Bug 455906: Support severities for blocklist entries. r=robstrong, r…

…=jst

browser/app/profile/firefox.js

@@ -80,6 +80,9 @@ pref("extensions.getAddons.search.url", "https://services.addons.mozilla.org/%LO
 // Blocklist preferences
 pref("extensions.blocklist.enabled", true);
 pref("extensions.blocklist.interval", 86400);
+// Controls what level the blocklist switches from warning about items to forcibly
+// blocking them.
+pref("extensions.blocklist.level", 2);
 pref("extensions.blocklist.url", "https://addons.mozilla.org/blocklist/2/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/");
 pref("extensions.blocklist.detailsURL", "http://%LOCALE%.www.mozilla.com/%LOCALE%/blocklist/");
 

modules/plugin/base/src/nsPluginHostImpl.cpp

@@ -92,6 +92,7 @@
 #include "nsIPrefBranch2.h"
 #include "nsIScriptChannel.h"
 #include "nsPrintfCString.h"
+#include "nsIBlocklistService.h"
 
 // Friggin' X11 has to "#define None". Lame!
 #ifdef None
@@ -5129,13 +5130,14 @@ nsresult nsPluginHostImpl::ScanPluginsDirectory(nsIFile * pluginsDir,
     RemoveCachedPluginsInfo(NS_ConvertUTF16toUTF8(pfd->mFilename).get(),
                             getter_AddRefs(pluginTag));
 
-    PRUint32 oldFlags = NS_PLUGIN_FLAG_ENABLED;
+    PRBool enabled = PR_TRUE;
+    PRBool seenBefore = PR_FALSE;
     if (pluginTag) {
+      seenBefore = PR_TRUE;
       // If plugin changed, delete cachedPluginTag and don't use cache
       if (LL_NE(fileModTime, pluginTag->mLastModifiedTime)) {
         // Plugins has changed. Don't use cached plugin info.
-        oldFlags = pluginTag->Flags() &
-                   (NS_PLUGIN_FLAG_ENABLED | NS_PLUGIN_FLAG_BLOCKLISTED);
+        enabled = (pluginTag->Flags() & NS_PLUGIN_FLAG_ENABLED) != 0;
         pluginTag = nsnull;
 
         // plugin file changed, flag this fact
@@ -5211,12 +5213,25 @@ nsresult nsPluginHostImpl::ScanPluginsDirectory(nsIFile * pluginsDir,
 
       pluginTag->mLibrary = pluginLibrary;
       pluginTag->mLastModifiedTime = fileModTime;
-      if (!(oldFlags & NS_PLUGIN_FLAG_ENABLED) ||
-          (pluginTag->mIsJavaPlugin && !mJavaEnabled))
-        pluginTag->UnMark(NS_PLUGIN_FLAG_ENABLED);
 
-      if (oldFlags & NS_PLUGIN_FLAG_BLOCKLISTED)
-        pluginTag->Mark(NS_PLUGIN_FLAG_BLOCKLISTED);
+      nsCOMPtr<nsIBlocklistService> blocklist = do_GetService("@mozilla.org/extensions/blocklist;1");
+      if (blocklist) {
+        PRUint32 state;
+        rv = blocklist->GetPluginBlocklistState(pluginTag, EmptyString(),
+                                                EmptyString(), &state);
+
+        if (NS_SUCCEEDED(rv)) {
+          // If the blocklist says so then block the plugin. If the blocklist says
+          // it is risky and we have never seen this plugin before then disable it
+          if (state == nsIBlocklistService::STATE_BLOCKED)
+            pluginTag->Mark(NS_PLUGIN_FLAG_BLOCKLISTED);
+          else if (state == nsIBlocklistService::STATE_SOFTBLOCKED && !seenBefore)
+            enabled = PR_FALSE;
+        }
+      }
+
+      if (!enabled || (pluginTag->mIsJavaPlugin && !mJavaEnabled))
+        pluginTag->UnMark(NS_PLUGIN_FLAG_ENABLED);
 
       // if this is unwanted plugin we are checkin for, or this is a duplicate plugin,
       // add it to our cache info list so we can cache the unwantedness of this plugin

toolkit/locales/en-US/chrome/mozapps/extensions/blocklist.dtd

@@ -0,0 +1,10 @@
+<!ENTITY blocklist.title             "Add-ons may be causing problems">
+<!ENTITY blocklist.style             "width: 45em; height: 30em">
+<!ENTITY blocklist.summary           "&brandShortName; has determined that the following add-ons are known to cause stability or security problems:">
+<!ENTITY blocklist.softblocked       "For your protection, it is highly recommended that you restart with these add-ons disabled.">
+<!ENTITY blocklist.hardblocked       "These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely.">
+<!ENTITY blocklist.softandhard       "The add-ons that have a high risk of causing stability or security problems have been blocked. The others are lower risk, but it is highly recommended that you restart with them disabled.">
+<!ENTITY blocklist.moreinfo          "More information">
+
+<!ENTITY blocklist.accept.label      "Restart &brandShortName;">
+<!ENTITY blocklist.accept.accesskey  "R">

toolkit/locales/en-US/chrome/mozapps/extensions/extensions.dtd

@@ -112,6 +112,7 @@
 <!ENTITY insecureUpdate.label             "Does not provide secure updates.">
 <!ENTITY needsDependencies.label          "Requires additional items.">
 <!ENTITY blocklisted.label                "Disabled for your protection.">
+<!ENTITY softBlocklisted.label            "Known to cause security or stability issues.">
 <!ENTITY toBeDisabled.label               "This add-on will be disabled when &brandShortName; is restarted.">
 <!ENTITY toBeEnabled.label                "This add-on will be enabled when &brandShortName; is restarted.">
 <!ENTITY toBeInstalled.label              "This add-on will be installed when &brandShortName; is restarted.">
@@ -168,3 +169,6 @@
 <!ENTITY eula.width                       "560px">
 <!ENTITY eula.height                      "400px">
 <!ENTITY eula.accept                      "Accept and Install…">
+
+<!ENTITY blocklist.blocked.label          "Blocked">
+<!ENTITY blocklist.checkbox.label         "Disable">

toolkit/locales/en-US/chrome/mozapps/extensions/extensions.properties

@@ -59,11 +59,12 @@ invalidGUIDMessage="%S" could not be installed because of an error in its Instal
 invalidVersionMessage="%S" could not be installed because of an error in its Install Manifest ("%S" is not a valid Version String). Please contact the author of this item about the problem.
 incompatiblePlatformMessage="%S" could not be installed because it is not compatible with your %S build type (%S). Please contact the author of this item about the problem.
 
-blocklistedInstallTitle=This extension is not secure
-blocklistedInstallMsg=The extension %S is known to be dangerous, and can't be installed.
-blocklistNotifyTitle2=Add-ons may be causing problems
-blocklistNotifyMsg2=%S has determined that the following add-ons may be unstable or insecure.
-blocklistRestartMsg2=You should restart %S so that these add-ons can be disabled.
+blocklistedInstallTitle2=This add-on is dangerous to use
+blocklistedInstallMsg2=The add-on %S has a high risk of causing stability or security problems and can't be installed.
+softBlockedInstallTitle=This add-on may be dangerous to use
+softBlockedInstallMsg=The add-on %S may cause stability or security problems. It is highly recommended that you do not install it.
+softBlockedInstallAcceptLabel=Install Anyway
+softBlockedInstallAcceptKey=I
 
 missingFileTitle=Missing File
 missingFileMessage=%S could not load this item because the file %S was missing.

toolkit/locales/jar.mn

@@ -77,6 +77,7 @@
   locale/@AB_CD@/mozapps/downloads/downloads.properties           (%chrome/mozapps/downloads/downloads.properties)
   locale/@AB_CD@/mozapps/extensions/extensions.dtd                (%chrome/mozapps/extensions/extensions.dtd)
   locale/@AB_CD@/mozapps/extensions/extensions.properties         (%chrome/mozapps/extensions/extensions.properties)
+  locale/@AB_CD@/mozapps/extensions/blocklist.dtd                 (%chrome/mozapps/extensions/blocklist.dtd)
   locale/@AB_CD@/mozapps/extensions/about.dtd                     (%chrome/mozapps/extensions/about.dtd)
   locale/@AB_CD@/mozapps/extensions/errors.dtd                    (%chrome/mozapps/extensions/errors.dtd)
   locale/@AB_CD@/mozapps/extensions/update.dtd                    (%chrome/mozapps/extensions/update.dtd)

toolkit/mozapps/extensions/content/blocklist.css

@@ -0,0 +1,11 @@
+hbox.addon-name-version {
+  -moz-binding: url("chrome://mozapps/content/extensions/extensions.xml#addon-name-version");
+}
+
+.hardBlockedAddon {
+  -moz-binding: url("chrome://mozapps/content/extensions/extensions.xml#hardblockedaddon");
+}
+
+.softBlockedAddon {
+  -moz-binding: url("chrome://mozapps/content/extensions/extensions.xml#softblockedaddon");
+}

toolkit/mozapps/extensions/content/blocklist.js

@@ -0,0 +1,81 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Extension Blocklist UI.
+#
+# The Initial Developer of the Original Code is
+# Mozilla Corporation
+# Portions created by the Initial Developer are Copyright (C) 2008
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Dave Townsend <dtownsend@oxymoronical.com>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+var gArgs;
+
+function init() {
+  var hasHardBlocks = false;
+  var hasSoftBlocks = false;
+  gArgs = window.arguments[0].wrappedJSObject;
+
+  var richlist = document.getElementById("addonList");
+  var list = gArgs.list;
+  list.sort(function(a, b) { return String.localeCompare(a.name, b.name); });
+  for (let i = 0; i < list.length; i++) {
+    let item = document.createElement("richlistitem");
+    item.setAttribute("name", list[i].name);
+    item.setAttribute("version", list[i].version);
+    item.setAttribute("icon", list[i].icon);
+    if (list[i].blocked) {
+      item.setAttribute("class", "hardBlockedAddon");
+      hasHardBlocks = true;
+    }
+    else {
+      item.setAttribute("class", "softBlockedAddon");
+      hasSoftBlocks = true;
+    }
+    richlist.appendChild(item);
+  }
+
+  if (hasHardBlocks && hasSoftBlocks)
+    document.getElementById("bothMessage").hidden = false;
+  else if (hasHardBlocks)
+    document.getElementById("hardBlockMessage").hidden = false;
+  else
+    document.getElementById("softBlockMessage").hidden = false;
+}
+
+function accept() {
+  gArgs.restart = true;
+  var list = gArgs.list;
+  var items = document.getElementById("addonList").childNodes;
+  for (let i = 0; i < list.length; i++) {
+    if (!list[i].blocked)
+      list[i].disable = items[i].checked;
+  }
+  return true;
+}

toolkit/mozapps/extensions/content/blocklist.xul

@@ -0,0 +1,80 @@
+<?xml version="1.0"?>
+
+# -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Extension List UI.
+#
+# The Initial Developer of the Original Code is Google Inc.
+# Portions created by the Initial Developer are Copyright (C) 2005
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Ben Goodger <ben@mozilla.org>
+#   Robert Strong <robert.bugzilla@gmail.com>
+#   Dave Townsend <dtownsend@oxymoronical.com>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+<?xml-stylesheet href="chrome://global/skin/"?>
+<?xml-stylesheet href="chrome://mozapps/skin/extensions/blocklist.css"?>
+<?xml-stylesheet href="chrome://mozapps/content/extensions/blocklist.css"?>
+
+<!DOCTYPE dialog [
+<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd">
+%brandDTD;
+<!ENTITY % extensionsDTD SYSTEM "chrome://mozapps/locale/extensions/blocklist.dtd">
+%extensionsDTD;
+]>
+
+<dialog windowtype="Addons:Blocklist" title="&blocklist.title;" align="stretch"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        onload="init();" ondialogaccept="return accept()"
+        buttons="accept,cancel" style="&blocklist.style;"
+        buttonlabelaccept="&blocklist.accept.label;"
+        buttonaccesskeyaccept="&blocklist.accept.accesskey;">
+
+  <script type="application/javascript" src="chrome://global/content/globalOverlay.js"/>
+  <script type="application/javascript" src="chrome://mozapps/content/extensions/blocklist.js"/>
+
+  <hbox align="stretch" flex="1">
+    <vbox pack="start">
+      <image class="error-icon"/>
+    </vbox>
+    <vbox flex="1">
+      <label>&blocklist.summary;</label>
+      <separator class="thin"/>
+      <richlistbox id="addonList" flex="1"/>
+      <separator class="thin"/>
+      <description id="bothMessage" hidden="true" class="bold">&blocklist.softandhard;</description>
+      <description id="hardBlockMessage" hidden="true" class="bold">&blocklist.hardblocked;</description>
+      <description id="softBlockMessage" hidden="true" class="bold">&blocklist.softblocked;</description>
+      <hbox pack="start">
+        <label class="text-link" value="&blocklist.moreinfo;"/>
+      </hbox>
+    </vbox>
+  </hbox>
+</dialog>

toolkit/mozapps/extensions/content/extensions.js

@@ -298,6 +298,7 @@ function showView(aView) {
                         ["availableUpdateURL", "?availableUpdateURL"],
                         ["availableUpdateVersion", "?availableUpdateVersion"],
                         ["blocklisted", "?blocklisted"],
+                        ["blocklistedsoft", "?blocklistedsoft"],
                         ["compatible", "?compatible"],
                         ["description", "?description"],
                         ["downloadURL", "?downloadURL"],
@@ -384,6 +385,7 @@ function showView(aView) {
                         ["availableUpdateVersion", "?availableUpdateVersion"],
                         ["availableUpdateInfo", "?availableUpdateInfo"],
                         ["blocklisted", "?blocklisted"],
+                        ["blocklistedsoft", "?blocklistedsoft"],
                         ["homepageURL", "?homepageURL"],
                         ["iconURL", "?iconURL"],
                         ["internalName", "?internalName"],
@@ -410,6 +412,7 @@ function showView(aView) {
                         ["availableUpdateURL", "?availableUpdateURL"],
                         ["availableUpdateVersion", "?availableUpdateVersion"],
                         ["blocklisted", "?blocklisted"],
+                        ["blocklistedsoft", "?blocklistedsoft"],
                         ["compatible", "?compatible"],
                         ["description", "?description"],
                         ["downloadURL", "?downloadURL"],
@@ -918,6 +921,8 @@ function rebuildPluginsDS()
     gPlugins[name][desc].plugins.push(plugin);
   }
 
+  var blocklist = Components.classes["@mozilla.org/extensions/blocklist;1"]
+                            .getService(Components.interfaces.nsIBlocklistService);
   for (var pluginName in gPlugins) {
     for (var pluginDesc in gPlugins[pluginName]) {
       plugin = gPlugins[pluginName][pluginDesc];
@@ -953,6 +958,12 @@ function rebuildPluginsDS()
                         gRDF.GetResource(PREFIX_NS_EM + "blocklisted"),
                         gRDF.GetLiteral(plugin.blocklisted ? "true" : "false"),
                         true);
+      var softblocked = blocklist.getPluginBlocklistState(plugin) == 
+                        Components.interfaces.nsIBlocklistService.STATE_SOFTBLOCKED;
+      gPluginsDS.Assert(pluginNode,
+                        gRDF.GetResource(PREFIX_NS_EM + "blocklistedsoft"),
+                        gRDF.GetLiteral(softblocked ? "true" : "false"),
+                        true);
       gPluginsDS.Assert(pluginNode,
                         gRDF.GetResource(PREFIX_NS_EM + "compatible"),
                         gRDF.GetLiteral("true"),