Bug 1253740 - Hash extension ID to obfuscate installed add-ons, r=bsilverberg,kmag
☠☠ backed out by 796ad3765645 ☠ ☠
authorEthan Glasser-Camp <eglassercamp@mozilla.com>
Thu, 28 Jul 2016 12:20:42 -0400
changeset 320163 97a6ee1fddfced804aa7e516d3fc5ff4feb30a00
parent 320162 5cf17eb2fefecb0df2e275f1d1757b0c0b73354a
child 320164 486a200fd6f086bdb2f32fa044f87a09144d0be2
push id20751
push userphilringnalda@gmail.com
push dateSun, 30 Oct 2016 18:06:35 +0000
treeherderfx-team@e3279760cd97 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsilverberg, kmag
bugs1253740
milestone52.0a1
Bug 1253740 - Hash extension ID to obfuscate installed add-ons, r=bsilverberg,kmag MozReview-Commit-ID: ASBrDxIq2lF
toolkit/components/extensions/ExtensionStorageSync.jsm
toolkit/components/extensions/test/xpcshell/test_ext_storage_sync.js
--- a/toolkit/components/extensions/ExtensionStorageSync.jsm
+++ b/toolkit/components/extensions/ExtensionStorageSync.jsm
@@ -355,19 +355,16 @@ function cleanUpForContext(extension, co
  *                    be opened.
  * @param {Context} context
  *                  The context for this extension. The Collection
  *                  will shut down automatically when all contexts
  *                  close.
  * @returns {Promise<Collection>}
  */
 const openCollection = Task.async(function* (extension, context) {
-  // FIXME: This leaks metadata about what extensions a user has
-  // installed.  We should calculate collection ID using a hash of
-  // user ID, extension ID, and some secret.
   let collectionId = extension.id;
   const db = makeKinto();
   const coll = db.collection(collectionId, {
     idSchema: storageSyncIdSchema,
     remoteTransformers: [new CollectionKeyEncryptionRemoteTransformer(extension.id)],
   });
   yield coll.db.open();
   yield cryptoCollection.incrementUses();
@@ -427,18 +424,17 @@ this.ExtensionStorageSync = {
 
   sync: Task.async(function* (extension, collection) {
     const signedInUser = yield this._fxaService.getSignedInUser();
     if (!signedInUser) {
       // FIXME: this should support syncing to self-hosted
       log.info("User was not signed into FxA; cannot sync");
       throw new Error("Not signed in to FxA");
     }
-    // FIXME: this leaks metadata about what extensions are being used
-    const collectionId = extension.id;
+    const collectionId = extensionIdToCollectionId(signedInUser, extension.id);
     let syncResults;
     try {
       syncResults = yield this._syncCollection(collection, {
         strategy: "client_wins",
         collection: collectionId,
       });
     } catch (err) {
       log.warn("Syncing failed", err);
--- a/toolkit/components/extensions/test/xpcshell/test_ext_storage_sync.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_storage_sync.js
@@ -323,31 +323,30 @@ function assertKeyRingKey(keyRing, exten
   ok(keyRing.hasKeysFor([extensionId]),
      `expected keyring to have a key for ${extensionId}\n`);
   deepEqual(keyRing.keyForCollection(extensionId).keyPairB64, expectedKey.keyPairB64,
             message);
 }
 
 // Tests using this ID will share keys in local storage, so be careful.
 const extensionId = "{13bdde76-4dc7-11e6-9bdc-54ee758d6342}";
-// FIXME: need to access whatever mechanism we use in the syncing code
-const collectionId = extensionId;
 const extension = {id: extensionId};
 
 const BORING_KB = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
 const ANOTHER_KB = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde0";
 const loggedInUser = {
   uid: "0123456789abcdef0123456789abcdef",
   kB: BORING_KB,
   oauthTokens: {
     "sync:addon-storage": {
       token: "some-access-token",
     },
   },
 };
+const collectionId = extensionIdToCollectionId(loggedInUser, extensionId);
 
 function uuid() {
   const uuidgen = Cc["@mozilla.org/uuid-generator;1"].getService(Ci.nsIUUIDGenerator);
   return uuidgen.generateUUID();
 }
 
 add_task(function* test_key_to_id() {
   equal(keyToId("foo"), "key-foo");