gecko-dev/devtools/shared/DevToolsUtils.js

831 строка
27 KiB
JavaScript

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* globals setImmediate, rpc */
"use strict";
/* General utilities used throughout devtools. */
var { Ci, Cu, components } = require("chrome");
var Services = require("Services");
var flags = require("./flags");
var {getStack, callFunctionWithAsyncStack} = require("devtools/shared/platform/stack");
loader.lazyRequireGetter(this, "FileUtils",
"resource://gre/modules/FileUtils.jsm", true);
// Using this name lets the eslint plugin know about lazy defines in
// this file.
var DevToolsUtils = exports;
// Re-export the thread-safe utils.
const ThreadSafeDevToolsUtils = require("./ThreadSafeDevToolsUtils.js");
for (const key of Object.keys(ThreadSafeDevToolsUtils)) {
exports[key] = ThreadSafeDevToolsUtils[key];
}
/**
* Helper for Cu.isCrossProcessWrapper that works with Debugger.Objects.
* This will always return false in workers (see the implementation in
* ThreadSafeDevToolsUtils.js).
*
* @param Debugger.Object debuggerObject
* @return bool
*/
exports.isCPOW = function(debuggerObject) {
try {
return Cu.isCrossProcessWrapper(debuggerObject.unsafeDereference());
} catch (e) { }
return false;
};
/**
* Waits for the next tick in the event loop to execute a callback.
*/
exports.executeSoon = function(fn) {
if (isWorker) {
setImmediate(fn);
} else {
let executor;
// Only enable async stack reporting when DEBUG_JS_MODULES is set
// (customized local builds) to avoid a performance penalty.
if (AppConstants.DEBUG_JS_MODULES || flags.testing) {
const stack = getStack();
executor = () => {
callFunctionWithAsyncStack(fn, stack, "DevToolsUtils.executeSoon");
};
} else {
executor = fn;
}
Services.tm.dispatchToMainThread({
run: exports.makeInfallible(executor),
});
}
};
/**
* Waits for the next tick in the event loop.
*
* @return Promise
* A promise that is resolved after the next tick in the event loop.
*/
exports.waitForTick = function() {
return new Promise(resolve => {
exports.executeSoon(resolve);
});
};
/**
* Waits for the specified amount of time to pass.
*
* @param number delay
* The amount of time to wait, in milliseconds.
* @return Promise
* A promise that is resolved after the specified amount of time passes.
*/
exports.waitForTime = function(delay) {
return new Promise(resolve => setTimeout(resolve, delay));
};
/**
* Like XPCOMUtils.defineLazyGetter, but with a |this| sensitive getter that
* allows the lazy getter to be defined on a prototype and work correctly with
* instances.
*
* @param Object object
* The prototype object to define the lazy getter on.
* @param String key
* The key to define the lazy getter on.
* @param Function callback
* The callback that will be called to determine the value. Will be
* called with the |this| value of the current instance.
*/
exports.defineLazyPrototypeGetter = function(object, key, callback) {
Object.defineProperty(object, key, {
configurable: true,
get: function() {
const value = callback.call(this);
Object.defineProperty(this, key, {
configurable: true,
writable: true,
value: value,
});
return value;
},
});
};
/**
* Safely get the property value from a Debugger.Object for a given key. Walks
* the prototype chain until the property is found.
*
* @param {Debugger.Object} object
* The Debugger.Object to get the value from.
* @param {String} key
* The key to look for.
* @param {Boolean} invokeUnsafeGetter (defaults to false).
* Optional boolean to indicate if the function should execute unsafe getter
* in order to retrieve its result's properties.
* ⚠️ This should be set to true *ONLY* on user action as it may cause side-effects
* in the content page ⚠️
* @return Any
*/
exports.getProperty = function(object, key, invokeUnsafeGetters = false) {
const root = object;
while (object && exports.isSafeDebuggerObject(object)) {
let desc;
try {
desc = object.getOwnPropertyDescriptor(key);
} catch (e) {
// The above can throw when the debuggee does not subsume the object's
// compartment, or for some WrappedNatives like Cu.Sandbox.
return undefined;
}
if (desc) {
if ("value" in desc) {
return desc.value;
}
// Call the getter if it's safe.
if (exports.hasSafeGetter(desc) || invokeUnsafeGetters === true) {
try {
return desc.get.call(root).return;
} catch (e) {
// If anything goes wrong report the error and return undefined.
exports.reportException("getProperty", e);
}
}
return undefined;
}
object = object.proto;
}
return undefined;
};
/**
* Removes all the non-opaque security wrappers of a debuggee object.
*
* @param obj Debugger.Object
* The debuggee object to be unwrapped.
* @return Debugger.Object|null|undefined
* - If the object has no wrapper, the same `obj` is returned. Note DeadObject
* objects belong to this case.
* - Otherwise, if the debuggee doesn't subsume object's compartment, returns `null`.
* - Otherwise, if the object belongs to an invisible-to-debugger compartment,
* returns `undefined`. Note CPOW objects belong to this case.
* - Otherwise, returns the unwrapped object.
*/
exports.unwrap = function unwrap(obj) {
// Check if `obj` has an opaque wrapper.
if (obj.class === "Opaque") {
return obj;
}
// Attempt to unwrap via `obj.unwrap()`. Note that:
// - This will return `null` if the debuggee does not subsume object's compartment.
// - This will throw if the object belongs to an invisible-to-debugger compartment.
// This case includes CPOWs (see bug 1391449).
// - This will return `obj` if there is no wrapper.
let unwrapped;
try {
unwrapped = obj.unwrap();
} catch (err) {
return undefined;
}
// Check if further unwrapping is not possible.
if (!unwrapped || unwrapped === obj) {
return unwrapped;
}
// Recursively remove additional security wrappers.
return unwrap(unwrapped);
};
/**
* Checks whether a debuggee object is safe. Unsafe objects may run proxy traps or throw
* when using `proto`, `isExtensible`, `isFrozen` or `isSealed`. Note that safe objects
* may still throw when calling `getOwnPropertyNames`, `getOwnPropertyDescriptor`, etc.
* Also note CPOW objects are considered to be unsafe, and DeadObject objects to be safe.
*
* @param obj Debugger.Object
* The debuggee object to be checked.
* @return boolean
*/
exports.isSafeDebuggerObject = function(obj) {
const unwrapped = exports.unwrap(obj);
// Objects belonging to an invisible-to-debugger compartment might be proxies,
// so just in case consider them unsafe. CPOWs are included in this case.
if (unwrapped === undefined) {
return false;
}
// If the debuggee does not subsume the object's compartment, most properties won't
// be accessible. Cross-origin Window and Location objects might expose some, though.
// Therefore, it must be considered safe. Note that proxy objects have fully opaque
// security wrappers, so proxy traps won't run in this case.
if (unwrapped === null) {
return true;
}
// Proxy objects can run traps when accessed. `isProxy` getter is called on `unwrapped`
// instead of on `obj` in order to detect proxies behind transparent wrappers.
if (unwrapped.isProxy) {
return false;
}
return true;
};
/**
* Determines if a descriptor has a getter which doesn't call into JavaScript.
*
* @param Object desc
* The descriptor to check for a safe getter.
* @return Boolean
* Whether a safe getter was found.
*/
exports.hasSafeGetter = function(desc) {
// Scripted functions that are CCWs will not appear scripted until after
// unwrapping.
let fn = desc.get;
fn = fn && exports.unwrap(fn);
return fn && fn.callable && fn.class == "Function" && fn.script === undefined;
};
/**
* Check that the property value from a Debugger.Object for a given key is an unsafe
* getter or not. Walks the prototype chain until the property is found.
*
* @param {Debugger.Object} object
* The Debugger.Object to check on.
* @param {String} key
* The key to look for.
* @param {Boolean} invokeUnsafeGetter (defaults to false).
* Optional boolean to indicate if the function should execute unsafe getter
* in order to retrieve its result's properties.
* @return Boolean
*/
exports.isUnsafeGetter = function(object, key) {
while (object && exports.isSafeDebuggerObject(object)) {
let desc;
try {
desc = object.getOwnPropertyDescriptor(key);
} catch (e) {
// The above can throw when the debuggee does not subsume the object's
// compartment, or for some WrappedNatives like Cu.Sandbox.
return false;
}
if (desc) {
if (Object.getOwnPropertyNames(desc).includes("get")) {
return !exports.hasSafeGetter(desc);
}
}
object = object.proto;
}
return false;
};
/**
* Check if it is safe to read properties and execute methods from the given JS
* object. Safety is defined as being protected from unintended code execution
* from content scripts (or cross-compartment code).
*
* See bugs 945920 and 946752 for discussion.
*
* @type Object obj
* The object to check.
* @return Boolean
* True if it is safe to read properties from obj, or false otherwise.
*/
exports.isSafeJSObject = function(obj) {
// If we are running on a worker thread, Cu is not available. In this case,
// we always return false, just to be on the safe side.
if (isWorker) {
return false;
}
if (Cu.getGlobalForObject(obj) ==
Cu.getGlobalForObject(exports.isSafeJSObject)) {
// obj is not a cross-compartment wrapper.
return true;
}
// Xray wrappers protect against unintended code execution.
if (Cu.isXrayWrapper(obj)) {
return true;
}
// If there aren't Xrays, only allow chrome objects.
const principal = Cu.getObjectPrincipal(obj);
if (!principal.isSystemPrincipal) {
return false;
}
// Scripted proxy objects without Xrays can run their proxy traps.
if (Cu.isProxy(obj)) {
return false;
}
// Even if `obj` looks safe, an unsafe object in its prototype chain may still
// run unintended code, e.g. when using the `instanceof` operator.
const proto = Object.getPrototypeOf(obj);
if (proto && !exports.isSafeJSObject(proto)) {
return false;
}
// Allow non-problematic chrome objects.
return true;
};
/**
* Dump with newline - This is a logging function that will only output when
* the preference "devtools.debugger.log" is set to true. Typically it is used
* for logging the remote debugging protocol calls.
*/
exports.dumpn = function(str) {
if (flags.wantLogging) {
dump("DBG-SERVER: " + str + "\n");
}
};
/**
* Dump verbose - This is a verbose logger for low-level tracing, that is typically
* used to provide information about the remote debugging protocol's transport
* mechanisms. The logging can be enabled by changing the preferences
* "devtools.debugger.log" and "devtools.debugger.log.verbose" to true.
*/
exports.dumpv = function(msg) {
if (flags.wantVerbose) {
exports.dumpn(msg);
}
};
/**
* Defines a getter on a specified object that will be created upon first use.
*
* @param object
* The object to define the lazy getter on.
* @param name
* The name of the getter to define on object.
* @param lambda
* A function that returns what the getter should return. This will
* only ever be called once.
*/
exports.defineLazyGetter = function(object, name, lambda) {
Object.defineProperty(object, name, {
get: function() {
delete object[name];
object[name] = lambda.apply(object);
return object[name];
},
configurable: true,
enumerable: true,
});
};
DevToolsUtils.defineLazyGetter(this, "AppConstants", () => {
if (isWorker) {
return {};
}
return require("resource://gre/modules/AppConstants.jsm").AppConstants;
});
/**
* No operation. The empty function.
*/
exports.noop = function() { };
let assertionFailureCount = 0;
Object.defineProperty(exports, "assertionFailureCount", {
get() {
return assertionFailureCount;
},
});
function reallyAssert(condition, message) {
if (!condition) {
assertionFailureCount++;
const err = new Error("Assertion failure: " + message);
exports.reportException("DevToolsUtils.assert", err);
throw err;
}
}
/**
* DevToolsUtils.assert(condition, message)
*
* @param Boolean condition
* @param String message
*
* Assertions are enabled when any of the following are true:
* - This is a DEBUG_JS_MODULES build
* - flags.testing is set to true
*
* If assertions are enabled, then `condition` is checked and if false-y, the
* assertion failure is logged and then an error is thrown.
*
* If assertions are not enabled, then this function is a no-op.
*/
Object.defineProperty(exports, "assert", {
get: () => (AppConstants.DEBUG_JS_MODULES || flags.testing)
? reallyAssert
: exports.noop,
});
/**
* Defines a getter on a specified object for a module. The module will not
* be imported until first use.
*
* @param object
* The object to define the lazy getter on.
* @param name
* The name of the getter to define on object for the module.
* @param resource
* The URL used to obtain the module.
* @param symbol
* The name of the symbol exported by the module.
* This parameter is optional and defaults to name.
*/
exports.defineLazyModuleGetter = function(object, name, resource, symbol) {
this.defineLazyGetter(object, name, function() {
const temp = {};
ChromeUtils.import(resource, temp);
return temp[symbol || name];
});
};
DevToolsUtils.defineLazyGetter(this, "NetUtil", () => {
return require("resource://gre/modules/NetUtil.jsm").NetUtil;
});
DevToolsUtils.defineLazyGetter(this, "OS", () => {
return require("resource://gre/modules/osfile.jsm").OS;
});
DevToolsUtils.defineLazyGetter(this, "NetworkHelper", () => {
return require("devtools/shared/webconsole/network-helper");
});
/**
* Performs a request to load the desired URL and returns a promise.
*
* @param urlIn String
* The URL we will request.
* @param aOptions Object
* An object with the following optional properties:
* - loadFromCache: if false, will bypass the cache and
* always load fresh from the network (default: true)
* - policy: the nsIContentPolicy type to apply when fetching the URL
* (only works when loading from system principal)
* - window: the window to get the loadGroup from
* - charset: the charset to use if the channel doesn't provide one
* - principal: the principal to use, if omitted, the request is loaded
* with a codebase principal corresponding to the url being
* loaded, using the origin attributes of the window, if any.
* - cacheKey: when loading from cache, use this key to retrieve a cache
* specific to a given SHEntry. (Allows loading POST
* requests from cache)
* @returns Promise that resolves with an object with the following members on
* success:
* - content: the document at that URL, as a string,
* - contentType: the content type of the document
*
* If an error occurs, the promise is rejected with that error.
*
* XXX: It may be better to use nsITraceableChannel to get to the sources
* without relying on caching when we can (not for eval, etc.):
* http://www.softwareishard.com/blog/firebug/nsitraceablechannel-intercept-http-traffic/
*/
function mainThreadFetch(urlIn, aOptions = { loadFromCache: true,
policy: Ci.nsIContentPolicy.TYPE_OTHER,
window: null,
charset: null,
principal: null,
cacheKey: 0 }) {
return new Promise((resolve, reject) =>{
// Create a channel.
const url = urlIn.split(" -> ").pop();
let channel;
try {
channel = newChannelForURL(url, aOptions);
} catch (ex) {
reject(ex);
return;
}
// Set the channel options.
channel.loadFlags = aOptions.loadFromCache
? channel.LOAD_FROM_CACHE
: channel.LOAD_BYPASS_CACHE;
// When loading from cache, the cacheKey allows us to target a specific
// SHEntry and offer ways to restore POST requests from cache.
if (aOptions.loadFromCache &&
aOptions.cacheKey != 0 && channel instanceof Ci.nsICacheInfoChannel) {
channel.cacheKey = aOptions.cacheKey;
}
if (aOptions.window) {
// Respect private browsing.
channel.loadGroup = aOptions.window.docShell
.QueryInterface(Ci.nsIDocumentLoader)
.loadGroup;
}
const onResponse = (stream, status, request) => {
if (!components.isSuccessCode(status)) {
reject(new Error(`Failed to fetch ${url}. Code ${status}.`));
return;
}
try {
// We cannot use NetUtil to do the charset conversion as if charset
// information is not available and our default guess is wrong the method
// might fail and we lose the stream data. This means we can't fall back
// to using the locale default encoding (bug 1181345).
// Read and decode the data according to the locale default encoding.
const available = stream.available();
let source = NetUtil.readInputStreamToString(stream, available);
stream.close();
// We do our own BOM sniffing here because there's no convenient
// implementation of the "decode" algorithm
// (https://encoding.spec.whatwg.org/#decode) exposed to JS.
let bomCharset = null;
if (available >= 3 && source.codePointAt(0) == 0xef &&
source.codePointAt(1) == 0xbb && source.codePointAt(2) == 0xbf) {
bomCharset = "UTF-8";
source = source.slice(3);
} else if (available >= 2 && source.codePointAt(0) == 0xfe &&
source.codePointAt(1) == 0xff) {
bomCharset = "UTF-16BE";
source = source.slice(2);
} else if (available >= 2 && source.codePointAt(0) == 0xff &&
source.codePointAt(1) == 0xfe) {
bomCharset = "UTF-16LE";
source = source.slice(2);
}
// If the channel or the caller has correct charset information, the
// content will be decoded correctly. If we have to fall back to UTF-8 and
// the guess is wrong, the conversion fails and convertToUnicode returns
// the input unmodified. Essentially we try to decode the data as UTF-8
// and if that fails, we use the locale specific default encoding. This is
// the best we can do if the source does not provide charset info.
let charset = bomCharset;
if (!charset) {
try {
charset = channel.contentCharset;
} catch (e) {
// Accessing `contentCharset` on content served by a service worker in
// non-e10s may throw.
}
}
if (!charset) {
charset = aOptions.charset || "UTF-8";
}
const unicodeSource = NetworkHelper.convertToUnicode(source, charset);
resolve({
content: unicodeSource,
contentType: request.contentType,
});
} catch (ex) {
const uri = request.originalURI;
if (ex.name === "NS_BASE_STREAM_CLOSED" && uri instanceof Ci.nsIFileURL) {
// Empty files cause NS_BASE_STREAM_CLOSED exception. Use OS.File to
// differentiate between empty files and other errors (bug 1170864).
// This can be removed when bug 982654 is fixed.
uri.QueryInterface(Ci.nsIFileURL);
const result = OS.File.read(uri.file.path).then(bytes => {
// Convert the bytearray to a String.
const decoder = new TextDecoder();
const content = decoder.decode(bytes);
// We can't detect the contentType without opening a channel
// and that failed already. This is the best we can do here.
return {
content,
contentType: "text/plain",
};
});
resolve(result);
} else {
reject(ex);
}
}
};
// Open the channel
try {
NetUtil.asyncFetch(channel, onResponse);
} catch (ex) {
reject(ex);
}
});
}
/**
* Opens a channel for given URL. Tries a bit harder than NetUtil.newChannel.
*
* @param {String} url - The URL to open a channel for.
* @param {Object} options - The options object passed to @method fetch.
* @return {nsIChannel} - The newly created channel. Throws on failure.
*/
function newChannelForURL(url, { policy, window, principal }, recursing = false) {
const securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
let uri;
try {
uri = Services.io.newURI(url);
} catch (e) {
// In the xpcshell tests, the script url is the absolute path of the test
// file, which will make a malformed URI error be thrown. Add the file
// scheme to see if it helps.
uri = Services.io.newURI("file://" + url);
}
const channelOptions = {
contentPolicyType: policy,
securityFlags: securityFlags,
uri: uri,
};
// Ensure that we have some contentPolicyType type set if one was
// not provided.
if (!channelOptions.contentPolicyType) {
channelOptions.contentPolicyType = Ci.nsIContentPolicy.TYPE_OTHER;
}
// If a window is provided, always use it's document as the loadingNode.
// This will provide the correct principal, origin attributes, service
// worker controller, etc.
if (window) {
channelOptions.loadingNode = window.document;
} else {
// If a window is not provided, then we must set a loading principal.
// If the caller did not provide a principal, then we use the URI
// to create one. Note, it's not clear what use cases require this
// and it may not be correct.
let prin = principal;
if (!prin) {
prin = Services.scriptSecurityManager
.createCodebasePrincipal(uri, {});
}
channelOptions.loadingPrincipal = prin;
}
try {
return NetUtil.newChannel(channelOptions);
} catch (e) {
// Don't infinitely recurse if newChannel keeps throwing.
if (recursing) {
throw e;
}
// In xpcshell tests on Windows, nsExternalProtocolHandler::NewChannel()
// can throw NS_ERROR_UNKNOWN_PROTOCOL if the external protocol isn't
// supported by Windows, so we also need to handle the exception here if
// parsing the URL above doesn't throw.
return newChannelForURL("file://" + url, { policy, window, principal },
/* recursing */ true);
}
}
// Fetch is defined differently depending on whether we are on the main thread
// or a worker thread.
if (this.isWorker) {
// Services is not available in worker threads, nor is there any other way
// to fetch a URL. We need to enlist the help from the main thread here, by
// issuing an rpc request, to fetch the URL on our behalf.
exports.fetch = function(url, options) {
return rpc("fetch", url, options);
};
} else {
exports.fetch = mainThreadFetch;
}
/**
* Open the file at the given path for reading.
*
* @param {String} filePath
*
* @returns Promise<nsIInputStream>
*/
exports.openFileStream = function(filePath) {
return new Promise((resolve, reject) => {
const uri = NetUtil.newURI(new FileUtils.File(filePath));
NetUtil.asyncFetch(
{ uri, loadUsingSystemPrincipal: true },
(stream, result) => {
if (!components.isSuccessCode(result)) {
reject(new Error(`Could not open "${filePath}": result = ${result}`));
return;
}
resolve(stream);
}
);
});
};
/*
* All of the flags have been moved to a different module. Make sure
* nobody is accessing them anymore, and don't write new code using
* them. We can remove this code after a while.
*/
function errorOnFlag(exports, name) {
Object.defineProperty(exports, name, {
get: () => {
const msg = `Cannot get the flag ${name}. ` +
`Use the "devtools/shared/flags" module instead`;
console.error(msg);
throw new Error(msg);
},
set: () => {
const msg = `Cannot set the flag ${name}. ` +
`Use the "devtools/shared/flags" module instead`;
console.error(msg);
throw new Error(msg);
},
});
}
errorOnFlag(exports, "testing");
errorOnFlag(exports, "wantLogging");
errorOnFlag(exports, "wantVerbose");
// Calls the property with the given `name` on the given `object`, where
// `name` is a string, and `object` a Debugger.Object instance.
//
// This function uses only the Debugger.Object API to call the property. It
// avoids the use of unsafeDeference. This is useful for example in workers,
// where unsafeDereference will return an opaque security wrapper to the
// referent.
function callPropertyOnObject(object, name, ...args) {
// Find the property.
let descriptor;
let proto = object;
do {
descriptor = proto.getOwnPropertyDescriptor(name);
if (descriptor !== undefined) {
break;
}
proto = proto.proto;
} while (proto !== null);
if (descriptor === undefined) {
throw new Error("No such property");
}
const value = descriptor.value;
if (typeof value !== "object" || value === null || !("callable" in value)) {
throw new Error("Not a callable object.");
}
// Call the property.
const result = value.call(object, ...args);
if (result === null) {
throw new Error("Code was terminated.");
}
if ("throw" in result) {
throw result.throw;
}
return result.return;
}
exports.callPropertyOnObject = callPropertyOnObject;
// Convert a Debugger.Object wrapping an iterator into an iterator in the
// debugger's realm.
function* makeDebuggeeIterator(object) {
while (true) {
const nextValue = callPropertyOnObject(object, "next");
if (exports.getProperty(nextValue, "done")) {
break;
}
yield exports.getProperty(nextValue, "value");
}
}
exports.makeDebuggeeIterator = makeDebuggeeIterator;
/**
* Shared helper to retrieve the topmost window. This can be used to retrieve the chrome
* window embedding the DevTools frame.
*/
function getTopWindow(win) {
return win.windowRoot ? win.windowRoot.ownerGlobal : win.top;
}
exports.getTopWindow = getTopWindow;