QA/Safe Browsing
Approvals Required / Received
The following individuals are required to/have approved this Test Plan:
Name | Title | Department | Approval Date | Method |
---|---|---|---|---|
QA Manager | Product Integrity | Date | ||
Software Engineer | Engineering | Date | ||
EPM | Product Management | Date |
Revision History
This section describes the modifications that have been made to this wiki page. A new row has been completed each time the content of this document is updated (small corrections for typographical errors do not need to be recorded). The description of the modification contains the differences from the prior version, in terms of what sections were updated and to what extent.
Date | Version | Author | Description |
---|---|---|---|
08/16/2017 | 1.0 | Timea Zsoldos | Created first draft |
Overview
Purpose
Detail the purpose of this document. For example:
- The test scope, focus areas and objectives
- The test responsibilities
- The test strategy for the levels and types of test for this release
- The entry and exit criteria
- The basis of the test estimates
- Any risks, issues, assumptions and test dependencies
- The test schedule and major milestones
- The test deliverables
Scope
This wiki details the testing that will be performed by the project team for the Safe Browsing project. It defines the overall testing requirements and provides an integrated view of the project test activities. Its purpose is to document:
- Test pages
- Malware, phishing, and unwanted software hard-coded test URLs
- Phishtank (real phishing sites)
- Google test pages (we don't implement: Clank Warnings, Client-side phishing detection, Bad IP Warnings)
- Static test pages for specific bugs
- Meta QA bug
- Info on why certain URLs are blocked
- Script to dump the contents of the local store
- UI tests (Marionette)
To turn on debugging output, export the following environment variables:
MOZ_LOG_FILE=/tmp/safebrowsing.log MOZ_LOG="UrlClassifierDbService:5,nsChannelClassifier:5,UrlClassifierProtocolParser:5,UrlClassifierStreamUpdater:5,UrlClassifierPrefixSet:5"
and also see the browser.safebrowsing.debug pref to see debugging output from the JS pieces of Safe Browsing.
Ownership
Developer contact:Wesly Huang
QAEng:Justin Williams
QA: Timea Zsoldos (:zstimi)
QA Peer: Cristian Comorasu (:CristiComo)
Testing summary
Scope of Testing
In Scope
- Check pages against our Safe Browsing lists based on platform and threat types.
- Warn users before they click links in your site that may lead to infected pages.
- Prevent users from posting links to known infected pages from your site.
Out of Scope
Detail what is out of scope from a testing perspective for the project team. Note: if usability testing is not in the scope of testing feature.
Requirements for testing
Environments
- Windows 8.1 x64
- Windows 7 x86
- Ubuntu 14.04 x64
- Mac OS 10.12
Builds
This section should contain links for builds with the feature -
- Links for Nightly builds
- Links for Beta builds: https://archive.mozilla.org/pub/firefox/candidates/56.0b4-candidates/
Test Execution Schedule
The following table identifies the anticipated testing period available for test execution.
Project phase | Start Date | End Date |
---|---|---|
Start project | ||
Study documentation/specs received from developers | 08/11/2017 | |
QA - Test plan creation | 08/18/2017 | |
QA - Test cases/Env preparation | 08/21/2017 | |
QA - Nightly Testing | 07/17/2017 | |
QA - Beta Testing | 08/28/2017 | 09/08/2017 |
Release Date | 09/26/2017 | 09/26/2017 |
Testing Tools
Detail the tools to be used for testing, for example see the following table:
Process | Tool |
---|---|
Test plan creation | Mozilla wiki |
Test case creation | TestSuite |
Test case execution | Mid-Nightly |
Bugs management | Bugzilla |
Status
Overview
First released to Nightly: 07/17/2017 (Firefox 56) Preliminary sign off report: 09/01/2017 Pre-Release sign off: 09/08/2017
References
- List and links for specs
List and links for available specs - documents, user stories, specifications
- Meta bug
- Bug 1359337 - QA bugs of Safe Browsing v4
- Bug 1167038 - Add support for version 4 of the Safe Browsing protocol
Testcases
Test Areas
Test Areas | Covered | Details |
---|---|---|
Private Window | Yes | |
Multi-Process Enabled | ||
Multi-process Disabled | ||
Theme (high contrast) | ||
UI | ||
Mouse-only operation | ||
Keyboard-only operation | ||
Display (HiDPI) | ||
Interaction (scroll, zoom) | ||
Usable with a screen reader | No | e.g. with NVDA |
Usability and/or discoverability testing | Is this feature user friendly | |
RTL build testing | No | |
Help/Support | ||
Help/support interface required | Make sure link to support/help page exist and is easy reachable. | |
Support documents planned(written) | Make sure support documents are written and are correct. | |
Install/Upgrade | ||
Feature upgrades/downgrades data as expected | ||
Does sync work across upgrades | ||
Requires install testing | No | separate feature/application installation needed (not only Firefox) |
Affects first-run or onboarding | Florin/Lawrence are investigating if there is a dedicated QA for this, or we should test? Should be an yes/no and if is yes should add in detail column the team/person assigned. | |
Does this affect partner builds? Partner build testing | yes/no options, add comment with details about who will lead testing | |
Enterprise | Raise up the topic to developers to see if they are expecting to work different on ESR builds | |
Enterprise administration | No | |
Network proxies/autoconfig | No | |
ESR behavior changes | No | |
Locked preferences | No | |
Data Monitoring | ||
Temporary or permanent telemetry monitoring | List of error conditions to monitor | |
Telemetry correctness testing | ||
Server integration testing | ||
Offline and server failure testing | ||
Load testing | No | |
Add-ons | If add-ons are available for testing feature, or is current feature will affect some add-ons, then API testing should be done for the add-on. | |
Addon API required? | ||
Comprehensive API testing | ||
Permissions | ||
Testing with existing/popular addons | ||
Security | Security is in charge of Matt Wobensmith. We should contact his team to see if security testing is necessary for current feature. | |
3rd-party security review | ||
Privilege escalation testing | ||
Fuzzing | ||
Web Compatibility | depends on the feature | |
Testing against target sites | ||
Survey of many sites for compatibility | No | |
Interoperability | depends on the feature | |
Common protocol/data format with other software: specification available. Interop testing with other common clients or servers. | ||
Coordinated testing/interop across the Firefoxes: Desktop, Android, iOS | ||
Interaction of this feature with other browser features |
Test suite
Full Test suite - Link to test rail - testcases should be added under Firefox Desktop project link Smoke Test suite - Link with the tests - if available/needed. Regression Test suite - Link with the tests - if available/needed.
Bug Work
Meta bug: 1167038 - bug summary
Logged bugs ( blocking 1167038 )
46 Total; 0 Open (0%); 44 Resolved (95.65%); 2 Verified (4.35%);
Bug fix verification
ID | Priority | Component | Assigned to | Summary | Status | Resolution | Target milestone |
---|---|---|---|---|---|---|---|
750751 | P3 | Safe Browsing | Thomas Nguyen (:tnguyen) | Implement tests for on-wire update format | RESOLVED | FIXED | --- |
1037560 | P2 | Safe Browsing | Dimi Lee [:dimi] | Safebrowsing pleasereset resets all tables | VERIFIED | FIXED | mozilla51 |
1179301 | P2 | Safe Browsing | Henry Chang [:hchang] | Latent buffer overrun bug in SafebrowsingHash | RESOLVED | FIXED | mozilla51 |
1254766 | P2 | Safe Browsing | Dimi Lee [:dimi] | Stop caching Safe Browsing completions to disk | RESOLVED | FIXED | mozilla51 |
1264885 | -- | Safe Browsing | Henry Chang [:hchang] | Refactor the listmanager to add support for both V2 an V4 of the protocol | RESOLVED | FIXED | mozilla50 |
1273398 | -- | Safe Browsing | Henry Chang [:hchang] | Implement RequestBackoff for Safe Browsing v4 | RESOLVED | FIXED | mozilla50 |
1274112 | -- | Safe Browsing | Henry Chang [:hchang] | Implement Safe Browsing v4 update request | VERIFIED | FIXED | mozilla51 |
1276826 | P2 | Safe Browsing | Henry Chang [:hchang] | Implement Safe Browsing v4 hash completion request | RESOLVED | FIXED | mozilla53 |
1288633 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Page URL sent instead of matching URL for Safe Browsing false positives | RESOLVED | FIXED | mozilla54 |
1296820 | P1 | Safe Browsing | Henry Chang [:hchang] | Enabling Safe Browsing V4 updates breaks all list updates | RESOLVED | FIXED | mozilla51 |
1298257 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Implement url matching for variable-length prefix set | RESOLVED | FIXED | mozilla52 |
1302044 | P1 | Safe Browsing | Henry Chang [:hchang] | Disabled v4 tables would still be updated | RESOLVED | FIXED | mozilla51 |
1305478 | P2 | Safe Browsing | Henry Chang [:hchang] | Use 0-1 min as the initial update delay for both V2 and V4 | RESOLVED | FIXED | mozilla52 |
1305486 | P2 | Safe Browsing | Henry Chang [:hchang] | Enable V4 update by default on Nightly only | RESOLVED | FIXED | mozilla53 |
1307026 | P2 | Safe Browsing | Henry Chang [:hchang] | goog-phish-proto is not available with mozilla API key | RESOLVED | FIXED | --- |
1307541 | P1 | Safe Browsing | Henry Chang [:hchang] | V4 updates are not scheduled at the right time | RESOLVED | FIXED | mozilla52 |
1312888 | P3 | Safe Browsing | Dimi Lee [:dimi] | Incorrect debug output for V2 lists | RESOLVED | FIXED | mozilla56 |
1312939 | P2 | Safe Browsing | [META] Add Telemetry for Safe Browsing v4 | RESOLVED | FIXED | --- | |
1329366 | P3 | Safe Browsing | Dimi Lee [:dimi] | Avoid the reuse of the same chunk numbers in classifierHelper.js | RESOLVED | FIXED | mozilla56 |
1329817 | P2 | Safe Browsing | Dimi Lee [:dimi] | Enable V4 lookups | RESOLVED | FIXED | mozilla55 |
1330253 | -- | General | Dimi Lee [:dimi] | Supply a Google API key on try to enable testing against the Safe Browsing service | RESOLVED | FIXED | --- |
1331139 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Update download protection for V4 | RESOLVED | FIXED | mozilla54 |
1336915 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Disable Safe Browsing V4 updates and fullhash requests when the Google API key is missing | RESOLVED | FIXED | mozilla55 |
1336920 | P2 | Safe Browsing | Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout) | Display the presence/absence of a valid Google API key in about:support | RESOLVED | FIXED | mozilla54 |
1336922 | P1 | Safe Browsing | François Marier [:francois] | Disable v4 update in test_safe_browsing_initial_download.py testcase | RESOLVED | FIXED | mozilla54 |
1350798 | P2 | Safe Browsing | Dimi Lee [:dimi] | Ignore v4 completion too early will cause telemetry::URLCLASSIFIER_MATCH_RESULT gets wrong results | RESOLVED | FIXED | mozilla55 |
1359337 | -- | Safe Browsing | [META] QA bugs of Safe Browsing v4 | RESOLVED | FIXED | --- | |
1362484 | P2 | Safe Browsing | François Marier [:francois] | 404s during Safe Browsing V4 updates | RESOLVED | FIXED | --- |
1363879 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Sort gethash prefixes to hide noise entries | RESOLVED | FIXED | --- |
1363882 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Gethash entries are not cast safely | RESOLVED | FIXED | mozilla56 |
1366920 | P2 | Safe Browsing | Dimi Lee [:dimi] | SafeBrowinsg V4 only in nightly 56 | RESOLVED | FIXED | mozilla56 |
1376410 | P1 | Safe Browsing | Thomas Nguyen (:tnguyen) | Crash in OOM | large | NS_ABORT_OOM | nsACString::Replace | RESOLVED | FIXED | mozilla57 |
1377267 | P1 | Shield Study | Kamyar Ardekani (he/him) | SBv4 Crashrate opt-out study | RESOLVED | FIXED | --- |
1377976 | P3 | Safe Browsing | [meta] Support for Safe Browsing V4 in Fennec | RESOLVED | FIXED | --- | |
1377983 | P2 | Safe Browsing | Thomas Nguyen (:tnguyen) | Remove comparative V2/V4 Application Reputation telemetry probes | RESOLVED | FIXED | mozilla56 |
1377987 | P2 | Safe Browsing | François Marier [:francois] | Ensure that Linux distros get Google API keys for Safe Browsing in time for 56 | RESOLVED | FIXED | --- |
1387651 | P1 | Safe Browsing | François Marier [:francois] | Staged rollout of Safe Browsing V4 to the release population using Shield | RESOLVED | FIXED | --- |
1388218 | P1 | Safe Browsing | Wesly Huang (EPM) | Work with Soft Vision to test Safe Browsing V2 and V4 in Beta | RESOLVED | FIXED | --- |
1431370 | P1 | Safe Browsing | François Marier [:francois] | Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | nsTArray_base<T>::EnsureCapacity<T> | nsTArray_base<T>::InsertSlotsAt<T> | nsTArray_Impl<T>::SetLength<T> | mozilla::safebrowsing::DoRiceDeltaDecode | RESOLVED | FIXED | mozilla60 |
1435859 | P1 | Safe Browsing | François Marier [:francois] | Crash in OOM | large | NS_ABORT_OOM | mozilla::safebrowsing::Classifier::DeleteTables | RESOLVED | FIXED | mozilla60 |
40 Total; 0 Open (0%); 38 Resolved (95%); 2 Verified (5%);
Sign off
Criteria
Checklist
- All test cases should be executed
- Has sufficient automated test coverage (as measured by code coverage tools) - coordinate with RelMan
- All blockers, criticals must be fixed and verified or have an agreed-upon timeline for being fixed (as determined by engineering/RelMan/QA)
Results
Mid-Nightly testing
List of OSes that will be covered by testing
- Testing on nightly 56 on the following systems:
- Windows 10 x64
- Ubuntu 16.04 x64
- Mac OS 10.12(Sierra)
- Link for the tests run
- Full Test suite, link to TestRail - Tests Runs and Results link
- Daily Smoke, if needed/available
- Regression Test suite, if needed/available
Preliminary Pre-Release Sign-off
List of OSes that will be covered by testing
- Testing on 56.0b4 on the following systems:
- Windows 8.1 x64
- Windows 7 x86
- Ubuntu 14.04 x64
- Mac OS 10.12(Sierra)
- Link for the tests run
- Full Test suite, send an email on 08.31.2017
Pre-Release Sign-off
List of OSes that will be covered by testing
- Testing on 56.0b9 on the following systems:
- Windows 8.1 x64
- Windows 7 x86
- Ubuntu 14.04 x64
- Mac OS 10.12(Sierra)
- Link for the tests run
- Full Test suite, link to TestRail - Tests Runs and Results link
Checklist
Exit Criteria | Status | Notes/Details |
---|---|---|
Testing Prerequisites (specs, use cases) | ||
Testing Infrastructure setup | ||
Test Plan Creation | [Done] | |
Test Cases Creation | ||
Automation Coverage | No | |
Performance Testing | No | |
All Defects Logged | ||
Critical/Blockers Fixed and Verified | ||
Metrics/Telemetry | ||
Basic/Core functionality Nightly testing | ||
QA mid-Nightly Signoff | [Done] | |
QA Nightly - Full Testing | [Done] | |
QA pre-Beta Signoff | Email to be sent | |
QA Beta - Full Testing | ||
QA pre-Release Signoff | Email to be sent |