Bug 1501108 - [5.1] Ensure that the context ID string is safe for Gecko processing. r=Ehsan,geckoview-reviewers,agi

Differential Revision: https://phabricator.services.mozilla.com/D38188 --HG-- extra : moz-landing-system : lando
2019-07-21 17:36:41 +00:00 · 2019-07-21 17:36:41 +00:00 · 54c69d2380
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSessionSettings.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSessionSettings.java
@ -336,11 +336,18 @@ public final class GeckoSessionSettings implements Parcelable {
            new Key<Boolean>("fullAccessibilityTree", /* initOnly */ false, /* values */ null);

    /**
-     * Key to specify the session context ID.
+     * Internal Gecko key to specify the session context ID.
+     * Derived from `UNSAFE_CONTEXT_ID`.
     */
    private static final Key<String> CONTEXT_ID =
        new Key<String>("sessionContextId", /* initOnly */ true, /* values */ null);

+    /**
+     * User-provided key to specify the session context ID.
+     */
+    private static final Key<String> UNSAFE_CONTEXT_ID =
+        new Key<String>("unsafeSessionContextId", /* initOnly */ true, /* values */ null);
+
    private final GeckoSession mSession;
    private final GeckoBundle mBundle;

@ -375,6 +382,7 @@ public final class GeckoSessionSettings implements Parcelable {
        mBundle.putInt(VIEWPORT_MODE.name, VIEWPORT_MODE_MOBILE);
        mBundle.putInt(DISPLAY_MODE.name, DISPLAY_MODE_BROWSER);
        mBundle.putString(CONTEXT_ID.name, null);
+        mBundle.putString(UNSAFE_CONTEXT_ID.name, null);
    }

    /**
@ -473,7 +481,8 @@ public final class GeckoSessionSettings implements Parcelable {
     * @return The context ID for this session.
     */
    public @Nullable String getContextId() {
-        return getString(CONTEXT_ID);
+        // Return the user-provided unsafe string.
+        return getString(UNSAFE_CONTEXT_ID);
    }

    /**
@ -635,7 +644,8 @@ public final class GeckoSessionSettings implements Parcelable {
    }

    private void setContextId(final @Nullable String value) {
-        setString(CONTEXT_ID, value);
+        setString(UNSAFE_CONTEXT_ID, value);
+        setString(CONTEXT_ID, StorageController.createSafeSessionContextId(value));
    }

    private void setString(final Key<String> key, final String value) {
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/StorageController.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/StorageController.java
@ -8,10 +8,12 @@ package org.mozilla.geckoview;

 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
+import java.math.BigInteger;

 import android.support.annotation.AnyThread;
 import android.support.annotation.LongDef;
 import android.support.annotation.NonNull;
+import android.support.annotation.Nullable;

 import org.mozilla.gecko.EventDispatcher;
 import org.mozilla.gecko.util.GeckoBundle;
@ -175,9 +177,25 @@ public final class StorageController {
    @AnyThread
    public void clearDataForSessionContext(final @NonNull String contextId) {
        final GeckoBundle bundle = new GeckoBundle(1);
-        bundle.putString("contextId", contextId);
+        bundle.putString("contextId", createSafeSessionContextId(contextId));

        EventDispatcher.getInstance().dispatch(
            "GeckoView:ClearSessionContextData", bundle);
    }
+
+    /* package */ static @NonNull String createSafeSessionContextId(
+            final @Nullable String contextId) {
+        if (contextId == null) {
+            return null;
+        }
+        if (contextId.isEmpty()) {
+            // Let's avoid empty strings for Gecko.
+            return "gvctxempty";
+        }
+        // We don't want to restrict the session context ID string options, so to
+        // ensure that the string is safe for Gecko processing, we translate it to
+        // its hex representation.
+        return String.format("gvctx%x", new BigInteger(contextId.getBytes()))
+               .toLowerCase();
+    }
 }
--- a/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
@ -76,6 +76,11 @@ class GeckoViewNavigation extends GeckoViewModule {
    debug`sessionContextId=${this.settings.sessionContextId}`;

    if (this.settings.sessionContextId !== null) {
+      // Gecko may have issues with strings containing special characters,
+      // so we restrict the string format to a specific pattern.
+      if (!/^gvctx(-)?([a-f0-9]+)$/.test(this.settings.sessionContextId)) {
+        throw new Error("sessionContextId has illegal format");
+      }
      this.browser.webNavigation.setOriginAttributesBeforeLoading({
        geckoViewSessionContextId: this.settings.sessionContextId,
        privateBrowsingId: PrivateBrowsingUtils.isBrowserPrivate(this.browser)