This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main in repository torbutton.

The following commit(s) were added to refs/heads/main by this push: new 6f84627d Bug 40925: Moved Security Level to tor-browser.git 6f84627d is described below

commit 6f84627dd470f0eade9e1ba51b81458687263c34 Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Mon Jul 11 15:50:56 2022 +0200

Bug 40925: Moved Security Level to tor-browser.git --- components/startup-observer.js | 8 -- modules/noscript-control.js | 214 ----------------------------------------- modules/security-prefs.js | 150 ----------------------------- 3 files changed, 372 deletions(-)

diff --git a/components/startup-observer.js b/components/startup-observer.js index f9697987..164c9219 100644 --- a/components/startup-observer.js +++ b/components/startup-observer.js @@ -25,9 +25,6 @@ XPCOMUtils.defineLazyModuleGetters(this, { L10nRegistry: "resource://gre/modules/L10nRegistry.jsm", });

-let NoScriptControl = ChromeUtils.import("resource://torbutton/modules/noscript-control.js", {}); -let SecurityPrefs = ChromeUtils.import("resource://torbutton/modules/security-prefs.js", {}); - // Module specific constants const kMODULE_NAME = "Startup"; const kMODULE_CONTRACTID = "@torproject.org/startup-observer;1"; @@ -193,11 +190,6 @@ StartupObserver.prototype = { // but only for hackish reasons. this._prefs.setBoolPref("extensions.torbutton.startup", true);

- // We need to listen for NoScript before it starts. - NoScriptControl.initialize(); - - SecurityPrefs.initialize(); - this.setProxySettings(); }

diff --git a/modules/noscript-control.js b/modules/noscript-control.js deleted file mode 100644 index ea735377..00000000 --- a/modules/noscript-control.js +++ /dev/null @@ -1,214 +0,0 @@ -// # NoScript settings control (for binding to Security Slider) - -// ## Utilities - -const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm", {}); -const { bindPref } = - ChromeUtils.import("resource://torbutton/modules/utils.js", {}); - -const { ExtensionUtils } = ChromeUtils.import("resource://gre/modules/ExtensionUtils.jsm"); -const { MessageChannel } = ChromeUtils.import("resource://gre/modules/MessageChannel.jsm"); - -const { XPCOMUtils } = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm"); - -XPCOMUtils.defineLazyModuleGetters(this, { - ExtensionParent: "resource://gre/modules/ExtensionParent.jsm", -}); - -async function waitForExtensionMessage(extensionId, checker = () => {}) { - const { torWaitForExtensionMessage } = ExtensionParent; - if (torWaitForExtensionMessage) { - return torWaitForExtensionMessage(extensionId, checker); - } - - // Old messaging <= 78 - return new Promise(resolve => { - const listener = ({ data }) => { - for (const msg of data) { - if (msg.recipient.extensionId === extensionId) { - const deserialized = msg.data.deserialize({}); - if (checker(deserialized)) { - Services.mm.removeMessageListener( - "MessageChannel:Messages", - listener - ); - resolve(deserialized); - } - } - } - }; - Services.mm.addMessageListener("MessageChannel:Messages", listener); - }); -} - -async function sendExtensionMessage(extensionId, message) { - const { torSendExtensionMessage } = ExtensionParent; - if (torSendExtensionMessage) { - return torSendExtensionMessage(extensionId, message); - } - - // Old messaging <= 78 - Services.cpmm.sendAsyncMessage("MessageChannel:Messages", [ - { - messageName: "Extension:Message", - sender: { id: extensionId, extensionId }, - recipient: { extensionId }, - data: new StructuredCloneHolder(message), - channelId: ExtensionUtils.getUniqueId(), - responseType: MessageChannel.RESPONSE_NONE, - }, - ]); - return undefined; -} - -let logger = Cc["@torproject.org/torbutton-logger;1"] - .getService(Ci.nsISupports).wrappedJSObject; -let log = (level, msg) => logger.log(level, msg); - -// ## NoScript settings - -// Minimum and maximum capability states as controlled by NoScript. -const max_caps = ["fetch", "font", "frame", "media", "object", "other", "script", "webgl", "noscript"]; -const min_caps = ["frame", "other", "noscript"]; - -// Untrusted capabilities for [Standard, Safer, Safest] safety levels. -const untrusted_caps = [ - max_caps, // standard safety: neither http nor https - ["frame", "font", "object", "other", "noscript"], // safer: http - min_caps, // safest: neither http nor https -]; - -// Default capabilities for [Standard, Safer, Safest] safety levels. -const default_caps = [ - max_caps, // standard: both http and https - ["fetch", "font", "frame", "object", "other", "script", "noscript"], // safer: https only - min_caps, // safest: both http and https -]; - -// __noscriptSettings(safetyLevel)__. -// Produces NoScript settings with policy according to -// the safetyLevel which can be: -// 0 = Standard, 1 = Safer, 2 = Safest -// -// At the "Standard" safety level, we leave all sites at -// default with maximal capabilities. Essentially no content -// is blocked. -// -// At "Safer", we set all http sites to untrusted, -// and all https sites to default. Scripts are only permitted -// on https sites. Neither type of site is supposed to allow -// media, but both allow fonts (as we used in legacy NoScript). -// -// At "Safest", all sites are at default with minimal -// capabilities. Most things are blocked. -let noscriptSettings = safetyLevel => ( - { - "__meta": { - "name": "updateSettings", - "recipientInfo": null - }, - "policy": { - "DEFAULT": { - "capabilities": default_caps[safetyLevel], - "temp": false - }, - "TRUSTED": { - "capabilities": max_caps, - "temp": false - }, - "UNTRUSTED": { - "capabilities": untrusted_caps[safetyLevel], - "temp": false - }, - "sites": { - "trusted": [], - "untrusted": [[], ["http:"], []][safetyLevel], - "custom": {}, - "temp": [] - }, - "enforced": true, - "autoAllowTop": false - }, - "isTorBrowser": true, - "tabId": -1 - }); - -// ## Communications - -// The extension ID for NoScript (WebExtension) -const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; - -// Ensure binding only occurs once. -let initialized = false; - -// __initialize()__. -// The main function that binds the NoScript settings to the security -// slider pref state. -var initialize = () => { - if (initialized) { - return; - } - initialized = true; - - try { - // LegacyExtensionContext is not there anymore. Using raw - // Services.cpmm.sendAsyncMessage mechanism to communicate with - // NoScript. - - // The component that handles WebExtensions' sendMessage. - - // __setNoScriptSettings(settings)__. - // NoScript listens for internal settings with onMessage. We can send - // a new settings JSON object according to NoScript's - // protocol and these are accepted! See the use of - // `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js. - - // TODO: Is there a better way? - let sendNoScriptSettings = settings => - sendExtensionMessage(noscriptID, settings); - - // __setNoScriptSafetyLevel(safetyLevel)__. - // Set NoScript settings according to a particular safety level - // (security slider level): 0 = Standard, 1 = Safer, 2 = Safest - let setNoScriptSafetyLevel = safetyLevel => - sendNoScriptSettings(noscriptSettings(safetyLevel)); - - // __securitySliderToSafetyLevel(sliderState)__. - // Converts the "extensions.torbutton.security_slider" pref value - // to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest - let securitySliderToSafetyLevel = sliderState => - [undefined, 2, 1, 1, 0][sliderState]; - - // Wait for the first message from NoScript to arrive, and then - // bind the security_slider pref to the NoScript settings. - let messageListener = a => { - try { - log(3, `Message received from NoScript: ${JSON.stringify([a])}`); - let noscriptPersist = Services.prefs.getBoolPref("extensions.torbutton.noscript_persist", false); - let noscriptInited = Services.prefs.getBoolPref("extensions.torbutton.noscript_inited", false); - // Set the noscript safety level once if we have never run noscript - // before, or if we are not allowing noscript per-site settings to be - // persisted between browser sessions. Otherwise make sure that the - // security slider position, if changed, will rewrite the noscript - // settings. - bindPref("extensions.torbutton.security_slider", - sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState)), - !noscriptPersist || !noscriptInited); - if (!noscriptInited) { - Services.prefs.setBoolPref("extensions.torbutton.noscript_inited", true); - } - } catch (e) { - log(5, e.message); - } - }; - waitForExtensionMessage(noscriptID, a => a.__meta.name === "started").then( - messageListener - ); - log(3, "Listening for message from NoScript."); - } catch (e) { - log(5, e.message); - } -}; - -// Export initialize() function for external use. -let EXPORTED_SYMBOLS = ["initialize"]; diff --git a/modules/security-prefs.js b/modules/security-prefs.js deleted file mode 100644 index c41458fa..00000000 --- a/modules/security-prefs.js +++ /dev/null @@ -1,150 +0,0 @@ -// # Security Settings prefs (as controlled by the Security Slider) - -// ### Utilities - -let { getBoolPref, setBoolPref, getIntPref, setIntPref, clearUserPref } = - ChromeUtils.import("resource://gre/modules/Services.jsm", {}).Services.prefs; -let { bindPref, bindPrefAndInit } = - ChromeUtils.import("resource://torbutton/modules/utils.js", {}); -let logger = Cc["@torproject.org/torbutton-logger;1"] - .getService(Ci.nsISupports).wrappedJSObject; -let log = (level, msg) => logger.log(level, msg); - -// ### Constants - -// __kSecuritySettings__. -// A table of all prefs bound to the security slider, and the value -// for each security setting. Note that 2-m and 3-m are identical, -// corresponding to the old 2-medium-high setting. We also separately -// bind NoScript settings to the extensions.torbutton.security_slider -// (see noscript-control.js). -const kSecuritySettings = { - // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion" : [, false, false, false, true ], - "javascript.options.baselinejit" : [, false, false, false, true ], - "javascript.options.native_regexp" : [, false, false, false, true ], - "mathml.disabled" : [, true, true, true, false], - "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], - "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "svg.disabled" : [, true, false, false, false], - "javascript.options.asmjs" : [, false, false, false, true ], - "javascript.options.wasm" : [, false, false, false, true ], - "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], -}; - -// The Security Settings prefs in question. -const kSliderPref = "extensions.torbutton.security_slider"; -const kCustomPref = "extensions.torbutton.security_custom"; -const kSliderMigration = "extensions.torbutton.security_slider_migration"; - -// ### Prefs - -// __write_setting_to_prefs(settingIndex)__. -// Take a given setting index and write the appropriate pref values -// to the pref database. -var write_setting_to_prefs = function (settingIndex) { - Object.keys(kSecuritySettings).forEach( - prefName => setBoolPref( - prefName, kSecuritySettings[prefName][settingIndex])); -}; - -// __read_setting_from_prefs()__. -// Read the current pref values, and decide if any of our -// security settings matches. Otherwise return null. -var read_setting_from_prefs = function (prefNames) { - prefNames = prefNames || Object.keys(kSecuritySettings); - for (let settingIndex of [1, 2, 3, 4]) { - let possibleSetting = true; - // For the given settingIndex, check if all current pref values - // match the setting. - for (let prefName of prefNames) { - if (kSecuritySettings[prefName][settingIndex] !== - getBoolPref(prefName)) { - possibleSetting = false; - } - } - if (possibleSetting) { - // We have a match! - return settingIndex; - } - } - // No matching setting; return null. - return null; -}; - -// __watch_security_prefs(onSettingChanged)__. -// Whenever a pref bound to the security slider changes, onSettingChanged -// is called with the new security setting value (1,2,3,4 or null). -// Returns a zero-arg function that ends this binding. -var watch_security_prefs = function (onSettingChanged) { - let prefNames = Object.keys(kSecuritySettings); - let unbindFuncs = []; - for (let prefName of prefNames) { - unbindFuncs.push(bindPrefAndInit( - prefName, () => onSettingChanged(read_setting_from_prefs()))); - } - // Call all the unbind functions. - return () => unbindFuncs.forEach(unbind => unbind()); -}; - -// __initialized__. -// Have we called initialize() yet? -var initialized = false; - -// __initialize()__. -// Defines the behavior of "extensions.torbutton.security_custom", -// "extensions.torbutton.security_slider", and the security-sensitive -// prefs declared in kSecuritySettings. -var initialize = function () { - // Only run once. - if (initialized) { - return; - } - log(4, "Initializing security-prefs.js"); - initialized = true; - // When security_custom is set to false, apply security_slider setting - // to the security-sensitive prefs. - bindPrefAndInit(kCustomPref, function (custom) { - if (custom === false) { - write_setting_to_prefs(getIntPref(kSliderPref)); - } - }); - // If security_slider is given a new value, then security_custom should - // be set to false. - bindPref(kSliderPref, function (prefIndex) { - setBoolPref(kCustomPref, false); - write_setting_to_prefs(prefIndex); - }); - // If a security-sensitive pref changes, then decide if the set of pref values - // constitutes a security_slider setting or a custom value. - watch_security_prefs(settingIndex => { - if (settingIndex === null) { - setBoolPref(kCustomPref, true); - } else { - setIntPref(kSliderPref, settingIndex); - setBoolPref(kCustomPref, false); - } - }); - // Migrate from old medium-low (3) to new medium (2). - if (getBoolPref("extensions.torbutton.security_custom") === false && - getIntPref("extensions.torbutton.security_slider") === 3) { - setIntPref("extensions.torbutton.security_slider", 2); - write_setting_to_prefs(2); - } - - // Revert #33613 fix - if (getIntPref(kSliderMigration, 0) < 2) { - // We can't differentiate between users having flipped `javascript.enabled` - // to `false` before it got governed by the security settings vs. those who - // had it flipped due to #33613. Reset the preference for everyone. - if (getIntPref(kSliderPref) === 1) { - setBoolPref("javascript.enabled", true); - } - clearUserPref("media.webaudio.enabled"); - setIntPref(kSliderMigration, 2); - } - log(4, "security-prefs.js initialization complete"); -}; - -// Export initialize() function for external use. -let EXPORTED_SYMBOLS = ["initialize"];