mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-02 10:00:54 +00:00
Bug 473345: check DOM worker loads against the classifier. r=bent, sr=jonas
This commit is contained in:
parent
1e04293c7f
commit
d88cbe6bab
@ -46,6 +46,7 @@
|
||||
#include "nsIRequest.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIStreamLoader.h"
|
||||
#include "nsIChannelClassifier.h"
|
||||
|
||||
// Other includes
|
||||
#include "nsAutoLock.h"
|
||||
@ -58,6 +59,7 @@
|
||||
#include "nsScriptLoader.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "pratom.h"
|
||||
#include "nsDocShellCID.h"
|
||||
|
||||
// DOMWorker includes
|
||||
#include "nsDOMWorkerPool.h"
|
||||
@ -523,6 +525,18 @@ nsDOMWorkerScriptLoader::RunInternal()
|
||||
loadInfo.channel = nsnull;
|
||||
return rv;
|
||||
}
|
||||
|
||||
// Check the load against the URI classifier
|
||||
nsCOMPtr<nsIChannelClassifier> classifier =
|
||||
do_CreateInstance(NS_CHANNELCLASSIFIER_CONTRACTID);
|
||||
if (classifier) {
|
||||
rv = classifier->Start(loadInfo.channel, PR_TRUE);
|
||||
if (NS_FAILED(rv)) {
|
||||
loadInfo.channel->Cancel(rv);
|
||||
loadInfo.channel = nsnull;
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -47,8 +47,12 @@ include $(topsrcdir)/config/rules.mk
|
||||
|
||||
_TEST_FILES = \
|
||||
test_classifier.html \
|
||||
test_classifier_worker.html \
|
||||
classifierFrame.html \
|
||||
workerFrame.html \
|
||||
cleanWorker.js \
|
||||
evil.js \
|
||||
evilWorker.js \
|
||||
evil.css \
|
||||
import.css \
|
||||
$(NULL)
|
||||
|
@ -0,0 +1,10 @@
|
||||
onmessage = function() {
|
||||
try {
|
||||
importScripts("evilWorker.js");
|
||||
} catch(ex) {
|
||||
postMessage("success");
|
||||
return;
|
||||
}
|
||||
|
||||
postMessage("failure");
|
||||
};
|
@ -0,0 +1,4 @@
|
||||
onmessage = function() {
|
||||
postMessage("loaded bad file");
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ var Cc = Components.classes;
|
||||
var Ci = Components.interfaces;
|
||||
|
||||
// Add some URLs to the malware database.
|
||||
var testData = "malware.com/"
|
||||
var testData = "malware.com/";
|
||||
var testUpdate =
|
||||
"n:1000\ni:test-malware-simple\nad:1\n" +
|
||||
"a:524:32:" + testData.length + "\n" +
|
||||
|
@ -0,0 +1,94 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test the URI Classifier</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<p id="display"></p>
|
||||
<div id="content" style="display: none">
|
||||
</div>
|
||||
<pre id="test">
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
var Cc = Components.classes;
|
||||
var Ci = Components.interfaces;
|
||||
|
||||
// Add some URLs to the malware database.
|
||||
var testData = "example.com/tests/toolkit/components/url-classifier/tests/mochitest/evilWorker.js";
|
||||
var testUpdate =
|
||||
"n:1000\ni:test-malware-simple\nad:550\n" +
|
||||
"a:550:32:" + testData.length + "\n" +
|
||||
testData;
|
||||
|
||||
var dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
|
||||
.getService(Ci.nsIUrlClassifierDBService);
|
||||
|
||||
var numTries = 10;
|
||||
|
||||
function doUpdate(update) {
|
||||
var listener = {
|
||||
QueryInterface: function(iid)
|
||||
{
|
||||
if (iid.equals(Ci.nsISupports) ||
|
||||
iid.equals(Ci.nsIUrlClassifierUpdateObserver))
|
||||
return this;
|
||||
throw Cr.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
|
||||
updateUrlRequested: function(url) { },
|
||||
streamFinished: function(status) { },
|
||||
updateError: function(errorCode) {
|
||||
ok(false, "Couldn't update classifier.");
|
||||
SimpleTest.finish();
|
||||
},
|
||||
updateSuccess: function(requestedTimeout) {
|
||||
document.getElementById("testFrame").src = "http://example.com/tests/toolkit/components/url-classifier/tests/mochitest/workerFrame.html";
|
||||
}
|
||||
};
|
||||
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
try {
|
||||
dbService.beginUpdate(listener,
|
||||
"test-malware-simple", "");
|
||||
dbService.beginStream("", "");
|
||||
dbService.updateStream(update);
|
||||
dbService.finishStream();
|
||||
dbService.finishUpdate();
|
||||
} catch(ex) {
|
||||
// The DB service might already be updating. Try again after a 5 seconds...
|
||||
if (--numTries != 0) {
|
||||
setTimeout(function() { doUpdate(update) }, 5000);
|
||||
return;
|
||||
}
|
||||
throw ex;
|
||||
}
|
||||
}
|
||||
|
||||
function onmessage(event)
|
||||
{
|
||||
var pieces = event.data.split(':');
|
||||
if (pieces[0] == "finish") {
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
is(pieces[0], "success", pieces[1]);
|
||||
}
|
||||
|
||||
window.addEventListener("message", onmessage, false);
|
||||
|
||||
doUpdate(testUpdate);
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
</script>
|
||||
</pre>
|
||||
<iframe id="testFrame" onload=""></iframe>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,43 @@
|
||||
<html> <head>
|
||||
<title></title>
|
||||
</head>
|
||||
|
||||
<script type="text/javascript">
|
||||
function startCleanWorker() {
|
||||
var worker = new Worker("cleanWorker.js");
|
||||
worker.onmessage = function(event) {
|
||||
if (event.data == "success") {
|
||||
window.parent.postMessage("success:blocked importScripts('evilWorker.js')", "*");
|
||||
} else {
|
||||
window.parent.postMessage("failure:failed to block importScripts('evilWorker.js')", "*");
|
||||
}
|
||||
window.parent.postMessage("finish", "*");
|
||||
};
|
||||
|
||||
worker.onerror = function(event) {
|
||||
window.parent.postmessage("failure:failed to load cleanWorker.js", "*");
|
||||
window.parent.postMessage("finish", "*");
|
||||
};
|
||||
|
||||
worker.postMessage("");
|
||||
}
|
||||
|
||||
function startEvilWorker() {
|
||||
var worker = new Worker("evilWorker.js");
|
||||
worker.onmessage = function(event) {
|
||||
window.parent.postMessage("failure:failed to block evilWorker.js", "*");
|
||||
startCleanWorker();
|
||||
};
|
||||
|
||||
worker.onerror = function(event) {
|
||||
window.parent.postMessage("success:blocked evilWorker.js", "*");
|
||||
startCleanWorker();
|
||||
};
|
||||
|
||||
worker.postMessage("");
|
||||
}
|
||||
|
||||
</script>
|
||||
|
||||
<body onload="startEvilWorker()">
|
||||
</body> </html>
|
Loading…
Reference in New Issue
Block a user