Bug 1070251 - Anonymize non-chrome inProcessTabChildGlobal URLs in memory reports when necessary. r=khuey, a=sledru
authorNicholas Nethercote <nnethercote@mozilla.com>
Wed, 24 Sep 2014 19:08:20 -0700
changeset 216848 09dcf9d94d33
parent 216847 e60e089a7904
child 216849 32d5ee00c3ab
push id3940
push userryanvm@gmail.com
push date2014-09-25 16:25 +0000
treeherdermozilla-beta@09dcf9d94d33 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey, sledru
bugs1070251
milestone33.0
Bug 1070251 - Anonymize non-chrome inProcessTabChildGlobal URLs in memory reports when necessary. r=khuey, a=sledru
content/base/src/nsInProcessTabChildGlobal.cpp
js/xpconnect/src/XPCJSRuntime.cpp
toolkit/components/aboutmemory/tests/test_memoryReporters.xul
--- a/content/base/src/nsInProcessTabChildGlobal.cpp
+++ b/content/base/src/nsInProcessTabChildGlobal.cpp
@@ -300,16 +300,18 @@ nsInProcessTabChildGlobal::PreHandleEven
 #endif
 
   return NS_OK;
 }
 
 nsresult
 nsInProcessTabChildGlobal::InitTabChildGlobal()
 {
+  // If you change this, please change GetCompartmentName() in XPCJSRuntime.cpp
+  // accordingly.
   nsAutoCString id;
   id.AssignLiteral("inProcessTabChildGlobal");
   nsIURI* uri = mOwner->OwnerDoc()->GetDocumentURI();
   if (uri) {
     nsAutoCString u;
     uri->GetSpec(u);
     id.AppendLiteral("?ownedBy=");
     id.Append(u);
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -1657,19 +1657,19 @@ GetCompartmentName(JSCompartment *c, nsC
         if (compartmentPrivate) {
             const nsACString& location = compartmentPrivate->GetLocation();
             if (!location.IsEmpty() && !location.Equals(name)) {
                 name.AppendLiteral(", ");
                 name.Append(location);
             }
         }
 
-        // We might have a file:// URL that includes paths from the local
-        // filesystem, which should be omitted if we're anonymizing.
         if (*anonymizeID) {
+            // We might have a file:// URL that includes a path from the local
+            // filesystem, which should be omitted if we're anonymizing.
             static const char *filePrefix = "file://";
             int filePos = name.Find(filePrefix);
             if (filePos >= 0) {
                 int pathPos = filePos + strlen(filePrefix);
                 int lastSlashPos = -1;
                 for (int i = pathPos; i < int(name.Length()); i++) {
                     if (name[i] == '/' || name[i] == '\\') {
                         lastSlashPos = i;
@@ -1680,16 +1680,34 @@ GetCompartmentName(JSCompartment *c, nsC
                                       "<anonymized>");
                 } else {
                     // Something went wrong. Anonymize the entire path to be
                     // safe.
                     name.Truncate(pathPos);
                     name += "<anonymized?!>";
                 }
             }
+
+            // We might have a location like this:
+            //   inProcessTabChildGlobal?ownedBy=http://www.example.com/
+            // The owner should be omitted if it's not a chrome: URI and we're
+            // anonymizing.
+            static const char *ownedByPrefix =
+                "inProcessTabChildGlobal?ownedBy=";
+            int ownedByPos = name.Find(ownedByPrefix);
+            if (ownedByPos >= 0) {
+                const char *chrome = "chrome:";
+                int ownerPos = ownedByPos + strlen(ownedByPrefix);
+                const nsDependentCSubstring& ownerFirstPart =
+                    Substring(name, ownerPos, strlen(chrome));
+                if (!ownerFirstPart.EqualsASCII(chrome)) {
+                    name.Truncate(ownerPos);
+                    name += "<anonymized>";
+                }
+            }
         }
 
         // A hack: replace forward slashes with '\\' so they aren't
         // treated as path separators.  Users of the reporters
         // (such as about:memory) have to undo this change.
         if (replaceSlashes)
             name.ReplaceChar('/', '\\');
     } else {
--- a/toolkit/components/aboutmemory/tests/test_memoryReporters.xul
+++ b/toolkit/components/aboutmemory/tests/test_memoryReporters.xul
@@ -108,31 +108,31 @@
     } else if (aPath.contains("!)(*&")) {
       present.smallString1 = true;
     } else if (aPath.contains("@)(*&")) {
       present.smallString2 = true;
     }
 
     // Shouldn't get any anonymized paths.
     if (aPath.contains('<anonymized')) {
-        present.anonymizedWhenUnnecessary = true;
+        present.anonymizedWhenUnnecessary = aPath;
     }
   }
 
   function handleReportAnonymized(aProcess, aPath, aKind, aUnits, aAmount,
                                   aDescription)
   {
     // Shouldn't get http: or https: in any paths.
     if (aPath.contains('http:')) {
-        present.httpWhenAnonymized = true;
+        present.httpWhenAnonymized = aPath;
     }
 
     // file: URLs should have their path anonymized.
     if (aPath.search('file:..[^<]') !== -1) {
-        present.unanonymizedFilePathWhenAnonymized = true;
+        present.unanonymizedFilePathWhenAnonymized = aPath;
     }
   }
 
   let mgr = Cc["@mozilla.org/memory-reporter-manager;1"].
             getService(Ci.nsIMemoryReporterManager);
 
   // Access the distinguished amounts (mgr.explicit et al.) just to make sure
   // they don't crash.  We can't check their actual values because they're
@@ -225,20 +225,25 @@
   ok(present.images,                      "images is present");
   ok(present.xptiWorkingSet,              "xpti-working-set is present");
   ok(present.atomTable,                   "atom-table is present");
   ok(present.sandboxLocation,             "sandbox locations are present");
   ok(present.bigString,                   "large string is present");
   ok(present.smallString1,                "small string 1 is present");
   ok(present.smallString2,                "small string 2 is present");
 
-  ok(!present.anonymizedWhenUnnecessary,  "anonymized paths are not present when unnecessary");
-  ok(!present.httpWhenAnonymized,         "http URLs are anonymized when necessary");
+  ok(!present.anonymizedWhenUnnecessary,
+     "anonymized paths are not present when unnecessary. Failed case: " +
+     present.anonymizedWhenUnnecessary);
+  ok(!present.httpWhenAnonymized,
+     "http URLs are anonymized when necessary. Failed case: " +
+     present.httpWhenAnonymized);
   ok(!present.unanonymizedFilePathWhenAnonymized,
-                                          "file URLs are anonymized when necessary");
+     "file URLs are anonymized when necessary. Failed case: " +
+     present.unanonymizedFilePathWhenAnonymized);
 
   // Reporter registration tests
 
   // collectReports() calls to the test reporter.
   let called = 0;
 
   // The test memory reporter, testing the various report units.
   // Also acts as a report collector, verifying the reported values match the