mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:30:27 +00:00
roytam1
5f6d4971d0
- caps part only: Bug 1178533 - Add nsIInstallPackagedWebapp for registering permissions when navigating to signed packages r=bholley,fabrice,valentin (8174625aab)
- Bug 1299615 - Part 2: Skip ICU source directory in Clang build plugin when searching for implicit conversion constructors. r=Waldo, r=mystor (30a51b6602)
- Bug 1264827 - Part 1: Rename the existing code to make it clear it's checking for template args; r=mystor (2710d7e318)
- Bug 1264827 - Part 2: Add a static analysis to help check Rust wrapped C++ classes for members which are unsafe to memmove; r=mystor (8f053f59cf)
- Bug 1264827 - Part 3: Add the MOZ_NEEDS_MEMMOVABLE_MEMBERS annotation to MFBT; r=froydnj (937622926a)
- Bug 1229769 - We should be able to use DOM promises in the worker debugger;r=khuey (b3b32e9b94)
- Bug 1265035 - Make ~WorkerJSRuntime() handle Initialize() failure better. r=khuey. (67e67fab06)
- Bug 1256428 P1 Add ServiceWorkerJob2 base class. r=jdm (0bedbfa070)
- Bug 1256428 P2 Add ServiceWorkerJobQueue2 class. r=jdm (806e9b242e)
- Bug 1260933 - Part 1: For invalid easing values, print the invalid value. r=birtles (482541cfcb)
- Bug 1260933 - Part 2: For invalid duration values, print the invalid value. r=birtles (5b20918f77)
- Bug 1256428 P3 Add ServiceWorkerUpdateJob2. r=jdm (135e9bf05d)
- Bug 1256428 P4 Add ServiceWorkerRegisterJob2. r=jdm (e790f95b1d)
- Bug 1256428 P5 Add ServiceWorkerUnregisterJob2 class. r=jdm (cf63826b57)
- Bug 1220757 - Add report to console when service worker register fails due to mismatching scope path.r=bkelly (dbbf1a8515)
- Bug 1255621 - Ignore service workers previously registered in non-private windows. r=bkelly (593ebfc612)
- Bug 1241531 - Part 1: Only pop jobs from the queue when the correct job completes. r=ehsan (f8a1ea2fda)
- Bug 1241531 - Part 2: Move Cancel() to ServiceWorkerJob base class. r=ehsan (33ffccb8a4)
- Bug 1241531 - Part 3: Call Cancel() on all service worker jobs. r=ehsan (4cce06ab41)
- Bug 1241531 - Part 4: Make service worker unregister job respect cancelation. r=ehsan (1877cb3919)
- Bug 1261776 Use SafeElementAt() in service worker job queue. r=ehsan (c7a883a087)
- Bug 1238990 P1 ServiceWorkerManager should trigger automatic updates in current process. r=ehsan (c65bded060)
- Bug 1238990 P2 Try to ensure service worker jobs do not run during shutdown. r=ehsan (f816a012f2)
- Bug 1256428 P6 Use ServiceWorkerJobQueue2 and new job classes in ServiceWorkerManager. r=jdm (641af03802)
- Bug 1256428 P0 Fix unified build failures in dom/workers. r=jdm (33aaafd188)
- Bug 1261814: Use the presence of the content global, and not any random global, to determine whether to run the close handler. r=bz (8f182bf345)
- Bug 1256428 P7 Fix wpt update.https.html to expect TypeError per current spec. r=jdm (4c6cad6e0f)
- Bug 1256428 P8 Fix wpt unregister-then-register-new-script.https.html to new spec expectations matching blink's tests. r=jdm (d9191f7002)
- Bug 1226443 P5 Always use first scheduled update timer instead of rescheduling on new events. r=ehsan (7b1b31dcc0)
- Bug 1230341 Hold a strong ref in service worker NS_NewRunnableMethodWithArg uses. r=ehsan a=abillings (2b1d942ae4)
- Bug 1256428 P9 Remove now unused code from ServiceWorkerManager.cpp. r=jdm (7f97035007)
- Bug 1256428 P10 Remove ServiceWorkerRegistrationInfo::mUpdating flag. r=jdm (31fc686d5d)
- Bug 1256428 P11 Don't coalesce SW jobs after the existing job has already resolved its promise. r=jdm (1ce373f98b)
- Bug 1256428 P12 ServiceWorkerUnregisterJob2 should not use ServiceWorkerManager internals. r=jdm (1abe304c3c)
- Bug 1256428 P13 Remove unnecessary ServiceWorkerUnregsterJob2 stop. r=jdm (05d0717b7c)
- Bug 1256428 P14 Remove dead code in SeviceWorkerUpdateJob.cpp. r=jdm (7d1ac1112a)
- Bug 1256428 P15 Perform byte-for-byte comparison check after validating script URL. r=jdm (dc30ec75a9)
- Bug 1256428 P16 Fix some issues calling purgeCache() in ServiceWorkerUpdateJob.cpp. r=jdm (cffe93613a)
- Bug 1256428 P17 Rename service worker job classes to remove "2" suffix. r=jdm (f1d7a6aadf)
- Bug 1256428 P18 Add spec annotations and tweak asserts in ServiceWorkerUpdateJob. r=jdm (1a9c95a5bb)
- Bug 1256428 P19 Address ServiceWorkerUnregisterJob review feedback. r=jdm (2b8775a9ad)
- Bug 1260591 Move ServiceWorkerInfo and ServiceWorkerRegistrationInfo into separate files. r=jdm (2e31a3c002)
- Bug 1266857 Make Clients.claim() use observer document list instead of secondary hashtable. r=bz (2b318072f5)
- Bug 1261428: Migrate the useless setTimeout error message to the bindings infrastructure. r=bz (80d2503978)
- Bug 1263307 P1 Make ServiceWorkerRegistrationInfo::mScope const. r=jdm (b8b03bc594)
- Bug 1263307 P2 Make ServiceWorkerRegistrationInfo worker members private. r=jdm (16773a9134)
- Bug 1263307 P3 Move ServiceWorker update logic into central place in ServiceWorkerRegistrationInfo methods. r=jdm (68b288cbfb)
- Bug 1265761 Clients.matchAll() should treat http windows as secure if devtools are open and http testing is enabled. r=ehsan (100e16ca08)
- Bug 1265795 P1 Uncontrolled service workers when global is removed from document. r=bz (db069b0756)
- Bug 1265795 P2 Add a web-platform-test for the window navigation case. r=bz (6571257e5b)
- Bug 1265795 P3 Assert that controlled documents have an outer window. r=bz (fdc14dbf66)
- Bug 1265795 P4 Always call nsDocument::SetScriptGlobalObject(nullptr) from nsDocument::Destroy(). r=bz (8825c3dbd5)
- Bug 1254194: Add a validator for custom add-on content security policies. r=billm f=aswan (c557dd47ef)
- Bug 1254194: Allow iterating over and inspecting sources of parsed CSP directives. r=ckerschb (2d93cdda56)
- Bug 1142332 - Prevent calling CSP_EnumToKeyword with CSP_HASH. r=ckerschb (15a80ed62f)
- Bug 1236416 - Remove some misc toolkit content UI from Fennec r=margaret (01f7f81c93)
- Bug 1234403 - Part 1: Implement CSSPseudoElement.getAnimations. r=birtles (91ce2e1cae)
- Bug 1234403 - Part 2: Implement document.getAnimations. r=birtles (49afbacadb)
- Bug 1234403 - Part 3: Test for the CSSPseudoElement objects returned by effect.target. r=birtles (bf34dda38f)
- Bug 1234403 - Part 4: Test for the animation order returned by document.getAnimations(). r=birtles (fa8ec8e01f)
- Bug 1234403 - Part 5: Test for CSSPseudoElement.getAnimations. r=birtles (3ef598f2ba)
- Bug 1254418 - Part 1: Support generated-content element for Element.getAnimations. r=birtles (7ae806859a)
- Bug 1254418 - Part 2: Test getAnimations for generated-content elements. r=birtles (b562ec7478)
- Bug 1254761 - Part 1: Implement getAnimations({ subtree: true }). r=smaug (c5419ffec0)
- Bug 1254761 - Part 2: Removes extra whitespaces. r=birtles (2a98381928)
- Bug 1254761 - Part 3: Add tests for AnimationFilter. r=birtles (bdd9b39849)
- Bug 1254194: Apply a content security policy to all WebExtension documents. r=gabor (c3a9f32be8)
- Bug 1257246: Update the version of eslint that mach installs. r=gps (da0481d7e4)
- Bug 1229588: Add a taskcluster test for eslint. r=dustin (e6eff5caf2)
- Bug 1257246: Update lint test image to newer packages of eslint. r=ahal (bcfaf3b5d8)
- Bug 1263637 - Fix eslint 2 warnings for WebExtensions code. r=kmag (16537b22dc)
- Bug 1238177 - fix extension content needs to use the correct user context id origin attribute. r=sicking (834faa0f62)
480 lines
14 KiB
C++
480 lines
14 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "AddonContentPolicy.h"
|
|
|
|
#include "mozilla/dom/nsCSPUtils.h"
|
|
#include "nsCOMPtr.h"
|
|
#include "nsContentPolicyUtils.h"
|
|
#include "nsContentTypeParser.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsIConsoleService.h"
|
|
#include "nsIContentSecurityPolicy.h"
|
|
#include "nsIContent.h"
|
|
#include "nsIDocument.h"
|
|
#include "nsIEffectiveTLDService.h"
|
|
#include "nsIScriptError.h"
|
|
#include "nsIStringBundle.h"
|
|
#include "nsIUUIDGenerator.h"
|
|
#include "nsIURI.h"
|
|
#include "nsNetCID.h"
|
|
#include "nsNetUtil.h"
|
|
|
|
using namespace mozilla;
|
|
|
|
/* Enforces content policies for WebExtension scopes. Currently:
|
|
*
|
|
* - Prevents loading scripts with a non-default JavaScript version.
|
|
* - Checks custom content security policies for sufficiently stringent
|
|
* script-src and object-src directives.
|
|
*/
|
|
|
|
#define VERSIONED_JS_BLOCKED_MESSAGE \
|
|
MOZ_UTF16("Versioned JavaScript is a non-standard, deprecated extension, and is ") \
|
|
MOZ_UTF16("not supported in WebExtension code. For alternatives, please see: ") \
|
|
MOZ_UTF16("https://developer.mozilla.org/Add-ons/WebExtensions/Tips")
|
|
|
|
AddonContentPolicy::AddonContentPolicy()
|
|
{
|
|
}
|
|
|
|
AddonContentPolicy::~AddonContentPolicy()
|
|
{
|
|
}
|
|
|
|
NS_IMPL_ISUPPORTS(AddonContentPolicy, nsIContentPolicy, nsIAddonContentPolicy)
|
|
|
|
static nsresult
|
|
GetWindowIDFromContext(nsISupports* aContext, uint64_t *aResult)
|
|
{
|
|
NS_ENSURE_TRUE(aContext, NS_ERROR_FAILURE);
|
|
|
|
nsCOMPtr<nsIContent> content = do_QueryInterface(aContext);
|
|
NS_ENSURE_TRUE(content, NS_ERROR_FAILURE);
|
|
|
|
nsCOMPtr<nsIDocument> document = content->OwnerDoc();
|
|
NS_ENSURE_TRUE(document, NS_ERROR_FAILURE);
|
|
|
|
nsCOMPtr<nsPIDOMWindow> window = document->GetInnerWindow();
|
|
NS_ENSURE_TRUE(window, NS_ERROR_FAILURE);
|
|
|
|
*aResult = window->WindowID();
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
LogMessage(const nsAString &aMessage, nsIURI* aSourceURI, const nsAString &aSourceSample,
|
|
nsISupports* aContext)
|
|
{
|
|
nsCOMPtr<nsIScriptError> error = do_CreateInstance(NS_SCRIPTERROR_CONTRACTID);
|
|
NS_ENSURE_TRUE(error, NS_ERROR_OUT_OF_MEMORY);
|
|
|
|
nsAutoCString sourceName;
|
|
nsresult rv = aSourceURI->GetSpec(sourceName);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
uint64_t windowID = 0;
|
|
GetWindowIDFromContext(aContext, &windowID);
|
|
|
|
rv = error->InitWithWindowID(aMessage, NS_ConvertUTF8toUTF16(sourceName),
|
|
aSourceSample, 0, 0, nsIScriptError::errorFlag,
|
|
"JavaScript", windowID);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIConsoleService> console = do_GetService(NS_CONSOLESERVICE_CONTRACTID);
|
|
NS_ENSURE_TRUE(console, NS_ERROR_OUT_OF_MEMORY);
|
|
|
|
console->LogMessage(error);
|
|
return NS_OK;
|
|
}
|
|
|
|
|
|
// Content policy enforcement:
|
|
|
|
NS_IMETHODIMP
|
|
AddonContentPolicy::ShouldLoad(uint32_t aContentType,
|
|
nsIURI* aContentLocation,
|
|
nsIURI* aRequestOrigin,
|
|
nsISupports* aContext,
|
|
const nsACString& aMimeTypeGuess,
|
|
nsISupports* aExtra,
|
|
nsIPrincipal* aRequestPrincipal,
|
|
int16_t* aShouldLoad)
|
|
{
|
|
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
|
|
"We should only see external content policy types here.");
|
|
|
|
*aShouldLoad = nsIContentPolicy::ACCEPT;
|
|
|
|
if (!aRequestOrigin) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Only apply this policy to requests from documents loaded from
|
|
// moz-extension URLs, or to resources being loaded from moz-extension URLs.
|
|
bool equals;
|
|
if (!((NS_SUCCEEDED(aContentLocation->SchemeIs("moz-extension", &equals)) && equals) ||
|
|
(NS_SUCCEEDED(aRequestOrigin->SchemeIs("moz-extension", &equals)) && equals))) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if (aContentType == nsIContentPolicy::TYPE_SCRIPT) {
|
|
NS_ConvertUTF8toUTF16 typeString(aMimeTypeGuess);
|
|
nsContentTypeParser mimeParser(typeString);
|
|
|
|
// Reject attempts to load JavaScript scripts with a non-default version.
|
|
nsAutoString mimeType, version;
|
|
if (NS_SUCCEEDED(mimeParser.GetType(mimeType)) &&
|
|
nsContentUtils::IsJavascriptMIMEType(mimeType) &&
|
|
NS_SUCCEEDED(mimeParser.GetParameter("version", version))) {
|
|
*aShouldLoad = nsIContentPolicy::REJECT_REQUEST;
|
|
|
|
LogMessage(NS_MULTILINE_LITERAL_STRING(VERSIONED_JS_BLOCKED_MESSAGE),
|
|
aRequestOrigin, typeString, aContext);
|
|
return NS_OK;
|
|
}
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
AddonContentPolicy::ShouldProcess(uint32_t aContentType,
|
|
nsIURI* aContentLocation,
|
|
nsIURI* aRequestOrigin,
|
|
nsISupports* aRequestingContext,
|
|
const nsACString& aMimeTypeGuess,
|
|
nsISupports* aExtra,
|
|
nsIPrincipal* aRequestPrincipal,
|
|
int16_t* aShouldProcess)
|
|
{
|
|
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
|
|
"We should only see external content policy types here.");
|
|
|
|
*aShouldProcess = nsIContentPolicy::ACCEPT;
|
|
return NS_OK;
|
|
}
|
|
|
|
|
|
// CSP Validation:
|
|
|
|
static const char* allowedSchemes[] = {
|
|
"blob",
|
|
"filesystem",
|
|
nullptr
|
|
};
|
|
|
|
static const char* allowedHostSchemes[] = {
|
|
"https",
|
|
"moz-extension",
|
|
nullptr
|
|
};
|
|
|
|
/**
|
|
* Validates a CSP directive to ensure that it is sufficiently stringent.
|
|
* In particular, ensures that:
|
|
*
|
|
* - No remote sources are allowed other than from https: schemes
|
|
*
|
|
* - No remote sources specify host wildcards for generic domains
|
|
* (*.blogspot.com, *.com, *)
|
|
*
|
|
* - All remote sources and local extension sources specify a host
|
|
*
|
|
* - No scheme sources are allowed other than blob:, filesystem:,
|
|
* moz-extension:, and https:
|
|
*
|
|
* - No keyword sources are allowed other than 'none', 'self', 'unsafe-eval',
|
|
* and hash sources.
|
|
*/
|
|
class CSPValidator final : public nsCSPSrcVisitor {
|
|
public:
|
|
CSPValidator(nsAString& aURL, CSPDirective aDirective, bool aDirectiveRequired = true) :
|
|
mURL(aURL),
|
|
mDirective(CSP_CSPDirectiveToString(aDirective)),
|
|
mFoundSelf(false)
|
|
{
|
|
// Start with the default error message for a missing directive, since no
|
|
// visitors will be called if the directive isn't present.
|
|
if (aDirectiveRequired) {
|
|
FormatError("csp.error.missing-directive");
|
|
}
|
|
}
|
|
|
|
// Visitors
|
|
|
|
bool visitSchemeSrc(const nsCSPSchemeSrc& src) override
|
|
{
|
|
nsAutoString scheme;
|
|
src.getScheme(scheme);
|
|
|
|
if (SchemeInList(scheme, allowedHostSchemes)) {
|
|
FormatError("csp.error.missing-host", scheme);
|
|
return false;
|
|
}
|
|
if (!SchemeInList(scheme, allowedSchemes)) {
|
|
FormatError("csp.error.illegal-protocol", scheme);
|
|
return false;
|
|
}
|
|
return true;
|
|
};
|
|
|
|
bool visitHostSrc(const nsCSPHostSrc& src) override
|
|
{
|
|
nsAutoString scheme, host;
|
|
|
|
src.getScheme(scheme);
|
|
src.getHost(host);
|
|
|
|
if (scheme.LowerCaseEqualsLiteral("https")) {
|
|
if (!HostIsAllowed(host)) {
|
|
FormatError("csp.error.illegal-host-wildcard", scheme);
|
|
return false;
|
|
}
|
|
} else if (scheme.LowerCaseEqualsLiteral("moz-extension")) {
|
|
// The CSP parser silently converts 'self' keywords to the origin
|
|
// URL, so we need to reconstruct the URL to see if it was present.
|
|
if (!mFoundSelf) {
|
|
nsAutoString url(MOZ_UTF16("moz-extension://"));
|
|
url.Append(host);
|
|
|
|
mFoundSelf = url.Equals(mURL);
|
|
}
|
|
|
|
if (host.IsEmpty() || host.EqualsLiteral("*")) {
|
|
FormatError("csp.error.missing-host", scheme);
|
|
return false;
|
|
}
|
|
} else if (!SchemeInList(scheme, allowedSchemes)) {
|
|
FormatError("csp.error.illegal-protocol", scheme);
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
};
|
|
|
|
bool visitKeywordSrc(const nsCSPKeywordSrc& src) override
|
|
{
|
|
switch (src.getKeyword()) {
|
|
case CSP_NONE:
|
|
case CSP_SELF:
|
|
case CSP_UNSAFE_EVAL:
|
|
return true;
|
|
|
|
default:
|
|
NS_ConvertASCIItoUTF16 keyword(CSP_EnumToKeyword(src.getKeyword()));
|
|
|
|
FormatError("csp.error.illegal-keyword", keyword);
|
|
return false;
|
|
}
|
|
};
|
|
|
|
bool visitNonceSrc(const nsCSPNonceSrc& src) override
|
|
{
|
|
FormatError("csp.error.illegal-keyword", NS_LITERAL_STRING("'nonce-*'"));
|
|
return false;
|
|
};
|
|
|
|
bool visitHashSrc(const nsCSPHashSrc& src) override
|
|
{
|
|
return true;
|
|
};
|
|
|
|
// Accessors
|
|
|
|
inline nsAString& GetError()
|
|
{
|
|
return mError;
|
|
};
|
|
|
|
inline bool FoundSelf()
|
|
{
|
|
return mFoundSelf;
|
|
};
|
|
|
|
|
|
// Formatters
|
|
|
|
template <typename... T>
|
|
inline void FormatError(const char* aName, const T ...aParams)
|
|
{
|
|
const char16_t* params[] = { mDirective.get(), aParams.get()... };
|
|
FormatErrorParams(aName, params, MOZ_ARRAY_LENGTH(params));
|
|
};
|
|
|
|
private:
|
|
// Validators
|
|
|
|
bool HostIsAllowed(nsAString& host)
|
|
{
|
|
if (host.First() == '*') {
|
|
if (host.EqualsLiteral("*") || host[1] != '.') {
|
|
return false;
|
|
}
|
|
|
|
host.Cut(0, 2);
|
|
|
|
nsCOMPtr<nsIEffectiveTLDService> tldService =
|
|
do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
|
|
|
|
if (!tldService) {
|
|
return false;
|
|
}
|
|
|
|
NS_ConvertUTF16toUTF8 cHost(host);
|
|
nsAutoCString publicSuffix;
|
|
|
|
nsresult rv = tldService->GetPublicSuffixFromHost(cHost, publicSuffix);
|
|
|
|
return NS_SUCCEEDED(rv) && !cHost.Equals(publicSuffix);
|
|
}
|
|
|
|
return true;
|
|
};
|
|
|
|
bool SchemeInList(nsAString& scheme, const char** schemes)
|
|
{
|
|
for (; *schemes; schemes++) {
|
|
if (scheme.LowerCaseEqualsASCII(*schemes)) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
};
|
|
|
|
|
|
// Formatters
|
|
|
|
already_AddRefed<nsIStringBundle>
|
|
GetStringBundle()
|
|
{
|
|
nsCOMPtr<nsIStringBundleService> sbs =
|
|
mozilla::services::GetStringBundleService();
|
|
NS_ENSURE_TRUE(sbs, nullptr);
|
|
|
|
nsCOMPtr<nsIStringBundle> stringBundle;
|
|
sbs->CreateBundle("chrome://global/locale/extensions.properties",
|
|
getter_AddRefs(stringBundle));
|
|
|
|
return stringBundle.forget();
|
|
};
|
|
|
|
void FormatErrorParams(const char* aName, const char16_t** aParams, int32_t aLength)
|
|
{
|
|
nsresult rv = NS_ERROR_FAILURE;
|
|
|
|
nsCOMPtr<nsIStringBundle> stringBundle = GetStringBundle();
|
|
|
|
if (stringBundle) {
|
|
NS_ConvertASCIItoUTF16 name(aName);
|
|
|
|
rv = stringBundle->FormatStringFromName(name.get(), aParams, aLength,
|
|
getter_Copies(mError));
|
|
}
|
|
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
mError.AssignLiteral("An unexpected error occurred");
|
|
}
|
|
};
|
|
|
|
|
|
// Data members
|
|
|
|
nsAutoString mURL;
|
|
NS_ConvertASCIItoUTF16 mDirective;
|
|
nsXPIDLString mError;
|
|
|
|
bool mFoundSelf;
|
|
};
|
|
|
|
/**
|
|
* Validates a custom content security policy string for use by an add-on.
|
|
* In particular, ensures that:
|
|
*
|
|
* - Both object-src and script-src directives are present, and meet
|
|
* the policies required by the CSPValidator class
|
|
*
|
|
* - The script-src directive includes the source 'self'
|
|
*/
|
|
NS_IMETHODIMP
|
|
AddonContentPolicy::ValidateAddonCSP(const nsAString& aPolicyString,
|
|
nsAString& aResult)
|
|
{
|
|
nsresult rv;
|
|
|
|
// Validate against a randomly-generated extension origin.
|
|
// There is no add-on-specific behavior in the CSP code, beyond the ability
|
|
// for add-ons to specify a custom policy, but the parser requires a valid
|
|
// origin in order to operate correctly.
|
|
nsAutoString url(MOZ_UTF16("moz-extension://"));
|
|
{
|
|
nsCOMPtr<nsIUUIDGenerator> uuidgen = services::GetUUIDGenerator();
|
|
NS_ENSURE_TRUE(uuidgen, NS_ERROR_FAILURE);
|
|
|
|
nsID id;
|
|
rv = uuidgen->GenerateUUIDInPlace(&id);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
char idString[NSID_LENGTH];
|
|
id.ToProvidedString(idString);
|
|
|
|
MOZ_RELEASE_ASSERT(idString[0] == '{' && idString[NSID_LENGTH - 2] == '}',
|
|
"UUID generator did not return a valid UUID");
|
|
|
|
url.AppendASCII(idString + 1, NSID_LENGTH - 3);
|
|
}
|
|
|
|
|
|
RefPtr<BasePrincipal> principal =
|
|
BasePrincipal::CreateCodebasePrincipal(NS_ConvertUTF16toUTF8(url));
|
|
|
|
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
|
rv = principal->EnsureCSP(nullptr, getter_AddRefs(csp));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
|
|
csp->AppendPolicy(aPolicyString, false, false);
|
|
|
|
const nsCSPPolicy* policy = csp->GetPolicy(0);
|
|
if (!policy) {
|
|
CSPValidator validator(url, nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE);
|
|
aResult.Assign(validator.GetError());
|
|
return NS_OK;
|
|
}
|
|
|
|
bool haveValidDefaultSrc = false;
|
|
{
|
|
CSPDirective directive = nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE;
|
|
CSPValidator validator(url, directive);
|
|
|
|
haveValidDefaultSrc = policy->visitDirectiveSrcs(directive, &validator);
|
|
}
|
|
|
|
aResult.SetIsVoid(true);
|
|
{
|
|
CSPDirective directive = nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE;
|
|
CSPValidator validator(url, directive, !haveValidDefaultSrc);
|
|
|
|
if (!policy->visitDirectiveSrcs(directive, &validator)) {
|
|
aResult.Assign(validator.GetError());
|
|
} else if (!validator.FoundSelf()) {
|
|
validator.FormatError("csp.error.missing-source", NS_LITERAL_STRING("'self'"));
|
|
aResult.Assign(validator.GetError());
|
|
}
|
|
}
|
|
|
|
if (aResult.IsVoid()) {
|
|
CSPDirective directive = nsIContentSecurityPolicy::OBJECT_SRC_DIRECTIVE;
|
|
CSPValidator validator(url, directive, !haveValidDefaultSrc);
|
|
|
|
if (!policy->visitDirectiveSrcs(directive, &validator)) {
|
|
aResult.Assign(validator.GetError());
|
|
}
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|