def test_plugin_record_with_no_targetApplication_matching():
    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='1459262434336'
    )

    data = PLUGIN_DATA.copy()
    data['versionRange'] = [{
        "targetApplication": [
            {"guid": "{some-other-application}",
             "minVersion": "1.2",
             "maxVersion": "1.4"}
        ],
        "minVersion": "0",
        "maxVersion": "*",
        "severity": 3
    }]

    exporter.write_plugin_items(xml_tree, [data],
                                constants.FIREFOX_APPID)

    result = etree.tostring(
        etree.ElementTree(xml_tree),
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems/>
</blocklist>
""".decode('utf-8')
Example #2
0
def test_plugin_record_with_no_targetApplication_matching():
    xml_tree = etree.Element(
        'blocklist',
        lastupdate='1459262434336',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
    )

    data = PLUGIN_DATA.copy()
    data['versionRange'] = [{
        "targetApplication": [{
            "guid": "{some-other-application}",
            "minVersion": "1.2",
            "maxVersion": "1.4"
        }],
        "minVersion":
        "0",
        "maxVersion":
        "*",
        "severity":
        3
    }]

    exporter.write_plugin_items(xml_tree, [data], constants.FIREFOX_APPID)

    result = etree.tostring(etree.ElementTree(xml_tree),
                            pretty_print=True,
                            xml_declaration=True,
                            encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems/>
</blocklist>
""".decode('utf-8')
def test_plugin_record_with_api_version_2():
    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='1459262434336'
    )

    exporter.write_plugin_items(xml_tree, [PLUGIN_DATA],
                                constants.FIREFOX_APPID,
                                api_ver=2)

    result = etree.tostring(
        etree.ElementTree(xml_tree),
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange maxVersion="4.1.10328.0" minVersion="0" severity="0" \
vulnerabilitystatus="1"/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
Example #4
0
def test_plugin_record_with_api_version_2_with_no_guid_and_severity_0():
    xml_tree = etree.Element(
        'blocklist',
        lastupdate='1459262434336',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
    )

    data = PLUGIN_DATA.copy()
    data['versionRange'] = [{"targetApplication": [], "severity": 0}]

    exporter.write_plugin_items(xml_tree, [data],
                                constants.FIREFOX_APPID,
                                api_ver=2)

    result = etree.tostring(etree.ElementTree(xml_tree),
                            pretty_print=True,
                            xml_declaration=True,
                            encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange severity="0"/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
Example #5
0
def test_plugin_record_with_api_version_2():
    xml_tree = etree.Element(
        'blocklist',
        lastupdate='1459262434336',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
    )

    exporter.write_plugin_items(xml_tree, [PLUGIN_DATA],
                                constants.FIREFOX_APPID,
                                api_ver=2)

    result = etree.tostring(etree.ElementTree(xml_tree),
                            pretty_print=True,
                            xml_declaration=True,
                            encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange maxVersion="4.1.10328.0" minVersion="0" severity="0" \
vulnerabilitystatus="1"/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
Example #6
0
def get_blocklist(request):
    api_ver = int(request.matchdict['api_ver'])
    app = request.matchdict['application_guid']
    app_ver = request.matchdict['application_ver']

    last_update = 0

    # Addons blocklist
    addons_records, addons_records_count = get_records(request, 'addons')
    if addons_records:
        last_update = addons_records[-1]['last_modified']

    # Plugins blocklist
    plugin_records, plugin_records_count = get_records(request, 'plugins')
    if plugin_records:
        last_update = max(last_update, plugin_records[-1]['last_modified'])

    # GFX blocklist
    gfx_records, gfx_records_count = get_records(request, 'gfx')
    if gfx_records:
        last_update = max(last_update, gfx_records[-1]['last_modified'])

    # Certificates blocklist
    cert_records, cert_records_count = get_records(request, 'certificates')
    if cert_records:
        last_update = max(last_update, cert_records[-1]['last_modified'])

    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='%s' % last_update
    )

    write_addons_items(xml_tree, addons_records, api_ver=api_ver, app_id=app)
    write_plugin_items(xml_tree, plugin_records, api_ver=api_ver,
                       app_id=app, app_ver=app_ver)
    write_gfx_items(xml_tree, gfx_records, api_ver=api_ver, app_id=app)
    write_cert_items(xml_tree, cert_records, api_ver=api_ver)

    doc = etree.ElementTree(xml_tree)
    request.response.content_type = "application/xml;charset=UTF-8"

    request.response.write(etree.tostring(
        doc,
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8'))

    return request.response
def test_plugin_record_with_no_targetApplication_info():
    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='1459262434336'
    )

    data = PLUGIN_DATA.copy()
    data['name'] = "Yahoo Application State Plugin"
    data['os'] = "WINNT"
    data['xpcomabi'] = "test"
    data['versionRange'] = [{
        "targetApplication": [],
        "minVersion": "0",
        "maxVersion": "*",
        "severity": 0,
        "vulnerabilityStatus": "1"
    }]

    exporter.write_plugin_items(xml_tree, [data],
                                constants.FIREFOX_APPID)

    result = etree.tostring(
        etree.ElementTree(xml_tree),
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26" name="Yahoo Application State Plugin" os="WINNT"\
 xpcomabi="test">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange maxVersion="*" minVersion="0" severity="0" \
vulnerabilitystatus="1"/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
Example #8
0
def test_plugin_record_with_no_targetApplication_info():
    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='1459262434336'
    )

    data = PLUGIN_DATA.copy()
    data['name'] = "Yahoo Application State Plugin"
    data['os'] = "WINNT"
    data['xpcomabi'] = "test"
    data['versionRange'] = [{
        "targetApplication": [],
        "minVersion": "0",
        "maxVersion": "*",
        "severity": 0,
        "vulnerabilityStatus": "1"
    }]

    exporter.write_plugin_items(xml_tree, [data],
                                constants.FIREFOX_APPID)

    result = etree.tostring(
        etree.ElementTree(xml_tree),
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26" name="Yahoo Application State Plugin" os="WINNT"\
 xpcomabi="test">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange maxVersion="*" minVersion="0" severity="0" \
vulnerabilitystatus="1"/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
def test_plugin_record_with_api_version_2_with_guid_and_empty_versionRange():
    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='1459262434336'
    )

    data = PLUGIN_DATA.copy()
    data['versionRange'] = [{
        "targetApplication": [
            {"guid": constants.FIREFOX_APPID,
             "minVersion": "3.6",
             "maxVersion": "3.6.*"}
        ]
    }]

    exporter.write_plugin_items(xml_tree, [data],
                                constants.FIREFOX_APPID,
                                api_ver=2)

    result = etree.tostring(
        etree.ElementTree(xml_tree),
        pretty_print=True,
        xml_declaration=True,
        encoding='UTF-8').decode('utf-8')

    assert result == b"""<?xml version='1.0' encoding='UTF-8'?>
<blocklist lastupdate="1459262434336" \
xmlns="http://www.mozilla.org/2006/addons-blocklist">
  <pluginItems>
    <pluginItem blockID="p26">
      <match exp="^Yahoo Application State Plugin$" name="name"/>
      <match exp="npYState.dll" name="filename"/>
      <match exp="^Yahoo Application State Plugin$" name="description"/>
      <infoURL>https://get.adobe.com/flashplayer/</infoURL>
      <versionRange/>
    </pluginItem>
  </pluginItems>
</blocklist>
""".decode('utf-8')
Example #10
0
def get_blocklist(request):
    prefix = request.matchdict['prefix']
    api_ver = int(request.matchdict['api_ver'])
    app = request.matchdict['application_guid']
    app_ver = request.matchdict['application_ver']

    # 1. Verify that we have a config for that prefix
    if prefix not in request.registry.amo_resources:
        raise HTTPNotFound()

    # Addons blocklist
    addons_records, addons_last_modified = get_records(request, prefix,
                                                       'addons')
    # Plugins blocklist
    plugins_records, plugins_last_modified = get_records(
        request, prefix, 'plugins')
    # GFX blocklist
    gfx_records, gfx_last_modified = get_records(request, prefix, 'gfx')
    # Certificates blocklist
    cert_records, cert_last_modified = get_records(request, prefix,
                                                   'certificates')

    # Expose highest timestamp in response headers.
    last_update = max(addons_last_modified, plugins_last_modified,
                      gfx_last_modified, cert_last_modified)
    last_etag = '"{}"'.format(last_update)
    request.response.headers['ETag'] = last_etag
    request.response.last_modified = last_update / 1000.0

    if_none_match = request.headers.get('If-None-Match')
    if_modified_since = request.headers.get('If-Modified-Since')
    if if_none_match is not None or if_modified_since is not None:
        has_changed = (
            if_none_match != last_etag
            and request.if_modified_since != request.response.last_modified)
        if not has_changed:
            response = HTTPNotModified()
            response.headers['ETag'] = last_etag
            response.last_modified = last_update / 1000.0
            raise response

    xml_tree = etree.Element(
        'blocklist',
        xmlns="http://www.mozilla.org/2006/addons-blocklist",
        lastupdate='%s' % last_update)

    write_addons_items(xml_tree,
                       addons_records,
                       api_ver=api_ver,
                       app_id=app,
                       app_ver=app_ver)
    write_plugin_items(xml_tree,
                       plugins_records,
                       api_ver=api_ver,
                       app_id=app,
                       app_ver=app_ver)
    write_gfx_items(xml_tree, gfx_records, api_ver=api_ver, app_id=app)
    write_cert_items(xml_tree,
                     cert_records,
                     api_ver=api_ver,
                     app_id=app,
                     app_ver=app_ver)

    doc = etree.ElementTree(xml_tree)
    request.response.content_type = "application/xml;charset=UTF-8"

    request.response.write(
        etree.tostring(doc,
                       pretty_print=True,
                       xml_declaration=True,
                       encoding='UTF-8').decode('utf-8'))

    return request.response