зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1633710 - principal.URI in Sanitizer.jsm r=ckerschb,johannh
Differential Revision: https://phabricator.services.mozilla.com/D75801
This commit is contained in:
Sebastian Streich
Родитель
2f7bc0f0ff
Коммит
147fdbb684
|
|
@ -782,8 +782,7 @@ class PrincipalsCollector {
|
|||
let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
|
||||
origin
|
||||
);
|
||||
let uri = principal.URI;
|
||||
if (isSupportedURI(uri)) {
|
||||
if (isSupportedPrincipal(principal)) {
|
||||
list.push(principal);
|
||||
}
|
||||
}
|
||||
|
|
@ -951,13 +950,13 @@ async function sanitizeOnShutdown(progress) {
|
|||
}
|
||||
|
||||
// We consider just permissions set for http, https and file URLs.
|
||||
if (!isSupportedURI(permission.principal.URI)) {
|
||||
if (!isSupportedPrincipal(permission.principal)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
log(
|
||||
"Custom session cookie permission detected for: " +
|
||||
permission.principal.URI.spec
|
||||
permission.principal.asciiSpec
|
||||
);
|
||||
exceptions++;
|
||||
|
||||
|
|
@ -965,7 +964,7 @@ async function sanitizeOnShutdown(progress) {
|
|||
let principals = await principalsCollector.getAllPrincipals(progress);
|
||||
let selectedPrincipals = extractMatchingPrincipals(
|
||||
principals,
|
||||
permission.principal.URI
|
||||
permission.principal.host
|
||||
);
|
||||
await maybeSanitizeSessionPrincipals(progress, selectedPrincipals);
|
||||
}
|
||||
|
|
@ -974,9 +973,9 @@ async function sanitizeOnShutdown(progress) {
|
|||
}
|
||||
|
||||
// Extracts the principals matching matchUri as root domain.
|
||||
function extractMatchingPrincipals(principals, matchUri) {
|
||||
function extractMatchingPrincipals(principals, matchHost) {
|
||||
return principals.filter(principal => {
|
||||
return Services.eTLD.hasRootDomain(matchUri.host, principal.URI.host);
|
||||
return Services.eTLD.hasRootDomain(matchHost, principal.host);
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -1003,7 +1002,7 @@ async function maybeSanitizeSessionPrincipals(progress, principals) {
|
|||
}
|
||||
|
||||
function cookiesAllowedForDomainOrSubDomain(principal) {
|
||||
log("Checking principal: " + principal.URI.spec);
|
||||
log("Checking principal: " + principal.asciispec);
|
||||
|
||||
// If we have the 'cookie' permission for this principal, let's return
|
||||
// immediately.
|
||||
|
|
@ -1033,15 +1032,13 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
|
|||
}
|
||||
|
||||
// We consider just permissions set for http, https and file URLs.
|
||||
if (!isSupportedURI(perm.principal.URI)) {
|
||||
if (!isSupportedPrincipal(perm.principal)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// We don't care about scheme, port, and anything else.
|
||||
if (
|
||||
Services.eTLD.hasRootDomain(perm.principal.URI.host, principal.URI.host)
|
||||
) {
|
||||
log("Recursive cookie check on principal: " + perm.principal.URI.spec);
|
||||
if (Services.eTLD.hasRootDomain(perm.principal.host, principal.host)) {
|
||||
log("Recursive cookie check on principal: " + perm.principal.asciiSpec);
|
||||
return cookiesAllowedForDomainOrSubDomain(perm.principal);
|
||||
}
|
||||
}
|
||||
|
|
@ -1051,7 +1048,7 @@ function cookiesAllowedForDomainOrSubDomain(principal) {
|
|||
}
|
||||
|
||||
async function sanitizeSessionPrincipal(progress, principal) {
|
||||
log("Sanitizing principal: " + principal.URI.spec);
|
||||
log("Sanitizing principal: " + principal.asciispec);
|
||||
|
||||
await new Promise(resolve => {
|
||||
progress.sanitizePrincipal = "started";
|
||||
|
|
@ -1161,6 +1158,6 @@ async function clearData(range, flags) {
|
|||
}
|
||||
}
|
||||
|
||||
function isSupportedURI(uri) {
|
||||
return uri.scheme == "http" || uri.scheme == "https" || uri.scheme == "file";
|
||||
function isSupportedPrincipal(principal) {
|
||||
return ["http", "https", "file"].some(scheme => principal.schemeIs(scheme));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -255,7 +255,7 @@ interface nsIPrincipal : nsISerializable
|
|||
* Returns the "host" portion of the
|
||||
* Principals URI, if any.
|
||||
*/
|
||||
[noscript] readonly attribute ACString host;
|
||||
readonly attribute ACString host;
|
||||
|
||||
/**
|
||||
* Returns the prepath of the principals uri
|
||||
|
|
@ -277,7 +277,7 @@ interface nsIPrincipal : nsISerializable
|
|||
* WARNING: DO NOT USE FOR SECURITY CHECKS.
|
||||
* just for logging purposes!
|
||||
*/
|
||||
[noscript] readonly attribute ACString asciiSpec;
|
||||
readonly attribute ACString asciiSpec;
|
||||
|
||||
/* Returns the Pre Path of the Principals URI with
|
||||
* user:pass stripped for privacy and spoof prevention
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче