Bug 1147212 - Add support for goog-unwanted-shavar. r=gcp,r=matej,r=smaug

This commit is contained in:
Francois Marier 2015-04-22 21:01:37 +12:00
parent 407c282220
commit 29cbc60a12
37 changed files with 332 additions and 112 deletions

View File

@ -30,6 +30,7 @@ externalProtocolUnknown=<Unknown>
externalProtocolChkMsg=Remember my choice for all links of this type.
externalProtocolLaunchBtn=Launch application
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

View File

@ -374,6 +374,7 @@
<h1 id="et_nssFailure2">&nssFailure2.title;</h1>
<h1 id="et_nssBadCert">&nssBadCert.title;</h1>
<h1 id="et_malwareBlocked">&malwareBlocked.title;</h1>
<h1 id="et_unwantedBlocked">&unwantedBlocked.title;</h1>
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
<h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
@ -401,6 +402,7 @@
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
<div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
<div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
<div id="ed_unwantedBlocked">&unwantedBlocked.longDesc;</div>
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
<div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>

View File

@ -79,6 +79,9 @@
case "phishingBlocked" :
initPage_phishing();
break;
case "unwantedBlocked" :
initPage_unwanted();
break;
}
}
@ -87,7 +90,7 @@
*/
function initPage_malware()
{
// Remove phishing strings
// Remove phishing and unwanted strings
var el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
@ -97,18 +100,57 @@
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_unwanted");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("malware_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_malware")
.innerHTML;
}
/**
* Initialize custom strings and functionality for blocked malware case
*/
function initPage_unwanted()
{
// Remove phishing and malware strings
var el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("unwanted_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_unwanted")
.innerHTML;
}
/**
* Initialize custom strings and functionality for blocked phishing case
*/
function initPage_phishing()
{
// Remove malware strings
// Remove malware and unwanted strings
var el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
@ -118,6 +160,15 @@
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_unwanted");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("phishing_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_phishing")
@ -161,6 +212,7 @@
<div id="errorTitle">
<h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title;</h1>
<h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
<h1 id="errorTitleText_unwanted">&safeb.blocked.unwantedPage.title;</h1>
</div>
<div id="errorLongContent">
@ -169,12 +221,14 @@
<div id="errorShortDesc">
<p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc;</p>
<p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
<p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
</div>
<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc;</p>
<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
<p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
</div>
<!-- Action buttons -->

View File

@ -2659,7 +2659,7 @@ let BrowserOnClick = {
msg.data.sslStatusAsString);
break;
case "Browser:SiteBlockedError":
this.onAboutBlocked(msg.data.elementId, msg.data.isMalware,
this.onAboutBlocked(msg.data.elementId, msg.data.reason,
msg.data.isTopFrame, msg.data.location);
break;
case "Browser:EnableOnlineMode":
@ -2843,10 +2843,15 @@ let BrowserOnClick = {
}
},
onAboutBlocked: function (elementId, isMalware, isTopFrame, location) {
// Depending on what page we are displaying here (malware/phishing)
onAboutBlocked: function (elementId, reason, isTopFrame, location) {
// Depending on what page we are displaying here (malware/phishing/unwanted)
// use the right strings and links for each.
let bucketName = isMalware ? "WARNING_MALWARE_PAGE_":"WARNING_PHISHING_PAGE_";
let bucketName = "WARNING_PHISHING_PAGE_";
if (reason === 'malware') {
bucketName = "WARNING_MALWARE_PAGE_";
} else if (reason === 'unwanted') {
bucketName = "WARNING_UNWANTED_PAGE_";
}
let secHistogram = Services.telemetry.getHistogramById("SECURITY_UI");
let nsISecTel = Ci.nsISecurityUITelemetry;
bucketName += isTopFrame ? "TOP_" : "FRAME_";
@ -2857,33 +2862,19 @@ let BrowserOnClick = {
break;
case "reportButton":
// This is the "Why is this site blocked" button. For malware,
// we can fetch a site-specific report, for phishing, we redirect
// to the generic page describing phishing protection.
// This is the "Why is this site blocked" button. We redirect
// to the generic page describing phishing/malware protection.
// We log even if malware/phishing info URL couldn't be found:
// We log even if malware/phishing/unwanted info URL couldn't be found:
// the measurement is for how many users clicked the WHY BLOCKED button
secHistogram.add(nsISecTel[bucketName + "WHY_BLOCKED"]);
if (isMalware) {
// Get the stop badware "why is this blocked" report url,
// append the current url, and go there.
try {
let reportURL = formatURL("browser.safebrowsing.malware.reportURL", true);
reportURL += location;
gBrowser.loadURI(reportURL);
} catch (e) {
Components.utils.reportError("Couldn't get malware report URL: " + e);
}
}
else { // It's a phishing site, not malware
openHelpLink("phishing-malware", false, "current");
}
openHelpLink("phishing-malware", false, "current");
break;
case "ignoreWarningButton":
secHistogram.add(nsISecTel[bucketName + "IGNORE_WARNING"]);
this.ignoreWarningButton(isMalware);
this.ignoreWarningButton(reason);
break;
}
},
@ -2910,7 +2901,7 @@ let BrowserOnClick = {
}
},
ignoreWarningButton: function (isMalware) {
ignoreWarningButton: function (reason) {
// Allow users to override and continue through to the site,
// but add a notify bar as a reminder, so that they don't lose
// track after, e.g., tab switching.
@ -2929,7 +2920,7 @@ let BrowserOnClick = {
}];
let title;
if (isMalware) {
if (reason === 'malware') {
title = gNavigatorBundle.getString("safebrowsing.reportedAttackSite");
buttons[1] = {
label: gNavigatorBundle.getString("safebrowsing.notAnAttackButton.label"),
@ -2938,7 +2929,7 @@ let BrowserOnClick = {
openUILinkIn(gSafeBrowsing.getReportURL('MalwareError'), 'tab');
}
};
} else {
} else if (reason === 'phishing') {
title = gNavigatorBundle.getString("safebrowsing.reportedWebForgery");
buttons[1] = {
label: gNavigatorBundle.getString("safebrowsing.notAForgeryButton.label"),
@ -2947,6 +2938,10 @@ let BrowserOnClick = {
openUILinkIn(gSafeBrowsing.getReportURL('Error'), 'tab');
}
};
} else if (reason === 'unwanted') {
title = gNavigatorBundle.getString("safebrowsing.reportedUnwantedSite");
// There is no button for reporting errors since Google doesn't currently
// provide a URL endpoint for these reports.
}
let notificationBox = gBrowser.getNotificationBox();

View File

@ -384,9 +384,15 @@ let ClickEventHandler = {
},
onAboutBlocked: function (targetElement, ownerDoc) {
var reason = 'phishing';
if (/e=malwareBlocked/.test(ownerDoc.documentURI)) {
reason = 'malware';
} else if (/e=unwantedBlocked/.test(ownerDoc.documentURI)) {
reason = 'unwanted';
}
sendAsyncMessage("Browser:SiteBlockedError", {
location: ownerDoc.location.href,
isMalware: /e=malwareBlocked/.test(ownerDoc.documentURI),
reason: reason,
elementId: targetElement.getAttribute("id"),
isTopFrame: (ownerDoc.defaultView.parent === ownerDoc.defaultView)
});

View File

@ -34,6 +34,25 @@ function testMalware(event) {
var style = content.getComputedStyle(el, null);
is(style.display, "inline-block", "Ignore Warning button should be display:inline-block for malware");
// Now launch the unwanted software test
window.addEventListener("DOMContentLoaded", testUnwanted, true);
content.location = "http://www.itisatrap.org/firefox/unwanted.html";
}
function testUnwanted(event) {
if (event.target != gBrowser.selectedBrowser.contentDocument) {
return;
}
window.removeEventListener("DOMContentLoaded", testUnwanted, true);
// Confirm that "Ignore this warning" is visible - bug 422410
var el = content.document.getElementById("ignoreWarningButton");
ok(el, "Ignore warning button should be present for unwanted software");
var style = content.getComputedStyle(el, null);
is(style.display, "inline-block", "Ignore Warning button should be display:inline-block for unwanted software");
// Now launch the phishing test
window.addEventListener("DOMContentLoaded", testPhishing, true);
content.location = "http://www.itisatrap.org/firefox/its-a-trap.html";

View File

@ -1,5 +1,5 @@
// Force SafeBrowsing to be initialized for the tests
Services.prefs.setCharPref("urlclassifier.malwareTable", "test-malware-simple");
Services.prefs.setCharPref("urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple");
Services.prefs.setCharPref("urlclassifier.phishTable", "test-phish-simple");
SafeBrowsing.init();

View File

@ -398,6 +398,7 @@ safebrowsing.notAForgeryButton.accessKey=F
safebrowsing.reportedAttackSite=Reported Attack Site!
safebrowsing.notAnAttackButton.label=This isn't an attack site…
safebrowsing.notAnAttackButton.accessKey=A
safebrowsing.reportedUnwantedSite=Reported Unwanted Software Site!
# Ctrl-Tab
# LOCALIZATION NOTE (ctrlTab.listAllTabs.label): #1 represents the number

View File

@ -12,6 +12,11 @@
<!ENTITY safeb.blocked.malwarePage.shortDesc "This web page at <span id='malware_sitename'/> has been reported as an attack page and has been blocked based on your security preferences.">
<!ENTITY safeb.blocked.malwarePage.longDesc "<p>Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.</p><p>Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.</p>">
<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Page!">
<!-- Localization note (safeb.blocked.malware.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
<!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences.">
<!ENTITY safeb.blocked.unwantedPage.longDesc "<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>">
<!ENTITY safeb.blocked.phishingPage.title "Reported Web Forgery!">
<!-- Localization note (safeb.blocked.phishing.shortDesc) - Please don't translate the contents of the <span id="phishing_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
<!ENTITY safeb.blocked.phishingPage.shortDesc "This web page at <span id='phishing_sitename'/> has been reported as a web forgery and has been blocked based on your security preferences.">

View File

@ -30,6 +30,7 @@ externalProtocolUnknown=<Unknown>
externalProtocolChkMsg=Remember my choice for all links of this type.
externalProtocolLaunchBtn=Launch application
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

View File

@ -164,6 +164,11 @@ be temporary, and you can try again later.</li>
<p>Website owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
">
<!ENTITY unwantedBlocked.title "Suspected Unwanted Software Site!">
<!ENTITY unwantedBlocked.longDesc "
<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>
">
<!ENTITY phishingBlocked.title "Suspected Web Forgery!">
<!ENTITY phishingBlocked.longDesc "
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>

View File

@ -341,20 +341,15 @@ let Content = {
}
} else if (/^about:blocked/.test(errorDoc.documentURI)) {
// The event came from a button on a malware/phishing block page
// First check whether it's malware or phishing, so that we can
// use the right strings/links.
let isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
if (ot == errorDoc.getElementById("getMeOutButton")) {
sendAsyncMessage("Browser:BlockedSite",
{ url: errorDoc.location.href, action: "leave" });
} else if (ot == errorDoc.getElementById("reportButton")) {
// This is the "Why is this site blocked" button. For malware,
// we can fetch a site-specific report, for phishing, we redirect
// to the generic page describing phishing protection.
let action = isMalware ? "report-malware" : "report-phishing";
// This is the "Why is this site blocked" button. We redirect
// to the generic page describing phishing/malware protection.
sendAsyncMessage("Browser:BlockedSite",
{ url: errorDoc.location.href, action: action });
{ url: errorDoc.location.href, action: "report-phishing" });
} else if (ot == errorDoc.getElementById("ignoreWarningButton")) {
// Allow users to override and continue through to the site,
// but add a notify bar as a reminder, so that they don't lose

View File

@ -5087,7 +5087,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
}
}
} else if (NS_ERROR_PHISHING_URI == aError ||
NS_ERROR_MALWARE_URI == aError) {
NS_ERROR_MALWARE_URI == aError ||
NS_ERROR_UNWANTED_URI == aError) {
nsAutoCString host;
aURI->GetHost(host);
CopyUTF8toUTF16(host, formatStrs[0]);
@ -5106,14 +5107,19 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
error.AssignLiteral("phishingBlocked");
bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_PHISHING_PAGE_FRAME
: nsISecurityUITelemetry::WARNING_PHISHING_PAGE_TOP;
} else {
} else if (NS_ERROR_MALWARE_URI == aError) {
error.AssignLiteral("malwareBlocked");
bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_MALWARE_PAGE_FRAME
: nsISecurityUITelemetry::WARNING_MALWARE_PAGE_TOP;
} else {
error.AssignLiteral("unwantedBlocked");
bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_FRAME
: nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_TOP;
}
if (errorPage.EqualsIgnoreCase("blocked"))
if (errorPage.EqualsIgnoreCase("blocked")) {
Telemetry::Accumulate(Telemetry::SECURITY_UI, bucketId);
}
cssClass.AssignLiteral("blacklist");
} else if (NS_ERROR_CONTENT_CRASHED == aError) {
@ -7824,6 +7830,7 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
aStatus == NS_ERROR_OFFLINE ||
aStatus == NS_ERROR_MALWARE_URI ||
aStatus == NS_ERROR_PHISHING_URI ||
aStatus == NS_ERROR_UNWANTED_URI ||
aStatus == NS_ERROR_UNSAFE_CONTENT_TYPE ||
aStatus == NS_ERROR_REMOTE_XUL ||
aStatus == NS_ERROR_OFFLINE ||

View File

@ -291,6 +291,7 @@
<h1 id="et_nssFailure2">&nssFailure2.title;</h1>
<h1 id="et_nssBadCert">&nssBadCert.title;</h1>
<h1 id="et_malwareBlocked">&malwareBlocked.title;</h1>
<h1 id="et_unwantedBlocked">&unwantedBlocked.title;</h1>
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
<h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
@ -317,6 +318,7 @@
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
<div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
<div id="ed_malwareBlocked">&malwareBlocked.longDesc;</div>
<div id="ed_unwantedBlocked">&unwantedBlocked.longDesc;</div>
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
<div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>

View File

@ -1292,6 +1292,9 @@ BrowserElementChild.prototype = {
case Cr.NS_ERROR_MALWARE_URI :
sendAsyncMsg('error', { type: 'malwareBlocked' });
return;
case Cr.NS_ERROR_UNWANTED_URI :
sendAsyncMsg('error', { type: 'unwantedBlocked' });
return;
case Cr.NS_ERROR_OFFLINE :
sendAsyncMsg('error', { type: 'offline' });

View File

@ -29,6 +29,7 @@ externalProtocolUnknown=<Unknown>
externalProtocolChkMsg=Remember my choice for all links of this type.
externalProtocolLaunchBtn=Launch application
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.

View File

@ -81,6 +81,11 @@
<p>Website owners who believe their site has been reported as an attack site in error may <a href='http://www.stopbadware.org/home/reviewinfo' >request a review</a>.</p>
">
<!ENTITY unwantedBlocked.title "Suspected Unwanted Software Site!">
<!ENTITY unwantedBlocked.longDesc "
<p>Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.</p>
">
<!ENTITY phishingBlocked.title "Suspected Web Forgery!">
<!ENTITY phishingBlocked.longDesc "
<p>Entering any personal information on this page may result in identity theft or other fraud.</p>

View File

@ -80,6 +80,9 @@
case "phishingBlocked" :
initPage_phishing();
break;
case "unwantedBlocked" :
initPage_unwanted();
break;
}
}
@ -88,15 +91,21 @@
*/
function initPage_malware()
{
// Remove phishing strings
// Remove phishing/unwanted strings
var el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_unwanted");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("malware_sitename").textContent = getHostString();
@ -109,19 +118,53 @@
*/
function initPage_phishing()
{
// Remove malware strings
// Remove malware/unwanted strings
var el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_unwanted");
el.parentNode.removeChild(el);
document.title = document.getElementById("errorTitleText_phishing")
.innerHTML;
}
/**
* Initialize custom strings and functionality for blocked unwanted
* software case
*/
function initPage_unwanted()
{
// Remove malware/phishing strings
var el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("unwanted_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_unwanted")
.innerHTML;
}
]]></script>
</head>
@ -133,6 +176,7 @@
<div id="errorTitle">
<h1 id="errorTitleText_phishing" class="errorTitleText">&safeb.blocked.phishingPage.title2;</h1>
<h1 id="errorTitleText_malware" class="errorTitleText">&safeb.blocked.malwarePage.title;</h1>
<h1 id="errorTitleText_unwanted" class="errorTitleText">&safeb.blocked.unwantedPage.title;</h1>
</div>
<div id="errorLongContent">
@ -141,12 +185,14 @@
<div id="errorShortDesc">
<p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc2;</p>
<p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
<p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
</div>
<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc2;</p>
<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
<p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
</div>
<!-- Action buttons -->

View File

@ -5547,10 +5547,14 @@ var ErrorPageEventHandler = {
}
} else if (errorDoc.documentURI.startsWith("about:blocked")) {
// The event came from a button on a malware/phishing block page
// First check whether it's malware or phishing, so that we can
// use the right strings/links
let isMalware = errorDoc.documentURI.contains("e=malwareBlocked");
let bucketName = isMalware ? "WARNING_MALWARE_PAGE_" : "WARNING_PHISHING_PAGE_";
// First check whether it's malware, phishing or unwanted, so that we
// can use the right strings/links
let bucketName = "WARNING_PHISHING_PAGE_";
if (errorDoc.documentURI.contains("e=malwareBlocked")) {
bucketName = "WARNING_MALWARE_PAGE_";
} else if (errorDoc.documentURI.contains("e=unwantedBlocked")) {
bucketName = "WARNING_UNWANTED_PAGE_";
}
let nsISecTel = Ci.nsISecurityUITelemetry;
let isIframe = (errorDoc.defaultView.parent === errorDoc.defaultView);
bucketName += isIframe ? "TOP_" : "FRAME_";
@ -5565,23 +5569,10 @@ var ErrorPageEventHandler = {
// the measurement is for how many users clicked the WHY BLOCKED button
Telemetry.addData("SECURITY_UI", nsISecTel[bucketName + "WHY_BLOCKED"]);
// This is the "Why is this site blocked" button. For malware,
// we can fetch a site-specific report, for phishing, we redirect
// to the generic page describing phishing protection.
if (isMalware) {
// Get the stop badware "why is this blocked" report url, append the current url, and go there.
try {
let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
reportURL += errorDoc.location.href;
BrowserApp.selectedBrowser.loadURI(reportURL);
} catch (e) {
Cu.reportError("Couldn't get malware report URL: " + e);
}
} else {
// It's a phishing site, just link to the generic information page
let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
BrowserApp.selectedBrowser.loadURI(url + "phishing-malware");
}
// This is the "Why is this site blocked" button. We redirect
// to the generic page describing phishing/malware protection.
let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
BrowserApp.selectedBrowser.loadURI(url + "phishing-malware");
} else if (target == errorDoc.getElementById("ignoreWarningButton")) {
Telemetry.addData("SECURITY_UI", nsISecTel[bucketName + "IGNORE_WARNING"]);

View File

@ -15,3 +15,8 @@
<!ENTITY safeb.blocked.phishingPage.title2 "Suspected Web Forgery!">
<!ENTITY safeb.blocked.phishingPage.shortDesc2 "Entering any personal information on this page may result in identity theft or other fraud.">
<!ENTITY safeb.blocked.phishingPage.longDesc2 "<p>These types of web forgeries are used in scams known as phishing attacks, in which fraudulent web pages and emails are used to imitate sources you may trust.</p>">
<!ENTITY safeb.blocked.unwantedPage.title "Reported Unwanted Software Site!">
<!-- Localization note (safeb.blocked.unwanted.shortDesc) - Please don't translate the contents of the <span id="unwanted_sitename"/> tag. It will be replaced at runtime with a domain name (e.g. www.badsite.com) -->
<!ENTITY safeb.blocked.unwantedPage.shortDesc "This web page at <span id='unwanted_sitename'/> has been reported to contain unwanted software and has been blocked based on your security preferences.">
<!ENTITY safeb.blocked.unwantedPage.longDesc "Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.">

View File

@ -31,6 +31,7 @@ externalProtocolChkMsg=Remember my choice for all links of this type.
externalProtocolLaunchBtn=Launch application
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.
remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.

View File

@ -4477,11 +4477,11 @@ pref("dom.inter-app-communication-api.enabled", false);
pref("dom.mapped_arraybuffer.enabled", false);
// The tables used for Safebrowsing phishing and malware checks.
pref("urlclassifier.malwareTable", "goog-malware-shavar,test-malware-simple");
pref("urlclassifier.malwareTable", "goog-malware-shavar,goog-unwanted-shavar,test-malware-simple,test-unwanted-simple");
pref("urlclassifier.phishTable", "goog-phish-shavar,test-phish-simple");
pref("urlclassifier.downloadBlockTable", "");
pref("urlclassifier.downloadAllowTable", "");
pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,goog-downloadwhite-digest256,mozpub-track-digest256");
pref("urlclassifier.disallow_completions", "test-malware-simple,test-phish-simple,test-unwanted-simple,goog-downloadwhite-digest256,mozpub-track-digest256");
// The table and update/gethash URLs for Safebrowsing phishing and malware
// checks.

View File

@ -6,7 +6,7 @@
#include "nsISupports.idl"
[scriptable, uuid(f7259bf4-1f2b-4e9e-8983-1978cc076fa1)]
[scriptable, uuid(56e190a0-2802-4fc4-b09f-bcda357035c3)]
interface nsISecurityUITelemetry : nsISupports {
@ -141,6 +141,17 @@ const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE = 84;
const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
// This uses up buckets till 91 (including)
// Another Safe Browsing list (like malware & phishing above)
const uint32_t WARNING_UNWANTED_PAGE_TOP = 92;
const uint32_t WARNING_UNWANTED_PAGE_TOP_WHY_BLOCKED = 93;
const uint32_t WARNING_UNWANTED_PAGE_TOP_GET_ME_OUT_OF_HERE = 94;
const uint32_t WARNING_UNWANTED_PAGE_TOP_IGNORE_WARNING = 95;
const uint32_t WARNING_UNWANTED_PAGE_FRAME = 96;
const uint32_t WARNING_UNWANTED_PAGE_FRAME_WHY_BLOCKED = 97;
const uint32_t WARNING_UNWANTED_PAGE_FRAME_GET_ME_OUT_OF_HERE = 98;
const uint32_t WARNING_UNWANTED_PAGE_FRAME_IGNORE_WARNING = 99;
// This uses up buckets till 99 (including)
// We only have buckets up to 100.
};

View File

@ -199,8 +199,9 @@ this.SafeBrowsing = {
addMozEntries: function() {
// Add test entries to the DB.
// XXX bug 779008 - this could be done by DB itself?
const phishURL = "itisatrap.org/firefox/its-a-trap.html";
const malwareURL = "itisatrap.org/firefox/its-an-attack.html";
const phishURL = "itisatrap.org/firefox/its-a-trap.html";
const malwareURL = "itisatrap.org/firefox/its-an-attack.html";
const unwantedURL = "itisatrap.org/firefox/unwanted.html";
let update = "n:1000\ni:test-malware-simple\nad:1\n" +
"a:1:32:" + malwareURL.length + "\n" +
@ -208,6 +209,9 @@ this.SafeBrowsing = {
update += "n:1000\ni:test-phish-simple\nad:1\n" +
"a:1:32:" + phishURL.length + "\n" +
phishURL;
update += "n:1000\ni:test-unwanted-simple\nad:1\n" +
"a:1:32:" + unwantedURL.length + "\n" +
unwantedURL;
log("addMozEntries:", update);
let db = Cc["@mozilla.org/url-classifier/dbservice;1"].
@ -222,7 +226,7 @@ this.SafeBrowsing = {
};
try {
db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple", "");
db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple,test-unwanted-simple", "");
db.beginStream("", "");
db.updateStream(update);
db.finishStream();

View File

@ -188,6 +188,9 @@ TablesToResponse(const nsACString& tables)
if (FindInReadable(NS_LITERAL_CSTRING("-track-"), tables)) {
return NS_ERROR_TRACKING_URI;
}
if (FindInReadable(NS_LITERAL_CSTRING("-unwanted-"), tables)) {
return NS_ERROR_UNWANTED_URI;
}
return NS_OK;
}

View File

@ -33,8 +33,8 @@ function checkLoads() {
<!-- Try loading from a malware javascript URI -->
<script type="text/javascript" src="http://malware.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.js"></script>
<!-- Try loading from a malware css URI -->
<link rel="stylesheet" type="text/css" href="http://malware.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
<!-- Try loading from an uwanted software css URI -->
<link rel="stylesheet" type="text/css" href="http://unwanted.example.com/tests/toolkit/components/url-classifier/tests/mochitest/evil.css"></link>
<!-- XXX How is this part of the test supposed to work (= be checked)? -->
<!-- Try loading a marked-as-malware css through an @import from a clean URI -->

View File

@ -9,6 +9,7 @@ support-files =
import.css
raptor.jpg
track.html
unwantedWorker.js
workerFrame.html
[test_classifier.html]

View File

@ -24,6 +24,12 @@ var testUpdate =
"a:524:32:" + testData.length + "\n" +
testData;
testData = "unwanted.example.com/";
testUpdate +=
"n:1000\ni:test-unwanted-simple\nad:1\n" +
"a:524:32:" + testData.length + "\n" +
testData;
var dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
.getService(Ci.nsIUrlClassifierDBService);
@ -55,7 +61,7 @@ function doUpdate(update) {
}
};
dbService.beginUpdate(listener, "test-malware-simple", "");
dbService.beginUpdate(listener, "test-malware-simple,test-unwanted-simple", "");
dbService.beginStream("", "");
dbService.updateStream(update);
dbService.finishStream();
@ -63,7 +69,7 @@ function doUpdate(update) {
}
SpecialPowers.pushPrefEnv(
{"set" : [["urlclassifier.malwareTable", "test-malware-simple"],
{"set" : [["urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple"],
["urlclassifier.phishTable", "test-phish-simple"]]},
function() { doUpdate(testUpdate); });

View File

@ -23,6 +23,12 @@ var testUpdate =
"a:550:32:" + testData.length + "\n" +
testData;
testData = "example.com/tests/toolkit/components/url-classifier/tests/mochitest/unwantedWorker.js";
testUpdate +=
"n:1000\ni:test-unwanted-simple\nad:550\n" +
"a:550:32:" + testData.length + "\n" +
testData;
var dbService = Cc["@mozilla.org/url-classifier/dbservice;1"]
.getService(Ci.nsIUrlClassifierDBService);
@ -54,7 +60,7 @@ function doUpdate(update) {
}
};
dbService.beginUpdate(listener, "test-malware-simple", "");
dbService.beginUpdate(listener, "test-malware-simple,test-unwanted-simple", "");
dbService.beginStream("", "");
dbService.updateStream(update);
dbService.finishStream();
@ -73,7 +79,7 @@ function onmessage(event)
}
SpecialPowers.pushPrefEnv(
{"set" : [["urlclassifier.malwareTable", "test-malware-simple"],
{"set" : [["urlclassifier.malwareTable", "test-malware-simple,test-unwanted-simple"],
["urlclassifier.phishTable", "test-phish-simple"]]},
function() { doUpdate(testUpdate); });

View File

@ -0,0 +1,3 @@
onmessage = function() {
postMessage("loaded bad file");
}

View File

@ -29,11 +29,27 @@ function startEvilWorker() {
worker.onmessage = function(event) {
window.parent.postMessage("failure:failed to block evilWorker.js", "*");
startCleanWorker();
startUnwantedWorker();
};
worker.onerror = function(event) {
window.parent.postMessage("success:blocked evilWorker.js", "*");
startUnwantedWorker();
};
worker.postMessage("");
}
function startUnwantedWorker() {
var worker = new Worker("unwantedWorker.js");
worker.onmessage = function(event) {
window.parent.postMessage("failure:failed to block unwantedWorker.js", "*");
startCleanWorker();
};
worker.onerror = function(event) {
window.parent.postMessage("success:blocked unwantedWorker.js", "*");
startCleanWorker();
};

View File

@ -53,15 +53,18 @@ function cleanUp() {
delFile("safebrowsing/classifier.hashkey");
delFile("safebrowsing/test-phish-simple.sbstore");
delFile("safebrowsing/test-malware-simple.sbstore");
delFile("safebrowsing/test-unwanted-simple.sbstore");
delFile("safebrowsing/test-phish-simple.cache");
delFile("safebrowsing/test-malware-simple.cache");
delFile("safebrowsing/test-unwanted-simple.cache");
delFile("safebrowsing/test-phish-simple.pset");
delFile("safebrowsing/test-malware-simple.pset");
delFile("safebrowsing/test-unwanted-simple.pset");
delFile("testLarge.pset");
delFile("testNoDelta.pset");
}
var allTables = "test-phish-simple,test-malware-simple";
var allTables = "test-phish-simple,test-malware-simple,test-unwanted-simple";
var dbservice = Cc["@mozilla.org/url-classifier/dbservice;1"].getService(Ci.nsIUrlClassifierDBService);
var streamUpdater = Cc["@mozilla.org/url-classifier/streamupdater;1"]
@ -114,6 +117,10 @@ function buildMalwareUpdate(chunks, hashSize) {
return buildUpdate({"test-malware-simple" : chunks}, hashSize);
}
function buildUnwantedUpdate(chunks, hashSize) {
return buildUpdate({"test-unwanted-simple" : chunks}, hashSize);
}
function buildBareUpdate(chunks, hashSize) {
return buildUpdate({"" : chunks}, hashSize);
}
@ -138,7 +145,7 @@ function doSimpleUpdate(updateText, success, failure) {
};
dbservice.beginUpdate(listener,
"test-phish-simple,test-malware-simple");
"test-phish-simple,test-malware-simple,test-unwanted-simple");
dbservice.beginStream("", "");
dbservice.updateStream(updateText);
dbservice.finishStream();
@ -180,7 +187,7 @@ function doStreamUpdate(updateText, success, failure, downloadFailure) {
downloadFailure = failure;
}
streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple", "",
streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple,test-unwanted-simple", "",
dataUpdate, success, failure, downloadFailure);
}
@ -237,6 +244,11 @@ malwareUrlsExist: function(urls, cb)
this.checkUrls(urls, 'test-malware-simple', cb);
},
unwantedUrlsExist: function(urls, cb)
{
this.checkUrls(urls, 'test-unwanted-simple', cb);
},
subsDontExist: function(urls, cb)
{
// XXX: there's no interface for checking items in the subs table

View File

@ -47,18 +47,20 @@ var chunk6Urls = [
];
var chunk6 = chunk6Urls.join("\n");
// we are going to add chunks 1, 2, 4, 5, and 6 to phish-simple, and
// chunk 2 to malware-simple. Then we'll remove the urls in chunk3
// from phish-simple, then expire chunk 1 and chunks 4-6 from
// phish-simple.
// we are going to add chunks 1, 2, 4, 5, and 6 to phish-simple,
// chunk 2 to malware-simple and chunk 3 to unwanted-simple.
// Then we'll remove the urls in chunk3 from phish-simple, then
// expire chunk 1 and chunks 4-6 from phish-simple.
var phishExpected = {};
var phishUnexpected = {};
var malwareExpected = {};
var unwantedExpected = {};
for (var i = 0; i < chunk2Urls.length; i++) {
phishExpected[chunk2Urls[i]] = true;
malwareExpected[chunk2Urls[i]] = true;
}
for (var i = 0; i < chunk3Urls.length; i++) {
unwantedExpected[chunk3Urls[i]] = true;
delete phishExpected[chunk3Urls[i]];
phishUnexpected[chunk3Urls[i]] = true;
}
@ -115,7 +117,7 @@ function tablesCallbackWithoutSub(tables)
// there's a leading \n here because splitting left an empty string
// after the trailing newline, which will sort first
do_check_eq(parts.join("\n"),
"\ntest-malware-simple;a:1\ntest-phish-simple;a:2");
"\ntest-malware-simple;a:1\ntest-phish-simple;a:2\ntest-unwanted-simple;a:1");
checkNoHost();
}
@ -133,7 +135,7 @@ function tablesCallbackWithSub(tables)
// there's a leading \n here because splitting left an empty string
// after the trailing newline, which will sort first
do_check_eq(parts.join("\n"),
"\ntest-malware-simple;a:1\ntest-phish-simple;a:2:s:3");
"\ntest-malware-simple;a:1\ntest-phish-simple;a:2:s:3\ntest-unwanted-simple;a:1");
// verify that expiring a sub chunk removes its name from the list
var data =
@ -182,6 +184,16 @@ function malwareExists(result) {
}
}
function unwantedExists(result) {
dumpn("unwantedExists: " + result);
try {
do_check_true(result.indexOf("test-unwanted-simple") != -1);
} finally {
checkDone();
}
}
function checkState()
{
numExpecting = 0;
@ -203,6 +215,12 @@ function checkState()
dbservice.lookup(principal, allTables, malwareExists, true);
numExpecting++;
}
for (var key in unwantedExpected) {
var principal = secMan.getNoAppCodebasePrincipal(iosvc.newURI("http://" + key, null, null));
dbservice.lookup(principal, allTables, unwantedExists, true);
numExpecting++;
}
}
function testSubSuccess(result)
@ -249,7 +267,10 @@ function do_adds() {
chunk6 + "\n" +
"i:test-malware-simple\n" +
"a:1:32:" + chunk2.length + "\n" +
chunk2 + "\n";
chunk2 + "\n" +
"i:test-unwanted-simple\n" +
"a:1:32:" + chunk3.length + "\n" +
chunk3 + "\n";
doSimpleUpdate(data, testAddSuccess, testFailure);
}

View File

@ -131,6 +131,7 @@ function testMultipleTables() {
var add1Urls = [ "foo-multiple.com/a", "bar-multiple.com/c" ];
var add2Urls = [ "foo-multiple.com/b" ];
var add3Urls = [ "bar-multiple.com/d" ];
var add4Urls = [ "bar-multiple.com/e" ];
var update = "n:1000\n";
update += "i:test-phish-simple\n";
@ -152,10 +153,17 @@ function testMultipleTables() {
"urls" : add3Urls }]);
update += "u:data:," + encodeURIComponent(update3) + "\n";
update += "i:test-unwanted-simple\n";
var update4 = buildBareUpdate(
[{ "chunkNum" : 4,
"urls" : add4Urls }]);
update += "u:data:," + encodeURIComponent(update4) + "\n";
var assertions = {
"tableData" : "test-malware-simple;a:3\ntest-phish-simple;a:1-2",
"tableData" : "test-malware-simple;a:3\ntest-phish-simple;a:1-2\ntest-unwanted-simple;a:4",
"urlsExist" : add1Urls.concat(add2Urls),
"malwareUrlsExist" : add3Urls
"malwareUrlsExist" : add3Urls,
"unwantedUrlsExist" : add4Urls
};
doTest([update], assertions, false);

View File

@ -242,33 +242,15 @@ function onClickContent(event) {
if (/^about:blocked/.test(errorDoc.documentURI)) {
// The event came from a button on a malware/phishing block page
// First check whether it's malware or phishing, so that we can
// use the right strings/links
var isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
if (target == errorDoc.getElementById('getMeOutButton')) {
// Instead of loading some safe page, just close the window
window.close();
} else if (target == errorDoc.getElementById('reportButton')) {
// This is the "Why is this site blocked" button. For malware,
// we can fetch a site-specific report, for phishing, we redirect
// to the generic page describing phishing protection.
if (isMalware) {
// Get the stop badware "why is this blocked" report url,
// append the current url, and go there.
try {
let reportURL = Services.urlFormatter.formatURLPref("browser.safebrowsing.malware.reportURL", true);
reportURL += errorDoc.location.href.slice(12);
openURL(reportURL);
} catch (e) {
Components.utils.reportError("Couldn't get malware report URL: " + e);
}
} else {
// It's a phishing site, just link to the generic information page
let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
openURL(url + "phishing-malware");
}
// This is the "Why is this site blocked" button. We redirect
// to the generic page describing phishing/malware protection.
let url = Services.urlFormatter.formatURLPref("app.support.baseURL");
openURL(url + "phishing-malware");
} else if (target == errorDoc.getElementById('ignoreWarningButton')) {
// Allow users to override and continue through to the site
gBrowser.loadURIWithFlags(content.location.href,

View File

@ -29,6 +29,7 @@ externalProtocolUnknown=<Unknown>
externalProtocolChkMsg=Remember my choice for all links of this type.
externalProtocolLaunchBtn=Launch application
malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
phishingBlocked=The website at %S has been reported as a web forgery designed to trick users into sharing personal or financial information.
cspBlocked=This application tried to access a resource that has a content security policy that prevents it from being loaded in this way.
corruptedContentError=The application cannot continue loading because an error in the data transmission was detected.

View File

@ -678,6 +678,7 @@
ERROR(NS_ERROR_MALWARE_URI, FAILURE(30)),
ERROR(NS_ERROR_PHISHING_URI, FAILURE(31)),
ERROR(NS_ERROR_TRACKING_URI, FAILURE(34)),
ERROR(NS_ERROR_UNWANTED_URI, FAILURE(35)),
/* Used when "Save Link As..." doesn't see the headers quickly enough to
* choose a filename. See nsContextMenu.js. */
ERROR(NS_ERROR_SAVE_LINK_AS_TIMEOUT, FAILURE(32)),