mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-20 00:35:44 +00:00
Bug 1582512 - Register a ScriptValidationCallback to examine script loads in the parent process r=Gijs,ckerschb
Additionally, we disable validation on PAC scripts. Differential Revision: https://phabricator.services.mozilla.com/D46500 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
bca23013ac
commit
4f9313ba4e
@ -516,6 +516,8 @@ pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
|
|||||||
pref("security.allow_eval_with_system_principal", false);
|
pref("security.allow_eval_with_system_principal", false);
|
||||||
pref("security.allow_eval_in_parent_process", false);
|
pref("security.allow_eval_in_parent_process", false);
|
||||||
|
|
||||||
|
pref("security.allow_parent_unrestricted_js_loads", false);
|
||||||
|
|
||||||
#ifdef NIGHTLY_BUILD
|
#ifdef NIGHTLY_BUILD
|
||||||
pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
|
pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
|
||||||
#else
|
#else
|
||||||
|
@ -18,6 +18,7 @@
|
|||||||
# include <wininet.h>
|
# include <wininet.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "mozilla/Logging.h"
|
||||||
#include "mozilla/dom/Document.h"
|
#include "mozilla/dom/Document.h"
|
||||||
#include "mozilla/StaticPrefs_extensions.h"
|
#include "mozilla/StaticPrefs_extensions.h"
|
||||||
|
|
||||||
@ -676,3 +677,46 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
|
|||||||
"about: page must not contain a CSP including 'unsafe-inline'");
|
"about: page must not contain a CSP including 'unsafe-inline'");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* static */
|
||||||
|
bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
|
||||||
|
bool aIsSystemRealm) {
|
||||||
|
// If the pref is permissive, allow everything
|
||||||
|
if (StaticPrefs::security_allow_parent_unrestricted_js_loads()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If we're not in the parent process allow everything (presently)
|
||||||
|
if (!XRE_IsE10sParentProcess()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
NS_ConvertUTF8toUTF16 filenameU(aFilename);
|
||||||
|
|
||||||
|
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
|
||||||
|
// If it's a chrome:// url, allow it
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("resource://"))) {
|
||||||
|
// If it's a resource:// url, allow it
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("file://"))) {
|
||||||
|
// We will temporarily allow all file:// URIs through for now
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("jar:file://"))) {
|
||||||
|
// We will temporarily allow all jar URIs through for now
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Log to MOZ_LOG
|
||||||
|
MOZ_LOG(sCSMLog, LogLevel::Info,
|
||||||
|
("ValidateScriptFilename System:%i %s\n", (aIsSystemRealm ? 1 : 0),
|
||||||
|
aFilename));
|
||||||
|
|
||||||
|
// Presently we are not enforcing any restrictions for the script filename,
|
||||||
|
// we're only reporting Telemetry. In the future we will assert in debug
|
||||||
|
// builds and return false to prevent execution in non-debug builds.
|
||||||
|
return true;
|
||||||
|
}
|
@ -38,6 +38,9 @@ class nsContentSecurityUtils {
|
|||||||
#if defined(DEBUG)
|
#if defined(DEBUG)
|
||||||
static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
|
static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static bool ValidateScriptFilename(const char* aFilename,
|
||||||
|
bool aIsSystemRealm);
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* nsContentSecurityUtils_h___ */
|
#endif /* nsContentSecurityUtils_h___ */
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
#include "mozJSComponentLoader.h"
|
#include "mozJSComponentLoader.h"
|
||||||
#include "nsAutoPtr.h"
|
#include "nsAutoPtr.h"
|
||||||
#include "nsNetUtil.h"
|
#include "nsNetUtil.h"
|
||||||
|
#include "nsContentSecurityUtils.h"
|
||||||
|
|
||||||
#include "nsExceptionHandler.h"
|
#include "nsExceptionHandler.h"
|
||||||
#include "nsIMemoryInfoDumper.h"
|
#include "nsIMemoryInfoDumper.h"
|
||||||
@ -3072,6 +3073,10 @@ void XPCJSRuntime::Initialize(JSContext* cx) {
|
|||||||
JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
|
JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
|
||||||
this);
|
this);
|
||||||
JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
|
JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
|
||||||
|
if (XRE_IsE10sParentProcess()) {
|
||||||
|
JS::SetFilenameValidationCallback(
|
||||||
|
nsContentSecurityUtils::ValidateScriptFilename);
|
||||||
|
}
|
||||||
js::SetPreserveWrapperCallback(cx, PreserveWrapper);
|
js::SetPreserveWrapperCallback(cx, PreserveWrapper);
|
||||||
JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
|
JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
|
||||||
JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);
|
JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);
|
||||||
|
@ -7374,6 +7374,13 @@
|
|||||||
value: 40
|
value: 40
|
||||||
mirror: always
|
mirror: always
|
||||||
|
|
||||||
|
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
|
||||||
|
# not allowed for Firefox Desktop in firefox.js
|
||||||
|
- name: security.allow_parent_unrestricted_js_loads
|
||||||
|
type: RelaxedAtomicBool
|
||||||
|
value: true
|
||||||
|
mirror: always
|
||||||
|
|
||||||
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
|
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
|
||||||
# not allowed for Firefox Desktop in firefox.js
|
# not allowed for Firefox Desktop in firefox.js
|
||||||
- name: security.allow_eval_with_system_principal
|
- name: security.allow_eval_with_system_principal
|
||||||
|
@ -728,6 +728,7 @@ nsresult ProxyAutoConfig::SetupJS() {
|
|||||||
|
|
||||||
auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
|
auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
|
||||||
JS::CompileOptions options(cx);
|
JS::CompileOptions options(cx);
|
||||||
|
options.setSkipFilenameValidation(true);
|
||||||
options.setFileAndLine(this->mPACURI.get(), 1);
|
options.setFileAndLine(this->mPACURI.get(), 1);
|
||||||
|
|
||||||
// Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,
|
// Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,
|
||||||
|
Loading…
Reference in New Issue
Block a user