michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: "use strict"; michael@0: michael@0: let Ci = Components.interfaces; michael@0: let Cu = Components.utils; michael@0: let Cr = Components.results; michael@0: michael@0: Cu.import("resource://gre/modules/XPCOMUtils.jsm", this); michael@0: Cu.import("resource://gre/modules/Services.jsm", this); michael@0: michael@0: this.EXPORTED_SYMBOLS = ["ThirdPartyCookieProbe"]; michael@0: michael@0: const MILLISECONDS_PER_DAY = 1000 * 60 * 60 * 24; michael@0: michael@0: /** michael@0: * A probe implementing the measurements detailed at michael@0: * https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies/Telemetry michael@0: * michael@0: * This implementation uses only in-memory data. michael@0: */ michael@0: this.ThirdPartyCookieProbe = function() { michael@0: /** michael@0: * A set of third-party sites that have caused cookies to be michael@0: * rejected. These sites are trimmed down to ETLD + 1 michael@0: * (i.e. "x.y.com" and "z.y.com" are both trimmed down to "y.com", michael@0: * "x.y.co.uk" is trimmed down to "y.co.uk"). michael@0: * michael@0: * Used to answer the following question: "For each third-party michael@0: * site, how many other first parties embed them and result in michael@0: * cookie traffic?" (see michael@0: * https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies/Telemetry#Breadth michael@0: * ) michael@0: * michael@0: * @type Map A mapping from third-party site michael@0: * to rejection statistics. michael@0: */ michael@0: this._thirdPartyCookies = new Map(); michael@0: /** michael@0: * Timestamp of the latest call to flush() in milliseconds since the Epoch. michael@0: */ michael@0: this._latestFlush = Date.now(); michael@0: }; michael@0: michael@0: this.ThirdPartyCookieProbe.prototype = { michael@0: QueryInterface: XPCOMUtils.generateQI([Ci.nsIObserver]), michael@0: init: function() { michael@0: Services.obs.addObserver(this, "profile-before-change", false); michael@0: Services.obs.addObserver(this, "third-party-cookie-accepted", false); michael@0: Services.obs.addObserver(this, "third-party-cookie-rejected", false); michael@0: }, michael@0: dispose: function() { michael@0: Services.obs.removeObserver(this, "profile-before-change"); michael@0: Services.obs.removeObserver(this, "third-party-cookie-accepted"); michael@0: Services.obs.removeObserver(this, "third-party-cookie-rejected"); michael@0: }, michael@0: /** michael@0: * Observe either michael@0: * - "profile-before-change" (no meaningful subject or data) - time to flush statistics and unregister; or michael@0: * - "third-party-cookie-accepted"/"third-party-cookie-rejected" with michael@0: * subject: the nsIURI of the third-party that attempted to set the cookie; michael@0: * data: a string holding the uri of the page seen by the user. michael@0: */ michael@0: observe: function(docURI, topic, referrer) { michael@0: try { michael@0: if (topic == "profile-before-change") { michael@0: // A final flush, then unregister michael@0: this.flush(); michael@0: this.dispose(); michael@0: } michael@0: if (topic != "third-party-cookie-accepted" michael@0: && topic != "third-party-cookie-rejected") { michael@0: // Not a third-party cookie michael@0: return; michael@0: } michael@0: // Add host to this._thirdPartyCookies michael@0: // Note: nsCookieService passes "?" if the issuer is unknown. Avoid michael@0: // normalizing in this case since its not a valid URI. michael@0: let firstParty = (referrer === "?") ? referrer : normalizeHost(referrer); michael@0: let thirdParty = normalizeHost(docURI.QueryInterface(Ci.nsIURI).host); michael@0: let data = this._thirdPartyCookies.get(thirdParty); michael@0: if (!data) { michael@0: data = new RejectStats(); michael@0: this._thirdPartyCookies.set(thirdParty, data); michael@0: } michael@0: if (topic == "third-party-cookie-accepted") { michael@0: data.addAccepted(firstParty); michael@0: } else { michael@0: data.addRejected(firstParty); michael@0: } michael@0: } catch (ex) { michael@0: if (ex instanceof Ci.nsIXPCException) { michael@0: if (ex.result == Cr.NS_ERROR_HOST_IS_IP_ADDRESS || michael@0: ex.result == Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) { michael@0: return; michael@0: } michael@0: } michael@0: // Other errors should not remain silent. michael@0: Services.console.logStringMessage("ThirdPartyCookieProbe: Uncaught error " + ex + "\n" + ex.stack); michael@0: } michael@0: }, michael@0: michael@0: /** michael@0: * Clear internal data, fill up corresponding histograms. michael@0: * michael@0: * @param {number} aNow (optional, used for testing purposes only) michael@0: * The current instant. Used to make tests time-independent. michael@0: */ michael@0: flush: function(aNow = Date.now()) { michael@0: let updays = (aNow - this._latestFlush) / MILLISECONDS_PER_DAY; michael@0: if (updays <= 0) { michael@0: // Unlikely, but regardless, don't risk division by zero michael@0: // or weird stuff. michael@0: return; michael@0: } michael@0: this._latestFlush = aNow; michael@0: let acceptedSites = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_SITES_ACCEPTED"); michael@0: let rejectedSites = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_SITES_BLOCKED"); michael@0: let acceptedRequests = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_ATTEMPTS_ACCEPTED"); michael@0: let rejectedRequests = Services.telemetry.getHistogramById("COOKIES_3RDPARTY_NUM_ATTEMPTS_BLOCKED"); michael@0: for (let [k, data] of this._thirdPartyCookies) { michael@0: acceptedSites.add(data.countAcceptedSites / updays); michael@0: rejectedSites.add(data.countRejectedSites / updays); michael@0: acceptedRequests.add(data.countAcceptedRequests / updays); michael@0: rejectedRequests.add(data.countRejectedRequests / updays); michael@0: } michael@0: this._thirdPartyCookies.clear(); michael@0: } michael@0: }; michael@0: michael@0: /** michael@0: * Data gathered on cookies that a third party site has attempted to set. michael@0: * michael@0: * Privacy note: the only data actually sent to the server is the size of michael@0: * the sets. michael@0: * michael@0: * @constructor michael@0: */ michael@0: let RejectStats = function() { michael@0: /** michael@0: * The set of all sites for which we have accepted third-party cookies. michael@0: */ michael@0: this._acceptedSites = new Set(); michael@0: /** michael@0: * The set of all sites for which we have rejected third-party cookies. michael@0: */ michael@0: this._rejectedSites = new Set(); michael@0: /** michael@0: * Total number of attempts to set a third-party cookie that have michael@0: * been accepted. Two accepted attempts on the same site will both michael@0: * augment this count. michael@0: */ michael@0: this._acceptedRequests = 0; michael@0: /** michael@0: * Total number of attempts to set a third-party cookie that have michael@0: * been rejected. Two rejected attempts on the same site will both michael@0: * augment this count. michael@0: */ michael@0: this._rejectedRequests = 0; michael@0: }; michael@0: RejectStats.prototype = { michael@0: addAccepted: function(firstParty) { michael@0: this._acceptedSites.add(firstParty); michael@0: this._acceptedRequests++; michael@0: }, michael@0: addRejected: function(firstParty) { michael@0: this._rejectedSites.add(firstParty); michael@0: this._rejectedRequests++; michael@0: }, michael@0: get countAcceptedSites() { michael@0: return this._acceptedSites.size; michael@0: }, michael@0: get countRejectedSites() { michael@0: return this._rejectedSites.size; michael@0: }, michael@0: get countAcceptedRequests() { michael@0: return this._acceptedRequests; michael@0: }, michael@0: get countRejectedRequests() { michael@0: return this._rejectedRequests; michael@0: } michael@0: }; michael@0: michael@0: /** michael@0: * Normalize a host to its eTLD + 1. michael@0: */ michael@0: function normalizeHost(host) { michael@0: return Services.eTLD.getBaseDomainFromHost(host); michael@0: };