Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-20 00:35:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1582512 - Register a ScriptValidationCallback to examine script loads in the parent process r=Gijs,ckerschb

Browse Source 
Additionally, we disable validation on PAC scripts.

Differential Revision: https://phabricator.services.mozilla.com/D46500

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Tom Ritter 2019-12-02 17:27:09 +00:00
parent bca23013ac
commit 4f9313ba4e
6 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
browser/app/profile/firefox.js
View File

@ -516,6 +516,8 @@ pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
pref("security.allow_eval_with_system_principal", false); pref("security.allow_eval_with_system_principal", false);
pref("security.allow_eval_in_parent_process", false); pref("security.allow_eval_in_parent_process", false);
pref("security.allow_parent_unrestricted_js_loads", false);
#ifdef NIGHTLY_BUILD #ifdef NIGHTLY_BUILD
pref("browser.tabs.remote.useHTTPResponseProcessSelection", true); pref("browser.tabs.remote.useHTTPResponseProcessSelection", true);
#else #else

44
dom/security/nsContentSecurityUtils.cpp
View File

@ -18,6 +18,7 @@
# include <wininet.h> # include <wininet.h>
#endif #endif
#include "mozilla/Logging.h"
#include "mozilla/dom/Document.h" #include "mozilla/dom/Document.h"
#include "mozilla/StaticPrefs_extensions.h" #include "mozilla/StaticPrefs_extensions.h"
@ -676,3 +677,46 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
"about: page must not contain a CSP including 'unsafe-inline'"); "about: page must not contain a CSP including 'unsafe-inline'");
} }
#endif #endif
/* static */
bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename,
bool aIsSystemRealm) {
// If the pref is permissive, allow everything
if (StaticPrefs::security_allow_parent_unrestricted_js_loads()) {
return true;
}
// If we're not in the parent process allow everything (presently)
if (!XRE_IsE10sParentProcess()) {
return true;
}
NS_ConvertUTF8toUTF16 filenameU(aFilename);
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("chrome://"))) {
// If it's a chrome:// url, allow it
return true;
}
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("resource://"))) {
// If it's a resource:// url, allow it
return true;
}
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("file://"))) {
// We will temporarily allow all file:// URIs through for now
return true;
}
if (StringBeginsWith(filenameU, NS_LITERAL_STRING("jar:file://"))) {
// We will temporarily allow all jar URIs through for now
return true;
}
// Log to MOZ_LOG
MOZ_LOG(sCSMLog, LogLevel::Info,
("ValidateScriptFilename System:%i %s\n", (aIsSystemRealm ? 1 : 0),
aFilename));
// Presently we are not enforcing any restrictions for the script filename,
// we're only reporting Telemetry. In the future we will assert in debug
// builds and return false to prevent execution in non-debug builds.
return true;
}

3
dom/security/nsContentSecurityUtils.h
View File

@ -38,6 +38,9 @@ class nsContentSecurityUtils {
#if defined(DEBUG) #if defined(DEBUG)
static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument); static void AssertAboutPageHasCSP(mozilla::dom::Document* aDocument);
#endif #endif
static bool ValidateScriptFilename(const char* aFilename,
bool aIsSystemRealm);
}; };
#endif /* nsContentSecurityUtils_h___ */ #endif /* nsContentSecurityUtils_h___ */

5
js/xpconnect/src/XPCJSRuntime.cpp
View File

@ -20,6 +20,7 @@
#include "mozJSComponentLoader.h" #include "mozJSComponentLoader.h"
#include "nsAutoPtr.h" #include "nsAutoPtr.h"
#include "nsNetUtil.h" #include "nsNetUtil.h"
#include "nsContentSecurityUtils.h"
#include "nsExceptionHandler.h" #include "nsExceptionHandler.h"
#include "nsIMemoryInfoDumper.h" #include "nsIMemoryInfoDumper.h"
@ -3072,6 +3073,10 @@ void XPCJSRuntime::Initialize(JSContext* cx) {
JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback, JS_AddWeakPointerCompartmentCallback(cx, WeakPointerCompartmentCallback,
this); this);
JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks); JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks);
if (XRE_IsE10sParentProcess()) {
JS::SetFilenameValidationCallback(
nsContentSecurityUtils::ValidateScriptFilename);
}
js::SetPreserveWrapperCallback(cx, PreserveWrapper); js::SetPreserveWrapperCallback(cx, PreserveWrapper);
JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals); JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals);
JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback); JS_SetAccumulateTelemetryCallback(cx, AccumulateTelemetryCallback);

7
modules/libpref/init/StaticPrefList.yaml
View File

@ -7374,6 +7374,13 @@
value: 40 value: 40
mirror: always mirror: always
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
# not allowed for Firefox Desktop in firefox.js
- name: security.allow_parent_unrestricted_js_loads
type: RelaxedAtomicBool
value: true
mirror: always
# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but # Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but
# not allowed for Firefox Desktop in firefox.js # not allowed for Firefox Desktop in firefox.js
- name: security.allow_eval_with_system_principal - name: security.allow_eval_with_system_principal

1
netwerk/base/ProxyAutoConfig.cpp
View File

@ -728,6 +728,7 @@ nsresult ProxyAutoConfig::SetupJS() {
auto CompilePACScript = [this](JSContext* cx) -> JSScript* { auto CompilePACScript = [this](JSContext* cx) -> JSScript* {
JS::CompileOptions options(cx); JS::CompileOptions options(cx);
options.setSkipFilenameValidation(true);
options.setFileAndLine(this->mPACURI.get(), 1); options.setFileAndLine(this->mPACURI.get(), 1);
// Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8, // Per ProxyAutoConfig::Init, compile as UTF-8 if the full data is UTF-8,