Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Fri, 26 Feb 2016 12:35:34 -0800
changeset 322131 b8e89af2e6f0ba96925b29c295b4c219b8d9551b
parent 322130 a2ecc80c5e89b5cd2c1240671d2061b28190530c
child 322132 4972f77869de55becd41d6b726b25fca2f523232
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1249595
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1249595 - Enable 11 more ESLint rules for PSM. r=keeler MozReview-Commit-ID: FxS9SPRMMxf
security/manager/.eslintrc
security/manager/pki/resources/content/clientauthask.js
security/manager/pki/resources/content/deletecert.js
security/manager/pki/resources/content/device_manager.js
security/manager/pki/resources/content/exceptionDialog.js
security/manager/pki/resources/content/password.js
security/manager/pki/resources/content/pippki.js
security/manager/pki/resources/content/resetpassword.js
security/manager/pki/resources/content/viewCertDetails.js
security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/test_cert_overrides.js
security/manager/ssl/tests/unit/test_constructX509FromBase64.js
security/manager/ssl/tests/unit/test_getchain.js
security/manager/ssl/tests/unit/test_pinning_dynamic.js
security/manager/ssl/tests/unit/test_pinning_header_parsing.js
security/manager/ssl/tests/unit/test_signed_apps.js
security/manager/ssl/tests/unit/test_signed_dir.js
security/manager/tools/genHPKPStaticPins.js
security/manager/tools/getHSTSPreloadList.js
--- a/security/manager/.eslintrc
+++ b/security/manager/.eslintrc
@@ -1,22 +1,28 @@
 {
   "rules": {
     // Braces only needed for multi-line arrow function blocks
     "arrow-body-style": [2, "as-needed"],
 
     // Require spacing around =>
     "arrow-spacing": 2,
 
+    // Always require spacing around a single line block
+    "block-spacing": 2,
+
     // No space before always a space after a comma
     "comma-spacing": [2, {"before": false, "after": true}],
 
     // Commas at the end of the line not the start
     "comma-style": 2,
 
+    // Don't require spaces around computed properties
+    "computed-property-spacing": [2, "never"],
+
     // Functions must always return something or nothing
     "consistent-return": 2,
 
     // Require braces around blocks that start a new line
     "curly": [2, "multi-line"],
 
     // Always require a trailing EOL
     "eol-last": 2,
@@ -28,28 +34,37 @@
     "key-spacing": [2, { "beforeColon": false, "afterColon": true, "mode": "minimum" }],
 
     // Unix linebreaks
     "linebreak-style": [2, "unix"],
 
     // Always require parenthesis for new calls
     "new-parens": 2,
 
+    // Use [] instead of Array()
+    "no-array-constructor": 2,
+
+    // Disallow use of debugger
+    "no-debugger": 2,
+
     // No duplicate arguments in function declarations
     "no-dupe-args": 2,
 
     // No duplicate keys in object declarations
     "no-dupe-keys": 2,
 
     // No duplicate cases in switch statements
     "no-duplicate-case": 2,
 
     // No labels
     "no-labels": 2,
 
+    // If an if block ends with a return no need for an else block
+    "no-else-return": 2,
+
     // No empty character classes in regex
     "no-empty-character-class": 2,
 
     // Disallow empty destructuring
     "no-empty-pattern": 2,
 
     // No assigning to exception variable
     "no-ex-assign": 2,
@@ -64,31 +79,51 @@
     "no-func-assign": 2,
 
     // No invalid regular expressions
     "no-invalid-regexp": 2,
 
     // No odd whitespace characters
     "no-irregular-whitespace": 2,
 
+    // No single if block inside an else block
+    "no-lonely-if": 2,
+
     // No mixing spaces and tabs in indent
     "no-mixed-spaces-and-tabs": [2, "smart-tabs"],
 
+    // No unnecessary spacing
+    "no-multi-spaces": [2, { "exceptions": {
+      "AssignmentExpression": true,
+      "VariableDeclarator": true,
+      "ArrayExpression": true,
+      "ObjectExpression": true
+    }}],
+
     // No reassigning native JS objects
     "no-native-reassign": 2,
 
     // No (!foo in bar)
     "no-negated-in-lhs": 2,
 
+    // Nested ternary statements are confusing
+    "no-nested-ternary": 2,
+
     // Use {} instead of new Object()
     "no-new-object": 2,
 
     // No Math() or JSON()
     "no-obj-calls": 2,
 
+    // No octal literals
+    "no-octal": 2,
+
+    // No redeclaring variables
+    "no-redeclare": 2,
+
     // No unnecessary comparisons
     "no-self-compare": 2,
 
     // No declaring variables that hide things like arguments
     "no-shadow-restricted-names": 2,
 
     // No spaces between function name and parentheses
     "no-spaced-func": 2,
@@ -106,29 +141,35 @@
     "no-unused-expressions": 2,
 
     // No using with
     "no-with": 2,
 
     // Always require semicolon at end of statement
     "semi": [2, "always"],
 
+    // Require space after keywords
+    // Note: Replaced by keyword-spacing in ESLint v2.0.
+    "space-after-keywords": 2,
+
     // Require space before blocks
     "space-before-blocks": 2,
 
     // Require spaces before finally, catch, etc.
+    // Note: Replaced by keyword-spacing in ESLint v2.0.
     "space-before-keywords": [2, "always"],
 
     // No space padding in parentheses
     "space-in-parens": [2, "never"],
 
     // Require spaces around operators
     "space-infix-ops": 2,
 
     // Require spaces after return, throw and case
+    // Note: Replaced by keyword-spacing in ESLint v2.0.
     "space-return-throw-case": 2,
 
     // ++ and -- should not need spacing
     "space-unary-ops": [2, { "words": true, "nonwords": false }],
 
     // No comparisons to NaN
     "use-isnan": 2,
 
--- a/security/manager/pki/resources/content/clientauthask.js
+++ b/security/manager/pki/resources/content/clientauthask.js
@@ -23,17 +23,17 @@ function onLoad()
     issuer = dialogParams.GetString(2);
 
     // added with bug 431819. reuse string from caps in order to avoid string changes
     var capsBundle = document.getElementById("caps_bundle");
     var rememberString = capsBundle.getString("CheckMessage");
     var rememberSetting = true;
 
     var pref = Components.classes['@mozilla.org/preferences-service;1']
-	       .getService(Components.interfaces.nsIPrefService);
+                         .getService(Components.interfaces.nsIPrefService);
     if (pref) {
       pref = pref.getBranch(null);
       try {
 	rememberSetting =
 	  pref.getBoolPref("security.remember_cert_checkbox_default_setting");
       } catch (e) {
 	// pref is missing
       }
--- a/security/manager/pki/resources/content/deletecert.js
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -17,50 +17,46 @@ function setWindowName()
   var typeFlag = gParams.GetString(0);
   var numberOfCerts = gParams.GetInt(0);
 
   var bundle = document.getElementById("pippki_bundle");
   var title;
   var confirm;
   var impact;
 
-  if(typeFlag == "mine_tab")
-  {
-     title = bundle.getString("deleteUserCertTitle");
-     confirm = bundle.getString("deleteUserCertConfirm");
-     impact = bundle.getString("deleteUserCertImpact");
-  }
-  else if(typeFlag == "websites_tab")
-  {
-     title = bundle.getString("deleteSslCertTitle3");
-     confirm = bundle.getString("deleteSslCertConfirm3");
-     impact = bundle.getString("deleteSslCertImpact3");
+  switch (typeFlag) {
+    case "mine_tab":
+      title = bundle.getString("deleteUserCertTitle");
+      confirm = bundle.getString("deleteUserCertConfirm");
+      impact = bundle.getString("deleteUserCertImpact");
+      break;
+    case "websites_tab":
+      title = bundle.getString("deleteSslCertTitle3");
+      confirm = bundle.getString("deleteSslCertConfirm3");
+      impact = bundle.getString("deleteSslCertImpact3");
+      break;
+    case "ca_tab":
+      title = bundle.getString("deleteCaCertTitle2");
+      confirm = bundle.getString("deleteCaCertConfirm2");
+      impact = bundle.getString("deleteCaCertImpactX2");
+      break;
+    case "others_tab":
+      title = bundle.getString("deleteEmailCertTitle");
+      confirm = bundle.getString("deleteEmailCertConfirm");
+      impact = bundle.getString("deleteEmailCertImpactDesc");
+      break;
+    case "orphan_tab":
+      title = bundle.getString("deleteOrphanCertTitle");
+      confirm = bundle.getString("deleteOrphanCertConfirm");
+      impact = "";
+      break;
+    default:
+      return;
   }
-  else if(typeFlag == "ca_tab")
-  {
-     title = bundle.getString("deleteCaCertTitle2");
-     confirm = bundle.getString("deleteCaCertConfirm2");
-     impact = bundle.getString("deleteCaCertImpactX2");
-  }
-  else if(typeFlag == "others_tab")
-  {
-     title = bundle.getString("deleteEmailCertTitle");
-     confirm = bundle.getString("deleteEmailCertConfirm");
-     impact = bundle.getString("deleteEmailCertImpactDesc");
-  }
-  else if(typeFlag == "orphan_tab")
-  {
-     title = bundle.getString("deleteOrphanCertTitle");
-     confirm = bundle.getString("deleteOrphanCertConfirm");
-     impact = "";
-  }
-  else
-  {
-     return;
-  }
+
   var confirReference = document.getElementById('confirm');
   var impactReference = document.getElementById('impact');
   document.title = title;
 
   setText("confirm", confirm);
 
   let box = document.getElementById("certlist");
   for (let x = 0; x < numberOfCerts; x++) {
--- a/security/manager/pki/resources/content/device_manager.js
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -185,17 +185,17 @@ function enableButtons()
     showModuleInfo();
   } else if (selected_slot) {
     // here's the workaround - login functions are all with token,
     // so grab the token type
     var selected_token = selected_slot.getToken();
     if (selected_token != null) {
       if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
         pw_toggle = "false";
-        if(selected_token.needsLogin()) {
+        if (selected_token.needsLogin()) {
           if (selected_token.isLoggedIn()) {
             logout_toggle = "false";
           } else {
             login_toggle = "false";
           }
         }
       }
     }
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -99,17 +99,17 @@ function checkCert() {
   gChecking = true;
   gBroken = false;
   updateCertStatus();
 
   var uri = getURI();
 
   var req = new XMLHttpRequest();
   try {
-    if(uri) {
+    if (uri) {
       req.open('GET', uri.prePath, false);
       req.channel.notificationCallbacks = new badCertListener();
       req.send(null);
     }
   } catch (e) {
     // We *expect* exceptions if there are problems with the certificate
     // presented by the site.  Log it, just in case, but we can proceed here,
     // with appropriate sanity checks
--- a/security/manager/pki/resources/content/password.js
+++ b/security/manager/pki/resources/content/password.js
@@ -23,17 +23,17 @@ function doPrompt(msg)
 function onLoad()
 {
   document.documentElement.getButton("accept").disabled = true;
 
   pw1 = document.getElementById("pw1");
   try {
      params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
      tokenName = params.GetString(1);
-  } catch(exception) {
+  } catch (e) {
       // this should not happen.
       // previously we had self.name, but self.name was a bad idea
       // as window name must be a subset of ascii, and the code was
       // previously trying to assign unicode to the window's name.
       // I checked all the places where we get a password prompt and
       // all of them pass an argument as part of this patch.
       tokenName = "";
   }
--- a/security/manager/pki/resources/content/pippki.js
+++ b/security/manager/pki/resources/content/pippki.js
@@ -136,18 +136,17 @@ function exportToFile(parent, cert)
                createInstance(Components.interfaces.nsILocalFile);
     file.initWithPath(fp.file.path);
     var fos = Components.classes["@mozilla.org/network/file-output-stream;1"].
               createInstance(Components.interfaces.nsIFileOutputStream);
     // flags: PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE
     fos.init(file, 0x02 | 0x08 | 0x20, 0o0644, 0);
     written = fos.write(content, content.length);
     fos.close();
-  }
-  catch(e) {
+  } catch (e) {
     switch (e.result) {
       case Components.results.NS_ERROR_FILE_ACCESS_DENIED:
         msg = bundle.getString("writeFileAccessDenied");
         break;
       case Components.results.NS_ERROR_FILE_IS_LOCKED:
         msg = bundle.getString("writeFileIsLocked");
         break;
       case Components.results.NS_ERROR_FILE_NO_DEVICE_SPACE:
--- a/security/manager/pki/resources/content/resetpassword.js
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -38,18 +38,17 @@ function resetPassword()
       if (pref.getBoolPref("wallet.crypto")) {
         // data in wallet is encrypted, clear it
         var wallet = Components.classes['@mozilla.org/wallet/wallet-service;1'];
         if (wallet) {
           wallet = wallet.getService(Components.interfaces.nsIWalletService);
           wallet.WALLET_DeleteAll();
         }
       }
-    }
-    catch(e) {
+    } catch (e) {
       // wallet.crypto pref is missing
     }
   }
 
   var bundle = document.getElementById("pippki_bundle");
   var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService();
   promptService = promptService.QueryInterface(Components.interfaces.nsIPromptService);
   if (promptService && bundle) {
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@@ -72,28 +72,20 @@ function setWindowName()
   var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
   var myName = self.name;
   bundle = document.getElementById("pippki_bundle");
   var cert;
 
   var certDetails = bundle.getString('certDetails');
   if (myName != "") {
     document.title = certDetails + '"' + myName + '"'; // XXX l10n?
-    //  Get the token
-    //  XXX ignore this for now.  NSS will find the cert on a token
-    //      by "tokenname:certname", which is what we have.
-    //var tokenName = "";
-    //var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
-    //var token = pk11db.findTokenByName(tokenName);
-
-    //var cert = certdb.findCertByNickname(token, myName);
     cert = certdb.findCertByNickname(myName);
   } else {
     var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
-    var cert = params.objects.queryElementAt(0, nsIX509Cert);
+    cert = params.objects.queryElementAt(0, nsIX509Cert);
     document.title = certDetails + '"' + cert.windowTitle + '"'; // XXX l10n?
   }
 
   //
   //  Set the cert attributes for viewing
   //
 
   //  The chain of trust
--- a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -98,27 +98,23 @@ function onMessageReceived(event)
 
 function postMsg(message)
 {
   opener.postMessage(message, "http://mochi.test:8888");
 }
 
 function finish()
 {
-  if (history.length == 1 && !bypassNavigationTest)
-  {
-    window.setTimeout(function()
-    {
+  if (history.length == 1 && !bypassNavigationTest) {
+    window.setTimeout(() => {
       window.location.assign(navigateToInsecure ?
         "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
         "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
     }, 0);
-  }
-  else
-  {
+  } else {
     postMsg("done");
     window.close();
   }
 }
 
 function ok(a, message)
 {
   if (!a) {
@@ -188,15 +184,19 @@ function isSecurityState(expectedState, 
   }
 }
 
 function waitForSecurityState(expectedState, callback)
 {
   var roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
   var interval =
   window.setInterval(function() {
-    isSecurityState(expectedState, "", function(isok) {if (isok) {roundsLeft = 0;}});
+    isSecurityState(expectedState, "", isok => {
+      if (isok) {
+        roundsLeft = 0;
+      }
+    });
     if (!roundsLeft--) {
       window.clearInterval(interval);
       callback();
     }
   }, 100);
 }
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -12,29 +12,25 @@
 
   <script class="testbody" type="text/javascript">
 
   hasMixedActiveContent = true;
 
   function runTest()
   {
     isSecurityState("secure");
-    window.setTimeout(function()
-    {
-      try
-      {
+    window.setTimeout(() => {
+      try {
         var req = new XMLHttpRequest();
         req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
         req.send(null);
 
         // Change should be immediate, the request was sent synchronously
         isSecurityState("broken", "security broken after insecure XHR");
-      }
-      catch (ex)
-      {
+      } catch (ex) {
         ok(false, ex);
       }
 
       finish();
     }, 0);
   }
 
   function afterNavigationTest()
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -104,17 +104,17 @@
     if (roundsLeft < 1) {
       SimpleTest.finish();
     }
   }
 
   // listen for calls back from the sts-setting iframe and then
   // the verification frames.
   window.addEventListener("message", onMessageReceived, false);
-  window.addEventListener('load', function() {startRound('plain');}, false);
+  window.addEventListener("load", () => { startRound("plain"); }, false);
   </script>
 </head>
 
 <body>
   This test will load some iframes and do some tests.
 
 </body>
 </html>
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -28,59 +28,59 @@ const SEC_ERROR_BASE = Ci.nsINSSErrorsSe
 const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
 const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
 
 // This isn't really a valid PRErrorCode, but is useful for signalling that
 // a test is expected to succeed.
 const PRErrorCodeSuccess = 0;
 
 // Sort in numerical order
-const SEC_ERROR_INVALID_TIME                            = SEC_ERROR_BASE +   8;
-const SEC_ERROR_BAD_DER                                 = SEC_ERROR_BASE +   9;
-const SEC_ERROR_BAD_SIGNATURE                           = SEC_ERROR_BASE +  10;
-const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE +  11;
-const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE +  12; // -8180
-const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE +  13;
-const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE +  20; // -8172
-const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE +  21; // -8171
-const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE +  30; // -8162
-const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE +  36;
-const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE +  41;
-const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE +  90; // -8102
-const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE +  91; // -8101
-const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112; // -8080
-const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117; // -8075
+const SEC_ERROR_INVALID_TIME                            = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER                                 = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE                           = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE + 41;
+const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117;
 const SEC_ERROR_OCSP_MALFORMED_REQUEST                  = SEC_ERROR_BASE + 120;
-const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121; // -8071
+const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121;
 const SEC_ERROR_OCSP_TRY_SERVER_LATER                   = SEC_ERROR_BASE + 122;
 const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG                  = SEC_ERROR_BASE + 123;
 const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST               = SEC_ERROR_BASE + 124;
-const SEC_ERROR_OCSP_UNKNOWN_CERT                       = SEC_ERROR_BASE + 126; // -8066
+const SEC_ERROR_OCSP_UNKNOWN_CERT                       = SEC_ERROR_BASE + 126;
 const SEC_ERROR_OCSP_MALFORMED_RESPONSE                 = SEC_ERROR_BASE + 129;
 const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE              = SEC_ERROR_BASE + 130;
 const SEC_ERROR_OCSP_OLD_RESPONSE                       = SEC_ERROR_BASE + 132;
-const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE              = SEC_ERROR_BASE + 141; // -8051
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE              = SEC_ERROR_BASE + 141;
 const SEC_ERROR_OCSP_INVALID_SIGNING_CERT               = SEC_ERROR_BASE + 144;
-const SEC_ERROR_POLICY_VALIDATION_FAILED                = SEC_ERROR_BASE + 160; // -8032
+const SEC_ERROR_POLICY_VALIDATION_FAILED                = SEC_ERROR_BASE + 160;
 const SEC_ERROR_OCSP_BAD_SIGNATURE                      = SEC_ERROR_BASE + 157;
 const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
 
-const SSL_ERROR_NO_CYPHER_OVERLAP                       = SSL_ERROR_BASE +   2;
-const SSL_ERROR_BAD_CERT_DOMAIN                         = SSL_ERROR_BASE +  12;
-const SSL_ERROR_BAD_CERT_ALERT                          = SSL_ERROR_BASE +  17;
+const SSL_ERROR_NO_CYPHER_OVERLAP                       = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN                         = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT                          = SSL_ERROR_BASE + 17;
 const SSL_ERROR_WEAK_SERVER_CERT_KEY                    = SSL_ERROR_BASE + 132;
 
-const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE            = MOZILLA_PKIX_ERROR_BASE +   0;
-const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY     = MOZILLA_PKIX_ERROR_BASE +   1;
-const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE            = MOZILLA_PKIX_ERROR_BASE +   2; // -16382
-const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA             = MOZILLA_PKIX_ERROR_BASE +   3;
-const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE      = MOZILLA_PKIX_ERROR_BASE +   5;
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE            = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY     = MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE            = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA             = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE      = MOZILLA_PKIX_ERROR_BASE + 5;
 const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6;
-const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE +   8;
-const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING   = MOZILLA_PKIX_ERROR_BASE +  10;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING   = MOZILLA_PKIX_ERROR_BASE + 10;
 
 // Supported Certificate Usages
 const certificateUsageSSLClient              = 0x0001;
 const certificateUsageSSLServer              = 0x0002;
 const certificateUsageSSLCA                  = 0x0008;
 const certificateUsageEmailSigner            = 0x0010;
 const certificateUsageEmailRecipient         = 0x0020;
 const certificateUsageObjectSigner           = 0x0040;
@@ -191,17 +191,17 @@ function checkEVStatus(certDB, cert, usa
 function _getLibraryFunctionWithNoArguments(functionName, libraryName) {
   // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
   let path = ctypes.libraryName(libraryName);
 
   // XXX really want to be able to pass specific dlopen flags here.
   let nsslib;
   try {
     nsslib = ctypes.open(path);
-  } catch(e) {
+  } catch (e) {
     // In case opening the library without a full path fails,
     // try again with a full path.
     let file = Services.dirsvc.get("GreBinD", Ci.nsILocalFile);
     file.append(path);
     nsslib = ctypes.open(file.path);
   }
 
   let SECStatus = ctypes.int;
@@ -477,22 +477,22 @@ function _setupTLSServerTest(serverBinNa
 }
 
 // Returns an Array of OCSP responses for a given ocspRespArray and a location
 // for a nssDB where the certs and public keys are prepopulated.
 // ocspRespArray is an array of arrays like:
 // [ [typeOfResponse, certnick, extracertnick]...]
 function generateOCSPResponses(ocspRespArray, nssDBlocation)
 {
-  let utilBinName =  "GenerateOCSPResponse";
+  let utilBinName = "GenerateOCSPResponse";
   let ocspGenBin = _getBinaryUtil(utilBinName);
-  let retArray = new Array();
+  let retArray = [];
 
   for (let i = 0; i < ocspRespArray.length; i++) {
-    let argArray = new Array();
+    let argArray = [];
     let ocspFilepre = do_get_file(i.toString() + ".ocsp", true);
     let filename = ocspFilepre.path;
     // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
     argArray.push("sql:" + nssDBlocation);
     argArray.push(ocspRespArray[i][0]); // ocsRespType;
     argArray.push(ocspRespArray[i][1]); // nick;
     argArray.push(ocspRespArray[i][2]); // extranickname
     argArray.push(filename);
--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -13,32 +13,32 @@
 
 do_get_profile();
 
 function check_telemetry() {
   let histogram = Cc["@mozilla.org/base/telemetry;1"]
                     .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
                     .snapshot();
-  equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
-  equal(histogram.counts[ 2], 8,
+  equal(histogram.counts[0], 0, "Should have 0 unclassified counts");
+  equal(histogram.counts[2], 8,
         "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
-  equal(histogram.counts[ 3], 1,
+  equal(histogram.counts[3], 1,
         "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
-  equal(histogram.counts[ 4], 0,
+  equal(histogram.counts[4], 0,
         "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
-  equal(histogram.counts[ 5], 1,
+  equal(histogram.counts[5], 1,
         "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
-  equal(histogram.counts[ 6], 0,
+  equal(histogram.counts[6], 0,
         "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
-  equal(histogram.counts[ 7], 0,
+  equal(histogram.counts[7], 0,
         "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
-  equal(histogram.counts[ 8], 2,
+  equal(histogram.counts[8], 2,
         "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
-  equal(histogram.counts[ 9], 10,
+  equal(histogram.counts[9], 10,
         "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
   equal(histogram.counts[10], 5,
         "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
   equal(histogram.counts[11], 2,
         "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
   equal(histogram.counts[12], 1,
         "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
   equal(histogram.counts[13], 0,
--- a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
+++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
@@ -13,19 +13,19 @@ const certDB = Cc["@mozilla.org/security
 
 function excMessage(e) {
   if (e.message) {
     let msg = e.message;
     if (e.data) {
       msg = msg + ": " + e.data;
     }
     return msg;
-  } else {
-    return e.toString();
   }
+
+  return e.toString();
 }
 
 function testGood(data) {
   try {
     let cert = certDB.constructX509FromBase64(data.cert);
     equal(cert.commonName, data.cn,
           "Actual and expected commonName should match");
   } catch (e) {
--- a/security/manager/ssl/tests/unit/test_getchain.js
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@@ -14,17 +14,17 @@ var certList = [
   'ca-1',
   'ca-2',
 ];
 
 // Since all the ca's are identical expect for the serial number
 // I have to grab them by enumerating all the certs and then finding
 // the ones that I am interested in.
 function get_ca_array() {
-  let ret_array = new Array();
+  let ret_array = [];
   let allCerts = certdb.getCerts();
   let enumerator = allCerts.getEnumerator();
   while (enumerator.hasMoreElements()) {
     let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
     if (cert.commonName == 'ca') {
       ret_array[parseInt(cert.serialNumber, 16)] = cert;
     }
   }
--- a/security/manager/ssl/tests/unit/test_pinning_dynamic.js
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
@@ -15,17 +15,17 @@ var profileDir = do_get_profile();
 var certdb;
 
 function certFromFile(cert_name) {
   return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
 }
 
 function loadCert(cert_name, trust_string) {
   let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
-  addCertFromFile(certdb,  cert_filename, trust_string);
+  addCertFromFile(certdb, cert_filename, trust_string);
   return constructCertFromFile(cert_filename);
 }
 
 function checkOK(cert, hostname) {
   return checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
                                certificateUsageSSLServer, {}, hostname);
 }
 
--- a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
+++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
@@ -12,17 +12,17 @@ var gSSService = Cc["@mozilla.org/ssserv
                    .getService(Ci.nsISiteSecurityService);
 
 function certFromFile(cert_name) {
   return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
 }
 
 function loadCert(cert_name, trust_string) {
   let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
-  addCertFromFile(certdb,  cert_filename, trust_string);
+  addCertFromFile(certdb, cert_filename, trust_string);
   return constructCertFromFile(cert_filename);
 }
 
 function checkFailParseInvalidPin(pinValue) {
   let sslStatus = new FakeSSLStatus(
                         certFromFile('cn-a.pinning2.example.com-pinningroot'));
   let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
   throws(() => {
--- a/security/manager/ssl/tests/unit/test_signed_apps.js
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -67,17 +67,17 @@ function tamper(inFilePath, outFilePath,
         }
       }
     } finally {
       reader.close();
     }
 
     // Any leftover modification means that we were expecting to modify an entry
     // in the input file that wasn't there.
-    for(var name in modifications) {
+    for (let name in modifications) {
       if (modifications.hasOwnProperty(name)) {
         throw "input file was missing expected entries: " + name;
       }
     }
 
     // Now, append any new entries to the end
     newEntries.forEach(function(newEntry) {
       var sis = Cc["@mozilla.org/io/string-input-stream;1"]
--- a/security/manager/ssl/tests/unit/test_signed_dir.js
+++ b/security/manager/ssl/tests/unit/test_signed_dir.js
@@ -18,35 +18,35 @@ gTarget.createUnique(Ci.nsIFile.DIRECTOR
 
 function prepare(tamper) {
   ZipUtils.extractFiles(gSignedXPI, gTarget);
 
   // copy files
   if (tamper.copy) {
     tamper.copy.forEach(i => {
       let f = gTarget.clone();
-      i[0].split('/').forEach(seg => {f.append(seg);});
+      i[0].split("/").forEach(seg => { f.append(seg); });
       f.copyTo(null, i[1]);
     });
   }
 
   // delete files
   if (tamper.delete) {
     tamper.delete.forEach(i => {
       let f = gTarget.clone();
-      i.split('/').forEach(seg => {f.append(seg);});
+      i.split("/").forEach(seg => { f.append(seg); });
       f.remove(true);
     });
   }
 
   // corrupt files
   if (tamper.corrupt) {
     tamper.corrupt.forEach(i => {
       let f = gTarget.clone();
-      i.split('/').forEach(seg => {f.append(seg);});
+      i.split("/").forEach(seg => { f.append(seg); });
       let s = FileUtils.openFileOutputStream(f, FileUtils.MODE_WRONLY);
       const str = "Kilroy was here";
       s.write(str, str.length);
       s.close();
     });
   }
 
   return gTarget;
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -233,17 +233,17 @@ function downloadAndParseChromeCerts(fil
   let chromeNameToHash = {};
   let chromeNameToMozName = {};
   let chromeName;
   for (let line of lines) {
     // Skip comments and newlines.
     if (line.length == 0 || line[0] == '#') {
       continue;
     }
-    switch(state) {
+    switch (state) {
       case PRE_NAME:
         chromeName = line;
         state = POST_NAME;
         break;
       case POST_NAME:
         if (line.startsWith(SHA256_PREFIX)) {
           hash = line.substring(SHA256_PREFIX.length);
           chromeNameToHash[chromeName] = hash;
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -3,16 +3,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // How to run this file:
 // 1. [obtain firefox source code]
 // 2. [build/obtain firefox binaries]
 // 3. run `[path to]/run-mozilla.sh [path to]/xpcshell \
 //                                  [path to]/getHSTSPreloadlist.js \
 //                                  [absolute path to]/nsSTSPreloadlist.inc'
+// Note: Running this file outputs a new nsSTSPreloadlist.inc in the current
+//       working directory.
 
 var Cc = Components.classes;
 var Ci = Components.interfaces;
 var Cu = Components.utils;
 var Cr = Components.results;
 
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/FileUtils.jsm");
@@ -123,23 +125,20 @@ function processStsHeader(host, header, 
                                uri, header, sslStatus, 0, maxAge,
                                includeSubdomains);
     }
     catch (e) {
       dump("ERROR: could not process header '" + header + "' from " +
            host.name + ": " + e + "\n");
       error = e;
     }
-  }
-  else {
-    if (status == 0) {
-      error = ERROR_CONNECTING_TO_HOST;
-    } else {
-      error = ERROR_NO_HSTS_HEADER;
-    }
+  } else if (status == 0) {
+    error = ERROR_CONNECTING_TO_HOST;
+  } else {
+    error = ERROR_NO_HSTS_HEADER;
   }
 
   let forceInclude = (host.forceInclude || host.pins == "google");
 
   if (error == ERROR_NONE && maxAge.value < MINIMUM_REQUIRED_MAX_AGE) {
     error = ERROR_MAX_AGE_TOO_LOW;
   }
 
@@ -199,17 +198,23 @@ function getHSTSStatus(host, resultList)
     req.send();
   }
   catch (e) {
     dump("ERROR: exception making request to " + host.name + ": " + e + "\n");
   }
 }
 
 function compareHSTSStatus(a, b) {
-  return (a.name > b.name ? 1 : (a.name < b.name ? -1 : 0));
+  if (a.name > b.name) {
+    return 1;
+  }
+  if (a.name < b.name) {
+    return -1;
+  }
+  return 0;
 }
 
 function writeTo(string, fos) {
   fos.write(string, string.length);
 }
 
 // Determines and returns a string representing a declaration of when this
 // preload list should no longer be used.
@@ -289,34 +294,34 @@ function shouldRetry(response) {
           response.error != ERROR_MAX_AGE_TOO_LOW &&
           response.error != ERROR_NONE && response.retries > 0);
 }
 
 function getHSTSStatuses(inHosts, outStatuses) {
   var expectedOutputLength = inHosts.length;
   var tmpOutput = [];
   for (var i = 0; i < MAX_CONCURRENT_REQUESTS && inHosts.length > 0; i++) {
-    var host = inHosts.shift();
+    let host = inHosts.shift();
     dump("spinning off request to '" + host.name + "' (remaining retries: " +
          host.retries + ")\n");
     getHSTSStatus(host, tmpOutput);
   }
 
   while (outStatuses.length != expectedOutputLength) {
     waitForAResponse(tmpOutput);
     var response = tmpOutput.shift();
     dump("request to '" + response.name + "' finished\n");
     if (shouldRetry(response)) {
       inHosts.push(response);
     } else {
       outStatuses.push(response);
     }
 
     if (inHosts.length > 0) {
-      var host = inHosts.shift();
+      let host = inHosts.shift();
       dump("spinning off request to '" + host.name + "' (remaining retries: " +
            host.retries + ")\n");
       getHSTSStatus(host, tmpOutput);
     }
   }
 }
 
 // Since all events are processed on the main thread, and since event