!import
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
1 const Cc = Components.classes;
2 const Ci = Components.interfaces;
3
4 // This is copied from toolkit/components/content/js/lang.js.
5 // It seems cleaner to copy this rather than #include from so far away.
inherits
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
6 Function.prototype.inherits = function(parentCtor) {
anon:7:17
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
7 var tempCtor = function(){};
8 tempCtor.prototype = parentCtor.prototype;
9 this.superClass_ = parentCtor.prototype;
10 this.prototype = new tempCtor();
11 }
12
13 /* ***** BEGIN LICENSE BLOCK *****
14 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
15 *
16 * The contents of this file are subject to the Mozilla Public License Version
17 * 1.1 (the "License"); you may not use this file except in compliance with
18 * the License. You may obtain a copy of the License at
19 * http://www.mozilla.org/MPL/
20 *
21 * Software distributed under the License is distributed on an "AS IS" basis,
22 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
23 * for the specific language governing rights and limitations under the
24 * License.
25 *
26 * The Original Code is Google Safe Browsing.
27 *
28 * The Initial Developer of the Original Code is Google Inc.
29 * Portions created by the Initial Developer are Copyright (C) 2006
30 * the Initial Developer. All Rights Reserved.
31 *
32 * Contributor(s):
33 * Fritz Schneider <fritz@google.com> (original author)
34 * Scott MacGregor <mscott@mozilla.org>
35 *
36 * Alternatively, the contents of this file may be used under the terms of
37 * either the GNU General Public License Version 2 or later (the "GPL"), or
38 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
39 * in which case the provisions of the GPL or the LGPL are applicable instead
40 * of those above. If you wish to allow use of your version of this file only
41 * under the terms of either the GPL or the LGPL, and not to allow others to
42 * use your version of this file under the terms of the MPL, indicate your
43 * decision by deleting the provisions above and replace them with the notice
44 * and other provisions required by the GPL or the LGPL. If you do not delete
45 * the provisions above, a recipient may use your version of this file under
46 * the terms of any one of the MPL, the GPL or the LGPL.
47 *
48 * ***** END LICENSE BLOCK ***** */
49
50 // We instantiate this variable when we create the application.
51 var gDataProvider = null;
52
53 // An instance of our application is a PROT_Application object. It
54 // basically just populates a few globals and instantiates wardens and
55 // the listmanager.
56
57 /**
58 * An instance of our application. There should be exactly one of these.
59 *
60 * Note: This object should instantiated only at profile-after-change
61 * or later because the listmanager and the cryptokeymanager need to
62 * read and write data files. Additionally, NSS isn't loaded until
63 * some time around then (Moz bug #321024).
64 *
65 * @constructor
66 */
PROT_Application
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
67 function PROT_Application() {
68 this.debugZone= "application";
69
70 this.PROT_PhishingWarden = PROT_PhishingWarden;
71
72 // Load data provider pref values
73 gDataProvider = new PROT_DataProvider();
74
75 // expose the object
76 this.wrappedJSObject = this;
77 }
78
79 /**
80 * @return String the report phishing URL (localized).
81 */
getReportPhishingURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
82 PROT_Application.prototype.getReportPhishingURL = function() {
83 return gDataProvider.getReportPhishURL();
84 }
85
86 /**
87 * @return String the report error URL (localized).
88 */
getReportErrorURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
89 PROT_Application.prototype.getReportErrorURL = function() {
90 return gDataProvider.getReportErrorURL();
91 }
92 /* ***** BEGIN LICENSE BLOCK *****
93 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
94 *
95 * The contents of this file are subject to the Mozilla Public License Version
96 * 1.1 (the "License"); you may not use this file except in compliance with
97 * the License. You may obtain a copy of the License at
98 * http://www.mozilla.org/MPL/
99 *
100 * Software distributed under the License is distributed on an "AS IS" basis,
101 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
102 * for the specific language governing rights and limitations under the
103 * License.
104 *
105 * The Original Code is Google Safe Browsing.
106 *
107 * The Initial Developer of the Original Code is Google Inc.
108 * Portions created by the Initial Developer are Copyright (C) 2006
109 * the Initial Developer. All Rights Reserved.
110 *
111 * Contributor(s):
112 * Fritz Schneider <fritz@google.com> (original author)
113 * J. Paul Reed <preed@mozilla.com>
114 * Scott MacGregor <mscott@mozilla.org>
115 *
116 * Alternatively, the contents of this file may be used under the terms of
117 * either the GNU General Public License Version 2 or later (the "GPL"), or
118 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
119 * in which case the provisions of the GPL or the LGPL are applicable instead
120 * of those above. If you wish to allow use of your version of this file only
121 * under the terms of either the GPL or the LGPL, and not to allow others to
122 * use your version of this file under the terms of the MPL, indicate your
123 * decision by deleting the provisions above and replace them with the notice
124 * and other provisions required by the GPL or the LGPL. If you do not delete
125 * the provisions above, a recipient may use your version of this file under
126 * the terms of any one of the MPL, the GPL or the LGPL.
127 *
128 * ***** END LICENSE BLOCK ***** */
129
130
131 // A class that encapsulates data provider specific values. The
132 // root of the provider pref tree is browser.safebrowsing.provider.
133 // followed by a number, followed by specific properties. The properties
134 // that a data provider can supply are:
135 //
136 // name: The name of the provider
137 // lookupURL: The URL to send requests to in enhanced mode
138 // keyURL: Before we send URLs in enhanced mode, we need to encrypt them
139 // reportURL: When shown a warning bubble, we send back the user decision
140 // (get me out of here/ignore warning) to this URL (strip cookies
141 // first). This is optional.
142 // reportGenericURL: HTML page for general user feedback
143 // reportPhishURL: HTML page for notifying the provider of a new phishing page
144 // reportErrorURL: HTML page for notifying the provider of a false positive
145
146 const kDataProviderIdPref = 'browser.safebrowsing.dataProvider';
147 const kProviderBasePref = 'browser.safebrowsing.provider.';
148
149 const MOZ_PARAM_LOCALE = /\{moz:locale\}/g;
150 const MOZ_PARAM_CLIENT = /\{moz:client\}/g;
151 const MOZ_PARAM_BUILDID = /\{moz:buildid\}/g;
152 const MOZ_PARAM_VERSION = /\{moz:version\}/g;
153
154 /**
155 * Information regarding the data provider.
156 */
PROT_DataProvider
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
157 function PROT_DataProvider() {
158 this.prefs_ = new G_Preferences();
159
160 this.loadDataProviderPrefs_();
161
162 // Watch for changes in the data provider and update accordingly.
163 this.prefs_.addObserver(kDataProviderIdPref,
164 BindToObject(this.loadDataProviderPrefs_, this));
165
166 // Watch for when anti-phishing is toggled on or off.
167 this.prefs_.addObserver(kPhishWardenEnabledPref,
168 BindToObject(this.loadDataProviderPrefs_, this));
169 }
170
171 /**
172 * Populate all the provider variables. We also call this when whenever
173 * the provider id changes.
174 */
loadDataProviderPrefs_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
175 PROT_DataProvider.prototype.loadDataProviderPrefs_ = function() {
176 // Currently, there's no UI for changing local list provider so we
177 // hard code the value for provider 0.
178 this.updateURL_ = this.getUrlPref_(
179 'browser.safebrowsing.provider.0.updateURL');
180
181 var id = this.prefs_.getPref(kDataProviderIdPref, null);
182
183 // default to 0
184 if (null == id)
185 id = 0;
186
187 var basePref = kProviderBasePref + id + '.';
188
189 this.name_ = this.prefs_.getPref(basePref + "name", "");
190
191 // Urls used to get data from a provider
192 this.lookupURL_ = this.getUrlPref_(basePref + "lookupURL");
193 this.keyURL_ = this.getUrlPref_(basePref + "keyURL");
194 this.reportURL_ = this.getUrlPref_(basePref + "reportURL");
195
196 // Urls to HTML report pages
197 this.reportGenericURL_ = this.getUrlPref_(basePref + "reportGenericURL");
198 this.reportErrorURL_ = this.getUrlPref_(basePref + "reportErrorURL");
199 this.reportPhishURL_ = this.getUrlPref_(basePref + "reportPhishURL");
200
201 // Propogate the changes to the list-manager.
202 this.updateListManager_();
203 }
204
205 /**
206 * The list manager needs urls to operate. It needs a url to know where the
207 * table updates are, and it needs a url for decrypting enchash style tables.
208 */
updateListManager_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
209 PROT_DataProvider.prototype.updateListManager_ = function() {
210 var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]
211 .getService(Ci.nsIUrlListManager);
212
213 // If we add support for changing local data providers, we need to add a
214 // pref observer that sets the update url accordingly.
215 listManager.setUpdateUrl(this.getUpdateURL());
216
217 // setKeyUrl has the side effect of fetching a key from the server.
218 // This shouldn't happen if anti-phishing is disabled, so we need to
219 // check for that.
220 var isEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, false);
221 if (isEnabled) {
222 listManager.setKeyUrl(this.getKeyURL());
223 }
224 }
225
226 /**
227 * Lookup the value of a URL from prefs file and do parameter substitution.
228 */
getUrlPref_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
229 PROT_DataProvider.prototype.getUrlPref_ = function(prefName) {
230 var url = this.prefs_.getPref(prefName);
231
232 var appInfo = Components.classes["@mozilla.org/xre/app-info;1"]
233 .getService(Components.interfaces.nsIXULAppInfo);
234
235 // What value should we use here for Thunderbird??
236 var mozClientStr = appInfo.name;
237
238 // Parameter substitution
239 url = url.replace(MOZ_PARAM_LOCALE, this.getLocale_());
240 url = url.replace(MOZ_PARAM_CLIENT, mozClientStr + appInfo.version);
241 url = url.replace(MOZ_PARAM_BUILDID, appInfo.appBuildID);
242 url = url.replace(MOZ_PARAM_VERSION, appInfo.platformVersion);
243 return url;
244 }
245
246 /**
247 * @return String the user locale (similar code is in nsSearchService.js)
248 */
getLocale_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
249 PROT_DataProvider.prototype.getLocale_ = function() {
250 const localePref = "general.useragent.locale";
251 var locale = this.getLocalizedPref_(localePref);
252 if (locale)
253 return locale;
254
255 // Not localized
256 var prefs = new G_Preferences();
257 return prefs.getPref(localePref, "");
258 }
259
260 /**
261 * @return String name of the localized pref, null if none exists.
262 */
getLocalizedPref_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
263 PROT_DataProvider.prototype.getLocalizedPref_ = function(aPrefName) {
264 // G_Preferences doesn't know about complex values, so we use the
265 // xpcom object directly.
266 var prefs = Cc["@mozilla.org/preferences-service;1"]
267 .getService(Ci.nsIPrefBranch);
268 try {
269 return prefs.getComplexValue(aPrefName, Ci.nsIPrefLocalizedString).data;
270 } catch (ex) {
271 }
272 return "";
273 }
274
275 //////////////////////////////////////////////////////////////////////////////
276 // Getters for the remote provider pref values mentioned above.
getName
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
277 PROT_DataProvider.prototype.getName = function() {
278 return this.name_;
279 }
280
getUpdateURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
281 PROT_DataProvider.prototype.getUpdateURL = function() {
282 return this.updateURL_;
283 }
284
getLookupURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
285 PROT_DataProvider.prototype.getLookupURL = function() {
286 return this.lookupURL_;
287 }
getKeyURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
288 PROT_DataProvider.prototype.getKeyURL = function() {
289 return this.keyURL_;
290 }
getReportURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
291 PROT_DataProvider.prototype.getReportURL = function() {
292 return this.reportURL_;
293 }
294
getReportGenericURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
295 PROT_DataProvider.prototype.getReportGenericURL = function() {
296 return this.reportGenericURL_;
297 }
getReportErrorURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
298 PROT_DataProvider.prototype.getReportErrorURL = function() {
299 return this.reportErrorURL_;
300 }
getReportPhishURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
301 PROT_DataProvider.prototype.getReportPhishURL = function() {
302 return this.reportPhishURL_;
303 }
304 /* ***** BEGIN LICENSE BLOCK *****
305 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
306 *
307 * The contents of this file are subject to the Mozilla Public License Version
308 * 1.1 (the "License"); you may not use this file except in compliance with
309 * the License. You may obtain a copy of the License at
310 * http://www.mozilla.org/MPL/
311 *
312 * Software distributed under the License is distributed on an "AS IS" basis,
313 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
314 * for the specific language governing rights and limitations under the
315 * License.
316 *
317 * The Original Code is Google Safe Browsing.
318 *
319 * The Initial Developer of the Original Code is Google Inc.
320 * Portions created by the Initial Developer are Copyright (C) 2006
321 * the Initial Developer. All Rights Reserved.
322 *
323 * Contributor(s):
324 * Niels Provos <niels@google.com> (original author)
325 * Fritz Schneider <fritz@google.com>
326 * Scott MacGregor <mscott@mozilla.org>
327 *
328 * Alternatively, the contents of this file may be used under the terms of
329 * either the GNU General Public License Version 2 or later (the "GPL"), or
330 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
331 * in which case the provisions of the GPL or the LGPL are applicable instead
332 * of those above. If you wish to allow use of your version of this file only
333 * under the terms of either the GPL or the LGPL, and not to allow others to
334 * use your version of this file under the terms of the MPL, indicate your
335 * decision by deleting the provisions above and replace them with the notice
336 * and other provisions required by the GPL or the LGPL. If you do not delete
337 * the provisions above, a recipient may use your version of this file under
338 * the terms of any one of the MPL, the GPL or the LGPL.
339 *
340 * ***** END LICENSE BLOCK ***** */
341
342 // A warden that knows how to register lists with a listmanager and keep them
343 // updated if necessary. The ListWarden also provides a simple interface to
344 // check if a URL is evil or not. Specialized wardens like the PhishingWarden
345 // inherit from it.
346 //
347 // Classes that inherit from ListWarden are responsible for calling
348 // enableTableUpdates or disableTableUpdates. This usually entails
349 // registering prefObservers and calling enable or disable in the base
350 // class as appropriate.
351 //
352
353 /**
354 * Abtracts the checking of user/browser actions for signs of
355 * phishing.
356 *
357 * @constructor
358 */
PROT_ListWarden
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
359 function PROT_ListWarden() {
360 this.debugZone = "listwarden";
361 var listManager = Cc["@mozilla.org/url-classifier/listmanager;1"]
362 .getService(Ci.nsIUrlListManager);
363 this.listManager_ = listManager;
364
365 // Once we register tables, their respective names will be listed here.
366 this.blackTables_ = [];
367 this.whiteTables_ = [];
368 }
369
370 PROT_ListWarden.IN_BLACKLIST = 0
371 PROT_ListWarden.IN_WHITELIST = 1
372 PROT_ListWarden.NOT_FOUND = 2
373
374 /**
375 * Tell the ListManger to keep all of our tables updated
376 */
377
enableBlacklistTableUpdates
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
378 PROT_ListWarden.prototype.enableBlacklistTableUpdates = function() {
379 for (var i = 0; i < this.blackTables_.length; ++i) {
380 this.listManager_.enableUpdate(this.blackTables_[i]);
381 }
382 }
383
384 /**
385 * Tell the ListManager to stop updating our tables
386 */
387
disableBlacklistTableUpdates
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
388 PROT_ListWarden.prototype.disableBlacklistTableUpdates = function() {
389 for (var i = 0; i < this.blackTables_.length; ++i) {
390 this.listManager_.disableUpdate(this.blackTables_[i]);
391 }
392 }
393
394 /**
395 * Tell the ListManager to update whitelist tables. They may be enabled even
396 * when other updates aren't, for performance reasons.
397 */
enableWhitelistTableUpdates
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
398 PROT_ListWarden.prototype.enableWhitelistTableUpdates = function() {
399 for (var i = 0; i < this.whiteTables_.length; ++i) {
400 this.listManager_.enableUpdate(this.whiteTables_[i]);
401 }
402 }
403
404 /**
405 * Tell the ListManager to stop updating whitelist tables.
406 */
disableWhitelistTableUpdates
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
407 PROT_ListWarden.prototype.disableWhitelistTableUpdates = function() {
408 for (var i = 0; i < this.whiteTables_.length; ++i) {
409 this.listManager_.disableUpdate(this.whiteTables_[i]);
410 }
411 }
412
413 /**
414 * Register a new black list table with the list manager
415 * @param tableName - name of the table to register
416 * @returns true if the table could be registered, false otherwise
417 */
418
registerBlackTable
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
419 PROT_ListWarden.prototype.registerBlackTable = function(tableName) {
420 var result = this.listManager_.registerTable(tableName, false);
421 if (result) {
422 this.blackTables_.push(tableName);
423 }
424 return result;
425 }
426
427 /**
428 * Register a new white list table with the list manager
429 * @param tableName - name of the table to register
430 * @returns true if the table could be registered, false otherwise
431 */
432
registerWhiteTable
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
433 PROT_ListWarden.prototype.registerWhiteTable = function(tableName) {
434 var result = this.listManager_.registerTable(tableName, false);
435 if (result) {
436 this.whiteTables_.push(tableName);
437 }
438 return result;
439 }
440
441 /**
442 * Method that looks up a url on the whitelist.
443 *
444 * @param url The URL to check
445 * @param callback Function with a single param:
446 * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST,
447 * or PROT_ListWarden.NOT_FOUND
448 */
isWhiteURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
449 PROT_ListWarden.prototype.isWhiteURL = function(url, callback) {
450 (new MultiTableQuerier(url,
451 this.whiteTables_,
452 [] /* no blacklists */,
453 callback)).run();
454 }
455
456 /**
457 * Method that looks up a url in both the white and black lists.
458 *
459 * If there is conflict, the white list has precedence over the black list.
460 *
461 * This is tricky because all database queries are asynchronous. So we need
462 * to chain together our checks against white and black tables. We use
463 * MultiTableQuerier (see below) to manage this.
464 *
465 * @param msgURI uri corresponding to the message the url came from
466 * @param aFailsStaticTests boolean result for whether the url failed our static tests
467 * @param url URL to look up
468 * @param callback Function with a single param:
469 * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST,
470 * or PROT_ListWarden.NOT_FOUND
471 */
isEvilURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
472 PROT_ListWarden.prototype.isEvilURL = function(msgURI, aFailsStaticTests, url, callback) {
473 var evilCallback = BindToObject(callback,
474 null,
475 msgURI,
476 aFailsStaticTests,
477 url);
478
479 (new MultiTableQuerier(url,
480 this.whiteTables_,
481 this.blackTables_,
482 evilCallback)).run();
483 }
484
485 /**
486 * This class helps us query multiple tables even though each table check
487 * is asynchronous. It provides callbacks for each listManager lookup
488 * and decides whether we need to continue querying or not. After
489 * instantiating the method, use run() to invoke.
490 *
491 * @param url String The url to check
492 * @param whiteTables Array of strings with each white table name
493 * @param blackTables Array of strings with each black table name
494 * @param callback Function to call with result
495 * PROT_ListWarden.IN_BLACKLIST, PROT_ListWarden.IN_WHITELIST,
496 * or PROT_ListWarden.NOT_FOUND
497 */
MultiTableQuerier
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
498 function MultiTableQuerier(url, whiteTables, blackTables, callback) {
499 this.debugZone = "multitablequerier";
500 this.url_ = url;
501
502 this.whiteTables_ = {};
503 for (var i = 0; i < whiteTables.length; i++) {
504 this.whiteTables_[whiteTables[i]] = true;
505 }
506
507 this.blackTables_ = {};
508 for (var i = 0; i < blackTables.length; i++) {
509 this.blackTables_[blackTables[i]] = true;
510 }
511
512 this.callback_ = callback;
513 this.listManager_ = Cc["@mozilla.org/url-classifier/listmanager;1"]
514 .getService(Ci.nsIUrlListManager);
515 }
516
run
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
517 MultiTableQuerier.prototype.run = function() {
518 /* ask the dbservice for all the tables to which this URL belongs */
519 this.listManager_.safeLookup(this.url_,
520 BindToObject(this.lookupCallback_, this));
521 }
522
lookupCallback_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
523 MultiTableQuerier.prototype.lookupCallback_ = function(result) {
524 if (result == "") {
525 this.callback_(PROT_ListWarden.NOT_FOUND);
526 return;
527 }
528
529 var tableNames = result.split(",");
530
531 /* Check the whitelists */
532 for (var i = 0; i < tableNames.length; i++) {
533 if (tableNames[i] && this.whiteTables_[tableNames[i]]) {
534 this.callback_(PROT_ListWarden.IN_WHITELIST);
535 return;
536 }
537 }
538
539 /* Check the blacklists */
540 for (var i = 0; i < tableNames.length; i++) {
541 if (tableNames[i] && this.blackTables_[tableNames[i]]) {
542 this.callback_(PROT_ListWarden.IN_BLACKLIST);
543 return;
544 }
545 }
546
547 /* Not in any lists we know about */
548 this.callback_(PROT_ListWarden.NOT_FOUND);
549 }
550 /* ***** BEGIN LICENSE BLOCK *****
551 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
552 *
553 * The contents of this file are subject to the Mozilla Public License Version
554 * 1.1 (the "License"); you may not use this file except in compliance with
555 * the License. You may obtain a copy of the License at
556 * http://www.mozilla.org/MPL/
557 *
558 * Software distributed under the License is distributed on an "AS IS" basis,
559 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
560 * for the specific language governing rights and limitations under the
561 * License.
562 *
563 * The Original Code is Google Safe Browsing.
564 *
565 * The Initial Developer of the Original Code is Google Inc.
566 * Portions created by the Initial Developer are Copyright (C) 2006
567 * the Initial Developer. All Rights Reserved.
568 *
569 * Contributor(s):
570 * Fritz Schneider <fritz@google.com> (original author)
571 * Scott MacGregor <mscott@mozilla.org>
572 *
573 * Alternatively, the contents of this file may be used under the terms of
574 * either the GNU General Public License Version 2 or later (the "GPL"), or
575 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
576 * in which case the provisions of the GPL or the LGPL are applicable instead
577 * of those above. If you wish to allow use of your version of this file only
578 * under the terms of either the GPL or the LGPL, and not to allow others to
579 * use your version of this file under the terms of the MPL, indicate your
580 * decision by deleting the provisions above and replace them with the notice
581 * and other provisions required by the GPL or the LGPL. If you do not delete
582 * the provisions above, a recipient may use your version of this file under
583 * the terms of any one of the MPL, the GPL or the LGPL.
584 *
585 * ***** END LICENSE BLOCK ***** */
586
587
588 // The warden checks URLs to see if they are phishing URLs. It
589 // does so by querying our locally stored blacklists (privacy
590 // mode).
591 //
592 // Note: There is a single warden for the whole application.
593
594 const kPhishWardenEnabledPref = "browser.safebrowsing.enabled";
595
596 // We have hardcoded URLs that let people navigate to in order to
597 // check out the warning.
598 const kTestUrls = {
599 "http://www.google.com/tools/firefox/safebrowsing/phish-o-rama.html": true,
600 "http://www.mozilla.org/projects/bonecho/anti-phishing/its-a-trap.html": true,
601 "http://www.mozilla.com/firefox/its-a-trap.html": true,
602 }
603
604 /**
605 * Abtracts the checking of user/browser actions for signs of
606 * phishing.
607 *
608 * @param progressListener nsIDocNavStartProgressListener
609 * @constructor
610 */
PROT_PhishingWarden
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
611 function PROT_PhishingWarden(progressListener) {
612 PROT_ListWarden.call(this);
613
614 this.debugZone = "phishwarden";
615 this.testing_ = false;
616
617 // Use this to query preferences
618 this.prefs_ = new G_Preferences();
619
620 // Global preference to enable the phishing warden
621 this.phishWardenEnabled_ = this.prefs_.getPref(kPhishWardenEnabledPref, null);
622
623 // Get notifications when the phishing warden enabled pref changes
624 var phishWardenPrefObserver =
625 BindToObject(this.onPhishWardenEnabledPrefChanged, this);
626 this.prefs_.addObserver(kPhishWardenEnabledPref, phishWardenPrefObserver);
627
628 // Get notifications when the data provider pref changes
629 var dataProviderPrefObserver =
630 BindToObject(this.onDataProviderPrefChanged, this);
631 this.prefs_.addObserver(kDataProviderIdPref, dataProviderPrefObserver);
632
633 G_Debug(this, "phishWarden initialized");
634 }
635
636 PROT_PhishingWarden.inherits(PROT_ListWarden);
637
638 /**
639 * We implement nsIWebProgressListener
640 */
QueryInterface
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
641 PROT_PhishingWarden.prototype.QueryInterface = function(iid) {
642 if (iid.equals(Ci.nsISupports) ||
643 iid.equals(Ci.nsISupportsWeakReference))
644 return this;
645 throw Components.results.NS_ERROR_NO_INTERFACE;
646 }
647
648 /**
649 * Cleanup on shutdown.
650 */
shutdown
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
651 PROT_PhishingWarden.prototype.shutdown = function() {
652 this.prefs_.removeAllObservers();
653 }
654
655 /**
656 * When a preference (either advanced features or the phishwarden
657 * enabled) changes, we might have to start or stop asking for updates.
658 *
659 * This is a little tricky; we start or stop management only when we
660 * have complete information we can use to determine whether we
661 * should. It could be the case that one pref or the other isn't set
662 * yet (e.g., they haven't opted in/out of advanced features). So do
663 * nothing unless we have both pref values -- we get notifications for
664 * both, so eventually we will start correctly.
665 */
maybeToggleUpdateChecking
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
666 PROT_PhishingWarden.prototype.maybeToggleUpdateChecking = function() {
667 if (this.testing_)
668 return;
669
670 var phishWardenEnabled = this.prefs_.getPref(kPhishWardenEnabledPref, null);
671
672 // Do nothing unless the phishing warden pref is set. It can be null (unset), true, or
673 // false.
674 if (phishWardenEnabled === null)
675 return;
676
677 // We update and save to disk all tables if we don't have remote checking
678 // enabled.
679 if (phishWardenEnabled === true) {
680 // If anti-phishing is enabled, we always download the local files to
681 // use in case remote lookups fail.
682 this.enableBlacklistTableUpdates();
683 this.enableWhitelistTableUpdates();
684 } else {
685 // Anti-phishing is off, disable table updates
686 this.disableBlacklistTableUpdates();
687 this.disableWhitelistTableUpdates();
688 }
689 }
690
691 /**
692 * Deal with a user changing the pref that says whether we should
693 * enable the phishing warden (i.e., that SafeBrowsing is active)
694 *
695 * @param prefName Name of the pref holding the value indicating whether
696 * we should enable the phishing warden
697 */
onPhishWardenEnabledPrefChanged
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
698 PROT_PhishingWarden.prototype.onPhishWardenEnabledPrefChanged = function(
699 prefName) {
700 this.phishWardenEnabled_ = this.prefs_.getPref(prefName, this.phishWardenEnabled_);
701 this.maybeToggleUpdateChecking();
702 }
703
704 /**
705 * Event fired when the user changes data providers.
706 */
onDataProviderPrefChanged
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
707 PROT_PhishingWarden.prototype.onDataProviderPrefChanged = function(prefName) {
708 }
709
710 /**
711 * Indicates if this URL is one of the possible blacklist test URLs.
712 * These test URLs should always be considered as phishy.
713 *
714 * @param url URL to check
715 * @return A boolean indicating whether this is one of our blacklist
716 * test URLs
717 */
isBlacklistTestURL
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
718 PROT_PhishingWarden.prototype.isBlacklistTestURL = function(url) {
719 // Explicitly check for URL so we don't get JS warnings in strict mode.
720 if (kTestUrls[url])
721 return true;
722 return false;
723 }
724
725 /**
726 * Callback for found local blacklist match. First we report that we have
727 * a blacklist hit, then we bring up the warning dialog.
728 * @param status Number enum from callback (PROT_ListWarden.IN_BLACKLIST,
729 * PROT_ListWarden.IN_WHITELIST, PROT_ListWarden.NOT_FOUND)
730 */
localListMatch_
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
731 PROT_PhishingWarden.prototype.localListMatch_ = function(url, request, status) {
732 if (PROT_ListWarden.IN_BLACKLIST != status)
733 return;
734 }
735 //@line 17 "/home/visbrero/mnt/roisin/rev_control/hg/mozilla/mail/components/phishing/nsPhishingProtectionApplication.js"
736
737 var modScope = this;
Init
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
738 function Init() {
739 var jslib = Cc["@mozilla.org/url-classifier/jslib;1"]
740 .getService().wrappedJSObject;
741 modScope.G_Debug = jslib.G_Debug;
742 modScope.G_Assert = jslib.G_Assert;
743 modScope.G_Alarm = jslib.G_Alarm;
744 modScope.G_ConditionalAlarm = jslib.G_ConditionalAlarm;
745 modScope.G_ObserverWrapper = jslib.G_ObserverWrapper;
746 modScope.G_Preferences = jslib.G_Preferences;
747 modScope.PROT_XMLFetcher = jslib.PROT_XMLFetcher;
748 modScope.BindToObject = jslib.BindToObject;
749 modScope.G_Protocol4Parser = jslib.G_Protocol4Parser;
750 modScope.PROT_UrlCrypto = jslib.PROT_UrlCrypto;
751 modScope.RequestBackoff = jslib.RequestBackoff;
752
753 // We only need to call Init once
anon:754:18
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
754 modScope.Init = function() {};
755 }
756
757 // Module object
PhishingProtectionApplicationMod
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
758 function PhishingProtectionApplicationMod() {
759 this.firstTime = true;
760 this.cid = Components.ID("{C46D1931-4B6A-4e52-99B0-7877F70634DE}");
761 this.progid = "@mozilla.org/phishingprotection/application;1";
762 }
763
registerSelf
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
764 PhishingProtectionApplicationMod.prototype.registerSelf = function(compMgr, fileSpec, loc, type) {
765 if (this.firstTime) {
766 this.firstTime = false;
767 throw Components.results.NS_ERROR_FACTORY_REGISTER_AGAIN;
768 }
769 compMgr = compMgr.QueryInterface(Ci.nsIComponentRegistrar);
770 compMgr.registerFactoryLocation(this.cid,
771 "Phishing Protection Application Module",
772 this.progid,
773 fileSpec,
774 loc,
775 type);
776 };
777
getClassObject
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
778 PhishingProtectionApplicationMod.prototype.getClassObject = function(compMgr, cid, iid) {
779 if (!cid.equals(this.cid))
780 throw Components.results.NS_ERROR_NO_INTERFACE;
781 if (!iid.equals(Ci.nsIFactory))
782 throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
783
784 return this.factory;
785 }
786
canUnload
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
787 PhishingProtectionApplicationMod.prototype.canUnload = function(compMgr) {
788 return true;
789 }
790
791 PhishingProtectionApplicationMod.prototype.factory = {
createInstance
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
792 createInstance: function(outer, iid) {
793 if (outer != null)
794 throw Components.results.NS_ERROR_NO_AGGREGATION;
795 Init();
796 return new PROT_Application();
797 }
798 };
799
800 var ApplicationModInst = new PhishingProtectionApplicationMod();
801
NSGetModule
(0 calls, 0 incl. v-uS, 0 excl. v-uS)
802 function NSGetModule(compMgr, fileSpec) {
803 return ApplicationModInst;
804 }