From 06584886b6deb6ae1350e221e3fb5fd7881d542f Mon Sep 17 00:00:00 2001 From: Blair McBride Date: Tue, 10 Feb 2015 15:47:50 +1300 Subject: [PATCH] Bug 1128126 - Enforce safe schemes in isInstallAllowed. r=Mossop --- browser/base/content/browser-addons.js | 4 +++ .../content/test/general/browser_bug553455.js | 2 ++ .../content/test/general/browser_bug592338.js | 34 +++++++++++++++++-- .../extensions/internal/XPIProvider.jsm | 6 ++++ .../test/xpcshell/test_permissions.js | 28 +++++++++------ .../xpinstall/browser_concurrent_installs.js | 2 ++ .../mozapps/extensions/test/xpinstall/head.js | 4 +++ 7 files changed, 66 insertions(+), 14 deletions(-) diff --git a/browser/base/content/browser-addons.js b/browser/base/content/browser-addons.js index fecfc32b90f2..b19f35528632 100644 --- a/browser/base/content/browser-addons.js +++ b/browser/base/content/browser-addons.js @@ -370,6 +370,10 @@ var LightWeightThemeWebInstaller = { var pm = Services.perms; var uri = node.ownerDocument.documentURIObject; + + if (!uri.schemeIs("https")) + return false; + return pm.testPermission(uri, "install") == pm.ALLOW_ACTION; }, diff --git a/browser/base/content/test/general/browser_bug553455.js b/browser/base/content/test/general/browser_bug553455.js index 65cfaca4e123..b0bb0cd04322 100644 --- a/browser/base/content/test/general/browser_bug553455.js +++ b/browser/base/content/test/general/browser_bug553455.js @@ -840,6 +840,7 @@ function test() { Services.prefs.setBoolPref("extensions.logging.enabled", true); Services.prefs.setBoolPref("extensions.strictCompatibility", true); + Services.prefs.setBoolPref("extensions.install.requireSecureOrigin", false); Services.obs.addObserver(XPInstallObserver, "addon-install-started", false); Services.obs.addObserver(XPInstallObserver, "addon-install-blocked", false); @@ -859,6 +860,7 @@ function test() { Services.prefs.clearUserPref("extensions.logging.enabled"); Services.prefs.clearUserPref("extensions.strictCompatibility"); + Services.prefs.clearUserPref("extensions.install.requireSecureOrigin"); Services.obs.removeObserver(XPInstallObserver, "addon-install-started"); Services.obs.removeObserver(XPInstallObserver, "addon-install-blocked"); diff --git a/browser/base/content/test/general/browser_bug592338.js b/browser/base/content/test/general/browser_bug592338.js index 7b09e80b540e..4914ca621036 100644 --- a/browser/base/content/test/general/browser_bug592338.js +++ b/browser/base/content/test/general/browser_bug592338.js @@ -16,13 +16,41 @@ function wait_for_notification(aCallback) { } var TESTS = [ +function test_install_http() { + is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected"); + + var pm = Services.perms; + pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION); + + gBrowser.selectedTab = gBrowser.addTab("http://example.org/browser/browser/base/content/test/general/bug592338.html"); + gBrowser.selectedBrowser.addEventListener("pageshow", function() { + if (gBrowser.contentDocument.location.href == "about:blank") + return; + + gBrowser.selectedBrowser.removeEventListener("pageshow", arguments.callee, false); + + executeSoon(function() { + var link = gBrowser.contentDocument.getElementById("theme-install"); + EventUtils.synthesizeMouse(link, 2, 2, {}, gBrowser.contentWindow); + + is(LightweightThemeManager.currentTheme, null, "Should not have installed the test theme"); + + gBrowser.removeTab(gBrowser.selectedTab); + + pm.remove("example.org", "install"); + + runNextTest(); + }); + }, false); +}, + function test_install_lwtheme() { is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected"); var pm = Services.perms; pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION); - gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html"); + gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html"); gBrowser.selectedBrowser.addEventListener("pageshow", function() { if (gBrowser.contentDocument.location.href == "about:blank") return; @@ -54,9 +82,9 @@ function test_lwtheme_switch_theme() { Services.prefs.setBoolPref("extensions.dss.enabled", false); var pm = Services.perms; - pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION); + pm.add(makeURI("https://example.com/"), "install", pm.ALLOW_ACTION); - gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html"); + gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html"); gBrowser.selectedBrowser.addEventListener("pageshow", function() { if (gBrowser.contentDocument.location.href == "about:blank") return; diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 21dfd2cb7635..d91ae5d8a67b 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -81,6 +81,7 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest"; const PREF_XPI_PERMISSIONS_BRANCH = "xpinstall."; const PREF_XPI_UNPACK = "extensions.alwaysUnpack"; const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts"; +const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin"; const PREF_INSTALL_DISTRO_ADDONS = "extensions.installDistroAddons"; const PREF_BRANCH_INSTALLED_ADDON = "extensions.installedDistroAddon."; const PREF_SHOWN_SELECTION_UI = "extensions.shownSelectionUI"; @@ -3739,6 +3740,11 @@ this.XPIProvider = { if (requireWhitelist && (permission != Ci.nsIPermissionManager.ALLOW_ACTION)) return false; + let requireSecureOrigin = Preferences.get(PREF_INSTALL_REQUIRESECUREORIGIN, true); + let safeSchemes = ["https", "chrome", "file"]; + if (requireSecureOrigin && safeSchemes.indexOf(aUri.scheme) == -1) + return false; + return true; }, diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js b/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js index af348af0e422..869b7bdc1eed 100644 --- a/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js +++ b/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js @@ -16,13 +16,15 @@ function run_test() { Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com"); Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com"); - Services.perms.add(NetUtil.newURI("http://www.test9.com"), "install", + Services.perms.add(NetUtil.newURI("https://www.test9.com"), "install", AM_Ci.nsIPermissionManager.ALLOW_ACTION); startupManager(); + do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, + NetUtil.newURI("http://test1.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://test1.com"))); + NetUtil.newURI("https://test1.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test2.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, @@ -31,26 +33,30 @@ function run_test() { NetUtil.newURI("https://test4.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test4.com"))); + do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, + NetUtil.newURI("http://www.test5.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://www.test5.com"))); + NetUtil.newURI("https://www.test5.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("http://www.test6.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://test7.com"))); + NetUtil.newURI("https://www.test6.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://www.test8.com"))); + NetUtil.newURI("https://test7.com"))); + do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, + NetUtil.newURI("https://www.test8.com"))); // This should remain unaffected - do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://www.test9.com"))); + do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, + NetUtil.newURI("http://www.test9.com"))); do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test9.com"))); Services.perms.removeAll(); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://test1.com"))); + NetUtil.newURI("https://test1.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test2.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, @@ -58,13 +64,13 @@ function run_test() { do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test4.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://www.test5.com"))); + NetUtil.newURI("https://www.test5.com"))); // Upgrade the application and verify that the permissions are still not there restartManager("2"); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://test1.com"))); + NetUtil.newURI("https://test1.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test2.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, @@ -72,5 +78,5 @@ function run_test() { do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, NetUtil.newURI("https://www.test4.com"))); do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE, - NetUtil.newURI("http://www.test5.com"))); + NetUtil.newURI("https://www.test5.com"))); } diff --git a/toolkit/mozapps/extensions/test/xpinstall/browser_concurrent_installs.js b/toolkit/mozapps/extensions/test/xpinstall/browser_concurrent_installs.js index f8c58b66bd72..2f5334d31d21 100644 --- a/toolkit/mozapps/extensions/test/xpinstall/browser_concurrent_installs.js +++ b/toolkit/mozapps/extensions/test/xpinstall/browser_concurrent_installs.js @@ -72,12 +72,14 @@ function test() { waitForExplicitFinish(); Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true); + Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false); Services.wm.addListener(gAddonAndWindowListener); AddonManager.addInstallListener(gAddonAndWindowListener); registerCleanupFunction(function() { Services.wm.removeListener(gAddonAndWindowListener); AddonManager.removeInstallListener(gAddonAndWindowListener); Services.prefs.clearUserPref(PREF_LOGGING_ENABLED); + Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN); Services.perms.remove("example.com", "install"); Services.perms.remove("example.org", "install"); diff --git a/toolkit/mozapps/extensions/test/xpinstall/head.js b/toolkit/mozapps/extensions/test/xpinstall/head.js index 89dd586f5c5b..4372794e0b78 100644 --- a/toolkit/mozapps/extensions/test/xpinstall/head.js +++ b/toolkit/mozapps/extensions/test/xpinstall/head.js @@ -7,6 +7,7 @@ const PROMPT_URL = "chrome://global/content/commonDialog.xul"; const ADDONS_URL = "chrome://mozapps/content/extensions/extensions.xul"; const PREF_LOGGING_ENABLED = "extensions.logging.enabled"; const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts"; +const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin"; const CHROME_NAME = "mochikit"; function getChromeRoot(path) { @@ -88,6 +89,8 @@ var Harness = { waitForExplicitFinish(); this.waitingForFinish = true; + Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false); + Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true); Services.obs.addObserver(this, "addon-install-started", false); Services.obs.addObserver(this, "addon-install-disabled", false); @@ -102,6 +105,7 @@ var Harness = { var self = this; registerCleanupFunction(function() { Services.prefs.clearUserPref(PREF_LOGGING_ENABLED); + Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN); Services.obs.removeObserver(self, "addon-install-started"); Services.obs.removeObserver(self, "addon-install-disabled"); Services.obs.removeObserver(self, "addon-install-blocked");