gecko/browser/components/safebrowsing/content/globalstore.js

# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is Google Safe Browsing.
#
# The Initial Developer of the Original Code is Google Inc.
# Portions created by the Initial Developer are Copyright (C) 2006
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#   Fritz Schneider <fritz@google.com> (original author)
#   J. Paul Reed <preed@mozilla.com>
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****


// A class that encapsulates data provider specific values.  The
// root of the provider pref tree is browser.safebrowsing.provider.
// followed by a number, followed by specific properties.  The properties
// that a data provider can supply are:
//
// name: The name of the provider
// keyURL: Before we send URLs in enhanced mode, we need to encrypt them
// reportURL: When shown a warning bubble, we send back the user decision
//            (get me out of here/ignore warning) to this URL (strip cookies
//            first).  This is optional.
// gethashURL: Url for requesting complete hashes from the provider.
// reportGenericURL: HTML page for general user feedback
// reportPhishURL: HTML page for notifying the provider of a new phishing page
// reportErrorURL: HTML page for notifying the provider of a false positive

const kDataProviderIdPref = 'browser.safebrowsing.dataProvider';
const kProviderBasePref = 'browser.safebrowsing.provider.';

#ifdef OFFICIAL_BUILD
const MOZ_OFFICIAL_BUILD = true;
#else
const MOZ_OFFICIAL_BUILD = false;
#endif

const MOZ_PARAM_LOCALE = /\{moz:locale\}/g;
const MOZ_PARAM_CLIENT = /\{moz:client\}/g;
const MOZ_PARAM_BUILDID = /\{moz:buildid\}/g;
const MOZ_PARAM_VERSION = /\{moz:version\}/g;

/**
 * Information regarding the data provider.
 */
function PROT_DataProvider() {
  this.prefs_ = new G_Preferences();

  this.loadDataProviderPrefs_();
  
  // Watch for changes in the data provider and update accordingly.
  this.prefs_.addObserver(kDataProviderIdPref,
                          BindToObject(this.loadDataProviderPrefs_, this));

  // Watch for when anti-phishing is toggled on or off.
  this.prefs_.addObserver(kPhishWardenEnabledPref,
                          BindToObject(this.loadDataProviderPrefs_, this));
}

/**
 * Populate all the provider variables.  We also call this when whenever
 * the provider id changes.
 */
PROT_DataProvider.prototype.loadDataProviderPrefs_ = function() {
  // Currently, there's no UI for changing local list provider so we
  // hard code the value for provider 0.
  this.updateURL_ = this.getUrlPref_(
        'browser.safebrowsing.provider.0.updateURL');

  var id = this.prefs_.getPref(kDataProviderIdPref, null);

  // default to 0
  if (null == id)
    id = 0;
  
  var basePref = kProviderBasePref + id + '.';

  this.name_ = this.prefs_.getPref(basePref + "name", "");

  // Urls used to get data from a provider
  this.keyURL_ = this.getUrlPref_(basePref + "keyURL");
  this.reportURL_ = this.getUrlPref_(basePref + "reportURL");
  this.gethashURL_ = this.getUrlPref_(basePref + "gethashURL");

  // Urls to HTML report pages
  this.reportGenericURL_ = this.getUrlPref_(basePref + "reportGenericURL");
  this.reportErrorURL_ = this.getUrlPref_(basePref + "reportErrorURL");
  this.reportPhishURL_ = this.getUrlPref_(basePref + "reportPhishURL");
  this.reportMalwareURL_ = this.getUrlPref_(basePref + "reportMalwareURL")
  this.reportMalwareErrorURL_ = this.getUrlPref_(basePref + "reportMalwareErrorURL")

  // Propagate the changes to the list-manager.
  this.updateListManager_();
}

/**
 * The list manager needs urls to operate.  It needs a url to know where the
 * table updates are, and it needs a url for decrypting enchash style tables.
 */
PROT_DataProvider.prototype.updateListManager_ = function() {
  var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]
                      .getService(Ci.nsIUrlListManager);

  // If we add support for changing local data providers, we need to add a
  // pref observer that sets the update url accordingly.
  listManager.setUpdateUrl(this.getUpdateURL());

  // setKeyUrl has the side effect of fetching a key from the server.
  // This shouldn't happen if anti-phishing/anti-malware is disabled.
  var isEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, false) ||
                  this.prefs_.getPref(kMalwareWardenEnabledPref, false);
  if (isEnabled) {
    listManager.setKeyUrl(this.keyURL_);
  }

  listManager.setGethashUrl(this.getGethashURL());
}

/**
 * Lookup the value of a URL from prefs file and do parameter substitution.
 */
PROT_DataProvider.prototype.getUrlPref_ = function(prefName) {
  var url = this.prefs_.getPref(prefName);

  var appInfo = Components.classes["@mozilla.org/xre/app-info;1"]
                          .getService(Components.interfaces.nsIXULAppInfo);

  var mozClientStr = this.prefs_.getPref("browser.safebrowsing.clientid",
                                         MOZ_OFFICIAL_BUILD ? 'navclient-auto-ffox' : appInfo.name);

  var versionStr = this.prefs_.getPref("browser.safebrowsing.clientver",
                                       appInfo.version);

  // Parameter substitution
  url = url.replace(MOZ_PARAM_LOCALE, this.getLocale_());
  url = url.replace(MOZ_PARAM_CLIENT, mozClientStr);
  url = url.replace(MOZ_PARAM_BUILDID, appInfo.appBuildID);
  url = url.replace(MOZ_PARAM_VERSION, versionStr);
  return url;
}

/**
 * @return String the browser locale (similar code is in nsSearchService.js)
 */
PROT_DataProvider.prototype.getLocale_ = function() {
  const localePref = "general.useragent.locale";
  var locale = this.getLocalizedPref_(localePref);
  if (locale)
    return locale;

  // Not localized
  var prefs = new G_Preferences();
  return prefs.getPref(localePref, "");
}

/**
 * @return String name of the localized pref, null if none exists.
 */
PROT_DataProvider.prototype.getLocalizedPref_ = function(aPrefName) {
  // G_Preferences doesn't know about complex values, so we use the
  // xpcom object directly.
  var prefs = Cc["@mozilla.org/preferences-service;1"]
              .getService(Ci.nsIPrefBranch);
  try {
    return prefs.getComplexValue(aPrefName, Ci.nsIPrefLocalizedString).data;
  } catch (ex) {
  }
  return "";
}

//////////////////////////////////////////////////////////////////////////////
// Getters for the remote provider pref values mentioned above.
PROT_DataProvider.prototype.getName = function() {
  return this.name_;
}

PROT_DataProvider.prototype.getUpdateURL = function() {
  return this.updateURL_;
}

PROT_DataProvider.prototype.getGethashURL = function() {
  return this.gethashURL_;
}

PROT_DataProvider.prototype.getReportGenericURL = function() {
  return this.reportGenericURL_;
}
PROT_DataProvider.prototype.getReportErrorURL = function() {
  return this.reportErrorURL_;
}
PROT_DataProvider.prototype.getReportPhishURL = function() {
  return this.reportPhishURL_;
}
PROT_DataProvider.prototype.getReportMalwareURL = function() {
  return this.reportMalwareURL_;
}
PROT_DataProvider.prototype.getReportMalwareErrorURL = function() {
  return this.reportMalwareErrorURL_;
}
Bug 338830, Multiple license blocks in safe browsing JS components, Patch by Régis Caspar, r=benjamin 2007-06-18 10:36:49 -07:00			`# *** BEGIN LICENSE BLOCK ***`
			`# Version: MPL 1.1/GPL 2.0/LGPL 2.1`
			`#`
			`# The contents of this file are subject to the Mozilla Public License Version`
			`# 1.1 (the "License"); you may not use this file except in compliance with`
			`# the License. You may obtain a copy of the License at`
			`# http://www.mozilla.org/MPL/`
			`#`
			`# Software distributed under the License is distributed on an "AS IS" basis,`
			`# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License`
			`# for the specific language governing rights and limitations under the`
			`# License.`
			`#`
			`# The Original Code is Google Safe Browsing.`
			`#`
			`# The Initial Developer of the Original Code is Google Inc.`
			`# Portions created by the Initial Developer are Copyright (C) 2006`
			`# the Initial Developer. All Rights Reserved.`
			`#`
			`# Contributor(s):`
			`# Fritz Schneider <fritz@google.com> (original author)`
			`# J. Paul Reed <preed@mozilla.com>`
			`#`
			`# Alternatively, the contents of this file may be used under the terms of`
			`# either the GNU General Public License Version 2 or later (the "GPL"), or`
			`# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),`
			`# in which case the provisions of the GPL or the LGPL are applicable instead`
			`# of those above. If you wish to allow use of your version of this file only`
			`# under the terms of either the GPL or the LGPL, and not to allow others to`
			`# use your version of this file under the terms of the MPL, indicate your`
			`# decision by deleting the provisions above and replace them with the notice`
			`# and other provisions required by the GPL or the LGPL. If you do not delete`
			`# the provisions above, a recipient may use your version of this file under`
			`# the terms of any one of the MPL, the GPL or the LGPL.`
			`#`
			`# *** END LICENSE BLOCK ***`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00

			`// A class that encapsulates data provider specific values. The`
			`// root of the provider pref tree is browser.safebrowsing.provider.`
			`// followed by a number, followed by specific properties. The properties`
			`// that a data provider can supply are:`
			`//`
			`// name: The name of the provider`
			`// keyURL: Before we send URLs in enhanced mode, we need to encrypt them`
			`// reportURL: When shown a warning bubble, we send back the user decision`
			`// (get me out of here/ignore warning) to this URL (strip cookies`
			`// first). This is optional.`
Bug 402611: Deal with changes to the safebrowsing v2 protocol. r=tony, a1.9=beltzner 2008-01-29 12:57:18 -08:00			`// gethashURL: Url for requesting complete hashes from the provider.`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00			`// reportGenericURL: HTML page for general user feedback`
			`// reportPhishURL: HTML page for notifying the provider of a new phishing page`
			`// reportErrorURL: HTML page for notifying the provider of a false positive`

			`const kDataProviderIdPref = 'browser.safebrowsing.dataProvider';`
			`const kProviderBasePref = 'browser.safebrowsing.provider.';`

			`#ifdef OFFICIAL_BUILD`
			`const MOZ_OFFICIAL_BUILD = true;`
			`#else`
			`const MOZ_OFFICIAL_BUILD = false;`
			`#endif`

			`const MOZ_PARAM_LOCALE = /\{moz:locale\}/g;`
			`const MOZ_PARAM_CLIENT = /\{moz:client\}/g;`
			`const MOZ_PARAM_BUILDID = /\{moz:buildid\}/g;`
			`const MOZ_PARAM_VERSION = /\{moz:version\}/g;`

			`/**`
			`* Information regarding the data provider.`
			`*/`
			`function PROT_DataProvider() {`
			`this.prefs_ = new G_Preferences();`

			`this.loadDataProviderPrefs_();`

			`// Watch for changes in the data provider and update accordingly.`
			`this.prefs_.addObserver(kDataProviderIdPref,`
			`BindToObject(this.loadDataProviderPrefs_, this));`

			`// Watch for when anti-phishing is toggled on or off.`
			`this.prefs_.addObserver(kPhishWardenEnabledPref,`
			`BindToObject(this.loadDataProviderPrefs_, this));`
			`}`

			`/**`
			`* Populate all the provider variables. We also call this when whenever`
			`* the provider id changes.`
			`*/`
			`PROT_DataProvider.prototype.loadDataProviderPrefs_ = function() {`
			`// Currently, there's no UI for changing local list provider so we`
			`// hard code the value for provider 0.`
			`this.updateURL_ = this.getUrlPref_(`
			`'browser.safebrowsing.provider.0.updateURL');`

			`var id = this.prefs_.getPref(kDataProviderIdPref, null);`

			`// default to 0`
			`if (null == id)`
			`id = 0;`

			`var basePref = kProviderBasePref + id + '.';`

			`this.name_ = this.prefs_.getPref(basePref + "name", "");`

			`// Urls used to get data from a provider`
			`this.keyURL_ = this.getUrlPref_(basePref + "keyURL");`
			`this.reportURL_ = this.getUrlPref_(basePref + "reportURL");`
Bug 402611: Deal with changes to the safebrowsing v2 protocol. r=tony, a1.9=beltzner 2008-01-29 12:57:18 -08:00			`this.gethashURL_ = this.getUrlPref_(basePref + "gethashURL");`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
			`// Urls to HTML report pages`
			`this.reportGenericURL_ = this.getUrlPref_(basePref + "reportGenericURL");`
			`this.reportErrorURL_ = this.getUrlPref_(basePref + "reportErrorURL");`
			`this.reportPhishURL_ = this.getUrlPref_(basePref + "reportPhishURL");`
Add escape & appeal buttons to phishing/malware clickthrough bar. r=gavin r=tony ui-r=beltzner b=441624 2008-10-27 12:36:46 -07:00			`this.reportMalwareURL_ = this.getUrlPref_(basePref + "reportMalwareURL")`
			`this.reportMalwareErrorURL_ = this.getUrlPref_(basePref + "reportMalwareErrorURL")`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
			`// Propagate the changes to the list-manager.`
			`this.updateListManager_();`
			`}`

			`/**`
			`* The list manager needs urls to operate. It needs a url to know where the`
			`* table updates are, and it needs a url for decrypting enchash style tables.`
			`*/`
			`PROT_DataProvider.prototype.updateListManager_ = function() {`
			`var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]`
			`.getService(Ci.nsIUrlListManager);`

			`// If we add support for changing local data providers, we need to add a`
			`// pref observer that sets the update url accordingly.`
			`listManager.setUpdateUrl(this.getUpdateURL());`

			`// setKeyUrl has the side effect of fetching a key from the server.`
Bug 360387: Verify HMAC of safebrowsing updates. r=tony, blocking-firefox3=beltzner 2008-02-27 00:51:02 -08:00			`// This shouldn't happen if anti-phishing/anti-malware is disabled.`
			`var isEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, false) \|\|`
			`this.prefs_.getPref(kMalwareWardenEnabledPref, false);`
			`if (isEnabled) {`
			`listManager.setKeyUrl(this.keyURL_);`
			`}`

Bug 402611: Deal with changes to the safebrowsing v2 protocol. r=tony, a1.9=beltzner 2008-01-29 12:57:18 -08:00			`listManager.setGethashUrl(this.getGethashURL());`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00			`}`

			`/**`
			`* Lookup the value of a URL from prefs file and do parameter substitution.`
			`*/`
			`PROT_DataProvider.prototype.getUrlPref_ = function(prefName) {`
			`var url = this.prefs_.getPref(prefName);`

			`var appInfo = Components.classes["@mozilla.org/xre/app-info;1"]`
			`.getService(Components.interfaces.nsIXULAppInfo);`

Bug 429755: Apply some random fuzz to safebrowsing backoff intervals. r=tony, a=beltzner 2008-04-23 09:57:55 -07:00			`var mozClientStr = this.prefs_.getPref("browser.safebrowsing.clientid",`
			`MOZ_OFFICIAL_BUILD ? 'navclient-auto-ffox' : appInfo.name);`

			`var versionStr = this.prefs_.getPref("browser.safebrowsing.clientver",`
			`appInfo.version);`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
			`// Parameter substitution`
			`url = url.replace(MOZ_PARAM_LOCALE, this.getLocale_());`
			`url = url.replace(MOZ_PARAM_CLIENT, mozClientStr);`
			`url = url.replace(MOZ_PARAM_BUILDID, appInfo.appBuildID);`
Bug 429755: Apply some random fuzz to safebrowsing backoff intervals. r=tony, a=beltzner 2008-04-23 09:57:55 -07:00			`url = url.replace(MOZ_PARAM_VERSION, versionStr);`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00			`return url;`
			`}`

			`/**`
			`* @return String the browser locale (similar code is in nsSearchService.js)`
			`*/`
			`PROT_DataProvider.prototype.getLocale_ = function() {`
			`const localePref = "general.useragent.locale";`
			`var locale = this.getLocalizedPref_(localePref);`
			`if (locale)`
			`return locale;`

			`// Not localized`
			`var prefs = new G_Preferences();`
			`return prefs.getPref(localePref, "");`
			`}`

			`/**`
			`* @return String name of the localized pref, null if none exists.`
			`*/`
			`PROT_DataProvider.prototype.getLocalizedPref_ = function(aPrefName) {`
			`// G_Preferences doesn't know about complex values, so we use the`
			`// xpcom object directly.`
			`var prefs = Cc["@mozilla.org/preferences-service;1"]`
			`.getService(Ci.nsIPrefBranch);`
			`try {`
			`return prefs.getComplexValue(aPrefName, Ci.nsIPrefLocalizedString).data;`
			`} catch (ex) {`
			`}`
			`return "";`
			`}`

			`//////////////////////////////////////////////////////////////////////////////`
			`// Getters for the remote provider pref values mentioned above.`
			`PROT_DataProvider.prototype.getName = function() {`
			`return this.name_;`
			`}`

			`PROT_DataProvider.prototype.getUpdateURL = function() {`
			`return this.updateURL_;`
			`}`

Bug 402611: Deal with changes to the safebrowsing v2 protocol. r=tony, a1.9=beltzner 2008-01-29 12:57:18 -08:00			`PROT_DataProvider.prototype.getGethashURL = function() {`
			`return this.gethashURL_;`
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00			`}`

			`PROT_DataProvider.prototype.getReportGenericURL = function() {`
			`return this.reportGenericURL_;`
			`}`
			`PROT_DataProvider.prototype.getReportErrorURL = function() {`
			`return this.reportErrorURL_;`
			`}`
			`PROT_DataProvider.prototype.getReportPhishURL = function() {`
			`return this.reportPhishURL_;`
			`}`
Add escape & appeal buttons to phishing/malware clickthrough bar. r=gavin r=tony ui-r=beltzner b=441624 2008-10-27 12:36:46 -07:00			`PROT_DataProvider.prototype.getReportMalwareURL = function() {`
			`return this.reportMalwareURL_;`
			`}`
			`PROT_DataProvider.prototype.getReportMalwareErrorURL = function() {`
			`return this.reportMalwareErrorURL_;`
			`}`