Bug 1150045 - De-anonymize Expanded Principals. r=bholley
authorDavid Rajchenbach-Teller <dteller@mozilla.com>
Fri, 10 Apr 2015 17:52:29 +0200
changeset 270491 9af492c191a90fcf668c175f92641d123cf09784
parent 270490 0ec8fdc017f8e1583f57beb73452938d8ea0c718
child 270492 cdebac12ce27874f392ce8f1cde77f975606b8ca
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1150045
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1150045 - De-anonymize Expanded Principals. r=bholley
addon-sdk/source/test/test-sandbox.js
caps/nsPrincipal.cpp
js/xpconnect/src/Sandbox.cpp
js/xpconnect/tests/unit/test_sandbox_name.js
js/xpconnect/tests/unit/xpcshell.ini
--- a/addon-sdk/source/test/test-sandbox.js
+++ b/addon-sdk/source/test/test-sandbox.js
@@ -52,17 +52,17 @@ exports['test exceptions'] = function(as
   let fixture = sandbox();
   try {
     evaluate(fixture, '!' + function() {
       var message = 'boom';
       throw Error(message);
     } + '();');
   }
   catch (error) {
-    assert.equal(error.fileName, '', 'no fileName reported');
+    assert.equal(error.fileName, '[System Principal]', 'No specific fileName reported');
     assert.equal(error.lineNumber, 3, 'reports correct line number');
   }
 
   try {
     evaluate(fixture, '!' + function() {
       var message = 'boom';
       throw Error(message);
     } + '();', 'foo.js');
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -975,18 +975,31 @@ nsExpandedPrincipal::IsOnCSSUnprefixingW
   // for an expanded principal. (And probably shouldn't be needed.)
   return false;
 }
 
 
 void
 nsExpandedPrincipal::GetScriptLocation(nsACString& aStr)
 {
-  // Is that a good idea to list it's principals?
   aStr.Assign(EXPANDED_PRINCIPAL_SPEC);
+  aStr.AppendLiteral(" (");
+
+  for (size_t i = 0; i < mPrincipals.Length(); ++i) {
+    if (i != 0) {
+      aStr.AppendLiteral(", ");
+    }
+
+    nsAutoCString spec;
+    nsJSPrincipals::get(mPrincipals.ElementAt(i))->GetScriptLocation(spec);
+
+    aStr.Append(spec);
+
+  }
+  aStr.Append(")");
 }
 
 #ifdef DEBUG
 void nsExpandedPrincipal::dumpImpl()
 {
   fprintf(stderr, "nsExpandedPrincipal (%p)\n", static_cast<void*>(this));
 }
 #endif 
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -1502,17 +1502,17 @@ xpc::EvalInSandbox(JSContext* cx, Handle
     nsIScriptObjectPrincipal* sop =
         static_cast<nsIScriptObjectPrincipal*>(xpc_GetJSPrivate(sandbox));
     MOZ_ASSERT(sop, "Invalid sandbox passed");
     SandboxPrivate* priv = static_cast<SandboxPrivate*>(sop);
     nsCOMPtr<nsIPrincipal> prin = sop->GetPrincipal();
     NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
 
     nsAutoCString filenameBuf;
-    if (!filename.IsVoid()) {
+    if (!filename.IsVoid() && filename.Length() != 0) {
         filenameBuf.Assign(filename);
     } else {
         // Default to the spec of the principal.
         nsJSPrincipals::get(prin)->GetScriptLocation(filenameBuf);
         lineNo = 1;
     }
 
     // We create a separate cx to do the sandbox evaluation. Scope it.
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/unit/test_sandbox_name.js
@@ -0,0 +1,28 @@
+"use strict";
+
+const { utils: Cu, interfaces: Ci, classes: Cc } = Components;
+
+/**
+ * Test that the name of a sandbox contains the name of all principals.
+ */
+function test_sandbox_name() {
+  let names = [
+    "http://example.com/?" + Math.random(),
+    "http://example.org/?" + Math.random()
+  ];
+  let sandbox = Cu.Sandbox(names);
+  let fileName = Cu.evalInSandbox(
+    "(new Error()).fileName",
+    sandbox,
+    "latest" /*js version*/,
+    ""/*file name*/
+  );
+
+  for (let name of names) {
+    Assert.ok(fileName.indexOf(name) != -1, `Name ${name} appears in ${fileName}`);
+  }
+};
+
+function run_test() {
+  test_sandbox_name();
+}
--- a/js/xpconnect/tests/unit/xpcshell.ini
+++ b/js/xpconnect/tests/unit/xpcshell.ini
@@ -94,16 +94,17 @@ skip-if = os == "android" # native test 
 [test_url.js]
 [test_URLSearchParams.js]
 [test_crypto.js]
 [test_css.js]
 [test_rtcIdentityProvider.js]
 [test_sandbox_atob.js]
 [test_isProxy.js]
 [test_getObjectPrincipal.js]
+[test_sandbox_name.js]
 [test_watchdog_enable.js]
 head = head_watchdog.js
 [test_watchdog_disable.js]
 head = head_watchdog.js
 [test_watchdog_toggle.js]
 head = head_watchdog.js
 [test_watchdog_default.js]
 head = head_watchdog.js