Bug 1254310 - Add a hidden pref to temporarily disable Safe Browsing on given hostnames. r=gcp

--HG-- rename : browser/components/safebrowsing/content/test/browser_forbidden.js => browser/components/safebrowsing/content/test/browser_whitelisted.js
2024-10-08 10:44:56 +00:00 · 2016-03-11 13:57:38 -08:00 · 2016-03-11 13:57:38 -08:00 · f2d085b262
commit f2d085b262
parent 643c594611
4 changed files with 81 additions and 0 deletions
--- a/browser/components/safebrowsing/content/test/browser.ini
+++ b/browser/components/safebrowsing/content/test/browser.ini
@ -7,3 +7,4 @@ support-files = head.js
 skip-if = os == "mac" || e10s
 # Disabled on Mac because of its bizarre special-and-unique
 # snowflake of a help menu.
+[browser_whitelisted.js]
--- a/browser/components/safebrowsing/content/test/browser_whitelisted.js
+++ b/browser/components/safebrowsing/content/test/browser_whitelisted.js
@ -0,0 +1,41 @@
+/* Ensure that hostnames in the whitelisted pref are not blocked. */
+
+const PREF_WHITELISTED_HOSTNAMES = "urlclassifier.skipHostnames";
+const TEST_PAGE = "http://www.itisatrap.org/firefox/its-an-attack.html";
+var tabbrowser = null;
+
+registerCleanupFunction(function() {
+  tabbrowser = null;
+  Services.prefs.clearUserPref(PREF_WHITELISTED_HOSTNAMES);
+  while (gBrowser.tabs.length > 1) {
+    gBrowser.removeCurrentTab();
+  }
+});
+
+function testBlockedPage(window) {
+  info("Non-whitelisted pages must be blocked");
+  ok(true, "about:blocked was shown");
+}
+
+function testWhitelistedPage(window) {
+  info("Whitelisted pages must be skipped");
+  var getmeout_button = window.document.getElementById("getMeOutButton");
+  var ignorewarning_button = window.document.getElementById("ignoreWarningButton");
+  ok(!getmeout_button, "GetMeOut button not present");
+  ok(!ignorewarning_button, "IgnoreWarning button not present");
+}
+
+add_task(function* testNormalBrowsing() {
+  tabbrowser = gBrowser;
+  let tab = tabbrowser.selectedTab = tabbrowser.addTab();
+
+  info("Load a test page that's whitelisted");
+  Services.prefs.setCharPref(PREF_WHITELISTED_HOSTNAMES, "example.com,www.ItIsaTrap.org,example.net");
+  yield promiseTabLoadEvent(tab, TEST_PAGE, "load");
+  testWhitelistedPage(tab.ownerDocument.defaultView);
+
+  info("Load a test page that's no longer whitelisted");
+  Services.prefs.setCharPref(PREF_WHITELISTED_HOSTNAMES, "");
+  yield promiseTabLoadEvent(tab, TEST_PAGE, "AboutBlockedLoaded");
+  testBlockedPage(tab.ownerDocument.defaultView);
+});
--- a/netwerk/base/nsChannelClassifier.cpp
+++ b/netwerk/base/nsChannelClassifier.cpp
@ -7,6 +7,7 @@
 #include "nsChannelClassifier.h"

 #include "mozIThirdPartyUtil.h"
+#include "nsCharSeparatedTokenizer.h"
 #include "nsContentUtils.h"
 #include "nsICacheEntry.h"
 #include "nsICachingChannel.h"
@ -313,6 +314,18 @@ nsChannelClassifier::StartInternal()
    NS_ENSURE_SUCCESS(rv, rv);
    if (hasFlags) return NS_ERROR_UNEXPECTED;

+    // Skip whitelisted hostnames.
+    nsAutoCString whitelisted;
+    Preferences::GetCString("urlclassifier.skipHostnames", &whitelisted);
+    if (!whitelisted.IsEmpty()) {
+      ToLowerCase(whitelisted);
+      LOG(("nsChannelClassifier[%p]:StartInternal whitelisted hostnames = %s",
+           this, whitelisted.get()));
+      if (IsHostnameWhitelisted(uri, whitelisted)) {
+        return NS_ERROR_UNEXPECTED;
+      }
+    }
+
    nsCOMPtr<nsIURIClassifier> uriClassifier =
        do_GetService(NS_URICLASSIFIERSERVICE_CONTRACTID, &rv);
    if (rv == NS_ERROR_FACTORY_NOT_REGISTERED ||
@ -372,6 +385,30 @@ nsChannelClassifier::StartInternal()
    return NS_OK;
 }

+bool
+nsChannelClassifier::IsHostnameWhitelisted(nsIURI *aUri,
+                                           const nsACString &aWhitelisted)
+{
+  nsAutoCString host;
+  nsresult rv = aUri->GetHost(host);
+  if (NS_FAILED(rv) || host.IsEmpty()) {
+    return false;
+  }
+  ToLowerCase(host);
+
+  nsCCharSeparatedTokenizer tokenizer(aWhitelisted, ',');
+  while (tokenizer.hasMoreTokens()) {
+    const nsCSubstring& token = tokenizer.nextToken();
+    if (token.Equals(host)) {
+      LOG(("nsChannelClassifier[%p]:StartInternal skipping %s (whitelisted)",
+           this, host.get()));
+      return true;
+    }
+  }
+
+  return false;
+}
+
 // Note in the cache entry that this URL was classified, so that future
 // cached loads don't need to be checked.
 void
--- a/netwerk/base/nsChannelClassifier.h
+++ b/netwerk/base/nsChannelClassifier.h
@ -44,6 +44,8 @@ private:
    nsresult StartInternal();
    // Helper function to check a tracking URI against the whitelist
    nsresult IsTrackerWhitelisted();
+    // Helper function to check a URI against the hostname whitelist
+    bool IsHostnameWhitelisted(nsIURI *aUri, const nsACString &aWhitelisted);
    // Checks that the channel was loaded by the URI currently loaded in aDoc
    static bool SameLoadingURI(nsIDocument *aDoc, nsIChannel *aChannel);