Bug 1085382 - remove not working, not used dynamic phishing checks from thunderbird. r=mkmelin, a=mkmelin
authorISHIKAWA, Chiaki <ishikawa@yk.rim.or.jp>
Fri, 16 Jan 2015 18:51:00 +0200
changeset 21709 46a88d5a77209f838c2e764ebca5077c8e06e4ac
parent 21708 ad0936add5554d06e692e963079fd8ab91619542
child 21710 d2889360a9816f17578f8d4e782aff7c8ba88f20
push id1326
push usermbanner@mozilla.com
push dateMon, 30 Mar 2015 20:10:12 +0000
treeherdercomm-beta@69663dd6f687 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmkmelin, mkmelin
bugs1085382
Bug 1085382 - remove not working, not used dynamic phishing checks from thunderbird. r=mkmelin, a=mkmelin Was causing exception: unable to create the phishing warden: [Exception... "Not enough arguments [nsIUrlListManager.registerTable]" nsresult: "0x80570001 (NS_ERROR_XPC_NOT_ENOUGH_ARGS)" location: "JS frame :: file:///REF-OBJ-DIR/objdir-tb3/dist/bin/components/nsPhishingProtectionApplication.js :: PROT_ListWarden.prototype.registerWhiteTable :: line 358"
mail/app/profile/all-thunderbird.js
mail/base/content/phishingDetector.js
mail/components/moz.build
mail/installer/package-manifest.in
--- a/mail/app/profile/all-thunderbird.js
+++ b/mail/app/profile/all-thunderbird.js
@@ -431,36 +431,17 @@ pref("alerts.totalOpenTime", 10000);
 
 // analyze urls in mail messages for scams
 pref("mail.phishing.detection.enabled", true);
 // If phishing detection is enabled, allow fine grained control
 // of the local, static tests
 pref("mail.phishing.detection.ipaddresses", true);
 pref("mail.phishing.detection.mismatched_hosts", true);
 
-pref("browser.safebrowsing.enabled", false);
-
-// Non-enhanced mode (local url lists) URL list to check for updates
-pref("browser.safebrowsing.provider.0.updateURL", "");
-pref("browser.safebrowsing.dataProvider", 0);
-
-// Does the provider name need to be localizable?
-pref("browser.safebrowsing.provider.0.name", "");
-pref("browser.safebrowsing.provider.0.lookupURL", "");
-pref("browser.safebrowsing.provider.0.keyURL", "");
-pref("browser.safebrowsing.provider.0.reportURL", "");
-
-// HTML report pages
-pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
-
-// FAQ URL
-// XXX Firefox is hard-coded because we haven't got our own version yet.
-pref("browser.safebrowsing.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/phishing-protection/");
+pref("browser.safebrowsing.reportPhishURL", "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%");
 
 // prevent status-bar spoofing even if people are foolish enough to turn on JS
 pref("dom.disable_window_status_change",          true);
 
 // If a message is opened using Enter or a double click, what should we do?
 // 0 - open it in a new window
 // 1 - open it in an existing window
 // 2 - open it in a new tab
--- a/mail/base/content/phishingDetector.js
+++ b/mail/base/content/phishingDetector.js
@@ -6,54 +6,34 @@
 // gatherTextUnder from utilityOverlay.js
 
 Components.utils.import("resource://gre/modules/Services.jsm");
 
 const kPhishingNotSuspicious = 0;
 const kPhishingWithIPAddress = 1;
 const kPhishingWithMismatchedHosts = 2;
 
+
 var gPhishingDetector = {
   mCheckForIPAddresses: true,
   mCheckForMismatchedHosts: true,
-  mPhishingWarden: null,
 
   shutdown: function()
   {
-    try {
-      this.mPhishingWarden.shutdown();
-    } catch (ex) {}
   },
 
   /**
    * Initialize the phishing warden.
    * Initialize the black and white list url tables.
    * Update the local tables if necessary.
    */
   init: function()
   {
     Components.utils.import("resource:///modules/hostnameUtils.jsm", this);
 
-    try {
-      // set up the anti phishing service
-      var appContext = Components.classes["@mozilla.org/phishingprotection/application;1"]
-                         .getService().wrappedJSObject;
-
-      this.mPhishingWarden  = new appContext.PROT_PhishingWarden();
-
-      // Register tables
-      // XXX: move table names to a pref that we originally will download
-      // from the provider (need to workout protocol details)
-      this.mPhishingWarden.registerWhiteTable("goog-white-exp");
-      this.mPhishingWarden.registerBlackTable("goog-phish-sha128");
-
-      // Download/update lists if we're in non-enhanced mode
-      this.mPhishingWarden.maybeToggleUpdateChecking();
-    } catch (ex) { dump('unable to create the phishing warden: ' + ex + '\n');}
-
     this.mCheckForIPAddresses = Services.prefs.getBoolPref("mail.phishing.detection.ipaddresses");
     this.mCheckForMismatchedHosts = Services.prefs.getBoolPref("mail.phishing.detection.mismatched_hosts");
   },
 
   /**
    * Analyzes the urls contained in the currently loaded message in the message pane, looking for
    * phishing URLs.
    * Assumes the message has finished loading in the message pane (i.e. OnMsgParsed has fired).
@@ -146,71 +126,39 @@ var gPhishingDetector = {
         }
 
         if (!failsStaticTests && this.mCheckForMismatchedHosts)
         {
           failsStaticTests = (aLinkText &&
             this.misMatchedHostWithLinkText(hrefURL, aLinkText))
         }
       }
-
-      // Lookup the url against our local list. We want to do this even if the url fails our static
-      // test checks because the url might be in the white list.
-      if (this.mPhishingWarden)
-        this.mPhishingWarden.isEvilURL(gFolderDisplay.selectedMessage,
-                                       failsStaticTests, aUrl,
-                                       this.localListCallback);
-      else
-        this.localListCallback(gFolderDisplay.selectedMessage,
-                               failsStaticTests, aUrl, 2 /* not found */);
-    }
-  },
-
-  /**
-    *
-    * @param aMsgHdr the header for the loaded message when the look up was initiated.
-    * @param aFailsStaticTests true if our static tests think the url is a phishing scam
-    * @param aUrl the url we looked up in the phishing tables
-    * @param aLocalListStatus the result of the local lookup (PROT_ListWarden.IN_BLACKLIST,
-    *        PROT_ListWarden.IN_WHITELIST or PROT_ListWarden.NOT_FOUND.
-    */
-  localListCallback: function (aMsgHdr, aFailsStaticTests, aUrl, aLocalListStatus)
-  {
-    // for urls in the blacklist, notify the phishing bar.
-    // for urls in the whitelist, do nothing
-    // for all other urls, fall back to the static tests
-    if (aMsgHdr == gFolderDisplay.selectedMessage)
-    {
-      if (aLocalListStatus == 0 /* PROT_ListWarden.IN_BLACKLIST */ ||
-          (aLocalListStatus == 2 /* PROT_ListWarden.PROT_ListWarden.NOT_FOUND */ && aFailsStaticTests)) {
+      // We don't use dynamic checks anymore. The old implementation was removed
+      // in bug bug 1085382. Using the toolkit safebrowsing is bug 778611.
+      if (failsStaticTests) {
         gMessageNotificationBar.setPhishingMsg();
       }
     }
   },
 
   /**
-   * Looks up the report phishing url for the current phishing provider, appends aPhishingURL to the url,
-   * and loads it in the default browser where the user can submit the url as a phish.
+   * Opens the default browser to a page where the user can submit the given url
+   * as a phish.
    * @param aPhishingURL the url we want to report back as a phishing attack
    */
    reportPhishingURL: function(aPhishingURL)
    {
-     var appContext = Components.classes["@mozilla.org/phishingprotection/application;1"]
-                       .getService().wrappedJSObject;
-     var reportUrl = appContext.getReportPhishingURL();
-     if (reportUrl)
-     {
-       reportUrl += "&url=" + encodeURIComponent(aPhishingURL);
-       // now send the url to the default browser
+     let reportUrl = Services.urlFormatter.formatURLPref(
+       "browser.safebrowsing.reportPhishURL");
+     reportUrl += "&url=" + encodeURIComponent(aPhishingURL);
 
-       var uri = Services.io.newURI(reportUrl, null, null);
-       var protocolSvc = Components.classes["@mozilla.org/uriloader/external-protocol-service;1"]
-                         .getService(Components.interfaces.nsIExternalProtocolService);
-       protocolSvc.loadUrl(uri);
-     }
+     let uri = Services.io.newURI(reportUrl, null, null);
+     let protocolSvc = Components.classes["@mozilla.org/uriloader/external-protocol-service;1"]
+                       .getService(Components.interfaces.nsIExternalProtocolService);
+     protocolSvc.loadUrl(uri);
    },
 
   /**
    * Private helper method to determine if the link node contains a user visible
    * url with a host name that differs from the actual href the user would get
    * taken to.
    * i.e. <a href="http://myevilsite.com">http://mozilla.org</a>
    *
--- a/mail/components/moz.build
+++ b/mail/components/moz.build
@@ -18,19 +18,16 @@ DIRS += [
     'wintaskbar',
     'newmailaccount',
     'im',
 ]
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk2', 'cocoa', 'qt'):
     DIRS += ['shell']
 
-if CONFIG['MOZ_SAFE_BROWSING']:
-    DIRS += ['phishing']
-
 TEST_DIRS += ['test']
 
 DIRS += ['build']
 
 XPIDL_SOURCES += [
     'nsIMailGlue.idl',
 ]
 
--- a/mail/installer/package-manifest.in
+++ b/mail/installer/package-manifest.in
@@ -392,18 +392,16 @@
 @RESPATH@/components/spellchecker.xpt
 
 ; misson control, autoconfig
 @RESPATH@/defaults/autoconfig/platform.js
 @RESPATH@/defaults/autoconfig/prefcalls.js
 @RESPATH@/components/autoconfig.xpt
 
 ; Phishing Protection
-@RESPATH@/components/phishing.manifest
-@RESPATH@/components/nsPhishingProtectionApplication.js
 @RESPATH@/components/nsUrlClassifierListManager.js
 @RESPATH@/components/nsUrlClassifierHashCompleter.js
 @RESPATH@/components/nsUrlClassifierLib.js
 @RESPATH@/components/nsURLClassifier.manifest
 @RESPATH@/components/url-classifier.xpt
 
 ; Address Book autocomplete
 @RESPATH@/components/nsAbAutoCompleteMyDomain.js