Commit f3b881c7 authored by Edvard Rejthar's avatar Edvard Rejthar

Webextensions fully replaced Addon-SDK

parent f7bd1155
.idea
__pycache__
*.pem
\ No newline at end of file
*.pem
/firefox-mdmaug-extension/nbproject
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// @see http://mxr.mozilla.org/mozilla-central/source/js/src/xpconnect/loader/mozJSComponentLoader.cpp
'use strict';
// IMPORTANT: Avoid adding any initialization tasks here, if you need to do
// something before add-on is loaded consider addon/runner module instead!
const { classes: Cc, Constructor: CC, interfaces: Ci, utils: Cu,
results: Cr, manager: Cm } = Components;
const ioService = Cc['@mozilla.org/network/io-service;1'].
getService(Ci.nsIIOService);
const resourceHandler = ioService.getProtocolHandler('resource').
QueryInterface(Ci.nsIResProtocolHandler);
const systemPrincipal = CC('@mozilla.org/systemprincipal;1', 'nsIPrincipal')();
const scriptLoader = Cc['@mozilla.org/moz/jssubscript-loader;1'].
getService(Ci.mozIJSSubScriptLoader);
const prefService = Cc['@mozilla.org/preferences-service;1'].
getService(Ci.nsIPrefService).
QueryInterface(Ci.nsIPrefBranch);
const appInfo = Cc["@mozilla.org/xre/app-info;1"].
getService(Ci.nsIXULAppInfo);
const vc = Cc["@mozilla.org/xpcom/version-comparator;1"].
getService(Ci.nsIVersionComparator);
const REASON = [ 'unknown', 'startup', 'shutdown', 'enable', 'disable',
'install', 'uninstall', 'upgrade', 'downgrade' ];
const bind = Function.call.bind(Function.bind);
let loader = null;
let unload = null;
let cuddlefishSandbox = null;
let nukeTimer = null;
let resourceDomains = [];
function setResourceSubstitution(domain, uri) {
resourceDomains.push(domain);
resourceHandler.setSubstitution(domain, uri);
}
// Utility function that synchronously reads local resource from the given
// `uri` and returns content string.
function readURI(uri) {
let ioservice = Cc['@mozilla.org/network/io-service;1'].
getService(Ci.nsIIOService);
let channel = ioservice.newChannel(uri, 'UTF-8', null);
let stream = channel.open();
let cstream = Cc['@mozilla.org/intl/converter-input-stream;1'].
createInstance(Ci.nsIConverterInputStream);
cstream.init(stream, 'UTF-8', 0, 0);
let str = {};
let data = '';
let read = 0;
do {
read = cstream.readString(0xffffffff, str);
data += str.value;
} while (read != 0);
cstream.close();
return data;
}
// We don't do anything on install & uninstall yet, but in a future
// we should allow add-ons to cleanup after uninstall.
function install(data, reason) {}
function uninstall(data, reason) {}
function startup(data, reasonCode) {
try {
let reason = REASON[reasonCode];
// URI for the root of the XPI file.
// 'jar:' URI if the addon is packed, 'file:' URI otherwise.
// (Used by l10n module in order to fetch `locale` folder)
let rootURI = data.resourceURI.spec;
// TODO: Maybe we should perform read harness-options.json asynchronously,
// since we can't do anything until 'sessionstore-windows-restored' anyway.
let options = JSON.parse(readURI(rootURI + './harness-options.json'));
let id = options.jetpackID;
let name = options.name;
// Clean the metadata
options.metadata[name]['permissions'] = options.metadata[name]['permissions'] || {};
// freeze the permissionss
Object.freeze(options.metadata[name]['permissions']);
// freeze the metadata
Object.freeze(options.metadata[name]);
// Register a new resource 'domain' for this addon which is mapping to
// XPI's `resources` folder.
// Generate the domain name by using jetpack ID, which is the extension ID
// by stripping common characters that doesn't work as a domain name:
let uuidRe =
/^\{([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\}$/;
let domain = id.
toLowerCase().
replace(/@/g, '-at-').
replace(/\./g, '-dot-').
replace(uuidRe, '$1');
let prefixURI = 'resource://' + domain + '/';
let resourcesURI = ioService.newURI(rootURI + '/resources/', null, null);
setResourceSubstitution(domain, resourcesURI);
// Create path to URLs mapping supported by loader.
let paths = {
// Relative modules resolve to add-on package lib
'./': prefixURI + name + '/lib/',
'./tests/': prefixURI + name + '/tests/',
'': 'resource://gre/modules/commonjs/'
};
// Maps addon lib and tests ressource folders for each package
paths = Object.keys(options.metadata).reduce(function(result, name) {
result[name + '/'] = prefixURI + name + '/lib/'
result[name + '/tests/'] = prefixURI + name + '/tests/'
return result;
}, paths);
// We need to map tests folder when we run sdk tests whose package name
// is stripped
if (name == 'addon-sdk')
paths['tests/'] = prefixURI + name + '/tests/';
let useBundledSDK = options['force-use-bundled-sdk'];
if (!useBundledSDK) {
try {
useBundledSDK = prefService.getBoolPref("extensions.addon-sdk.useBundledSDK");
}
catch (e) {
// Pref doesn't exist, allow using Firefox shipped SDK
}
}
// Starting with Firefox 21.0a1, we start using modules shipped into firefox
// Still allow using modules from the xpi if the manifest tell us to do so.
// And only try to look for sdk modules in xpi if the xpi actually ship them
if (options['is-sdk-bundled'] &&
(vc.compare(appInfo.version, '21.0a1') < 0 || useBundledSDK)) {
// Maps sdk module folders to their resource folder
paths[''] = prefixURI + 'addon-sdk/lib/';
// test.js is usually found in root commonjs or SDK_ROOT/lib/ folder,
// so that it isn't shipped in the xpi. Keep a copy of it in sdk/ folder
// until we no longer support SDK modules in XPI:
paths['test'] = prefixURI + 'addon-sdk/lib/sdk/test.js';
}
// Retrieve list of module folder overloads based on preferences in order to
// eventually used a local modules instead of files shipped into Firefox.
let branch = prefService.getBranch('extensions.modules.' + id + '.path');
paths = branch.getChildList('', {}).reduce(function (result, name) {
// Allows overloading of any sub folder by replacing . by / in pref name
let path = name.substr(1).split('.').join('/');
// Only accept overloading folder by ensuring always ending with `/`
if (path) path += '/';
let fileURI = branch.getCharPref(name);
// On mobile, file URI has to end with a `/` otherwise, setSubstitution
// takes the parent folder instead.
if (fileURI[fileURI.length-1] !== '/')
fileURI += '/';
// Maps the given file:// URI to a resource:// in order to avoid various
// failure that happens with file:// URI and be close to production env
let resourcesURI = ioService.newURI(fileURI, null, null);
let resName = 'extensions.modules.' + domain + '.commonjs.path' + name;
setResourceSubstitution(resName, resourcesURI);
result[path] = 'resource://' + resName + '/';
return result;
}, paths);
// Make version 2 of the manifest
let manifest = options.manifest;
// Import `cuddlefish.js` module using a Sandbox and bootstrap loader.
let cuddlefishPath = 'loader/cuddlefish.js';
let cuddlefishURI = 'resource://gre/modules/commonjs/sdk/' + cuddlefishPath;
if (paths['sdk/']) { // sdk folder has been overloaded
// (from pref, or cuddlefish is still in the xpi)
cuddlefishURI = paths['sdk/'] + cuddlefishPath;
}
else if (paths['']) { // root modules folder has been overloaded
cuddlefishURI = paths[''] + 'sdk/' + cuddlefishPath;
}
cuddlefishSandbox = loadSandbox(cuddlefishURI);
let cuddlefish = cuddlefishSandbox.exports;
// Normalize `options.mainPath` so that it looks like one that will come
// in a new version of linker.
let main = options.mainPath;
unload = cuddlefish.unload;
loader = cuddlefish.Loader({
paths: paths,
// modules manifest.
manifest: manifest,
// Add-on ID used by different APIs as a unique identifier.
id: id,
// Add-on name.
name: name,
// Add-on version.
version: options.metadata[name].version,
// Add-on package descriptor.
metadata: options.metadata[name],
// Add-on load reason.
loadReason: reason,
prefixURI: prefixURI,
// Add-on URI.
rootURI: rootURI,
// options used by system module.
// File to write 'OK' or 'FAIL' (exit code emulation).
resultFile: options.resultFile,
// Arguments passed as --static-args
staticArgs: options.staticArgs,
// Add-on preferences branch name
preferencesBranch: options.preferencesBranch,
// Arguments related to test runner.
modules: {
'@test/options': {
allTestModules: options.allTestModules,
iterations: options.iterations,
filter: options.filter,
profileMemory: options.profileMemory,
stopOnError: options.stopOnError,
verbose: options.verbose,
parseable: options.parseable,
checkMemory: options.check_memory,
}
}
});
let module = cuddlefish.Module('sdk/loader/cuddlefish', cuddlefishURI);
let require = cuddlefish.Require(loader, module);
require('sdk/addon/runner').startup(reason, {
loader: loader,
main: main,
prefsURI: rootURI + 'defaults/preferences/prefs.js'
});
} catch (error) {
dump('Bootstrap error: ' +
(error.message ? error.message : String(error)) + '\n' +
(error.stack || error.fileName + ': ' + error.lineNumber) + '\n');
throw error;
}
};
function loadSandbox(uri) {
let proto = {
sandboxPrototype: {
loadSandbox: loadSandbox,
ChromeWorker: ChromeWorker
}
};
let sandbox = Cu.Sandbox(systemPrincipal, proto);
// Create a fake commonjs environnement just to enable loading loader.js
// correctly
sandbox.exports = {};
sandbox.module = { uri: uri, exports: sandbox.exports };
sandbox.require = function (id) {
if (id !== "chrome")
throw new Error("Bootstrap sandbox `require` method isn't implemented.");
return Object.freeze({ Cc: Cc, Ci: Ci, Cu: Cu, Cr: Cr, Cm: Cm,
CC: bind(CC, Components), components: Components,
ChromeWorker: ChromeWorker });
};
scriptLoader.loadSubScript(uri, sandbox, 'UTF-8');
return sandbox;
}
function unloadSandbox(sandbox) {
if ("nukeSandbox" in Cu)
Cu.nukeSandbox(sandbox);
}
function setTimeout(callback, delay) {
let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
timer.initWithCallback({ notify: callback }, delay,
Ci.nsITimer.TYPE_ONE_SHOT);
return timer;
}
function shutdown(data, reasonCode) {
let reason = REASON[reasonCode];
if (loader) {
unload(loader, reason);
unload = null;
// Don't waste time cleaning up if the application is shutting down
if (reason != "shutdown") {
// Avoid leaking all modules when something goes wrong with one particular
// module. Do not clean it up immediatly in order to allow executing some
// actions on addon disabling.
// We need to keep a reference to the timer, otherwise it is collected
// and won't ever fire.
nukeTimer = setTimeout(nukeModules, 1000);
// Bug 944951 - bootstrap.js must remove the added resource: URIs on unload
resourceDomains.forEach(domain => {
resourceHandler.setSubstitution(domain, null);
})
}
}
};
function nukeModules() {
nukeTimer = null;
// module objects store `exports` which comes from sandboxes
// We should avoid keeping link to these object to avoid leaking sandboxes
for (let key in loader.modules) {
delete loader.modules[key];
}
// Direct links to sandboxes should be removed too
for (let key in loader.sandboxes) {
let sandbox = loader.sandboxes[key];
delete loader.sandboxes[key];
// Bug 775067: From FF17 we can kill all CCW from a given sandbox
unloadSandbox(sandbox);
}
loader = null;
// both `toolkit/loader` and `system/xul-app` are loaded as JSM's via
// `cuddlefish.js`, and needs to be unloaded to avoid memory leaks, when
// the addon is unload.
unloadSandbox(cuddlefishSandbox.loaderSandbox);
unloadSandbox(cuddlefishSandbox.xulappSandbox);
// Bug 764840: We need to unload cuddlefish otherwise it will stay alive
// and keep a reference to this compartment.
unloadSandbox(cuddlefishSandbox);
cuddlefishSandbox = null;
}
{
"abort_on_missing": false,
"check_memory": false,
"enable_e10s": false,
"is-sdk-bundled": false,
"jetpackID": "mdmaug@jetpack",
"loader": "addon-sdk/lib/sdk/loader/cuddlefish.js",
"main": "main",
"mainPath": "mdmaug/main",
"manifest": {
"mdmaug/main": {
"docsSHA256": null,
"jsSHA256": "497a1082ce489b39d8f17e63e14015b7f3ea023f4af555ccc15ef740d6f003e7",
"moduleName": "main",
"packageName": "mdmaug",
"requirements": {
"chrome": "chrome",
"sdk/base64": "sdk/base64",
"sdk/page-mod": "sdk/page-mod",
"sdk/tabs": "sdk/tabs",
"sdk/self": "sdk/self",
"sdk/tabs/utils": "sdk/tabs/utils",
"sdk/timers": "sdk/timers",
"sdk/ui/button/action": "sdk/ui/button/action",
"sdk/window/utils": "sdk/window/utils"
},
"sectionName": "lib"
}
},
"metadata": {
"addon-sdk": {
"description": "Add-on development made easy.",
"keywords": [
"javascript",
"engine",
"addon",
"extension",
"xulrunner",
"firefox",
"browser"
],
"license": "MPL 2.0",
"name": "addon-sdk"
},
"mdmaug": {
"author": "Edvard Rejthar",
"description": "mdmaug csirt.cz detection tool",
"license": "MPL 2.0",
"main": "main",
"name": "mdmaug",
"version": "0.1"
}
},
"name": "mdmaug",
"parseable": false,
"preferencesBranch": "mdmaug@jetpack",
"sdkVersion": "1.17",
"staticArgs": {},
"verbose": false
}
\ No newline at end of file
<?xml version="1.0" encoding="utf-8"?><!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. --><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>mdmaug@jetpack</em:id>
<em:version>0.1</em:version>
<em:type>2</em:type>
<em:bootstrap>true</em:bootstrap>
<em:unpack>false</em:unpack>
<!-- Firefox -->
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>26.0</em:minVersion>
<em:maxVersion>30.0</em:maxVersion>
</Description>
</em:targetApplication>
<!-- Front End MetaData -->
<em:name>mdmaug</em:name>
<em:description>mdmaug csirt.cz detection tool</em:description>
<em:creator>Edvard Rejthar</em:creator>
</Description>
</RDF>
\ No newline at end of file
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******
// Prepsat nebezpecne funkce
//*******
//squawk - bonznout
mdmaugSquawk = function(cmd, message) {
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': JSON.stringify({'cmd': cmd, 'message': message})}));
};
//mdmaugWrapper - man in the middle nebezpečných funkcí
mdmaugWrapper = function (fn) {
var swap = fn;
return function () {
mdmaugSquawk(swap.name, arguments);
return swap.apply(null, arguments);
};
};
unescape = mdmaugWrapper(unescape);
//Eval
//X kupodivu se mi nepodarilo funkci napsat jako jeden wrapper:
//X mdmaugDeepWrapper = function (fn) {var swap = fn;return function () {detail = JSON.stringify({'cmd': swap.name, 'message': arguments});document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': detail}));if (arguments[0].indexOf("arguments.callee") != -1) {arguments[0] = arguments[0].replace("arguments.callee", arguments.callee.caller.name);}return swap.apply(null, arguments);};};
//X eval2 = mdmaugDeepWrapper(eval);
//X funkci model z firebugu: mdmaugWrapper = function(fn){var swap = fn;return function(){console.log("start",swap.name);arguments[0]= arguments[0].replace("arguments.callee",arguments.callee.caller.name); return swap.apply(null, arguments);};function jooa(a) {console.log("RESULT",eval2(b));}jooa();
evalClone = unsafeWindow.eval;
eval = function (cmd) {
mdmaugSquawk("eval", cmd);
if (arguments.length > 0) {
if (arguments[0].indexOf("arguments.callee") != -1) {
arguments[0] = arguments[0].replace("arguments.callee", arguments.callee.caller.name);//"0"); // arguments.callee.caller
}
}
return evalClone(cmd);
};
document.write = function(str) {
mdmaugSquawk("document.write", str);
document.getElementsByTagName("html")[0].innerHTML= str;//simuluje chovani
};
// Upichnout funkce do stranky
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
exportFunction(document.write, unsafeWindow, {defineAs: "document.write"});
unsafeWindow.addEventListener("DOMContentLoaded", function() {
unsafeWindow.addEventListener("DOMContentLoaded", function () {
alert('got cnn');
});
unsafeWindow.location.replace('http://cnn.com');
});
// Listener - prebira zpravy od nebezpecnych funkci a propaguje je vzhuru do main.js
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
detail = JSON.parse(e.detail);
if (Object.keys(detail.message).length == 1 && detail.message["0"]) {
detail.message = detail.message["0"];
}
if (detail.message) {
self.postMessage({href: document.location.href, cmd: detail.cmd, message: detail.message});
}
}, false, true);
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******
// Prepsat nebezpecne funkce
//*******
//mdmaugWrapper
mdmaugWrapper = function(fn){
var swap = fn;
return function(){
alert(swap.name);
alert(arguments);
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'message': swap.name}));
return swap.apply(null, arguments);
};
};
unescape = mdmaugWrapper(unescape);
mdmaugArgumentsWrapper = function(fn){
var swap = fn;
return function(){
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'cmd': swap.name, 'message': arguments}));
arguments[0]= arguments[0].replace("arguments.callee",arguments.callee.caller.name);
return swap.apply(null, arguments);
};
};
eval = mdmaugArgumentsWrapper(eval);
/*//unescape
unescapeClone = unsafeWindow.unescape;
unescape = function(str) { //XXX take decodeURI(Component)!!!!
return unescapeClone(str);
};*/
/*
evalClone = unsafeWindow.eval;
eval = function(cmd) {
//alert("eval " + cmd);
//document.getElementsByTagName("html")[0].setAttribute("mdmaug","eval: " + cmd); // + Math.floor(Math.random(10)*10000)
document.getElementsByTagName("html")[0].dispatchEvent(new CustomEvent("mdmaug_spy", {'detail': 'eval:' + cmd}));
if (arguments.length > 0) {
if(arguments[0].indexOf("arguments.callee") != -1) {
//vyskytuje se arguments.callee, ktereho neumime prohnat evalem
// Co vsechno muze utocnik s nim delat -> muze ho priradit: eval('a=arguments.callee; b')
// Muze ho returnovat: eval('arguments.callee')
// Kombinace.
// Zatim to delame tak, ze ho nahradime nulou (kdyby byl prirazovat) a vratime ho (je v arguments.callee.caller), ale zbytek cmd evaluujeme
// Tato metoda půjde rozšířit podle toho, jak se zjistí, že se viry chovají. Mohu si postupně psát takový vlastní eval.
arguments[0] = arguments[0].replace("arguments.callee",arguments.callee.caller.name);//"0"); // arguments.callee.caller
//evalClone(arguments[0]);
//return arguments.callee.caller;
}
}
//cmd = cmd.replace("arguments.callee",""); // arguments.callee.caller
return evalClone(cmd);
};
*/
exportFunction(unescape, unsafeWindow, {defineAs: "unescape"});
/*exportFunction(unescapeClone, unsafeWindow, {defineAs: "unescapeClone"});
exportFunction(eval, unsafeWindow, {defineAs: "eval"});
exportFunction(evalClone, unsafeWindow, {defineAs: "evalClone"});
*/
var target = document.getElementsByTagName("html")[0];
target.addEventListener('mdmaug_spy', function (e) {
//alert(e.detail);
console.error("prijem", e);
alert(e.pokus);
alert(e.message[0]);
//console.error("JOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO " + e.detail);
self.postMessage({href: document.location.href, cmd: e.cmd, detail: e.message});
}, false, true);
/*window.MutationObserver = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
observer = new MutationObserver(function(mutation) {
alert("mutation ");
alert(target.getAttribute("mdmaug"));
alert("END");
}),
// configuration of the observer:
config = {
attributes: true // this is to watch for attribute changes.
};
// pass in the element you wanna watch as well as the options
observer.observe(target, config);
// later, you can stop observing
// observer.disconnect();
*/
\ No newline at end of file
/*
* Prepisuje hackery vyuzivane funkce jako unescape nebo eval a bonzuje to vys.
* */
//window.opener
//document.location
//unescape
//*******