 
            commit 9e063f9d09855fb38770d06ea6b8afb00100e259 Author: Matthew Finkel <sysrqb@torproject.org> Date: Mon Apr 5 22:09:37 2021 +0000 Update FF78/87 audits --- audits/FF78_NETWORK_AUDIT | 2 +- audits/FF87_NETWORK_AUDIT | 8 ++++---- audits/code_audit.sh | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/audits/FF78_NETWORK_AUDIT b/audits/FF78_NETWORK_AUDIT index d73f450..6626dda 100644 --- a/audits/FF78_NETWORK_AUDIT +++ b/audits/FF78_NETWORK_AUDIT @@ -1,6 +1,6 @@ Summary of findings: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/34177 -`git diff 8da33f6c34c0ca5b1d7bca58ca86cb5e436333e8 bace0d2a46cabd36f5bdc738c000f15ae4a4225c` +`git diff 8da33f6c34c0ca5b1d7bca58ca86cb5e436333e8 4735a392536150f49518c48aa9510cf313603b92` and then go over all the changes containing the above mentioned potentially dangerous calls and features. Grep the diff for the following strings and examine surrounding usage. diff --git a/audits/FF87_NETWORK_AUDIT b/audits/FF87_NETWORK_AUDIT index 8874897..fba3a86 100644 --- a/audits/FF87_NETWORK_AUDIT +++ b/audits/FF87_NETWORK_AUDIT @@ -1,7 +1,7 @@ Start: fe9560804bef331ff346f3fd3b05e74122fdd30b # FIREFOX_86_0_BUILD2 -End: 1be3d58406ce4dd8af63a169482ae4ca1709d8e5 # FIREFOX_87_0b9_BUILD1 +End: 4068febfd76d9ec557591240d7496be42c27c17f # FIREFOX_87_0_BUILD3 -`git diff fe9560804bef331ff346f3fd3b05e74122fdd30b 1be3d58406ce4dd8af63a169482ae4ca1709d8e5` +`git diff fe9560804bef331ff346f3fd3b05e74122fdd30b 4068febfd76d9ec557591240d7496be42c27c17f` and then go over all the changes containing the below mentioned potentially dangerous calls and features. Grep the diff for the following strings and examine surrounding usage. @@ -120,7 +120,7 @@ End: 1ee6b32f3ee569036fdf1015cf7ffc01ded2860f # v71.0.0 ============ Android Components Portion ============= Start: 095c0ef007ada4dab8561bef69e43bf6db1d3298 # v72.0.15 -End: ecccbf2da2b0572a1d600cce447d47f2eae0de9a # v73.0.3 +End: bea80bbaccc431994a534a087b223563826ac256 # v73.0.11 # FF87 (using `java_audit.sh`) # Commit 6edfec5fe464e4b1d0eb82ed8825526036d861c8 @@ -138,7 +138,7 @@ End: ecccbf2da2b0572a1d600cce447d47f2eae0de9a # v73.0.3 ============ Fenix Portion ============= Start: db196d0e49eb0f69ab620856491deb8c4c7ccf57 # v86.1.0 -End: 82c8a64ca0b8bd5e6ea88395cba41c0db68d0a36 # v87.0.0-beta.4 +End: 9d91b8eeb9d287ee95937b5edfffde383982267a # v87.0.0-rc.1 # FF87: (using `java_audit.sh`) # - c9b8f57f96e9188746391885a065428df62f3ff9 diff --git a/audits/code_audit.sh b/audits/code_audit.sh index 3586470..c7c0848 100755 --- a/audits/code_audit.sh +++ b/audits/code_audit.sh @@ -53,6 +53,8 @@ initialize_java_symbols() { KEYWORDS+=(AppLinksInterceptor) KEYWORDS+=(AppLinksUseCases) KEYWORDS+=(ActivityDelegate) + # Added in FF87 audit + KEYWORDS+=(AutofillService) } initialize_rust_symbols() {