void RxCompile::simple()
{
if (match("."))
emit(&any);
else if (match("\\d"))
emit(new CharClass(digit));
else if (match("\\D"))
emit(new CharClass(notDigit));
else if (match("\\w"))
emit(new CharClass(word));
else if (match("\\W"))
emit(new CharClass(notWord));
else if (match("\\s"))
emit(new CharClass(space));
else if (match("\\S"))
emit(new CharClass(notSpace));
else if (matchBackref())
{
int i = src[si - 1] - '0';
emit(new Backref(i, ignoringCase));
}
else if (match("["))
{
charClass();
mustMatch(']');
}
else if (match("("))
{
int i = ++leftCount;
emit(new Left(i));
regexp(); // recurse
emit(new Right(i));
mustMatch(')');
}
else
{
if (si + 1 < sn)
match("\\");
emitChars(src + si, 1);
++si;
}
}
PRemoteOpenFileParent*
NeckoParent::AllocPRemoteOpenFileParent(const URIParams& aURI,
const OptionalURIParams& aAppURI)
{
nsCOMPtr<nsIURI> uri = DeserializeURI(aURI);
nsCOMPtr<nsIFileURL> fileURL = do_QueryInterface(uri);
if (!fileURL) {
return nullptr;
}
// security checks
if (UsingNeckoIPCSecurity()) {
nsCOMPtr<nsIAppsService> appsService =
do_GetService(APPS_SERVICE_CONTRACTID);
if (!appsService) {
return nullptr;
}
bool haveValidBrowser = false;
bool hasManage = false;
nsCOMPtr<mozIApplication> mozApp;
for (uint32_t i = 0; i < Manager()->ManagedPBrowserParent().Length(); i++) {
nsRefPtr<TabParent> tabParent =
static_cast<TabParent*>(Manager()->ManagedPBrowserParent()[i]);
uint32_t appId = tabParent->OwnOrContainingAppId();
nsresult rv = appsService->GetAppByLocalId(appId, getter_AddRefs(mozApp));
if (NS_FAILED(rv) || !mozApp) {
continue;
}
hasManage = false;
rv = mozApp->HasPermission("webapps-manage", &hasManage);
if (NS_FAILED(rv)) {
continue;
}
haveValidBrowser = true;
break;
}
if (!haveValidBrowser) {
return nullptr;
}
nsAutoCString requestedPath;
fileURL->GetPath(requestedPath);
NS_UnescapeURL(requestedPath);
// Check if we load the whitelisted app uri for the neterror page.
bool netErrorWhiteList = false;
nsCOMPtr<nsIURI> appUri = DeserializeURI(aAppURI);
if (appUri) {
nsAdoptingString netErrorURI;
netErrorURI = Preferences::GetString("b2g.neterror.url");
if (netErrorURI) {
nsAutoCString spec;
appUri->GetSpec(spec);
netErrorWhiteList = spec.Equals(NS_ConvertUTF16toUTF8(netErrorURI).get());
}
}
if (hasManage || netErrorWhiteList) {
// webapps-manage permission means allow reading any application.zip file
// in either the regular webapps directory, or the core apps directory (if
// we're using one).
NS_NAMED_LITERAL_CSTRING(appzip, "/application.zip");
nsAutoCString pathEnd;
requestedPath.Right(pathEnd, appzip.Length());
if (!pathEnd.Equals(appzip)) {
return nullptr;
}
nsAutoCString pathStart;
requestedPath.Left(pathStart, mWebAppsBasePath.Length());
if (!pathStart.Equals(mWebAppsBasePath)) {
if (mCoreAppsBasePath.IsEmpty()) {
return nullptr;
}
requestedPath.Left(pathStart, mCoreAppsBasePath.Length());
if (!pathStart.Equals(mCoreAppsBasePath)) {
return nullptr;
}
}
// Finally: make sure there are no "../" in URI.
// Note: not checking for symlinks (would cause I/O for each path
// component). So it's up to us to avoid creating symlinks that could
// provide attack vectors.
if (PL_strnstr(requestedPath.BeginReading(), "/../",
requestedPath.Length())) {
printf_stderr("NeckoParent::AllocPRemoteOpenFile: "
"FATAL error: requested file URI '%s' contains '/../' "
"KILLING CHILD PROCESS\n", requestedPath.get());
return nullptr;
}
} else {
// regular packaged apps can only access their own application.zip file
nsAutoString basePath;
nsresult rv = mozApp->GetBasePath(basePath);
if (NS_FAILED(rv)) {
return nullptr;
}
nsAutoString uuid;
rv = mozApp->GetId(uuid);
if (NS_FAILED(rv)) {
return nullptr;
}
nsPrintfCString mustMatch("%s/%s/application.zip",
NS_LossyConvertUTF16toASCII(basePath).get(),
NS_LossyConvertUTF16toASCII(uuid).get());
if (!requestedPath.Equals(mustMatch)) {
printf_stderr("NeckoParent::AllocPRemoteOpenFile: "
"FATAL error: app without webapps-manage permission is "
"requesting file '%s' but is only allowed to open its "
"own application.zip at %s: KILLING CHILD PROCESS\n",
requestedPath.get(), mustMatch.get());
return nullptr;
}
}
}
RemoteOpenFileParent* parent = new RemoteOpenFileParent(fileURL);
return parent;
}