author | Razvan Maries <rmaries@mozilla.com> |
Sat, 13 Jul 2019 02:05:25 +0300 | |
changeset 543192 | c31645ba75944c128689a6f0c9a84b9729bfa8c6 |
parent 543191 | bdbad45678f3de463e12cc9ab60fdec749abb7b5 |
child 543193 | 1f4a148d28f847957a3c9f601e7ab4d34a0cbfa0 |
push id | 11848 |
push user | ffxbld-merge |
push date | Mon, 26 Aug 2019 19:26:25 +0000 |
treeherder | mozilla-beta@9b31bfdfac10 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
bugs | 1564527 |
milestone | 70.0a1 |
backs out | 6e4d13741a0fa14a0e4cb8bd8a20185a1d15b7d1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/caps/nsScriptSecurityManager.cpp +++ b/caps/nsScriptSecurityManager.cpp @@ -395,17 +395,17 @@ NS_IMPL_ISUPPORTS(nsScriptSecurityManage /////////////////////////////////////////////////// ///////////////// Security Checks ///////////////// bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction( JSContext* cx, JS::HandleValue aValue) { MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext()); -#if !defined(ANDROID) && (defined(NIGHTLY_BUILD) || defined(DEBUG)) +#if defined(DEBUG) && !defined(ANDROID) nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal(); nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(subjectPrincipal, cx); #endif // Get the window, if any, corresponding to the current global nsCOMPtr<nsIContentSecurityPolicy> csp; if (nsGlobalWindowInner* win = xpc::CurrentWindowOrNull(cx)) {
--- a/dom/security/CSPEvalChecker.cpp +++ b/dom/security/CSPEvalChecker.cpp @@ -26,17 +26,17 @@ nsresult CheckInternal(nsIContentSecurit nsICSPEventListener* aCSPEventListener, nsIPrincipal* aSubjectPrincipal, const nsAString& aExpression, const nsAString& aFileNameString, uint32_t aLineNum, uint32_t aColumnNum, bool* aAllowed) { MOZ_ASSERT(NS_IsMainThread()); MOZ_ASSERT(aAllowed); -#if !defined(ANDROID) && (defined(NIGHTLY_BUILD) || defined(DEBUG)) +#if defined(DEBUG) && !defined(ANDROID) JSContext* cx = nsContentUtils::GetCurrentJSContext(); nsContentSecurityManager::AssertEvalNotUsingSystemPrincipal(aSubjectPrincipal, cx); #endif // The value is set at any "return", but better to have a default value here. *aAllowed = false;
--- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -168,47 +168,46 @@ void nsContentSecurityManager::AssertEva } if (Preferences::GetBool("security.allow_eval_with_system_principal")) { return; } static StaticAutoPtr<nsTArray<nsCString>> sUrisAllowEval; JS::AutoFilename scriptFilename; - nsAutoCString fileName; if (JS::DescribeScriptedCaller(cx, &scriptFilename)) { if (!sUrisAllowEval) { sUrisAllowEval = new nsTArray<nsCString>(); nsAutoCString urisAllowEval; Preferences::GetCString("security.uris_using_eval_with_system_principal", urisAllowEval); for (const nsACString& filenameString : urisAllowEval.Split(',')) { sUrisAllowEval->AppendElement(filenameString); } ClearOnShutdown(&sUrisAllowEval); } + nsAutoCString fileName; fileName = nsAutoCString(scriptFilename.get()); // Extract file name alone if scriptFilename contains line number // separated by multiple space delimiters in few cases. int32_t fileNameIndex = fileName.FindChar(' '); if (fileNameIndex != -1) { fileName = Substring(fileName, 0, fileNameIndex); } ToLowerCase(fileName); for (auto& uriEntry : *sUrisAllowEval) { if (StringEndsWith(fileName, uriEntry)) { return; } } } - MOZ_CRASH_UNSAFE_PRINTF("do not use eval with system privileges: %s", - fileName.get()); + MOZ_ASSERT(false, "do not use eval with system privileges"); } /* static */ nsresult nsContentSecurityManager::CheckFTPSubresourceLoad( nsIChannel* aChannel) { // We dissallow using FTP resources as a subresource almost everywhere. // The only valid way to use FTP resources is loading it as // a top level document.