executeRecipe: Task.async(function* (recipe, extraContext) {
const sandbox = new Cu.Sandbox(null, {
wantComponents: false,
wantGlobalProperties: ['URL', 'URLSearchParams'],
});
sandbox.setTimeout = Cu.cloneInto(setTimeout, sandbox, {cloneFunctions: true});
let action = yield NormandyApi.fetchAction(recipe.action);
let response = yield Http.get({url: action.implementation_url});
const actionScript = response.text;
const registerActionScript = `
function registerAction(name, Action) {
let a = new Action(sandboxedDriver, sandboxedRecipe);
a.execute()
.catch(err => sandboxedDriver.log(err, 'error'));
};
window.registerAction = registerAction;
`;
const driver = new NormandyDriver(this, sandbox, extraContext);
sandbox.sandboxedDriver = Cu.cloneInto(driver, sandbox, {cloneFunctions: true});
sandbox.sandboxedRecipe = Cu.cloneInto(recipe, sandbox);
sandbox.window = Cu.cloneInto({}, sandbox);
Cu.evalInSandbox(registerActionScript, sandbox);
Cu.evalInSandbox(actionScript, sandbox);
}),
exports.get = function(gaiaDir) {
var rjs = utils.getFile(gaiaDir);
rjs.append('build');
rjs.append('r.js');
var options = {};
var ruri = Services.io.newFileURI(rjs).spec;
try {
options = JSON.parse(utils.getEnv('BUILD_CONFIG'));
} catch (e) {
// parsing BUILD_CONFIG error or this env variable is not available.
// we simply skip this exception here
}
var global = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
global.print = function() {
if(options.VERBOSE === '1') {
dump(Array.prototype.join.call(arguments, ' ') + '\n');
}
};
global.arguments = [];
global.requirejsAsLib = true;
// XXX: Dark matter. Reflect.jsm introduces slowness by instanciating Reflect
// API in Reflect.jsm scope (call JS_InitReflect on jsm global). For some
// reasons, most likely wrappers, Reflect API usages from another
// compartments/global ends up being slower...
Cu.evalInSandbox('new ' + function sandboxScope() {
var init = Components.classes['@mozilla.org/jsreflect;1'].createInstance();
init();
}, global);
Services.scriptloader.loadSubScript(ruri, global);
return global.requirejs;
};
exports.registerActor = function(sourceText, fileName, options) {
const principal = CC("@mozilla.org/systemprincipal;1", "nsIPrincipal")();
const sandbox = Cu.Sandbox(principal);
const exports = sandbox.exports = {};
sandbox.require = require;
Cu.evalInSandbox(sourceText, sandbox, "1.8", fileName, 1);
let { prefix, constructor, type } = options;
if (type.global && !DebuggerServer.globalActorFactories.hasOwnProperty(prefix)) {
DebuggerServer.addGlobalActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
if (type.tab && !DebuggerServer.tabActorFactories.hasOwnProperty(prefix)) {
DebuggerServer.addTabActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
// Also register in all child processes in case the current scope
// is chrome parent process.
if (!DebuggerServer.isInChildProcess) {
DebuggerServer.setupInChild({
module: "devtools/server/actors/utils/actor-registry-utils",
setupChild: "registerActor",
args: [sourceText, fileName, options]
});
}
}
_inject: function _inject() {
var self = this;
var unsafeWindow = self._window.wrappedJSObject;
var sandbox = Cu.Sandbox(unsafeWindow);
function whenMessaged(cb) {
self._sendToContent = XPCSafeJSObjectWrapper(cb);
};
sandbox.importFunction(whenMessaged);
function sendToChrome(data) {
if (self._receivedFromContent) {
data = XPCSafeJSObjectWrapper(data);
var result = self._receivedFromContent.call(undefined,
JSON.parse(data));
if (typeof(result) == "object")
return JSON.stringify(result);
return result;
}
return undefined;
};
sandbox.importFunction(sendToChrome);
sandbox.name = self._manager.name;
sandbox.window = unsafeWindow;
self._sandbox = sandbox;
Cu.evalInSandbox("(" + buildChannelInContent + ")(this);", sandbox);
},
registerActor: method(function (sourceText, fileName, options) {
const principal = CC("@mozilla.org/systemprincipal;1", "nsIPrincipal")();
const sandbox = Cu.Sandbox(principal);
const exports = sandbox.exports = {};
sandbox.require = require;
Cu.evalInSandbox(sourceText, sandbox, "1.8", fileName, 1);
let { prefix, constructor, type } = options;
if (type.global) {
DebuggerServer.addGlobalActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
if (type.tab) {
DebuggerServer.addTabActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
return ActorActor(this.conn, {
name: constructor,
tab: type.tab,
global: type.global
});
}, {
defineLazyGetter(exports.modules, "Debugger", () => {
// addDebuggerToGlobal only allows adding the Debugger object to a global. The
// this object is not guaranteed to be a global (in particular on B2G, due to
// compartment sharing), so add the Debugger object to a sandbox instead.
const sandbox = Cu.Sandbox(CC("@mozilla.org/systemprincipal;1", "nsIPrincipal")());
Cu.evalInSandbox(
"Components.utils.import('resource://gre/modules/jsdebugger.jsm');" +
"addDebuggerToGlobal(this);",
sandbox
);
return sandbox.Debugger;
});
eval: function(js) {
// We have to use a sandbox, as CSP prevent us from using eval on apps...
const sb = Cu.Sandbox(this.content, { sandboxPrototype: this.content });
const result = Cu.evalInSandbox(js, sb);
// Ensure passing only serializable data to RDP
if (typeof result == "function") {
return null;
} else if (typeof result == "object") {
return JSON.parse(JSON.stringify(result));
}
return result;
},
close: function close() {
if (this._manager) {
try {
Cu.evalInSandbox("demolish();", this._sandbox);
} catch (e) {
console.exception(e);
};
this._sandbox = null;
this._manager.onCloseChannel(this);
this._window.removeEventListener("unload", this, true);
this._receivedFromContent = null;
this._sendToContent = null;
this._window = null;
this._manager = null;
}
}
exports.testExceptionsWithEmptyStacksAreLogged = function(assert) {
// Ensures that our fix to bug 550368 works.
var sandbox = Cu.Sandbox("http://www.foo.com");
var excRaised = false;
try {
Cu.evalInSandbox("returns 1 + 2;", sandbox, "1.8",
"blah.js", 25);
} catch (e) {
excRaised = true;
var stack = traceback.fromException(e);
assert.equal(stack.length, 1, "stack should have one frame");
assert.ok(stack[0].fileName, "blah.js", "frame should have filename");
assert.ok(stack[0].lineNumber, 25, "frame should have line no");
assert.equal(stack[0].name, null, "frame should have null function name");
}
if (!excRaised)
assert.fail("Exception should have been raised.");
};
decode: function (params) {
var rc = Cu.evalInSandbox(
"var params = " + params.toSource() + ";\n" +
this.code_str,
this.sandbox);
// No fancy return values - we expect a primitive string value.
// We don't silently return something that could pass for a signature.
// Instead, we throw - to inform the user that their decode_signature_func
// function is broken (anyone can make a typo) or malicious.
//
// It's OK to pass uncaught exceptions as-is because even if they have
// getters for properties like "message", those will be executed in the
// context of the sandbox (i.e. the global |this| will point to the sandbox),
// which is useless for malicious code anyway.
// Here's what am I talking about - somewhere in the sandboxed code:
// var x = new Error();
// x.__defineGetter__("message", function(){alert("pwned");});
// throw x;
// or:
// var x = { message: { valueOf: function(){alert("pwned");}, toString: function(){alert("pwned");} } };
// throw x;
// We could catch the exceptions here, manually sanitize them and rethrow
// if they're safe to use in our chrome code, but I just don't see the point
// in doing so because if there's a bug in the security manager, then our
// manual sanitization will just conceal it.
if (typeof (rc) === "string") { return rc; }
// Nulls are kinda OK.
if (rc === null) { return ""; }
// A forgotten return or outdated code that returns nonexistent stream
// properties? Worth a warning in either case.
if (rc === undefined) {
fg.log("WARNING: YouTube.decode_signature_func returned undefined.");
return "";
}
throw new Error("Invalid return value type: expected string, got " + typeof (rc));
}, // decode()
exports.get = function(gaiaDir) {
var rjs = utils.getFile(gaiaDir);
rjs.append('build');
rjs.append('r.js');
var ruri = Services.io.newFileURI(rjs).spec;
var global = Cu.Sandbox(Services.scriptSecurityManager.getSystemPrincipal());
global.print = function() {
dump(Array.prototype.join.call(arguments, ' ') + '\n');
};
global.arguments = [];
global.requirejsAsLib = true;
// XXX: Dark matter. Reflect.jsm introduces slowness by instanciating Reflect
// API in Reflect.jsm scope (call JS_InitReflect on jsm global). For some
// reasons, most likely wrappers, Reflect API usages from another
// compartments/global ends up being slower...
Cu.evalInSandbox('new ' + function sandboxScope() {
var init = Components.classes['@mozilla.org/jsreflect;1'].createInstance();
init();
}, global);
Services.scriptloader.loadSubScript(ruri, global);
return global.requirejs;
};
exports.registerActorInCurrentProcess = function (sourceText, fileName, options) {
const principal = CC("@mozilla.org/systemprincipal;1", "nsIPrincipal")();
const sandbox = Cu.Sandbox(principal);
sandbox.exports = {};
sandbox.require = require;
Cu.evalInSandbox(sourceText, sandbox, "1.8", fileName, 1);
let { prefix, constructor, type } = options;
if (type.global && !DebuggerServer.globalActorFactories.hasOwnProperty(prefix)) {
DebuggerServer.addGlobalActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
if (type.tab && !DebuggerServer.tabActorFactories.hasOwnProperty(prefix)) {
DebuggerServer.addTabActor({
constructorName: constructor,
constructorFun: sandbox[constructor]
}, prefix);
}
};
function evalInSandbox (src) {
if (!webPageSandbox)
webPageSandbox = createSandBox();
return Cu.evalInSandbox(src, webPageSandbox);
}
const FakeCu = function() {
const sandbox = Cu.Sandbox(systemPrincipal, {wantXrays: false});
sandbox.toString = function() {
return "[object BackstagePass]";
}
this.sandbox = sandbox;
}
FakeCu.prototype = {
["import"](url, scope) {
const {sandbox} = this;
sandbox.__URI__ = url;
const target = Cu.createObjectIn(sandbox);
target.toString = sandbox.toString;
Cu.evalInSandbox(`(function(){` + readURISync(url) + `\n})`,
sandbox, "1.8", url).call(target);
// Borrowed from mozJSComponentLoader.cpp to match errors closer.
// https://github.com/mozilla/gecko-dev/blob/f6ca65e8672433b2ce1a0e7c31f72717930b5e27/js/xpconnect/loader/mozJSComponentLoader.cpp#L1205-L1208
if (!Array.isArray(target.EXPORTED_SYMBOLS)) {
throw Error("EXPORTED_SYMBOLS is not an array.");
}
for (let key of target.EXPORTED_SYMBOLS) {
scope[key] = target[key];
}
return target;
}
};
exports.FakeCu = FakeCu;
exec: function(args, context) {
let globalObj;
let contentWindow = context.environment.window;
if (args.sourceType == "jsm") {
try {
globalObj = Cu.import(args.source);
}
catch (e) {
return l10n.lookup("callLogChromeInvalidJSM");
}
} else if (args.sourceType == "content-variable") {
if (args.source in contentWindow) {
globalObj = Cu.getGlobalForObject(contentWindow[args.source]);
} else {
throw new Error(l10n.lookup("callLogChromeVarNotFoundContent"));
}
} else if (args.sourceType == "chrome-variable") {
let chromeWin = context.environment.chromeDocument.defaultView;
if (args.source in chromeWin) {
globalObj = Cu.getGlobalForObject(chromeWin[args.source]);
} else {
return l10n.lookup("callLogChromeVarNotFoundChrome");
}
} else {
let chromeWin = context.environment.chromeDocument.defaultView;
let sandbox = new Cu.Sandbox(chromeWin,
{
sandboxPrototype: chromeWin,
wantXrays: false,
sandboxName: "gcli-cmd-calllog-chrome"
});
let returnVal;
try {
returnVal = Cu.evalInSandbox(args.source, sandbox, "ECMAv5");
sandboxes.push(sandbox);
} catch(e) {
// We need to save the message before cleaning up else e contains a dead
// object.
let msg = l10n.lookup("callLogChromeEvalException") + ": " + e;
Cu.nukeSandbox(sandbox);
return msg;
}
if (typeof returnVal == "undefined") {
return l10n.lookup("callLogChromeEvalNeedsObject");
}
globalObj = Cu.getGlobalForObject(returnVal);
}
let dbg = new Debugger(globalObj);
chromeDebuggers.push(dbg);
dbg.onEnterFrame = function(frame) {
// BUG 773652 - Make the output from the GCLI calllog command nicer
contentWindow.console.log(l10n.lookup("callLogChromeMethodCall") +
": " + this.callDescription(frame));
}.bind(this);
let gBrowser = context.environment.chromeDocument.defaultView.gBrowser;
let target = TargetFactory.forTab(gBrowser.selectedTab);
gDevTools.showToolbox(target, "webconsole");
return l10n.lookup("calllogChromeStartReply");
},
/**
* Evaluates given `source` in a given `sandbox` and returns result.
*/
function evaluate(sandbox, code, uri, line, version) {
return Cu.evalInSandbox(code, sandbox, version || '1.8', uri || '', line || 1);
}
eval: protocol.method(function (js) {
// We have to use a sandbox, as CSP prevent us from using eval on apps...
let sb = Cu.Sandbox(this.content, { sandboxPrototype: this.content });
return Cu.evalInSandbox(js, sb);
}, {