +    exit 1
 +fi
++
 +# Check pre-conditions
 +check_exists() {
 +    local cmd=$1
 +    if ! which ${cmd} > /dev/null ; then
 +        echoerr "missing ${cmd} dependency"
 +        exit 1
 +    fi
 +}
++
 +check_exists wget
 +check_exists jq
 +check_exists sed
 +check_exists perl
++
 +# assign arguments to named variables
 +firefox_version=$1
 +audit_issue=$2
 +reviewers="${@:3}"
++
 +# check valid esr version
 +if ! [[ "${firefox_version}" =~ ^[1-9][0-9]{2}$ ]]; then
 +    echoerr "invalid Firefox version (probably)"
 +    exit 1
 +fi
++
 +# check valid issue number
 +if ! [[ "${audit_issue}" =~ ^[1-9][0-9]{4}$ ]]; then
 +    echoerr "invalid gitlab audit issue number (probably)"
 +    exit 1
 +fi
++
 +# download bug list
 +json=/tmp/${firefox_version}.json
 +bugzilla_query="https://bugzilla.mozilla.org/buglist.cgi?j_top=OR&f1=target_milestone&o3=equals&v3=Firefox%20${firefox_version}o1=equals&resolution=FIXED&o2=anyexact&query_format=advanced&f3=target_milestone&f2=cf_status_firefox${firefox_version}&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&v1=mozilla128&v2=fixed%2Cverified&limit=0"
 +# you can get this from the 'REST' link at the bottom of the prevoius bugzilla query ^^;
 +bugzilla_json_query="https://bugzilla.mozilla.org/rest/bug?include_fields=id,summary,status&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&f1=target_milestone&f2=cf_status_firefox${firefox_version}&f3=target_milestone&j_top=OR&limit=0&o1=equals&o2=anyexact&o3=equals&resolution=FIXED&v1=mozilla128&v2=fixed%2Cverified&v3=Firefox%20${firefox_version}"
++
 +wget "${bugzilla_json_query}" -O ${json}
++
 +echo "### [Bugzilla Query](${bugzilla_query})"
 +echo ""
++
 +issue_count=$(jq '.bugs | length' ${json})
 +counter=0
 +jq '.bugs | sort_by(.id)[] | "\(.id)|\(.summary)"' ${json} | while IFS='|' read -r id summary; do
++
 +    # indexing
 +    counter=$((counter + 1))
++
 +    from=$counter
 +    through=$((counter + 499))
 +    if ((to > issue_count)); then
 +        to=$issue_count
 +    fi
++
 +    # break up into sections or else gitlab falls over
 +    if ((counter % 500 == 1)); then
 +        echo "<details>"
 +        echo "  <summary>Resolved Firefox ${firefox_version} Bugzilla Issues ${from} through ${through}</summary>"
 +        echo ""
 +    fi
++
 +    # bugzilla info
 +    id="${id:1}"
 +    summary="${summary:0:-1}"
 +    [[ ${#summary} -gt 90 ]] && summary_short="${summary:0:87}..." || summary_short="${summary}"
++
 +    # we need to escape printed strings for markdown
 +    md_escape() {
 +        local input="$1"
 +        # jesus I'm sorry
 +        echo "${input}" | sed 's/[][\\`*_{}<>()#+-\.~]/\\&/g'
 +    }
++
 +    md_summary=$(md_escape "${summary}")
 +    md_summary_short=$(md_escape "$summary_short")
++
 +    # we need to urlencode the strings used in the new issue link
 +    url_encode() {
 +        local input="$1"
 +        echo "${input}" | perl -MURI::Escape -wlne 'print uri_escape $_'
 +    }
++
 +    # parent issue
 +    bugzilla_url="https://bugzilla.mozilla.org/show_bug.cgi?id=${id}"
 +    # review issue title
 +    new_issue_title=$(url_encode "Review Mozilla ${id}: ${summary_short}")
 +    # review issue description
 +    new_issue_description=$(url_encode "### Bugzilla: ${bugzilla_url}")%0A$(url_encode "/label ~\"14.0 stable\" ~FF128-esr ~Next")%0A$(url_encode "/relate tpo/applications/tor-browser-spec#${audit_issue}")%0A%0A$(url_encode "<!-- briefly describe why this issue needs further review -->")%0A
 +    # url which create's new issue with title and description pre-populated
 +    new_issue_url="../../../../tor-browser/-/issues/new?issue[title]=${new_issue_title}&issue[description]=${new_issue_description}"
++
 +    # em-space
 +    em=" "
 +    counter_string=$(printf "%04i" ${counter})
++
 +    echo "- **${counter_string}**${em}<kbd>[Create Issue](${new_issue_url})</kbd>${em}[**${id}**: ${md_summary}](${bugzilla_url})"
++
++
 +    if ((counter % 500 == 0 )) || (( counter == issue_count )); then
 +        # checklist of engineers that have triaged this block
 +        echo "</details>"
 +        echo
 +        echo "**Triaged by:**"
 +        for reviewer in $reviewers; do
 +            echo "- [ ] **${reviewer}**"
 +        done
 +        echo
 +    elif ((counter % 25 == 0 )); then
 +        # add a hrule every 25 to break things up visually
 +        echo "---"
 +    fi
 +done

audits/code_audit.sh

@@ -138,7 +138,7 @@ case "${SCOPE}" in
          initialize_rust_symbols
          ;;
      "js" )
 -        EXT="js jsm"
 +        EXT="js jsm mjs"
          initialize_js_symbols
          ;;
      * )
@@ -172,9 +172,9 @@ rm -f "${REPORT_FILE}"
  # of said commit
  # Flashing Color constants
 -export GREP_COLOR="05;37;41"
 +export GREP_COLORS="mt=05;37;41"
 -for COMMIT in $(git rev-list --ancestry-path $OLD~..$NEW); do
 +for COMMIT in $(git log --format="%H" $NEW ^$OLD); do
      TEMP_DIFF="$(mktemp)"
      echo "Diffing $COMMIT..."