Bug 1336915 - Disable updates and fullhash requests when the Google API key is missing
We only register google table if we have a valid google api keys
MozReview-Commit-ID: CJmJErxSOqa
--- a/toolkit/components/url-classifier/SafeBrowsing.jsm
+++ b/toolkit/components/url-classifier/SafeBrowsing.jsm
@@ -80,16 +80,21 @@ this.SafeBrowsing = {
let provider = this.providers[providerName];
if (!providerName || !provider) {
log("No provider info found for " + listname);
log("Check browser.safebrowsing.provider.[google/mozilla].lists");
return;
}
+ if (!provider.updateURL) {
+ log("Invalid update url " + listname);
+ return;
+ }
+
listManager.registerTable(listname, providerName, provider.updateURL, provider.gethashURL);
},
registerTables: function() {
for (let i = 0; i < this.phishingLists.length; ++i) {
this.registerTableWithURLs(this.phishingLists[i]);
}
for (let i = 0; i < this.malwareLists.length; ++i) {
@@ -265,16 +270,24 @@ this.SafeBrowsing = {
Object.keys(this.providers).forEach(function(provider) {
let updateURL = Services.urlFormatter.formatURLPref(
"browser.safebrowsing.provider." + provider + ".updateURL");
let gethashURL = Services.urlFormatter.formatURLPref(
"browser.safebrowsing.provider." + provider + ".gethashURL");
updateURL = updateURL.replace("SAFEBROWSING_ID", clientID);
gethashURL = gethashURL.replace("SAFEBROWSING_ID", clientID);
+ // Disable updates and gethash if the Google API key is missing.
+ let googleKey = Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+ if ((provider == "google" || provider == "google4") &&
+ (!googleKey || googleKey == "no-google-api-key")) {
+ updateURL= "";
+ gethashURL= "";
+ }
+
log("Provider: " + provider + " updateURL=" + updateURL);
log("Provider: " + provider + " gethashURL=" + gethashURL);
// Urls used to update DB
this.providers[provider].updateURL = updateURL;
this.providers[provider].gethashURL = gethashURL;
// Get lists this provider manages
--- a/toolkit/components/url-classifier/content/listmanager.js
+++ b/toolkit/components/url-classifier/content/listmanager.js
@@ -96,22 +96,22 @@ PROT_ListManager.prototype.shutdown_ = f
* @param updateUrl - the url for updating the table
* @param gethashUrl - the url for fetching hash completions
* @returns true if the table could be created; false otherwise
*/
PROT_ListManager.prototype.registerTable = function(tableName,
providerName,
updateUrl,
gethashUrl) {
- log("registering " + tableName + " with " + updateUrl);
+ this.tablesData[tableName] = {};
if (!updateUrl) {
log("Can't register table " + tableName + " without updateUrl");
return false;
}
- this.tablesData[tableName] = {};
+ log("registering " + tableName + " with " + updateUrl);
this.tablesData[tableName].updateUrl = updateUrl;
this.tablesData[tableName].gethashUrl = gethashUrl;
this.tablesData[tableName].provider = providerName;
// Keep track of all of our update URLs.
if (!this.needsUpdate_[updateUrl]) {
this.needsUpdate_[updateUrl] = {};
--- a/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
+++ b/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
@@ -58,29 +58,36 @@ for (var provider in providers) {
var lists = [];
for (var pref of prefs) {
lists = lists.concat(SpecialPowers.getCharPref(pref).split(","));
}
var listmanager = Cc["@mozilla.org/url-classifier/listmanager;1"].
getService(Ci.nsIUrlListManager);
+let googleKey = SpecialPowers.Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+
for (var list of lists) {
if (!list)
continue;
// For lists having a provider, it should have a correct gethash url
// For lists without a provider, for example, test-malware-simple, it should not
// have a gethash url.
var url = listmanager.getGethashUrl(list);
var index = listsWithProvider.indexOf(list);
if (index >= 0) {
var provider = listsToProvider[index];
var pref = "browser.safebrowsing.provider." + provider + ".gethashURL";
- is(url, SpecialPowers.getCharPref(pref), list + " matches its gethash url");
+ if ((provider == "google" || provider == "google4") &&
+ (!googleKey || googleKey == "no-google-api-key")) {
+ is(url, "", "getHash url of " + list + " should be empty");
+ } else {
+ is(url, SpecialPowers.getCharPref(pref), list + " matches its gethash url");
+ }
} else {
is(url, "", list + " should not have a gethash url");
}
}
</script>
</pre>
</body>