gecko-dev/dom/serviceworkers/ServiceWorkerUtils.cpp

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "ServiceWorkerUtils.h"

#include "mozilla/Preferences.h"

namespace mozilla {
namespace dom {

bool
ServiceWorkerParentInterceptEnabled()
{
  // For right now we only support main thread.  In the future we could make
  // this use an atomic bool if we need to support worker threads.
  MOZ_ASSERT(NS_IsMainThread());

  static bool sInit = false;
  static bool sEnabled;

  if (!sInit) {
    MOZ_ASSERT(NS_IsMainThread());
    Preferences::AddBoolVarCache(&sEnabled,
                                 "dom.serviceWorkers.parent_intercept",
                                 false);
    sInit = true;
  }

  return sEnabled;
}

bool
ServiceWorkerRegistrationDataIsValid(const ServiceWorkerRegistrationData& aData)
{
  return !aData.scope().IsEmpty() &&
         !aData.currentWorkerURL().IsEmpty() &&
         !aData.cacheName().IsEmpty();
}

namespace {

nsresult
CheckForSlashEscapedCharsInPath(nsIURI* aURI)
{
  MOZ_ASSERT(aURI);

  // A URL that can't be downcast to a standard URL is an invalid URL and should
  // be treated as such and fail with SecurityError.
  nsCOMPtr<nsIURL> url(do_QueryInterface(aURI));
  if (NS_WARN_IF(!url)) {
    return NS_ERROR_DOM_SECURITY_ERR;
  }

  nsAutoCString path;
  nsresult rv = url->GetFilePath(path);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return rv;
  }

  ToLowerCase(path);
  if (path.Find("%2f") != kNotFound ||
      path.Find("%5c") != kNotFound) {
    return NS_ERROR_DOM_TYPE_ERR;
  }

  return NS_OK;
}

} // anonymous namespace

nsresult
ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,
                                    nsIURI* aScopeURI,
                                    nsIURI* aScriptURI)
{
  MOZ_DIAGNOSTIC_ASSERT(aScopeURI);
  MOZ_DIAGNOSTIC_ASSERT(aScriptURI);

  nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
  NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR);

  bool isHttp = false;
  bool isHttps = false;
  Unused << aScriptURI->SchemeIs("http", &isHttp);
  Unused << aScriptURI->SchemeIs("https", &isHttps);
  NS_ENSURE_TRUE(isHttp || isHttps, NS_ERROR_DOM_SECURITY_ERR);

  nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI);
  NS_ENSURE_SUCCESS(rv, rv);

  rv = CheckForSlashEscapedCharsInPath(aScriptURI);
  NS_ENSURE_SUCCESS(rv, rv);

  nsAutoCString ref;
  Unused << aScopeURI->GetRef(ref);
  NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);

  Unused << aScriptURI->GetRef(ref);
  NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);

  rv = principal->CheckMayLoad(aScopeURI, true /* report */,
                               false /* allowIfInheritsPrincipal */);
  NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);

  rv = principal->CheckMayLoad(aScriptURI, true /* report */,
                               false /* allowIfInheritsPrincipal */);
  NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);

  return NS_OK;
}

} // namespace dom
} // namespace mozilla
Bug 1431847 P3 Add ServiceWorkerParentInterceptEnabled() method and backing pref. r=asuth 2018-01-24 20:47:16 +03:00			`/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */`
			`/* vim: set ts=8 sts=2 et sw=2 tw=80: */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#include "ServiceWorkerUtils.h"`

			`#include "mozilla/Preferences.h"`

			`namespace mozilla {`
			`namespace dom {`

			`bool`
			`ServiceWorkerParentInterceptEnabled()`
			`{`
Backed out 3 changesets (bug 1462069) for build bustage on /src/dom/clients/manager/ClientManagerService.cpp on a CLOSED TREE Backed out changeset 999be9379af3 (bug 1462069) Backed out changeset 457cb3f8a0d9 (bug 1462069) Backed out changeset ec66aff745a8 (bug 1462069) 2018-06-01 23:57:36 +03:00			`// For right now we only support main thread. In the future we could make`
			`// this use an atomic bool if we need to support worker threads.`
			`MOZ_ASSERT(NS_IsMainThread());`

Bug 1431847 P3 Add ServiceWorkerParentInterceptEnabled() method and backing pref. r=asuth 2018-01-24 20:47:16 +03:00			`static bool sInit = false;`
Backed out 3 changesets (bug 1462069) for build bustage on /src/dom/clients/manager/ClientManagerService.cpp on a CLOSED TREE Backed out changeset 999be9379af3 (bug 1462069) Backed out changeset 457cb3f8a0d9 (bug 1462069) Backed out changeset ec66aff745a8 (bug 1462069) 2018-06-01 23:57:36 +03:00			`static bool sEnabled;`
Bug 1431847 P3 Add ServiceWorkerParentInterceptEnabled() method and backing pref. r=asuth 2018-01-24 20:47:16 +03:00
			`if (!sInit) {`
			`MOZ_ASSERT(NS_IsMainThread());`
Backed out 3 changesets (bug 1462069) for build bustage on /src/dom/clients/manager/ClientManagerService.cpp on a CLOSED TREE Backed out changeset 999be9379af3 (bug 1462069) Backed out changeset 457cb3f8a0d9 (bug 1462069) Backed out changeset ec66aff745a8 (bug 1462069) 2018-06-01 23:57:36 +03:00			`Preferences::AddBoolVarCache(&sEnabled,`
			`"dom.serviceWorkers.parent_intercept",`
			`false);`
Bug 1431847 P3 Add ServiceWorkerParentInterceptEnabled() method and backing pref. r=asuth 2018-01-24 20:47:16 +03:00			`sInit = true;`
			`}`

			`return sEnabled;`
			`}`

Bug 1452244 Avoid empty entries in serviceworker.txt. r=asuth 2018-04-09 20:54:23 +03:00			`bool`
			`ServiceWorkerRegistrationDataIsValid(const ServiceWorkerRegistrationData& aData)`
			`{`
			`return !aData.scope().IsEmpty() &&`
			`!aData.currentWorkerURL().IsEmpty() &&`
			`!aData.cacheName().IsEmpty();`
			`}`

Bug 1436812 P7 Move many checks into ServiceWorkerScopeAndScriptAreValid() utility method. r=baku 2018-04-23 19:46:55 +03:00			`namespace {`

			`nsresult`
			`CheckForSlashEscapedCharsInPath(nsIURI* aURI)`
			`{`
			`MOZ_ASSERT(aURI);`

			`// A URL that can't be downcast to a standard URL is an invalid URL and should`
			`// be treated as such and fail with SecurityError.`
			`nsCOMPtr<nsIURL> url(do_QueryInterface(aURI));`
			`if (NS_WARN_IF(!url)) {`
			`return NS_ERROR_DOM_SECURITY_ERR;`
			`}`

			`nsAutoCString path;`
			`nsresult rv = url->GetFilePath(path);`
			`if (NS_WARN_IF(NS_FAILED(rv))) {`
			`return rv;`
			`}`

			`ToLowerCase(path);`
			`if (path.Find("%2f") != kNotFound \|\|`
			`path.Find("%5c") != kNotFound) {`
			`return NS_ERROR_DOM_TYPE_ERR;`
			`}`

			`return NS_OK;`
			`}`

			`} // anonymous namespace`

			`nsresult`
			`ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,`
			`nsIURI* aScopeURI,`
			`nsIURI* aScriptURI)`
			`{`
			`MOZ_DIAGNOSTIC_ASSERT(aScopeURI);`
			`MOZ_DIAGNOSTIC_ASSERT(aScriptURI);`

			`nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();`
			`NS_ENSURE_TRUE(principal, NS_ERROR_DOM_INVALID_STATE_ERR);`

			`bool isHttp = false;`
			`bool isHttps = false;`
			`Unused << aScriptURI->SchemeIs("http", &isHttp);`
			`Unused << aScriptURI->SchemeIs("https", &isHttps);`
			`NS_ENSURE_TRUE(isHttp \|\| isHttps, NS_ERROR_DOM_SECURITY_ERR);`

			`nsresult rv = CheckForSlashEscapedCharsInPath(aScopeURI);`
			`NS_ENSURE_SUCCESS(rv, rv);`

			`rv = CheckForSlashEscapedCharsInPath(aScriptURI);`
			`NS_ENSURE_SUCCESS(rv, rv);`

			`nsAutoCString ref;`
			`Unused << aScopeURI->GetRef(ref);`
			`NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);`

			`Unused << aScriptURI->GetRef(ref);`
			`NS_ENSURE_TRUE(ref.IsEmpty(), NS_ERROR_DOM_SECURITY_ERR);`

			`rv = principal->CheckMayLoad(aScopeURI, true /* report */,`
			`false /* allowIfInheritsPrincipal */);`
			`NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);`

			`rv = principal->CheckMayLoad(aScriptURI, true /* report */,`
			`false /* allowIfInheritsPrincipal */);`
			`NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);`

			`return NS_OK;`
			`}`

Bug 1431847 P3 Add ServiceWorkerParentInterceptEnabled() method and backing pref. r=asuth 2018-01-24 20:47:16 +03:00			`} // namespace dom`
			`} // namespace mozilla`