summaryrefslogtreecommitdiffstats
path: root/toolkit/components/reputationservice/nsIApplicationReputation.idl
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /toolkit/components/reputationservice/nsIApplicationReputation.idl
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/components/reputationservice/nsIApplicationReputation.idl')
-rw-r--r--toolkit/components/reputationservice/nsIApplicationReputation.idl147
1 files changed, 147 insertions, 0 deletions
diff --git a/toolkit/components/reputationservice/nsIApplicationReputation.idl b/toolkit/components/reputationservice/nsIApplicationReputation.idl
new file mode 100644
index 0000000000..ea7f92038e
--- /dev/null
+++ b/toolkit/components/reputationservice/nsIApplicationReputation.idl
@@ -0,0 +1,147 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIApplicationReputationCallback;
+interface nsIApplicationReputationQuery;
+interface nsIArray;
+interface nsIURI;
+interface nsIReferrerInfo;
+
+/*
+ * A service for asynchronously querying an application reputation service
+ * based on metadata of the downloaded file.
+ */
+[scriptable, uuid(c9f03479-fd68-4393-acb2-c88d4f563174)]
+interface nsIApplicationReputationService : nsISupports {
+ /**
+ * Indicates the reason for the application reputation block.
+ */
+ const unsigned long VERDICT_SAFE = 0;
+ const unsigned long VERDICT_DANGEROUS = 1;
+ const unsigned long VERDICT_UNCOMMON = 2;
+ const unsigned long VERDICT_POTENTIALLY_UNWANTED = 3;
+ const unsigned long VERDICT_DANGEROUS_HOST = 4;
+
+ /**
+ * Start querying the application reputation service.
+ *
+ * @param aQuery
+ * The nsIApplicationReputationQuery containing metadata of the
+ * downloaded file.
+ *
+ * @param aCallback
+ * The callback for receiving the results of the query.
+ *
+ * @remarks aCallback may not be null. onComplete is guaranteed to be called
+ * on aCallback. This function may not be called more than once with
+ * the same query object. If any of the attributes of aQuery have
+ * not been set or have been set with empty data (with the exception
+ * of sourceURI), then a valid request can still be constructed and
+ * will solicit a valid response, but won't produce any useful
+ * information.
+ */
+ void queryReputation(in nsIApplicationReputationQuery aQuery,
+ in nsIApplicationReputationCallback aCallback);
+
+ /**
+ * Check if a file with this name should be treated as a binary executable,
+ * and is therefore subject to application reputation checks.
+ * Will return true if the filename's extension is either:
+ * - in kBinaryFileExtensions in ApplicationReputation.cpp
+ * - in sExecutableExts in nsLocalFileCommon.h *and* not in
+ * kNonBinaryExecutables in ApplicationReputation.cpp
+ *
+ * @param aFilename
+ * The filename to check.
+ */
+ bool isBinary(in AUTF8String aFilename);
+
+ /**
+ * Check if a file with this name should be treated as an executable,
+ * and should not be opened without caution.
+ * Will return true if the filename's extension is in sExecutableExts
+ * in nsLocalFileCommon.h.
+ *
+ * @param aFilename
+ * The filename to check.
+ */
+ bool isExecutable(in AUTF8String aFilename);
+};
+
+/**
+ * A single-use, write-once interface for recording the metadata of the
+ * downloaded file. nsIApplicationReputationService.Start() may only be called
+ * once with a single query.
+ */
+[scriptable, uuid(812d7509-a9a3-446e-a66f-3ed8cc91ebd0)]
+interface nsIApplicationReputationQuery : nsISupports {
+ /*
+ * The nsIURI from which the file was downloaded. This may not be null.
+ */
+ readonly attribute nsIURI sourceURI;
+
+ /*
+ * The reference, if any.
+ */
+ readonly attribute nsIReferrerInfo referrerInfo;
+
+ /*
+ * The target filename for the downloaded file, as inferred from the source
+ * URI or provided by the Content-Disposition attachment file name. If this
+ * is not set by the caller, it will be passed as an empty string but the
+ * query won't produce any useful information.
+ */
+ readonly attribute AUTF8String suggestedFileName;
+
+ /*
+ * The size of the downloaded file in bytes.
+ */
+ readonly attribute unsigned long fileSize;
+
+ /*
+ * The SHA256 hash of the downloaded file in raw bytes. If this is not set by
+ * the caller, it will be passed as an empty string but the query won't
+ * produce any useful information.
+ */
+ readonly attribute ACString sha256Hash;
+
+ /*
+ * The Array of Array of Array of bytes that verify for this
+ * binary, if it is signed.
+ */
+ readonly attribute Array<Array<Array<uint8_t> > > signatureInfo;
+
+ /*
+ * The nsIArray of nsIPrincipal of redirects that lead to this download. The
+ * most recent redirect is the last element.
+ */
+ readonly attribute nsIArray redirects;
+};
+
+[scriptable, function, uuid(9a228470-cfe5-11e2-8b8b-0800200c9a66)]
+interface nsIApplicationReputationCallback : nsISupports {
+ /**
+ * Callback for the result of the application reputation query.
+ * @param aStatus
+ * NS_OK if and only if the query succeeded. If it did, then
+ * shouldBlock is meaningful (otherwise it defaults to false). This
+ * may be NS_ERROR_FAILURE if the response cannot be parsed, or
+ * NS_ERROR_NOT_AVAILABLE if the service has been disabled or is not
+ * reachable.
+ * @param aShouldBlock
+ * Whether or not the download should be blocked.
+ * @param aVerdict
+ * Indicates the result of the lookup that determines whether the
+ * download should be blocked, according to the "VERDICT_" constants.
+ * This may be set to a value different than "VERDICT_SAFE" even if
+ * aShouldBlock is false, so you should always check aShouldBlock.
+ */
+ void onComplete(in bool aShouldBlock,
+ in nsresult aStatus,
+ in unsigned long aVerdict);
+};