[tor-commits] [torbutton] branch main updated: Bug 40925: Moved Security Level to tor-browser.git

gitolite role git at cupani.torproject.org
Fri Jul 15 18:58:16 UTC 2022


This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main
in repository torbutton.

The following commit(s) were added to refs/heads/main by this push:
     new 6f84627d Bug 40925: Moved Security Level to tor-browser.git
6f84627d is described below

commit 6f84627dd470f0eade9e1ba51b81458687263c34
Author: Pier Angelo Vendrame <pierov at torproject.org>
AuthorDate: Mon Jul 11 15:50:56 2022 +0200

    Bug 40925: Moved Security Level to tor-browser.git
---
 components/startup-observer.js |   8 --
 modules/noscript-control.js    | 214 -----------------------------------------
 modules/security-prefs.js      | 150 -----------------------------
 3 files changed, 372 deletions(-)

diff --git a/components/startup-observer.js b/components/startup-observer.js
index f9697987..164c9219 100644
--- a/components/startup-observer.js
+++ b/components/startup-observer.js
@@ -25,9 +25,6 @@ XPCOMUtils.defineLazyModuleGetters(this, {
   L10nRegistry: "resource://gre/modules/L10nRegistry.jsm",
 });
 
-let NoScriptControl = ChromeUtils.import("resource://torbutton/modules/noscript-control.js", {});
-let SecurityPrefs = ChromeUtils.import("resource://torbutton/modules/security-prefs.js", {});
-
 // Module specific constants
 const kMODULE_NAME = "Startup";
 const kMODULE_CONTRACTID = "@torproject.org/startup-observer;1";
@@ -193,11 +190,6 @@ StartupObserver.prototype = {
         // but only for hackish reasons.
         this._prefs.setBoolPref("extensions.torbutton.startup", true);
 
-        // We need to listen for NoScript before it starts.
-        NoScriptControl.initialize();
-
-        SecurityPrefs.initialize();
-
         this.setProxySettings();
       }
 
diff --git a/modules/noscript-control.js b/modules/noscript-control.js
deleted file mode 100644
index ea735377..00000000
--- a/modules/noscript-control.js
+++ /dev/null
@@ -1,214 +0,0 @@
-// # NoScript settings control (for binding to Security Slider)
-
-// ## Utilities
-
-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm", {});
-const { bindPref } =
-      ChromeUtils.import("resource://torbutton/modules/utils.js", {});
-
-const { ExtensionUtils } = ChromeUtils.import("resource://gre/modules/ExtensionUtils.jsm");
-const { MessageChannel } = ChromeUtils.import("resource://gre/modules/MessageChannel.jsm");
-
-const { XPCOMUtils } = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
-
-XPCOMUtils.defineLazyModuleGetters(this, {
-  ExtensionParent: "resource://gre/modules/ExtensionParent.jsm",
-});
-
-async function waitForExtensionMessage(extensionId, checker = () => {}) {
-  const { torWaitForExtensionMessage } = ExtensionParent;
-  if (torWaitForExtensionMessage) {
-    return torWaitForExtensionMessage(extensionId, checker);
-  }
-
-  // Old messaging <= 78
-  return new Promise(resolve => {
-    const listener = ({ data }) => {
-      for (const msg of data) {
-        if (msg.recipient.extensionId === extensionId) {
-          const deserialized = msg.data.deserialize({});
-          if (checker(deserialized)) {
-            Services.mm.removeMessageListener(
-              "MessageChannel:Messages",
-              listener
-            );
-            resolve(deserialized);
-          }
-        }
-      }
-    };
-    Services.mm.addMessageListener("MessageChannel:Messages", listener);
-  });
-}
-
-async function sendExtensionMessage(extensionId, message) {
-  const { torSendExtensionMessage } = ExtensionParent;
-  if (torSendExtensionMessage) {
-    return torSendExtensionMessage(extensionId, message);
-  }
-
-  // Old messaging <= 78
-  Services.cpmm.sendAsyncMessage("MessageChannel:Messages", [
-    {
-      messageName: "Extension:Message",
-      sender: { id: extensionId, extensionId },
-      recipient: { extensionId },
-      data: new StructuredCloneHolder(message),
-      channelId: ExtensionUtils.getUniqueId(),
-      responseType: MessageChannel.RESPONSE_NONE,
-    },
-  ]);
-  return undefined;
-}
-
-let logger = Cc["@torproject.org/torbutton-logger;1"]
-    .getService(Ci.nsISupports).wrappedJSObject;
-let log = (level, msg) => logger.log(level, msg);
-
-// ## NoScript settings
-
-// Minimum and maximum capability states as controlled by NoScript.
-const max_caps = ["fetch", "font", "frame", "media", "object", "other", "script", "webgl", "noscript"];
-const min_caps = ["frame", "other", "noscript"];
-
-// Untrusted capabilities for [Standard, Safer, Safest] safety levels.
-const untrusted_caps = [
-  max_caps, // standard safety: neither http nor https
-  ["frame", "font", "object", "other", "noscript"], // safer: http
-  min_caps, // safest: neither http nor https
-];
-
-// Default capabilities for [Standard, Safer, Safest] safety levels.
-const default_caps = [
-  max_caps, // standard: both http and https
-  ["fetch", "font", "frame", "object", "other", "script", "noscript"], // safer: https only
-  min_caps, // safest: both http and https
-];
-
-// __noscriptSettings(safetyLevel)__.
-// Produces NoScript settings with policy according to
-// the safetyLevel which can be:
-// 0 = Standard, 1 = Safer, 2 = Safest
-//
-// At the "Standard" safety level, we leave all sites at
-// default with maximal capabilities. Essentially no content
-// is blocked.
-//
-// At "Safer", we set all http sites to untrusted,
-// and all https sites to default. Scripts are only permitted
-// on https sites. Neither type of site is supposed to allow
-// media, but both allow fonts (as we used in legacy NoScript).
-//
-// At "Safest", all sites are at default with minimal
-// capabilities. Most things are blocked.
-let noscriptSettings = safetyLevel => (
-  {
-    "__meta": {
-      "name": "updateSettings",
-      "recipientInfo": null
-    },
-    "policy": {
-      "DEFAULT": {
-        "capabilities": default_caps[safetyLevel],
-        "temp": false
-      },
-      "TRUSTED": {
-        "capabilities": max_caps,
-        "temp": false
-      },
-      "UNTRUSTED": {
-        "capabilities": untrusted_caps[safetyLevel],
-        "temp": false
-      },
-      "sites": {
-        "trusted": [],
-        "untrusted": [[], ["http:"], []][safetyLevel],
-        "custom": {},
-        "temp": []
-      },
-      "enforced": true,
-      "autoAllowTop": false
-    },
-   "isTorBrowser": true,
-   "tabId": -1
-  });
-
-// ## Communications
-
-// The extension ID for NoScript (WebExtension)
-const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
-
-// Ensure binding only occurs once.
-let initialized = false;
-
-// __initialize()__.
-// The main function that binds the NoScript settings to the security
-// slider pref state.
-var initialize = () => {
-  if (initialized) {
-    return;
-  }
-  initialized = true;
-
-  try {
-    // LegacyExtensionContext is not there anymore. Using raw
-    // Services.cpmm.sendAsyncMessage mechanism to communicate with
-    // NoScript.
-
-    // The component that handles WebExtensions' sendMessage.
-
-    // __setNoScriptSettings(settings)__.
-    // NoScript listens for internal settings with onMessage. We can send
-    // a new settings JSON object according to NoScript's
-    // protocol and these are accepted! See the use of
-    // `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js.
-
-    // TODO: Is there a better way?
-    let sendNoScriptSettings = settings =>
-      sendExtensionMessage(noscriptID, settings);
-
-    // __setNoScriptSafetyLevel(safetyLevel)__.
-    // Set NoScript settings according to a particular safety level
-    // (security slider level): 0 = Standard, 1 = Safer, 2 = Safest
-    let setNoScriptSafetyLevel = safetyLevel =>
-      sendNoScriptSettings(noscriptSettings(safetyLevel));
-
-    // __securitySliderToSafetyLevel(sliderState)__.
-    // Converts the "extensions.torbutton.security_slider" pref value
-    // to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest
-    let securitySliderToSafetyLevel = sliderState =>
-        [undefined, 2, 1, 1, 0][sliderState];
-
-    // Wait for the first message from NoScript to arrive, and then
-    // bind the security_slider pref to the NoScript settings.
-    let messageListener = a => {
-      try {
-        log(3, `Message received from NoScript: ${JSON.stringify([a])}`);
-        let noscriptPersist = Services.prefs.getBoolPref("extensions.torbutton.noscript_persist", false);
-        let noscriptInited = Services.prefs.getBoolPref("extensions.torbutton.noscript_inited", false);
-        // Set the noscript safety level once if we have never run noscript
-        // before, or if we are not allowing noscript per-site settings to be
-        // persisted between browser sessions. Otherwise make sure that the
-        // security slider position, if changed, will rewrite the noscript
-        // settings.
-        bindPref("extensions.torbutton.security_slider",
-                 sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState)),
-                 !noscriptPersist || !noscriptInited);
-        if (!noscriptInited) {
-          Services.prefs.setBoolPref("extensions.torbutton.noscript_inited", true);
-        }
-      } catch (e) {
-        log(5, e.message);
-      }
-    };
-    waitForExtensionMessage(noscriptID, a => a.__meta.name === "started").then(
-      messageListener
-    );
-    log(3, "Listening for message from NoScript.");
-  } catch (e) {
-    log(5, e.message);
-  }
-};
-
-// Export initialize() function for external use.
-let EXPORTED_SYMBOLS = ["initialize"];
diff --git a/modules/security-prefs.js b/modules/security-prefs.js
deleted file mode 100644
index c41458fa..00000000
--- a/modules/security-prefs.js
+++ /dev/null
@@ -1,150 +0,0 @@
-// # Security Settings prefs (as controlled by the Security Slider)
-
-// ### Utilities
-
-let { getBoolPref, setBoolPref, getIntPref, setIntPref, clearUserPref } =
-    ChromeUtils.import("resource://gre/modules/Services.jsm", {}).Services.prefs;
-let { bindPref, bindPrefAndInit } =
-    ChromeUtils.import("resource://torbutton/modules/utils.js", {});
-let logger = Cc["@torproject.org/torbutton-logger;1"]
-    .getService(Ci.nsISupports).wrappedJSObject;
-let log = (level, msg) => logger.log(level, msg);
-
-// ### Constants
-
-// __kSecuritySettings__.
-// A table of all prefs bound to the security slider, and the value
-// for each security setting. Note that 2-m and 3-m are identical,
-// corresponding to the old 2-medium-high setting. We also separately
-// bind NoScript settings to the extensions.torbutton.security_slider
-// (see noscript-control.js).
-const kSecuritySettings = {
-  // Preference name :                                          [0, 1-high 2-m    3-m    4-low]
-  "javascript.options.ion" :                                    [,  false, false, false, true ],
-  "javascript.options.baselinejit" :                            [,  false, false, false, true ],
-  "javascript.options.native_regexp" :                          [,  false, false, false, true ],
-  "mathml.disabled" :                                           [,  true,  true,  true,  false],
-  "gfx.font_rendering.graphite.enabled" :                       [,  false, false, false, true ],
-  "gfx.font_rendering.opentype_svg.enabled" :                   [,  false, false, false, true ],
-  "svg.disabled" :                                              [,  true,  false, false, false],
-  "javascript.options.asmjs" :                                  [,  false, false, false, true ],
-  "javascript.options.wasm" :                                   [,  false, false, false, true ],
-  "dom.security.https_only_mode_send_http_background_request" : [,  false, false, false, true ],
-};
-
-// The Security Settings prefs in question.
-const kSliderPref = "extensions.torbutton.security_slider";
-const kCustomPref = "extensions.torbutton.security_custom";
-const kSliderMigration = "extensions.torbutton.security_slider_migration";
-
-// ### Prefs
-
-// __write_setting_to_prefs(settingIndex)__.
-// Take a given setting index and write the appropriate pref values
-// to the pref database.
-var write_setting_to_prefs = function (settingIndex) {
-  Object.keys(kSecuritySettings).forEach(
-    prefName => setBoolPref(
-      prefName, kSecuritySettings[prefName][settingIndex]));
-};
-
-// __read_setting_from_prefs()__.
-// Read the current pref values, and decide if any of our
-// security settings matches. Otherwise return null.
-var read_setting_from_prefs = function (prefNames) {
-  prefNames = prefNames || Object.keys(kSecuritySettings);
-  for (let settingIndex of [1, 2, 3, 4]) {
-    let possibleSetting = true;
-    // For the given settingIndex, check if all current pref values
-    // match the setting.
-    for (let prefName of prefNames) {
-      if (kSecuritySettings[prefName][settingIndex] !==
-          getBoolPref(prefName)) {
-        possibleSetting = false;
-      }
-    }
-    if (possibleSetting) {
-      // We have a match!
-      return settingIndex;
-    }
-  }
-  // No matching setting; return null.
-  return null;
-};
-
-// __watch_security_prefs(onSettingChanged)__.
-// Whenever a pref bound to the security slider changes, onSettingChanged
-// is called with the new security setting value (1,2,3,4 or null).
-// Returns a zero-arg function that ends this binding.
-var watch_security_prefs = function (onSettingChanged) {
-  let prefNames = Object.keys(kSecuritySettings);
-  let unbindFuncs = [];
-  for (let prefName of prefNames) {
-    unbindFuncs.push(bindPrefAndInit(
-      prefName, () => onSettingChanged(read_setting_from_prefs())));
-  }
-  // Call all the unbind functions.
-  return () => unbindFuncs.forEach(unbind => unbind());
-};
-
-// __initialized__.
-// Have we called initialize() yet?
-var initialized = false;
-
-// __initialize()__.
-// Defines the behavior of "extensions.torbutton.security_custom",
-// "extensions.torbutton.security_slider", and the security-sensitive
-// prefs declared in kSecuritySettings.
-var initialize = function () {
-  // Only run once.
-  if (initialized) {
-    return;
-  }
-  log(4, "Initializing security-prefs.js");
-  initialized = true;
-  // When security_custom is set to false, apply security_slider setting
-  // to the security-sensitive prefs.
-  bindPrefAndInit(kCustomPref, function (custom) {
-    if (custom === false) {
-      write_setting_to_prefs(getIntPref(kSliderPref));
-    }
-  });
-  // If security_slider is given a new value, then security_custom should
-  // be set to false.
-  bindPref(kSliderPref, function (prefIndex) {
-    setBoolPref(kCustomPref, false);
-    write_setting_to_prefs(prefIndex);
-  });
-  // If a security-sensitive pref changes, then decide if the set of pref values
-  // constitutes a security_slider setting or a custom value.
-  watch_security_prefs(settingIndex => {
-    if (settingIndex === null) {
-      setBoolPref(kCustomPref, true);
-    } else {
-      setIntPref(kSliderPref, settingIndex);
-      setBoolPref(kCustomPref, false);
-    }
-  });
-  // Migrate from old medium-low (3) to new medium (2).
-  if (getBoolPref("extensions.torbutton.security_custom") === false &&
-      getIntPref("extensions.torbutton.security_slider") === 3) {
-    setIntPref("extensions.torbutton.security_slider", 2);
-    write_setting_to_prefs(2);
-  }
-
-  // Revert #33613 fix
-  if (getIntPref(kSliderMigration, 0) < 2) {
-    // We can't differentiate between users having flipped `javascript.enabled`
-    // to `false` before it got governed by the security settings vs. those who
-    // had it flipped due to #33613. Reset the preference for everyone.
-    if (getIntPref(kSliderPref) === 1) {
-      setBoolPref("javascript.enabled", true);
-    }
-    clearUserPref("media.webaudio.enabled");
-    setIntPref(kSliderMigration, 2);
-  }
-  log(4, "security-prefs.js initialization complete");
-};
-
-// Export initialize() function for external use.
-let EXPORTED_SYMBOLS = ["initialize"];

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tor-commits mailing list