File: ContentBlockingLog.cpp

package info (click to toggle)
firefox-esr 128.13.0esr-1
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 4,230,012 kB
sloc: cpp: 7,103,971; javascript: 6,088,450; ansic: 3,653,980; python: 1,212,330; xml: 594,604; asm: 420,652; java: 182,969; sh: 71,124; makefile: 20,747; perl: 13,449; objc: 12,399; yacc: 4,583; cs: 3,846; pascal: 2,973; lex: 1,720; ruby: 1,194; exp: 762; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10
file content (512 lines) | stat: -rw-r--r-- 18,958 bytes
parent folder | download | duplicates (7)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "AntiTrackingLog.h"
#include "ContentBlockingLog.h"

#include "nsIEffectiveTLDService.h"
#include "nsITrackingDBService.h"
#include "nsIWebProgressListener.h"
#include "nsNetCID.h"
#include "nsNetUtil.h"
#include "nsRFPService.h"
#include "nsServiceManagerUtils.h"
#include "nsTArray.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/ClearOnShutdown.h"
#include "mozilla/HashFunctions.h"
#include "mozilla/Preferences.h"
#include "mozilla/RandomNum.h"
#include "mozilla/ReverseIterator.h"
#include "mozilla/StaticPrefs_browser.h"
#include "mozilla/StaticPrefs_privacy.h"
#include "mozilla/StaticPrefs_telemetry.h"
#include "mozilla/StaticPtr.h"
#include "mozilla/Telemetry.h"
#include "mozilla/XorShift128PlusRNG.h"

namespace mozilla {

namespace {

StaticAutoPtr<nsCString> gEmailWebAppDomainsPref;
static constexpr char kEmailWebAppDomainPrefName[] =
    "privacy.trackingprotection.emailtracking.webapp.domains";

void EmailWebAppDomainPrefChangeCallback(const char* aPrefName, void*) {
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(!strcmp(aPrefName, kEmailWebAppDomainPrefName));
  MOZ_ASSERT(gEmailWebAppDomainsPref);

  Preferences::GetCString(kEmailWebAppDomainPrefName, *gEmailWebAppDomainsPref);
}

}  // namespace

Maybe<uint32_t> ContentBlockingLog::RecordLogParent(
    const nsACString& aOrigin, uint32_t aType, bool aBlocked,
    const Maybe<ContentBlockingNotifier::StorageAccessPermissionGrantedReason>&
        aReason,
    const nsTArray<nsCString>& aTrackingFullHashes,
    const Maybe<ContentBlockingNotifier::CanvasFingerprinter>&
        aCanvasFingerprinter,
    const Maybe<bool> aCanvasFingerprinterKnownText) {
  MOZ_ASSERT(XRE_IsParentProcess());

  uint32_t events = GetContentBlockingEventsInLog();

  bool blockedValue = aBlocked;
  bool unblocked = false;
  OriginEntry* entry;

  switch (aType) {
    case nsIWebProgressListener::STATE_COOKIES_LOADED:
      MOZ_ASSERT(!aBlocked,
                 "We don't expected to see blocked STATE_COOKIES_LOADED");
      [[fallthrough]];

    case nsIWebProgressListener::STATE_COOKIES_LOADED_TRACKER:
      MOZ_ASSERT(
          !aBlocked,
          "We don't expected to see blocked STATE_COOKIES_LOADED_TRACKER");
      [[fallthrough]];

    case nsIWebProgressListener::STATE_COOKIES_LOADED_SOCIALTRACKER:
      MOZ_ASSERT(!aBlocked,
                 "We don't expected to see blocked "
                 "STATE_COOKIES_LOADED_SOCIALTRACKER");
      // Note that the logic in these branches are the logical negation of the
      // logic in other branches, since the Document API we have is phrased
      // in "loaded" terms as opposed to "blocked" terms.
      blockedValue = !aBlocked;
      [[fallthrough]];

    case nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_LEVEL_1_TRACKING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_LEVEL_2_TRACKING_CONTENT:
    case nsIWebProgressListener::STATE_BLOCKED_FINGERPRINTING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_FINGERPRINTING_CONTENT:
    case nsIWebProgressListener::STATE_BLOCKED_CRYPTOMINING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_CRYPTOMINING_CONTENT:
    case nsIWebProgressListener::STATE_BLOCKED_SOCIALTRACKING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_SOCIALTRACKING_CONTENT:
    case nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION:
    case nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL:
    case nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN:
    case nsIWebProgressListener::STATE_BLOCKED_EMAILTRACKING_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_1_CONTENT:
    case nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_2_CONTENT:
      Unused << RecordLogInternal(aOrigin, aType, blockedValue);
      break;

    case nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER:
    case nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER:
      Unused << RecordLogInternal(aOrigin, aType, blockedValue, aReason,
                                  aTrackingFullHashes);
      break;

    case nsIWebProgressListener::STATE_REPLACED_FINGERPRINTING_CONTENT:
    case nsIWebProgressListener::STATE_ALLOWED_FINGERPRINTING_CONTENT:
    case nsIWebProgressListener::STATE_REPLACED_TRACKING_CONTENT:
    case nsIWebProgressListener::STATE_ALLOWED_TRACKING_CONTENT:
      Unused << RecordLogInternal(aOrigin, aType, blockedValue, aReason,
                                  aTrackingFullHashes);
      break;
    case nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING:
      MOZ_ASSERT(!aBlocked,
                 "We don't expected to see blocked "
                 "STATE_ALLOWED_FONT_FINGERPRINTING");
      entry = RecordLogInternal(aOrigin, aType, blockedValue);

      // Replace the flag using the suspicious fingerprinting event so that we
      // can report the event if we detect suspicious fingerprinting.
      aType = nsIWebProgressListener::STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING;

      // Report blocking if we detect suspicious fingerprinting activity.
      if (entry && entry->mData->mHasSuspiciousFingerprintingActivity) {
        blockedValue = true;
      }
      break;

    case nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING:
      MOZ_ASSERT(!aBlocked,
                 "We don't expected to see blocked "
                 "STATE_ALLOWED_CANVAS_FINGERPRINTING");
      entry = RecordLogInternal(aOrigin, aType, blockedValue, Nothing(), {},
                                aCanvasFingerprinter,
                                aCanvasFingerprinterKnownText);

      // Replace the flag using the suspicious fingerprinting event so that we
      // can report the event if we detect suspicious fingerprinting.
      aType = nsIWebProgressListener::STATE_BLOCKED_SUSPICIOUS_FINGERPRINTING;

      // Report blocking if we detect suspicious fingerprinting activity.
      if (entry && entry->mData->mHasSuspiciousFingerprintingActivity) {
        blockedValue = true;
      }
      break;

    default:
      // Ignore nsIWebProgressListener::STATE_BLOCKED_UNSAFE_CONTENT;
      break;
  }

  if (!aBlocked) {
    unblocked = (events & aType) != 0;
  }

  const uint32_t oldEvents = events;
  if (blockedValue) {
    events |= aType;
  } else if (unblocked) {
    events &= ~aType;
  }

  if (events == oldEvents
#ifdef ANDROID
      // GeckoView always needs to notify about blocked trackers,
      // since the GeckoView API always needs to report the URI and
      // type of any blocked tracker. We use a platform-dependent code
      // path here because reporting this notification on desktop
      // platforms isn't necessary and doing so can have a big
      // performance cost.
      && aType != nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT
#endif
  ) {
    // Avoid dispatching repeated notifications when nothing has
    // changed
    return Nothing();
  }

  return Some(events);
}

void ContentBlockingLog::ReportLog(nsIPrincipal* aFirstPartyPrincipal) {
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(aFirstPartyPrincipal);

  if (!StaticPrefs::browser_contentblocking_database_enabled()) {
    return;
  }

  if (mLog.IsEmpty()) {
    return;
  }

  nsCOMPtr<nsITrackingDBService> trackingDBService =
      do_GetService("@mozilla.org/tracking-db-service;1");
  if (NS_WARN_IF(!trackingDBService)) {
    return;
  }

  trackingDBService->RecordContentBlockingLog(Stringify());
}

void ContentBlockingLog::ReportCanvasFingerprintingLog(
    nsIPrincipal* aFirstPartyPrincipal) {
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(aFirstPartyPrincipal);

  // We don't need to report if the first party is not a content.
  if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
    return;
  }

  bool hasCanvasFingerprinter = false;
  bool canvasFingerprinterKnownText = false;
  Maybe<ContentBlockingNotifier::CanvasFingerprinter> canvasFingerprinter;
  for (const auto& originEntry : mLog) {
    if (!originEntry.mData) {
      continue;
    }

    for (const auto& logEntry : Reversed(originEntry.mData->mLogs)) {
      if (logEntry.mType !=
          nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING) {
        continue;
      }

      // Select the log entry with the highest fingerprinting likelihood,
      // that primarily means preferring those with a FingerprinterKnownText.
      if (!hasCanvasFingerprinter ||
          (!canvasFingerprinterKnownText &&
           *logEntry.mCanvasFingerprinterKnownText) ||
          (!canvasFingerprinterKnownText && canvasFingerprinter.isNothing() &&
           logEntry.mCanvasFingerprinter.isSome())) {
        hasCanvasFingerprinter = true;
        canvasFingerprinterKnownText = *logEntry.mCanvasFingerprinterKnownText;
        canvasFingerprinter = logEntry.mCanvasFingerprinter;
      }
    }
  }

  if (!hasCanvasFingerprinter) {
    Telemetry::Accumulate(Telemetry::CANVAS_FINGERPRINTING_PER_TAB,
                          "unknown"_ns, 0);
  } else {
    int32_t fingerprinter =
        canvasFingerprinter.isSome() ? (*canvasFingerprinter + 1) : 0;
    Telemetry::Accumulate(
        Telemetry::CANVAS_FINGERPRINTING_PER_TAB,
        canvasFingerprinterKnownText ? "known_text"_ns : "unknown"_ns,
        fingerprinter);
  }
}

void ContentBlockingLog::ReportFontFingerprintingLog(
    nsIPrincipal* aFirstPartyPrincipal) {
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(aFirstPartyPrincipal);

  // We don't need to report if the first party is not a content.
  if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
    return;
  }

  bool hasFontFingerprinter = false;
  for (const auto& originEntry : mLog) {
    if (!originEntry.mData) {
      continue;
    }

    for (const auto& logEntry : originEntry.mData->mLogs) {
      if (logEntry.mType !=
          nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) {
        continue;
      }

      hasFontFingerprinter = true;
    }

    if (hasFontFingerprinter) {
      break;
    }
  }

  Telemetry::Accumulate(Telemetry::FONT_FINGERPRINTING_PER_TAB,
                        hasFontFingerprinter);
}

void ContentBlockingLog::ReportEmailTrackingLog(
    nsIPrincipal* aFirstPartyPrincipal) {
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(aFirstPartyPrincipal);

  // We don't need to report if the first party is not a content.
  if (!BasePrincipal::Cast(aFirstPartyPrincipal)->IsContentPrincipal()) {
    return;
  }

  nsCOMPtr<nsIEffectiveTLDService> tldService =
      do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);

  if (!tldService) {
    return;
  }

  nsTHashtable<nsCStringHashKey> level1SiteSet;
  nsTHashtable<nsCStringHashKey> level2SiteSet;

  for (const auto& originEntry : mLog) {
    if (!originEntry.mData) {
      continue;
    }

    bool isLevel1EmailTracker = false;
    bool isLevel2EmailTracker = false;

    for (const auto& logEntry : Reversed(originEntry.mData->mLogs)) {
      // Check if the email tracking related event had been filed for the given
      // origin entry. Note that we currently only block level 1 email trackers,
      // so blocking event represents the page has embedded a level 1 tracker.
      if (logEntry.mType ==
          nsIWebProgressListener::STATE_LOADED_EMAILTRACKING_LEVEL_2_CONTENT) {
        isLevel2EmailTracker = true;
        break;
      }

      if (logEntry.mType ==
              nsIWebProgressListener::STATE_BLOCKED_EMAILTRACKING_CONTENT ||
          logEntry.mType == nsIWebProgressListener::
                                STATE_LOADED_EMAILTRACKING_LEVEL_1_CONTENT) {
        isLevel1EmailTracker = true;
        break;
      }
    }

    if (isLevel1EmailTracker || isLevel2EmailTracker) {
      nsCOMPtr<nsIURI> uri;
      nsresult rv = NS_NewURI(getter_AddRefs(uri), originEntry.mOrigin);

      if (NS_FAILED(rv)) {
        continue;
      }

      nsAutoCString baseDomain;
      rv = tldService->GetBaseDomain(uri, 0, baseDomain);

      if (NS_FAILED(rv)) {
        continue;
      }

      if (isLevel1EmailTracker) {
        Unused << level1SiteSet.EnsureInserted(baseDomain);
      } else {
        Unused << level2SiteSet.EnsureInserted(baseDomain);
      }
    }
  }

  // Cache the email webapp domains pref value and register the callback
  // function to update the cached value when the pref changes.
  if (!gEmailWebAppDomainsPref) {
    gEmailWebAppDomainsPref = new nsCString();

    Preferences::RegisterCallbackAndCall(EmailWebAppDomainPrefChangeCallback,
                                         kEmailWebAppDomainPrefName);
    RunOnShutdown([]() {
      Preferences::UnregisterCallback(EmailWebAppDomainPrefChangeCallback,
                                      kEmailWebAppDomainPrefName);
      gEmailWebAppDomainsPref = nullptr;
    });
  }

  bool isTopEmailWebApp =
      aFirstPartyPrincipal->IsURIInList(*gEmailWebAppDomainsPref);
  uint32_t level1Count = level1SiteSet.Count();
  uint32_t level2Count = level2SiteSet.Count();

  Telemetry::Accumulate(
      Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
      isTopEmailWebApp ? "base_emailapp"_ns : "base_normal"_ns, level1Count);
  Telemetry::Accumulate(
      Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
      isTopEmailWebApp ? "content_emailapp"_ns : "content_normal"_ns,
      level2Count);
  Telemetry::Accumulate(Telemetry::EMAIL_TRACKER_EMBEDDED_PER_TAB,
                        isTopEmailWebApp ? "all_emailapp"_ns : "all_normal"_ns,
                        level1Count + level2Count);
}

ContentBlockingLog::OriginEntry* ContentBlockingLog::RecordLogInternal(
    const nsACString& aOrigin, uint32_t aType, bool aBlocked,
    const Maybe<ContentBlockingNotifier::StorageAccessPermissionGrantedReason>&
        aReason,
    const nsTArray<nsCString>& aTrackingFullHashes,
    const Maybe<ContentBlockingNotifier::CanvasFingerprinter>&
        aCanvasFingerprinter,
    const Maybe<bool> aCanvasFingerprinterKnownText) {
  DebugOnly<bool> isCookiesBlockedTracker =
      aType == nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER ||
      aType == nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER;
  MOZ_ASSERT_IF(aBlocked, aReason.isNothing());
  MOZ_ASSERT_IF(!isCookiesBlockedTracker, aReason.isNothing());
  MOZ_ASSERT_IF(isCookiesBlockedTracker && !aBlocked, aReason.isSome());

  if (aOrigin.IsVoid()) {
    return nullptr;
  }
  auto index = mLog.IndexOf(aOrigin, 0, Comparator());
  if (index != OriginDataTable::NoIndex) {
    OriginEntry& entry = mLog[index];
    if (!entry.mData) {
      return nullptr;
    }

    if (RecordLogEntryInCustomField(aType, entry, aBlocked)) {
      return &entry;
    }
    if (!entry.mData->mLogs.IsEmpty()) {
      auto& last = entry.mData->mLogs.LastElement();
      if (last.mType == aType && last.mBlocked == aBlocked &&
          last.mCanvasFingerprinter == aCanvasFingerprinter &&
          last.mCanvasFingerprinterKnownText == aCanvasFingerprinterKnownText) {
        ++last.mRepeatCount;
        // Don't record recorded events.  This helps compress our log.
        // We don't care about if the the reason is the same, just keep the
        // first one.
        // Note: {aReason, aTrackingFullHashes} are not compared here and we
        // simply keep the first for the reason, and merge hashes to make sure
        // they can be correctly recorded.
        for (const auto& hash : aTrackingFullHashes) {
          if (!last.mTrackingFullHashes.Contains(hash)) {
            last.mTrackingFullHashes.AppendElement(hash);
          }
        }
        return &entry;
      }
    }
    if (entry.mData->mLogs.Length() ==
        std::max(1u, StaticPrefs::browser_contentblocking_originlog_length())) {
      // Cap the size at the maximum length adjustable by the pref
      entry.mData->mLogs.RemoveElementAt(0);
    }
    entry.mData->mLogs.AppendElement(
        LogEntry{aType, 1u, aBlocked, aReason, aTrackingFullHashes.Clone(),
                 aCanvasFingerprinter, aCanvasFingerprinterKnownText});

    // Check suspicious fingerprinting activities if the origin hasn't already
    // been marked.
    // TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
    // out of here.
    if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
         aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
        !entry.mData->mHasSuspiciousFingerprintingActivity &&
        nsRFPService::CheckSuspiciousFingerprintingActivity(
            entry.mData->mLogs)) {
      entry.mData->mHasSuspiciousFingerprintingActivity = true;
    }
    return &entry;
  }

  // The entry has not been found.
  OriginEntry* entry = mLog.AppendElement();
  if (NS_WARN_IF(!entry || !entry->mData)) {
    return nullptr;
  }

  entry->mOrigin = aOrigin;

  if (aType == nsIWebProgressListener::STATE_LOADED_LEVEL_1_TRACKING_CONTENT) {
    entry->mData->mHasLevel1TrackingContentLoaded = aBlocked;
  } else if (aType ==
             nsIWebProgressListener::STATE_LOADED_LEVEL_2_TRACKING_CONTENT) {
    entry->mData->mHasLevel2TrackingContentLoaded = aBlocked;
  } else if (aType == nsIWebProgressListener::STATE_COOKIES_LOADED) {
    MOZ_ASSERT(entry->mData->mHasCookiesLoaded.isNothing());
    entry->mData->mHasCookiesLoaded.emplace(aBlocked);
  } else if (aType == nsIWebProgressListener::STATE_COOKIES_LOADED_TRACKER) {
    MOZ_ASSERT(entry->mData->mHasTrackerCookiesLoaded.isNothing());
    entry->mData->mHasTrackerCookiesLoaded.emplace(aBlocked);
  } else if (aType ==
             nsIWebProgressListener::STATE_COOKIES_LOADED_SOCIALTRACKER) {
    MOZ_ASSERT(entry->mData->mHasSocialTrackerCookiesLoaded.isNothing());
    entry->mData->mHasSocialTrackerCookiesLoaded.emplace(aBlocked);
  } else {
    entry->mData->mLogs.AppendElement(
        LogEntry{aType, 1u, aBlocked, aReason, aTrackingFullHashes.Clone(),
                 aCanvasFingerprinter, aCanvasFingerprinterKnownText});

    // Check suspicious fingerprinting activities if the origin hasn't been
    // marked.
    // TODO(Bug 1864909): Moving the suspicious fingerprinting detection call
    // out of here.
    if ((aType == nsIWebProgressListener::STATE_ALLOWED_CANVAS_FINGERPRINTING ||
         aType == nsIWebProgressListener::STATE_ALLOWED_FONT_FINGERPRINTING) &&
        nsRFPService::CheckSuspiciousFingerprintingActivity(
            entry->mData->mLogs)) {
      entry->mData->mHasSuspiciousFingerprintingActivity = true;
    }
  }

  return entry;
}

}  // namespace mozilla