From 832046aeb726dee290d2827a20d571034b6bc64a Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Tue, 1 May 2018 23:37:13 -0400 Subject: [TychoAM] Do not allow Jetpack extensions to install if Jetpack isn't actually built This does not cover the previous case of an application dropping jetpack support.. This follows the WebExtension route. A new case will have to be redeveloped if an existing application drops jetpack support. --- .../en-US/chrome/browser/browser.properties | 2 + .../en-US/chrome/browser/browser.properties | 2 + toolkit/mozapps/extensions/AddonManager.jsm | 2 + .../mozapps/extensions/internal/XPIProvider.jsm | 60 +++++++++++++--------- 4 files changed, 43 insertions(+), 23 deletions(-) diff --git a/application/palemoon/locales/en-US/chrome/browser/browser.properties b/application/palemoon/locales/en-US/chrome/browser/browser.properties index 5dd4ba6d6..481a061d9 100644 --- a/application/palemoon/locales/en-US/chrome/browser/browser.properties +++ b/application/palemoon/locales/en-US/chrome/browser/browser.properties @@ -59,6 +59,7 @@ addonError-1=The add-on could not be downloaded because of a connection failure addonError-2=The add-on from #2 could not be installed because it does not match the add-on #3 expected. addonError-3=The add-on downloaded from #2 could not be installed because it appears to be corrupt. addonError-4=#1 could not be installed because #3 cannot modify the needed file. +addonError-8=The add-on downloaded from #2 could not be installed because #3 does not support Jetpack (SDK) extensions. addonError-9=The add-on downloaded from #2 could not be installed because #3 does not support WebExtensions. # LOCALIZATION NOTE (addonLocalError-1, addonLocalError-2, addonLocalError-3, addonLocalError-4, addonErrorIncompatible, addonErrorBlocklisted): @@ -67,6 +68,7 @@ addonLocalError-1=This add-on could not be installed because of a filesystem err addonLocalError-2=This add-on could not be installed because it does not match the add-on #3 expected. addonLocalError-3=This add-on could not be installed because it appears to be corrupt. addonLocalError-4=#1 could not be installed because #3 cannot modify the needed file. +addonLocalError-8=This add-on could not be installed because #3 does not support Jetpack (SDK) extensions. addonLocalError-9=This add-on could not be installed because #3 does not support WebExtensions. addonErrorIncompatible=#1 could not be installed because it is not compatible with #3 #4. addonErrorBlocklisted=#1 could not be installed because it has a high risk of causing stability or security problems. diff --git a/browser/locales/en-US/chrome/browser/browser.properties b/browser/locales/en-US/chrome/browser/browser.properties index 31f61632b..f7f3e9339 100644 --- a/browser/locales/en-US/chrome/browser/browser.properties +++ b/browser/locales/en-US/chrome/browser/browser.properties @@ -85,12 +85,14 @@ addonInstallError-2=The add-on could not be installed because it does not match addonInstallError-3=The add-on downloaded from this site could not be installed because it appears to be corrupt. addonInstallError-4=%2$S could not be installed because %1$S cannot modify the needed file. addonInstallError-5=%1$S has prevented this site from installing an unverified add-on. +addonInstallError-8=%2$S could not be installed because %1$S does not support Jetpack (SDK) extensions. addonInstallError-9=%2$S could not be installed because %1$S does not support WebExtensions. addonLocalInstallError-1=This add-on could not be installed because of a filesystem error. addonLocalInstallError-2=This add-on could not be installed because it does not match the add-on %1$S expected. addonLocalInstallError-3=This add-on could not be installed because it appears to be corrupt. addonLocalInstallError-4=%2$S could not be installed because %1$S cannot modify the needed file. addonLocalInstallError-5=This add-on could not be installed because it has not been verified. +addonLocalInstallError-8=%2$S could not be installed because %1$S does not support Jetpack (SDK) extensions. addonLocalInstallError-9=%2$S could not be installed because %1$S does not support WebExtensions. diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm index 3913c2088..d4c3a6967 100644 --- a/toolkit/mozapps/extensions/AddonManager.jsm +++ b/toolkit/mozapps/extensions/AddonManager.jsm @@ -2671,6 +2671,8 @@ this.AddonManager = { ERROR_CORRUPT_FILE: -3, // An error occured trying to write to the filesystem. ERROR_FILE_ACCESS: -4, + // The downloaded file seems to be Jetpack. + ERROR_JETPACKSDK_FILE: -8, // The downloaded file seems to be WebExtension. ERROR_WEBEXT_FILE: -9, diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index f7be32ad4..5b3585cd8 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -112,6 +112,10 @@ const DIR_TRASH = "trash"; const FILE_DATABASE = "extensions.json"; const FILE_OLD_CACHE = "extensions.cache"; const FILE_INSTALL_MANIFEST = "install.rdf"; +#ifndef MOZ_JETPACK +const FILE_JETPACK_MANIFEST_1 = "harness-options.json"; +const FILE_JETPACK_MANIFEST_2 = "package.json"; +#endif const FILE_WEBEXT_MANIFEST = "manifest.json"; const FILE_XPI_ADDONS_LIST = "extensions.ini"; @@ -1067,37 +1071,36 @@ function loadManifestFromDir(aDir) { * @throws if the XPI file does not contain a valid install manifest. * Throws with |webext:true| if a WebExtension manifest was found * to distinguish between WebExtensions and corrupt files. + * Throws with |jetpacksdk:true| if a Jetpack files were found + * if Jetpack its self isn't built. */ function loadManifestFromZipReader(aZipReader) { - let zis; - try { - zis = aZipReader.getInputStream(FILE_INSTALL_MANIFEST); - } catch (e) { - // We're going to throw here, but depending on whether we have a - // WebExtension manifest in the XPI, we'll throw with the webext flag. - try { - let zws = aZipReader.getInputStream(FILE_WEBEXT_MANIFEST); - zws.close(); - } catch(e2) { - // We have neither an install manifest nor a WebExtension manifest; - // this means the extension file has a structural problem. - // Just pass the original error up the chain in that case. + // If WebExtension but not install.rdf throw an error + if (aZipReader.hasEntry(FILE_WEBEXT_MANIFEST)) { + if (!aZipReader.hasEntry(FILE_INSTALL_MANIFEST)) { throw { - name: e.name, - message: e.message + name: "UnsupportedExtension", + message: Services.appinfo.name + " does not support WebExtensions", + webext: true }; } - // If we get here, we have a WebExtension manifest but no install - // manifest. Pass the error up the chain with the webext flag. + } + +#ifndef MOZ_JETPACK + // If Jetpack is not built throw an error + if (aZipReader.hasEntry(FILE_JETPACK_MANIFEST_1) || + aZipReader.hasEntry(FILE_JETPACK_MANIFEST_2)) { throw { - name: e.name, - message: e.message, - webext: true + name: "UnsupportedExtension", + message: Services.appinfo.name + " does not support Jetpack Extensions", + jetpacksdk: true }; } - - // We found an install manifest, so it's either a regular or hybrid - // extension. Continue processing. +#endif + + // Attempt to open install.rdf else throw normally + let zis = aZipReader.getInputStream(FILE_INSTALL_MANIFEST); + // Create a buffered input stream for install.rdf let bis = Cc["@mozilla.org/network/buffered-input-stream;1"]. createInstance(Ci.nsIBufferedInputStream); bis.init(zis, 4096); @@ -1126,7 +1129,9 @@ function loadManifestFromZipReader(aZipReader) { return addon; } finally { + // Close the buffered input stream bis.close(); + // Close the input stream to install.rdf zis.close(); } } @@ -5020,6 +5025,11 @@ AddonInstall.prototype = { if (e.webext) { logger.warn("WebExtension XPI", e); this.error = AddonManager.ERROR_WEBEXT_FILE; +#ifndef MOZ_JETPACK + } else if (e.jetpacksdk) { + logger.warn("Jetpack XPI", e); + this.error = AddonManager.ERROR_JETPACKSDK_FILE; +#endif } else { logger.warn("Invalid XPI", e); this.error = AddonManager.ERROR_CORRUPT_FILE; @@ -5661,6 +5671,10 @@ AddonInstall.prototype = { catch (e) { if (e.webext) { this.downloadFailed(AddonManager.ERROR_WEBEXT_FILE, e); +#ifndef MOZ_JETPACK + } else if (e.jetpacksdk) { + this.downloadFailed(AddonManager.ERROR_JETPACKSDK_FILE, e); +#endif } else { this.downloadFailed(AddonManager.ERROR_CORRUPT_FILE, e); } -- cgit v1.2.3