commit bd4abf8ba8f4e1aea2acd4b895274f646ed951a8 Author: Georg Koppen <gk@torproject.org> Date: Thu Aug 16 07:21:24 2018 +0000 Revert "Backport of fix for bug 1412081" This reverts commit 50f4653b90316394e7d6d3cd4a3e92e12f377666. We take the patch that actually landed on esr60 instead. --- dom/ipc/ContentPrefs.cpp | 1 - xpcom/io/FilePreferences.cpp | 328 ++++++++++---------------- xpcom/io/FilePreferences.h | 6 - xpcom/io/nsLocalFileUnix.cpp | 58 ----- xpcom/tests/gtest/TestFilePreferencesUnix.cpp | 203 ---------------- xpcom/tests/gtest/moz.build | 5 - 6 files changed, 122 insertions(+), 479 deletions(-) diff --git a/dom/ipc/ContentPrefs.cpp b/dom/ipc/ContentPrefs.cpp index ac1ea109fc9f..d011c7393125 100644 --- a/dom/ipc/ContentPrefs.cpp +++ b/dom/ipc/ContentPrefs.cpp @@ -270,7 +270,6 @@ const char* mozilla::dom::ContentPrefs::gEarlyPrefs[] = { "network.dns.disablePrefetch", "network.dns.disablePrefetchFromHTTPS", "network.file.disable_unc_paths", - "network.file.path_blacklist", "network.http.tailing.enabled", "network.jar.block-remote-files", "network.loadinfo.skip_type_assertion", diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp index ca133fcaeb40..3ad0e0ee19e0 100644 --- a/xpcom/io/FilePreferences.cpp +++ b/xpcom/io/FilePreferences.cpp @@ -6,11 +6,7 @@ #include "FilePreferences.h" -#include "mozilla/ClearOnShutdown.h" #include "mozilla/Preferences.h" -#include "mozilla/StaticPtr.h" -#include "mozilla/Tokenizer.h" -#include "mozilla/Unused.h" #include "nsAppDirectoryServiceDefs.h" #include "nsDirectoryServiceDefs.h" #include "nsDirectoryServiceUtils.h" @@ -19,37 +15,15 @@ namespace mozilla { namespace FilePreferences { static bool sBlockUNCPaths = false; -typedef nsTArray<nsString> WinPaths; -static StaticAutoPtr<WinPaths> sWhitelist; +typedef nsTArray<nsString> Paths; -static WinPaths& PathWhitelist() +static Paths& PathArray() { - if (!sWhitelist) { - sWhitelist = new nsTArray<nsString>(); - ClearOnShutdown(&sWhitelist); - } - return *sWhitelist; -} - -#ifdef XP_WIN -typedef char16_t char_path_t; -#else -typedef char char_path_t; -#endif - -typedef nsTArray<nsTString<char_path_t>> Paths; -static StaticAutoPtr<Paths> sBlacklist; - -static Paths& PathBlacklist() -{ - if (!sBlacklist) { - sBlacklist = new nsTArray<nsTString<char_path_t>>(); - ClearOnShutdown(&sBlacklist); - } - return *sBlacklist; + static Paths sPaths; + return sPaths; } -static void AllowUNCDirectory(char const* directory) +static void AllowDirectory(char const* directory) { nsCOMPtr<nsIFile> file; NS_GetSpecialDirectory(directory, getter_AddRefs(file)); @@ -69,201 +43,180 @@ static void AllowUNCDirectory(char const* directory) return; } - if (!PathWhitelist().Contains(path)) { - PathWhitelist().AppendElement(path); + if (!PathArray().Contains(path)) { + PathArray().AppendElement(path); } } void InitPrefs() { sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false); - - PathBlacklist().Clear(); - nsAutoCString blacklist; - Preferences::GetCString("network.file.path_blacklist", blacklist); - - Tokenizer p(blacklist); - while (!p.CheckEOF()) { - nsCString path; - Unused << p.ReadUntil(Tokenizer::Token::Char(','), path); - path.Trim(" "); - if (!path.IsEmpty()) { -#ifdef XP_WIN - PathBlacklist().AppendElement(NS_ConvertASCIItoUTF16(path)); -#else - PathBlacklist().AppendElement(path); -#endif - } - Unused << p.CheckChar(','); - } } void InitDirectoriesWhitelist() { // NS_GRE_DIR is the installation path where the binary resides. - AllowUNCDirectory(NS_GRE_DIR); + AllowDirectory(NS_GRE_DIR); // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two // parts of the profile we store permanent and local-specific data. - AllowUNCDirectory(NS_APP_USER_PROFILE_50_DIR); - AllowUNCDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR); + AllowDirectory(NS_APP_USER_PROFILE_50_DIR); + AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR); } namespace { // anon -template <typename TChar> class Normalizer { public: - Normalizer(const nsTSubstring<TChar>& aFilePath, const TChar aSeparator) - : mFilePathCursor(aFilePath.BeginReading()) - , mFilePathEnd(aFilePath.EndReading()) - , mSeparator(aSeparator) - { - } + Normalizer(const nsAString& aFilePath, const char16_t aSeparator); + bool Get(nsAString& aNormalizedFilePath); - bool Get(nsTSubstring<TChar>& aNormalizedFilePath) - { - aNormalizedFilePath.Truncate(); - - // Windows UNC paths begin with double separator (\\) - // Linux paths begin with just one separator (/) - // If we want to use the normalizer for regular windows paths this code - // will need to be updated. -#ifdef XP_WIN - if (IsEOF()) { - return true; - } - if (ConsumeSeparator()) { - aNormalizedFilePath.Append(mSeparator); - } -#endif +private: + bool ConsumeItem(); + bool ConsumeSeparator(); + bool IsEOF() { return mFilePathCursor == mFilePathEnd; } - if (IsEOF()) { - return true; - } - if (ConsumeSeparator()) { - aNormalizedFilePath.Append(mSeparator); - } + bool ConsumeName(); + bool CheckParentDir(); + bool CheckCurrentDir(); - while (!IsEOF()) { - if (!ConsumeName()) { - return false; - } - } + nsString::const_char_iterator mFilePathCursor; + nsString::const_char_iterator mFilePathEnd; - for (auto const& name : mStack) { - aNormalizedFilePath.Append(name); - } + nsDependentSubstring mItem; + char16_t const mSeparator; + nsTArray<nsDependentSubstring> mStack; +}; - return true; +Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator) + : mFilePathCursor(aFilePath.BeginReading()) + , mFilePathEnd(aFilePath.EndReading()) + , mSeparator(aSeparator) +{ +} + +bool Normalizer::ConsumeItem() +{ + if (IsEOF()) { + return false; } -private: - bool ConsumeItem() - { - if (IsEOF()) { - return false; + nsString::const_char_iterator nameBegin = mFilePathCursor; + while (mFilePathCursor != mFilePathEnd) { + if (*mFilePathCursor == mSeparator) { + break; // don't include the separator } + ++mFilePathCursor; + } - typename nsTString<TChar>::const_char_iterator nameBegin = mFilePathCursor; - while (mFilePathCursor != mFilePathEnd) { - if (*mFilePathCursor == mSeparator) { - break; // don't include the separator - } - ++mFilePathCursor; - } + mItem.Rebind(nameBegin, mFilePathCursor); + return true; +} - mItem.Rebind(nameBegin, mFilePathCursor); - return true; +bool Normalizer::ConsumeSeparator() +{ + if (IsEOF()) { + return false; } - bool ConsumeSeparator() - { - if (IsEOF()) { - return false; - } + if (*mFilePathCursor != mSeparator) { + return false; + } - if (*mFilePathCursor != mSeparator) { - return false; - } + ++mFilePathCursor; + return true; +} - ++mFilePathCursor; +bool Normalizer::Get(nsAString& aNormalizedFilePath) +{ + aNormalizedFilePath.Truncate(); + + if (IsEOF()) { return true; } + if (ConsumeSeparator()) { + aNormalizedFilePath.Append(mSeparator); + } - bool IsEOF() { return mFilePathCursor == mFilePathEnd; } + if (IsEOF()) { + return true; + } + if (ConsumeSeparator()) { + aNormalizedFilePath.Append(mSeparator); + } - bool ConsumeName() - { - if (!ConsumeItem()) { - return true; + while (!IsEOF()) { + if (!ConsumeName()) { + return false; } + } - if (CheckCurrentDir()) { - return true; - } + for (auto const& name : mStack) { + aNormalizedFilePath.Append(name); + } - if (CheckParentDir()) { - if (!mStack.Length()) { - // This means there are more \.. than valid names - return false; - } + return true; +} - mStack.RemoveElementAt(mStack.Length() - 1); - return true; - } +bool Normalizer::ConsumeName() +{ + if (!ConsumeItem()) { + return true; + } - if (mItem.IsEmpty()) { - // this means an empty name (a lone slash), which is illegal - return false; - } + if (CheckCurrentDir()) { + return true; + } - if (ConsumeSeparator()) { - mItem.Rebind(mItem.BeginReading(), mFilePathCursor); + if (CheckParentDir()) { + if (!mStack.Length()) { + // This means there are more \.. than valid names + return false; } - mStack.AppendElement(mItem); + mStack.RemoveElementAt(mStack.Length() - 1); return true; } - bool CheckParentDir() - { - if (mItem.EqualsLiteral("..")) { - ConsumeSeparator(); - // EOF is acceptable - return true; - } - + if (mItem.IsEmpty()) { + // this means an empty name (a lone slash), which is illegal return false; } - bool CheckCurrentDir() - { - if (mItem.EqualsLiteral(".")) { - ConsumeSeparator(); - // EOF is acceptable - return true; - } + if (ConsumeSeparator()) { + mItem.Rebind(mItem.BeginReading(), mFilePathCursor); + } + mStack.AppendElement(mItem); - return false; + return true; +} + +bool Normalizer::CheckCurrentDir() +{ + if (mItem == NS_LITERAL_STRING(".")) { + ConsumeSeparator(); + // EOF is acceptable + return true; } - typename nsTString<TChar>::const_char_iterator mFilePathCursor; - typename nsTString<TChar>::const_char_iterator mFilePathEnd; + return false; +} - nsTDependentSubstring<TChar> mItem; - TChar const mSeparator; - nsTArray<nsTDependentSubstring<TChar>> mStack; -}; +bool Normalizer::CheckParentDir() +{ + if (mItem == NS_LITERAL_STRING("..")) { + ConsumeSeparator(); + // EOF is acceptable + return true; + } + + return false; +} } // anon bool IsBlockedUNCPath(const nsAString& aFilePath) { - if (!sWhitelist) { - return false; - } - if (!sBlockUNCPaths) { return false; } @@ -273,12 +226,12 @@ bool IsBlockedUNCPath(const nsAString& aFilePath) } nsAutoString normalized; - if (!Normalizer<char16_t>(aFilePath, L'\\').Get(normalized)) { + if (!Normalizer(aFilePath, L'\\').Get(normalized)) { // Broken paths are considered invalid and thus inaccessible return true; } - for (const auto& allowedPrefix : PathWhitelist()) { + for (const auto& allowedPrefix : PathArray()) { if (StringBeginsWith(normalized, allowedPrefix)) { if (normalized.Length() == allowedPrefix.Length()) { return false; @@ -298,43 +251,6 @@ bool IsBlockedUNCPath(const nsAString& aFilePath) return true; } -#ifdef XP_WIN -const char16_t kPathSeparator = L'\\'; -#else -const char kPathSeparator = '/'; -#endif - -bool IsAllowedPath(const nsTSubstring<char_path_t>& aFilePath) -{ - // If sBlacklist has been cleared at shutdown, we must avoid calling - // PathBlacklist() again, as that will recreate the array and we will leak. - if (!sBlacklist) { - return true; - } - - if (PathBlacklist().Length() == 0) { - return true; - } - - nsTAutoString<char_path_t> normalized; - if (!Normalizer<char_path_t>(aFilePath, kPathSeparator).Get(normalized)) { - // Broken paths are considered invalid and thus inaccessible - return false; - } - - for (const auto& prefix : PathBlacklist()) { - if (StringBeginsWith(normalized, prefix)) { - if (normalized.Length() > prefix.Length() && - normalized[prefix.Length()] != kPathSeparator) { - continue; - } - return false; - } - } - - return true; -} - void testing::SetBlockUNCPaths(bool aBlock) { sBlockUNCPaths = aBlock; @@ -342,12 +258,12 @@ void testing::SetBlockUNCPaths(bool aBlock) void testing::AddDirectoryToWhitelist(nsAString const & aPath) { - PathWhitelist().AppendElement(aPath); + PathArray().AppendElement(aPath); } bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized) { - Normalizer<char16_t> normalizer(aPath, L'\\'); + Normalizer normalizer(aPath, L'\\'); return normalizer.Get(aNormalized); } diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h index 71c244201735..fa281f9e6799 100644 --- a/xpcom/io/FilePreferences.h +++ b/xpcom/io/FilePreferences.h @@ -13,12 +13,6 @@ void InitPrefs(); void InitDirectoriesWhitelist(); bool IsBlockedUNCPath(const nsAString& aFilePath); -#ifdef XP_WIN -bool IsAllowedPath(const nsAString& aFilePath); -#else -bool IsAllowedPath(const nsACString& aFilePath); -#endif - namespace testing { void SetBlockUNCPaths(bool aBlock); diff --git a/xpcom/io/nsLocalFileUnix.cpp b/xpcom/io/nsLocalFileUnix.cpp index cc241b179ab4..768f66b301ec 100644 --- a/xpcom/io/nsLocalFileUnix.cpp +++ b/xpcom/io/nsLocalFileUnix.cpp @@ -12,7 +12,6 @@ #include "mozilla/Attributes.h" #include "mozilla/DebugOnly.h" #include "mozilla/Sprintf.h" -#include "mozilla/FilePreferences.h" #include <sys/types.h> #include <sys/stat.h> @@ -85,8 +84,6 @@ using namespace mozilla; do { \ if (mPath.IsEmpty()) \ return NS_ERROR_NOT_INITIALIZED; \ - if (!FilePreferences::IsAllowedPath(mPath)) \ - return NS_ERROR_FILE_ACCESS_DENIED; \ } while(0) /* directory enumerator */ @@ -143,13 +140,6 @@ nsDirEnumeratorUnix::Init(nsLocalFile* aParent, return NS_ERROR_FILE_INVALID_PATH; } - // When enumerating the directory, the paths must have a slash at the end. - nsAutoCString dirPathWithSlash(dirPath); - dirPathWithSlash.Append('/'); - if (!FilePreferences::IsAllowedPath(dirPathWithSlash)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - if (NS_FAILED(aParent->GetNativePath(mParentPath))) { return NS_ERROR_FAILURE; } @@ -279,11 +269,6 @@ nsLocalFile::nsLocalFileConstructor(nsISupports* aOuter, bool nsLocalFile::FillStatCache() { - if (!FilePreferences::IsAllowedPath(mPath)) { - errno = EACCES; - return false; - } - if (STAT(mPath.get(), &mCachedStat) == -1) { // try lstat it may be a symlink if (LSTAT(mPath.get(), &mCachedStat) == -1) { @@ -326,11 +311,6 @@ nsLocalFile::InitWithNativePath(const nsACString& aFilePath) mPath = aFilePath; } - if (!FilePreferences::IsAllowedPath(mPath)) { - mPath.Truncate(); - return NS_ERROR_FILE_ACCESS_DENIED; - } - // trim off trailing slashes ssize_t len = mPath.Length(); while ((len > 1) && (mPath[len - 1] == '/')) { @@ -344,10 +324,6 @@ nsLocalFile::InitWithNativePath(const nsACString& aFilePath) NS_IMETHODIMP nsLocalFile::CreateAllAncestors(uint32_t aPermissions) { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - // <jband> I promise to play nice char* buffer = mPath.BeginWriting(); char* slashp = buffer; @@ -419,9 +395,6 @@ NS_IMETHODIMP nsLocalFile::OpenNSPRFileDesc(int32_t aFlags, int32_t aMode, PRFileDesc** aResult) { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } *aResult = PR_Open(mPath.get(), aFlags, aMode); if (!*aResult) { return NS_ErrorAccordingToNSPR(); @@ -443,9 +416,6 @@ nsLocalFile::OpenNSPRFileDesc(int32_t aFlags, int32_t aMode, NS_IMETHODIMP nsLocalFile::OpenANSIFileDesc(const char* aMode, FILE** aResult) { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } *aResult = fopen(mPath.get(), aMode); if (!*aResult) { return NS_ERROR_FAILURE; @@ -472,10 +442,6 @@ nsresult nsLocalFile::CreateAndKeepOpen(uint32_t aType, int aFlags, uint32_t aPermissions, PRFileDesc** aResult) { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - if (aType != NORMAL_FILE_TYPE && aType != DIRECTORY_TYPE) { return NS_ERROR_FILE_UNKNOWN_TYPE; } @@ -525,10 +491,6 @@ nsLocalFile::CreateAndKeepOpen(uint32_t aType, int aFlags, NS_IMETHODIMP nsLocalFile::Create(uint32_t aType, uint32_t aPermissions) { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - PRFileDesc* junk = nullptr; nsresult rv = CreateAndKeepOpen(aType, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE | @@ -584,10 +546,6 @@ nsLocalFile::Normalize() char resolved_path[PATH_MAX] = ""; char* resolved_path_ptr = nullptr; - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - resolved_path_ptr = realpath(mPath.get(), resolved_path); // if there is an error, the return is null. @@ -1059,10 +1017,6 @@ nsLocalFile::MoveToNative(nsIFile* aNewParent, const nsACString& aNewName) return rv; } - if (!FilePreferences::IsAllowedPath(newPathName)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - // try for atomic rename, falling back to copy/delete if (rename(mPath.get(), newPathName.get()) < 0) { if (errno == EXDEV) { @@ -2005,10 +1959,6 @@ nsLocalFile::SetPersistentDescriptor(const nsACString& aPersistentDescriptor) NS_IMETHODIMP nsLocalFile::Reveal() { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - #ifdef MOZ_WIDGET_GTK nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); if (!giovfs) { @@ -2052,10 +2002,6 @@ nsLocalFile::Reveal() NS_IMETHODIMP nsLocalFile::Launch() { - if (!FilePreferences::IsAllowedPath(mPath)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - #ifdef MOZ_WIDGET_GTK nsCOMPtr<nsIGIOService> giovfs = do_GetService(NS_GIOSERVICE_CONTRACTID); if (!giovfs) { @@ -2210,10 +2156,6 @@ nsLocalFile::RenameToNative(nsIFile* aNewParentDir, const nsACString& aNewName) return rv; } - if (!FilePreferences::IsAllowedPath(newPathName)) { - return NS_ERROR_FILE_ACCESS_DENIED; - } - // try for atomic rename if (rename(mPath.get(), newPathName.get()) < 0) { if (errno == EXDEV) { diff --git a/xpcom/tests/gtest/TestFilePreferencesUnix.cpp b/xpcom/tests/gtest/TestFilePreferencesUnix.cpp deleted file mode 100644 index c19928fcaec4..000000000000 --- a/xpcom/tests/gtest/TestFilePreferencesUnix.cpp +++ /dev/null @@ -1,203 +0,0 @@ -#include "gtest/gtest.h" - -#include "mozilla/FilePreferences.h" - -#include "nsDirectoryServiceDefs.h" -#include "nsDirectoryServiceUtils.h" -#include "mozilla/Preferences.h" -#include "mozilla/ScopeExit.h" -#include "nsISimpleEnumerator.h" - -using namespace mozilla; - -TEST(TestFilePreferencesUnix, Parsing) -{ - #define kBlacklisted "/tmp/blacklisted" - #define kBlacklistedDir "/tmp/blacklisted/" - #define kBlacklistedFile "/tmp/blacklisted/file" - #define kOther "/tmp/other" - #define kOtherDir "/tmp/other/" - #define kOtherFile "/tmp/other/file" - #define kAllowed "/tmp/allowed" - - // This is run on exit of this function to make sure we clear the pref - // and that behaviour with the pref cleared is correct. - auto cleanup = MakeScopeExit([&] { - nsresult rv = Preferences::ClearUser("network.file.path_blacklist"); - ASSERT_EQ(rv, NS_OK); - FilePreferences::InitPrefs(); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklisted)), true); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklistedDir)), true); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklistedFile)), true); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kAllowed)), true); - }); - - auto CheckPrefs = [](const nsACString& aPaths) - { - nsresult rv; - rv = Preferences::SetCString("network.file.path_blacklist", aPaths); - ASSERT_EQ(rv, NS_OK); - FilePreferences::InitPrefs(); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklistedDir)), false); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklistedDir)), false); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklistedFile)), false); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kBlacklisted)), false); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kAllowed)), true); - }; - - CheckPrefs(NS_LITERAL_CSTRING(kBlacklisted)); - CheckPrefs(NS_LITERAL_CSTRING(kBlacklisted "," kOther)); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kOtherFile)), false); - CheckPrefs(NS_LITERAL_CSTRING(kBlacklisted "," kOther ",")); - ASSERT_EQ(FilePreferences::IsAllowedPath(NS_LITERAL_CSTRING(kOtherFile)), false); -} - -TEST(TestFilePreferencesUnix, Simple) -{ - nsAutoCString tempPath; - - // This is the directory we will blacklist - nsCOMPtr<nsIFile> blacklistedDir; - nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(blacklistedDir)); - ASSERT_EQ(rv, NS_OK); - rv = blacklistedDir->GetNativePath(tempPath); - ASSERT_EQ(rv, NS_OK); - rv = blacklistedDir->AppendNative(NS_LITERAL_CSTRING("blacklisted_dir")); - ASSERT_EQ(rv, NS_OK); - - // This is executed at exit to clean up after ourselves. - auto cleanup = MakeScopeExit([&] { - nsresult rv = Preferences::ClearUser("network.file.path_blacklist"); - ASSERT_EQ(rv, NS_OK); - FilePreferences::InitPrefs(); - - rv = blacklistedDir->Remove(true); - ASSERT_EQ(rv, NS_OK); - }); - - // Create the directory - rv = blacklistedDir->Create(nsIFile::DIRECTORY_TYPE, 0666); - ASSERT_EQ(rv, NS_OK); - - // This is the file we will try to access - nsCOMPtr<nsIFile> blacklistedFile; - rv = blacklistedDir->Clone(getter_AddRefs(blacklistedFile)); - ASSERT_EQ(rv, NS_OK); - rv = blacklistedFile->AppendNative(NS_LITERAL_CSTRING("test_file")); - - // Create the file - ASSERT_EQ(rv, NS_OK); - rv = blacklistedFile->Create(nsIFile::NORMAL_FILE_TYPE, 0666); - - // Get the path for the blacklist - nsAutoCString blackListPath; - rv = blacklistedDir->GetNativePath(blackListPath); - ASSERT_EQ(rv, NS_OK); - - // Set the pref and make sure it is enforced - rv = Preferences::SetCString("network.file.path_blacklist", blackListPath); - ASSERT_EQ(rv, NS_OK); - FilePreferences::InitPrefs(); - - // Check that we can't access some of the file attributes - int64_t size; - rv = blacklistedFile->GetFileSize(&size); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - bool exists; - rv = blacklistedFile->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - // Check that we can't enumerate the directory - nsCOMPtr<nsISimpleEnumerator> dirEnumerator; - rv = blacklistedDir->GetDirectoryEntries(getter_AddRefs(dirEnumerator)); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - nsCOMPtr<nsIFile> newPath; - rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(newPath)); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendNative(NS_LITERAL_CSTRING(".")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendNative(NS_LITERAL_CSTRING("blacklisted_dir")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - rv = newPath->AppendNative(NS_LITERAL_CSTRING("test_file")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - // Check that ./ does not bypass the filter - rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(newPath)); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendRelativeNativePath(NS_LITERAL_CSTRING("./blacklisted_dir/file")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - // Check that .. does not bypass the filter - rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(newPath)); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendRelativeNativePath(NS_LITERAL_CSTRING("allowed/../blacklisted_dir/file")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(newPath)); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendNative(NS_LITERAL_CSTRING("allowed")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendNative(NS_LITERAL_CSTRING("..")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->AppendNative(NS_LITERAL_CSTRING("blacklisted_dir")); - ASSERT_EQ(rv, NS_OK); - rv = newPath->Exists(&exists); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - nsAutoCString trickyPath(tempPath); - trickyPath.AppendLiteral("/allowed/../blacklisted_dir/file"); - rv = newPath->InitWithNativePath(trickyPath); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - // Check that we can't construct a path that is functionally the same - // as the blacklisted one and bypasses the filter. - trickyPath = tempPath; - trickyPath.AppendLiteral("/./blacklisted_dir/file"); - rv = newPath->InitWithNativePath(trickyPath); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - trickyPath = tempPath; - trickyPath.AppendLiteral("//blacklisted_dir/file"); - rv = newPath->InitWithNativePath(trickyPath); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - trickyPath.Truncate(); - trickyPath.AppendLiteral("//"); - trickyPath.Append(tempPath); - trickyPath.AppendLiteral("/blacklisted_dir/file"); - rv = newPath->InitWithNativePath(trickyPath); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - trickyPath.Truncate(); - trickyPath.AppendLiteral("//"); - trickyPath.Append(tempPath); - trickyPath.AppendLiteral("//blacklisted_dir/file"); - rv = newPath->InitWithNativePath(trickyPath); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); - - // Check that if the blacklisted string is a directory, we only block access - // to subresources, not the directory itself. - nsAutoCString blacklistDirPath(blackListPath); - blacklistDirPath.Append("/"); - rv = Preferences::SetCString("network.file.path_blacklist", blacklistDirPath); - ASSERT_EQ(rv, NS_OK); - FilePreferences::InitPrefs(); - - // This should work, since we only block subresources - rv = blacklistedDir->Exists(&exists); - ASSERT_EQ(rv, NS_OK); - - rv = blacklistedDir->GetDirectoryEntries(getter_AddRefs(dirEnumerator)); - ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); -} diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build index 4f1c9c73d653..90b5fd7652e6 100644 --- a/xpcom/tests/gtest/moz.build +++ b/xpcom/tests/gtest/moz.build @@ -73,11 +73,6 @@ if CONFIG['OS_TARGET'] == 'WINNT': UNIFIED_SOURCES += [ 'TestFilePreferencesWin.cpp', ] -else: - UNIFIED_SOURCES += [ - 'TestFilePreferencesUnix.cpp', - ] - if CONFIG['WRAP_STL_INCLUDES'] and CONFIG['CC_TYPE'] != 'clang-cl': UNIFIED_SOURCES += [