Bug 1795710 - part 2. clean cert-revocations attachment cache. r=keeler,leplatrem,robwu

Differential Revision: https://phabricator.services.mozilla.com/D159536

security/manager/ssl/RemoteSecuritySettings.jsm

@@ -220,31 +220,36 @@ const updateCertBlocklist = async function({
 };
 
 var RemoteSecuritySettings = {
+  _initialized: false,
+  OneCRLBlocklistClient: null,
+  IntermediatePreloadsClient: null,
+  CRLiteFiltersClient: null,
+
   /**
    * Initialize the clients (cheap instantiation) and setup their sync event.
    * This static method is called from BrowserGlue.jsm soon after startup.
    *
-   * @returns {Object} intantiated clients for security remote settings.
+   * @returns {Object} instantiated clients for security remote settings.
    */
   init() {
-    const OneCRLBlocklistClient = RemoteSettings("onecrl", {
+    // Avoid repeated initialization (work-around for bug 1730026).
+    if (this._initialized) {
+      return this;
+    }
+    this._initialized = true;
+
+    this.OneCRLBlocklistClient = RemoteSettings("onecrl", {
       bucketName: SECURITY_STATE_BUCKET,
       signerName: SECURITY_STATE_SIGNER,
     });
-    OneCRLBlocklistClient.on("sync", updateCertBlocklist);
+    this.OneCRLBlocklistClient.on("sync", updateCertBlocklist);
 
-    let IntermediatePreloadsClient = new IntermediatePreloads();
-    let CRLiteFiltersClient = new CRLiteFilters();
+    this.IntermediatePreloadsClient = new IntermediatePreloads();
 
-    this.OneCRLBlocklistClient = OneCRLBlocklistClient;
-    this.IntermediatePreloadsClient = IntermediatePreloadsClient;
-    this.CRLiteFiltersClient = CRLiteFiltersClient;
+    this.CRLiteFiltersClient = new CRLiteFilters();
+    this.CRLiteFiltersClient.cleanAttachmentCache();
 
-    return {
-      OneCRLBlocklistClient,
-      IntermediatePreloadsClient,
-      CRLiteFiltersClient,
-    };
+    return this;
   },
 };
 
@@ -504,6 +509,39 @@ class CRLiteFilters {
     );
   }
 
+  async cleanAttachmentCache() {
+    // Bug 1795710 - misuse of Remote Settings `downloadToDisk` caused us to
+    // keep filters and stashes on disk indefinitely. We're no longer caching
+    // these downloads, so if there are any filters still in the cache they can
+    // be removed.
+    let cachePath = PathUtils.join(
+      PathUtils.localProfileDir,
+      ...this.client.attachments.folders
+    );
+
+    try {
+      let needCleanup = await IOUtils.exists(cachePath);
+      if (needCleanup) {
+        let cacheFiles = await IOUtils.getChildren(cachePath);
+        let staleFilters = cacheFiles.filter(
+          path => path.endsWith("filter") || path.endsWith("filter.stash")
+        );
+        if (cacheFiles.length == staleFilters.length) {
+          // Expected case. No files other than filters, we can remove the
+          // entire directory
+          await IOUtils.remove(cachePath, { recursive: true });
+        } else {
+          for (let filter of staleFilters) {
+            await IOUtils.remove(filter);
+          }
+        }
+      }
+    } catch (e) {
+      lazy.log.debug(e);
+      Cu.reportError("Could not clean cert-revocations attachment cache", e);
+    }
+  }
+
   async onObservePollEnd(subject, topic, data) {
     if (!Services.prefs.getBoolPref(CRLITE_FILTERS_ENABLED_PREF, true)) {
       lazy.log.debug("CRLite filter downloading is disabled");