summaryrefslogtreecommitdiffstats
path: root/toolkit/components/blocklist
diff options
context:
space:
mode:
authorMatt A. Tobin <email@mattatobin.com>2018-05-15 05:06:42 -0400
committerMatt A. Tobin <email@mattatobin.com>2018-05-15 05:06:42 -0400
commitf86673741dce0580a73d37b6f72418877b7380d6 (patch)
tree296e2ae9012099cbe4caf0d568c583f7badaad1b /toolkit/components/blocklist
parent626419cbe2a789760d45dc87fcff1a7ad221d04d (diff)
downloadUXP-f86673741dce0580a73d37b6f72418877b7380d6.tar
UXP-f86673741dce0580a73d37b6f72418877b7380d6.tar.gz
UXP-f86673741dce0580a73d37b6f72418877b7380d6.tar.lz
UXP-f86673741dce0580a73d37b6f72418877b7380d6.tar.xz
UXP-f86673741dce0580a73d37b6f72418877b7380d6.zip
Issue #347 - TychoAM nsBlocklistService does not support gfxBlacklist
Diffstat (limited to 'toolkit/components/blocklist')
-rw-r--r--toolkit/components/blocklist/blocklist.manifest7
-rw-r--r--toolkit/components/blocklist/moz.build14
-rw-r--r--toolkit/components/blocklist/nsBlocklistService.js1666
-rw-r--r--toolkit/components/blocklist/nsBlocklistServiceContent.js113
4 files changed, 1800 insertions, 0 deletions
diff --git a/toolkit/components/blocklist/blocklist.manifest b/toolkit/components/blocklist/blocklist.manifest
new file mode 100644
index 000000000..c770b4e7d
--- /dev/null
+++ b/toolkit/components/blocklist/blocklist.manifest
@@ -0,0 +1,7 @@
+component {66354bc9-7ed1-4692-ae1d-8da97d6b205e} nsBlocklistService.js process=main
+contract @mozilla.org/extensions/blocklist;1 {66354bc9-7ed1-4692-ae1d-8da97d6b205e} process=main
+category profile-after-change nsBlocklistService @mozilla.org/extensions/blocklist;1 process=main
+component {e0a106ed-6ad4-47a4-b6af-2f1c8aa4712d} nsBlocklistServiceContent.js process=content
+contract @mozilla.org/extensions/blocklist;1 {e0a106ed-6ad4-47a4-b6af-2f1c8aa4712d} process=content
+
+category update-timer nsBlocklistService @mozilla.org/extensions/blocklist;1,getService,blocklist-background-update-timer,extensions.blocklist.interval,86400 \ No newline at end of file
diff --git a/toolkit/components/blocklist/moz.build b/toolkit/components/blocklist/moz.build
new file mode 100644
index 000000000..3dc3be5ba
--- /dev/null
+++ b/toolkit/components/blocklist/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+EXTRA_COMPONENTS += [
+ 'blocklist.manifest',
+ 'nsBlocklistServiceContent.js',
+]
+
+EXTRA_PP_COMPONENTS += [
+ 'nsBlocklistService.js',
+]
diff --git a/toolkit/components/blocklist/nsBlocklistService.js b/toolkit/components/blocklist/nsBlocklistService.js
new file mode 100644
index 000000000..891346b72
--- /dev/null
+++ b/toolkit/components/blocklist/nsBlocklistService.js
@@ -0,0 +1,1666 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cr = Components.results;
+
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+Components.utils.import("resource://gre/modules/Services.jsm");
+
+try {
+ // AddonManager.jsm doesn't allow itself to be imported in the child
+ // process. We're used in the child process (for now), so guard against
+ // this.
+ Components.utils.import("resource://gre/modules/AddonManager.jsm");
+ /* globals AddonManagerPrivate*/
+} catch (e) {
+}
+
+XPCOMUtils.defineLazyModuleGetter(this, "FileUtils",
+ "resource://gre/modules/FileUtils.jsm");
+#ifdef MOZ_WEBEXTENSIONS
+XPCOMUtils.defineLazyModuleGetter(this, "UpdateUtils",
+ "resource://gre/modules/UpdateUtils.jsm");
+#else
+XPCOMUtils.defineLazyModuleGetter(this, "UpdateChannel",
+ "resource://gre/modules/UpdateChannel.jsm");
+#endif
+XPCOMUtils.defineLazyModuleGetter(this, "OS",
+ "resource://gre/modules/osfile.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "ServiceRequest",
+ "resource://gre/modules/ServiceRequest.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "Task",
+ "resource://gre/modules/Task.jsm");
+
+const TOOLKIT_ID = "toolkit@mozilla.org";
+const KEY_PROFILEDIR = "ProfD";
+const KEY_APPDIR = "XCurProcD";
+const FILE_BLOCKLIST = "blocklist.xml";
+const PREF_BLOCKLIST_LASTUPDATETIME = "app.update.lastUpdateTime.blocklist-background-update-timer";
+const PREF_BLOCKLIST_URL = "extensions.blocklist.url";
+const PREF_BLOCKLIST_ITEM_URL = "extensions.blocklist.itemURL";
+const PREF_BLOCKLIST_ENABLED = "extensions.blocklist.enabled";
+const PREF_BLOCKLIST_INTERVAL = "extensions.blocklist.interval";
+const PREF_BLOCKLIST_LEVEL = "extensions.blocklist.level";
+const PREF_BLOCKLIST_PINGCOUNTTOTAL = "extensions.blocklist.pingCountTotal";
+const PREF_BLOCKLIST_PINGCOUNTVERSION = "extensions.blocklist.pingCountVersion";
+const PREF_BLOCKLIST_SUPPRESSUI = "extensions.blocklist.suppressUI";
+const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo";
+const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled";
+const PREF_GENERAL_USERAGENT_LOCALE = "general.useragent.locale";
+const PREF_APP_DISTRIBUTION = "distribution.id";
+const PREF_APP_DISTRIBUTION_VERSION = "distribution.version";
+const PREF_EM_LOGGING_ENABLED = "extensions.logging.enabled";
+const XMLURI_BLOCKLIST = "http://www.mozilla.org/2006/addons-blocklist";
+const XMLURI_PARSE_ERROR = "http://www.mozilla.org/newlayout/xml/parsererror.xml"
+const UNKNOWN_XPCOM_ABI = "unknownABI";
+const URI_BLOCKLIST_DIALOG = "chrome://mozapps/content/extensions/blocklist.xul"
+const DEFAULT_SEVERITY = 3;
+const DEFAULT_LEVEL = 2;
+const MAX_BLOCK_LEVEL = 3;
+const SEVERITY_OUTDATED = 0;
+const VULNERABILITYSTATUS_NONE = 0;
+const VULNERABILITYSTATUS_UPDATE_AVAILABLE = 1;
+const VULNERABILITYSTATUS_NO_UPDATE = 2;
+
+const EXTENSION_BLOCK_FILTERS = ["id", "name", "creator", "homepageURL", "updateURL"];
+
+var gLoggingEnabled = null;
+var gBlocklistEnabled = true;
+var gBlocklistLevel = DEFAULT_LEVEL;
+
+XPCOMUtils.defineLazyServiceGetter(this, "gConsole",
+ "@mozilla.org/consoleservice;1",
+ "nsIConsoleService");
+
+XPCOMUtils.defineLazyServiceGetter(this, "gVersionChecker",
+ "@mozilla.org/xpcom/version-comparator;1",
+ "nsIVersionComparator");
+
+XPCOMUtils.defineLazyServiceGetter(this, "gCertBlocklistService",
+ "@mozilla.org/security/certblocklist;1",
+ "nsICertBlocklist");
+
+XPCOMUtils.defineLazyGetter(this, "gPref", function() {
+ return Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefService).
+ QueryInterface(Ci.nsIPrefBranch);
+});
+
+// From appinfo in Services.jsm. It is not possible to use the one in
+// Services.jsm since it will not successfully QueryInterface nsIXULAppInfo in
+// xpcshell tests due to other code calling Services.appinfo before the
+// nsIXULAppInfo is created by the tests.
+XPCOMUtils.defineLazyGetter(this, "gApp", function() {
+ let appinfo = Cc["@mozilla.org/xre/app-info;1"]
+ .getService(Ci.nsIXULRuntime);
+ try {
+ appinfo.QueryInterface(Ci.nsIXULAppInfo);
+ } catch (ex) {
+ // Not all applications implement nsIXULAppInfo (e.g. xpcshell doesn't).
+ if (!(ex instanceof Components.Exception) ||
+ ex.result != Cr.NS_NOINTERFACE)
+ throw ex;
+ }
+ return appinfo;
+});
+
+XPCOMUtils.defineLazyGetter(this, "gABI", function() {
+ let abi = null;
+ try {
+ abi = gApp.XPCOMABI;
+ }
+ catch (e) {
+ LOG("BlockList Global gABI: XPCOM ABI unknown.");
+ }
+
+#ifdef XP_MACOSX
+ // Mac universal build should report a different ABI than either macppc
+ // or mactel.
+ let macutils = Cc["@mozilla.org/xpcom/mac-utils;1"].
+ getService(Ci.nsIMacUtils);
+
+ if (macutils.isUniversalBinary)
+ abi += "-u-" + macutils.architecturesInBinary;
+#endif
+ return abi;
+});
+
+XPCOMUtils.defineLazyGetter(this, "gOSVersion", function() {
+ let osVersion;
+ let sysInfo = Cc["@mozilla.org/system-info;1"].
+ getService(Ci.nsIPropertyBag2);
+ try {
+ osVersion = sysInfo.getProperty("name") + " " + sysInfo.getProperty("version");
+ }
+ catch (e) {
+ LOG("BlockList Global gOSVersion: OS Version unknown.");
+ }
+
+ if (osVersion) {
+ try {
+ osVersion += " (" + sysInfo.getProperty("secondaryLibrary") + ")";
+ }
+ catch (e) {
+ // Not all platforms have a secondary widget library, so an error is nothing to worry about.
+ }
+ osVersion = encodeURIComponent(osVersion);
+ }
+ return osVersion;
+});
+
+// shared code for suppressing bad cert dialogs
+XPCOMUtils.defineLazyGetter(this, "gCertUtils", function() {
+ let temp = { };
+ Components.utils.import("resource://gre/modules/CertUtils.jsm", temp);
+ return temp;
+});
+
+/**
+ * Logs a string to the error console.
+ * @param string
+ * The string to write to the error console..
+ */
+function LOG(string) {
+ if (gLoggingEnabled) {
+ dump("*** " + string + "\n");
+ gConsole.logStringMessage(string);
+ }
+}
+
+/**
+ * Gets a preference value, handling the case where there is no default.
+ * @param func
+ * The name of the preference function to call, on nsIPrefBranch
+ * @param preference
+ * The name of the preference
+ * @param defaultValue
+ * The default value to return in the event the preference has
+ * no setting
+ * @returns The value of the preference, or undefined if there was no
+ * user or default value.
+ */
+function getPref(func, preference, defaultValue) {
+ try {
+ return gPref[func](preference);
+ }
+ catch (e) {
+ }
+ return defaultValue;
+}
+
+/**
+ * Constructs a URI to a spec.
+ * @param spec
+ * The spec to construct a URI to
+ * @returns The nsIURI constructed.
+ */
+function newURI(spec) {
+ var ioServ = Cc["@mozilla.org/network/io-service;1"].
+ getService(Ci.nsIIOService);
+ return ioServ.newURI(spec, null, null);
+}
+
+// Restarts the application checking in with observers first
+function restartApp() {
+ // Notify all windows that an application quit has been requested.
+ var os = Cc["@mozilla.org/observer-service;1"].
+ getService(Ci.nsIObserverService);
+ var cancelQuit = Cc["@mozilla.org/supports-PRBool;1"].
+ createInstance(Ci.nsISupportsPRBool);
+ os.notifyObservers(cancelQuit, "quit-application-requested", null);
+
+ // Something aborted the quit process.
+ if (cancelQuit.data)
+ return;
+
+ var as = Cc["@mozilla.org/toolkit/app-startup;1"].
+ getService(Ci.nsIAppStartup);
+ as.quit(Ci.nsIAppStartup.eRestart | Ci.nsIAppStartup.eAttemptQuit);
+}
+
+/**
+ * Checks whether this blocklist element is valid for the current OS and ABI.
+ * If the element has an "os" attribute then the current OS must appear in
+ * its comma separated list for the element to be valid. Similarly for the
+ * xpcomabi attribute.
+ */
+function matchesOSABI(blocklistElement) {
+ if (blocklistElement.hasAttribute("os")) {
+ var choices = blocklistElement.getAttribute("os").split(",");
+ if (choices.length > 0 && choices.indexOf(gApp.OS) < 0)
+ return false;
+ }
+
+ if (blocklistElement.hasAttribute("xpcomabi")) {
+ choices = blocklistElement.getAttribute("xpcomabi").split(",");
+ if (choices.length > 0 && choices.indexOf(gApp.XPCOMABI) < 0)
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Gets the current value of the locale. It's possible for this preference to
+ * be localized, so we have to do a little extra work here. Similar code
+ * exists in nsHttpHandler.cpp when building the UA string.
+ */
+function getLocale() {
+ try {
+ // Get the default branch
+ var defaultPrefs = gPref.getDefaultBranch(null);
+ return defaultPrefs.getComplexValue(PREF_GENERAL_USERAGENT_LOCALE,
+ Ci.nsIPrefLocalizedString).data;
+ } catch (e) {}
+
+ return gPref.getCharPref(PREF_GENERAL_USERAGENT_LOCALE);
+}
+
+/* Get the distribution pref values, from defaults only */
+function getDistributionPrefValue(aPrefName) {
+ var prefValue = "default";
+
+ var defaults = gPref.getDefaultBranch(null);
+ try {
+ prefValue = defaults.getCharPref(aPrefName);
+ } catch (e) {
+ // use default when pref not found
+ }
+
+ return prefValue;
+}
+
+/**
+ * Parse a string representation of a regular expression. Needed because we
+ * use the /pattern/flags form (because it's detectable), which is only
+ * supported as a literal in JS.
+ *
+ * @param aStr
+ * String representation of regexp
+ * @return RegExp instance
+ */
+function parseRegExp(aStr) {
+ let lastSlash = aStr.lastIndexOf("/");
+ let pattern = aStr.slice(1, lastSlash);
+ let flags = aStr.slice(lastSlash + 1);
+ return new RegExp(pattern, flags);
+}
+
+/**
+ * Manages the Blocklist. The Blocklist is a representation of the contents of
+ * blocklist.xml and allows us to remotely disable / re-enable blocklisted
+ * items managed by the Extension Manager with an item's appDisabled property.
+ * It also blocklists plugins with data from blocklist.xml.
+ */
+
+function Blocklist() {
+ Services.obs.addObserver(this, "xpcom-shutdown", false);
+ Services.obs.addObserver(this, "sessionstore-windows-restored", false);
+ gLoggingEnabled = getPref("getBoolPref", PREF_EM_LOGGING_ENABLED, false);
+ gBlocklistEnabled = getPref("getBoolPref", PREF_BLOCKLIST_ENABLED, true);
+ gBlocklistLevel = Math.min(getPref("getIntPref", PREF_BLOCKLIST_LEVEL, DEFAULT_LEVEL),
+ MAX_BLOCK_LEVEL);
+ gPref.addObserver("extensions.blocklist.", this, false);
+ gPref.addObserver(PREF_EM_LOGGING_ENABLED, this, false);
+ this.wrappedJSObject = this;
+ // requests from child processes come in here, see receiveMessage.
+ Services.ppmm.addMessageListener("Blocklist:getPluginBlocklistState", this);
+ Services.ppmm.addMessageListener("Blocklist:content-blocklist-updated", this);
+}
+
+Blocklist.prototype = {
+ /**
+ * Extension ID -> array of Version Ranges
+ * Each value in the version range array is a JS Object that has the
+ * following properties:
+ * "minVersion" The minimum version in a version range (default = 0)
+ * "maxVersion" The maximum version in a version range (default = *)
+ * "targetApps" Application ID -> array of Version Ranges
+ * (default = current application ID)
+ * Each value in the version range array is a JS Object that
+ * has the following properties:
+ * "minVersion" The minimum version in a version range
+ * (default = 0)
+ * "maxVersion" The maximum version in a version range
+ * (default = *)
+ */
+ _addonEntries: null,
+ _gfxEntries: null,
+ _pluginEntries: null,
+
+ shutdown: function() {
+ Services.obs.removeObserver(this, "xpcom-shutdown");
+ Services.ppmm.removeMessageListener("Blocklist:getPluginBlocklistState", this);
+ Services.ppmm.removeMessageListener("Blocklist:content-blocklist-updated", this);
+ gPref.removeObserver("extensions.blocklist.", this);
+ gPref.removeObserver(PREF_EM_LOGGING_ENABLED, this);
+ },
+
+ observe: function(aSubject, aTopic, aData) {
+ switch (aTopic) {
+ case "xpcom-shutdown":
+ this.shutdown();
+ break;
+ case "nsPref:changed":
+ switch (aData) {
+ case PREF_EM_LOGGING_ENABLED:
+ gLoggingEnabled = getPref("getBoolPref", PREF_EM_LOGGING_ENABLED, false);
+ break;
+ case PREF_BLOCKLIST_ENABLED:
+ gBlocklistEnabled = getPref("getBoolPref", PREF_BLOCKLIST_ENABLED, true);
+ this._loadBlocklist();
+ this._blocklistUpdated(null, null);
+ break;
+ case PREF_BLOCKLIST_LEVEL:
+ gBlocklistLevel = Math.min(getPref("getIntPref", PREF_BLOCKLIST_LEVEL, DEFAULT_LEVEL),
+ MAX_BLOCK_LEVEL);
+ this._blocklistUpdated(null, null);
+ break;
+ }
+ break;
+ case "sessionstore-windows-restored":
+ Services.obs.removeObserver(this, "sessionstore-windows-restored");
+ this._preloadBlocklist();
+ break;
+ }
+ },
+
+ // Message manager message handlers
+ receiveMessage: function(aMsg) {
+ switch (aMsg.name) {
+ case "Blocklist:getPluginBlocklistState":
+ return this.getPluginBlocklistState(aMsg.data.addonData,
+ aMsg.data.appVersion,
+ aMsg.data.toolkitVersion);
+ case "Blocklist:content-blocklist-updated":
+ Services.obs.notifyObservers(null, "content-blocklist-updated", null);
+ break;
+ default:
+ throw new Error("Unknown blocklist message received from content: " + aMsg.name);
+ }
+ return undefined;
+ },
+
+ /* See nsIBlocklistService */
+ isAddonBlocklisted: function(addon, appVersion, toolkitVersion) {
+ return this.getAddonBlocklistState(addon, appVersion, toolkitVersion) ==
+ Ci.nsIBlocklistService.STATE_BLOCKED;
+ },
+
+ /* See nsIBlocklistService */
+ getAddonBlocklistState: function(addon, appVersion, toolkitVersion) {
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+ return this._getAddonBlocklistState(addon, this._addonEntries,
+ appVersion, toolkitVersion);
+ },
+
+ /**
+ * Private version of getAddonBlocklistState that allows the caller to pass in
+ * the add-on blocklist entries to compare against.
+ *
+ * @param id
+ * The ID of the item to get the blocklist state for.
+ * @param version
+ * The version of the item to get the blocklist state for.
+ * @param addonEntries
+ * The add-on blocklist entries to compare against.
+ * @param appVersion
+ * The application version to compare to, will use the current
+ * version if null.
+ * @param toolkitVersion
+ * The toolkit version to compare to, will use the current version if
+ * null.
+ * @returns The blocklist state for the item, one of the STATE constants as
+ * defined in nsIBlocklistService.
+ */
+ _getAddonBlocklistState: function(addon, addonEntries, appVersion, toolkitVersion) {
+ if (!gBlocklistEnabled)
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+
+ // Not all applications implement nsIXULAppInfo (e.g. xpcshell doesn't).
+ if (!appVersion && !gApp.version)
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+
+ if (!appVersion)
+ appVersion = gApp.version;
+ if (!toolkitVersion)
+ toolkitVersion = gApp.platformVersion;
+
+ var blItem = this._findMatchingAddonEntry(addonEntries, addon);
+ if (!blItem)
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+
+ for (let currentblItem of blItem.versions) {
+ if (currentblItem.includesItem(addon.version, appVersion, toolkitVersion))
+ return currentblItem.severity >= gBlocklistLevel ? Ci.nsIBlocklistService.STATE_BLOCKED :
+ Ci.nsIBlocklistService.STATE_SOFTBLOCKED;
+ }
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+ },
+
+ /**
+ * Returns the set of prefs of the add-on stored in the blocklist file
+ * (probably to revert them on disabling).
+ * @param addon
+ * The add-on whose to-be-reset prefs are to be found.
+ */
+ _getAddonPrefs: function(addon) {
+ let entry = this._findMatchingAddonEntry(this._addonEntries, addon);
+ return entry.prefs.slice(0);
+ },
+
+ _findMatchingAddonEntry: function(aAddonEntries, aAddon) {
+ if (!aAddon)
+ return null;
+ // Returns true if the params object passes the constraints set by entry.
+ // (For every non-null property in entry, the same key must exist in
+ // params and value must be the same)
+ function checkEntry(entry, params) {
+ for (let [key, value] of entry) {
+ if (value === null || value === undefined)
+ continue;
+ if (params[key]) {
+ if (value instanceof RegExp) {
+ if (!value.test(params[key])) {
+ return false;
+ }
+ } else if (value !== params[key]) {
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ let params = {};
+ for (let filter of EXTENSION_BLOCK_FILTERS) {
+ params[filter] = aAddon[filter];
+ }
+ if (params.creator)
+ params.creator = params.creator.name;
+ for (let entry of aAddonEntries) {
+ if (checkEntry(entry.attributes, params)) {
+ return entry;
+ }
+ }
+ return null;
+ },
+
+ /* See nsIBlocklistService */
+ getAddonBlocklistURL: function(addon, appVersion, toolkitVersion) {
+ if (!gBlocklistEnabled)
+ return "";
+
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+
+ let blItem = this._findMatchingAddonEntry(this._addonEntries, addon);
+ if (!blItem || !blItem.blockID)
+ return null;
+
+ return this._createBlocklistURL(blItem.blockID);
+ },
+
+ _createBlocklistURL: function(id) {
+ let url = Services.urlFormatter.formatURLPref(PREF_BLOCKLIST_ITEM_URL);
+ url = url.replace(/%blockID%/g, id);
+
+ return url;
+ },
+
+ notify: function(aTimer) {
+ if (!gBlocklistEnabled)
+ return;
+
+ try {
+ var dsURI = gPref.getCharPref(PREF_BLOCKLIST_URL);
+ }
+ catch (e) {
+ LOG("Blocklist::notify: The " + PREF_BLOCKLIST_URL + " preference" +
+ " is missing!");
+ return;
+ }
+
+ var pingCountVersion = getPref("getIntPref", PREF_BLOCKLIST_PINGCOUNTVERSION, 0);
+ var pingCountTotal = getPref("getIntPref", PREF_BLOCKLIST_PINGCOUNTTOTAL, 1);
+ var daysSinceLastPing = 0;
+ if (pingCountVersion == 0) {
+ daysSinceLastPing = "new";
+ }
+ else {
+ // Seconds in one day is used because nsIUpdateTimerManager stores the
+ // last update time in seconds.
+ let secondsInDay = 60 * 60 * 24;
+ let lastUpdateTime = getPref("getIntPref", PREF_BLOCKLIST_LASTUPDATETIME, 0);
+ if (lastUpdateTime == 0) {
+ daysSinceLastPing = "invalid";
+ }
+ else {
+ let now = Math.round(Date.now() / 1000);
+ daysSinceLastPing = Math.floor((now - lastUpdateTime) / secondsInDay);
+ }
+
+ if (daysSinceLastPing == 0 || daysSinceLastPing == "invalid") {
+ pingCountVersion = pingCountTotal = "invalid";
+ }
+ }
+
+ if (pingCountVersion < 1)
+ pingCountVersion = 1;
+ if (pingCountTotal < 1)
+ pingCountTotal = 1;
+
+ dsURI = dsURI.replace(/%APP_ID%/g, gApp.ID);
+ // Not all applications implement nsIXULAppInfo (e.g. xpcshell doesn't).
+ if (gApp.version)
+ dsURI = dsURI.replace(/%APP_VERSION%/g, gApp.version);
+ dsURI = dsURI.replace(/%PRODUCT%/g, gApp.name);
+ // Not all applications implement nsIXULAppInfo (e.g. xpcshell doesn't).
+ if (gApp.version)
+ dsURI = dsURI.replace(/%VERSION%/g, gApp.version);
+ dsURI = dsURI.replace(/%BUILD_ID%/g, gApp.appBuildID);
+ dsURI = dsURI.replace(/%BUILD_TARGET%/g, gApp.OS + "_" + gABI);
+ dsURI = dsURI.replace(/%OS_VERSION%/g, gOSVersion);
+ dsURI = dsURI.replace(/%LOCALE%/g, getLocale());
+#ifdef MOZ_WEBEXTENSIONS
+ dsURI = dsURI.replace(/%CHANNEL%/g, UpdateUtils.UpdateChannel);
+#else
+ dsURI = dsURI.replace(/%CHANNEL%/g, UpdateChannel.get());
+#endif
+ dsURI = dsURI.replace(/%PLATFORM_VERSION%/g, gApp.platformVersion);
+ dsURI = dsURI.replace(/%DISTRIBUTION%/g,
+ getDistributionPrefValue(PREF_APP_DISTRIBUTION));
+ dsURI = dsURI.replace(/%DISTRIBUTION_VERSION%/g,
+ getDistributionPrefValue(PREF_APP_DISTRIBUTION_VERSION));
+ dsURI = dsURI.replace(/%PING_COUNT%/g, pingCountVersion);
+ dsURI = dsURI.replace(/%TOTAL_PING_COUNT%/g, pingCountTotal);
+ dsURI = dsURI.replace(/%DAYS_SINCE_LAST_PING%/g, daysSinceLastPing);
+ dsURI = dsURI.replace(/\+/g, "%2B");
+
+ // Under normal operations it will take around 5,883,516 years before the
+ // preferences used to store pingCountVersion and pingCountTotal will rollover
+ // so this code doesn't bother trying to do the "right thing" here.
+ if (pingCountVersion != "invalid") {
+ pingCountVersion++;
+ if (pingCountVersion > 2147483647) {
+ // Rollover to -1 if the value is greater than what is support by an
+ // integer preference. The -1 indicates that the counter has been reset.
+ pingCountVersion = -1;
+ }
+ gPref.setIntPref(PREF_BLOCKLIST_PINGCOUNTVERSION, pingCountVersion);
+ }
+
+ if (pingCountTotal != "invalid") {
+ pingCountTotal++;
+ if (pingCountTotal > 2147483647) {
+ // Rollover to 1 if the value is greater than what is support by an
+ // integer preference.
+ pingCountTotal = -1;
+ }
+ gPref.setIntPref(PREF_BLOCKLIST_PINGCOUNTTOTAL, pingCountTotal);
+ }
+
+ // Verify that the URI is valid
+ try {
+ var uri = newURI(dsURI);
+ }
+ catch (e) {
+ LOG("Blocklist::notify: There was an error creating the blocklist URI\r\n" +
+ "for: " + dsURI + ", error: " + e);
+ return;
+ }
+
+ LOG("Blocklist::notify: Requesting " + uri.spec);
+ let request = new ServiceRequest();
+ request.open("GET", uri.spec, true);
+ request.channel.notificationCallbacks = new gCertUtils.BadCertHandler();
+ request.overrideMimeType("text/xml");
+ request.setRequestHeader("Cache-Control", "no-cache");
+ request.QueryInterface(Components.interfaces.nsIJSXMLHttpRequest);
+
+ request.addEventListener("error", event => this.onXMLError(event), false);
+ request.addEventListener("load", event => this.onXMLLoad(event), false);
+ request.send(null);
+
+ // When the blocklist loads we need to compare it to the current copy so
+ // make sure we have loaded it.
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+ },
+
+ onXMLLoad: Task.async(function*(aEvent) {
+ let request = aEvent.target;
+ try {
+ gCertUtils.checkCert(request.channel);
+ }
+ catch (e) {
+ LOG("Blocklist::onXMLLoad: " + e);
+ return;
+ }
+ let responseXML = request.responseXML;
+ if (!responseXML || responseXML.documentElement.namespaceURI == XMLURI_PARSE_ERROR ||
+ (request.status != 200 && request.status != 0)) {
+ LOG("Blocklist::onXMLLoad: there was an error during load");
+ return;
+ }
+
+ var oldAddonEntries = this._addonEntries;
+ var oldPluginEntries = this._pluginEntries;
+ this._addonEntries = [];
+ this._gfxEntries = [];
+ this._pluginEntries = [];
+
+ this._loadBlocklistFromString(request.responseText);
+ // We don't inform the users when the graphics blocklist changed at runtime.
+ // However addons and plugins blocking status is refreshed.
+ this._blocklistUpdated(oldAddonEntries, oldPluginEntries);
+
+ try {
+ let path = OS.Path.join(OS.Constants.Path.profileDir, FILE_BLOCKLIST);
+ yield OS.File.writeAtomic(path, request.responseText, {tmpPath: path + ".tmp"});
+ } catch (e) {
+ LOG("Blocklist::onXMLLoad: " + e);
+ }
+ }),
+
+ onXMLError: function(aEvent) {
+ try {
+ var request = aEvent.target;
+ // the following may throw (e.g. a local file or timeout)
+ var status = request.status;
+ }
+ catch (e) {
+ request = aEvent.target.channel.QueryInterface(Ci.nsIRequest);
+ status = request.status;
+ }
+ var statusText = "nsIXMLHttpRequest channel unavailable";
+ // When status is 0 we don't have a valid channel.
+ if (status != 0) {
+ try {
+ statusText = request.statusText;
+ } catch (e) {
+ }
+ }
+ LOG("Blocklist:onError: There was an error loading the blocklist file\r\n" +
+ statusText);
+ },
+
+ /**
+ * Finds the newest blocklist file from the application and the profile and
+ * load it or does nothing if neither exist.
+ */
+ _loadBlocklist: function() {
+ this._addonEntries = [];
+ this._gfxEntries = [];
+ this._pluginEntries = [];
+ var profFile = FileUtils.getFile(KEY_PROFILEDIR, [FILE_BLOCKLIST]);
+ if (profFile.exists()) {
+ this._loadBlocklistFromFile(profFile);
+ return;
+ }
+ var appFile = FileUtils.getFile(KEY_APPDIR, [FILE_BLOCKLIST]);
+ if (appFile.exists()) {
+ this._loadBlocklistFromFile(appFile);
+ return;
+ }
+ LOG("Blocklist::_loadBlocklist: no XML File found");
+ },
+
+ /**
+# The blocklist XML file looks something like this:
+#
+# <blocklist xmlns="http://www.mozilla.org/2006/addons-blocklist">
+# <emItems>
+# <emItem id="item_1@domain" blockID="i1">
+# <prefs>
+# <pref>accessibility.accesskeycausesactivation</pref>
+# <pref>accessibility.blockautorefresh</pref>
+# </prefs>
+# <versionRange minVersion="1.0" maxVersion="2.0.*">
+# <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
+# <versionRange minVersion="1.5" maxVersion="1.5.*"/>
+# <versionRange minVersion="1.7" maxVersion="1.7.*"/>
+# </targetApplication>
+# <targetApplication id="toolkit@mozilla.org">
+# <versionRange minVersion="1.9" maxVersion="1.9.*"/>
+# </targetApplication>
+# </versionRange>
+# <versionRange minVersion="3.0" maxVersion="3.0.*">
+# <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
+# <versionRange minVersion="1.5" maxVersion="1.5.*"/>
+# </targetApplication>
+# <targetApplication id="toolkit@mozilla.org">
+# <versionRange minVersion="1.9" maxVersion="1.9.*"/>
+# </targetApplication>
+# </versionRange>
+# </emItem>
+# <emItem id="item_2@domain" blockID="i2">
+# <versionRange minVersion="3.1" maxVersion="4.*"/>
+# </emItem>
+# <emItem id="item_3@domain">
+# <versionRange>
+# <targetApplication id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}">
+# <versionRange minVersion="1.5" maxVersion="1.5.*"/>
+# </targetApplication>
+# </versionRange>
+# </emItem>
+# <emItem id="item_4@domain" blockID="i3">
+# <versionRange>
+# <targetApplication>
+# <versionRange minVersion="1.5" maxVersion="1.5.*"/>
+# </targetApplication>
+# </versionRange>
+# <emItem id="/@badperson\.com$/"/>
+# </emItems>
+# <pluginItems>
+# <pluginItem blockID="i4">
+# <!-- All match tags must match a plugin to blocklist a plugin -->
+# <match name="name" exp="some plugin"/>
+# <match name="description" exp="1[.]2[.]3"/>
+# </pluginItem>
+# </pluginItems>
+# <certItems>
+# <!-- issuerName is the DER issuer name data base64 encoded... -->
+# <certItem issuerName="MA0xCzAJBgNVBAMMAmNh">
+# <!-- ... as is the serial number DER data -->
+# <serialNumber>AkHVNA==</serialNumber>
+# </certItem>
+# <!-- subject is the DER subject name data base64 encoded... -->
+# <certItem subject="MA0xCzAJBgNVBAMMAmNh" pubKeyHash="/xeHA5s+i9/z9d8qy6JEuE1xGoRYIwgJuTE/lmaGJ7M=">
+# </certItem>
+# </certItems>
+# </blocklist>
+ */
+
+ _loadBlocklistFromFile: function(file) {
+ if (!gBlocklistEnabled) {
+ LOG("Blocklist::_loadBlocklistFromFile: blocklist is disabled");
+ return;
+ }
+
+ let telemetry = Services.telemetry;
+
+ if (this._isBlocklistPreloaded()) {
+ telemetry.getHistogramById("BLOCKLIST_SYNC_FILE_LOAD").add(false);
+ this._loadBlocklistFromString(this._preloadedBlocklistContent);
+ delete this._preloadedBlocklistContent;
+ return;
+ }
+
+ if (!file.exists()) {
+ LOG("Blocklist::_loadBlocklistFromFile: XML File does not exist " + file.path);
+ return;
+ }
+
+ telemetry.getHistogramById("BLOCKLIST_SYNC_FILE_LOAD").add(true);
+
+ let text = "";
+ let fstream = null;
+ let cstream = null;
+
+ try {
+ fstream = Components.classes["@mozilla.org/network/file-input-stream;1"]
+ .createInstance(Components.interfaces.nsIFileInputStream);
+ cstream = Components.classes["@mozilla.org/intl/converter-input-stream;1"]
+ .createInstance(Components.interfaces.nsIConverterInputStream);
+
+ fstream.init(file, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0);
+ cstream.init(fstream, "UTF-8", 0, 0);
+
+ let str = {};
+ let read = 0;
+
+ do {
+ read = cstream.readString(0xffffffff, str); // read as much as we can and put it in str.value
+ text += str.value;
+ } while (read != 0);
+ } catch (e) {
+ LOG("Blocklist::_loadBlocklistFromFile: Failed to load XML file " + e);
+ } finally {
+ if (cstream)
+ cstream.close();
+ if (fstream)
+ fstream.close();
+ }
+
+ if (text)
+ this._loadBlocklistFromString(text);
+ },
+
+ _isBlocklistLoaded: function() {
+ return this._addonEntries != null && this._gfxEntries != null && this._pluginEntries != null;
+ },
+
+ _isBlocklistPreloaded: function() {
+ return this._preloadedBlocklistContent != null;
+ },
+
+ /* Used for testing */
+ _clear: function() {
+ this._addonEntries = null;
+ this._gfxEntries = null;
+ this._pluginEntries = null;
+ this._preloadedBlocklistContent = null;
+ },
+
+ _preloadBlocklist: Task.async(function*() {
+ let profPath = OS.Path.join(OS.Constants.Path.profileDir, FILE_BLOCKLIST);
+ try {
+ yield this._preloadBlocklistFile(profPath);
+ return;
+ } catch (e) {
+ LOG("Blocklist::_preloadBlocklist: Failed to load XML file " + e)
+ }
+
+ var appFile = FileUtils.getFile(KEY_APPDIR, [FILE_BLOCKLIST]);
+ try {
+ yield this._preloadBlocklistFile(appFile.path);
+ return;
+ } catch (e) {
+ LOG("Blocklist::_preloadBlocklist: Failed to load XML file " + e)
+ }
+
+ LOG("Blocklist::_preloadBlocklist: no XML File found");
+ }),
+
+ _preloadBlocklistFile: Task.async(function*(path) {
+ if (this._addonEntries) {
+ // The file has been already loaded.
+ return;
+ }
+
+ if (!gBlocklistEnabled) {
+ LOG("Blocklist::_preloadBlocklistFile: blocklist is disabled");
+ return;
+ }
+
+ let text = yield OS.File.read(path, { encoding: "utf-8" });
+
+ if (!this._addonEntries) {
+ // Store the content only if a sync load has not been performed in the meantime.
+ this._preloadedBlocklistContent = text;
+ }
+ }),
+
+ _loadBlocklistFromString : function(text) {
+ try {
+ var parser = Cc["@mozilla.org/xmlextras/domparser;1"].
+ createInstance(Ci.nsIDOMParser);
+ var doc = parser.parseFromString(text, "text/xml");
+ if (doc.documentElement.namespaceURI != XMLURI_BLOCKLIST) {
+ LOG("Blocklist::_loadBlocklistFromFile: aborting due to incorrect " +
+ "XML Namespace.\r\nExpected: " + XMLURI_BLOCKLIST + "\r\n" +
+ "Received: " + doc.documentElement.namespaceURI);
+ return;
+ }
+
+ var populateCertBlocklist = getPref("getBoolPref", PREF_ONECRL_VIA_AMO, true);
+
+ var childNodes = doc.documentElement.childNodes;
+ for (let element of childNodes) {
+ if (!(element instanceof Ci.nsIDOMElement))
+ continue;
+ switch (element.localName) {
+ case "emItems":
+ this._addonEntries = this._processItemNodes(element.childNodes, "emItem",
+ this._handleEmItemNode);
+ break;
+ case "pluginItems":
+ this._pluginEntries = this._processItemNodes(element.childNodes, "pluginItem",
+ this._handlePluginItemNode);
+ break;
+ case "certItems":
+ if (populateCertBlocklist) {
+ this._processItemNodes(element.childNodes, "certItem",
+ this._handleCertItemNode.bind(this));
+ }
+ break;
+ case "gfxItems":
+ // Parse as simple list of objects.
+ this._gfxEntries = this._processItemNodes(element.childNodes, "gfxBlacklistEntry",
+ this._handleGfxBlacklistNode);
+ break;
+ default:
+ LOG("Blocklist::_loadBlocklistFromString: ignored entries " + element.localName);
+ }
+ }
+ if (populateCertBlocklist) {
+ gCertBlocklistService.saveEntries();
+ }
+ if (this._gfxEntries.length > 0) {
+ this._notifyObserversBlocklistGFX();
+ }
+ }
+ catch (e) {
+ LOG("Blocklist::_loadBlocklistFromFile: Error constructing blocklist " + e);
+ return;
+ }
+ },
+
+ _processItemNodes: function(itemNodes, itemName, handler) {
+ var result = [];
+ for (var i = 0; i < itemNodes.length; ++i) {
+ var blocklistElement = itemNodes.item(i);
+ if (!(blocklistElement instanceof Ci.nsIDOMElement) ||
+ blocklistElement.localName != itemName)
+ continue;
+
+ handler(blocklistElement, result);
+ }
+ return result;
+ },
+
+ _handleCertItemNode: function(blocklistElement, result) {
+ let issuer = blocklistElement.getAttribute("issuerName");
+ if (issuer) {
+ for (let snElement of blocklistElement.children) {
+ try {
+ gCertBlocklistService.revokeCertByIssuerAndSerial(issuer, snElement.textContent);
+ } catch (e) {
+ // we want to keep trying other elements since missing all items
+ // is worse than missing one
+ LOG("Blocklist::_handleCertItemNode: Error adding revoked cert by Issuer and Serial" + e);
+ }
+ }
+ return;
+ }
+
+ let pubKeyHash = blocklistElement.getAttribute("pubKeyHash");
+ let subject = blocklistElement.getAttribute("subject");
+
+ if (pubKeyHash && subject) {
+ try {
+ gCertBlocklistService.revokeCertBySubjectAndPubKey(subject, pubKeyHash);
+ } catch (e) {
+ LOG("Blocklist::_handleCertItemNode: Error adding revoked cert by Subject and PubKey" + e);
+ }
+ }
+ },
+
+ _handleEmItemNode: function(blocklistElement, result) {
+ if (!matchesOSABI(blocklistElement))
+ return;
+
+ let blockEntry = {
+ versions: [],
+ prefs: [],
+ blockID: null,
+ attributes: new Map()
+ // Atleast one of EXTENSION_BLOCK_FILTERS must get added to attributes
+ };
+
+ // Any filter starting with '/' is interpreted as a regex. So if an attribute
+ // starts with a '/' it must be checked via a regex.
+ function regExpCheck(attr) {
+ return attr.startsWith("/") ? parseRegExp(attr) : attr;
+ }
+
+ for (let filter of EXTENSION_BLOCK_FILTERS) {
+ let attr = blocklistElement.getAttribute(filter);
+ if (attr)
+ blockEntry.attributes.set(filter, regExpCheck(attr));
+ }
+
+ var childNodes = blocklistElement.childNodes;
+
+ for (let x = 0; x < childNodes.length; x++) {
+ var childElement = childNodes.item(x);
+ if (!(childElement instanceof Ci.nsIDOMElement))
+ continue;
+ if (childElement.localName === "prefs") {
+ let prefElements = childElement.childNodes;
+ for (let i = 0; i < prefElements.length; i++) {
+ let prefElement = prefElements.item(i);
+ if (!(prefElement instanceof Ci.nsIDOMElement) ||
+ prefElement.localName !== "pref")
+ continue;
+ blockEntry.prefs.push(prefElement.textContent);
+ }
+ }
+ else if (childElement.localName === "versionRange")
+ blockEntry.versions.push(new BlocklistItemData(childElement));
+ }
+ // if only the extension ID is specified block all versions of the
+ // extension for the current application.
+ if (blockEntry.versions.length == 0)
+ blockEntry.versions.push(new BlocklistItemData(null));
+
+ blockEntry.blockID = blocklistElement.getAttribute("blockID");
+
+ result.push(blockEntry);
+ },
+
+ _handlePluginItemNode: function(blocklistElement, result) {
+ if (!matchesOSABI(blocklistElement))
+ return;
+
+ var matchNodes = blocklistElement.childNodes;
+ var blockEntry = {
+ matches: {},
+ versions: [],
+ blockID: null,
+ infoURL: null,
+ };
+ var hasMatch = false;
+ for (var x = 0; x < matchNodes.length; ++x) {
+ var matchElement = matchNodes.item(x);
+ if (!(matchElement instanceof Ci.nsIDOMElement))
+ continue;
+ if (matchElement.localName == "match") {
+ var name = matchElement.getAttribute("name");
+ var exp = matchElement.getAttribute("exp");
+ try {
+ blockEntry.matches[name] = new RegExp(exp, "m");
+ hasMatch = true;
+ } catch (e) {
+ // Ignore invalid regular expressions
+ }
+ }
+ if (matchElement.localName == "versionRange") {
+ blockEntry.versions.push(new BlocklistItemData(matchElement));
+ }
+ else if (matchElement.localName == "infoURL") {
+ blockEntry.infoURL = matchElement.textContent;
+ }
+ }
+ // Plugin entries require *something* to match to an actual plugin
+ if (!hasMatch)
+ return;
+ // Add a default versionRange if there wasn't one specified
+ if (blockEntry.versions.length == 0)
+ blockEntry.versions.push(new BlocklistItemData(null));
+
+ blockEntry.blockID = blocklistElement.getAttribute("blockID");
+
+ result.push(blockEntry);
+ },
+
+ // <gfxBlacklistEntry blockID="g60">
+ // <os>WINNT 6.0</os>
+ // <osversion>14</osversion> currently only used for Android
+ // <versionRange minVersion="42.0" maxVersion="13.0b2"/>
+ // <vendor>0x8086</vendor>
+ // <devices>
+ // <device>0x2582</device>
+ // <device>0x2782</device>
+ // </devices>
+ // <feature> DIRECT3D_10_LAYERS </feature>
+ // <featureStatus> BLOCKED_DRIVER_VERSION </featureStatus>
+ // <driverVersion> 8.52.322.2202 </driverVersion>
+ // <driverVersionMax> 8.52.322.2202 </driverVersionMax>
+ // <driverVersionComparator> LESS_THAN_OR_EQUAL </driverVersionComparator>
+ // <model>foo</model>
+ // <product>foo</product>
+ // <manufacturer>foo</manufacturer>
+ // <hardware>foo</hardware>
+ // </gfxBlacklistEntry>
+ _handleGfxBlacklistNode: function (blocklistElement, result) {
+ const blockEntry = {};
+
+ // The blockID attribute is always present in the actual data produced on server
+ // (see https://github.com/mozilla/addons-server/blob/2016.05.05/src/olympia/blocklist/templates/blocklist/blocklist.xml#L74)
+ // But it is sometimes missing in test fixtures.
+ if (blocklistElement.hasAttribute("blockID")) {
+ blockEntry.blockID = blocklistElement.getAttribute("blockID");
+ }
+
+ // Trim helper (spaces, tabs, no-break spaces..)
+ const trim = (s) => (s || '').replace(/(^[\s\uFEFF\xA0]+)|([\s\uFEFF\xA0]+$)/g, "");
+
+ for (let i = 0; i < blocklistElement.childNodes.length; ++i) {
+ var matchElement = blocklistElement.childNodes.item(i);
+ if (!(matchElement instanceof Ci.nsIDOMElement))
+ continue;
+
+ let value;
+ if (matchElement.localName == "devices") {
+ value = [];
+ for (let j = 0; j < matchElement.childNodes.length; j++) {
+ const childElement = matchElement.childNodes.item(j);
+ const childValue = trim(childElement.textContent);
+ // Make sure no empty value is added.
+ if (childValue) {
+ if (/,/.test(childValue)) {
+ // Devices can't contain comma.
+ // (c.f serialization in _notifyObserversBlocklistGFX)
+ const e = new Error(`Unsupported device name ${childValue}`);
+ Components.utils.reportError(e);
+ }
+ else {
+ value.push(childValue);
+ }
+ }
+ }
+ } else if (matchElement.localName == "versionRange") {
+ value = {minVersion: trim(matchElement.getAttribute("minVersion")) || "0",
+ maxVersion: trim(matchElement.getAttribute("maxVersion")) || "*"};
+ } else {
+ value = trim(matchElement.textContent);
+ }
+ if (value) {
+ blockEntry[matchElement.localName] = value;
+ }
+ }
+ result.push(blockEntry);
+ },
+
+ /* See nsIBlocklistService */
+ getPluginBlocklistState: function(plugin, appVersion, toolkitVersion) {
+#ifdef MOZ_WIDGET_ANDROID
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+#endif
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+ return this._getPluginBlocklistState(plugin, this._pluginEntries,
+ appVersion, toolkitVersion);
+ },
+
+ /**
+ * Private helper to get the blocklist entry for a plugin given a set of
+ * blocklist entries and versions.
+ *
+ * @param plugin
+ * The nsIPluginTag to get the blocklist state for.
+ * @param pluginEntries
+ * The plugin blocklist entries to compare against.
+ * @param appVersion
+ * The application version to compare to, will use the current
+ * version if null.
+ * @param toolkitVersion
+ * The toolkit version to compare to, will use the current version if
+ * null.
+ * @returns {entry: blocklistEntry, version: blocklistEntryVersion},
+ * or null if there is no matching entry.
+ */
+ _getPluginBlocklistEntry: function(plugin, pluginEntries, appVersion, toolkitVersion) {
+ if (!gBlocklistEnabled)
+ return null;
+
+ // Not all applications implement nsIXULAppInfo (e.g. xpcshell doesn't).
+ if (!appVersion && !gApp.version)
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+
+ if (!appVersion)
+ appVersion = gApp.version;
+ if (!toolkitVersion)
+ toolkitVersion = gApp.platformVersion;
+
+ for (var blockEntry of pluginEntries) {
+ var matchFailed = false;
+ for (var name in blockEntry.matches) {
+ if (!(name in plugin) ||
+ typeof(plugin[name]) != "string" ||
+ !blockEntry.matches[name].test(plugin[name])) {
+ matchFailed = true;
+ break;
+ }
+ }
+
+ if (matchFailed)
+ continue;
+
+ for (let blockEntryVersion of blockEntry.versions) {
+ if (blockEntryVersion.includesItem(plugin.version, appVersion,
+ toolkitVersion)) {
+ return {entry: blockEntry, version: blockEntryVersion};
+ }
+ }
+ }
+
+ return null;
+ },
+
+ /**
+ * Private version of getPluginBlocklistState that allows the caller to pass in
+ * the plugin blocklist entries.
+ *
+ * @param plugin
+ * The nsIPluginTag to get the blocklist state for.
+ * @param pluginEntries
+ * The plugin blocklist entries to compare against.
+ * @param appVersion
+ * The application version to compare to, will use the current
+ * version if null.
+ * @param toolkitVersion
+ * The toolkit version to compare to, will use the current version if
+ * null.
+ * @returns The blocklist state for the item, one of the STATE constants as
+ * defined in nsIBlocklistService.
+ */
+ _getPluginBlocklistState: function(plugin, pluginEntries, appVersion, toolkitVersion) {
+
+ let r = this._getPluginBlocklistEntry(plugin, pluginEntries,
+ appVersion, toolkitVersion);
+ if (!r) {
+ return Ci.nsIBlocklistService.STATE_NOT_BLOCKED;
+ }
+
+ let {entry: blockEntry, version: blockEntryVersion} = r;
+
+ if (blockEntryVersion.severity >= gBlocklistLevel)
+ return Ci.nsIBlocklistService.STATE_BLOCKED;
+ if (blockEntryVersion.severity == SEVERITY_OUTDATED) {
+ let vulnerabilityStatus = blockEntryVersion.vulnerabilityStatus;
+ if (vulnerabilityStatus == VULNERABILITYSTATUS_UPDATE_AVAILABLE)
+ return Ci.nsIBlocklistService.STATE_VULNERABLE_UPDATE_AVAILABLE;
+ if (vulnerabilityStatus == VULNERABILITYSTATUS_NO_UPDATE)
+ return Ci.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE;
+ return Ci.nsIBlocklistService.STATE_OUTDATED;
+ }
+ return Ci.nsIBlocklistService.STATE_SOFTBLOCKED;
+ },
+
+ /* See nsIBlocklistService */
+ getPluginBlocklistURL: function(plugin) {
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+
+ let r = this._getPluginBlocklistEntry(plugin, this._pluginEntries);
+ if (!r) {
+ return null;
+ }
+ let {entry: blockEntry, version: blockEntryVersion} = r;
+ if (!blockEntry.blockID) {
+ return null;
+ }
+
+ return this._createBlocklistURL(blockEntry.blockID);
+ },
+
+ /* See nsIBlocklistService */
+ getPluginInfoURL: function(plugin) {
+ if (!this._isBlocklistLoaded())
+ this._loadBlocklist();
+
+ let r = this._getPluginBlocklistEntry(plugin, this._pluginEntries);
+ if (!r) {
+ return null;
+ }
+ let {entry: blockEntry, version: blockEntryVersion} = r;
+ if (!blockEntry.blockID) {
+ return null;
+ }
+
+ return blockEntry.infoURL;
+ },
+
+ _notifyObserversBlocklistGFX: function () {
+ // Notify `GfxInfoBase`, by passing a string serialization.
+ // This way we avoid spreading XML structure logics there.
+ const payload = this._gfxEntries.map((r) => {
+ return Object.keys(r).sort().filter((k) => !/id|last_modified/.test(k)).map((key) => {
+ let value = r[key];
+ if (Array.isArray(value)) {
+ value = value.join(",");
+ } else if (value.hasOwnProperty("minVersion")) {
+ // When XML is parsed, both minVersion and maxVersion are set.
+ value = `${value.minVersion},${value.maxVersion}`;
+ }
+ return `${key}:${value}`;
+ }).join("\t");
+ }).join("\n");
+ Services.obs.notifyObservers(null, "blocklist-data-gfxItems", payload);
+ },
+
+ _notifyObserversBlocklistUpdated: function() {
+ Services.obs.notifyObservers(this, "blocklist-updated", "");
+ Services.ppmm.broadcastAsyncMessage("Blocklist:blocklistInvalidated", {});
+ },
+
+ _blocklistUpdated: function(oldAddonEntries, oldPluginEntries) {
+ var addonList = [];
+
+ // A helper function that reverts the prefs passed to default values.
+ function resetPrefs(prefs) {
+ for (let pref of prefs)
+ gPref.clearUserPref(pref);
+ }
+ const types = ["extension", "theme", "locale", "dictionary", "service"];
+ AddonManager.getAddonsByTypes(types, addons => {
+ for (let addon of addons) {
+ let oldState = Ci.nsIBlocklistService.STATE_NOTBLOCKED;
+ if (oldAddonEntries)
+ oldState = this._getAddonBlocklistState(addon, oldAddonEntries);
+ let state = this.getAddonBlocklistState(addon);
+
+ LOG("Blocklist state for " + addon.id + " changed from " +
+ oldState + " to " + state);
+
+ // We don't want to re-warn about add-ons
+ if (state == oldState)
+ continue;
+
+ if (state === Ci.nsIBlocklistService.STATE_BLOCKED) {
+ // It's a hard block. We must reset certain preferences.
+ let prefs = this._getAddonPrefs(addon);
+ resetPrefs(prefs);
+ }
+
+ // Ensure that softDisabled is false if the add-on is not soft blocked
+ if (state != Ci.nsIBlocklistService.STATE_SOFTBLOCKED)
+ addon.softDisabled = false;
+
+ // Don't warn about add-ons becoming unblocked.
+ if (state == Ci.nsIBlocklistService.STATE_NOT_BLOCKED)
+ continue;
+
+ // If an add-on has dropped from hard to soft blocked just mark it as
+ // soft disabled and don't warn about it.
+ if (state == Ci.nsIBlocklistService.STATE_SOFTBLOCKED &&
+ oldState == Ci.nsIBlocklistService.STATE_BLOCKED) {
+ addon.softDisabled = true;
+ continue;
+ }
+
+ // If the add-on is already disabled for some reason then don't warn
+ // about it
+ if (!addon.isActive) {
+ // But mark it as softblocked if necessary. Note that we avoid setting
+ // softDisabled at the same time as userDisabled to make it clear
+ // which was the original cause of the add-on becoming disabled in a
+ // way that the user can change.
+ if (state == Ci.nsIBlocklistService.STATE_SOFTBLOCKED && !addon.userDisabled)
+ addon.softDisabled = true;
+ continue;
+ }
+
+ addonList.push({
+ name: addon.name,
+ version: addon.version,
+ icon: addon.iconURL,
+ disable: false,
+ blocked: state == Ci.nsIBlocklistService.STATE_BLOCKED,
+ item: addon,
+ url: this.getAddonBlocklistURL(addon),
+ });
+ }
+
+ AddonManagerPrivate.updateAddonAppDisabledStates();
+
+ var phs = Cc["@mozilla.org/plugin/host;1"].
+ getService(Ci.nsIPluginHost);
+ var plugins = phs.getPluginTags();
+
+ for (let plugin of plugins) {
+ let oldState = -1;
+ if (oldPluginEntries)
+ oldState = this._getPluginBlocklistState(plugin, oldPluginEntries);
+ let state = this.getPluginBlocklistState(plugin);
+ LOG("Blocklist state for " + plugin.name + " changed from " +
+ oldState + " to " + state);
+ // We don't want to re-warn about items
+ if (state == oldState)
+ continue;
+
+ if (oldState == Ci.nsIBlocklistService.STATE_BLOCKED) {
+ if (state == Ci.nsIBlocklistService.STATE_SOFTBLOCKED)
+ plugin.enabledState = Ci.nsIPluginTag.STATE_DISABLED;
+ }
+ else if (!plugin.disabled && state != Ci.nsIBlocklistService.STATE_NOT_BLOCKED) {
+ if (state != Ci.nsIBlocklistService.STATE_OUTDATED &&
+ state != Ci.nsIBlocklistService.STATE_VULNERABLE_UPDATE_AVAILABLE &&
+ state != Ci.nsIBlocklistService.STATE_VULNERABLE_NO_UPDATE) {
+ addonList.push({
+ name: plugin.name,
+ version: plugin.version,
+ icon: "chrome://mozapps/skin/plugins/pluginGeneric.png",
+ disable: false,
+ blocked: state == Ci.nsIBlocklistService.STATE_BLOCKED,
+ item: plugin,
+ url: this.getPluginBlocklistURL(plugin),
+ });
+ }
+ }
+ }
+
+ if (addonList.length == 0) {
+ this._notifyObserversBlocklistUpdated();
+ return;
+ }
+
+ if ("@mozilla.org/addons/blocklist-prompt;1" in Cc) {
+ try {
+ let blockedPrompter = Cc["@mozilla.org/addons/blocklist-prompt;1"]
+ .getService(Ci.nsIBlocklistPrompt);
+ blockedPrompter.prompt(addonList);
+ } catch (e) {
+ LOG(e);
+ }
+ this._notifyObserversBlocklistUpdated();
+ return;
+ }
+
+ var args = {
+ restart: false,
+ list: addonList
+ };
+ // This lets the dialog get the raw js object
+ args.wrappedJSObject = args;
+
+ /*
+ Some tests run without UI, so the async code listens to a message
+ that can be sent programatically
+ */
+ let applyBlocklistChanges = () => {
+ for (let addon of addonList) {
+ if (!addon.disable)
+ continue;
+
+ if (addon.item instanceof Ci.nsIPluginTag)
+ addon.item.enabledState = Ci.nsIPluginTag.STATE_DISABLED;
+ else {
+ // This add-on is softblocked.
+ addon.item.softDisabled = true;
+ // We must revert certain prefs.
+ let prefs = this._getAddonPrefs(addon.item);
+ resetPrefs(prefs);
+ }
+ }
+
+ if (args.restart)
+ restartApp();
+
+ this._notifyObserversBlocklistUpdated();
+ Services.obs.removeObserver(applyBlocklistChanges, "addon-blocklist-closed");
+ }
+
+ Services.obs.addObserver(applyBlocklistChanges, "addon-blocklist-closed", false);
+
+ if (getPref("getBoolPref", PREF_BLOCKLIST_SUPPRESSUI, false)) {
+ applyBlocklistChanges();
+ return;
+ }
+
+ function blocklistUnloadHandler(event) {
+ if (event.target.location == URI_BLOCKLIST_DIALOG) {
+ applyBlocklistChanges();
+ blocklistWindow.removeEventListener("unload", blocklistUnloadHandler);
+ }
+ }
+
+ let blocklistWindow = Services.ww.openWindow(null, URI_BLOCKLIST_DIALOG, "",
+ "chrome,centerscreen,dialog,titlebar", args);
+ if (blocklistWindow)
+ blocklistWindow.addEventListener("unload", blocklistUnloadHandler, false);
+ });
+ },
+
+ classID: Components.ID("{66354bc9-7ed1-4692-ae1d-8da97d6b205e}"),
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver,
+ Ci.nsIBlocklistService,
+ Ci.nsITimerCallback]),
+};
+
+/**
+ * Helper for constructing a blocklist.
+ */
+function BlocklistItemData(versionRangeElement) {
+ var versionRange = this.getBlocklistVersionRange(versionRangeElement);
+ this.minVersion = versionRange.minVersion;
+ this.maxVersion = versionRange.maxVersion;
+ if (versionRangeElement && versionRangeElement.hasAttribute("severity"))
+ this.severity = versionRangeElement.getAttribute("severity");
+ else
+ this.severity = DEFAULT_SEVERITY;
+ if (versionRangeElement && versionRangeElement.hasAttribute("vulnerabilitystatus")) {
+ this.vulnerabilityStatus = versionRangeElement.getAttribute("vulnerabilitystatus");
+ } else {
+ this.vulnerabilityStatus = VULNERABILITYSTATUS_NONE;
+ }
+ this.targetApps = { };
+ var found = false;
+
+ if (versionRangeElement) {
+ for (var i = 0; i < versionRangeElement.childNodes.length; ++i) {
+ var targetAppElement = versionRangeElement.childNodes.item(i);
+ if (!(targetAppElement instanceof Ci.nsIDOMElement) ||
+ targetAppElement.localName != "targetApplication")
+ continue;
+ found = true;
+ // default to the current application if id is not provided.
+ var appID = targetAppElement.hasAttribute("id") ? targetAppElement.getAttribute("id") : gApp.ID;
+ this.targetApps[appID] = this.getBlocklistAppVersions(targetAppElement);
+ }
+ }
+ // Default to all versions of the current application when no targetApplication
+ // elements were found
+ if (!found)
+ this.targetApps[gApp.ID] = this.getBlocklistAppVersions(null);
+}
+
+BlocklistItemData.prototype = {
+ /**
+ * Tests if a version of an item is included in the version range and target
+ * application information represented by this BlocklistItemData using the
+ * provided application and toolkit versions.
+ * @param version
+ * The version of the item being tested.
+ * @param appVersion
+ * The application version to test with.
+ * @param toolkitVersion
+ * The toolkit version to test with.
+ * @returns True if the version range covers the item version and application
+ * or toolkit version.
+ */
+ includesItem: function(version, appVersion, toolkitVersion) {
+ // Some platforms have no version for plugins, these don't match if there
+ // was a min/maxVersion provided
+ if (!version && (this.minVersion || this.maxVersion))
+ return false;
+
+ // Check if the item version matches
+ if (!this.matchesRange(version, this.minVersion, this.maxVersion))
+ return false;
+
+ // Check if the application version matches
+ if (this.matchesTargetRange(gApp.ID, appVersion))
+ return true;
+
+ // Check if the toolkit version matches
+ return this.matchesTargetRange(TOOLKIT_ID, toolkitVersion);
+ },
+
+ /**
+ * Checks if a version is higher than or equal to the minVersion (if provided)
+ * and lower than or equal to the maxVersion (if provided).
+ * @param version
+ * The version to test.
+ * @param minVersion
+ * The minimum version. If null it is assumed that version is always
+ * larger.
+ * @param maxVersion
+ * The maximum version. If null it is assumed that version is always
+ * smaller.
+ */
+ matchesRange: function(version, minVersion, maxVersion) {
+ if (minVersion && gVersionChecker.compare(version, minVersion) < 0)
+ return false;
+ if (maxVersion && gVersionChecker.compare(version, maxVersion) > 0)
+ return false;
+ return true;
+ },
+
+ /**
+ * Tests if there is a matching range for the given target application id and
+ * version.
+ * @param appID
+ * The application ID to test for, may be for an application or toolkit
+ * @param appVersion
+ * The version of the application to test for.
+ * @returns True if this version range covers the application version given.
+ */
+ matchesTargetRange: function(appID, appVersion) {
+ var blTargetApp = this.targetApps[appID];
+ if (!blTargetApp)
+ return false;
+
+ for (let app of blTargetApp) {
+ if (this.matchesRange(appVersion, app.minVersion, app.maxVersion))
+ return true;
+ }
+
+ return false;
+ },
+
+ /**
+ * Retrieves a version range (e.g. minVersion and maxVersion) for a
+ * blocklist item's targetApplication element.
+ * @param targetAppElement
+ * A targetApplication blocklist element.
+ * @returns An array of JS objects with the following properties:
+ * "minVersion" The minimum version in a version range (default = null).
+ * "maxVersion" The maximum version in a version range (default = null).
+ */
+ getBlocklistAppVersions: function(targetAppElement) {
+ var appVersions = [ ];
+
+ if (targetAppElement) {
+ for (var i = 0; i < targetAppElement.childNodes.length; ++i) {
+ var versionRangeElement = targetAppElement.childNodes.item(i);
+ if (!(versionRangeElement instanceof Ci.nsIDOMElement) ||
+ versionRangeElement.localName != "versionRange")
+ continue;
+ appVersions.push(this.getBlocklistVersionRange(versionRangeElement));
+ }
+ }
+ // return minVersion = null and maxVersion = null if no specific versionRange
+ // elements were found
+ if (appVersions.length == 0)
+ appVersions.push(this.getBlocklistVersionRange(null));
+ return appVersions;
+ },
+
+ /**
+ * Retrieves a version range (e.g. minVersion and maxVersion) for a blocklist
+ * versionRange element.
+ * @param versionRangeElement
+ * The versionRange blocklist element.
+ * @returns A JS object with the following properties:
+ * "minVersion" The minimum version in a version range (default = null).
+ * "maxVersion" The maximum version in a version range (default = null).
+ */
+ getBlocklistVersionRange: function(versionRangeElement) {
+ var minVersion = null;
+ var maxVersion = null;
+ if (!versionRangeElement)
+ return { minVersion: minVersion, maxVersion: maxVersion };
+
+ if (versionRangeElement.hasAttribute("minVersion"))
+ minVersion = versionRangeElement.getAttribute("minVersion");
+ if (versionRangeElement.hasAttribute("maxVersion"))
+ maxVersion = versionRangeElement.getAttribute("maxVersion");
+
+ return { minVersion: minVersion, maxVersion: maxVersion };
+ }
+};
+
+this.NSGetFactory = XPCOMUtils.generateNSGetFactory([Blocklist]);
diff --git a/toolkit/components/blocklist/nsBlocklistServiceContent.js b/toolkit/components/blocklist/nsBlocklistServiceContent.js
new file mode 100644
index 000000000..1752924b5
--- /dev/null
+++ b/toolkit/components/blocklist/nsBlocklistServiceContent.js
@@ -0,0 +1,113 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cr = Components.results;
+
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+Components.utils.import("resource://gre/modules/Services.jsm");
+
+const kMissingAPIMessage = "Unsupported blocklist call in the child process."
+
+/*
+ * A lightweight blocklist proxy for the content process that traps plugin
+ * related blocklist checks and forwards them to the parent. This interface is
+ * primarily designed to insure overlays work.. it does not control plugin
+ * or addon loading.
+ */
+
+function Blocklist() {
+ this.init();
+}
+
+Blocklist.prototype = {
+ classID: Components.ID("{e0a106ed-6ad4-47a4-b6af-2f1c8aa4712d}"),
+
+ QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver,
+ Ci.nsIBlocklistService]),
+
+ init: function() {
+ Services.cpmm.addMessageListener("Blocklist:blocklistInvalidated", this);
+ Services.obs.addObserver(this, "xpcom-shutdown", false);
+ },
+
+ uninit: function() {
+ Services.cpmm.removeMessageListener("Blocklist:blocklistInvalidated", this);
+ Services.obs.removeObserver(this, "xpcom-shutdown", false);
+ },
+
+ observe: function(aSubject, aTopic, aData) {
+ switch (aTopic) {
+ case "xpcom-shutdown":
+ this.uninit();
+ break;
+ }
+ },
+
+ // Message manager message handlers
+ receiveMessage: function(aMsg) {
+ switch (aMsg.name) {
+ case "Blocklist:blocklistInvalidated":
+ Services.obs.notifyObservers(null, "blocklist-updated", null);
+ Services.cpmm.sendAsyncMessage("Blocklist:content-blocklist-updated");
+ break;
+ default:
+ throw new Error("Unknown blocklist message received from content: " + aMsg.name);
+ }
+ },
+
+ /*
+ * A helper that queries key data from a plugin or addon object
+ * and generates a simple data wrapper suitable for ipc. We hand
+ * these directly to the nsBlockListService in the parent which
+ * doesn't query for much.. allowing us to get away with this.
+ */
+ flattenObject: function(aTag) {
+ // Based on debugging the nsBlocklistService, these are the props the
+ // parent side will check on our objects.
+ let props = ["name", "description", "filename", "version"];
+ let dataWrapper = {};
+ for (let prop of props) {
+ dataWrapper[prop] = aTag[prop];
+ }
+ return dataWrapper;
+ },
+
+ // We support the addon methods here for completeness, but content currently
+ // only calls getPluginBlocklistState.
+
+ isAddonBlocklisted: function(aAddon, aAppVersion, aToolkitVersion) {
+ return true;
+ },
+
+ getAddonBlocklistState: function(aAddon, aAppVersion, aToolkitVersion) {
+ return Components.interfaces.nsIBlocklistService.STATE_BLOCKED;
+ },
+
+ // There are a few callers in layout that rely on this.
+ getPluginBlocklistState: function(aPluginTag, aAppVersion, aToolkitVersion) {
+ return Services.cpmm.sendSyncMessage("Blocklist:getPluginBlocklistState", {
+ addonData: this.flattenObject(aPluginTag),
+ appVersion: aAppVersion,
+ toolkitVersion: aToolkitVersion
+ })[0];
+ },
+
+ getAddonBlocklistURL: function(aAddon, aAppVersion, aToolkitVersion) {
+ throw new Error(kMissingAPIMessage);
+ },
+
+ getPluginBlocklistURL: function(aPluginTag) {
+ throw new Error(kMissingAPIMessage);
+ },
+
+ getPluginInfoURL: function(aPluginTag) {
+ throw new Error(kMissingAPIMessage);
+ }
+};
+
+this.NSGetFactory = XPCOMUtils.generateNSGetFactory([Blocklist]);