зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1128126 - Enforce safe schemes in isInstallAllowed. r=Mossop
This commit is contained in:
Blair McBride
Родитель
aa5b5a05e4
Коммит
06584886b6
|
|
@ -370,6 +370,10 @@ var LightWeightThemeWebInstaller = {
|
||||||
var pm = Services.perms;
|
var pm = Services.perms;
|
||||||
|
|
||||||
var uri = node.ownerDocument.documentURIObject;
|
var uri = node.ownerDocument.documentURIObject;
|
||||||
|
|
||||||
|
if (!uri.schemeIs("https"))
|
||||||
|
return false;
|
||||||
|
|
||||||
return pm.testPermission(uri, "install") == pm.ALLOW_ACTION;
|
return pm.testPermission(uri, "install") == pm.ALLOW_ACTION;
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -840,6 +840,7 @@ function test() {
|
||||||
|
|
||||||
Services.prefs.setBoolPref("extensions.logging.enabled", true);
|
Services.prefs.setBoolPref("extensions.logging.enabled", true);
|
||||||
Services.prefs.setBoolPref("extensions.strictCompatibility", true);
|
Services.prefs.setBoolPref("extensions.strictCompatibility", true);
|
||||||
|
Services.prefs.setBoolPref("extensions.install.requireSecureOrigin", false);
|
||||||
|
|
||||||
Services.obs.addObserver(XPInstallObserver, "addon-install-started", false);
|
Services.obs.addObserver(XPInstallObserver, "addon-install-started", false);
|
||||||
Services.obs.addObserver(XPInstallObserver, "addon-install-blocked", false);
|
Services.obs.addObserver(XPInstallObserver, "addon-install-blocked", false);
|
||||||
|
|
@ -859,6 +860,7 @@ function test() {
|
||||||
|
|
||||||
Services.prefs.clearUserPref("extensions.logging.enabled");
|
Services.prefs.clearUserPref("extensions.logging.enabled");
|
||||||
Services.prefs.clearUserPref("extensions.strictCompatibility");
|
Services.prefs.clearUserPref("extensions.strictCompatibility");
|
||||||
|
Services.prefs.clearUserPref("extensions.install.requireSecureOrigin");
|
||||||
|
|
||||||
Services.obs.removeObserver(XPInstallObserver, "addon-install-started");
|
Services.obs.removeObserver(XPInstallObserver, "addon-install-started");
|
||||||
Services.obs.removeObserver(XPInstallObserver, "addon-install-blocked");
|
Services.obs.removeObserver(XPInstallObserver, "addon-install-blocked");
|
||||||
|
|
|
||||||
|
|
@ -16,13 +16,41 @@ function wait_for_notification(aCallback) {
|
||||||
}
|
}
|
||||||
|
|
||||||
var TESTS = [
|
var TESTS = [
|
||||||
|
function test_install_http() {
|
||||||
|
is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected");
|
||||||
|
|
||||||
|
var pm = Services.perms;
|
||||||
|
pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION);
|
||||||
|
|
||||||
|
gBrowser.selectedTab = gBrowser.addTab("http://example.org/browser/browser/base/content/test/general/bug592338.html");
|
||||||
|
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
|
||||||
|
if (gBrowser.contentDocument.location.href == "about:blank")
|
||||||
|
return;
|
||||||
|
|
||||||
|
gBrowser.selectedBrowser.removeEventListener("pageshow", arguments.callee, false);
|
||||||
|
|
||||||
|
executeSoon(function() {
|
||||||
|
var link = gBrowser.contentDocument.getElementById("theme-install");
|
||||||
|
EventUtils.synthesizeMouse(link, 2, 2, {}, gBrowser.contentWindow);
|
||||||
|
|
||||||
|
is(LightweightThemeManager.currentTheme, null, "Should not have installed the test theme");
|
||||||
|
|
||||||
|
gBrowser.removeTab(gBrowser.selectedTab);
|
||||||
|
|
||||||
|
pm.remove("example.org", "install");
|
||||||
|
|
||||||
|
runNextTest();
|
||||||
|
});
|
||||||
|
}, false);
|
||||||
|
},
|
||||||
|
|
||||||
function test_install_lwtheme() {
|
function test_install_lwtheme() {
|
||||||
is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected");
|
is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected");
|
||||||
|
|
||||||
var pm = Services.perms;
|
var pm = Services.perms;
|
||||||
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
|
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
|
||||||
|
|
||||||
gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html");
|
gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html");
|
||||||
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
|
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
|
||||||
if (gBrowser.contentDocument.location.href == "about:blank")
|
if (gBrowser.contentDocument.location.href == "about:blank")
|
||||||
return;
|
return;
|
||||||
|
|
@ -54,9 +82,9 @@ function test_lwtheme_switch_theme() {
|
||||||
Services.prefs.setBoolPref("extensions.dss.enabled", false);
|
Services.prefs.setBoolPref("extensions.dss.enabled", false);
|
||||||
|
|
||||||
var pm = Services.perms;
|
var pm = Services.perms;
|
||||||
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
|
pm.add(makeURI("https://example.com/"), "install", pm.ALLOW_ACTION);
|
||||||
|
|
||||||
gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html");
|
gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html");
|
||||||
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
|
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
|
||||||
if (gBrowser.contentDocument.location.href == "about:blank")
|
if (gBrowser.contentDocument.location.href == "about:blank")
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
|
|
@ -81,6 +81,7 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest";
|
||||||
const PREF_XPI_PERMISSIONS_BRANCH = "xpinstall.";
|
const PREF_XPI_PERMISSIONS_BRANCH = "xpinstall.";
|
||||||
const PREF_XPI_UNPACK = "extensions.alwaysUnpack";
|
const PREF_XPI_UNPACK = "extensions.alwaysUnpack";
|
||||||
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
|
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
|
||||||
|
const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin";
|
||||||
const PREF_INSTALL_DISTRO_ADDONS = "extensions.installDistroAddons";
|
const PREF_INSTALL_DISTRO_ADDONS = "extensions.installDistroAddons";
|
||||||
const PREF_BRANCH_INSTALLED_ADDON = "extensions.installedDistroAddon.";
|
const PREF_BRANCH_INSTALLED_ADDON = "extensions.installedDistroAddon.";
|
||||||
const PREF_SHOWN_SELECTION_UI = "extensions.shownSelectionUI";
|
const PREF_SHOWN_SELECTION_UI = "extensions.shownSelectionUI";
|
||||||
|
|
@ -3739,6 +3740,11 @@ this.XPIProvider = {
|
||||||
if (requireWhitelist && (permission != Ci.nsIPermissionManager.ALLOW_ACTION))
|
if (requireWhitelist && (permission != Ci.nsIPermissionManager.ALLOW_ACTION))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
let requireSecureOrigin = Preferences.get(PREF_INSTALL_REQUIRESECUREORIGIN, true);
|
||||||
|
let safeSchemes = ["https", "chrome", "file"];
|
||||||
|
if (requireSecureOrigin && safeSchemes.indexOf(aUri.scheme) == -1)
|
||||||
|
return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,13 +16,15 @@ function run_test() {
|
||||||
Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com");
|
Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com");
|
||||||
Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com");
|
Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com");
|
||||||
|
|
||||||
Services.perms.add(NetUtil.newURI("http://www.test9.com"), "install",
|
Services.perms.add(NetUtil.newURI("https://www.test9.com"), "install",
|
||||||
AM_Ci.nsIPermissionManager.ALLOW_ACTION);
|
AM_Ci.nsIPermissionManager.ALLOW_ACTION);
|
||||||
|
|
||||||
startupManager();
|
startupManager();
|
||||||
|
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://test1.com")));
|
NetUtil.newURI("http://test1.com")));
|
||||||
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
NetUtil.newURI("https://test1.com")));
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test2.com")));
|
NetUtil.newURI("https://www.test2.com")));
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
|
@ -31,18 +33,22 @@ function run_test() {
|
||||||
NetUtil.newURI("https://test4.com")));
|
NetUtil.newURI("https://test4.com")));
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test4.com")));
|
NetUtil.newURI("https://www.test4.com")));
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test5.com")));
|
NetUtil.newURI("http://www.test5.com")));
|
||||||
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
NetUtil.newURI("https://www.test5.com")));
|
||||||
|
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test6.com")));
|
NetUtil.newURI("http://www.test6.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://test7.com")));
|
NetUtil.newURI("https://www.test6.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test8.com")));
|
NetUtil.newURI("https://test7.com")));
|
||||||
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
NetUtil.newURI("https://www.test8.com")));
|
||||||
|
|
||||||
// This should remain unaffected
|
// This should remain unaffected
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test9.com")));
|
NetUtil.newURI("http://www.test9.com")));
|
||||||
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test9.com")));
|
NetUtil.newURI("https://www.test9.com")));
|
||||||
|
|
@ -50,7 +56,7 @@ function run_test() {
|
||||||
Services.perms.removeAll();
|
Services.perms.removeAll();
|
||||||
|
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://test1.com")));
|
NetUtil.newURI("https://test1.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test2.com")));
|
NetUtil.newURI("https://www.test2.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
|
@ -58,13 +64,13 @@ function run_test() {
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test4.com")));
|
NetUtil.newURI("https://www.test4.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test5.com")));
|
NetUtil.newURI("https://www.test5.com")));
|
||||||
|
|
||||||
// Upgrade the application and verify that the permissions are still not there
|
// Upgrade the application and verify that the permissions are still not there
|
||||||
restartManager("2");
|
restartManager("2");
|
||||||
|
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://test1.com")));
|
NetUtil.newURI("https://test1.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test2.com")));
|
NetUtil.newURI("https://www.test2.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
|
|
@ -72,5 +78,5 @@ function run_test() {
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("https://www.test4.com")));
|
NetUtil.newURI("https://www.test4.com")));
|
||||||
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
|
||||||
NetUtil.newURI("http://www.test5.com")));
|
NetUtil.newURI("https://www.test5.com")));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -72,12 +72,14 @@ function test() {
|
||||||
waitForExplicitFinish();
|
waitForExplicitFinish();
|
||||||
|
|
||||||
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
|
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
|
||||||
|
Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false);
|
||||||
Services.wm.addListener(gAddonAndWindowListener);
|
Services.wm.addListener(gAddonAndWindowListener);
|
||||||
AddonManager.addInstallListener(gAddonAndWindowListener);
|
AddonManager.addInstallListener(gAddonAndWindowListener);
|
||||||
registerCleanupFunction(function() {
|
registerCleanupFunction(function() {
|
||||||
Services.wm.removeListener(gAddonAndWindowListener);
|
Services.wm.removeListener(gAddonAndWindowListener);
|
||||||
AddonManager.removeInstallListener(gAddonAndWindowListener);
|
AddonManager.removeInstallListener(gAddonAndWindowListener);
|
||||||
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
|
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
|
||||||
|
Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN);
|
||||||
|
|
||||||
Services.perms.remove("example.com", "install");
|
Services.perms.remove("example.com", "install");
|
||||||
Services.perms.remove("example.org", "install");
|
Services.perms.remove("example.org", "install");
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ const PROMPT_URL = "chrome://global/content/commonDialog.xul";
|
||||||
const ADDONS_URL = "chrome://mozapps/content/extensions/extensions.xul";
|
const ADDONS_URL = "chrome://mozapps/content/extensions/extensions.xul";
|
||||||
const PREF_LOGGING_ENABLED = "extensions.logging.enabled";
|
const PREF_LOGGING_ENABLED = "extensions.logging.enabled";
|
||||||
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
|
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
|
||||||
|
const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin";
|
||||||
const CHROME_NAME = "mochikit";
|
const CHROME_NAME = "mochikit";
|
||||||
|
|
||||||
function getChromeRoot(path) {
|
function getChromeRoot(path) {
|
||||||
|
|
@ -88,6 +89,8 @@ var Harness = {
|
||||||
waitForExplicitFinish();
|
waitForExplicitFinish();
|
||||||
this.waitingForFinish = true;
|
this.waitingForFinish = true;
|
||||||
|
|
||||||
|
Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false);
|
||||||
|
|
||||||
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
|
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
|
||||||
Services.obs.addObserver(this, "addon-install-started", false);
|
Services.obs.addObserver(this, "addon-install-started", false);
|
||||||
Services.obs.addObserver(this, "addon-install-disabled", false);
|
Services.obs.addObserver(this, "addon-install-disabled", false);
|
||||||
|
|
@ -102,6 +105,7 @@ var Harness = {
|
||||||
var self = this;
|
var self = this;
|
||||||
registerCleanupFunction(function() {
|
registerCleanupFunction(function() {
|
||||||
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
|
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
|
||||||
|
Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN);
|
||||||
Services.obs.removeObserver(self, "addon-install-started");
|
Services.obs.removeObserver(self, "addon-install-started");
|
||||||
Services.obs.removeObserver(self, "addon-install-disabled");
|
Services.obs.removeObserver(self, "addon-install-disabled");
|
||||||
Services.obs.removeObserver(self, "addon-install-blocked");
|
Services.obs.removeObserver(self, "addon-install-blocked");
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче