Content policy debug
☠☠ backed out by 2651e506b5ad ☠ ☠
authorJorg K <jorgk@jorgk.com>
Wed, 12 Jul 2017 07:37:18 +0200
changeset 28434 f55d2d1ba03e9659d728d5b2a5612e1a8c04e9a1
parent 28433 873ddce7e8e6f9b9272789154752207cb6556652
child 28435 25fbd7cc2990dbbc6ec7ca67cdc066e01470e0ee
push id1986
push userclokep@gmail.com
push dateWed, 02 Aug 2017 14:43:31 +0000
treeherdercomm-beta@b51c9adf2c9e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
Content policy debug
mailnews/base/src/nsMsgContentPolicy.cpp
--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@@ -142,32 +142,57 @@ nsMsgContentPolicy::ShouldLoad(uint32_t 
                                nsIURI           *aContentLocation,
                                nsIURI           *aRequestingLocation,
                                nsISupports      *aRequestingContext,
                                const nsACString &aMimeGuess,
                                nsISupports      *aExtra,
                                nsIPrincipal     *aRequestPrincipal,
                                int16_t          *aDecision)
 {
+  nsAutoCString spec;
+  aContentLocation->GetSpec(spec);
+  printf("=== nsMsgContentPolicy::ShouldLoad: URI=|%s|\n", spec.get());
+  if (spec.Find("part=") != kNotFound) {
+    printf("=== nsMsgContentPolicy::ShouldLoad: this is a message part\n");
+  }
+  if (aRequestingLocation)
+   printf("=== aRequestingLocation = %s\n", aRequestingLocation->GetSpecOrDefault().get());
+  
+  if (aRequestPrincipal) {
+    bool sp = nsContentUtils::IsSystemPrincipal(aRequestPrincipal);
+    bool cp = aRequestPrincipal->GetIsCodebasePrincipal();
+    bool np = aRequestPrincipal->GetIsNullPrincipal();
+    printf("=== nsMsgContentPolicy::ShouldLoad: Request Principal Sys/Code/Null Principal: %d/%d/%d\n",
+    sp?1:0, cp?1:0, np?1:0);
+    if (cp) {
+      nsCOMPtr<nsIURI> principalURI;
+      aRequestPrincipal->GetURI(getter_AddRefs(principalURI));
+      nsAutoCString principalURISpec;
+      principalURI->GetSpec(principalURISpec);
+      printf("=== nsMsgContentPolicy::ShouldLoad: CodebasePrincipal=|%s|\n", principalURISpec.get());
+    }
+  } else
+    printf("=== nsMsgContentPolicy::ShouldLoad: Request Principal is NULL\n");
+
   nsresult rv = NS_OK;
   // The default decision at the start of the function is to accept the load.
   // Once we have checked the content type and the requesting location, then
   // we switch it to reject.
   //
   // Be very careful about returning error codes - if this method returns an
   // NS_ERROR_*, any decision made here will be ignored, and the document could
   // be accepted when we don't want it to be.
   //
   // In most cases if an error occurs, its something we didn't expect so we
   // should be rejecting the document anyway.
   *aDecision = nsIContentPolicy::ACCEPT;
 
   NS_ENSURE_ARG_POINTER(aContentLocation);
 
-#ifdef DEBUG_MsgContentPolicy
+#if 0
   fprintf(stderr, "aContentType: %d\naContentLocation = %s\n",
           aContentType,
           aContentLocation->GetSpecOrDefault().get());
 #endif
 
 #ifndef MOZ_THUNDERBIRD
   // Go find out if we are dealing with mailnews. Anything else
   // isn't our concern and we accept content.
@@ -175,66 +200,67 @@ nsMsgContentPolicy::ShouldLoad(uint32_t 
   rv = GetRootDocShellForContext(aRequestingContext,
                                  getter_AddRefs(rootDocShell));
   NS_ENSURE_SUCCESS(rv, rv);
 
   uint32_t appType;
   rv = rootDocShell->GetAppType(&appType);
   // We only want to deal with mailnews
   if (NS_FAILED(rv) || appType != nsIDocShell::APP_TYPE_MAIL)
-    return NS_OK;
+    { printf("=== returning (1) %d\n", (int) *aDecision); return NS_OK; }
 #endif
 
   switch(aContentType) {
     // Plugins (nsIContentPolicy::TYPE_OBJECT) are blocked on document load.
   case nsIContentPolicy::TYPE_DOCUMENT:
     // At this point, we have no intention of supporting a different JS
     // setting on a subdocument, so we don't worry about TYPE_SUBDOCUMENT here.
 
     // If the timing were right, we'd enable JavaScript on the docshell
     // for non mailnews URIs here.  However, at this point, the
     // old document may still be around, so we can't do any enabling just yet.
     // Instead, we apply the policy in nsIWebProgressListener::OnLocationChange.
     // For now, we explicitly disable JavaScript in order to be safe rather than
     // sorry, because OnLocationChange isn't guaranteed to necessarily be called
     // soon enough to disable it in time (though bz says it _should_ be called
     // soon enough "in all sane cases").
+    printf("=== nsMsgContentPolicy::ShouldLoad calling SetDisableItemsOnMailNewsUrlDocshells\n");
     rv = SetDisableItemsOnMailNewsUrlDocshells(aContentLocation,
                                                aRequestingContext);
     // if something went wrong during the tweaking, reject this content
     if (NS_FAILED(rv)) {
       NS_WARNING("Failed to set disable items on docShells");
       *aDecision = nsIContentPolicy::REJECT_TYPE;
-      return NS_OK;
+      printf("=== returning (2) %d\n", (int)*aDecision); return NS_OK;
     }
     break;
 
   case nsIContentPolicy::TYPE_CSP_REPORT:
     // We cannot block CSP reports.
     *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
+    printf("=== returning (3A) %d\n", (int) *aDecision); return NS_OK;
     break;
 
   default:
     break;
   }
 
   // NOTE: Not using NS_ENSURE_ARG_POINTER because this is a legitimate case
   // that can happen.  Also keep in mind that the default policy used for a
   // failure code is ACCEPT.
   if (!aRequestingLocation)
-    return NS_ERROR_INVALID_POINTER;
+    { printf("=== returning no request location\n"); return NS_ERROR_INVALID_POINTER; }
 
 #ifdef DEBUG_MsgContentPolicy
   fprintf(stderr, "aRequestingLocation = %s\n", aRequestingLocation->GetSpecOrDefault().get());
 #endif
 
   // If the requesting location is safe, accept the content location request.
   if (IsSafeRequestingLocation(aRequestingLocation))
-    return rv;
+    { printf("=== returning on safe\n"); return rv; }
 
   // Now default to reject so early returns via NS_ENSURE_SUCCESS
   // cause content to be rejected.
   *aDecision = nsIContentPolicy::REJECT_REQUEST;
 
   // We want to establish the following:
   // \--------\  requester    |               |              |
   // content   \------------\ |               |              |
@@ -246,137 +272,141 @@ nsMsgContentPolicy::ShouldLoad(uint32_t 
   // news message             | don't load (4)| load (5)     | load (6)
   // -------------------------+---------------+--------------+------------------
   // http(s)/data, etc.       | (default)     | (default)    | (default)
   // -------------------------+---------------+--------------+------------------
   nsCOMPtr<nsIMsgMessageUrl> contentURL(do_QueryInterface(aContentLocation));
   if (contentURL) {
     nsCOMPtr<nsINntpUrl> contentNntpURL(do_QueryInterface(aContentLocation));
     if (!contentNntpURL) {
+      printf("=== content NOT news\n");
       // Mail message (mailbox, imap or JsAccount) content requested, for example
       // a message part, like an image:
       // To load mail message content the requester must have the same
       // "normalised" principal. This is basically a "same origin" test, it
       // protects against cross-loading of mail message content from
       // other mail or news messages.
       nsCOMPtr<nsIMsgMessageUrl> requestURL(do_QueryInterface(aRequestingLocation));
       // If the request URL is not also a message URL, then we don't accept.
       if (requestURL) {
         nsCString contentPrincipalSpec, requestPrincipalSpec;
         nsresult rv1 = contentURL->GetPrincipalSpec(contentPrincipalSpec);
         nsresult rv2 = requestURL->GetPrincipalSpec(requestPrincipalSpec);
+        printf("=== content principal spec: |%s|\n", contentPrincipalSpec.get());
+        printf("=== request principal spec: |%s|\n", requestPrincipalSpec.get());
         if (NS_SUCCEEDED(rv1) && NS_SUCCEEDED(rv2) &&
             contentPrincipalSpec.Equals(requestPrincipalSpec))
           *aDecision = nsIContentPolicy::ACCEPT; // (1)
       }
-      return NS_OK; // (2) and (3)
+      printf("=== returning (3B) %d\n", (int) *aDecision); return NS_OK; // (2) and (3)
     }
 
+    printf("=== content IS news\n");
     // News message content requested. Don't accept request coming
     // from a mail message since it would access the news server.
     nsCOMPtr<nsIMsgMessageUrl> requestURL(do_QueryInterface(aRequestingLocation));
     if (requestURL) {
       nsCOMPtr<nsINntpUrl> requestNntpURL(do_QueryInterface(aRequestingLocation));
       if (!requestNntpURL)
-        return NS_OK; // (4)
+        { printf("=== returning (3C) %d\n", (int) *aDecision); return NS_OK; } // (4)
     }
     *aDecision = nsIContentPolicy::ACCEPT; // (5) and (6)
-    return NS_OK;
+    printf("=== returning (3D) %d\n", (int) *aDecision); return NS_OK;
   }
 
   // If exposed protocol not covered by the test above or protocol that has been
   // specifically exposed by an add-on, or is a chrome url, then allow the load.
   if (IsExposedProtocol(aContentLocation))
   {
     *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
+    printf("=== returning (4) %d\n", (int) *aDecision); return NS_OK;
   }
 
   // never load unexposed protocols except for http, https and file.
   // Protocols like ftp are always blocked.
   if (ShouldBlockUnexposedProtocol(aContentLocation))
-    return NS_OK;
+    { printf("=== returning (5) %d\n", (int)*aDecision); return NS_OK;}
 
   // If we are allowing all remote content...
   if (!mBlockRemoteImages)
   {
     *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
+    printf("=== returning (6) %d\n", (int) *aDecision); return NS_OK;
   }
 
   // Extract the windowtype to handle compose windows separately from mail
   if (aRequestingContext)
   {
     nsCOMPtr<nsIMsgCompose> msgCompose =
       GetMsgComposeForContext(aRequestingContext);
     // Work out if we're in a compose window or not.
     if (msgCompose)
     {
       ComposeShouldLoad(msgCompose, aRequestingContext, aContentLocation,
                         aDecision);
-      return NS_OK;
+      printf("=== returning (7) %d\n", (int) *aDecision); return NS_OK;
     }
   }
 
   // Find out the URI that originally initiated the set of requests for this
   // context.
   nsCOMPtr<nsIURI> originatorLocation;
   if (!aRequestingContext && aRequestPrincipal)
   {
     // Can get the URI directly from the principal.
     rv = aRequestPrincipal->GetURI(getter_AddRefs(originatorLocation));
   }
   else
   {
     rv = GetOriginatingURIForContext(aRequestingContext,
                                      getter_AddRefs(originatorLocation));
     if (NS_SUCCEEDED(rv) && !originatorLocation)
-      return NS_OK;
+      { printf("=== returning (8) %d\n", (int) *aDecision); return NS_OK; }
   }
   NS_ENSURE_SUCCESS(rv, NS_OK);
 
 #ifdef DEBUG_MsgContentPolicy
   fprintf(stderr, "originatorLocation = %s\n", originatorLocation->GetSpecOrDefault().get());
 #endif
 
   // Allow content when using a remote page.
   bool isHttp;
   bool isHttps;
   rv = originatorLocation->SchemeIs("http", &isHttp);
   nsresult rv2 = originatorLocation->SchemeIs("https", &isHttps);
   if (NS_SUCCEEDED(rv) && NS_SUCCEEDED(rv2) && (isHttp || isHttps))
   {
-    *aDecision = nsIContentPolicy::ACCEPT;
+    printf("=== returning (9) %d\n", (int)*aDecision); return NS_OK;
     return NS_OK;
   }
 
   uint32_t permission;
   mPermissionManager->TestPermission(aContentLocation, "image", &permission);
   switch (permission) {
     case nsIPermissionManager::UNKNOWN_ACTION:
     {
       // No exception was found for this location.
       break;
     }
     case nsIPermissionManager::ALLOW_ACTION:
     {
       *aDecision = nsIContentPolicy::ACCEPT;
-      return NS_OK;
+      printf("=== returning (10) %d\n", (int) *aDecision); return NS_OK;
     }
     case nsIPermissionManager::DENY_ACTION:
     {
       *aDecision = nsIContentPolicy::REJECT_REQUEST;
-      return NS_OK;
+      printf("=== returning (11) %d\n", (int) *aDecision); return NS_OK;
     }
   }
 
   // The default decision is still to reject.
   ShouldAcceptContentForPotentialMsg(originatorLocation, aContentLocation,
                                      aDecision);
-  return NS_OK;
+  printf("=== returning (12) %d\n", (int) *aDecision); return NS_OK;
 }
 
 /**
  * Determines if the requesting location is a safe one, i.e. its under the
  * app/user's control - so file, about, chrome etc.
  */
 bool
 nsMsgContentPolicy::IsSafeRequestingLocation(nsIURI *aRequestingLocation)
@@ -717,33 +747,38 @@ already_AddRefed<nsIMsgCompose> nsMsgCon
   composeService->GetMsgComposeForDocShell(docShell,
                                            getter_AddRefs(msgCompose));
   return msgCompose.forget();
 }
 
 nsresult nsMsgContentPolicy::SetDisableItemsOnMailNewsUrlDocshells(
   nsIURI *aContentLocation, nsISupports *aRequestingContext)
 {
+  nsAutoCString spec;
+  aContentLocation->GetSpec(spec);
+  printf("=== SetDisableItemsOnMailNewsUrlDocshells: URI=|%s|\n", spec.get());
   // XXX if this class changes so that this method can be called from
   // ShouldProcess, and if it's possible for this to be null when called from
   // ShouldLoad, but not in the corresponding ShouldProcess call,
   // we need to re-think the assumptions underlying this code.
 
   // If there's no docshell to get to, there's nowhere for the JavaScript to
   // run, so we're already safe and don't need to disable anything.
   if (!aRequestingContext) {
+    printf("=== SetDisableItemsOnMailNewsUrlDocshells: bailing early (1)\n");
     return NS_OK;
   }
 
   nsresult rv;
   bool isAllowedContent = !ShouldBlockUnexposedProtocol(aContentLocation);
   nsCOMPtr<nsIMsgMessageUrl> msgUrl = do_QueryInterface(aContentLocation, &rv);
   if (NS_FAILED(rv) && !isAllowedContent) {
     // If it's not a mailnews url or allowed content url (http[s]|file) then
     // bail; otherwise set whether js and plugins are allowed.
+    printf("=== SetDisableItemsOnMailNewsUrlDocshells: bailing early (2)\n");
     return NS_OK;
   }
 
   // since NS_CP_GetDocShellFromContext returns the containing docshell rather
   // than the contained one we need, we can't use that here, so...
   nsCOMPtr<nsIFrameLoaderOwner> flOwner = do_QueryInterface(aRequestingContext,
                                                             &rv);
   NS_ENSURE_SUCCESS(rv, rv);