Bug 1597704 - Move is OriginPotentially Trustworthy into Principal r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D53830

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Sebastian Streich 2019-11-26 16:00:49 +00:00
Родитель 0ab8b21981
Коммит a22a53ebb2
15 изменённых файлов: 60 добавлений и 103 удалений

Просмотреть файл

@ -24,6 +24,7 @@
#include "mozilla/dom/BlobURLProtocolHandler.h" #include "mozilla/dom/BlobURLProtocolHandler.h"
#include "mozilla/dom/ChromeUtils.h" #include "mozilla/dom/ChromeUtils.h"
#include "mozilla/dom/ToJSValue.h" #include "mozilla/dom/ToJSValue.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "json/json.h" #include "json/json.h"
#include "nsSerializationHelper.h" #include "nsSerializationHelper.h"
@ -470,6 +471,21 @@ BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) {
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
MOZ_ASSERT(NS_IsMainThread());
*aResult = false;
nsCOMPtr<nsIURI> uri;
nsresult rv = GetURI(getter_AddRefs(uri));
if (NS_FAILED(rv) || !uri) {
return NS_OK;
}
*aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
BasePrincipal::GetAboutModuleFlags(uint32_t* flags) { BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
*flags = 0; *flags = 0;

Просмотреть файл

@ -131,6 +131,7 @@ class BasePrincipal : public nsJSPrincipals {
NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override; NS_IMETHOD GetSiteOrigin(nsACString& aOrigin) override;
NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override; NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override; NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
nsresult ToJSON(nsACString& aJSON); nsresult ToJSON(nsACString& aJSON);
static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON); static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);

Просмотреть файл

@ -141,6 +141,11 @@ NullPrincipal::GetURI(nsIURI** aURI) {
uri.forget(aURI); uri.forget(aURI);
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
NullPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
*aResult = false;
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
NullPrincipal::GetDomain(nsIURI** aDomain) { NullPrincipal::GetDomain(nsIURI** aDomain) {

Просмотреть файл

@ -51,6 +51,7 @@ class NullPrincipal final : public BasePrincipal {
NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override; NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
uint32_t GetHashValue() override; uint32_t GetHashValue() override;
NS_IMETHOD GetURI(nsIURI** aURI) override; NS_IMETHOD GetURI(nsIURI** aURI) override;
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
NS_IMETHOD GetDomain(nsIURI** aDomain) override; NS_IMETHOD GetDomain(nsIURI** aDomain) override;
NS_IMETHOD SetDomain(nsIURI* aDomain) override; NS_IMETHOD SetDomain(nsIURI* aDomain) override;
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override; NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;

Просмотреть файл

@ -51,6 +51,12 @@ SystemPrincipal::GetURI(nsIURI** aURI) {
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
SystemPrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
*aResult = true;
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
SystemPrincipal::GetDomain(nsIURI** aDomain) { SystemPrincipal::GetDomain(nsIURI** aDomain) {
*aDomain = nullptr; *aDomain = nullptr;

Просмотреть файл

@ -44,6 +44,7 @@ class SystemPrincipal final : public BasePrincipal {
NS_IMETHOD SetDomain(nsIURI* aDomain) override; NS_IMETHOD SetDomain(nsIURI* aDomain) override;
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override; NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
NS_IMETHOD GetAddonId(nsAString& aAddonId) override; NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
virtual nsresult GetScriptLocation(nsACString& aStr) override; virtual nsresult GetScriptLocation(nsACString& aStr) override;

Просмотреть файл

@ -231,6 +231,18 @@ interface nsIPrincipal : nsISerializable
*/ */
bool IsURIInPrefList(in string pref); bool IsURIInPrefList(in string pref);
/**
* Implementation of
* https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
*
* The value returned by this method feeds into the the Secure Context
* algorithm that determins the value of Window.isSecureContext and
* WorkerGlobalScope.isSecureContext.
*
* This method returns false instead of throwing upon errors.
*/
readonly attribute bool IsOriginPotentiallyTrustworthy;
/** /**
* Returns the Flags of the Principals * Returns the Flags of the Principals
* associated AboutModule, in case there is one. * associated AboutModule, in case there is one.

Просмотреть файл

@ -8891,18 +8891,9 @@ bool nsContentUtils::HttpsStateIsModern(Document* aDocument) {
MOZ_ASSERT(principal->GetIsContentPrincipal()); MOZ_ASSERT(principal->GetIsContentPrincipal());
nsCOMPtr<nsIContentSecurityManager> csm = bool isTrustworthyOrigin = false;
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
NS_WARNING_ASSERTION(csm, "csm is null"); return isTrustworthyOrigin;
if (csm) {
bool isTrustworthyOrigin = false;
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
if (isTrustworthyOrigin) {
return true;
}
}
return false;
} }
/* static */ /* static */
@ -8932,15 +8923,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
return false; return false;
} }
nsCOMPtr<nsIContentSecurityManager> csm = bool isTrustworthyOrigin = false;
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
NS_WARNING_ASSERTION(csm, "csm is null"); return isTrustworthyOrigin;
if (csm) {
bool isTrustworthyOrigin = false;
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
return isTrustworthyOrigin;
}
return true;
} }
/* static */ /* static */

Просмотреть файл

@ -1693,18 +1693,9 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument,
} }
} }
nsCOMPtr<nsIContentSecurityManager> csm = bool isTrustworthyOrigin = false;
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID); principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
NS_WARNING_ASSERTION(csm, "csm is null"); return isTrustworthyOrigin;
if (csm) {
bool isTrustworthyOrigin = false;
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
if (isTrustworthyOrigin) {
return true;
}
}
return false;
} }
// We need certain special behavior for remote XUL whitelisted domains, but we // We need certain special behavior for remote XUL whitelisted domains, but we

Просмотреть файл

@ -42,15 +42,4 @@ interface nsIContentSecurityManager : nsISupports
nsIStreamListener performSecurityCheck(in nsIChannel aChannel, nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
in nsIStreamListener aStreamListener); in nsIStreamListener aStreamListener);
/**
* Implementation of
* https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
*
* The value returned by this method feeds into the the Secure Context
* algorithm that determins the value of Window.isSecureContext and
* WorkerGlobalScope.isSecureContext.
*
* This method returns false instead of throwing upon errors.
*/
boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
}; };

Просмотреть файл

@ -509,14 +509,8 @@ bool PresentationRequest::IsPrioriAuthenticatedURL(const nsAString& aUrl) {
return false; return false;
} }
nsCOMPtr<nsIContentSecurityManager> csm =
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
if (NS_WARN_IF(!csm)) {
return false;
}
bool isTrustworthyOrigin = false; bool isTrustworthyOrigin = false;
csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin); principal->GetIsOriginPotentiallyTrustworthy(&isTrustworthyOrigin);
return isTrustworthyOrigin; return isTrustworthyOrigin;
} }

Просмотреть файл

@ -1051,30 +1051,3 @@ nsContentSecurityManager::PerformSecurityCheck(
inAndOutListener.forget(outStreamListener); inAndOutListener.forget(outStreamListener);
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
nsContentSecurityManager::IsOriginPotentiallyTrustworthy(
nsIPrincipal* aPrincipal, bool* aIsTrustWorthy) {
MOZ_ASSERT(NS_IsMainThread());
NS_ENSURE_ARG_POINTER(aPrincipal);
NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
if (aPrincipal->IsSystemPrincipal()) {
*aIsTrustWorthy = true;
return NS_OK;
}
*aIsTrustWorthy = false;
if (aPrincipal->GetIsNullPrincipal()) {
return NS_OK;
}
MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(),
"Nobody is expected to call us with an nsIExpandedPrincipal");
nsCOMPtr<nsIURI> uri;
nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
*aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
return NS_OK;
}

Просмотреть файл

@ -70,8 +70,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
rv = nsScriptSecurityManager::GetScriptSecurityManager() rv = nsScriptSecurityManager::GetScriptSecurityManager()
->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin)); ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
bool isPotentiallyTrustworthy = false; bool isPotentiallyTrustworthy = false;
rv = csManager->IsOriginPotentiallyTrustworthy(prin, rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
&isPotentiallyTrustworthy);
ASSERT_EQ(NS_OK, rv); ASSERT_EQ(NS_OK, rv);
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult); ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
} }
@ -82,14 +81,10 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithSystemPrincipal)
RefPtr<nsScriptSecurityManager> ssManager = RefPtr<nsScriptSecurityManager> ssManager =
nsScriptSecurityManager::GetScriptSecurityManager(); nsScriptSecurityManager::GetScriptSecurityManager();
ASSERT_TRUE(!!ssManager); ASSERT_TRUE(!!ssManager);
nsCOMPtr<nsIContentSecurityManager> csManager =
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
ASSERT_TRUE(!!csManager);
nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal(); nsCOMPtr<nsIPrincipal> sysPrin = nsContentUtils::GetSystemPrincipal();
bool isPotentiallyTrustworthy; bool isPotentiallyTrustworthy;
nsresult rv = csManager->IsOriginPotentiallyTrustworthy( nsresult rv =
sysPrin, &isPotentiallyTrustworthy); sysPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
ASSERT_EQ(rv, NS_OK); ASSERT_EQ(rv, NS_OK);
ASSERT_TRUE(isPotentiallyTrustworthy); ASSERT_TRUE(isPotentiallyTrustworthy);
} }
@ -99,15 +94,12 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithNullPrincipal)
RefPtr<nsScriptSecurityManager> ssManager = RefPtr<nsScriptSecurityManager> ssManager =
nsScriptSecurityManager::GetScriptSecurityManager(); nsScriptSecurityManager::GetScriptSecurityManager();
ASSERT_TRUE(!!ssManager); ASSERT_TRUE(!!ssManager);
nsCOMPtr<nsIContentSecurityManager> csManager =
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
ASSERT_TRUE(!!csManager);
RefPtr<NullPrincipal> nullPrin = RefPtr<NullPrincipal> nullPrin =
NullPrincipal::CreateWithoutOriginAttributes(); NullPrincipal::CreateWithoutOriginAttributes();
bool isPotentiallyTrustworthy; bool isPotentiallyTrustworthy;
nsresult rv = csManager->IsOriginPotentiallyTrustworthy( nsresult rv =
nullPrin, &isPotentiallyTrustworthy); nullPrin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
ASSERT_EQ(rv, NS_OK); ASSERT_EQ(rv, NS_OK);
ASSERT_TRUE(!isPotentiallyTrustworthy); ASSERT_TRUE(!isPotentiallyTrustworthy);
} }

Просмотреть файл

@ -49,18 +49,12 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
]) { ]) {
let uri = NetUtil.newURI(uriSpec); let uri = NetUtil.newURI(uriSpec);
let principal = gScriptSecurityManager.createContentPrincipal(uri, {}); let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
Assert.equal( Assert.equal(principal.IsOriginPotentiallyTrustworthy, expectedResult);
gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
expectedResult
);
} }
// And now let's test whether .onion sites are properly treated when // And now let's test whether .onion sites are properly treated when
// whitelisted, see bug 1382359. // whitelisted, see bug 1382359.
Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true); Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
let uri = NetUtil.newURI("http://1234567890abcdef.onion/"); let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
let principal = gScriptSecurityManager.createContentPrincipal(uri, {}); let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
Assert.equal( Assert.equal(principal.IsOriginPotentiallyTrustworthy, true);
gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
true
);
}); });

Просмотреть файл

@ -162,11 +162,8 @@ void ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel) {
return; return;
} }
nsCOMPtr<nsIContentSecurityManager> csm =
do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
bool secure; bool secure;
rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure); rv = principal->GetIsOriginPotentiallyTrustworthy(&secure);
if (NS_WARN_IF(NS_FAILED(rv)) || !secure) { if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
return; return;
} }