Add ability to analyze add-ons with VirusTotal from an action in the store #16434
Comments
|
@nvdaes I am uncertain about something.
What is the value of providing the URL in the store?
That is, if no add-on (after a while) makes it into the store without confirmation of VirusTotal, isn't the test result implied by the add-on being there? Wouldn't a simple "Scanned by virus total" notation be sufficient, with maybe more elaboration in the user guide?
|
|
Luke wrote:
I think it's betterto provide an action to scan the add-on whenever,since results maybe updated: |
|
Can this not happen automatically in the background before downloading? Is there a way to do that maybe via an API or so? |
I think that, though this is possible in terms of programming, this may exceed available limits of the API, and perhaps this woldn't bring a benefit grater than cons. |
|
I hadn't realized we had given up on the API idea during submission.
|
|
We won't be accepting add-ons with flagged issues with VirusTotal and plan to scan all add-ons currently uploaded. |
Is your feature request related to a problem? Please describe.
Though security of add-ons cannot be warranted, analyzing them with VirusTotal at any moment, specially before installing, maybe very useful to see if bundled malware is detected, and,in this case, to request removal from the store.
Describe the solution you'd like
The URL of VirusTotal analysis for each submitted add-on would be shown in the details panel of the store,as well as making possible to open that URL from a new action.
Describe alternatives you've considered
Users can downloadthe add-on using the download URL,and then submit the file to Virus Total, and the download URL can also be submitted.
Additional context
nvaccess/addon-datastore#3246
The text was updated successfully, but these errors were encountered: