[Pkg-mozext-commits] [requestpolicy] 43/65: [fix] conflicting rules: give "origin-to-dest" precedence
David Prévot
taffit at moszumanska.debian.org
Fri Mar 25 22:59:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository requestpolicy.
commit 220a897b333a4b7b4c5deaeee64cba3ec2c6ea2a
Author: Martin Kimmerle <dev at 256k.de>
Date: Mon Feb 1 16:36:50 2016 +0100
[fix] conflicting rules: give "origin-to-dest" precedence
Resolves #491
---
src/content/lib/request-processor.jsm | 23 ++++++
src/content/lib/request-processor.redirects.js | 8 +-
src/content/lib/request-result.jsm | 22 +++++
tests/xpcshell/test_requestresult.js | 110 +++++++++++++++++++++++++
tests/xpcshell/xpcshell.ini | 1 +
5 files changed, 162 insertions(+), 2 deletions(-)
diff --git a/src/content/lib/request-processor.jsm b/src/content/lib/request-processor.jsm
index 766007a..8513337 100644
--- a/src/content/lib/request-processor.jsm
+++ b/src/content/lib/request-processor.jsm
@@ -785,6 +785,17 @@ var RequestProcessor = (function() {
// question.
if (request.requestResult.allowRulesExist() &&
request.requestResult.denyRulesExist()) {
+ let {conflictCanBeResolved, shouldAllow
+ } = request.requestResult.resolveConflict();
+ if (conflictCanBeResolved) {
+ request.requestResult.resultReason = REQUEST_REASON_USER_POLICY;
+ request.requestResult.isAllowed = shouldAllow;
+ if (shouldAllow) {
+ return accept("Allowed by user policy", request);
+ } else {
+ return reject("Blocked by user policy", request);
+ }
+ }
request.requestResult.resultReason =
REQUEST_REASON_DEFAULT_POLICY_INCONSISTENT_RULES;
if (Prefs.isDefaultAllow()) {
@@ -821,6 +832,18 @@ var RequestProcessor = (function() {
}
if (request.requestResult.allowRulesExist() &&
request.requestResult.denyRulesExist()) {
+ let {conflictCanBeResolved, shouldAllow
+ } = request.requestResult.resolveConflict();
+ if (conflictCanBeResolved) {
+ request.requestResult.resultReason =
+ REQUEST_REASON_SUBSCRIPTION_POLICY;
+ request.requestResult.isAllowed = shouldAllow;
+ if (shouldAllow) {
+ return accept("Allowed by subscription policy", request);
+ } else {
+ return reject("Blocked by subscription policy", request);
+ }
+ }
request.requestResult.resultReason =
REQUEST_REASON_DEFAULT_POLICY_INCONSISTENT_RULES;
if (Prefs.isDefaultAllow()) {
diff --git a/src/content/lib/request-processor.redirects.js b/src/content/lib/request-processor.redirects.js
index 4e4cbe4..a612342 100644
--- a/src/content/lib/request-processor.redirects.js
+++ b/src/content/lib/request-processor.redirects.js
@@ -115,7 +115,9 @@ RequestProcessor = (function(self) {
let result = PolicyManager.checkRequestAgainstUserRules(originURIObj,
destURIObj);
if (result.denyRulesExist() && result.allowRulesExist()) {
- result.isAllowed = Prefs.isDefaultAllow();
+ let {conflictCanBeResolved, shouldAllow} = result.resolveConflict();
+ result.isAllowed = conflictCanBeResolved ? shouldAllow :
+ Prefs.isDefaultAllow();
return result;
}
if (result.denyRulesExist()) {
@@ -132,7 +134,9 @@ RequestProcessor = (function(self) {
let result = PolicyManager.checkRequestAgainstSubscriptionRules(
originURIObj, destURIObj);
if (result.denyRulesExist() && result.allowRulesExist()) {
- result.isAllowed = Prefs.isDefaultAllow();
+ let {conflictCanBeResolved, shouldAllow} = result.resolveConflict();
+ result.isAllowed = conflictCanBeResolved ? shouldAllow :
+ Prefs.isDefaultAllow();
return result;
}
if (result.denyRulesExist()) {
diff --git a/src/content/lib/request-result.jsm b/src/content/lib/request-result.jsm
index aeb0d85..d68c97f 100644
--- a/src/content/lib/request-result.jsm
+++ b/src/content/lib/request-result.jsm
@@ -103,6 +103,28 @@ RequestResult.prototype.denyRulesExist = function() {
return this.matchedDenyRules.length > 0;
};
+function countOriginToDestRules(aMatchedRules) {
+ let n = 0;
+ for (let [, [type]] of aMatchedRules) {
+ if (type === "origin-to-dest") {
+ ++n;
+ }
+ }
+ return n;
+}
+
+RequestResult.prototype.resolveConflict = function() {
+ let nODAllowRules = countOriginToDestRules(this.matchedAllowRules);
+ let nODDenyRules = countOriginToDestRules(this.matchedDenyRules);
+ if (nODAllowRules === 0 && nODDenyRules > 0) {
+ return {conflictCanBeResolved: true, shouldAllow: false};
+ }
+ if (nODAllowRules > 0 && nODDenyRules === 0) {
+ return {conflictCanBeResolved: true, shouldAllow: true};
+ }
+ return {conflictCanBeResolved: false, shouldAllow: undefined};
+};
+
RequestResult.prototype.isDefaultPolicyUsed = function() {
// returns whether the default policy has been or will be used for this request.
return this.resultReason === REQUEST_REASON_DEFAULT_POLICY ||
diff --git a/tests/xpcshell/test_requestresult.js b/tests/xpcshell/test_requestresult.js
new file mode 100644
index 0000000..67a94ac
--- /dev/null
+++ b/tests/xpcshell/test_requestresult.js
@@ -0,0 +1,110 @@
+/* exported run_test */
+Cu.import("chrome://rpcontinued/content/lib/request-result.jsm");
+
+function run_test() {
+ "use strict";
+
+ run_next_test();
+}
+
+//==============================================================================
+// utilities
+//==============================================================================
+
+function createRequestResult() {
+ return new RequestResult();
+}
+
+function policyToArrayName(policy) {
+ switch (policy) {
+ case "allow":
+ return "matchedAllowRules";
+ case "deny":
+ return "matchedDenyRules";
+ default:
+ throw "Invalid policy";
+ }
+}
+
+function addOriginRule(rr, policy) {
+ let list = rr[policyToArrayName(policy)];
+ list.push([{}, ["origin", {}, {}]]);
+}
+
+function addDestRule(rr, policy) {
+ let list = rr[policyToArrayName(policy)];
+ list.push([{}, ["origin", {}, {}]]);
+}
+
+function addOriginToDestRule(rr, policy) {
+ let list = rr[policyToArrayName(policy)];
+ list.push([{}, ["origin-to-dest", {}, {}, {}, {}]]);
+}
+
+//==============================================================================
+// tests
+//==============================================================================
+
+//------------------------------------------------------------------------------
+// resolveConflict()
+//------------------------------------------------------------------------------
+
+add_test(function() {
+ // setup
+ let rr = createRequestResult();
+ addOriginRule(rr, "allow");
+ addDestRule(rr, "deny");
+
+ // exercise
+ let rv = rr.resolveConflict();
+
+ // verify
+ deepEqual(rv, {conflictCanBeResolved: false, shouldAllow: undefined});
+
+ run_next_test();
+});
+
+add_test(function() {
+ // setup
+ let rr = createRequestResult();
+ addDestRule(rr, "deny");
+ addOriginToDestRule(rr, "allow");
+
+ // exercise
+ let rv = rr.resolveConflict();
+
+ // verify
+ deepEqual(rv, {conflictCanBeResolved: true, shouldAllow: true});
+
+ run_next_test();
+});
+
+add_test(function() {
+ // setup
+ let rr = createRequestResult();
+ addDestRule(rr, "allow");
+ addOriginToDestRule(rr, "deny");
+
+ // exercise
+ let rv = rr.resolveConflict();
+
+ // verify
+ deepEqual(rv, {conflictCanBeResolved: true, shouldAllow: false});
+
+ run_next_test();
+});
+
+add_test(function() {
+ // setup
+ let rr = createRequestResult();
+ addOriginToDestRule(rr, "allow");
+ addOriginToDestRule(rr, "deny");
+
+ // exercise
+ let rv = rr.resolveConflict();
+
+ // verify
+ deepEqual(rv, {conflictCanBeResolved: false, shouldAllow: undefined});
+
+ run_next_test();
+});
diff --git a/tests/xpcshell/xpcshell.ini b/tests/xpcshell/xpcshell.ini
index ca598ab..f65d03d 100644
--- a/tests/xpcshell/xpcshell.ini
+++ b/tests/xpcshell/xpcshell.ini
@@ -8,6 +8,7 @@ tail =
[test_oldrules.js]
;[test_policymanager.js]
[test_policystorage.js]
+[test_requestresult.js]
;[test_subscription.js]
[test_wrap_function.js]
[test_xulutils_keyboard_shortcuts.js]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/requestpolicy.git
More information about the Pkg-mozext-commits
mailing list