Revista do CD-ROM 151

home *** CD-ROM | disk | FTP | other *** search

/ Revista do CD-ROM 151 / cd-rom 151.iso / internet / firefox / Firefox Setup 3.0 Beta 1.exe / nonlocalized / components / nsSafebrowsingApplication.js < prev next >

Wrap

Text File | 2007-11-09 | 100.2 KB | 2,898 lines

const Cc = Components.classes; const Ci = Components.interfaces; // This is copied from toolkit/components/content/js/lang.js. // It seems cleaner to copy this rather than #include from so far away. Function.prototype.inherits = function(parentCtor) { var tempCtor = function(){}; tempCtor.prototype = parentCtor.prototype; this.superClass_ = parentCtor.prototype; this.prototype = new tempCtor(); } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\application.js" // We instantiate this variable when we create the application. var gDataProvider = null; // An instance of our application is a PROT_Application object. It // basically just populates a few globals and instantiates wardens, // the listmanager, and the about:blocked error page. /** * An instance of our application. There should be exactly one of these. * * Note: This object should instantiated only at profile-after-change * or later because the listmanager and the cryptokeymanager need to * read and write data files. Additionally, NSS isn't loaded until * some time around then (Moz bug #321024). * * @constructor */ function PROT_Application() { this.debugZone= "application"; //@line 83 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\application.js" // expose some classes this.PROT_Controller = PROT_Controller; this.PROT_PhishingWarden = PROT_PhishingWarden; this.PROT_MalwareWarden = PROT_MalwareWarden; // Load data provider pref values gDataProvider = new PROT_DataProvider(); // expose the object this.wrappedJSObject = this; } /** * @param name String The type of url to get (either Phish or Error). * @return String the report phishing URL (localized). */ PROT_Application.prototype.getReportURL = function(name) { return gDataProvider["getReport" + name + "URL"](); } /** * about:blocked implementation */ PROT_Application.prototype.newChannel = function(uri) { var ioService = Cc["@mozilla.org/network/io-service;1"] .getService(Ci.nsIIOService); var childURI = ioService.newURI("chrome://browser/content/safebrowsing/blockedSite.xhtml", null, null); var channel = ioService.newChannelFromURI(childURI); channel.originalURI = uri; return channel; } PROT_Application.prototype.getURIFlags = function(uri) { return Ci.nsIAboutModule.ALLOW_SCRIPT; } PROT_Application.prototype.QueryInterface = function(iid) { if (iid.equals(Ci.nsISupports) || iid.equals(Ci.nsIAboutModule)) return this; Components.returnCode = Components.results.NS_ERROR_NO_INTERFACE; return null; } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\browser-view.js" // There is one BrowserView per browser window, and each BrowserView // is responsible for keeping track of problems (phishy documents) // within that window. The BrowserView is also responsible for // figuring out what to do about such problems, for example, whether // the tab with a phishy page is currently showing and therefore if we // should be showing a warning. // // The BrowserView receives information from three places: // // - from the phishing warden. When the phishing warden notices a // problem, it queries all browser views to see which one (if any) // has the Document that is problematic. It then hands the problem // off to the appropriate BrowserView. // // - from the controller. The controller responds to explicit user // actions (tab switches, requests to hide the warning message, // etc.) and let's the BrowserView know about any user action // having to do with the problems it is tracking. // // The BrowserView associates at most one "problem" with each Document // in the browser window. It keeps state about which Documents are // problematic by storing a "problem queue" on each browser (tab). // At most one problematic document per browser (tab) is active // at any time. That is, we show the warning for at most one phishy // document at any one time. If another phishy doc loads in that tab, // it goes onto the end of the queue to be activated only when the // currently active document goes away. // // If we had multiple types of warnings (one for after the page had // loaded, one for when the user clicked a link, etc) here's where // we'd select the appropate one to use. As it stands, we only have // one displayer (an "afterload" displayer). A displayer knows _how_ // to display a warning, whereas as the BrowserView knows _what_ and // _when_. // // To keep things (relatively) easy to reason about and efficient (the // phishwarden could be querying us inside a progresslistener // notification, or the controller inside an event handler), we have // the following rules: // // - at most one of a displayer's start() or stop() methods is called // in any iteration (if calling two is required, the second is run in // the next event loop) // - displayers should run their operations synchronously so we don't have // to look two places (here and in the displayer) to see what is happening // when // - displayer actions are run after cleaning up the browser view state // in case they have consequences // // TODO: this could use some redesign, but I don't have time. // TODO: the queue needs to be abstracted, but we want another release fast, // so I'm not going to touch it for the time being // TODO: IDN issues and canonical URLs? // TODO: Perhaps we should blur the page before showing a warning in order // to prevent stray keystrokes? /** * The BrowerView is responsible for keeping track of and figuring out * what to do with problems within a single browser window. * * TODO * Unify all browser-related state here. Currently it's split * between two objects, this object and the controller. We could have * this object be solely responsible for UI hide/show decisions, which * would probably make it easier to reason about what's going on. * * TODO * Investigate an alternative model. For example, we could factor out * the problem signaling stuff from the tab/UI logic into a * ProblemRegistry. Attach listeners to new docs/requests as they go * by and have these listeners periodically check in with a * ProblemRegistry to see if they're watching a problematic * doc/request. If so, then have them flag the browser view to be * aware of the problem. * * @constructor * @param tabBrowser Reference to the main tabbrowser we'll use to query * for information about active tabs/browsers. */ function PROT_BrowserView(tabBrowser) { this.debugZone = "browserview"; this.tabBrowser_ = tabBrowser; this.doc_ = this.tabBrowser_.ownerDocument; } /** * Invoked by the warden to give us the opportunity to handle a * problem. A problem is signaled once per request for a problem * Document and is handled at most once, so there's no issue with us * "losing" a problem due to multiple concurrently loading Documents * with the same URL. * * @param warden Reference to the warden signalling the problem. We'll * need him to instantiate one of his warning displayers * * @param request The nsIRequest that is problematic * * @returns Boolean indicating whether we handled problem */ PROT_BrowserView.prototype.tryToHandleProblemRequest = function(warden, request) { // XXX: pass around the URL instead of the request. request.name isn't // really supposed to be used and isn't guaranteed to give the URL. var url = request.name; var browsers = this.tabBrowser_.browsers; for (var i = 0; i < browsers.length; i++) { var browser = browsers[i]; var doc = browser.contentDocument; // We only care about top level documents (and not about frames) if (doc.location.href == url && !this.getProblem_(doc, browser)) { this.isProblemDocument_(browser, doc, warden); return true; } } return false; } /** * We're sure a particular Document is problematic, so let's instantiate * a dispalyer for it and add it to the problem queue for the browser. * * @param browser Reference to the browser in which the problem doc resides * * @param doc Reference to the problematic document * * @param warden Reference to the warden signalling the problem. */ PROT_BrowserView.prototype.isProblemDocument_ = function(browser, doc, warden) { G_Debug(this, "Document is problem: " + doc.location.href); var url = doc.location.href; // We only have one type of displayer right now var displayer = new warden.displayers_["afterload"]("Phishing afterload", browser, this.doc_, url); // We listen for the problematic document being navigated away from // so we can remove it from the problem queue var hideHandler = BindToObject(this.onNavAwayFromProblem_, this, doc, browser); doc.defaultView.addEventListener("pagehide", hideHandler, true); // More info than we technically need, but it comes in handy for debugging var problem = { "browser_": browser, "doc_": doc, "displayer_": displayer, "url_": url, "hideHandler_": hideHandler, }; var numInQueue = this.queueProblem_(browser, problem); // If the queue was empty, schedule us to take something out if (numInQueue == 1) new G_Alarm(BindToObject(this.unqueueNextProblem_, this, browser), 0); } /** * Invoked when a problematic document is navigated away from. * * @param doc Reference to the problematic Document navigated away from * @param browser Reference to the browser in which the problem document * unloaded */ PROT_BrowserView.prototype.onNavAwayFromProblem_ = function(doc, browser) { var problem = this.getProblem_(doc, browser); // We want to know if the user navigated away from the phish site // before or after viewing the warning. var message = problem.displayer_.messageShowing_ ? "phishnavaway" : "ignorenavaway"; G_Debug(this, "User nav'd away from problem: " + message); (new PROT_Reporter).report(message, problem.url_); G_Assert(this, doc === problem.doc_, "State doc not equal to nav away doc?"); G_Assert(this, browser === problem.browser_, "State browser not equal to nav away browser?"); this.problemResolved(browser, doc); } /** * @param browser Reference to a browser we'd like to know about * * @returns Boolean indicating if the browser in question has * problematic content */ PROT_BrowserView.prototype.hasProblem = function(browser) { return this.hasNonemptyProblemQueue_(browser); } /** * @param browser Reference to a browser we'd like to know about * * @returns Boolean indicating if the browser in question has a * problem (i.e., it has a non-empty problem queue) */ PROT_BrowserView.prototype.hasNonemptyProblemQueue_ = function(browser) { try { return !!browser.PROT_problemState__ && !!browser.PROT_problemState__.length; } catch(e) { // We could be checking a browser that has just been closed, in // which case its properties will not be valid, causing the above // statement to throw an error. Since this case handled elsewhere, // just return false. return false; } } /** * Invoked to indicate that the problem for a particular problematic * document in a browser has been resolved (e.g., by being navigated * away from). * * @param browser Reference to the browser in which resolution is happening * * @param opt_doc Reference to the problematic doc whose problem was resolved * (if absent, assumes the doc assocaited with the currently * active displayer) */ PROT_BrowserView.prototype.problemResolved = function(browser, opt_doc) { var problem; var doc; if (!!opt_doc) { doc = opt_doc; problem = this.getProblem_(doc, browser); } else { problem = this.getCurrentProblem_(browser); doc = problem.doc_; } problem.displayer_.done(); var wasHead = this.deleteProblemFromQueue_(doc, browser); // Peek at the next problem (if any) in the queue for this browser var queueNotEmpty = this.getCurrentProblem_(browser); if (wasHead && queueNotEmpty) { G_Debug(this, "More problems pending. Scheduling unqueue."); new G_Alarm(BindToObject(this.unqueueNextProblem_, this, browser), 0); } } /** * Peek at the top of the problem queue and if there's something there, * make it active. * * @param browser Reference to the browser we should activate a problem * displayer in if one is available */ PROT_BrowserView.prototype.unqueueNextProblem_ = function(browser) { var problem = this.getCurrentProblem_(browser); if (!problem) { G_Debug(this, "No problem in queue; doc nav'd away from? (shrug)"); return; } // Two problem docs that load in rapid succession could both schedule // themselves to be unqueued before this method is called. So ensure // that the problem at the head of the queue is not, in fact, active. if (!problem.displayer_.isActive()) { // It could be the case that the server is really slow to respond, // so there might not yet be anything in the problem Document. If // we show the warning when that's the case, the user will see a // blank document greyed out, and if they cancel the dialog // they'll see the page they're navigating away from because it // hasn't been painted over yet (b/c there's no content for the // problem page). So here we ensure that we have content for the // problem page before showing the dialog. var haveContent = false; try { // This will throw if there's no content yet var h = problem.doc_.defaultView.getComputedStyle(problem.doc_.body, "") .getPropertyValue("height"); G_Debug(this, "body height: " + h); if (Number(h.substring(0, h.length - 2))) haveContent = true; } catch (e) { G_Debug(this, "Masked in unqueuenextproblem: " + e); } if (!haveContent) { G_Debug(this, "Didn't get computed style. Re-queueing."); // One stuck problem document in a page shouldn't prevent us // warning on other problem frames that might be loading or // loaded. So stick the Document that doesn't have content // back at the end of the queue. var p = this.removeProblemFromQueue_(problem.doc_, browser); G_Assert(this, p === problem, "Unqueued wrong problem?"); this.queueProblem_(browser, problem); // Try again in a bit. This opens us up to a potential // vulnerability (put tons of hanging frames in a page // ahead of your real phishy frame), but the risk at the // moment is really low (plus it is outside our threat // model). new G_Alarm(BindToObject(this.unqueueNextProblem_, this, browser), 200 /*ms*/); return; } problem.displayer_.start(); // OK, we have content, but there there is an additional // issue. Due to a bfcache bug, if we show the warning during // paint suppression, the collapsing of the content pane affects // the doc we're naving from :( The symptom is a page with grey // screen on navigation to or from a phishing page (the // contentDocument will have width zero). // // Paint supression lasts at most 250ms from when the parser sees // the body, and the parser sees the body well before it has a // height. We err on the side of caution. // // Thanks to bryner for helping to track the bfcache bug down. // https://bugzilla.mozilla.org/show_bug.cgi?id=319646 if (this.tabBrowser_.selectedBrowser === browser) new G_Alarm(BindToObject(this.problemBrowserMaybeSelected, this, browser), 350 /*ms*/); } } /** * Helper function that adds a new problem to the queue of problems pending * on this browser. * * @param browser Browser to which we should add state * * @param problem Object (structure, really) encapsulating the problem * * @returns Number indicating the number of items in the queue (and from * which you can infer whether the recently added item was * placed at the head, and hence should be active. */ PROT_BrowserView.prototype.queueProblem_ = function(browser, problem) { G_Debug(this, "Adding problem state for " + problem.url_); if (this.hasNonemptyProblemQueue_(browser)) G_Debug(this, "Already has problem state. Queueing this problem..."); // First problem ever signaled on this browser? Make a new queue! if (browser.PROT_problemState__ == undefined) browser.PROT_problemState__ = []; browser.PROT_problemState__.push(problem); return browser.PROT_problemState__.length; } /** * Helper function that removes a problem from the queue and deactivates * it. * * @param doc Reference to the doc for which we should remove state * * @param browser Reference to the browser from which we should remove * state * * @returns Boolean indicating if the remove problem was currently active * (that is, if it was at the head of the queue) */ PROT_BrowserView.prototype.deleteProblemFromQueue_ = function(doc, browser) { G_Debug(this, "Deleting problem state for " + browser); G_Assert(this, !!this.hasNonemptyProblemQueue_(browser), "Browser has no problem state"); var problem = this.getProblem_(doc, browser); G_Assert(this, !!problem, "Couldnt find state in removeproblemstate???"); var wasHead = browser.PROT_problemState__[0] === problem; this.removeProblemFromQueue_(doc, browser); var hideHandler = problem.hideHandler_; G_Assert(this, !!hideHandler, "No hidehandler in state?"); problem.doc_.defaultView.removeEventListener("pagehide", hideHandler, true); return wasHead; } /** * Helper function that removes a problem from the queue but does * NOT deactivate it. * * @param doc Reference to the doc for which we should remove state * * @param browser Reference to the browser from which we should remove * state * * @returns Boolean indicating if the remove problem was currently active * (that is, if it was at the head of the queue) */ PROT_BrowserView.prototype.removeProblemFromQueue_ = function(doc, browser) { G_Debug(this, "Removing problem state for " + browser); G_Assert(this, !!this.hasNonemptyProblemQueue_(browser), "Browser has no problem state"); var problem = null; // TODO Blech. Let's please have an abstraction here instead. for (var i = 0; i < browser.PROT_problemState__.length; i++) if (browser.PROT_problemState__[i].doc_ === doc) { problem = browser.PROT_problemState__.splice(i, 1)[0]; break; } return problem; } /** * Retrieve (but do not remove) the problem state for a particular * problematic Document in this browser * * @param doc Reference to the problematic doc to get state for * * @param browser Reference to the browser from which to get state * * @returns Object encapsulating the state we stored, or null if none */ PROT_BrowserView.prototype.getProblem_ = function(doc, browser) { if (!this.hasNonemptyProblemQueue_(browser)) return null; // TODO Blech. Let's please have an abstraction here instead. for (var i = 0; i < browser.PROT_problemState__.length; i++) if (browser.PROT_problemState__[i].doc_ === doc) return browser.PROT_problemState__[i]; return null; } /** * Retrieve the problem state for the currently active problem Document * in this browser * * @param browser Reference to the browser from which to get state * * @returns Object encapsulating the state we stored, or null if none */ PROT_BrowserView.prototype.getCurrentProblem_ = function(browser) { return browser.PROT_problemState__[0]; } /** * Invoked by the controller when the user switches tabs away from a problem * tab. * * @param browser Reference to the tab that was switched from */ PROT_BrowserView.prototype.problemBrowserUnselected = function(browser) { var problem = this.getCurrentProblem_(browser); G_Assert(this, !!problem, "Couldn't get state from browser"); problem.displayer_.browserUnselected(); } /** * Checks to see if the problem browser is selected, and if so, * tell it it to show its warning. * * @param browser Reference to the browser we wish to check */ PROT_BrowserView.prototype.problemBrowserMaybeSelected = function(browser) { var problem = this.getCurrentProblem_(browser); if (this.tabBrowser_.selectedBrowser === browser && problem && problem.displayer_.isActive()) this.problemBrowserSelected(browser); } /** * Invoked by the controller when the user switches tabs to a problem tab * * @param browser Reference to the tab that was switched to */ PROT_BrowserView.prototype.problemBrowserSelected = function(browser) { G_Debug(this, "Problem browser selected"); var problem = this.getCurrentProblem_(browser); G_Assert(this, !!problem, "No state? But we're selected!"); problem.displayer_.browserSelected(); } /** * Invoked by the controller when the user accepts our warning. Passes * the accept through to the message displayer, which knows what to do * (it will be displayer-specific). * * @param browser Reference to the browser for which the user accepted * our warning */ PROT_BrowserView.prototype.acceptAction = function(browser) { var problem = this.getCurrentProblem_(browser); // We run the action only after we're completely through processing // this event. We do this because the action could cause state to be // cleared (e.g., by navigating the problem document) that we need // to finish processing the event. new G_Alarm(BindToObject(problem.displayer_.acceptAction, problem.displayer_), 0); } /** * Invoked by the controller when the user declines our * warning. Passes the decline through to the message displayer, which * knows what to do (it will be displayer-specific). * * @param browser Reference to the browser for which the user declined * our warning */ PROT_BrowserView.prototype.declineAction = function(browser) { var problem = this.getCurrentProblem_(browser); G_Assert(this, !!problem, "User declined but no state???"); // We run the action only after we're completely through processing // this event. We do this because the action could cause state to be // cleared (e.g., by navigating the problem document) that we need // to finish processing the event. new G_Alarm(BindToObject(problem.displayer_.declineAction, problem.displayer_), 0); } /** * The user wants to see the warning message. So let em! At some point when * we have multiple types of warnings, we'll have to mediate them here. * * @param browser Reference to the browser that has the warning the user * wants to see. */ PROT_BrowserView.prototype.explicitShow = function(browser) { var problem = this.getCurrentProblem_(browser); G_Assert(this, !!problem, "Explicit show on browser w/o problem state???"); problem.displayer_.explicitShow(); } //@line 37 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\controller.js" // This is our controller -- the thingy that listens to what the user // is doing. There is one controller per browser window, and each has // a BrowserView that manages information about problems within the // window. The controller figures out when the browser might want to // know about something, but the browser view figures out what exactly // to do (and the BrowserView's displayer figures out how to do it). // // For example, the controller might notice that the user has switched // to a tab that has something problematic in it. It would tell its // BrowserView this, and the BrowserView would figure out whether it // is appropriate to show a warning (e.g., perhaps the user previously // dismissed the warning for that problem). If so, the BrowserView tells // the displayer to show the warning. Anyhoo... // // TODO Could move all browser-related hide/show logic into the browser // view. Need to think about this more. /** * Handles user actions, translating them into messages to the view * * @constructor * @param win Reference to the Window (browser window context) we should * attach to * @param tabBrowser Reference to the window's main tabbrowser object. * @param phishingWarden Reference to the PhishingWarden we should register * our browserview with */ function PROT_Controller(win, tabBrowser, phishingWarden) { this.debugZone = "controller"; this.win_ = win; this.phishingWarden_ = phishingWarden; // Use this to query preferences this.prefs_ = new G_Preferences(); // Set us up to receive the events we want. this.tabBrowser_ = tabBrowser; this.onTabSwitchClosure_ = BindToObject(this.onTabSwitch, this); this.tabBrowser_.mTabBox.addEventListener("select", this.onTabSwitchClosure_, true); // Used to determine when the user has switched tabs this.lastTab_ = tabBrowser.selectedBrowser; // Install our command controllers. These commands are issued from // various places in our UI, including our preferences dialog, the // warning dialog, etc. var commandHandlers = { "safebrowsing-show-warning" : BindToObject(this.onUserShowWarning, this), "safebrowsing-accept-warning" : BindToObject(this.onUserAcceptWarning, this), "safebrowsing-decline-warning" : BindToObject(this.onUserDeclineWarning, this), }; this.commandController_ = new PROT_CommandController(commandHandlers); this.win_.controllers.appendController(this.commandController_); // This guy embodies the logic of when to display warnings // (displayers embody the how). this.browserView_ = new PROT_BrowserView(this.tabBrowser_); // We need to let the phishing warden know about this browser view so it // can be given the opportunity to handle problem documents. We also need // to let the warden know when this window and hence this browser view // is going away. this.phishingWarden_.addBrowserView(this.browserView_); G_Debug(this, "Controller initialized."); } /** * Invoked when the browser window is closing. Do some cleanup. */ PROT_Controller.prototype.shutdown = function(e) { G_Debug(this, "Browser window closing. Shutting controller down."); if (this.browserView_) { this.phishingWarden_.removeBrowserView(this.browserView_); } if (this.commandController_) { this.win_.controllers.removeController(this.commandController_); this.commandController_ = null; } // No need to drain the browser view's problem queue explicitly; it will // receive pagehides for all the browsers in its queues as they're torn // down, and it will remove them. this.browserView_ = null; if (this.tabBrowser_) this.tabBrowser_.mTabBox.removeEventListener("select", this.onTabSwitchClosure_, true); // Break circular refs so we can be gc'ed. this.tabBrowser_ = this.lastTab_ = null; this.win_.removeEventListener("unload", this.onShutdown_, false); this.prefs_ = null; G_Debug(this, "Controller shut down."); } /** * The user clicked the urlbar icon; they want to see the warning message * again. */ PROT_Controller.prototype.onUserShowWarning = function() { var browser = this.tabBrowser_.selectedBrowser; this.browserView_.explicitShow(browser); } /** * Deal with a user accepting our warning. * * TODO the warning hide/display instructions here can probably be moved * into the browserview in the future, given its knowledge of when the * problem doc hides/shows. */ PROT_Controller.prototype.onUserAcceptWarning = function() { G_Debug(this, "User accepted warning."); var browser = this.tabBrowser_.selectedBrowser; G_Assert(this, !!browser, "Couldn't get current browser?!?"); G_Assert(this, this.browserView_.hasProblem(browser), "User accept fired, but browser doesn't have warning showing?!?"); this.browserView_.acceptAction(browser); this.browserView_.problemResolved(browser); } /** * Deal with a user declining our warning. * * TODO the warning hide/display instructions here can probably be moved * into the browserview in the future, given its knowledge of when the * problem doc hides/shows. */ PROT_Controller.prototype.onUserDeclineWarning = function() { G_Debug(this, "User declined warning."); var browser = this.tabBrowser_.selectedBrowser; G_Assert(this, this.browserView_.hasProblem(browser), "User decline fired, but browser doesn't have warning showing?!?"); this.browserView_.declineAction(browser); // We don't call problemResolved() here because all declining does it // hide the message; we still have the urlbar icon showing, giving // the user the ability to bring the warning message back up if they // so desire. } /** * Notice tab switches, and display or hide warnings as appropriate. * * TODO this logic can probably move into the browser view at some * point. But one thing at a time. */ PROT_Controller.prototype.onTabSwitch = function(e) { // Filter spurious events // The event target is usually tabs but can be tabpanels when tabs were opened // programatically via tabbrowser.addTab(). if (!e.target || (e.target.localName != "tabs" && e.target.localName != "tabpanels")) return; var fromBrowser = this.lastTab_; var toBrowser = this.tabBrowser_.selectedBrowser; if (fromBrowser != toBrowser) { this.lastTab_ = toBrowser; if (this.browserView_.hasProblem(fromBrowser)) this.browserView_.problemBrowserUnselected(fromBrowser); if (this.browserView_.hasProblem(toBrowser)) this.browserView_.problemBrowserSelected(toBrowser); } } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\firefox-commands.js" // Some misc command-related plumbing used by the controller. /** * A tiny wrapper class for super-simple command handlers. * * @param commandHandlerMap An object containing name/value pairs where * the name is command name (string) and value * is the function to execute for that command */ function PROT_CommandController(commandHandlerMap) { this.debugZone = "commandhandler"; this.cmds_ = commandHandlerMap; } /** * @param cmd Command to query support for * @returns Boolean indicating if this controller supports cmd */ PROT_CommandController.prototype.supportsCommand = function(cmd) { return (cmd in this.cmds_); } /** * Trivial implementation * * @param cmd Command to query status of */ PROT_CommandController.prototype.isCommandEnabled = function(cmd) { return true; } /** * Execute a command * * @param cmd Command to execute */ PROT_CommandController.prototype.doCommand = function(cmd) { return this.cmds_[cmd](); } /** * Trivial implementation */ PROT_CommandController.prototype.onEvent = function(cmd) { } //@line 37 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\globalstore.js" // A class that encapsulates data provider specific values. The // root of the provider pref tree is browser.safebrowsing.provider. // followed by a number, followed by specific properties. The properties // that a data provider can supply are: // // name: The name of the provider // lookupURL: The URL to send requests to in enhanced mode // keyURL: Before we send URLs in enhanced mode, we need to encrypt them // reportURL: When shown a warning bubble, we send back the user decision // (get me out of here/ignore warning) to this URL (strip cookies // first). This is optional. // reportGenericURL: HTML page for general user feedback // reportPhishURL: HTML page for notifying the provider of a new phishing page // reportErrorURL: HTML page for notifying the provider of a false positive const kDataProviderIdPref = 'browser.safebrowsing.dataProvider'; const kProviderBasePref = 'browser.safebrowsing.provider.'; //@line 58 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\globalstore.js" const MOZ_OFFICIAL_BUILD = true; //@line 62 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\globalstore.js" const MOZ_PARAM_LOCALE = /\{moz:locale\}/g; const MOZ_PARAM_CLIENT = /\{moz:client\}/g; const MOZ_PARAM_BUILDID = /\{moz:buildid\}/g; const MOZ_PARAM_VERSION = /\{moz:version\}/g; /** * Information regarding the data provider. */ function PROT_DataProvider() { this.prefs_ = new G_Preferences(); this.loadDataProviderPrefs_(); // Watch for changes in the data provider and update accordingly. this.prefs_.addObserver(kDataProviderIdPref, BindToObject(this.loadDataProviderPrefs_, this)); // Watch for when anti-phishing is toggled on or off. this.prefs_.addObserver(kPhishWardenEnabledPref, BindToObject(this.loadDataProviderPrefs_, this)); // Watch for when remote lookups are toggled on or off. this.prefs_.addObserver(kPhishWardenRemoteLookups, BindToObject(this.loadDataProviderPrefs_, this)); } /** * Populate all the provider variables. We also call this when whenever * the provider id changes. */ PROT_DataProvider.prototype.loadDataProviderPrefs_ = function() { // Currently, there's no UI for changing local list provider so we // hard code the value for provider 0. this.updateURL_ = this.getUrlPref_( 'browser.safebrowsing.provider.0.updateURL'); var id = this.prefs_.getPref(kDataProviderIdPref, null); // default to 0 if (null == id) id = 0; var basePref = kProviderBasePref + id + '.'; this.name_ = this.prefs_.getPref(basePref + "name", ""); // Urls used to get data from a provider this.lookupURL_ = this.getUrlPref_(basePref + "lookupURL"); this.keyURL_ = this.getUrlPref_(basePref + "keyURL"); this.reportURL_ = this.getUrlPref_(basePref + "reportURL"); // Urls to HTML report pages this.reportGenericURL_ = this.getUrlPref_(basePref + "reportGenericURL"); this.reportErrorURL_ = this.getUrlPref_(basePref + "reportErrorURL"); this.reportPhishURL_ = this.getUrlPref_(basePref + "reportPhishURL"); // Propagate the changes to the list-manager. this.updateListManager_(); } /** * The list manager needs urls to operate. It needs a url to know where the * table updates are, and it needs a url for decrypting enchash style tables. */ PROT_DataProvider.prototype.updateListManager_ = function() { var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"] .getService(Ci.nsIUrlListManager); // If we add support for changing local data providers, we need to add a // pref observer that sets the update url accordingly. listManager.setUpdateUrl(this.getUpdateURL()); // setKeyUrl has the side effect of fetching a key from the server. // This shouldn't happen if anti-phishing is disabled or we're in local // list mode, so we need to check for that. var isEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, false); var remoteLookups = this.prefs_.getPref(kPhishWardenRemoteLookups, false); if (isEnabled && remoteLookups) { listManager.setKeyUrl(this.getKeyURL()); } else { // Clear the key to stop updates. listManager.setKeyUrl(""); } } /** * Lookup the value of a URL from prefs file and do parameter substitution. */ PROT_DataProvider.prototype.getUrlPref_ = function(prefName) { var url = this.prefs_.getPref(prefName); var appInfo = Components.classes["@mozilla.org/xre/app-info;1"] .getService(Components.interfaces.nsIXULAppInfo); var mozClientStr = MOZ_OFFICIAL_BUILD ? 'navclient-auto-ffox' : appInfo.name; // Parameter substitution url = url.replace(MOZ_PARAM_LOCALE, this.getLocale_()); url = url.replace(MOZ_PARAM_CLIENT, mozClientStr); url = url.replace(MOZ_PARAM_BUILDID, appInfo.appBuildID); url = url.replace(MOZ_PARAM_VERSION, appInfo.version); return url; } /** * @return String the browser locale (similar code is in nsSearchService.js) */ PROT_DataProvider.prototype.getLocale_ = function() { const localePref = "general.useragent.locale"; var locale = this.getLocalizedPref_(localePref); if (locale) return locale; // Not localized var prefs = new G_Preferences(); return prefs.getPref(localePref, ""); } /** * @return String name of the localized pref, null if none exists. */ PROT_DataProvider.prototype.getLocalizedPref_ = function(aPrefName) { // G_Preferences doesn't know about complex values, so we use the // xpcom object directly. var prefs = Cc["@mozilla.org/preferences-service;1"] .getService(Ci.nsIPrefBranch); try { return prefs.getComplexValue(aPrefName, Ci.nsIPrefLocalizedString).data; } catch (ex) { } return ""; } ////////////////////////////////////////////////////////////////////////////// // Getters for the remote provider pref values mentioned above. PROT_DataProvider.prototype.getName = function() { return this.name_; } PROT_DataProvider.prototype.getUpdateURL = function() { return this.updateURL_; } PROT_DataProvider.prototype.getLookupURL = function() { return this.lookupURL_; } PROT_DataProvider.prototype.getKeyURL = function() { return this.keyURL_; } PROT_DataProvider.prototype.getReportURL = function() { return this.reportURL_; } PROT_DataProvider.prototype.getReportGenericURL = function() { return this.reportGenericURL_; } PROT_DataProvider.prototype.getReportErrorURL = function() { return this.reportErrorURL_; } PROT_DataProvider.prototype.getReportPhishURL = function() { return this.reportPhishURL_; } //@line 22 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\list-warden.js" //@line 38 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\list-warden.js" // A warden that knows how to register lists with a listmanager and keep them // updated if necessary. The ListWarden also provides a simple interface to // check if a URL is evil or not. Specialized wardens like the PhishingWarden // inherit from it. // // Classes that inherit from ListWarden are responsible for calling // enableTableUpdates or disableTableUpdates. This usually entails // registering prefObservers and calling enable or disable in the base // class as appropriate. // /** * Abtracts the checking of user/browser actions for signs of * phishing. * * @constructor */ function PROT_ListWarden() { this.debugZone = "listwarden"; var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"] .getService(Ci.nsIUrlListManager); this.listManager_ = listManager; // Once we register tables, their respective names will be listed here. this.blackTables_ = []; this.whiteTables_ = []; } PROT_ListWarden.IN_BLACKLIST = 0 PROT_ListWarden.IN_WHITELIST = 1 PROT_ListWarden.NOT_FOUND = 2 /** * Tell the ListManger to keep all of our tables updated */ PROT_ListWarden.prototype.enableBlacklistTableUpdates = function() { for (var i = 0; i < this.blackTables_.length; ++i) { this.listManager_.enableUpdate(this.blackTables_[i]); } } /** * Tell the ListManager to stop updating our tables */ PROT_ListWarden.prototype.disableBlacklistTableUpdates = function() { for (var i = 0; i < this.blackTables_.length; ++i) { this.listManager_.disableUpdate(this.blackTables_[i]); } } /** * Tell the ListManager to update whitelist tables. They may be enabled even * when other updates aren't, for performance reasons. */ PROT_ListWarden.prototype.enableWhitelistTableUpdates = function() { for (var i = 0; i < this.whiteTables_.length; ++i) { this.listManager_.enableUpdate(this.whiteTables_[i]); } } /** * Tell the ListManager to stop updating whitelist tables. */ PROT_ListWarden.prototype.disableWhitelistTableUpdates = function() { for (var i = 0; i < this.whiteTables_.length; ++i) { this.listManager_.disableUpdate(this.whiteTables_[i]); } } /** * Register a new black list table with the list manager * @param tableName - name of the table to register * @returns true if the table could be registered, false otherwise */ PROT_ListWarden.prototype.registerBlackTable = function(tableName) { var result = this.listManager_.registerTable(tableName, false); if (result) { this.blackTables_.push(tableName); } return result; } /** * Register a new white list table with the list manager * @param tableName - name of the table to register * @returns true if the table could be registered, false otherwise */ PROT_ListWarden.prototype.registerWhiteTable = function(tableName) { var result = this.listManager_.registerTable(tableName, false); if (result) { this.whiteTables_.push(tableName); } return result; } /** * Method that looks up a url on the whitelist. * * @param url The URL to check * @param callback Function with a single param: * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST, * or PROT_ListWarden.NOT_FOUND */ PROT_ListWarden.prototype.isWhiteURL = function(url, callback) { (new MultiTableQuerier(url, this.whiteTables_, [] /* no blacklists */, callback)).run(); } /** * Method that looks up a url in both the white and black lists. * * If there is conflict, the white list has precedence over the black list. * * This is tricky because all database queries are asynchronous. So we need * to chain together our checks against white and black tables. We use * MultiTableQuerier (see below) to manage this. * * @param url URL to look up * @param callback Function with a single param: * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST, * or PROT_ListWarden.NOT_FOUND */ PROT_ListWarden.prototype.isEvilURL = function(url, callback) { (new MultiTableQuerier(url, this.whiteTables_, this.blackTables_, callback)).run(); } /** * This class helps us query multiple tables even though each table check * is asynchronous. It provides callbacks for each listManager lookup * and decides whether we need to continue querying or not. After * instantiating the method, use run() to invoke. * * @param url String The url to check * @param whiteTables Array of strings with each white table name * @param blackTables Array of strings with each black table name * @param callback Function to call with result * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST, * or PROT_ListWarden.NOT_FOUND */ function MultiTableQuerier(url, whiteTables, blackTables, callback) { this.debugZone = "multitablequerier"; this.url_ = url; this.whiteTables_ = {}; for (var i = 0; i < whiteTables.length; i++) { this.whiteTables_[whiteTables[i]] = true; } this.blackTables_ = {}; for (var i = 0; i < blackTables.length; i++) { this.blackTables_[blackTables[i]] = true; } this.callback_ = callback; this.listManager_ = Cc["@mozilla.org/url-classifier/listmanager;1"] .getService(Ci.nsIUrlListManager); } MultiTableQuerier.prototype.run = function() { /* ask the dbservice for all the tables to which this URL belongs */ this.listManager_.safeLookup(this.url_, BindToObject(this.lookupCallback_, this)); } MultiTableQuerier.prototype.lookupCallback_ = function(result) { if (result == "") { this.callback_(PROT_ListWarden.NOT_FOUND); return; } var tableNames = result.split(","); /* Check the whitelists */ for (var i = 0; i < tableNames.length; i++) { if (tableNames[i] && this.whiteTables_[tableNames[i]]) { this.callback_(PROT_ListWarden.IN_WHITELIST); return; } } /* Check the blacklists */ for (var i = 0; i < tableNames.length; i++) { if (tableNames[i] && this.blackTables_[tableNames[i]]) { this.callback_(PROT_ListWarden.IN_BLACKLIST); return; } } /* Not in any lists we know about */ this.callback_(PROT_ListWarden.NOT_FOUND); } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\phishing-afterload-displayer.js" // Implementation of the warning message we show users when we // notice navigation to a phishing page after it has loaded. The // browser view encapsulates all the hide/show logic, so the displayer // doesn't need to know when to display itself, only how. // // Displayers implement the following interface: // // start() -- fired to initialize the displayer (to make it active). When // called, this displayer starts listening for and responding to // events. At most one displayer per tab should be active at a // time, and start() should be called at most once. // declineAction() -- fired when the user declines the warning. // acceptAction() -- fired when the user declines the warning // explicitShow() -- fired when the user wants to see the warning again // browserSelected() -- the browser is the top tab // browserUnselected() -- the browser is no long the top tab // done() -- clean up. May be called once (even if the displayer wasn't // activated). // // At the moment, all displayers share access to the same xul in // safebrowsing-overlay.xul. Hence the need for at most one displayer // to be active per tab at a time. /** * Factory that knows how to create a displayer appropriate to the * user's platform. We use a clunky canvas-based displayer for all * platforms until such time as we can overlay semi-transparent * areas over browser content. * * See the base object for a description of the constructor args * * @constructor */ function PROT_PhishMsgDisplayer(msgDesc, browser, doc, url) { // TODO: Change this to return a PhishMsgDisplayerTransp on windows // (and maybe other platforms) when Firefox 2.0 hits. return new PROT_PhishMsgDisplayerCanvas(msgDesc, browser, doc, url); } /** * Base class that implements most of the plumbing required to hide * and show a phishing warning. Subclasses implement the actual * showMessage and hideMessage methods. * * This class is not meant to be instantiated directly. * * @param msgDesc String describing the kind of warning this is * @param browser Reference to the browser over which we display the msg * @param doc Reference to the document in which browser is found * @param url String containing url of the problem document * @constructor */ function PROT_PhishMsgDisplayerBase(msgDesc, browser, doc, url) { this.debugZone = "phishdisplayer"; this.msgDesc_ = msgDesc; // currently unused this.browser_ = browser; this.doc_ = doc; this.url_ = url; // We'll need to manipulate the XUL in safebrowsing-overlay.xul this.messageId_ = "safebrowsing-palm-message"; this.messageTailId_ = "safebrowsing-palm-message-tail-container"; this.messageContentId_ = "safebrowsing-palm-message-content"; this.extendedMessageId_ = "safebrowsing-palm-extended-message"; this.showmoreLinkId_ = "safebrowsing-palm-showmore-link"; this.faqLinkId_ = "safebrowsing-palm-faq-link"; this.urlbarIconId_ = "safebrowsing-urlbar-icon"; this.refElementId_ = this.urlbarIconId_; // We use this to report user actions to the server this.reporter_ = new PROT_Reporter(); // The active UI elements in our warning send these commands; bind them // to their handlers but don't register the commands until we start // (because another displayer might be active) this.commandHandlers_ = { "safebrowsing-palm-showmore": BindToObject(this.showMore_, this), }; this.windowWatcher_ = Components.classes["@mozilla.org/embedcomp/window-watcher;1"] .getService(Components.interfaces.nsIWindowWatcher); } /** * @returns The default background color of the browser */ PROT_PhishMsgDisplayerBase.prototype.getBackgroundColor_ = function() { var pref = Components.classes["@mozilla.org/preferences-service;1"]. getService(Components.interfaces.nsIPrefBranch); return pref.getCharPref("browser.display.background_color"); } /** * Fired when the user declines our warning. Report it! */ PROT_PhishMsgDisplayerBase.prototype.declineAction = function() { G_Debug(this, "User declined warning."); G_Assert(this, this.started_, "Decline on a non-active displayer?"); this.reporter_.report("phishdecline", this.url_); this.messageShouldShow_ = false; if (this.messageShowing_) this.hideMessage_(); } /** * Fired when the user accepts our warning */ PROT_PhishMsgDisplayerBase.prototype.acceptAction = function() { G_Assert(this, this.started_, "Accept on an unstarted displayer?"); G_Assert(this, this.done_, "Accept on a finished displayer?"); G_Debug(this, "User accepted warning."); this.reporter_.report("phishaccept", this.url_); var url = this.getMeOutOfHereUrl_(); this.browser_.loadURI(url); } /** * Get the url for "Get me out of here." This is the browser's default home * page, or, about:blank. * @return String url */ PROT_PhishMsgDisplayerBase.prototype.getMeOutOfHereUrl_ = function() { // Try to get their homepage from prefs. var prefs = Cc["@mozilla.org/preferences-service;1"] .getService(Ci.nsIPrefService).getDefaultBranch(null); var url = "about:blank"; try { url = prefs.getComplexValue("browser.startup.homepage", Ci.nsIPrefLocalizedString).data; // If url is a pipe-delimited set of pages, just take the first one. // This will need to change once bug 221445 is fixed. if (url.indexOf("|") != -1) url = url.split("|")[0]; } catch(e) { G_Debug(this, "Couldn't get homepage pref: " + e); } return url; } /** * Invoked when the browser is resized */ PROT_PhishMsgDisplayerBase.prototype.onBrowserResized_ = function(event) { G_Debug(this, "Got resize for " + event.target); if (this.messageShowing_) { this.hideMessage_(); this.showMessage_(); } } /** * Invoked by the browser view when our browser is switched to */ PROT_PhishMsgDisplayerBase.prototype.browserSelected = function() { G_Assert(this, this.started_, "Displayer selected before being started???"); // If messageshowing hasn't been set, then this is the first time this // problematic browser tab has been on top, so do our setup and show // the warning. if (this.messageShowing_ === undefined) { this.messageShouldShow_ = true; } this.addWarningInUrlbar_(); // Goes away when we are unselected or unloaded // messageShouldShow might be false if the user dismissed the warning, // switched tabs, and then switched back. We're still active, but don't // want to show the warning again. The user can cause it to show by // clicking our icon in the urlbar. if (this.messageShouldShow_) this.showMessage_(); } /** * Invoked to display the warning message explicitly, for example if the user * clicked the url warning icon. */ PROT_PhishMsgDisplayerBase.prototype.explicitShow = function() { this.messageShouldShow_ = true; if (!this.messageShowing_) this.showMessage_(); } /** * Invoked by the browser view when our browser is switched away from */ PROT_PhishMsgDisplayerBase.prototype.browserUnselected = function() { this.removeWarningInUrlbar_(); if (this.messageShowing_) this.hideMessage_(); } /** * Invoked to make this displayer active. The displayer will now start * responding to notifications such as commands and resize events. We * can't do this in the constructor because there might be many * displayers instantiated waiting in the problem queue for a particular * browser (e.g., a page has multiple framed problem pages), and we * don't want them all responding to commands! * * Invoked zero (the page we're a warning for was nav'd away from * before it reaches the head of the problem queue) or one (we're * displaying this warning) times by the browser view. */ PROT_PhishMsgDisplayerBase.prototype.start = function() { G_Assert(this, this.started_ == undefined, "Displayer started twice?"); this.started_ = true; this.commandController_ = new PROT_CommandController(this.commandHandlers_); this.doc_.defaultView.controllers.appendController(this.commandController_); // Add an event listener for when the browser resizes (e.g., user // shows/hides the sidebar). this.resizeHandler_ = BindToObject(this.onBrowserResized_, this); this.browser_.addEventListener("resize", this.resizeHandler_, false); } /** * @returns Boolean indicating whether this displayer is currently * active */ PROT_PhishMsgDisplayerBase.prototype.isActive = function() { return !!this.started_; } /** * Invoked by the browser view to clean up after the user is done * interacting with the message. Should be called once by the browser * view. */ PROT_PhishMsgDisplayerBase.prototype.done = function() { G_Assert(this, !this.done_, "Called done more than once?"); this.done_ = true; // If the Document we're showing the warning for was nav'd away from // before we had a chance to get started, we have nothing to do. if (this.started_) { // If we were started, we must be the current problem, so these things // must be showing this.removeWarningInUrlbar_(); // Could be though that they've closed the warning dialog if (this.messageShowing_) this.hideMessage_(); if (this.resizeHandler_) { this.browser_.removeEventListener("resize", this.resizeHandler_, false); this.resizeHandler_ = null; } var win = this.doc_.defaultView; win.controllers.removeController(this.commandController_); this.commandController_ = null; } } /** * Helper function to remove a substring from inside a string. * * @param orig String to remove substring from * * @param toRemove String to remove (if it is present) * * @returns String with the substring removed */ PROT_PhishMsgDisplayerBase.prototype.removeIfExists_ = function(orig, toRemove) { var pos = orig.indexOf(toRemove); if (pos != -1) orig = orig.substring(0, pos) + orig.substring(pos + toRemove.length); return orig; } /** * This method makes our warning icon visible in the location bar. It will * be removed only when the problematic document is navigated awy from * (i.e., when done() is called), and not when the warning is dismissed. */ PROT_PhishMsgDisplayerBase.prototype.addWarningInUrlbar_ = function() { var urlbarIcon = this.doc_.getElementById(this.urlbarIconId_); if (!urlbarIcon) return; urlbarIcon.setAttribute('level', 'warn'); } /** * Hides our urlbar icon */ PROT_PhishMsgDisplayerBase.prototype.removeWarningInUrlbar_ = function() { var urlbarIcon = this.doc_.getElementById(this.urlbarIconId_); if (!urlbarIcon) return; urlbarIcon.setAttribute('level', 'safe'); } /** * VIRTUAL -- Displays the warning message */ PROT_PhishMsgDisplayerBase.prototype.showMessage_ = function() { }; /** * VIRTUAL -- Hide the warning message from the user. */ PROT_PhishMsgDisplayerBase.prototype.hideMessage_ = function() { }; /** * Reposition the message relative to refElement in the parent window * * @param message Reference to the element to position * @param tail Reference to the message tail * @param refElement Reference to element relative to which we position * ourselves */ PROT_PhishMsgDisplayerBase.prototype.adjustLocation_ = function(message, tail, refElement) { var refX = refElement.boxObject.x; var refY = refElement.boxObject.y; var refHeight = refElement.boxObject.height; var refWidth = refElement.boxObject.width; G_Debug(this, "Ref element is at [window-relative] (" + refX + ", " + refY + ")"); var pixelsIntoRefY = -2; var tailY = refY + refHeight - pixelsIntoRefY; var tailPixelsLeftOfRefX = tail.boxObject.width; var tailPixelsIntoRefX = Math.round(refWidth / 2); var tailX = refX - tailPixelsLeftOfRefX + tailPixelsIntoRefX; // Move message up a couple pixels so the tail overlaps it. var messageY = tailY + tail.boxObject.height - 2; var messagePixelsLeftOfRefX = 375; var messageX = refX - messagePixelsLeftOfRefX; G_Debug(this, "Message is at [window-relative] (" + messageX + ", " + messageY + ")"); G_Debug(this, "Tail is at [window-relative] (" + tailX + ", " + tailY + ")"); if (messageX < 0) { // We're hanging off the left edge, switch to floating mode tail.style.display = "none"; this.adjustLocationFloating_(message); return; } tail.style.top = tailY + "px"; tail.style.left = tailX + "px"; message.style.top = messageY + "px"; message.style.left = messageX + "px"; this.maybeAddScrollbars_(); } /** * Position the warning bubble with no reference element. In this case we * just center the warning bubble at the top of the users window. * @param message XULElement message bubble XUL container. */ PROT_PhishMsgDisplayerBase.prototype.adjustLocationFloating_ = function(message) { // Compute X offset var browserX = this.browser_.boxObject.x; var browserXCenter = browserX + this.browser_.boxObject.width / 2; var messageX = browserXCenter - (message.boxObject.width / 2); // Compute Y offset (top of the browser window) var messageY = this.browser_.boxObject.y; // Position message message.style.top = messageY + "px"; message.style.left = messageX + "px"; this.maybeAddScrollbars_(); } /** * Add a vertical scrollbar if we're falling out of the browser window. */ PROT_PhishMsgDisplayerBase.prototype.maybeAddScrollbars_ = function() { var message = this.doc_.getElementById(this.messageId_); var content = this.doc_.getElementById(this.messageContentId_); var bottom = content.boxObject.y + content.boxObject.height; var maxY = this.doc_.defaultView.innerHeight; G_Debug(this, "bottom: " + bottom + ", maxY: " + maxY + ", new height: " + (maxY - content.boxObject.y)); if (bottom > maxY) { var newHeight = maxY - content.boxObject.y; if (newHeight < 1) newHeight = 1; content.style.height = newHeight + "px"; content.style.overflow = "auto"; } } /** * Show the extended warning message */ PROT_PhishMsgDisplayerBase.prototype.showMore_ = function() { this.doc_.getElementById(this.extendedMessageId_).hidden = false; this.doc_.getElementById(this.showmoreLinkId_).style.display = "none"; // set FAQ URL var formatter = Components.classes["@mozilla.org/toolkit/URLFormatterService;1"] .getService(Components.interfaces.nsIURLFormatter); var faqURL = formatter.formatURLPref("browser.safebrowsing.warning.infoURL"); var labelEl = this.doc_.getElementById(this.faqLinkId_); labelEl.setAttribute("href", faqURL); this.maybeAddScrollbars_(); } /** * The user clicked on one of the links in the buble. Display the * corresponding page in a new window with all the chrome enabled. * * @param url The URL to display in a new window */ PROT_PhishMsgDisplayerBase.prototype.showURL_ = function(url) { this.windowWatcher_.openWindow(this.windowWatcher_.activeWindow, url, "_blank", null, null); } /** * If the warning bubble came up in error, this url goes to a form * to notify the data provider. * @return url String */ PROT_PhishMsgDisplayerBase.prototype.getReportErrorURL_ = function() { var badUrl = this.url_; var url = gDataProvider.getReportErrorURL(); url += "&url=" + encodeURIComponent(badUrl); return url; } /** * URL for the user to report back to us. This is to provide the user * with an action after being warned. */ PROT_PhishMsgDisplayerBase.prototype.getReportGenericURL_ = function() { var badUrl = this.url_; var url = gDataProvider.getReportGenericURL(); url += "&url=" + encodeURIComponent(badUrl); return url; } /** * A specific implementation of the dislpayer using a canvas. This * class is meant for use on platforms that don't support transparent * elements over browser content (currently: all platforms). * * The main ugliness is the fact that we're hiding the content area and * painting the page to canvas. As a result, we must periodically * re-paint the canvas to reflect updates to the page. Otherwise if * the page was half-loaded when we showed our warning, it would * stay that way even though the page actually finished loading. * * See base constructor for full details of constructor args. * * @constructor */ function PROT_PhishMsgDisplayerCanvas(msgDesc, browser, doc, url) { PROT_PhishMsgDisplayerBase.call(this, msgDesc, browser, doc, url); this.dimAreaId_ = "safebrowsing-dim-area-canvas"; this.pageCanvasId_ = "safebrowsing-page-canvas"; this.xhtmlNS_ = "http://www.w3.org/1999/xhtml"; // we create html:canvas } PROT_PhishMsgDisplayerCanvas.inherits(PROT_PhishMsgDisplayerBase); /** * Displays the warning message. First we make sure the overlay is loaded * then call showMessageAfterOverlay_. */ PROT_PhishMsgDisplayerCanvas.prototype.showMessage_ = function() { } /** * This does the actual work of showing the warning message. */ PROT_PhishMsgDisplayerCanvas.prototype.showMessageAfterOverlay_ = function() { this.messageShowing_ = true; // Position the canvas overlay. Order here is significant, but don't ask me // why for some of these. You need to: // 1. get browser dimensions // 2. add canvas to the document // 3. unhide the dimmer (gray out overlay) // 4. display to the canvas // 5. unhide the warning message // 6. update link targets in warning message // 7. focus the warning message // (1) var w = this.browser_.boxObject.width; G_Debug(this, "browser w=" + w); var h = this.browser_.boxObject.height; G_Debug(this, "browser h=" + h); var x = this.browser_.boxObject.x; G_Debug(this, "browser x=" + w); var y = this.browser_.boxObject.y; G_Debug(this, "browser y=" + h); var win = this.browser_.contentWindow; var scrollX = win.scrollX; G_Debug(this, "win scrollx=" + scrollX); var scrollY = win.scrollY; G_Debug(this, "win scrolly=" + scrollY); // (2) // We add the canvas dynamically and remove it when we're done because // leaving it hanging around consumes a lot of memory. var pageCanvas = this.doc_.createElementNS(this.xhtmlNS_, "html:canvas"); pageCanvas.id = this.pageCanvasId_; pageCanvas.style.left = x + 'px'; pageCanvas.style.top = y + 'px'; var dimarea = this.doc_.getElementById(this.dimAreaId_); this.doc_.getElementById('main-window').insertBefore(pageCanvas, dimarea); // (3) dimarea.style.left = x + 'px'; dimarea.style.top = y + 'px'; dimarea.style.width = w + 'px'; dimarea.style.height = h + 'px'; dimarea.hidden = false; // (4) pageCanvas.setAttribute("width", w); pageCanvas.setAttribute("height", h); var bgcolor = this.getBackgroundColor_(); var cx = pageCanvas.getContext("2d"); cx.drawWindow(win, scrollX, scrollY, w, h, bgcolor); // Now repaint the window every so often in case the content hasn't fully // loaded at this point. var debZone = this.debugZone; function repaint() { G_Debug(debZone, "Repainting canvas..."); cx.drawWindow(win, scrollX, scrollY, w, h, bgcolor); }; this.repainter_ = new PROT_PhishMsgCanvasRepainter(repaint); // (5) this.showAndPositionWarning_(); // (6) var link = this.doc_.getElementById('safebrowsing-palm-falsepositive-link'); link.href = this.getReportErrorURL_(); // (7) this.doc_.getElementById(this.messageContentId_).focus(); } /** * Show and position the warning message. We position the waring message * relative to the icon in the url bar, but if the element doesn't exist, * (e.g., the user remove the url bar from her/his chrome), we anchor at the * top of the window. */ PROT_PhishMsgDisplayerCanvas.prototype.showAndPositionWarning_ = function() { var refElement = this.doc_.getElementById(this.refElementId_); var message = this.doc_.getElementById(this.messageId_); var tail = this.doc_.getElementById(this.messageTailId_); message.hidden = false; message.style.display = "block"; // Determine if the refElement is visible. if (this.isVisibleElement_(refElement)) { // Show tail and position warning relative to refElement. tail.hidden = false; tail.style.display = "block"; this.adjustLocation_(message, tail, refElement); } else { // No ref element, position in the top center of window. tail.hidden = true; tail.style.display = "none"; this.adjustLocationFloating_(message); } } /** * @return Boolean true if elt is a visible XUL element. */ PROT_PhishMsgDisplayerCanvas.prototype.isVisibleElement_ = function(elt) { if (!elt) return false; // If it's on a collapsed/hidden toolbar, the x position is set to 0. if (elt.boxObject.x == 0) return false; return true; } /** * Hide the warning message from the user. */ PROT_PhishMsgDisplayerCanvas.prototype.hideMessage_ = function() { } /** * Helper class that periodically repaints the canvas. We repaint * frequently at first, and then back off to a less frequent schedule * at "steady state," and finally just stop altogether. We have to do * this because we're not sure if the page has finished loading when * we first paint the canvas, and because we want to reflect any * dynamically written content into the canvas as it appears in the * page after load. * * @param repaintFunc Function to call to repaint browser. * * @constructor */ function PROT_PhishMsgCanvasRepainter(repaintFunc) { this.count_ = 0; this.repaintFunc_ = repaintFunc; this.initPeriodMS_ = 500; // Initially repaint every 500ms this.steadyStateAtMS_ = 10 * 1000; // Go slowly after 10 seconds, this.steadyStatePeriodMS_ = 3 * 1000; // repainting every 3 seconds, and this.quitAtMS_ = 20 * 1000; // stop after 20 seconds this.startMS_ = (new Date).getTime(); this.alarm_ = new G_Alarm(BindToObject(this.repaint, this), this.initPeriodMS_); } /** * Called periodically to repaint the canvas */ PROT_PhishMsgCanvasRepainter.prototype.repaint = function() { this.repaintFunc_(); var nextRepaint; // If we're in "steady state", use the slow repaint rate, else fast if ((new Date).getTime() - this.startMS_ > this.steadyStateAtMS_) nextRepaint = this.steadyStatePeriodMS_; else nextRepaint = this.initPeriodMS_; if (!((new Date).getTime() - this.startMS_ > this.quitAtMS_)) this.alarm_ = new G_Alarm(BindToObject(this.repaint, this), nextRepaint); } /** * Called to stop repainting the canvas */ PROT_PhishMsgCanvasRepainter.prototype.cancel = function() { if (this.alarm_) { this.alarm_.cancel(); this.alarm_ = null; } this.repaintFunc_ = null; } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\phishing-warden.js" // The warden checks request to see if they are for phishy pages. It // does so by either querying a remote server with the URL (advanced // protectoin mode) or querying our locally stored blacklists (privacy // mode). // // When the warden notices a problem, it queries all browser views // (each of which corresopnds to an open browser window) to see // whether one of them can handle it. A browser view can handle a // problem if its browser window has an HTMLDocument loaded with the // given URL and that Document hasn't already been flagged as a // problem. For every problematic URL we notice loading, at most one // Document is flagged as problematic. Otherwise you can get into // trouble if multiple concurrent phishy pages load with the same URL. // // Since we check URLs very early in the request cycle (in a progress // listener), the URL might not yet be associated with a Document when // we determine that it is phishy. So the the warden retries finding // a browser view to handle the problem until one can, or until it // determines it should give up (see complicated logic below). // // The warden has displayers that the browser view uses to render // different kinds of warnings (e.g., one that's shown before a page // loads as opposed to one that's shown after the page has already // loaded). // // Note: There is a single warden for the whole application. // // TODO better way to expose displayers/views to browser view const kPhishWardenEnabledPref = "browser.safebrowsing.enabled"; const kPhishWardenRemoteLookups = "browser.safebrowsing.remoteLookups"; // We have hardcoded URLs that we let people navigate to in order to // check out the warning. const kTestUrls = { "http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html": true, "http://www.mozilla.org/projects/bonecho/anti-phishing/its-a-trap.html": true, "http://www.mozilla.com/firefox/its-a-trap.html": true, } /** * Abtracts the checking of user/browser actions for signs of * phishing. * * @param progressListener nsIDocNavStartProgressListener * @param tabbrowser XUL tabbrowser element * @constructor */ function PROT_PhishingWarden(progressListener, tabbrowser) { PROT_ListWarden.call(this); this.debugZone = "phishwarden"; this.testing_ = false; this.browserViews_ = []; // Use this to query preferences this.prefs_ = new G_Preferences(); // Only one displayer so far; perhaps we'll have others in the future this.displayers_ = { "afterload": PROT_PhishMsgDisplayer, }; // We use this dude to do lookups on our remote server this.fetcher_ = new PROT_TRFetcher(); // We need to know whether we're enabled and whether we're in advanced // mode, so reflect the appropriate preferences into our state. // Read state: should we be checking remote preferences? this.checkRemote_ = this.prefs_.getPref(kPhishWardenRemoteLookups, null); // true if we should use whitelists to suppress remote lookups this.checkWhitelists_ = false; // Get notifications when the remote check preference changes var checkRemotePrefObserver = BindToObject(this.onCheckRemotePrefChanged, this); this.prefs_.addObserver(kPhishWardenRemoteLookups, checkRemotePrefObserver); // Global preference to enable the phishing warden this.phishWardenEnabled_ = this.prefs_.getPref(kPhishWardenEnabledPref, null); // Get notifications when the phishing warden enabled pref changes var phishWardenPrefObserver = BindToObject(this.onPhishWardenEnabledPrefChanged, this); this.prefs_.addObserver(kPhishWardenEnabledPref, phishWardenPrefObserver); // Get notifications when the data provider pref changes var dataProviderPrefObserver = BindToObject(this.onDataProviderPrefChanged, this); this.prefs_.addObserver(kDataProviderIdPref, dataProviderPrefObserver); // Hook up our tab open/close events which in turn add our web progress // listener to each browser tab. this.progressListener_ = progressListener; this.progressListener_.callback = this; this.tabbrowser_ = tabbrowser; tabbrowser.mTabBox.addEventListener("TabOpen", BindToObject(this.onTabOpen_, this), false); tabbrowser.mTabBox.addEventListener("TabClose", BindToObject(this.onTabClose_, this), false); if (this.phishWardenEnabled_) { // Since we already missed the TabOpen events for existing tabs, set those // up now. this.addWebProgressToAllTabs_(); } // ms to wait after a request has started before firing JS callback this.progressListener_.delay = 1500; // object to keep track of request errors if we're in remote check mode this.requestBackoff_ = new RequestBackoff(3 /* num errors */, 10*60*1000 /* error time, 10min */, 10*60*1000 /* backoff interval, 10min */, 6*60*60*1000 /* max backoff, 6hr */); G_Debug(this, "phishWarden initialized"); } PROT_PhishingWarden.inherits(PROT_ListWarden); /** * We implement nsIWebProgressListener */ PROT_PhishingWarden.prototype.QueryInterface = function(iid) { if (iid.equals(Ci.nsISupports) || iid.equals(Ci.nsIWebProgressListener) || iid.equals(Ci.nsISupportsWeakReference)) return this; throw Components.results.NS_ERROR_NO_INTERFACE; } /** * Cleanup on shutdown. */ PROT_PhishingWarden.prototype.shutdown = function() { this.prefs_.removeAllObservers(); this.progressListener_.callback = null; this.progressListener_ = null; this.listManager_ = null; } /** * When a preference (either advanced features or the phishwarden * enabled) changes, we might have to start or stop asking for updates. * * This is a little tricky; we start or stop management only when we * have complete information we can use to determine whether we * should. It could be the case that one pref or the other isn't set * yet (e.g., they haven't opted in/out of advanced features). So do * nothing unless we have both pref values -- we get notifications for * both, so eventually we will start correctly. */ PROT_PhishingWarden.prototype.maybeToggleUpdateChecking = function() { if (this.testing_) return; var phishWardenEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, null); this.checkRemote_ = this.prefs_.getPref(kPhishWardenRemoteLookups, null); G_Debug(this, "Maybe toggling update checking. " + "Warden enabled? " + phishWardenEnabled + " || " + "Check remote? " + this.checkRemote_); // Do nothing unless both prefs are set. They can be null (unset), true, or // false. if (phishWardenEnabled === null || this.checkRemote_ === null) return; // We update and save to disk all tables if we don't have remote checking // enabled. if (phishWardenEnabled === true) { // If anti-phishing is enabled, we always download the local files to // use in case remote lookups fail. this.enableBlacklistTableUpdates(); this.enableWhitelistTableUpdates(); if (this.checkRemote_ === true) { // Remote lookup mode // We check to see if the local list update host is the same as the // remote lookup host. If they are the same, then we don't bother // to do a remote url check if the url is in the whitelist. var ioService = Cc["@mozilla.org/network/io-service;1"] .getService(Ci.nsIIOService); var updateHost = ''; var lookupHost = ''; try { var url = ioService.newURI(gDataProvider.getUpdateURL(), null, null); updateHost = url.asciiHost; } catch (e) { } try { var url = ioService.newURI(gDataProvider.getLookupURL(), null, null); lookupHost = url.asciiHost; } catch (e) { } if (updateHost && lookupHost && updateHost == lookupHost) { // The data provider for local lists and remote lookups is the // same, enable whitelist lookup suppression. this.checkWhitelists_ = true; } else { // hosts don't match, don't use whitelist suppression this.checkWhitelists_ = false; } } } else { // Anti-phishing is off, disable table updates this.disableBlacklistTableUpdates(); this.disableWhitelistTableUpdates(); } } /** * Controllers register their browser views with us * * @param view Reference to a browser view */ PROT_PhishingWarden.prototype.addBrowserView = function(view) { G_Debug(this, "New browser view registered."); this.browserViews_.push(view); } /** * Controllers unregister their views when their window closes * * @param view Reference to a browser view */ PROT_PhishingWarden.prototype.removeBrowserView = function(view) { for (var i = 0; i < this.browserViews_.length; i++) if (this.browserViews_[i] === view) { G_Debug(this, "Browser view unregistered."); this.browserViews_.splice(i, 1); return; } G_Assert(this, false, "Tried to unregister non-existent browser view!"); } /** * Deal with a user changing the pref that says whether we should check * the remote server (i.e., whether we're in advanced mode) * * @param prefName Name of the pref holding the value indicating whether * we should check remote server */ PROT_PhishingWarden.prototype.onCheckRemotePrefChanged = function(prefName) { this.checkRemote_ = this.prefs_.getPref(prefName, this.checkRemote_); this.requestBackoff_.reset(); this.maybeToggleUpdateChecking(); } /** * Deal with a user changing the pref that says whether we should * enable the phishing warden (i.e., that SafeBrowsing is active) * * @param prefName Name of the pref holding the value indicating whether * we should enable the phishing warden */ PROT_PhishingWarden.prototype.onPhishWardenEnabledPrefChanged = function( prefName) { // Just to be safe, ignore changes to sub prefs. if (prefName != "browser.safebrowsing.enabled") return; this.phishWardenEnabled_ = this.prefs_.getPref(prefName, this.phishWardenEnabled_); this.requestBackoff_.reset(); this.maybeToggleUpdateChecking(); // Update the progress listeners. if (this.phishWardenEnabled_) { this.addWebProgressToAllTabs_(); } else { for (var i = 0, tab = null; tab = this.tabbrowser_.mTabs[i]; ++i) { var browser = tab.linkedBrowser; browser.webProgress.removeProgressListener(this.progressListener_); } } } /** * Event fired when the user changes data providers. */ PROT_PhishingWarden.prototype.onDataProviderPrefChanged = function(prefName) { // We want to reset request backoff state since it's a different provider. this.requestBackoff_.reset(); // If we have a new data provider and we're doing remote lookups, then // we may want to use whitelist lookup suppression or change which // tables are being downloaded. if (this.checkRemote_) { this.maybeToggleUpdateChecking(); } } /** * Event handler for new tab creation. Make the web progress listener aware * of the new tab. */ PROT_PhishingWarden.prototype.onTabOpen_ = function(event) { if (!this.phishWardenEnabled_) return; var browser = event.target.linkedBrowser; browser.webProgress.addProgressListener(this.progressListener_, Ci.nsIWebProgress.NOTIFY_LOCATION); } /** * Event handler for tab closing. Remove the web progress listener we * added earlier. */ PROT_PhishingWarden.prototype.onTabClose_ = function(event) { if (!this.phishWardenEnabled_) return; var browser = event.target.linkedBrowser; browser.webProgress.removeProgressListener(this.progressListener_); } /** * Add the web progress listener to all open tabs for this chrome window. */ PROT_PhishingWarden.prototype.addWebProgressToAllTabs_ = function() { for (var i = 0, tab = null; tab = this.tabbrowser_.mTabs[i]; ++i) { var browser = tab.linkedBrowser; browser.webProgress.addProgressListener(this.progressListener_, Ci.nsIWebProgress.NOTIFY_LOCATION); } } /** * A request for a Document has been initiated somewhere. Check it! * * @param request * @param url */ PROT_PhishingWarden.prototype.onDocNavStart = function(request, url) { G_Debug(this, "checkRemote: " + (this.checkRemote_ ? "yes" : "no")); // If we're on a test page, trigger the warning. // XXX Do we still need a test url or should each provider just put // it in their local list? if (this.isBlacklistTestURL(url)) { this.houstonWeHaveAProblem_(request); return; } // Make a remote lookup check if the pref is selected and if we haven't // triggered server backoff. Otherwise, make a local check. if (this.checkRemote_ && this.requestBackoff_.canMakeRequest()) { // If we can use whitelists to suppress remote lookups, do so. if (this.checkWhitelists_) { var maybeRemoteCheck = BindToObject(this.maybeMakeRemoteCheck_, this, url, request); this.isWhiteURL(url, maybeRemoteCheck); } else { // Do a remote lookup (don't check whitelists) this.fetcher_.get(url, BindToObject(this.onTRFetchComplete, this, url, request)); } } else { // Check the local lists for a match. var evilCallback = BindToObject(this.localListMatch_, this, url, request); this.isEvilURL(url, evilCallback); } } /** * Callback from whitelist check when remote lookups is on. * @param url String url to lookup * @param request nsIRequest object * @param status int enum from callback (PROT_ListWarden.IN_BLACKLIST, * PROT_ListWarden.IN_WHITELIST, PROT_ListWarden.NOT_FOUND) */ PROT_PhishingWarden.prototype.maybeMakeRemoteCheck_ = function(url, request, status) { if (PROT_ListWarden.IN_WHITELIST == status) return; G_Debug(this, "Local whitelist lookup failed"); this.fetcher_.get(url, BindToObject(this.onTRFetchComplete, this, url, request)); } /** * Invoked with the result of a lookupserver request. * * @param url String the URL we looked up * @param request The nsIRequest in which we're interested * @param trValues Object holding name/value pairs parsed from the * lookupserver's response * @param status Number HTTP status code or NS_ERROR_NOT_AVAILABLE if there's * an HTTP error */ PROT_PhishingWarden.prototype.onTRFetchComplete = function(url, request, trValues, status) { // Did the remote http request succeed? If not, we fall back on // local lists. if (status == Components.results.NS_ERROR_NOT_AVAILABLE || this.requestBackoff_.isErrorStatus_(status)) { this.requestBackoff_.noteServerResponse(status); G_Debug(this, "remote check failed, using local lists instead"); var evilCallback = BindToObject(this.localListMatch_, this, url, request); this.isEvilURL(url, evilCallback); } else { var callback = BindToObject(this.houstonWeHaveAProblem_, this, request); this.checkRemoteData(callback, trValues); } } /** * One of our Check* methods found a problem with a request. Why do we * need to keep the nsIRequest (instead of just passing in the URL)? * Because we need to know when to stop looking for the URL it's * fetching, and to know this we need the nsIRequest.isPending flag. * * @param request nsIRequest that is problematic */ PROT_PhishingWarden.prototype.houstonWeHaveAProblem_ = function(request) { // We have a problem request that might or might not be associated // with a Document that's currently in a browser. If it is, we // want that Document. If it's not, we want to give it a chance to // be loaded. See below for complete details. if (this.maybeLocateProblem_(request)) // Cases 1 and 2 (see below) return; // OK, so the request isn't associated with any currently accessible // Document, and we want to give it the chance to be. We don't want // to retry forever (e.g., what if the Document was already displayed // and navigated away from?), so we'll use nsIRequest.isPending to help // us decide what to do. // // Aácomplication arises because there is a lag between when a // request transitions from pending to not-pending and when it's // associated with a Document in a browser. The transition from // pending to not occurs just before the notification corresponding // to NavWatcher.DOCNAVSTART (see NavWatcher), but the association // occurs afterwards. Unfortunately, we're probably in DOCNAVSTART. // // Diagnosis by Darin: // --------------------------------------------------------------------------- // Here's a summary of what happens: // // RestorePresentation() { // Dispatch_OnStateChange(dummy_request, STATE_START) // PostCompletionEvent() // } // // CompletionEvent() { // ReallyRestorePresentation() // Dispatch_OnStateChange(dummy_request, STATE_STOP) // } // // So, now your code receives that initial OnStateChange event and sees // that the dummy_request is not pending and not loaded in any window. // So, you put a timeout(0) event in the queue. Then, the CompletionEvent // is added to the queue. The stack unwinds.... // // Your timeout runs, and you find that the dummy_request is still not // pending and not loaded in any window. Then the CompletionEvent // runs, and it hooks up the cached presentation. // // https://bugzilla.mozilla.org/show_bug.cgi?id=319527 // --------------------------------------------------------------------------- // // So the logic is: // // request found an unhandled // case pending? doc with the url? action // ---------------------------------------------------------------- // 1 yes yes Use that doc (handled above) // 2 no yes Use that doc (handled above) // 3 yes no Retry // 4 no no Retry twice (case described above) // // We don't get into trouble with Docs with the same URL "stealing" the // warning because there is exactly one warning signaled per nav to // a problem URL, and each Doc can be marked as problematic at most once. if (request.isPending()) { // Case 3 G_Debug(this, "Can't find problem Doc; Req pending. Retrying."); new G_Alarm(BindToObject(this.houstonWeHaveAProblem_, this, request), 200 /*ms*/); } else { // Case 4 G_Debug(this, "Can't find problem Doc; Req completed. Retrying at most twice."); new G_ConditionalAlarm(BindToObject(this.maybeLocateProblem_, this, request), 0 /* next event loop */, true /* repeat */, 2 /* at most twice */); } } /** * Query all browser views we know about and offer them the chance to * handle the problematic request. * * @param request nsIRequest that is problematic * * @returns Boolean indicating if someone decided to handle it */ PROT_PhishingWarden.prototype.maybeLocateProblem_ = function(request) { G_Debug(this, "Trying to find the problem."); G_Debug(this, this.browserViews_.length + " browser views to check."); for (var i = 0; i < this.browserViews_.length; i++) { if (this.browserViews_[i].tryToHandleProblemRequest(this, request)) { G_Debug(this, "Found browser view willing to handle problem!"); return true; } G_Debug(this, "wrong browser view"); } return false; } /** * Indicates if this URL is one of the possible blacklist test URLs. * These test URLs should always be considered as phishy. * * @param url URL to check * @return A boolean indicating whether this is one of our blacklist * test URLs */ PROT_PhishingWarden.prototype.isBlacklistTestURL = function(url) { // Explicitly check for URL so we don't get JS warnings in strict mode. if (kTestUrls[url]) return true; return false; } /** * Callback for found local blacklist match. First we report that we have * a blacklist hit, then we bring up the warning dialog. * @param status Number enum from callback (PROT_ListWarden.IN_BLACKLIST, * PROT_ListWarden.IN_WHITELIST, PROT_ListWarden.NOT_FOUND) */ PROT_PhishingWarden.prototype.localListMatch_ = function(url, request, status) { if (PROT_ListWarden.IN_BLACKLIST != status) return; // Maybe send a report (new PROT_Reporter).report("phishblhit", url); this.houstonWeHaveAProblem_(request); } /** * Examine data fetched from a lookup server for evidence of a * phishing problem. * * @param callback Function to invoke if there is a problem. * @param trValues Object containing name/value pairs the server returned */ PROT_PhishingWarden.prototype.checkRemoteData = function(callback, trValues) { if (!trValues) { G_Debug(this, "Didn't get TR values from the server."); return; } G_Debug(this, "Page has phishiness " + trValues["phishy"]); if (trValues["phishy"] == 1) { // It's on our blacklist G_Debug(this, "Remote blacklist hit"); callback(this); } else { G_Debug(this, "Remote blacklist miss"); } } //@line 37 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\malware-warden.js" // This warden manages updates to the malware list const kMalwareWardenEnabledPref = "browser.safebrowsing.malware.enabled"; function PROT_MalwareWarden() { PROT_ListWarden.call(this); this.debugZone = "malwarewarden"; // Use this to query preferences this.prefs_ = new G_Preferences(); // Global preference to enable the malware warden this.malwareWardenEnabled_ = this.prefs_.getPref(kMalwareWardenEnabledPref, null); // Get notifications when the malware warden enabled pref changes var malwareWardenPrefObserver = BindToObject(this.onMalwareWardenEnabledPrefChanged, this); this.prefs_.addObserver(kMalwareWardenEnabledPref, malwareWardenPrefObserver); // Add a test chunk to the database var testData = "mozilla.com/firefox/its-an-attack.html"; var testUpdate = "n:1000\ni:test-malware-simple\nad:1\n" + "a:1:" + testData.length + "\n" + testData + "\n"; testData = "mozilla.com/firefox/its-a-trap.html"; testUpdate += "n:1000\ni:test-phish-simple\nad:1\n" + "a:1:" + testData.length + "\n" + testData + "\n"; var dbService_ = Cc["@mozilla.org/url-classifier/dbservice;1"] .getService(Ci.nsIUrlClassifierDBService); dbService_.update(testUpdate); dbService_.finish(function(result) {}, function(error) {}); G_Debug(this, "malwareWarden initialized"); } PROT_MalwareWarden.inherits(PROT_ListWarden); /** * Cleanup on shutdown. */ PROT_MalwareWarden.prototype.shutdown = function() { this.prefs_.removeAllObservers(); this.listManager_ = null; } /** * When a preference changes, we might have to start or stop asking for * updates. */ PROT_MalwareWarden.prototype.maybeToggleUpdateChecking = function() { var malwareWardenEnabled = this.prefs_.getPref(kMalwareWardenEnabledPref, null); G_Debug(this, "Maybe toggling update checking. " + "Warden enabled? " + malwareWardenEnabled); // Do nothing unless thre pref is set if (malwareWardenEnabled === null) return; // We update and save to disk all tables if we don't have remote checking // enabled. if (malwareWardenEnabled === true) { this.enableBlacklistTableUpdates(); } else { // Anti-malware is off, disable table updates this.disableBlacklistTableUpdates(); } } /** * Deal with a user changing the pref that says whether we should * enable the malware warden. * * @param prefName Name of the pref holding the value indicating whether * we should enable the malware warden */ PROT_MalwareWarden.prototype.onMalwareWardenEnabledPrefChanged = function( prefName) { // Just to be safe, ignore changes to sub prefs. if (prefName != kMalwareWardenEnabledPref) return; this.malwareWardenEnabled_ = this.prefs_.getPref(prefName, this.malwareWardenEnabled_); this.maybeToggleUpdateChecking(); } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\reporter.js" // A tiny class to do reporting for us. We report interesting user actions // such as the user hitting a blacklisted page, and the user accepting // or declining the warning. // // Each report has a subject and data. Current reports are: // // subject data meaning // -------------------------------- // phishnavaway url the user navigated away from a phishy page // phishdecline url the user declined our warning // phishaccept url the user accepted our warning // phishblhit url the user loaded a phishing page // // We only send reports in advanced protection mode, and even then we // strip cookies from the request before sending it. /** * A very complicated class to send pings to the provider. The class does * nothing if we're not in advanced protection mode. * * @constructor */ function PROT_Reporter() { this.debugZone = "reporter"; this.prefs_ = new G_Preferences(); } /** * Send a report! * * @param subject String indicating what this report is about (will be * urlencoded) * @param data String giving extra information about this report (will be * urlencoded) */ PROT_Reporter.prototype.report = function(subject, data) { // Send a report iff we're in advanced protection mode if (!this.prefs_.getPref(kPhishWardenRemoteLookups, false)) return; // Make sure a report url is defined var url = gDataProvider.getReportURL(); // Report url is optional, so we just ignore the request if a report // url isn't provided. if (!url) return; url += "evts=" + encodeURIComponent(subject) + "&evtd=" + encodeURIComponent(data); G_Debug(this, "Sending report: " + url); (new PROT_XMLFetcher(true /* strip cookies */)).get(url, null /* no cb */); } //@line 36 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\content\tr-fetcher.js" // A helper class that does "trustrank" lookups on a remote // server. Right now this lookup just indicates if a page is // phishing. The response format is protocol4 name/value pairs. // // Since we're sending full URLs to the server, we try to encrypt // them before transmission. Else HTTPS query params could leak. /** * A helper class that fetches trustrank values, parses them, and * passes them via an object to a callback. * * @constructor */ function PROT_TRFetcher(opt_noCrypto) { this.debugZone = "trfetcher"; this.useCrypto_ = !opt_noCrypto; this.protocol4Parser_ = new G_Protocol4Parser(); // We lazily instantiate the UrlCrypto object due to: // https://bugzilla.mozilla.org/show_bug.cgi?id=321024 // // Otherwise here we would use: // this.urlCrypto_ = new PROT_UrlCrypto(); } PROT_TRFetcher.TRY_REKEYING_RESPONSE = "pleaserekey"; /** * Get the URL of the request that will fetch us TR for the argument URL * * @param url String containing the URL we'd like to fetch info about * * @returns String containing the url we should use to fetch tr info */ PROT_TRFetcher.prototype.getRequestURL_ = function(url) { if (!this.urlCrypto_) this.urlCrypto_ = new PROT_UrlCrypto(); G_Debug(this, "Fetching for " + url); var requestURL = gDataProvider.getLookupURL(); if (!requestURL) return null; if (this.useCrypto_) { var maybeCryptedParams = this.urlCrypto_.maybeCryptParams({ "q": url}); for (var param in maybeCryptedParams) requestURL += param + "=" + encodeURIComponent(maybeCryptedParams[param]) + "&"; } else { requestURL += "q=" + encodeURIComponent(url); } G_Debug(this, "Request URL: " + requestURL); return requestURL; }; /** * Fetches information about a page. * * @param forPage URL for which to fetch info * * @param callback Function to call back when complete. */ PROT_TRFetcher.prototype.get = function(forPage, callback) { var url = this.getRequestURL_(forPage); if (!url) { G_Debug(this, "No remote lookup url."); return; } var closure = BindToObject(this.onFetchComplete_, this, callback); (new PROT_XMLFetcher()).get(url, closure); }; /** * Invoked when a fetch has completed. * * @param callback Function to invoke with parsed response object * @param responseText Text of the protocol4 message * @param httpStatus Number HTTP status code or NS_ERROR_NOT_AVAILABLE if the * request failed */ PROT_TRFetcher.prototype.onFetchComplete_ = function(callback, responseText, httpStatus) { var responseObj = this.extractResponse_(responseText); // The server might tell us to rekey, for example if it sees that // our request was unencrypted (meaning that we might not yet have // a key). If so, pass this hint along to the crypto key manager. if (responseObj[PROT_TRFetcher.TRY_REKEYING_RESPONSE] == "1" && this.urlCrypto_) { G_Debug(this, "We're supposed to re-key. Trying."); var manager = this.urlCrypto_.getManager(); if (manager) manager.maybeReKey(); } G_Debug(this, "TR Response:"); for (var field in responseObj) G_Debug(this, field + "=" + responseObj[field]); callback(responseObj, httpStatus); }; /** * Parse a protocol4 message (lookup server response) * * @param responseText String containing the server's response * * @returns Object containing the returned values or null if no * response was received */ PROT_TRFetcher.prototype.extractResponse_ = function(responseText) { return this.protocol4Parser_.parse(responseText); }; //@line 24 "e:\builds\tinderbox\Fx-Rel\WINNT_5.2_Depend\mozilla\browser\components\safebrowsing\src\nsSafebrowsingApplication.js" var modScope = this; function Init() { var jslib = Cc["@mozilla.org/url-classifier/jslib;1"] .getService().wrappedJSObject; modScope.G_Debug = jslib.G_Debug; modScope.G_Assert = jslib.G_Assert; modScope.G_Alarm = jslib.G_Alarm; modScope.G_ConditionalAlarm = jslib.G_ConditionalAlarm; modScope.G_ObserverWrapper = jslib.G_ObserverWrapper; modScope.G_Preferences = jslib.G_Preferences; modScope.PROT_XMLFetcher = jslib.PROT_XMLFetcher; modScope.BindToObject = jslib.BindToObject; modScope.G_Protocol4Parser = jslib.G_Protocol4Parser; modScope.PROT_UrlCrypto = jslib.PROT_UrlCrypto; modScope.RequestBackoff = jslib.RequestBackoff; // We only need to call Init once modScope.Init = function() {}; } // Module object function SafebrowsingApplicationMod() { this.firstTime = true; this.cid = Components.ID("{c64d0bcb-8270-4ca7-a0b3-3380c8ffecb5}"); this.progid = "@mozilla.org/safebrowsing/application;1"; } SafebrowsingApplicationMod.prototype.registerSelf = function(compMgr, fileSpec, loc, type) { if (this.firstTime) { this.firstTime = false; throw Components.results.NS_ERROR_FACTORY_REGISTER_AGAIN; } compMgr = compMgr.QueryInterface(Ci.nsIComponentRegistrar); compMgr.registerFactoryLocation(this.cid, "Safebrowsing Application Module", this.progid, fileSpec, loc, type); compMgr.registerFactoryLocation(this.cid, "UrlClassifier Blocked Error Page", "@mozilla.org/network/protocol/about;1?what=blocked", fileSpec, loc, type); }; SafebrowsingApplicationMod.prototype.getClassObject = function(compMgr, cid, iid) { if (!cid.equals(this.cid)) throw Components.results.NS_ERROR_NO_INTERFACE; if (!iid.equals(Ci.nsIFactory)) throw Components.results.NS_ERROR_NOT_IMPLEMENTED; return this.factory; } SafebrowsingApplicationMod.prototype.canUnload = function(compMgr) { return true; } SafebrowsingApplicationMod.prototype.factory = { createInstance: function(outer, iid) { if (outer != null) throw Components.results.NS_ERROR_NO_AGGREGATION; Init(); return new PROT_Application(); } }; var ApplicationModInst = new SafebrowsingApplicationMod(); function NSGetModule(compMgr, fileSpec) { return ApplicationModInst; }