Bug 1723204: Update tests to prevent crashes r=ckerschb,jdescottes,robwu

This is most commonly as a result of CU.evalInSandbox which
allows an arbitrary filename but when omitted will default
to the filename of the test, which is a filesystem path
and thus is disallowed.

Differential Revision: https://phabricator.services.mozilla.com/D122246

browser/components/migration/tests/marionette/test_refresh_firefox.py

@@ -457,7 +457,9 @@ class TestFirefoxRefresh(MarionetteTestCase):
             }
           };
 
+          Services.prefs.setBoolPref("security.allow_parent_unrestricted_js_loads", true);
           mm.loadFrameScript("data:application/javascript,(" + fs.toString() + ")()", true);
+          Services.prefs.setBoolPref("security.allow_parent_unrestricted_js_loads", false);
         """  # NOQA: E501
         )
         self.assertSequenceEqual(tabURIs, self._expectedURLs)

browser/components/newtab/test/xpcshell/test_AboutHomeStartupCacheWorker.js

@@ -141,6 +141,14 @@ add_task(async function setup() {
  * and script makes sense.
  */
 add_task(async function test_cache_worker() {
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   let state = AboutNewTab.activityStream.store.getState();
 
   let cacheWorker = new BasePromiseWorker(CACHE_WORKER_URL);

devtools/server/tests/xpcshell/xpcshell.ini

@@ -3,6 +3,10 @@ tags = devtools
 head = head_dbg.js
 firefox-appdir = browser
 skip-if = toolkit == 'android'
+# While not every devtools test uses evalInSandbox over 80 do, so it's easier to
+# set the pref for all the tests here.
+prefs =
+  security.allow_parent_unrestricted_js_loads=true
 
 support-files =
   completions.js

devtools/shared/heapsnapshot/tests/xpcshell/test_HeapSnapshot_deepStack_01.js

@@ -10,6 +10,14 @@ function stackDepth(stack) {
 }
 
 function run_test() {
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   // Create a Debugger observing a debuggee's allocations.
   const debuggee = new Cu.Sandbox(null);
   const dbg = new Debugger(debuggee);

devtools/shared/heapsnapshot/tests/xpcshell/test_ReadHeapSnapshot_with_allocations.js

@@ -13,6 +13,14 @@ if (typeof Debugger != "function") {
 }
 
 function run_test() {
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   // Create a Debugger observing a debuggee's allocations.
   const debuggee = new Cu.Sandbox(null);
   const dbg = new Debugger(debuggee);

devtools/shared/tests/xpcshell/test_isSet.js

@@ -6,6 +6,14 @@
 // Test ThreadSafeDevToolsUtils.isSet
 
 function run_test() {
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   const { isSet } = DevToolsUtils;
 
   equal(isSet(new Set()), true);

devtools/shared/webconsole/test/xpcshell/test_js_property_provider.js

@@ -3,6 +3,7 @@
 
 "use strict";
 const { require } = ChromeUtils.import("resource://devtools/shared/Loader.jsm");
+const Services = require("Services");
 const {
   FallibleJSPropertyProvider: JSPropertyProvider,
 } = require("devtools/shared/webconsole/js-property-provider");
@@ -13,6 +14,14 @@ const { addDebuggerToGlobal } = ChromeUtils.import(
 addDebuggerToGlobal(this);
 
 function run_test() {
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   const testArray = `var testArray = [
     {propA: "A"},
     {

dom/security/nsContentSecurityUtils.cpp

@@ -468,7 +468,8 @@ FilenameTypeAndDetails nsContentSecurityUtils::FilenameToFilenameType(
 #ifdef NIGHTLY_BUILD
 // Crash String must be safe from a telemetry point of view.
 // This will be ensured when this function is used.
-void PossiblyCrash(const char* pref_suffix, const nsCString crash_string) {
+void PossiblyCrash(const char* aPrefSuffix, const char* aUnsafeCrashString,
+                   const nsCString& aSafeCrashString) {
   if (MOZ_UNLIKELY(!XRE_IsParentProcess())) {
     // We only crash in the parent (unfortunately) because it's
     // the only place we can be sure that our only-crash-once
@@ -477,11 +478,11 @@ void PossiblyCrash(const char* pref_suffix, const nsCString crash_string) {
   }
 
   nsCString previous_crashes("security.crash_tracking.");
-  previous_crashes.Append(pref_suffix);
+  previous_crashes.Append(aPrefSuffix);
   previous_crashes.Append(".prevCrashes");
 
   nsCString max_crashes("security.crash_tracking.");
-  max_crashes.Append(pref_suffix);
+  max_crashes.Append(aPrefSuffix);
   max_crashes.Append(".maxCrashes");
 
   int32_t numberOfPreviousCrashes = 0;
@@ -510,7 +511,12 @@ void PossiblyCrash(const char* pref_suffix, const nsCString crash_string) {
 
   rv = prefs->SavePrefFileBlocking();
   if (!NS_FAILED(rv)) {
-    MOZ_CRASH_UNSAFE_PRINTF("%s", nsContentSecurityUtils::SmartFormatCrashString(crash_string.get()));
+    // We can only use this in local builds where we don't send stuff up to the
+    // crash reporter because it has user private data.
+    // MOZ_CRASH_UNSAFE_PRINTF("%s",
+    //                        nsContentSecurityUtils::SmartFormatCrashString(aUnsafeCrashString));
+    MOZ_CRASH_UNSAFE_PRINTF(
+        "%s", nsContentSecurityUtils::SmartFormatCrashString(aSafeCrashString.get()));
   }
 }
 #endif
@@ -1226,10 +1232,10 @@ bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
   // The details in the second arg, passed to UNSAFE_PRINTF, are also included
   // in Event Telemetry and have received data review.
   if (fileNameTypeAndDetails.second.isSome()) {
-    PossiblyCrash("js_load_1",
+    PossiblyCrash("js_load_1", aFilename,
                   NS_ConvertUTF16toUTF8(fileNameTypeAndDetails.second.value()));
   } else {
-    PossiblyCrash("js_load_1", "(None)"_ns);
+    PossiblyCrash("js_load_1", aFilename, "(None)"_ns);
   }
 #endif
 

toolkit/components/extensions/test/xpcshell/test_ext_persistent_events.js

@@ -172,6 +172,16 @@ add_task(async function setup() {
 });
 
 add_task(async function test_persistent_events() {
+  // The blob:-URL registered above in MODULE_INFO gets loaded at
+  // https://searchfox.org/mozilla-central/rev/0fec57c05d3996cc00c55a66f20dd5793a9bfb5d/toolkit/components/extensions/ExtensionCommon.jsm#1649
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("security.allow_parent_unrestricted_js_loads");
+  });
+
   await AddonTestUtils.promiseStartupManager();
 
   let extension = ExtensionTestUtils.loadExtension({

toolkit/components/extensions/test/xpcshell/test_ext_runtime_sendMessage.js

@@ -347,6 +347,10 @@ add_task(async function sendMessageResponseGC() {
   extension.sendMessage("ping");
   await extension.awaitMessage("pong");
 
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    true
+  );
   Services.ppmm.loadProcessScript("data:,Components.utils.forceGC()", false);
   await extension.awaitMessage("rejected");
 
@@ -357,6 +361,10 @@ add_task(async function sendMessageResponseGC() {
   await extension.awaitMessage("pong");
 
   Services.ppmm.loadProcessScript("data:,Components.utils.forceGC()", false);
+  Services.prefs.setBoolPref(
+    "security.allow_parent_unrestricted_js_loads",
+    false
+  );
   await extension.awaitMessage("rejected");
 
   // Test that promises from long-running tasks didn't get GCd.