The Tor Browser / file comparison
comparison: toolkit/components/telemetry/ThirdPartyCookieProbe.jsm
toolkit/components/telemetry/ThirdPartyCookieProbe.jsm
- branch
- TOR_BUG_9701
- changeset 14
- 925c144e1f1f
equal
deleted
inserted
replaced
| -1:000000000000 | 0:c91872b5220d |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 "use strict"; | |
| 6 | |
| 7 let Ci = Components.interfaces; | |
| 8 let Cu = Components.utils; | |
| 9 let Cr = Components.results; | |
| 10 | |
| 11 Cu.import("resource://gre/modules/XPCOMUtils.jsm", this); | |
| 12 Cu.import("resource://gre/modules/Services.jsm", this); | |
| 13 | |
| 14 this.EXPORTED_SYMBOLS = ["ThirdPartyCookieProbe"]; | |
| 15 | |
| 16 const MILLISECONDS_PER_DAY = 1000 * 60 * 60 * 24; | |
| 17 | |
| 18 /** | |
| 19 * A probe implementing the measurements detailed at | |
| 20 * https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies/Telemetry | |
| 21 * | |
| 22 * This implementation uses only in-memory data. | |
| 23 */ | |
| 24 this.ThirdPartyCookieProbe = function() { | |
| 25 /** | |
| 26 * A set of third-party sites that have caused cookies to be | |
| 27 * rejected. These sites are trimmed down to ETLD + 1 | |
| 28 * (i.e. "x.y.com" and "z.y.com" are both trimmed down to "y.com", | |
| 29 * "x.y.co.uk" is trimmed down to "y.co.uk"). | |
| 30 * | |
| 31 * Used to answer the following question: "For each third-party | |
| 32 * site, how many other first parties embed them and result in | |
| 33 * cookie traffic?" (see | |
| 34 * https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies/Telemetry#Breadth | |
| 35 * ) | |
| 36 * | |
| 37 * @type Map<string, RejectStats> A mapping from third-party site | |
| 38 * to rejection statistics. | |
| 39 */ | |
| 40 this._thirdPartyCookies = new Map(); | |
| 41 /** | |
| 42 * Timestamp of the latest call to flush() in milliseconds since the Epoch. | |
| 43 */ | |
| 44 this._latestFlush = Date.now(); | |
| 45 }; | |
| 46 | |
| 47 this.ThirdPartyCookieProbe.prototype = { | |
| 48 QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver]), | |
| 49 init: function() { | |
| 50 Services.obs.addObserver(this, "profile-before-change", false); | |
| 51 Services.obs.addObserver(this, "third-party-cookie-accepted", false); | |
| 52 Services.obs.addObserver(this, "third-party-cookie-rejected", false); | |
| 53 }, | |
| 54 dispose: function() { | |
| 55 Services.obs.removeObserver(this, "profile-before-change"); | |
| 56 Services.obs.removeObserver(this, "third-party-cookie-accepted"); | |
| 57 Services.obs.removeObserver(this, "third-party-cookie-rejected"); | |
| 58 }, | |
| 59 /** | |
| 60 * Observe either | |
| 61 * - "profile-before-change" (no meaningful subject or data) - time to flush statistics and unregister; or | |
| 62 * - "third-party-cookie-accepted"/"third-party-cookie-rejected" with | |
| 63 * subject: the nsIURI of the third-party that attempted to set the cookie; | |
| 64 * data: a string holding the uri of the page seen by the user. | |
| 65 */ | |
| 66 observe: function(docURI, topic, referrer) { | |
| 67 try { | |
| 68 if (topic == "profile-before-change") { | |
| 69 // A final flush, then unregister | |
| 70 this.flush(); | |
| 71 this.dispose(); | |
| 72 } | |
| 73 if (topic != "third-party-cookie-accepted" | |
| 74 && topic != "third-party-cookie-rejected") { | |
| 75 // Not a third-party cookie | |
| 76 return; | |
| 77 } | |
| 78 // Add host to this._thirdPartyCookies | |
| 79 // Note: nsCookieService passes "?" if the issuer is unknown. Avoid | |
| 80 // normalizing in this case since its not a valid URI. | |
| 81 let firstParty = (referrer === "?") ? referrer : normalizeHost(referrer); | |
| 82 let thirdParty = normalizeHost(docURI.QueryInterface(Ci.nsIURI).host); | |
| 83 let data = this._thirdPartyCookies.get(thirdParty); | |
| 84 if (!data) { | |
| 85 data = new RejectStats(); | |
| 86 this._thirdPartyCookies.set(thirdParty, data); | |
| 87 } | |
| 88 if (topic == "third-party-cookie-accepted") { | |
| 89 data.addAccepted(firstParty); | |
| 90 } else { | |
| 91 data.addRejected(firstParty); | |
| 92 } | |
| 93 } catch (ex) { | |
| 94 if (ex instanceof Ci.nsIXPCException) { | |
| 95 if (ex.result == Cr.NS_ERROR_HOST_IS_IP_ADDRESS || | |
| 96 ex.result == Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) { | |
| 97 return; | |
| 98 } | |
| 99 } | |
| 100 // Other errors should not remain silent. | |
| 101 Services.console.logStringMessage("ThirdPartyCookieProbe: Uncaught error " + ex + "\n" + ex.stack); | |
| 102 } | |
| 103 }, | |
| 104 | |
| 105 /** | |
| 106 * Clear internal data, fill up corresponding histograms. | |
| 107 * | |
| 108 * @param {number} aNow (optional, used for testing purposes only) | |
| 109 * The current instant. Used to make tests time-independent. | |
| 110 */ | |
| 111 flush: function(aNow = Date.now()) { | |
| 112 let updays = (aNow - this._latestFlush) / MILLISECONDS_PER_DAY; | |
| 113 if (updays <= 0) { | |
| 114 // Unlikely, but regardless, don't risk division by zero | |
| 115 // or weird stuff. | |
| 116 return; | |
| 117 } | |
| 118 this._latestFlush = aNow; | |
| 119 let acceptedSites = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_SITES_ACCEPTED"); | |
| 120 let rejectedSites = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_SITES_BLOCKED"); | |
| 121 let acceptedRequests = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_ATTEMPTS_ACCEPTED"); | |
| 122 let rejectedRequests = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_ATTEMPTS_BLOCKED"); | |
| 123 for (let [k, data] of this._thirdPartyCookies) { | |
| 124 acceptedSites.add(data.countAcceptedSites / updays); | |
| 125 rejectedSites.add(data.countRejectedSites / updays); | |
| 126 acceptedRequests.add(data.countAcceptedRequests / updays); | |
| 127 rejectedRequests.add(data.countRejectedRequests / updays); | |
| 128 } | |
| 129 this._thirdPartyCookies.clear(); | |
| 130 } | |
| 131 }; | |
| 132 | |
| 133 /** | |
| 134 * Data gathered on cookies that a third party site has attempted to set. | |
| 135 * | |
| 136 * Privacy note: the only data actually sent to the server is the size of | |
| 137 * the sets. | |
| 138 * | |
| 139 * @constructor | |
| 140 */ | |
| 141 let RejectStats = function() { | |
| 142 /** | |
| 143 * The set of all sites for which we have accepted third-party cookies. | |
| 144 */ | |
| 145 this._acceptedSites = new Set(); | |
| 146 /** | |
| 147 * The set of all sites for which we have rejected third-party cookies. | |
| 148 */ | |
| 149 this._rejectedSites = new Set(); | |
| 150 /** | |
| 151 * Total number of attempts to set a third-party cookie that have | |
| 152 * been accepted. Two accepted attempts on the same site will both | |
| 153 * augment this count. | |
| 154 */ | |
| 155 this._acceptedRequests = 0; | |
| 156 /** | |
| 157 * Total number of attempts to set a third-party cookie that have | |
| 158 * been rejected. Two rejected attempts on the same site will both | |
| 159 * augment this count. | |
| 160 */ | |
| 161 this._rejectedRequests = 0; | |
| 162 }; | |
| 163 RejectStats.prototype = { | |
| 164 addAccepted: function(firstParty) { | |
| 165 this._acceptedSites.add(firstParty); | |
| 166 this._acceptedRequests++; | |
| 167 }, | |
| 168 addRejected: function(firstParty) { | |
| 169 this._rejectedSites.add(firstParty); | |
| 170 this._rejectedRequests++; | |
| 171 }, | |
| 172 get countAcceptedSites() { | |
| 173 return this._acceptedSites.size; | |
| 174 }, | |
| 175 get countRejectedSites() { | |
| 176 return this._rejectedSites.size; | |
| 177 }, | |
| 178 get countAcceptedRequests() { | |
| 179 return this._acceptedRequests; | |
| 180 }, | |
| 181 get countRejectedRequests() { | |
| 182 return this._rejectedRequests; | |
| 183 } | |
| 184 }; | |
| 185 | |
| 186 /** | |
| 187 * Normalize a host to its eTLD + 1. | |
| 188 */ | |
| 189 function normalizeHost(host) { | |
| 190 return Services.eTLD.getBaseDomainFromHost(host); | |
| 191 }; |
