Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-03 02:25:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1427726 - remove support for remote JAR files, r=michal

Browse Source 
MozReview-Commit-ID: H7aaTmj3FI1

--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 0fbe2ed07a3ccdb3693973e966e1ea3e43dd1623
This commit is contained in:
Gijs Kruitbosch 2018-02-07 13:54:39 +00:00
parent ebf35e479c
commit 1f5038413e
15 changed files with 33 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docshell/test/mochitest.ini
View File

@ -1,8 +1,6 @@
[DEFAULT]
support-files =
bug123696-subframe.html
bug369814.jar
bug369814.zip
bug404548-subframe.html
bug404548-subframe_window.html
bug413310-post.sjs
@ -16,7 +14,6 @@ support-files =
file_anchor_scroll_after_document_open.html
file_bfcache_plus_hash_1.html
file_bfcache_plus_hash_2.html
file_bug369814.html
file_bug385434_1.html
file_bug385434_2.html
file_bug385434_3.html
@ -57,7 +54,6 @@ support-files =
[test_anchor_scroll_after_document_open.html]
[test_bfcache_plus_hash.html]
[test_bug123696.html]
[test_bug369814.html]
[test_bug384014.html]
[test_bug385434.html]
[test_bug387979.html]

2
dom/base/test/mochitest.ini
View File

@ -121,7 +121,6 @@ support-files =
file_bug769117.html
file_bug782342.txt
file_bug787778.sjs
file_bug804395.jar
file_bug869432.eventsource
file_bug869432.eventsource^headers^
file_bug907892.html
@ -545,7 +544,6 @@ skip-if = toolkit == 'android' #bug 687032
[test_bug787778.html]
[test_bug789315.html]
[test_bug789856.html]
[test_bug804395.html]
[test_bug809003.html]
[test_bug810494.html]
[test_bug811701.html]

3
dom/html/test/mochitest.ini
View File

@ -19,8 +19,6 @@ support-files =
bug340800_iframe.txt
bug369370-popup.png
bug372098-link-target.html
bug392567.jar
bug392567.jar^headers^
bug441930_iframe.html
bug445004-inner.html
bug445004-inner.js
@ -251,7 +249,6 @@ skip-if = toolkit == 'android' #TIMED_OUT
[test_bug389797.html]
[test_bug390975.html]
[test_bug391994.html]
[test_bug392567.html]
[test_bug394700.html]
[test_bug395107.html]
[test_bug401160.xhtml]

1
dom/security/test/cors/mochitest.ini
View File

@ -2,7 +2,6 @@
support-files =
file_CrossSiteXHR_cache_server.sjs
file_CrossSiteXHR_inner.html
file_CrossSiteXHR_inner.jar
file_CrossSiteXHR_inner_data.sjs
file_CrossSiteXHR_server.sjs

7
dom/security/test/cors/test_CrossSiteXHR_origin.html
View File

@ -39,9 +39,6 @@ var origins =
{ server: 'http://\u03c0\u03b1\u03c1\u03ac\u03b4\u03b5\u03b9\u03b3\u03bc\u03b1.\u03b4\u03bf\u03ba\u03b9\u03bc\u03ae',
origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
},
{ origin: 'http://example.org',
file: 'jar:http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
},
{ origin: 'null',
file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs'
},
@ -162,9 +159,7 @@ function* runTest() {
}
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, function() {
gen.next();
});
gen.next();
});
</script>
</pre>

233
modules/libjar/nsJARChannel.cpp
View File

@ -194,7 +194,6 @@ nsJARInputThunk::IsNonBlocking(bool *nonBlocking)
nsJARChannel::nsJARChannel()
: mOpened(false)
, mContentDisposition(0)
, mContentLength(-1)
, mLoadFlags(LOAD_NORMAL)
, mStatus(NS_OK)
@ -202,11 +201,8 @@ nsJARChannel::nsJARChannel()
, mEnableOMT(true)
, mPendingEvent()
, mIsUnsafe(true)
, mBlockRemoteFiles(false)
{
LOG(("nsJARChannel::nsJARChannel [this=%p]\n", this));
mBlockRemoteFiles = Preferences::GetBool("network.jar.block-remote-files", false);
// hold an owning reference to the jar handler
mJarHandler = gJarHandler;
}
@ -268,7 +264,7 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
{
LOG(("nsJARChannel::CreateJarInput [this=%p]\n", this));
MOZ_ASSERT(resultInput);
MOZ_ASSERT(mJarFile || mTempMem);
MOZ_ASSERT(mJarFile);
// important to pass a clone of the file since the nsIFile impl is not
// necessarily MT-safe
@ -284,7 +280,6 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
if (mPreCachedJarReader) {
reader = mPreCachedJarReader;
} else if (jarCache) {
MOZ_ASSERT(mJarFile);
if (mInnerJarEntry.IsEmpty())
rv = jarCache->GetZip(clonedFile, getter_AddRefs(reader));
else
@ -296,12 +291,7 @@ nsJARChannel::CreateJarInput(nsIZipReaderCache *jarCache, nsJARInputThunk **resu
if (NS_FAILED(rv))
return rv;
if (mJarFile) {
rv = outerReader->Open(clonedFile);
} else {
rv = outerReader->OpenMemory(mTempMem->Elements(),
mTempMem->Length());
}
rv = outerReader->Open(clonedFile);
if (NS_FAILED(rv))
return rv;
@ -899,11 +889,7 @@ nsJARChannel::SetContentCharset(const nsACString &aContentCharset)
NS_IMETHODIMP
nsJARChannel::GetContentDisposition(uint32_t *aContentDisposition)
{
if (mContentDispositionHeader.IsEmpty())
return NS_ERROR_NOT_AVAILABLE;
*aContentDisposition = mContentDisposition;
return NS_OK;
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
@ -927,11 +913,7 @@ nsJARChannel::SetContentDispositionFilename(const nsAString &aContentDisposition
NS_IMETHODIMP
nsJARChannel::GetContentDispositionHeader(nsACString &aContentDispositionHeader)
{
if (mContentDispositionHeader.IsEmpty())
return NS_ERROR_NOT_AVAILABLE;
aContentDispositionHeader = mContentDispositionHeader;
return NS_OK;
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
@ -964,9 +946,9 @@ nsJARChannel::Open(nsIInputStream **stream)
if (NS_FAILED(rv))
return rv;
// If mJarInput was not set by LookupFile, the JAR is a remote jar.
// If mJarFile was not set by LookupFile, we can't open a channel.
if (!mJarFile) {
NS_NOTREACHED("need sync downloader");
NS_NOTREACHED("only file-backed jars are supported");
return NS_ERROR_NOT_IMPLEMENTED;
}
@ -1003,8 +985,6 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
nsContentUtils::IsSystemPrincipal(mLoadInfo->LoadingPrincipal())),
"security flags in loadInfo but asyncOpen2() not called");
LOG(("nsJARChannel::AsyncOpen [this=%p]\n", this));
NS_ENSURE_ARG_POINTER(listener);
NS_ENSURE_TRUE(!mOpened, NS_ERROR_IN_PROGRESS);
NS_ENSURE_TRUE(!mIsPending, NS_ERROR_IN_PROGRESS);
@ -1020,65 +1000,17 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
mIsPending = true;
nsresult rv = LookupFile();
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
nsCOMPtr<nsIChannel> channel;
if (!mJarFile) {
if (NS_FAILED(rv) || !mJarFile) {
// Not a local file...
// Check preferences to see if all remote jar support should be disabled
if (mBlockRemoteFiles) {
mIsUnsafe = true;
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return NS_ERROR_UNSAFE_CONTENT_TYPE;
}
// kick off an async download of the base URI...
nsCOMPtr<nsIStreamListener> downloader = new MemoryDownloader(this);
uint32_t loadFlags =
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS);
rv = NS_NewChannelInternal(getter_AddRefs(channel),
mJarBaseURI,
mLoadInfo,
nullptr, // PerformanceStorage
mLoadGroup,
mCallbacks,
loadFlags);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
rv = channel->AsyncOpen2(downloader);
}
else {
rv = channel->AsyncOpen(downloader, nullptr);
}
}
else {
rv = OpenLocalFile();
if (NS_SUCCEEDED(rv)) {
return NS_OK;
}
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return mJarFile ? rv : NS_ERROR_UNSAFE_CONTENT_TYPE;
}
rv = OpenLocalFile();
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
@ -1088,11 +1020,6 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
return rv;
}
if (mLoadGroup)
mLoadGroup->AddRequest(this, nullptr);
mOpened = true;
LOG(("nsJARChannel::AsyncOpen [this=%p] 8\n", this));
return NS_OK;
}
@ -1100,18 +1027,18 @@ NS_IMETHODIMP
nsJARChannel::AsyncOpen2(nsIStreamListener *aListener)
{
LOG(("nsJARChannel::AsyncOpen2 [this=%p]\n", this));
nsCOMPtr<nsIStreamListener> listener = aListener;
nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
nsCOMPtr<nsIStreamListener> listener = aListener;
nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
if (NS_FAILED(rv)) {
mIsPending = false;
mListenerContext = nullptr;
mListener = nullptr;
mCallbacks = nullptr;
mProgressSink = nullptr;
return rv;
}
return AsyncOpen(listener, nullptr);
return AsyncOpen(listener, nullptr);
}
//-----------------------------------------------------------------------------
@ -1210,116 +1137,6 @@ nsJARChannel::GetZipEntry(nsIZipEntry **aZipEntry)
return reader->GetEntry(mJarEntry, aZipEntry);
}
//-----------------------------------------------------------------------------
// mozilla::net::MemoryDownloader::IObserver
//-----------------------------------------------------------------------------
void
nsJARChannel::OnDownloadComplete(MemoryDownloader* aDownloader,
nsIRequest *request,
nsISupports *context,
nsresult status,
MemoryDownloader::Data aData)
{
nsresult rv;
nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
if (channel) {
uint32_t loadFlags;
channel->GetLoadFlags(&loadFlags);
if (loadFlags & LOAD_REPLACE) {
// Update our URI to reflect any redirects that happen during
// the HTTP request.
if (!mOriginalURI) {
SetOriginalURI(mJarURI);
}
nsCOMPtr<nsIURI> innerURI;
rv = channel->GetURI(getter_AddRefs(innerURI));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIJARURI> newURI;
rv = mJarURI->CloneWithJARFile(innerURI,
getter_AddRefs(newURI));
if (NS_SUCCEEDED(rv)) {
mJarURI = newURI;
}
}
if (NS_SUCCEEDED(status)) {
status = rv;
}
}
}
if (NS_SUCCEEDED(status) && channel) {
// In case the load info object has changed during a redirect,
// grab it from the target channel.
channel->GetLoadInfo(getter_AddRefs(mLoadInfo));
// Grab the security info from our base channel
channel->GetSecurityInfo(getter_AddRefs(mSecurityInfo));
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
if (httpChannel) {
// We only want to run scripts if the server really intended to
// send us a JAR file. Check the server-supplied content type for
// a JAR type.
nsAutoCString header;
Unused << httpChannel->GetResponseHeader(
NS_LITERAL_CSTRING("Content-Type"), header);
nsAutoCString contentType;
nsAutoCString charset;
NS_ParseResponseContentType(header, contentType, charset);
nsAutoCString channelContentType;
channel->GetContentType(channelContentType);
mIsUnsafe = !(contentType.Equals(channelContentType) &&
(contentType.EqualsLiteral("application/java-archive") ||
contentType.EqualsLiteral("application/x-jar")));
} else {
nsCOMPtr<nsIJARChannel> innerJARChannel(do_QueryInterface(channel));
if (innerJARChannel) {
mIsUnsafe = innerJARChannel->GetIsUnsafe();
}
}
channel->GetContentDispositionHeader(mContentDispositionHeader);
mContentDisposition = NS_GetContentDispositionFromHeader(mContentDispositionHeader, this);
}
// This is a defense-in-depth check for the preferences to see if all remote jar
// support should be disabled. This check may not be needed.
MOZ_RELEASE_ASSERT(!mBlockRemoteFiles);
if (NS_SUCCEEDED(status) && mIsUnsafe &&
!Preferences::GetBool("network.jar.open-unsafe-types", false)) {
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
}
if (NS_SUCCEEDED(status)) {
// Refuse to unpack view-source: jars even if open-unsafe-types is set.
nsCOMPtr<nsIViewSourceChannel> viewSource = do_QueryInterface(channel);
if (viewSource) {
status = NS_ERROR_UNSAFE_CONTENT_TYPE;
}
}
if (NS_SUCCEEDED(status)) {
mTempMem = Move(aData);
RefPtr<nsJARInputThunk> input;
rv = CreateJarInput(nullptr, getter_AddRefs(input));
if (NS_SUCCEEDED(rv)) {
// create input stream pump
rv = NS_NewInputStreamPump(getter_AddRefs(mPump), input.forget());
if (NS_SUCCEEDED(rv))
rv = mPump->AsyncRead(this, nullptr);
}
status = rv;
}
if (NS_FAILED(status)) {
NotifyError(status);
}
}
//-----------------------------------------------------------------------------
// nsIStreamListener
//-----------------------------------------------------------------------------

15
modules/libjar/nsJARChannel.h
View File

@ -33,7 +33,6 @@ class nsInputStreamPump;
//-----------------------------------------------------------------------------
class nsJARChannel final : public nsIJARChannel
, public mozilla::net::MemoryDownloader::IObserver
, public nsIStreamListener
, public nsIThreadRetargetableRequest
, public nsIThreadRetargetableStreamListener
@ -66,12 +65,6 @@ private:
nsresult CheckPendingEvents();
void NotifyError(nsresult aError);
void FireOnProgress(uint64_t aProgress);
virtual void OnDownloadComplete(mozilla::net::MemoryDownloader* aDownloader,
nsIRequest* aRequest,
nsISupports* aCtxt,
nsresult aStatus,
mozilla::net::MemoryDownloader::Data aData)
override;
nsCString mSpec;
@ -90,10 +83,6 @@ private:
nsCOMPtr<nsISupports> mListenerContext;
nsCString mContentType;
nsCString mContentCharset;
nsCString mContentDispositionHeader;
/* mContentDisposition is uninitialized if mContentDispositionHeader is
* empty */
uint32_t mContentDisposition;
int64_t mContentLength;
uint32_t mLoadFlags;
nsresult mStatus;
@ -108,7 +97,6 @@ private:
bool mIsUnsafe;
mozilla::net::MemoryDownloader::Data mTempMem;
nsCOMPtr<nsIInputStreamPump> mPump;
// mRequest is only non-null during OnStartRequest, so we'll have a pointer
// to the request if we get called back via RetargetDeliveryTo.
@ -122,9 +110,6 @@ private:
// use StreamTransportService as background thread
nsCOMPtr<nsIEventTarget> mWorker;
// True if this channel should not download any remote files.
bool mBlockRemoteFiles;
};
#endif // nsJARChannel_h__

0
modules/libjar/test/mochitest/bug403331.zip → modules/libjar/test/mochitest/bug1173171.zip
View File

0
modules/libjar/test/mochitest/bug403331.zip^headers^ → modules/libjar/test/mochitest/bug1173171.zip^headers^
View File

14
modules/libjar/test/mochitest/mochitest.ini
View File

@ -1,11 +1,5 @@
[DEFAULT]
support-files =
bug403331.zip
bug403331.zip^headers^
openredirect.sjs
!/dom/base/test/file_bug945152.jar
[test_bug403331.html]
[test_bug1034143_mapped.html]
run-if = os == 'linux'
[test_bug1173171.html]
[test_bug1173171.html]
support-files =
bug1173171.zip
bug1173171.zip^headers^

5
modules/libjar/test/mochitest/openredirect.sjs
View File

@ -1,5 +0,0 @@
function handleRequest(request, response)
{
response.setStatusLine(request.httpVersion, 301, "Moved Permanently");
response.setHeader("Location", request.queryString, false);
}

53
modules/libjar/test/mochitest/test_bug1034143_mapped.html
View File

@ -1,53 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1034143
-->
<head>
<meta charset="utf-8">
<title>Test for Bug 945152</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1034143">Mozilla Bug 1034143</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script type="application/javascript">
// Ensure that XMLHttpRequest's memory-mapping code can handle a case
// where the nsIJARChannel's jarFile property is null, but which is
// otherwise eligible for bug 945152's memory-mapping optimization.
function runTest() {
const jarURL = "jar:http://example.org/tests/dom/base/test/file_bug945152.jar!/data_1.txt";
let xhr = new XMLHttpRequest({ mozAnon: true, mozSystem: true });
xhr.open("GET", jarURL);
xhr.onerror = function onerror(e) {
ok(false, "JAR XHR failed: " + e.status);
SimpleTest.finish();
};
xhr.onload = function onload(e) {
ok(xhr.status == 200, "Status is 200");
let ct = xhr.getResponseHeader("Content-Type");
ok(!ct.includes("mem-mapped"), "Data is not memory-mapped");
SimpleTest.finish();
};
xhr.responseType = 'arraybuffer';
xhr.send();
}
SimpleTest.waitForExplicitFinish();
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["dom.mapped_arraybuffer.enabled", true],
["network.jar.block-remote-files", false]]}, function() {
SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], runTest);
});
});
</script>
</pre>
</body>
</html>

18
modules/libjar/test/mochitest/test_bug1173171.html
View File

@ -18,15 +18,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1173171
/** Test for Bug 1173171 **/
// __setPref(key, value)__.
// Set a pref value asynchronously, returning a prmoise that resolves
// when it succeeds.
let pushPref = function (key, value) {
return new Promise(function(resolve, reject) {
SpecialPowers.pushPrefEnv({"set": [[key, value]]}, resolve);
});
};
// __xhr(method, url, responseType__.
// A simple async XMLHttpRequest call.
// Returns a promise with the response.
@ -49,12 +40,9 @@ let jarURL = "jar:http://mochi.test:8888/tests/modules/libjar/test/mochitest/bug
// Test behavior when blocking is deactivated and activated.
add_task(async function() {
for (let shouldBlock of [false, true]) {
await pushPref("network.jar.block-remote-files", shouldBlock);
let response = await xhr("GET", jarURL, "document");
ok(shouldBlock === (response === null),
"Remote jars should be blocked if and only if the 'network.jar.block-remote-files' pref is active.");
}
let shouldBlock = true;
let response = await xhr("GET", jarURL, "document");
is(response, null, "Remote jars should be blocked.");
});
</script>

47
modules/libjar/test/mochitest/test_bug403331.html
View File

@ -1,47 +0,0 @@
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=403331
-->
<head>
<title>Test for Bug 403331</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe id="testFrame"></iframe>
<pre id="test">
<script class="testbody" type="text/javascript">
/** Test for Bug 403331 **/
SimpleTest.waitForExplicitFinish();
function runTest() {
var testFrame = document.getElementById('testFrame');
// Try a redirected load from another domain to this one.
testFrame.onload = function() {
// If properly redirected, we'll be able to access elements in the loaded
// document.
var item = testFrame.contentDocument.getElementById('testitem');
is(item.textContent, "testcontents", "Should be able to access the child document");
SimpleTest.finish();
}
testFrame.src = "jar:http://example.org:80/tests/modules/libjar/test/mochitest/openredirect.sjs?http://mochi.test:8888/tests/modules/libjar/test/mochitest/bug403331.zip!/test.html";
}
addLoadEvent(function() {
SpecialPowers.pushPrefEnv({"set": [["network.jar.block-remote-files", false]]}, runTest);
});
</script>
</pre>
</body>
</html>

7
modules/libpref/init/all.js
View File

@ -1892,13 +1892,6 @@ pref("network.websocket.delay-failed-reconnects", true);
// Equal to the DEFAULT_RECONNECTION_TIME_VALUE value in nsEventSource.cpp
pref("dom.server-events.default-reconnection-time", 5000); // in milliseconds
// If false, remote JAR files that are served with a content type other than
// application/java-archive or application/x-jar will not be opened
// by the jar channel.
pref("network.jar.open-unsafe-types", false);
// If true, loading remote JAR files using the jar: protocol will be prevented.
pref("network.jar.block-remote-files", true);
// This preference, if true, causes all UTF-8 domain names to be normalized to
// punycode. The intention is to allow UTF-8 domain names as input, but never
// generate them from punycode.