// Check site-specific permission and display prompt if appropriate. bool IsImageExtractionAllowed(nsIDocument *aDocument) { if (!aDocument) return false; nsPIDOMWindow *win = aDocument->GetWindow(); nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) return true; bool isAllowed = false; nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID); nsCOMPtr<nsIPermissionManager> permissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID); if (thirdPartyUtil && permissionManager) { nsCOMPtr<nsIURI> uri; nsresult rv = thirdPartyUtil->GetFirstPartyURI(NULL, aDocument, getter_AddRefs(uri)); uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION; if (NS_SUCCEEDED(rv)) { // Allow local files to access canvas data; check content permissions // for remote pages. bool isFileURL = false; (void)uri->SchemeIs("file", &isFileURL); if (isFileURL) permission = nsIPermissionManager::ALLOW_ACTION; else { rv = permissionManager->TestPermission(uri, PERMISSION_CANVAS_EXTRACT_DATA, &permission); } } if (NS_SUCCEEDED(rv)) { isAllowed = (permission == nsIPermissionManager::ALLOW_ACTION); if (!isAllowed && (permission != nsIPermissionManager::DENY_ACTION)) { // Send notification so that a prompt is displayed. nsCString spec; rv = uri->GetSpec(spec); NS_ENSURE_SUCCESS(rv, false); nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, NS_ConvertUTF8toUTF16(spec).get()); } } } return isAllowed; }
TYPED_TEST(unary_operations, same_as_std_on_random_inputs) { using optimus_op = typename TypeParam::first_type; using std_op = typename TypeParam::second_type; using type = typename std_op::result_type; optimus_op oop; std_op sop; for (size_t i = 0; i < 5; ++i) { auto r1 = random_input<optimus_op, type>::gen(); EXPECT_EQ(sop(r1), oop(r1)); } }
SimpleFilter* createSimpleFilter ( CalpontSystemCatalog*& csc, const CalpontSystemCatalog::TableColName& tcn, const string& opstr, ConstantColumn* cc ) { SimpleFilter* lsf = new SimpleFilter(); Operator* op = new Operator(); op->data(opstr); CalpontSystemCatalog::ColType ccct; ccct = op->resultType(); ccct.colDataType = cc->resultType().colDataType; op->operationType(ccct); SOP sop(op); lsf->op(sop); CalpontSystemCatalog::OID oid = csc->lookupOID(tcn); CalpontSystemCatalog::ColType ct = csc->colType(oid); SimpleColumn* sc = new SimpleColumn(); sc->schemaName(tcn.schema); sc->tableName(tcn.table); sc->tableAlias(tcn.table); sc->columnName(tcn.column); sc->oid(oid); sc->resultType(ct); sc->alias(tcn.toString()); lsf->lhs(sc); lsf->rhs(cc); return lsf; }
bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) { // Do the rest of the checks only if privacy.resistFingerprinting is on. if (!nsContentUtils::ShouldResistFingerprinting()) { return true; } // Don't proceed if we don't have a document or JavaScript context. if (!aDocument || !aCx) { return false; } // Documents with system principal can always extract canvas data. nsPIDOMWindowOuter *win = aDocument->GetWindow(); nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) { return true; } // Always give permission to chrome scripts (e.g. Page Inspector). if (nsContentUtils::ThreadsafeIsCallerChrome()) { return true; } // Get the document URI and its spec. nsIURI *docURI = aDocument->GetDocumentURI(); nsCString docURISpec; docURI->GetSpec(docURISpec); // Allow local files to extract canvas data. bool isFileURL; (void) docURI->SchemeIs("file", &isFileURL); if (isFileURL) { return true; } // Get calling script file and line for logging. JS::AutoFilename scriptFile; unsigned scriptLine = 0; bool isScriptKnown = false; if (JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine)) { isScriptKnown = true; // Don't show canvas prompt for PDF.js if (scriptFile.get() && strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) { return true; } } nsIDocument* topLevelDocument = aDocument->GetTopLevelContentDocument(); nsIURI *topLevelDocURI = topLevelDocument ? topLevelDocument->GetDocumentURI() : nullptr; nsCString topLevelDocURISpec; if (topLevelDocURI) { topLevelDocURI->GetSpec(topLevelDocURISpec); } // Load Third Party Util service. nsresult rv; nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID, &rv); NS_ENSURE_SUCCESS(rv, false); // Block all third-party attempts to extract canvas. bool isThirdParty = true; rv = thirdPartyUtil->IsThirdPartyURI(topLevelDocURI, docURI, &isThirdParty); NS_ENSURE_SUCCESS(rv, false); if (isThirdParty) { nsAutoCString message; message.AppendPrintf("Blocked third party %s in page %s from extracting canvas data.", docURISpec.get(), topLevelDocURISpec.get()); if (isScriptKnown) { message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine); } nsContentUtils::LogMessageToConsole(message.get()); return false; } // Load Permission Manager service. nsCOMPtr<nsIPermissionManager> permissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv); NS_ENSURE_SUCCESS(rv, false); // Check if the site has permission to extract canvas data. // Either permit or block extraction if a stored permission setting exists. uint32_t permission; rv = permissionManager->TestPermission(topLevelDocURI, PERMISSION_CANVAS_EXTRACT_DATA, &permission); NS_ENSURE_SUCCESS(rv, false); switch (permission) { case nsIPermissionManager::ALLOW_ACTION: return true; case nsIPermissionManager::DENY_ACTION: return false; default: break; } // At this point, permission is unknown (nsIPermissionManager::UNKNOWN_ACTION). nsAutoCString message; message.AppendPrintf("Blocked %s in page %s from extracting canvas data.", docURISpec.get(), topLevelDocURISpec.get()); if (isScriptKnown) { message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine); } nsContentUtils::LogMessageToConsole(message.get()); // Prompt the user (asynchronous). if (XRE_IsContentProcess()) { TabChild* tabChild = TabChild::GetFrom(win); if (tabChild) { tabChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec); } } else { nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); if (obs) { obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, NS_ConvertUTF8toUTF16(topLevelDocURISpec).get()); } } // We don't extract the image for now -- user may override at prompt. return false; }