mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-31 06:05:44 +00:00
bug 1287125 Lock down mozAddonManager.install() r=rhelmer
MozReview-Commit-ID: 7wLqVme2Yzi --HG-- extra : rebase_source : 870ddfc2a92599b3ce6f8ab1b850f8bde944575e
This commit is contained in:
parent
5d733ce029
commit
e8c3e2138f
@ -46,6 +46,7 @@ const PREF_SELECTED_LOCALE = "general.useragent.locale";
|
|||||||
const UNKNOWN_XPCOM_ABI = "unknownABI";
|
const UNKNOWN_XPCOM_ABI = "unknownABI";
|
||||||
|
|
||||||
const PREF_MIN_WEBEXT_PLATFORM_VERSION = "extensions.webExtensionsMinPlatformVersion";
|
const PREF_MIN_WEBEXT_PLATFORM_VERSION = "extensions.webExtensionsMinPlatformVersion";
|
||||||
|
const PREF_WEBAPI_TESTING = "extensions.webapi.testing";
|
||||||
|
|
||||||
const UPDATE_REQUEST_VERSION = 2;
|
const UPDATE_REQUEST_VERSION = 2;
|
||||||
const CATEGORY_UPDATE_PARAMS = "extension-update-params";
|
const CATEGORY_UPDATE_PARAMS = "extension-update-params";
|
||||||
@ -66,6 +67,13 @@ const TOOLKIT_ID = "toolkit@mozilla.org";
|
|||||||
|
|
||||||
const VALID_TYPES_REGEXP = /^[\w\-]+$/;
|
const VALID_TYPES_REGEXP = /^[\w\-]+$/;
|
||||||
|
|
||||||
|
const WEBAPI_INSTALL_HOSTS = ["addons.mozilla.org", "addons.cdn.mozilla.net"];
|
||||||
|
const WEBAPI_TEST_INSTALL_HOSTS = [
|
||||||
|
"addons.allizom.org", "addons-stage-cdn.allizom.org",
|
||||||
|
"addons-dev.allizom.org", "addons-dev-cdn-allizom.org",
|
||||||
|
"example.com",
|
||||||
|
];
|
||||||
|
|
||||||
Cu.import("resource://gre/modules/Services.jsm");
|
Cu.import("resource://gre/modules/Services.jsm");
|
||||||
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||||
Cu.import("resource://gre/modules/AsyncShutdown.jsm");
|
Cu.import("resource://gre/modules/AsyncShutdown.jsm");
|
||||||
@ -2896,7 +2904,29 @@ var AddonManagerInternal = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
createInstall(target, options) {
|
createInstall(target, options) {
|
||||||
return new Promise((resolve) => {
|
// Throw an appropriate error if the given URL is not valid
|
||||||
|
// as an installation source. Return silently if it is okay.
|
||||||
|
function checkInstallUrl(url) {
|
||||||
|
let host = Services.io.newURI(options.url, null, null).host;
|
||||||
|
if (WEBAPI_INSTALL_HOSTS.includes(host)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (Services.prefs.getBoolPref(PREF_WEBAPI_TESTING)
|
||||||
|
&& WEBAPI_TEST_INSTALL_HOSTS.includes(host)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new Error(`Install from ${host} not permitted`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
try {
|
||||||
|
checkInstallUrl(options.url);
|
||||||
|
} catch (err) {
|
||||||
|
reject({message: err.message});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
let newInstall = install => {
|
let newInstall = install => {
|
||||||
let id = this.nextInstall++;
|
let id = this.nextInstall++;
|
||||||
let listener = this.makeListener(id, target);
|
let listener = this.makeListener(id, target);
|
||||||
|
@ -248,7 +248,9 @@ amManager.prototype = {
|
|||||||
}
|
}
|
||||||
AddonManager.addAddonListener(this.addonListener);
|
AddonManager.addAddonListener(this.addonListener);
|
||||||
} else {
|
} else {
|
||||||
AddonManager.removeAddonListener(this.addonListener);
|
if (this.addonListener) {
|
||||||
|
AddonManager.removeAddonListener(this.addonListener);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -5,13 +5,6 @@ const ID = "webapi_install@tests.mozilla.org";
|
|||||||
// eh, would be good to just stat the real file instead of this...
|
// eh, would be good to just stat the real file instead of this...
|
||||||
const XPI_LEN = 4782;
|
const XPI_LEN = 4782;
|
||||||
|
|
||||||
Services.prefs.setBoolPref("extensions.webapi.testing", true);
|
|
||||||
Services.prefs.setBoolPref("extensions.install.requireBuiltInCerts", false);
|
|
||||||
registerCleanupFunction(() => {
|
|
||||||
Services.prefs.clearUserPref("extensions.webapi.testing");
|
|
||||||
Services.prefs.clearUserPref("extensions.install.requireBuiltInCerts");
|
|
||||||
});
|
|
||||||
|
|
||||||
function waitForClear() {
|
function waitForClear() {
|
||||||
const MSG = "WebAPICleanup";
|
const MSG = "WebAPICleanup";
|
||||||
return new Promise(resolve => {
|
return new Promise(resolve => {
|
||||||
@ -28,6 +21,14 @@ function waitForClear() {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
add_task(function* setup() {
|
||||||
|
yield SpecialPowers.pushPrefEnv({
|
||||||
|
set: [["extensions.webapi.testing", true],
|
||||||
|
["extensions.install.requireBuiltInCerts", false]],
|
||||||
|
});
|
||||||
|
info("added preferences");
|
||||||
|
});
|
||||||
|
|
||||||
// Wrapper around a common task to run in the content process to test
|
// Wrapper around a common task to run in the content process to test
|
||||||
// the mozAddonManager API. Takes a URL for the XPI to install and an
|
// the mozAddonManager API. Takes a URL for the XPI to install and an
|
||||||
// array of steps, each of which can either be an action to take
|
// array of steps, each of which can either be an action to take
|
||||||
@ -240,3 +241,30 @@ add_task(makeInstallTest(function* (browser) {
|
|||||||
ok(AddonManager.webAPI.installs.size > 0, "webAPI is tracking the AddonInstall");
|
ok(AddonManager.webAPI.installs.size > 0, "webAPI is tracking the AddonInstall");
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
add_task(function* test_permissions() {
|
||||||
|
function testBadUrl(url, pattern, successMessage) {
|
||||||
|
return BrowserTestUtils.withNewTab(TESTPAGE, function* (browser) {
|
||||||
|
let result = yield ContentTask.spawn(browser, {url, pattern}, function (opts) {
|
||||||
|
return new Promise(resolve => {
|
||||||
|
content.navigator.mozAddonManager.createInstall({url: opts.url})
|
||||||
|
.then(() => {
|
||||||
|
resolve({success: false, message: "createInstall should not have succeeded"});
|
||||||
|
}, err => {
|
||||||
|
if (err.message.match(new RegExp(opts.pattern))) {
|
||||||
|
resolve({success: true});
|
||||||
|
}
|
||||||
|
resolve({success: false, message: `Wrong error message: ${err.message}`});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
is(result.success, true, result.message || successMessage);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
yield testBadUrl("i am not a url", "NS_ERROR_MALFORMED_URI",
|
||||||
|
"Installing from an unparseable URL fails");
|
||||||
|
|
||||||
|
yield testBadUrl("https://addons.not-really-mozilla.org/impostor.xpi",
|
||||||
|
"not permitted",
|
||||||
|
"Installing from non-approved URL fails");
|
||||||
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user