зеркало из https://github.com/mozilla/gecko-dev.git
Bug 826992 - Avoid hardcoded clientId in SafeBrowsing.jsm. r=Mossop,r=mfinkle,r=gcp
This commit is contained in:
Родитель
2c30c14aae
Коммит
a6e0fafb44
|
@ -31,9 +31,12 @@ DEFINES += \
|
|||
-DNEWWINDOW_ICO=\"$(DIST)/branding/newwindow.ico\" \
|
||||
-DNEWTAB_ICO=\"$(DIST)/branding/newtab.ico\" \
|
||||
-DPBMODE_ICO=\"$(DIST)/branding/pbmode.ico\" \
|
||||
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZILLA_OFFICIAL
|
||||
DEFINES += -DMOZILLA_OFFICIAL
|
||||
endif
|
||||
|
||||
ifdef LIBXUL_SDK #{
|
||||
PREF_JS_EXPORTS += $(srcdir)/profile/channel-prefs.js
|
||||
DEFINES += -DLIBXUL_SDK
|
||||
|
|
|
@ -734,6 +734,12 @@ pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-erro
|
|||
pref("browser.safebrowsing.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
|
||||
pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
|
||||
|
||||
#ifdef MOZILLA_OFFICIAL
|
||||
// Normally the "client ID" sent in updates is appinfo.name, but for
|
||||
// official Firefox releases from Mozilla we use a special identifier.
|
||||
pref("browser.safebrowsing.id", "navclient-auto-ffox");
|
||||
#endif
|
||||
|
||||
// Name of the about: page contributed by safebrowsing to handle display of error
|
||||
// pages on phishing/malware hits. (bug 399233)
|
||||
pref("urlclassifier.alternate_error_page", "blocked");
|
||||
|
|
|
@ -46,6 +46,7 @@ DEFINES += \
|
|||
-DAPP_NAME=$(MOZ_APP_NAME) \
|
||||
-DAPP_VERSION=$(MOZ_APP_VERSION) \
|
||||
-DMOZ_UPDATER=$(MOZ_UPDATER) \
|
||||
-DMOZ_APP_UA_NAME=$(MOZ_APP_UA_NAME) \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_PKG_SPECIAL
|
||||
|
|
|
@ -573,6 +573,8 @@ pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-erro
|
|||
pref("browser.safebrowsing.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
|
||||
pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
|
||||
|
||||
pref("browser.safebrowsing.id", @MOZ_APP_UA_NAME@);
|
||||
|
||||
// Name of the about: page contributed by safebrowsing to handle display of error
|
||||
// pages on phishing/malware hits. (bug 399233)
|
||||
pref("urlclassifier.alternate_error_page", "blocked");
|
||||
|
|
|
@ -39,14 +39,4 @@ EXTRA_COMPONENTS = \
|
|||
BlocklistPrompt.js \
|
||||
$(NULL)
|
||||
|
||||
ifdef MOZ_SAFE_BROWSING
|
||||
DEFINES += \
|
||||
-DMOZ_APP_UA_NAME=$(MOZ_APP_UA_NAME) \
|
||||
$(NULL)
|
||||
|
||||
EXTRA_PP_JS_MODULES = \
|
||||
SafeBrowsing.jsm \
|
||||
$(NULL)
|
||||
endif
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
|
|
@ -1,182 +0,0 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
this.EXPORTED_SYMBOLS = ["SafeBrowsing"];
|
||||
|
||||
const Cc = Components.classes;
|
||||
const Ci = Components.interfaces;
|
||||
const Cu = Components.utils;
|
||||
|
||||
Cu.import("resource://gre/modules/Services.jsm");
|
||||
|
||||
const phishingList = "goog-phish-shavar";
|
||||
const malwareList = "goog-malware-shavar";
|
||||
|
||||
var debug = false;
|
||||
|
||||
function log(...stuff) {
|
||||
if (!debug)
|
||||
return;
|
||||
|
||||
let msg = "SafeBrowsing: " + stuff.join(" ");
|
||||
Services.console.logStringMessage(msg);
|
||||
dump(msg + "\n");
|
||||
}
|
||||
|
||||
this.SafeBrowsing = {
|
||||
|
||||
init: function() {
|
||||
if (this.initialized) {
|
||||
log("Already initialized");
|
||||
return;
|
||||
}
|
||||
|
||||
Services.prefs.addObserver("browser.safebrowsing", this.readPrefs, false);
|
||||
this.readPrefs();
|
||||
|
||||
// Register our two types of tables, and add custom Mozilla entries
|
||||
let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
|
||||
getService(Ci.nsIUrlListManager);
|
||||
listManager.registerTable(phishingList, false);
|
||||
listManager.registerTable(malwareList, false);
|
||||
this.addMozEntries();
|
||||
|
||||
this.controlUpdateChecking();
|
||||
this.initialized = true;
|
||||
|
||||
log("init() finished");
|
||||
},
|
||||
|
||||
|
||||
initialized: false,
|
||||
phishingEnabled: false,
|
||||
malwareEnabled: false,
|
||||
|
||||
updateURL: null,
|
||||
keyURL: null,
|
||||
gethashURL: null,
|
||||
|
||||
reportURL: null,
|
||||
reportGenericURL: null,
|
||||
reportErrorURL: null,
|
||||
reportPhishURL: null,
|
||||
reportMalwareURL: null,
|
||||
reportMalwareErrorURL: null,
|
||||
|
||||
|
||||
getReportURL: function(kind) {
|
||||
return this["report" + kind + "URL"];
|
||||
},
|
||||
|
||||
|
||||
readPrefs: function() {
|
||||
log("reading prefs");
|
||||
|
||||
debug = Services.prefs.getBoolPref("browser.safebrowsing.debug");
|
||||
this.phishingEnabled = Services.prefs.getBoolPref("browser.safebrowsing.enabled");
|
||||
this.malwareEnabled = Services.prefs.getBoolPref("browser.safebrowsing.malware.enabled");
|
||||
this.updateProviderURLs();
|
||||
|
||||
// XXX The listManager backend gets confused if this is called before the
|
||||
// lists are registered. So only call it here when a pref changes, and not
|
||||
// when doing initialization. I expect to refactor this later, so pardon the hack.
|
||||
if (this.initialized)
|
||||
this.controlUpdateChecking();
|
||||
},
|
||||
|
||||
|
||||
updateProviderURLs: function() {
|
||||
#ifdef USE_HISTORIC_SAFEBROWSING_ID
|
||||
let clientID = "navclient-auto-ffox";
|
||||
#else
|
||||
#expand let clientID = __MOZ_APP_UA_NAME__;
|
||||
#endif
|
||||
|
||||
log("initializing safe browsing URLs");
|
||||
let basePref = "browser.safebrowsing.";
|
||||
|
||||
// Urls to HTML report pages
|
||||
this.reportURL = Services.urlFormatter.formatURLPref(basePref + "reportURL");
|
||||
this.reportGenericURL = Services.urlFormatter.formatURLPref(basePref + "reportGenericURL");
|
||||
this.reportErrorURL = Services.urlFormatter.formatURLPref(basePref + "reportErrorURL");
|
||||
this.reportPhishURL = Services.urlFormatter.formatURLPref(basePref + "reportPhishURL");
|
||||
this.reportMalwareURL = Services.urlFormatter.formatURLPref(basePref + "reportMalwareURL");
|
||||
this.reportMalwareErrorURL = Services.urlFormatter.formatURLPref(basePref + "reportMalwareErrorURL");
|
||||
|
||||
// Urls used to update DB
|
||||
this.updateURL = Services.urlFormatter.formatURLPref(basePref + "updateURL");
|
||||
this.keyURL = Services.urlFormatter.formatURLPref(basePref + "keyURL");
|
||||
this.gethashURL = Services.urlFormatter.formatURLPref(basePref + "gethashURL");
|
||||
|
||||
this.updateURL = this.updateURL.replace("SAFEBROWSING_ID", clientID);
|
||||
this.keyURL = this.keyURL.replace("SAFEBROWSING_ID", clientID);
|
||||
this.gethashURL = this.gethashURL.replace("SAFEBROWSING_ID", clientID);
|
||||
|
||||
let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
|
||||
getService(Ci.nsIUrlListManager);
|
||||
|
||||
listManager.setUpdateUrl(this.updateURL);
|
||||
// XXX Bug 779317 - setKeyUrl has the side effect of fetching a key from the server.
|
||||
// This shouldn't happen if anti-phishing/anti-malware is disabled.
|
||||
if (this.phishingEnabled || this.malwareEnabled)
|
||||
listManager.setKeyUrl(this.keyURL);
|
||||
listManager.setGethashUrl(this.gethashURL);
|
||||
},
|
||||
|
||||
|
||||
controlUpdateChecking: function() {
|
||||
log("phishingEnabled:", this.phishingEnabled, "malwareEnabled:", this.malwareEnabled);
|
||||
|
||||
let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
|
||||
getService(Ci.nsIUrlListManager);
|
||||
|
||||
if (this.phishingEnabled)
|
||||
listManager.enableUpdate(phishingList);
|
||||
else
|
||||
listManager.disableUpdate(phishingList);
|
||||
|
||||
if (this.malwareEnabled)
|
||||
listManager.enableUpdate(malwareList);
|
||||
else
|
||||
listManager.disableUpdate(malwareList);
|
||||
},
|
||||
|
||||
|
||||
addMozEntries: function() {
|
||||
// Add test entries to the DB.
|
||||
// XXX bug 779008 - this could be done by DB itself?
|
||||
const phishURL = "mozilla.org/firefox/its-a-trap.html";
|
||||
const malwareURL = "mozilla.org/firefox/its-an-attack.html";
|
||||
|
||||
let update = "n:1000\ni:test-malware-simple\nad:1\n" +
|
||||
"a:1:32:" + malwareURL.length + "\n" +
|
||||
malwareURL;
|
||||
update += "n:1000\ni:test-phish-simple\nad:1\n" +
|
||||
"a:1:32:" + phishURL.length + "\n" +
|
||||
phishURL;
|
||||
log("addMozEntries:", update);
|
||||
|
||||
let db = Cc["@mozilla.org/url-classifier/dbservice;1"].
|
||||
getService(Ci.nsIUrlClassifierDBService);
|
||||
|
||||
// nsIUrlClassifierUpdateObserver
|
||||
let dummyListener = {
|
||||
updateUrlRequested: function() { },
|
||||
streamFinished: function() { },
|
||||
updateError: function() { },
|
||||
updateSuccess: function() { }
|
||||
};
|
||||
|
||||
try {
|
||||
db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple", "");
|
||||
db.beginStream("", "");
|
||||
db.updateStream(update);
|
||||
db.finishStream();
|
||||
db.finishUpdate();
|
||||
} catch(ex) {
|
||||
// beginUpdate will throw harmlessly if there's an existing update in progress, ignore failures.
|
||||
log("addMozEntries failed!", ex);
|
||||
}
|
||||
},
|
||||
};
|
|
@ -18,14 +18,6 @@ LIBXUL_LIBRARY = 1
|
|||
FORCE_STATIC_LIB = 1
|
||||
FAIL_ON_WARNINGS = 1
|
||||
|
||||
# Normally the "client ID" sent in updates is appinfo.name, but for
|
||||
# official Firefox releases from Mozilla we use a special identifier.
|
||||
ifdef MOZILLA_OFFICIAL
|
||||
ifdef MOZ_PHOENIX
|
||||
DEFINES += -DUSE_HISTORIC_SAFEBROWSING_ID=1
|
||||
endif
|
||||
endif
|
||||
|
||||
XPIDLSRCS = \
|
||||
nsIUrlClassifierDBService.idl \
|
||||
nsIUrlClassifierHashCompleter.idl \
|
||||
|
@ -65,7 +57,7 @@ EXTRA_PP_COMPONENTS = \
|
|||
nsUrlClassifierListManager.js \
|
||||
$(NULL)
|
||||
|
||||
EXTRA_PP_JS_MODULES = \
|
||||
EXTRA_JS_MODULES = \
|
||||
SafeBrowsing.jsm \
|
||||
$(NULL)
|
||||
|
||||
|
|
|
@ -86,11 +86,11 @@ this.SafeBrowsing = {
|
|||
|
||||
|
||||
updateProviderURLs: function() {
|
||||
#ifdef USE_HISTORIC_SAFEBROWSING_ID
|
||||
let clientID = "navclient-auto-ffox";
|
||||
#else
|
||||
let clientID = Services.appinfo.name;
|
||||
#endif
|
||||
try {
|
||||
var clientID = Services.prefs.getCharPref("browser.safebrowsing.id");
|
||||
} catch(e) {
|
||||
var clientID = Services.appinfo.name;
|
||||
}
|
||||
|
||||
log("initializing safe browsing URLs");
|
||||
let basePref = "browser.safebrowsing.";
|
||||
|
|
Загрузка…
Ссылка в новой задаче