Bug 445158 - Consider providing a pref that allows users to avoid check for "Launching Applications and Unsafe Files" Internet option; r=(sdwilsh + tellrob)

2024-09-13 09:24:08 -07:00 · 2008-10-11 03:15:51 +02:00 · 2008-10-11 03:15:51 +02:00 · 4976b1709a
commit 4976b1709a
parent afdcf5bda0
4 changed files with 122 additions and 44 deletions
--- a/toolkit/components/downloads/src/nsDownloadManager.cpp
+++ b/toolkit/components/downloads/src/nsDownloadManager.cpp
@ -139,9 +139,9 @@ nsDownloadManager::GetSingleton()

 nsDownloadManager::~nsDownloadManager()
 {
-#if defined(XP_WIN) && !defined(__MINGW32__)
-  delete mScanner;
-#endif
+#if defined(XP_WIN) && !defined(__MINGW32__)
+  mScanner = nsnull;
+#endif
  gDownloadManagerService = nsnull;
 }

@ -914,10 +914,8 @@ nsDownloadManager::Init()
  if (!mScanner)
    return NS_ERROR_OUT_OF_MEMORY;
  rv = mScanner->Init();
-  if (NS_FAILED(rv)) {
-    delete mScanner;
+  if (NS_FAILED(rv))
    mScanner = nsnull;
-  }
 #endif

  rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
--- a/toolkit/components/downloads/src/nsDownloadManager.h
+++ b/toolkit/components/downloads/src/nsDownloadManager.h
@ -75,7 +75,7 @@ typedef PRInt16 DownloadType;
 class nsDownload;

 #if defined(XP_WIN) && !defined(__MINGW32__)
-class nsDownloadScanner;
+#include "nsDownloadScanner.h"
 #endif

 class nsDownloadManager : public nsIDownloadManager,
@ -93,11 +93,7 @@ public:
  static nsDownloadManager *GetSingleton();

  virtual ~nsDownloadManager();
-#if defined(XP_WIN) && !defined(__MINGW32__)
-  nsDownloadManager() : mScanner(nsnull) { };
-private:
-  nsDownloadScanner *mScanner;
-#endif
+  nsDownloadManager() {};

 protected:
  nsresult InitDB(PRBool *aDoImport);
@ -242,6 +238,12 @@ protected:
   */
  enum QuitBehavior GetQuitBehavior();

+  // Virus scanner for windows
+#if defined(XP_WIN) && !defined(__MINGW32__)
+private:
+  nsRefPtr<nsDownloadScanner> mScanner;
+#endif
+
 private:
  nsCOMArray<nsIDownloadProgressListener> mListeners;
  nsCOMPtr<nsIStringBundle> mBundle;
--- a/toolkit/components/downloads/src/nsDownloadScanner.cpp
+++ b/toolkit/components/downloads/src/nsDownloadScanner.cpp
@ -47,6 +47,7 @@
 #include "nsNetUtil.h"
 #include "nsDeque.h"
 #include "nsIFileURL.h"
+#include "nsIPrefBranch2.h"

 /**
 * Code overview
@ -135,6 +136,7 @@
 */

 #define PREF_BDA_DONTCLEAN "browser.download.antivirus.dontclean"
+#define PREF_BDM_SKIPWINPOLICYCHECKS "browser.download.manager.skipWinSecurityPolicyChecks"

 // IAttachementExecute supports user definable settings for certain
 // security related prompts. This defines a general GUID for use in
@ -171,8 +173,15 @@ private:
  HANDLE mQuitEvent;
 };

-nsDownloadScanner::nsDownloadScanner()
-  : mHaveAVScanner(PR_FALSE), mHaveAttachmentExecute(PR_FALSE)
+NS_IMPL_ISUPPORTS1(
+  nsDownloadScanner
+  , nsIObserver
+  )
+
+nsDownloadScanner::nsDownloadScanner() :
+  mOAVExists(PR_FALSE)
+  , mAESExists(PR_FALSE)
+  , mUseAttachmentExecute(PR_FALSE)
 {
 }
 
@ -192,19 +201,57 @@ nsDownloadScanner::Init()
  // codebase. All other COM calls/objects are made on different threads.
  nsresult rv = NS_OK;
  CoInitialize(NULL);
-  if (!IsAESAvailable() && ListCLSID() < 0)
-    rv = NS_ERROR_NOT_AVAILABLE;
+
+  // Check for the existence of IAE
+  mAESExists = IsAESAvailable();
+
+  // Init OAV scanner list
+  mOAVExists = EnumerateOAVProviders();
+  
  CoUninitialize();
-  if (NS_SUCCEEDED(rv)) {
-    mWatchdog = new nsDownloadScannerWatchdog();
-    if (mWatchdog) {
-      rv = mWatchdog->Init();
-      if (FAILED(rv))
-        mWatchdog = nsnull;
-    } else {
-      rv = NS_ERROR_OUT_OF_MEMORY;
-    }
+
+  if (!mAESExists && !mOAVExists)
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mAESExists)
+    mUseAttachmentExecute = PR_TRUE;
+  
+  // Initialize scanning
+  mWatchdog = new nsDownloadScannerWatchdog();
+  if (mWatchdog) {
+    rv = mWatchdog->Init();
+    if (FAILED(rv))
+      mWatchdog = nsnull;
+  } else {
+    rv = NS_ERROR_OUT_OF_MEMORY;
  }
+  
+  if (NS_FAILED(rv))
+    return rv;
+
+  // If skipWinSecurityPolicyChecks is set, do not use attachement execute,
+  // fall back on the older interface. AE does virus scanning, applies
+  // security policy checks, and also adds security meta data to downloaded
+  // content.
+  PRBool skipPolicy = PR_FALSE;
+  nsCOMPtr<nsIPrefBranch> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID));
+  if (prefs)
+    (void)prefs->GetBoolPref(PREF_BDM_SKIPWINPOLICYCHECKS, &skipPolicy);
+  if (skipPolicy)
+    mUseAttachmentExecute = PR_FALSE;
+  
+  // Setup a pref change even for the policy check pref.
+  nsCOMPtr<nsIPrefBranch2> prefBranch =
+    do_GetService(NS_PREFSERVICE_CONTRACTID);
+
+  if (prefBranch)
+    (void)prefBranch->AddObserver(PREF_BDM_SKIPWINPOLICYCHECKS, this, PR_FALSE);
+
+  nsCOMPtr<nsIObserverService> observerService =
+    do_GetService(NS_OBSERVERSERVICE_CONTRACTID);
+  
+  if (observerService)
+    (void)observerService->AddObserver(this, "quit-application", PR_FALSE);

  return rv;
 }
@ -212,6 +259,7 @@ nsDownloadScanner::Init()
 PRBool
 nsDownloadScanner::IsAESAvailable()
 {
+  // Try to instantiate IAE to see if it's available.    
  nsRefPtr<IAttachmentExecute> ae;
  HRESULT hr;
  hr = CoCreateInstance(CLSID_AttachmentServices, NULL, CLSCTX_INPROC,
@ -220,14 +268,11 @@ nsDownloadScanner::IsAESAvailable()
    NS_WARNING("Could not instantiate attachment execution service\n");
    return PR_FALSE;
  }
-
-  mHaveAVScanner = PR_TRUE;
-  mHaveAttachmentExecute = PR_TRUE;
  return PR_TRUE;
 }

-PRInt32
-nsDownloadScanner::ListCLSID()
+PRBool
+nsDownloadScanner::EnumerateOAVProviders()
 {
  nsRefPtr<ICatInformation> catInfo;
  HRESULT hr;
@ -235,7 +280,7 @@ nsDownloadScanner::ListCLSID()
                        IID_ICatInformation, getter_AddRefs(catInfo));
  if (FAILED(hr)) {
    NS_WARNING("Could not create category information class\n");
-    return -1;
+    return PR_FALSE;
  }
  nsRefPtr<IEnumCLSID> clsidEnumerator;
  GUID guids [1] = { CATID_MSOfficeAntiVirus };
@ -243,7 +288,7 @@ nsDownloadScanner::ListCLSID()
      getter_AddRefs(clsidEnumerator));
  if (FAILED(hr)) {
    NS_WARNING("Could not get class enumerator for category\n");
-    return -2;
+    return PR_FALSE;
  }

  ULONG nReceived;
@ -253,11 +298,38 @@ nsDownloadScanner::ListCLSID()

  if (mScanCLSID.Length() == 0) {
    // No installed Anti Virus program
-    return -3;
+    return PR_FALSE;
  }

-  mHaveAVScanner = PR_TRUE;
-  return 0;
+  return PR_TRUE;
+}
+
+// XPCOM pref change observer - reset our default scanner settings.
+NS_IMETHODIMP
+nsDownloadScanner::Observe(nsISupports *aSubject, const char *aTopic, const PRUnichar *someData)
+{
+  nsCOMPtr<nsIPrefBranch2> prefBranch =
+    do_GetService(NS_PREFSERVICE_CONTRACTID);
+
+  if (aTopic && !strcmp(aTopic, "quit-application")) {
+    if (prefBranch)
+      (void)prefBranch->RemoveObserver(PREF_BDM_SKIPWINPOLICYCHECKS, this);
+
+    nsCOMPtr<nsIObserverService> observerService =
+      do_GetService(NS_OBSERVERSERVICE_CONTRACTID);
+    
+    if (observerService)
+      (void)observerService->RemoveObserver(this, "quit-application");
+    return S_OK;
+  }
+  
+  PRBool skipPolicyCheck = PR_FALSE;
+  if (prefBranch)
+    (void)prefBranch->GetBoolPref(PREF_BDM_SKIPWINPOLICYCHECKS, &skipPolicyCheck);
+
+  mUseAttachmentExecute = !skipPolicyCheck && mAESExists;
+  
+  return NS_OK;
 }

 // If IAttachementExecute is available, use the CheckPolicy call to find out
@ -267,7 +339,7 @@ nsDownloadScanner::CheckPolicy(nsIURI *aSource, nsIURI *aTarget)
 {
  nsresult rv;

-  if (!aSource || !aTarget || !mHaveAttachmentExecute)
+  if (!aSource || !aTarget || !mUseAttachmentExecute)
    return AVPOLICY_DOWNLOAD;

  nsCAutoString source;
@ -646,7 +718,7 @@ nsDownloadScanner::Scan::DoScan()
 {
  CoInitialize(NULL);

-  if (mDLScanner->mHaveAttachmentExecute ? DoScanAES() : DoScanOAV()) {
+  if (mDLScanner->mUseAttachmentExecute ? DoScanAES() : DoScanOAV()) {
    // We need to do a few more things on the main thread
    NS_DispatchToMainThread(this);
  } else {
@ -702,7 +774,7 @@ nsDownloadScanner::Scan::CheckAndSetState(AVScanState newState, AVScanState expe
 nsresult
 nsDownloadScanner::ScanDownload(nsDownload *download)
 {
-  if (!mHaveAVScanner)
+  if (!mUseAttachmentExecute && !mOAVExists)
    return NS_ERROR_NOT_AVAILABLE;

  // No ref ptr, see comment below
--- a/toolkit/components/downloads/src/nsDownloadScanner.h
+++ b/toolkit/components/downloads/src/nsDownloadScanner.h
@ -19,8 +19,9 @@

 #include "nsAutoPtr.h"
 #include "nsThreadUtils.h"
-#include "nsDownloadManager.h"
 #include "nsTArray.h"
+#include "nsIObserver.h"
+#include "nsIURI.h"

 enum AVScanState
 {
@ -40,12 +41,16 @@ enum AVCheckPolicyState
  AVPOLICY_BLOCKED
 };

-
 // See nsDownloadScanner.cpp for declaration and definition
 class nsDownloadScannerWatchdog;
+class nsDownload;

-class nsDownloadScanner
+class nsDownloadScanner : public nsIObserver
 {
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
 public:
  nsDownloadScanner();
  ~nsDownloadScanner();
@ -54,11 +59,12 @@ public:
  AVCheckPolicyState CheckPolicy(nsIURI *aSource, nsIURI *aTarget);

 private:
-  PRBool mHaveAVScanner;
-  PRBool mHaveAttachmentExecute;
+  PRBool mOAVExists;
+  PRBool mAESExists;
+  PRBool mUseAttachmentExecute;
  nsTArray<CLSID> mScanCLSID;
  PRBool IsAESAvailable();
-  PRInt32 ListCLSID();
+  PRBool EnumerateOAVProviders();

  nsAutoPtr<nsDownloadScannerWatchdog> mWatchdog;