Bug 1150045 - De-anonymize Expanded Principals. r=bholley

2024-09-13 09:24:08 -07:00 · 2015-04-10 17:52:29 +02:00 · 2015-04-10 17:52:29 +02:00 · ace19d48e4
commit ace19d48e4
parent 351257fef3
5 changed files with 45 additions and 3 deletions
--- a/addon-sdk/source/test/test-sandbox.js
+++ b/addon-sdk/source/test/test-sandbox.js
@ -57,7 +57,7 @@ exports['test exceptions'] = function(assert) {
    } + '();');
  }
  catch (error) {
-    assert.equal(error.fileName, '', 'no fileName reported');
+    assert.equal(error.fileName, '[System Principal]', 'No specific fileName reported');
    assert.equal(error.lineNumber, 3, 'reports correct line number');
  }

--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@ -980,8 +980,21 @@ nsExpandedPrincipal::IsOnCSSUnprefixingWhitelist()
 void
 nsExpandedPrincipal::GetScriptLocation(nsACString& aStr)
 {
-  // Is that a good idea to list it's principals?
  aStr.Assign(EXPANDED_PRINCIPAL_SPEC);
+  aStr.AppendLiteral(" (");
+
+  for (size_t i = 0; i < mPrincipals.Length(); ++i) {
+    if (i != 0) {
+      aStr.AppendLiteral(", ");
+    }
+
+    nsAutoCString spec;
+    nsJSPrincipals::get(mPrincipals.ElementAt(i))->GetScriptLocation(spec);
+
+    aStr.Append(spec);
+
+  }
+  aStr.Append(")");
 }

 #ifdef DEBUG
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@ -1507,7 +1507,7 @@ xpc::EvalInSandbox(JSContext* cx, HandleObject sandboxArg, const nsAString& sour
    NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);

    nsAutoCString filenameBuf;
-    if (!filename.IsVoid()) {
+    if (!filename.IsVoid() && filename.Length() != 0) {
        filenameBuf.Assign(filename);
    } else {
        // Default to the spec of the principal.
--- a/js/xpconnect/tests/unit/test_sandbox_name.js
+++ b/js/xpconnect/tests/unit/test_sandbox_name.js
@ -0,0 +1,28 @@
+"use strict";
+
+const { utils: Cu, interfaces: Ci, classes: Cc } = Components;
+
+/**
+ * Test that the name of a sandbox contains the name of all principals.
+ */
+function test_sandbox_name() {
+  let names = [
+    "http://example.com/?" + Math.random(),
+    "http://example.org/?" + Math.random()
+  ];
+  let sandbox = Cu.Sandbox(names);
+  let fileName = Cu.evalInSandbox(
+    "(new Error()).fileName",
+    sandbox,
+    "latest" /*js version*/,
+    ""/*file name*/
+  );
+
+  for (let name of names) {
+    Assert.ok(fileName.indexOf(name) != -1, `Name ${name} appears in ${fileName}`);
+  }
+};
+
+function run_test() {
+  test_sandbox_name();
+}
--- a/js/xpconnect/tests/unit/xpcshell.ini
+++ b/js/xpconnect/tests/unit/xpcshell.ini
@ -99,6 +99,7 @@ skip-if = os == "android" # native test components aren't available on Android
 [test_sandbox_atob.js]
 [test_isProxy.js]
 [test_getObjectPrincipal.js]
+[test_sandbox_name.js]
 [test_watchdog_enable.js]
 head = head_watchdog.js
 [test_watchdog_disable.js]