[tbb-commits] [torbutton] branch main updated: Bug 40925: Moved Security Level to tor-browser.git
gitolite role
git at cupani.torproject.org
Fri Jul 15 18:58:16 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch main
in repository torbutton.
The following commit(s) were added to refs/heads/main by this push:
new 6f84627d Bug 40925: Moved Security Level to tor-browser.git
6f84627d is described below
commit 6f84627dd470f0eade9e1ba51b81458687263c34
Author: Pier Angelo Vendrame <pierov at torproject.org>
AuthorDate: Mon Jul 11 15:50:56 2022 +0200
Bug 40925: Moved Security Level to tor-browser.git
---
components/startup-observer.js | 8 --
modules/noscript-control.js | 214 -----------------------------------------
modules/security-prefs.js | 150 -----------------------------
3 files changed, 372 deletions(-)
diff --git a/components/startup-observer.js b/components/startup-observer.js
index f9697987..164c9219 100644
--- a/components/startup-observer.js
+++ b/components/startup-observer.js
@@ -25,9 +25,6 @@ XPCOMUtils.defineLazyModuleGetters(this, {
L10nRegistry: "resource://gre/modules/L10nRegistry.jsm",
});
-let NoScriptControl = ChromeUtils.import("resource://torbutton/modules/noscript-control.js", {});
-let SecurityPrefs = ChromeUtils.import("resource://torbutton/modules/security-prefs.js", {});
-
// Module specific constants
const kMODULE_NAME = "Startup";
const kMODULE_CONTRACTID = "@torproject.org/startup-observer;1";
@@ -193,11 +190,6 @@ StartupObserver.prototype = {
// but only for hackish reasons.
this._prefs.setBoolPref("extensions.torbutton.startup", true);
- // We need to listen for NoScript before it starts.
- NoScriptControl.initialize();
-
- SecurityPrefs.initialize();
-
this.setProxySettings();
}
diff --git a/modules/noscript-control.js b/modules/noscript-control.js
deleted file mode 100644
index ea735377..00000000
--- a/modules/noscript-control.js
+++ /dev/null
@@ -1,214 +0,0 @@
-// # NoScript settings control (for binding to Security Slider)
-
-// ## Utilities
-
-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm", {});
-const { bindPref } =
- ChromeUtils.import("resource://torbutton/modules/utils.js", {});
-
-const { ExtensionUtils } = ChromeUtils.import("resource://gre/modules/ExtensionUtils.jsm");
-const { MessageChannel } = ChromeUtils.import("resource://gre/modules/MessageChannel.jsm");
-
-const { XPCOMUtils } = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
-
-XPCOMUtils.defineLazyModuleGetters(this, {
- ExtensionParent: "resource://gre/modules/ExtensionParent.jsm",
-});
-
-async function waitForExtensionMessage(extensionId, checker = () => {}) {
- const { torWaitForExtensionMessage } = ExtensionParent;
- if (torWaitForExtensionMessage) {
- return torWaitForExtensionMessage(extensionId, checker);
- }
-
- // Old messaging <= 78
- return new Promise(resolve => {
- const listener = ({ data }) => {
- for (const msg of data) {
- if (msg.recipient.extensionId === extensionId) {
- const deserialized = msg.data.deserialize({});
- if (checker(deserialized)) {
- Services.mm.removeMessageListener(
- "MessageChannel:Messages",
- listener
- );
- resolve(deserialized);
- }
- }
- }
- };
- Services.mm.addMessageListener("MessageChannel:Messages", listener);
- });
-}
-
-async function sendExtensionMessage(extensionId, message) {
- const { torSendExtensionMessage } = ExtensionParent;
- if (torSendExtensionMessage) {
- return torSendExtensionMessage(extensionId, message);
- }
-
- // Old messaging <= 78
- Services.cpmm.sendAsyncMessage("MessageChannel:Messages", [
- {
- messageName: "Extension:Message",
- sender: { id: extensionId, extensionId },
- recipient: { extensionId },
- data: new StructuredCloneHolder(message),
- channelId: ExtensionUtils.getUniqueId(),
- responseType: MessageChannel.RESPONSE_NONE,
- },
- ]);
- return undefined;
-}
-
-let logger = Cc["@torproject.org/torbutton-logger;1"]
- .getService(Ci.nsISupports).wrappedJSObject;
-let log = (level, msg) => logger.log(level, msg);
-
-// ## NoScript settings
-
-// Minimum and maximum capability states as controlled by NoScript.
-const max_caps = ["fetch", "font", "frame", "media", "object", "other", "script", "webgl", "noscript"];
-const min_caps = ["frame", "other", "noscript"];
-
-// Untrusted capabilities for [Standard, Safer, Safest] safety levels.
-const untrusted_caps = [
- max_caps, // standard safety: neither http nor https
- ["frame", "font", "object", "other", "noscript"], // safer: http
- min_caps, // safest: neither http nor https
-];
-
-// Default capabilities for [Standard, Safer, Safest] safety levels.
-const default_caps = [
- max_caps, // standard: both http and https
- ["fetch", "font", "frame", "object", "other", "script", "noscript"], // safer: https only
- min_caps, // safest: both http and https
-];
-
-// __noscriptSettings(safetyLevel)__.
-// Produces NoScript settings with policy according to
-// the safetyLevel which can be:
-// 0 = Standard, 1 = Safer, 2 = Safest
-//
-// At the "Standard" safety level, we leave all sites at
-// default with maximal capabilities. Essentially no content
-// is blocked.
-//
-// At "Safer", we set all http sites to untrusted,
-// and all https sites to default. Scripts are only permitted
-// on https sites. Neither type of site is supposed to allow
-// media, but both allow fonts (as we used in legacy NoScript).
-//
-// At "Safest", all sites are at default with minimal
-// capabilities. Most things are blocked.
-let noscriptSettings = safetyLevel => (
- {
- "__meta": {
- "name": "updateSettings",
- "recipientInfo": null
- },
- "policy": {
- "DEFAULT": {
- "capabilities": default_caps[safetyLevel],
- "temp": false
- },
- "TRUSTED": {
- "capabilities": max_caps,
- "temp": false
- },
- "UNTRUSTED": {
- "capabilities": untrusted_caps[safetyLevel],
- "temp": false
- },
- "sites": {
- "trusted": [],
- "untrusted": [[], ["http:"], []][safetyLevel],
- "custom": {},
- "temp": []
- },
- "enforced": true,
- "autoAllowTop": false
- },
- "isTorBrowser": true,
- "tabId": -1
- });
-
-// ## Communications
-
-// The extension ID for NoScript (WebExtension)
-const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
-
-// Ensure binding only occurs once.
-let initialized = false;
-
-// __initialize()__.
-// The main function that binds the NoScript settings to the security
-// slider pref state.
-var initialize = () => {
- if (initialized) {
- return;
- }
- initialized = true;
-
- try {
- // LegacyExtensionContext is not there anymore. Using raw
- // Services.cpmm.sendAsyncMessage mechanism to communicate with
- // NoScript.
-
- // The component that handles WebExtensions' sendMessage.
-
- // __setNoScriptSettings(settings)__.
- // NoScript listens for internal settings with onMessage. We can send
- // a new settings JSON object according to NoScript's
- // protocol and these are accepted! See the use of
- // `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js.
-
- // TODO: Is there a better way?
- let sendNoScriptSettings = settings =>
- sendExtensionMessage(noscriptID, settings);
-
- // __setNoScriptSafetyLevel(safetyLevel)__.
- // Set NoScript settings according to a particular safety level
- // (security slider level): 0 = Standard, 1 = Safer, 2 = Safest
- let setNoScriptSafetyLevel = safetyLevel =>
- sendNoScriptSettings(noscriptSettings(safetyLevel));
-
- // __securitySliderToSafetyLevel(sliderState)__.
- // Converts the "extensions.torbutton.security_slider" pref value
- // to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest
- let securitySliderToSafetyLevel = sliderState =>
- [undefined, 2, 1, 1, 0][sliderState];
-
- // Wait for the first message from NoScript to arrive, and then
- // bind the security_slider pref to the NoScript settings.
- let messageListener = a => {
- try {
- log(3, `Message received from NoScript: ${JSON.stringify([a])}`);
- let noscriptPersist = Services.prefs.getBoolPref("extensions.torbutton.noscript_persist", false);
- let noscriptInited = Services.prefs.getBoolPref("extensions.torbutton.noscript_inited", false);
- // Set the noscript safety level once if we have never run noscript
- // before, or if we are not allowing noscript per-site settings to be
- // persisted between browser sessions. Otherwise make sure that the
- // security slider position, if changed, will rewrite the noscript
- // settings.
- bindPref("extensions.torbutton.security_slider",
- sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState)),
- !noscriptPersist || !noscriptInited);
- if (!noscriptInited) {
- Services.prefs.setBoolPref("extensions.torbutton.noscript_inited", true);
- }
- } catch (e) {
- log(5, e.message);
- }
- };
- waitForExtensionMessage(noscriptID, a => a.__meta.name === "started").then(
- messageListener
- );
- log(3, "Listening for message from NoScript.");
- } catch (e) {
- log(5, e.message);
- }
-};
-
-// Export initialize() function for external use.
-let EXPORTED_SYMBOLS = ["initialize"];
diff --git a/modules/security-prefs.js b/modules/security-prefs.js
deleted file mode 100644
index c41458fa..00000000
--- a/modules/security-prefs.js
+++ /dev/null
@@ -1,150 +0,0 @@
-// # Security Settings prefs (as controlled by the Security Slider)
-
-// ### Utilities
-
-let { getBoolPref, setBoolPref, getIntPref, setIntPref, clearUserPref } =
- ChromeUtils.import("resource://gre/modules/Services.jsm", {}).Services.prefs;
-let { bindPref, bindPrefAndInit } =
- ChromeUtils.import("resource://torbutton/modules/utils.js", {});
-let logger = Cc["@torproject.org/torbutton-logger;1"]
- .getService(Ci.nsISupports).wrappedJSObject;
-let log = (level, msg) => logger.log(level, msg);
-
-// ### Constants
-
-// __kSecuritySettings__.
-// A table of all prefs bound to the security slider, and the value
-// for each security setting. Note that 2-m and 3-m are identical,
-// corresponding to the old 2-medium-high setting. We also separately
-// bind NoScript settings to the extensions.torbutton.security_slider
-// (see noscript-control.js).
-const kSecuritySettings = {
- // Preference name : [0, 1-high 2-m 3-m 4-low]
- "javascript.options.ion" : [, false, false, false, true ],
- "javascript.options.baselinejit" : [, false, false, false, true ],
- "javascript.options.native_regexp" : [, false, false, false, true ],
- "mathml.disabled" : [, true, true, true, false],
- "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ],
- "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ],
- "svg.disabled" : [, true, false, false, false],
- "javascript.options.asmjs" : [, false, false, false, true ],
- "javascript.options.wasm" : [, false, false, false, true ],
- "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ],
-};
-
-// The Security Settings prefs in question.
-const kSliderPref = "extensions.torbutton.security_slider";
-const kCustomPref = "extensions.torbutton.security_custom";
-const kSliderMigration = "extensions.torbutton.security_slider_migration";
-
-// ### Prefs
-
-// __write_setting_to_prefs(settingIndex)__.
-// Take a given setting index and write the appropriate pref values
-// to the pref database.
-var write_setting_to_prefs = function (settingIndex) {
- Object.keys(kSecuritySettings).forEach(
- prefName => setBoolPref(
- prefName, kSecuritySettings[prefName][settingIndex]));
-};
-
-// __read_setting_from_prefs()__.
-// Read the current pref values, and decide if any of our
-// security settings matches. Otherwise return null.
-var read_setting_from_prefs = function (prefNames) {
- prefNames = prefNames || Object.keys(kSecuritySettings);
- for (let settingIndex of [1, 2, 3, 4]) {
- let possibleSetting = true;
- // For the given settingIndex, check if all current pref values
- // match the setting.
- for (let prefName of prefNames) {
- if (kSecuritySettings[prefName][settingIndex] !==
- getBoolPref(prefName)) {
- possibleSetting = false;
- }
- }
- if (possibleSetting) {
- // We have a match!
- return settingIndex;
- }
- }
- // No matching setting; return null.
- return null;
-};
-
-// __watch_security_prefs(onSettingChanged)__.
-// Whenever a pref bound to the security slider changes, onSettingChanged
-// is called with the new security setting value (1,2,3,4 or null).
-// Returns a zero-arg function that ends this binding.
-var watch_security_prefs = function (onSettingChanged) {
- let prefNames = Object.keys(kSecuritySettings);
- let unbindFuncs = [];
- for (let prefName of prefNames) {
- unbindFuncs.push(bindPrefAndInit(
- prefName, () => onSettingChanged(read_setting_from_prefs())));
- }
- // Call all the unbind functions.
- return () => unbindFuncs.forEach(unbind => unbind());
-};
-
-// __initialized__.
-// Have we called initialize() yet?
-var initialized = false;
-
-// __initialize()__.
-// Defines the behavior of "extensions.torbutton.security_custom",
-// "extensions.torbutton.security_slider", and the security-sensitive
-// prefs declared in kSecuritySettings.
-var initialize = function () {
- // Only run once.
- if (initialized) {
- return;
- }
- log(4, "Initializing security-prefs.js");
- initialized = true;
- // When security_custom is set to false, apply security_slider setting
- // to the security-sensitive prefs.
- bindPrefAndInit(kCustomPref, function (custom) {
- if (custom === false) {
- write_setting_to_prefs(getIntPref(kSliderPref));
- }
- });
- // If security_slider is given a new value, then security_custom should
- // be set to false.
- bindPref(kSliderPref, function (prefIndex) {
- setBoolPref(kCustomPref, false);
- write_setting_to_prefs(prefIndex);
- });
- // If a security-sensitive pref changes, then decide if the set of pref values
- // constitutes a security_slider setting or a custom value.
- watch_security_prefs(settingIndex => {
- if (settingIndex === null) {
- setBoolPref(kCustomPref, true);
- } else {
- setIntPref(kSliderPref, settingIndex);
- setBoolPref(kCustomPref, false);
- }
- });
- // Migrate from old medium-low (3) to new medium (2).
- if (getBoolPref("extensions.torbutton.security_custom") === false &&
- getIntPref("extensions.torbutton.security_slider") === 3) {
- setIntPref("extensions.torbutton.security_slider", 2);
- write_setting_to_prefs(2);
- }
-
- // Revert #33613 fix
- if (getIntPref(kSliderMigration, 0) < 2) {
- // We can't differentiate between users having flipped `javascript.enabled`
- // to `false` before it got governed by the security settings vs. those who
- // had it flipped due to #33613. Reset the preference for everyone.
- if (getIntPref(kSliderPref) === 1) {
- setBoolPref("javascript.enabled", true);
- }
- clearUserPref("media.webaudio.enabled");
- setIntPref(kSliderMigration, 2);
- }
- log(4, "security-prefs.js initialization complete");
-};
-
-// Export initialize() function for external use.
-let EXPORTED_SYMBOLS = ["initialize"];
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list