AbuseReporter.sys.mjs

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs";

import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";

// Maximum length of the string properties sent to the API endpoint.

const MAX_STRING_LENGTH = 255;

const AMO_SUPPORTED_ADDON_TYPES = [

  "extension",

  "theme",

  "sitepermission",

  "dictionary",

];

const PREF_ADDON_ABUSE_REPORT_URL = "extensions.addonAbuseReport.url";

const lazy = {};

ChromeUtils.defineESModuleGetters(lazy, {

  AddonManager: "resource://gre/modules/AddonManager.sys.mjs",

  ClientID: "resource://gre/modules/ClientID.sys.mjs",

});

XPCOMUtils.defineLazyPreferenceGetter(

  lazy,

  "ADDON_ABUSE_REPORT_URL",

  PREF_ADDON_ABUSE_REPORT_URL

);

const ERROR_TYPES = Object.freeze([

  "ERROR_CLIENT",

  "ERROR_NETWORK",

  "ERROR_SERVER",

  "ERROR_UNKNOWN",

]);

export class AbuseReportError extends Error {

  constructor(errorType, errorInfo = undefined) {

    if (!ERROR_TYPES.includes(errorType)) {

      throw new Error(`Unexpected AbuseReportError type "${errorType}"`);

    let message = errorInfo ? `${errorType} - ${errorInfo}` : errorType;

    super(message);

    this.name = "AbuseReportError";

    this.errorType = errorType;

    this.errorInfo = errorInfo;

/**

 * Create an error info string from a fetch response object.

 * @param {Response} response

 *        A fetch response object to convert into an errorInfo string.

 * @returns {Promise<string>}

 *          The errorInfo string to be included in an AbuseReportError.

*/

async function responseToErrorInfo(response) {

  return JSON.stringify({

    status: response.status,

    responseText: await response.text().catch(() => ""),

});

/**

 * A singleton used to manage abuse reports for add-ons.

*/

export const AbuseReporter = {

  getAMOFormURL({ addonId }) {

    return Services.urlFormatter

      .formatURLPref("extensions.abuseReport.amoFormURL")

      .replace(/%addonID%/g, addonId);

},

  isSupportedAddonType(addonType) {

    return AMO_SUPPORTED_ADDON_TYPES.includes(addonType);

},

/**

   * Send an add-on abuse report using the AMO API. The data passed to this

   * method might be augmented with report data known by Firefox.

   * @param {string} addonId

   * @param {{[key: string]: string|null}} data

   *        Abuse report data to be submitting to the AMO API along with the

   *        additional abuse report data known by Firefox.

   * @param {object} [options]

   * @param {string} [options.authorization]

   *        An optional value of an Authorization HTTP header to be set on the

   *        submission request.

   * @returns {Promise<object>} Return a promise that resolves to the JSON AMO

   *          API response (or an error when something went wrong).

*/

  async sendAbuseReport(addonId, data, options = {}) {

    const rejectReportError = async (errorType, { response } = {}) => {

      // Leave errorInfo empty if there is no response or fails to be converted

      // into an error info object.

      const errorInfo = response

        ? await responseToErrorInfo(response).catch(() => undefined)

        : undefined;

      throw new AbuseReportError(errorType, errorInfo);

};

    let abuseReport = { addon: addonId, ...data };

    // If the add-on is installed, augment the data with internal report data.

    const addon = await lazy.AddonManager.getAddonByID(addonId);

    if (addon) {

      const metadata = await AbuseReporter.getReportData(addon);

      abuseReport = { ...abuseReport, ...metadata };

    const headers = { "Content-Type": "application/json" };

    if (options?.authorization?.length) {

      headers.authorization = options.authorization;

    let response;

    try {

      response = await fetch(lazy.ADDON_ABUSE_REPORT_URL, {

        method: "POST",

        credentials: "omit",

        referrerPolicy: "no-referrer",

        headers,

        body: JSON.stringify(abuseReport),

});

    } catch (err) {

      Cu.reportError(err);

      return rejectReportError("ERROR_NETWORK");

    if (response.ok && response.status >= 200 && response.status < 400) {

      return response.json();

    if (response.status >= 400 && response.status < 500) {

      return rejectReportError("ERROR_CLIENT", { response });

    if (response.status >= 500 && response.status < 600) {

      return rejectReportError("ERROR_SERVER", { response });

    return rejectReportError("ERROR_UNKNOWN", { response });

},

/**

   * Helper function that retrieves from an addon object all the data to send

   * as part of the submission request, besides the `reason`, `message` which are

   * going to be received from the submit method of the report object returned

   * by `createAbuseReport`.

   * (See https://addons-server.readthedocs.io/en/latest/topics/api/abuse.html)

   * @param {AddonWrapper} addon

   *        The addon object to collect the detail from.

   * @return {object}

   *         An object that contains the collected details.

*/

  async getReportData(addon) {

    const truncateString = text =>

      typeof text == "string" ? text.slice(0, MAX_STRING_LENGTH) : text;

    // Normalize addon_install_source and addon_install_method values

    // as expected by the server API endpoint. Returns null if the

    // value is not a string.

    const normalizeValue = text =>

      typeof text == "string"

        ? text.toLowerCase().replace(/[- :]/g, "_")

        : null;

    const installInfo = addon.installTelemetryInfo || {};

    const data = {

      addon: addon.id,

      addon_version: addon.version,

      addon_name: truncateString(addon.name),

      addon_summary: truncateString(addon.description),

      addon_install_origin:

        addon.sourceURI && truncateString(addon.sourceURI.spec),

      install_date: addon.installDate && addon.installDate.toISOString(),

      addon_install_source: normalizeValue(installInfo.source),

      addon_install_source_url:

        installInfo.sourceURL && truncateString(installInfo.sourceURL),

      addon_install_method: normalizeValue(installInfo.method),

};

    switch (addon.signedState) {

      case lazy.AddonManager.SIGNEDSTATE_BROKEN:

        data.addon_signature = "broken";

        break;

      case lazy.AddonManager.SIGNEDSTATE_UNKNOWN:

        data.addon_signature = "unknown";

        break;

      case lazy.AddonManager.SIGNEDSTATE_MISSING:

        data.addon_signature = "missing";

        break;

      case lazy.AddonManager.SIGNEDSTATE_PRELIMINARY:

        data.addon_signature = "preliminary";

        break;

      case lazy.AddonManager.SIGNEDSTATE_SIGNED:

        data.addon_signature = "signed";

        break;

      case lazy.AddonManager.SIGNEDSTATE_SYSTEM:

        data.addon_signature = "system";

        break;

      case lazy.AddonManager.SIGNEDSTATE_PRIVILEGED:

        data.addon_signature = "privileged";

        break;

      case lazy.AddonManager.SIGNEDSTATE_NOT_REQUIRED:

        data.addon_signature = "not_required";

        break;

      default:

        data.addon_signature = `unknown: ${addon.signedState}`;

    // Set "curated" as addon_signature on recommended addons

    // (addon.isRecommended internally checks that the addon is also

    // signed correctly).

    if (addon.isRecommended) {

      data.addon_signature = "curated";

    data.client_id = await lazy.ClientID.getClientIdHash();

    data.app = AppConstants.platform === "android" ? "android" : "firefox";

    data.appversion = Services.appinfo.version;

    data.lang = Services.locale.appLocaleAsBCP47;

    data.operating_system = AppConstants.platform;

    data.operating_system_version = Services.sysinfo.getProperty("version");

    return data;

},

};