This repository has been archived by the owner on Mar 31, 2021. It is now read-only.
/
instanceactions.py
238 lines (190 loc) · 8.43 KB
/
instanceactions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
"""
Prototype
---------
args
the raw list of arguments
traverser
the traverser
node
the current node being evaluated
"""
import types
import actions
from validator.compat import FX10_DEFINITION, FX14_DEFINITION
from validator.constants import BUGZILLA_BUG
from jstypes import *
from instanceproperties import _set_HTML_property
def createElement(args, traverser, node, wrapper):
"""Handles createElement calls"""
if not args:
return
simple_args = map(traverser._traverse_node, args)
first_as_str = actions._get_as_str(simple_args[0].get_literal_value())
if first_as_str.lower() == u"script":
_create_script_tag(traverser)
elif not simple_args[0].is_literal():
_create_variable_element(traverser)
def createElementNS(args, traverser, node, wrapper):
"""Handles createElementNS calls"""
if not args or len(args) < 2:
return
simple_args = map(traverser._traverse_node, args)
second_as_str = actions._get_as_str(simple_args[1].get_literal_value())
if "script" in second_as_str.lower():
_create_script_tag(traverser)
elif not simple_args[1].is_literal():
_create_variable_element(traverser)
def QueryInterface(args, traverser, node, wrapper):
"""Handles QueryInterface calls"""
if not args:
return
from call_definitions import xpcom_constructor
return xpcom_constructor("QueryInterface", True, True)(
wrapper=node,
arguments=args,
traverser=traverser)
def getInterface(args, traverser, node, wrapper):
"""Handles getInterface calls"""
# This really only needs to be handled for nsIInterfaceRequestor
# intarfaces, but as it's fair for code to assume that that
# interface has already been queried and methods with this name
# are unlikely to behave differently, we just process it for all
# objects.
if not args:
return
from call_definitions import xpcom_constructor
return xpcom_constructor("getInterface")(
wrapper=node,
arguments=args,
traverser=traverser)
def _create_script_tag(traverser):
"""Raises a warning that the dev is creating a script tag"""
traverser.err.warning(
err_id=("testcases_javascript_instanceactions", "_call_expression",
"called_createelement"),
warning="createElement() used to create script tag",
description="The createElement() function was used to create a script "
"tag in a JavaScript file. Add-ons are not allowed to "
"create script tags or load code dynamically from the "
"web.",
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context)
def _create_variable_element(traverser):
"""Raises a warning that the dev is creating an arbitrary element"""
traverser.err.warning(
err_id=("testcases_javascript_instanceactions", "_call_expression",
"createelement_variable"),
warning="Variable element type being created",
description=["createElement or createElementNS were used with a "
"variable rather than a raw string. Literal values should "
"be used when taking advantage of the element creation "
"functions.",
"E.g.: createElement('foo') rather than "
"createElement(el_type)"],
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context)
def setAttribute(args, traverser, node, wrapper):
"""This ensures that setAttribute calls don't set on* attributes"""
if not args:
return
simple_args = [traverser._traverse_node(a) for a in args]
first_as_str = actions._get_as_str(simple_args[0].get_literal_value())
if first_as_str.lower().startswith("on"):
traverser.err.notice(
err_id=("testcases_javascript_instanceactions", "setAttribute",
"setting_on*"),
notice="on* attribute being set using setAttribute",
description="To prevent vulnerabilities, event handlers (like "
"'onclick' and 'onhover') should always be defined "
"using addEventListener.",
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context)
def nsIDOMFile_deprec(args, traverser, node, wrapper):
"""A wrapper for call_definitions.nsIDOMFile_deprec."""
from call_definitions import nsIDOMFile_deprec as cd_nsIDOMFile_deprec
cd_nsIDOMFile_deprec(None, [], traverser)
def insertAdjacentHTML(args, traverser, node, wrapper):
"""
Perfrom the same tests on content inserted into the DOM via
insertAdjacentHTML as we otherwise would for content inserted via the
various innerHTML/outerHTML properties.
"""
if not args or len(args) < 2:
return
content = traverser._traverse_node(args[1])
_set_HTML_property("insertAdjacentHTML", content, traverser)
def isSameNode(args, traverser, node, wrapper):
"""Raise an error when an add-on uses node.isSameNode(foo)."""
traverser.err.error(
err_id=("testcases_javascript_instanceactions", "isSameNode"),
error="isSameNode function has been removed in Gecko 10.",
description='The "isSameNode" function has been removed. You can use '
'the === operator as an alternative. See %s for more '
'information.' % BUGZILLA_BUG % 687400,
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context,
for_appversions=FX10_DEFINITION,
compatibility_type="error",
tier=5)
def openDialog(args, traverser, node, wrapper):
"""Raise an error if the first argument is a remote URL."""
if not args:
return
uri = traverser._traverse_node(args[0])
from call_definitions import open_in_chrome_context
open_in_chrome_context(uri, "openDialog", traverser)
def replaceWholeText(args, traverser, node, wrapper):
"""Raise an error when an add-on uses node.replaceWholeText(foo)."""
traverser.err.error(
err_id=("testcases_javascript_instanceactions", "replaceWholeText"),
error="replaceWholeText function has been removed in Gecko 10.",
description='The "replaceWholeText" function has been removed. See '
'%s for more information.' % BUGZILLA_BUG % 683482,
filename=traverser.filename,
line=traverser.line,
column=traverser.position,
context=traverser.context,
for_appversions=FX10_DEFINITION,
compatibility_type="error",
tier=5)
def PageMod(args, traverser, node, wrapper):
"""
This is the function that is called in Jetpack to modify the contents of a
page with a "content script". This function needs to analyze he first
parameter. If it is an object and if that object contains a "contentScript"
string, that string needs to be passed to the validator.testcases.scripting
library for testing as its own JS script file.
"""
if not args:
return
pm_properties = traverser._traverse_node(args[0])
if not pm_properties.has_property("contentScript"):
return
content_script = pm_properties.get(traverser, "contentScript")
content_script = content_script.get_literal_value()
if not isinstance(content_script, (str, unicode)):
return
import validator.testcases.scripting as sub_scripting
sub_scripting.test_js_file(
traverser.err, traverser.filename, content_script,
line=traverser.line, context=traverser.context)
INSTANCE_DEFINITIONS = {"createElement": createElement,
"createElementNS": createElementNS,
"getAsBinary": nsIDOMFile_deprec,
"getAsDataURL": nsIDOMFile_deprec,
"getInterface": getInterface,
"insertAdjacentHTML": insertAdjacentHTML,
"isSameNode": isSameNode,
"openDialog": openDialog,
"PageMod": PageMod,
"QueryInterface": QueryInterface,
"replaceWholeText": replaceWholeText,
"setAttribute": setAttribute}