Bug 1128126 - Enforce safe schemes in isInstallAllowed. r=Mossop

This commit is contained in:
Blair McBride 2015-02-10 15:47:50 +13:00
Родитель aa5b5a05e4
Коммит 06584886b6
7 изменённых файлов: 66 добавлений и 14 удалений

Просмотреть файл

@ -370,6 +370,10 @@ var LightWeightThemeWebInstaller = {
var pm = Services.perms;
var uri = node.ownerDocument.documentURIObject;
if (!uri.schemeIs("https"))
return false;
return pm.testPermission(uri, "install") == pm.ALLOW_ACTION;
},

Просмотреть файл

@ -840,6 +840,7 @@ function test() {
Services.prefs.setBoolPref("extensions.logging.enabled", true);
Services.prefs.setBoolPref("extensions.strictCompatibility", true);
Services.prefs.setBoolPref("extensions.install.requireSecureOrigin", false);
Services.obs.addObserver(XPInstallObserver, "addon-install-started", false);
Services.obs.addObserver(XPInstallObserver, "addon-install-blocked", false);
@ -859,6 +860,7 @@ function test() {
Services.prefs.clearUserPref("extensions.logging.enabled");
Services.prefs.clearUserPref("extensions.strictCompatibility");
Services.prefs.clearUserPref("extensions.install.requireSecureOrigin");
Services.obs.removeObserver(XPInstallObserver, "addon-install-started");
Services.obs.removeObserver(XPInstallObserver, "addon-install-blocked");

Просмотреть файл

@ -16,13 +16,41 @@ function wait_for_notification(aCallback) {
}
var TESTS = [
function test_install_http() {
is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected");
var pm = Services.perms;
pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION);
gBrowser.selectedTab = gBrowser.addTab("http://example.org/browser/browser/base/content/test/general/bug592338.html");
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
if (gBrowser.contentDocument.location.href == "about:blank")
return;
gBrowser.selectedBrowser.removeEventListener("pageshow", arguments.callee, false);
executeSoon(function() {
var link = gBrowser.contentDocument.getElementById("theme-install");
EventUtils.synthesizeMouse(link, 2, 2, {}, gBrowser.contentWindow);
is(LightweightThemeManager.currentTheme, null, "Should not have installed the test theme");
gBrowser.removeTab(gBrowser.selectedTab);
pm.remove("example.org", "install");
runNextTest();
});
}, false);
},
function test_install_lwtheme() {
is(LightweightThemeManager.currentTheme, null, "Should be no lightweight theme selected");
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html");
gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html");
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
if (gBrowser.contentDocument.location.href == "about:blank")
return;
@ -54,9 +82,9 @@ function test_lwtheme_switch_theme() {
Services.prefs.setBoolPref("extensions.dss.enabled", false);
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
pm.add(makeURI("https://example.com/"), "install", pm.ALLOW_ACTION);
gBrowser.selectedTab = gBrowser.addTab("http://example.com/browser/browser/base/content/test/general/bug592338.html");
gBrowser.selectedTab = gBrowser.addTab("https://example.com/browser/browser/base/content/test/general/bug592338.html");
gBrowser.selectedBrowser.addEventListener("pageshow", function() {
if (gBrowser.contentDocument.location.href == "about:blank")
return;

Просмотреть файл

@ -81,6 +81,7 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest";
const PREF_XPI_PERMISSIONS_BRANCH = "xpinstall.";
const PREF_XPI_UNPACK = "extensions.alwaysUnpack";
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin";
const PREF_INSTALL_DISTRO_ADDONS = "extensions.installDistroAddons";
const PREF_BRANCH_INSTALLED_ADDON = "extensions.installedDistroAddon.";
const PREF_SHOWN_SELECTION_UI = "extensions.shownSelectionUI";
@ -3739,6 +3740,11 @@ this.XPIProvider = {
if (requireWhitelist && (permission != Ci.nsIPermissionManager.ALLOW_ACTION))
return false;
let requireSecureOrigin = Preferences.get(PREF_INSTALL_REQUIRESECUREORIGIN, true);
let safeSchemes = ["https", "chrome", "file"];
if (requireSecureOrigin && safeSchemes.indexOf(aUri.scheme) == -1)
return false;
return true;
},

Просмотреть файл

@ -16,13 +16,15 @@ function run_test() {
Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com");
Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com");
Services.perms.add(NetUtil.newURI("http://www.test9.com"), "install",
Services.perms.add(NetUtil.newURI("https://www.test9.com"), "install",
AM_Ci.nsIPermissionManager.ALLOW_ACTION);
startupManager();
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://test1.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://test1.com")));
NetUtil.newURI("https://test1.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test2.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
@ -31,26 +33,30 @@ function run_test() {
NetUtil.newURI("https://test4.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test4.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test5.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test5.com")));
NetUtil.newURI("https://www.test5.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test6.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://test7.com")));
NetUtil.newURI("https://www.test6.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test8.com")));
NetUtil.newURI("https://test7.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test8.com")));
// This should remain unaffected
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test9.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test9.com")));
do_check_true(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test9.com")));
Services.perms.removeAll();
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://test1.com")));
NetUtil.newURI("https://test1.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test2.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
@ -58,13 +64,13 @@ function run_test() {
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test4.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test5.com")));
NetUtil.newURI("https://www.test5.com")));
// Upgrade the application and verify that the permissions are still not there
restartManager("2");
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://test1.com")));
NetUtil.newURI("https://test1.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test2.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
@ -72,5 +78,5 @@ function run_test() {
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("https://www.test4.com")));
do_check_false(AddonManager.isInstallAllowed(XPI_MIMETYPE,
NetUtil.newURI("http://www.test5.com")));
NetUtil.newURI("https://www.test5.com")));
}

Просмотреть файл

@ -72,12 +72,14 @@ function test() {
waitForExplicitFinish();
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false);
Services.wm.addListener(gAddonAndWindowListener);
AddonManager.addInstallListener(gAddonAndWindowListener);
registerCleanupFunction(function() {
Services.wm.removeListener(gAddonAndWindowListener);
AddonManager.removeInstallListener(gAddonAndWindowListener);
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN);
Services.perms.remove("example.com", "install");
Services.perms.remove("example.org", "install");

Просмотреть файл

@ -7,6 +7,7 @@ const PROMPT_URL = "chrome://global/content/commonDialog.xul";
const ADDONS_URL = "chrome://mozapps/content/extensions/extensions.xul";
const PREF_LOGGING_ENABLED = "extensions.logging.enabled";
const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin";
const CHROME_NAME = "mochikit";
function getChromeRoot(path) {
@ -88,6 +89,8 @@ var Harness = {
waitForExplicitFinish();
this.waitingForFinish = true;
Services.prefs.setBoolPref(PREF_INSTALL_REQUIRESECUREORIGIN, false);
Services.prefs.setBoolPref(PREF_LOGGING_ENABLED, true);
Services.obs.addObserver(this, "addon-install-started", false);
Services.obs.addObserver(this, "addon-install-disabled", false);
@ -102,6 +105,7 @@ var Harness = {
var self = this;
registerCleanupFunction(function() {
Services.prefs.clearUserPref(PREF_LOGGING_ENABLED);
Services.prefs.clearUserPref(PREF_INSTALL_REQUIRESECUREORIGIN);
Services.obs.removeObserver(self, "addon-install-started");
Services.obs.removeObserver(self, "addon-install-disabled");
Services.obs.removeObserver(self, "addon-install-blocked");