michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: this.EXPORTED_SYMBOLS = ["SafeBrowsing"]; michael@0: michael@0: const Cc = Components.classes; michael@0: const Ci = Components.interfaces; michael@0: const Cu = Components.utils; michael@0: michael@0: Cu.import("resource://gre/modules/Services.jsm"); michael@0: michael@0: // Skip all the ones containining "test", because we never need to ask for michael@0: // updates for them. michael@0: function getLists(prefName) { michael@0: let pref = Services.prefs.getCharPref(prefName); michael@0: // Splitting an empty string returns [''], we really want an empty array. michael@0: if (!pref) { michael@0: return []; michael@0: } michael@0: return pref.split(",") michael@0: .filter(function(value) { return value.indexOf("test-") == -1; }) michael@0: .map(function(value) { return value.trim(); }); michael@0: } michael@0: michael@0: // These may be a comma-separated lists of tables. michael@0: const phishingLists = getLists("urlclassifier.phish_table"); michael@0: const malwareLists = getLists("urlclassifier.malware_table"); michael@0: const downloadBlockLists = getLists("urlclassifier.downloadBlockTable"); michael@0: const downloadAllowLists = getLists("urlclassifier.downloadAllowTable"); michael@0: michael@0: var debug = false; michael@0: function log(...stuff) { michael@0: if (!debug) michael@0: return; michael@0: michael@0: let msg = "SafeBrowsing: " + stuff.join(" "); michael@0: Services.console.logStringMessage(msg); michael@0: dump(msg + "\n"); michael@0: } michael@0: michael@0: this.SafeBrowsing = { michael@0: michael@0: init: function() { michael@0: if (this.initialized) { michael@0: log("Already initialized"); michael@0: return; michael@0: } michael@0: michael@0: Services.prefs.addObserver("browser.safebrowsing", this.readPrefs.bind(this), false); michael@0: this.readPrefs(); michael@0: michael@0: // Register our two types of tables, and add custom Mozilla entries michael@0: let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]. michael@0: getService(Ci.nsIUrlListManager); michael@0: for (let i = 0; i < phishingLists.length; ++i) { michael@0: listManager.registerTable(phishingLists[i], false); michael@0: } michael@0: for (let i = 0; i < malwareLists.length; ++i) { michael@0: listManager.registerTable(malwareLists[i], false); michael@0: } michael@0: for (let i = 0; i < downloadBlockLists.length; ++i) { michael@0: listManager.registerTable(downloadBlockLists[i], false); michael@0: } michael@0: for (let i = 0; i < downloadAllowLists.length; ++i) { michael@0: listManager.registerTable(downloadAllowLists[i], false); michael@0: } michael@0: this.addMozEntries(); michael@0: michael@0: this.controlUpdateChecking(); michael@0: this.initialized = true; michael@0: michael@0: log("init() finished"); michael@0: }, michael@0: michael@0: michael@0: initialized: false, michael@0: phishingEnabled: false, michael@0: malwareEnabled: false, michael@0: michael@0: updateURL: null, michael@0: gethashURL: null, michael@0: michael@0: reportURL: null, michael@0: reportGenericURL: null, michael@0: reportErrorURL: null, michael@0: reportPhishURL: null, michael@0: reportMalwareURL: null, michael@0: reportMalwareErrorURL: null, michael@0: michael@0: michael@0: getReportURL: function(kind) { michael@0: return this["report" + kind + "URL"]; michael@0: }, michael@0: michael@0: michael@0: readPrefs: function() { michael@0: log("reading prefs"); michael@0: michael@0: debug = Services.prefs.getBoolPref("browser.safebrowsing.debug"); michael@0: this.phishingEnabled = Services.prefs.getBoolPref("browser.safebrowsing.enabled"); michael@0: this.malwareEnabled = Services.prefs.getBoolPref("browser.safebrowsing.malware.enabled"); michael@0: this.updateProviderURLs(); michael@0: michael@0: // XXX The listManager backend gets confused if this is called before the michael@0: // lists are registered. So only call it here when a pref changes, and not michael@0: // when doing initialization. I expect to refactor this later, so pardon the hack. michael@0: if (this.initialized) michael@0: this.controlUpdateChecking(); michael@0: }, michael@0: michael@0: michael@0: updateProviderURLs: function() { michael@0: try { michael@0: var clientID = Services.prefs.getCharPref("browser.safebrowsing.id"); michael@0: } catch(e) { michael@0: var clientID = Services.appinfo.name; michael@0: } michael@0: michael@0: log("initializing safe browsing URLs, client id ", clientID); michael@0: let basePref = "browser.safebrowsing."; michael@0: michael@0: // Urls to HTML report pages michael@0: this.reportURL = Services.urlFormatter.formatURLPref(basePref + "reportURL"); michael@0: this.reportGenericURL = Services.urlFormatter.formatURLPref(basePref + "reportGenericURL"); michael@0: this.reportErrorURL = Services.urlFormatter.formatURLPref(basePref + "reportErrorURL"); michael@0: this.reportPhishURL = Services.urlFormatter.formatURLPref(basePref + "reportPhishURL"); michael@0: this.reportMalwareURL = Services.urlFormatter.formatURLPref(basePref + "reportMalwareURL"); michael@0: this.reportMalwareErrorURL = Services.urlFormatter.formatURLPref(basePref + "reportMalwareErrorURL"); michael@0: michael@0: // Urls used to update DB michael@0: this.updateURL = Services.urlFormatter.formatURLPref(basePref + "updateURL"); michael@0: this.gethashURL = Services.urlFormatter.formatURLPref(basePref + "gethashURL"); michael@0: michael@0: this.updateURL = this.updateURL.replace("SAFEBROWSING_ID", clientID); michael@0: this.gethashURL = this.gethashURL.replace("SAFEBROWSING_ID", clientID); michael@0: michael@0: let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]. michael@0: getService(Ci.nsIUrlListManager); michael@0: michael@0: listManager.setUpdateUrl(this.updateURL); michael@0: listManager.setGethashUrl(this.gethashURL); michael@0: }, michael@0: michael@0: michael@0: controlUpdateChecking: function() { michael@0: log("phishingEnabled:", this.phishingEnabled, "malwareEnabled:", this.malwareEnabled); michael@0: michael@0: let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]. michael@0: getService(Ci.nsIUrlListManager); michael@0: michael@0: for (let i = 0; i < phishingLists.length; ++i) { michael@0: if (this.phishingEnabled) { michael@0: listManager.enableUpdate(phishingLists[i]); michael@0: } else { michael@0: listManager.disableUpdate(phishingLists[i]); michael@0: } michael@0: } michael@0: for (let i = 0; i < malwareLists.length; ++i) { michael@0: if (this.malwareEnabled) { michael@0: listManager.enableUpdate(malwareLists[i]); michael@0: } else { michael@0: listManager.disableUpdate(malwareLists[i]); michael@0: } michael@0: } michael@0: for (let i = 0; i < downloadBlockLists.length; ++i) { michael@0: if (this.malwareEnabled) { michael@0: listManager.enableUpdate(downloadBlockLists[i]); michael@0: } else { michael@0: listManager.disableUpdate(downloadBlockLists[i]); michael@0: } michael@0: } michael@0: for (let i = 0; i < downloadAllowLists.length; ++i) { michael@0: if (this.malwareEnabled) { michael@0: listManager.enableUpdate(downloadAllowLists[i]); michael@0: } else { michael@0: listManager.disableUpdate(downloadAllowLists[i]); michael@0: } michael@0: } michael@0: }, michael@0: michael@0: michael@0: addMozEntries: function() { michael@0: // Add test entries to the DB. michael@0: // XXX bug 779008 - this could be done by DB itself? michael@0: const phishURL = "itisatrap.org/firefox/its-a-trap.html"; michael@0: const malwareURL = "itisatrap.org/firefox/its-an-attack.html"; michael@0: michael@0: let update = "n:1000\ni:test-malware-simple\nad:1\n" + michael@0: "a:1:32:" + malwareURL.length + "\n" + michael@0: malwareURL; michael@0: update += "n:1000\ni:test-phish-simple\nad:1\n" + michael@0: "a:1:32:" + phishURL.length + "\n" + michael@0: phishURL; michael@0: log("addMozEntries:", update); michael@0: michael@0: let db = Cc["@mozilla.org/url-classifier/dbservice;1"]. michael@0: getService(Ci.nsIUrlClassifierDBService); michael@0: michael@0: // nsIUrlClassifierUpdateObserver michael@0: let dummyListener = { michael@0: updateUrlRequested: function() { }, michael@0: streamFinished: function() { }, michael@0: updateError: function() { }, michael@0: updateSuccess: function() { } michael@0: }; michael@0: michael@0: try { michael@0: db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple", ""); michael@0: db.beginStream("", ""); michael@0: db.updateStream(update); michael@0: db.finishStream(); michael@0: db.finishUpdate(); michael@0: } catch(ex) { michael@0: // beginUpdate will throw harmlessly if there's an existing update in progress, ignore failures. michael@0: log("addMozEntries failed!", ex); michael@0: } michael@0: }, michael@0: };