Bug 1764391 - truncate ExpandedPrincipals in LoadInfo::RedirectChain; r=freddyb,necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D157621
2022-10-18 18:01:58 +00:00 · 2022-10-18 18:01:58 +00:00 · 6b9eed58dd
commit 6b9eed58dd
parent 26b95558c1
2 changed files with 78 additions and 3 deletions
--- a/caps/tests/gtest/TestRedirectChainURITruncation.cpp
+++ b/caps/tests/gtest/TestRedirectChainURITruncation.cpp
@ -6,13 +6,15 @@
 #include "mozilla/ContentPrincipal.h"
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/SystemPrincipal.h"
+#include "mozilla/ExpandedPrincipal.h"
 #include "nsContentUtils.h"
 #include "mozilla/LoadInfo.h"

 namespace mozilla {

 void checkPrincipalTruncation(nsIPrincipal* aPrincipal,
-                              const nsACString& aExpectedSpec) {
+                              const nsACString& aExpectedSpec = ""_ns,
+                              const nsTArray<nsCString>& aExpectedSpecs = {}) {
  nsCOMPtr<nsIPrincipal> truncatedPrincipal =
      net::CreateTruncatedPrincipal(aPrincipal);
  ASSERT_TRUE(truncatedPrincipal);
@ -51,6 +53,20 @@ void checkPrincipalTruncation(nsIPrincipal* aPrincipal,
    return;
  }

+  if (aPrincipal->GetIsExpandedPrincipal()) {
+    const nsTArray<nsCOMPtr<nsIPrincipal>>& truncatedAllowList =
+        BasePrincipal::Cast(truncatedPrincipal)
+            ->As<ExpandedPrincipal>()
+            ->AllowList();
+
+    for (size_t i = 0; i < aExpectedSpecs.Length(); ++i) {
+      nsAutoCString principalSpec;
+      truncatedAllowList[i]->GetAsciiSpec(principalSpec);
+      ASSERT_TRUE(principalSpec.Equals(aExpectedSpecs[i]));
+    }
+    return;
+  }
+
  if (aPrincipal->GetIsContentPrincipal()) {
    nsAutoCString principalSpec;
    truncatedPrincipal->GetAsciiSpec(principalSpec);
@ -62,6 +78,11 @@ void checkPrincipalTruncation(nsIPrincipal* aPrincipal,
  ADD_FAILURE();
 }

+void checkPrincipalTruncation(nsIPrincipal* aPrincipal,
+                              const nsTArray<nsCString>& aExpectedSpecs = {}) {
+  checkPrincipalTruncation(aPrincipal, ""_ns, aExpectedSpecs);
+}
+
 TEST(RedirectChainURITruncation, ContentPrincipal)
 {
  // ======================= HTTP Scheme =======================
@ -169,4 +190,42 @@ TEST(RedirectChainURITruncation, SystemPrincipal)
  checkPrincipalTruncation(principal, ""_ns);
 }

+TEST(RedirectChainURITruncation, ExtendedPrincipal)
+{
+  // ======================= HTTP Scheme =======================
+  nsAutoCString httpSpec(
+      "http://root:toor@www.example.com:200/foo/bar/baz.html?qux#thud");
+  nsCOMPtr<nsIURI> uri;
+  nsresult rv = NS_NewURI(getter_AddRefs(uri), httpSpec);
+  ASSERT_EQ(rv, NS_OK);
+
+  nsCOMPtr<nsIPrincipal> firstContentPrincipal;
+  OriginAttributes attrs;
+  firstContentPrincipal = BasePrincipal::CreateContentPrincipal(uri, attrs);
+  ASSERT_TRUE(firstContentPrincipal);
+
+  // ======================= HTTPS Scheme =======================
+  nsCOMPtr<nsIPrincipal> secondContentPrincipal;
+  nsAutoCString httpsSpec(
+      "https://root:toor@www.example.com:200/foo/bar/baz.html?qux#thud");
+  rv = NS_NewURI(getter_AddRefs(uri), httpsSpec);
+  ASSERT_EQ(rv, NS_OK);
+
+  secondContentPrincipal = BasePrincipal::CreateContentPrincipal(uri, attrs);
+  ASSERT_TRUE(secondContentPrincipal);
+
+  // ======================= ExpandedPrincipal =======================
+  const nsTArray<nsCString>& expectedSpecs = {
+      "http://www.example.com:200/foo/bar/baz.html"_ns,
+      "https://www.example.com:200/foo/bar/baz.html"_ns,
+  };
+  nsTArray<nsCOMPtr<nsIPrincipal>> allowList = {firstContentPrincipal,
+                                                secondContentPrincipal};
+  nsCOMPtr<nsIPrincipal> principal =
+      ExpandedPrincipal::Create(allowList, attrs);
+  ASSERT_TRUE(principal);
+
+  checkPrincipalTruncation(principal, expectedSpecs);
+}
+
 }  // namespace mozilla
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@ -1502,10 +1502,26 @@ already_AddRefed<nsIPrincipal> CreateTruncatedPrincipal(
    return NullPrincipal::CreateWithInheritedAttributes(truncatedPrecursor);
  }

+  // Expanded Principals shouldn't contain sensitive information but their
+  // allowlists might so we truncate that information here.
+  if (aPrincipal->GetIsExpandedPrincipal()) {
+    nsTArray<nsCOMPtr<nsIPrincipal>> truncatedAllowList;
+
+    for (const auto& allowedPrincipal : BasePrincipal::Cast(aPrincipal)
+                                            ->As<ExpandedPrincipal>()
+                                            ->AllowList()) {
+      nsCOMPtr<nsIPrincipal> truncatedPrincipal =
+          CreateTruncatedPrincipal(allowedPrincipal);
+
+      truncatedAllowList.AppendElement(truncatedPrincipal);
+    }
+
+    return ExpandedPrincipal::Create(truncatedAllowList,
+                                     aPrincipal->OriginAttributesRef());
+  }
+
  // If we hit this assertion we need to update this function to add the
  // Principals and URIs seen as new corner cases to handle.
-  // For example we may need to do this for Expanded Principals and moz-icon
-  // URIs.
  MOZ_ASSERT(false, "Unhandled Principal or URI type encountered.");

  truncatedPrincipal = aPrincipal;