digihash
diff --git a/‎src/Changelog‎
Lines changed: 24 additions & 0 deletions b/‎src/Changelog‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎src/chrome/content/code/HTTPSRules.js‎
Lines changed: 63 additions & 161 deletions b/‎src/chrome/content/code/HTTPSRules.js‎
Lines changed: 63 additions & 161 deletions
@@ -1,3 +1,27 @@
+4.0development.15                           (2014-02-??)
+ * Replace the single XML ruleset library with an sqlite database of rulesets
+   that are loaded on demand
+   - reduces startup time by a factor of 10-20:
+      https://trac.torproject.org/projects/tor/ticket/10174
+   - reduces RAM usage https://trac.torproject.org/projects/tor/ticket/4804
+   - Is scalable: https://trac.torproject.org/projects/tor/ticket/6118
+   Further analysis in this thread:
+   https://lists.eff.org/pipermail/https-everywhere/2014-January/001919.html
+ * Implement a cleanup case to recover from some Observatory UI code bugs that
+   would leave the Observatory off incorrectly.
+   https://trac.torproject.org/projects/tor/ticket/10728
+ * Fix observatory - private browsing mode interaction
+   https://trac.torproject.org/projects/tor/ticket/10208
+ * Ship 848 new rulesets
+ * Update cert whitelist
+
+3.5android.0                                (2014-01-31)
+ * First Firefox for Android release! :D
+ * Major UI changes for mobile compatibility
+ * Android channel update URL set to
+   https://www.eff.org/files/https-everywhere-android-update-2048.rdf
+ * Updated rulesets: Freenode, Imgur
+
 3.4.5                                       (2014-01-03)
  * Updated license
  * Updated README.md
 
@@ -19,19 +19,16 @@ function CookieRule(host, cookiename) {
   //this.name_c = new RegExp(cookiename);
 }
 
-ruleset_counter = 0;
-function RuleSet(name, xmlName, match_rule, default_off, platform) {
+function RuleSet(id, name, xmlName, match_rule, default_off, platform) {
   if(xmlName == "WordPress.xml" || xmlName == "Github.xml") {
     this.log(NOTE, "RuleSet( name="+name+", xmlName="+xmlName+", match_rule="+match_rule+", default_off="+default_off+", platform="+platform+" )");
   }
 
-  this.id="httpseR" + ruleset_counter;
-  ruleset_counter += 1;
+  this.id=id;
   this.on_by_default = true;
   this.compiled = false;
   this.name = name;
   this.xmlName = xmlName;
-  //this.ruleset_match = match_rule;
   this.notes = "";
   if (match_rule)   this.ruleset_match_c = new RegExp(match_rule);
   else              this.ruleset_match_c = null;
@@ -51,7 +48,7 @@ function RuleSet(name, xmlName, match_rule, default_off, platform) {
   this.rules = [];
   this.exclusions = [];
   this.cookierules = [];
-  
+
   this.rule_toggle_prefs = HTTPSEverywhere.instance.rule_toggle_prefs;
 
   try {
@@ -244,130 +241,37 @@ const RuleWriter = {
     return rv;
   },
 
-  getRuleDir: function() {
-    var loc = "chrome://https-everywhere/content/rules/";
-
-    var file =
-      CC["@mozilla.org/file/local;1"]
-      .createInstance(CI.nsILocalFile);  
-    file.initWithPath(this.chromeToPath(loc));
-
-    if (!file.isDirectory()) {
-      // XXX: Arg, death!
-      this.log(WARN,"Catastrophic failure: extension directory is not a directory");
-    }
-    return file;
-  },
-
-  read: function(file, rule_store) {
-    if (!file.exists())
-      return null;
-    if ((rule_store.targets == null) && (rule_store.targets != {}))
-      this.log(WARN, "TARGETS IS NULL");
-    var data = "";
-    var fstream = CC["@mozilla.org/network/file-input-stream;1"]
-        .createInstance(CI.nsIFileInputStream);
-    var sstream = CC["@mozilla.org/scriptableinputstream;1"]
-        .createInstance(CI.nsIScriptableInputStream);
-    fstream.init(file, -1, 0, 0);
-    sstream.init(fstream);
-
-    var str = sstream.read(4096);
-    while (str.length > 0) {
-      data += str;
-      str = sstream.read(4096);
-    }
-
-    sstream.close();
-    fstream.close();
-    return this.readFromString(data, rule_store, file);
-  },
-
-  readFromString: function(data, rule_store, file) {
-    if (typeof file === 'undefined') file = {path: 'fromString'};
-
-    // XXX: With DOMParser, we probably do not need to throw away the XML
-    // declaration anymore nowadays.
-    data = data.replace(/<\?xml[^>]*\?>/, ""); 
+  readFromString: function(data, rule_store, ruleset_id) {
     try {
-      var xmlrulesets = dom_parser.parseFromString(data, "text/xml");
+      var xmlruleset = dom_parser.parseFromString(data, "text/xml");
     } catch(e) { // file has been corrupted; XXX: handle error differently
-      this.log(WARN,"Error in XML file: " + file.path + "\n" + e);
+      this.log(WARN,"Error in XML data: " + e + "\n" + data);
       return null;
     }
-    this.parseXmlRulesets(xmlrulesets, rule_store, file);
+    this.parseOneRuleset(xmlruleset.documentElement, rule_store, ruleset_id);
   },
 
-  parseXmlRulesets: function(xmldom, rule_store, file) {
-    // XML input files can either be a <ruleset> in a file, or a
-    // <rulesetlibrary> with many <rulesets> inside it (the latter form exists
-    // because ZIP does a much better job of compressing it).
-    if (xmldom.documentElement.nodeName == "ruleset") {
-      // This is a single ruleset.
-      this.parseOneRuleset(xmldom.documentElement, rule_store, file);
-    } else {
-      // The root of the XML tree is assumed to look like a <rulesetlibrary>
-      if (!xmldom.documentElement.getAttribute("gitcommitid")) {
-        // The gitcommitid is a tricky hack to let us display the true full
-        // source code of a ruleset, even though we strip out comments at build
-        // time, by having the UI fetch the ruleset from the public https git repo.
-        this.log(DBUG, "gitcommitid tag not found in <xmlruleset>");
-        rule_store.GITCommitID = "HEAD";
-      } else {
-        rule_store.GITCommitID = xmldom.documentElement.getAttribute("gitcommitid");
-      }
-
-      var rulesets = xmldom.documentElement.getElementsByTagName("ruleset");
-      if (rulesets.length == 0 && (file.path.search("00README") == -1))
-        this.log(WARN, "Probable <rulesetlibrary> with no <rulesets> in "
-                        + file.path + "\n" +  xmldom);
-      for (var j = 0; j < rulesets.length; j++)
-        this.parseOneRuleset(rulesets[j], rule_store, file);
-    }
-  },
-
-  parseOneRuleset: function(xmlruleset, rule_store, file) {
+  parseOneRuleset: function(xmlruleset, rule_store, ruleset_id) {
     // Extract an xmlruleset into the rulestore
     if (!xmlruleset.getAttribute("name")) {
       this.log(WARN, "This blob: '" + xmlruleset + "' is not a ruleset\n");
       return null;
     }
 
-    this.log(DBUG, "Parsing " + xmlruleset.getAttribute("name") + " from " + file.path);
+    this.log(DBUG, "Parsing " + xmlruleset.getAttribute("name"));
 
     var match_rl = xmlruleset.getAttribute("match_rule");
     var dflt_off = xmlruleset.getAttribute("default_off");
     var platform = xmlruleset.getAttribute("platform");
-    var rs = new RuleSet(xmlruleset.getAttribute("name"), xmlruleset.getAttribute("f"), match_rl, dflt_off, platform);
-
-    var targets = xmlruleset.getElementsByTagName("target");
-    if (targets.length == 0) {
-      var msg = "Error: As of v0.3.0, XML rulesets require a target domain entry,";
-      msg = msg + "\nbut " + file.path + " is missing one.";
-      this.log(WARN, msg);
-      return null;
-    }
+    var rs = new RuleSet(ruleset_id, xmlruleset.getAttribute("name"), xmlruleset.getAttribute("f"), match_rl, dflt_off, platform);
 
     // see if this ruleset has the same name as an existing ruleset;
     // if so, this ruleset is ignored; DON'T add or return it.
     if (rs.name in rule_store.rulesetsByName) {
-      this.log(WARN, "Error: found duplicate rule name " + rs.name + " in file " + file.path);
+      this.log(WARN, "Error: found duplicate rule name " + rs.name);
       return null;
     }
 
-    // add this ruleset into HTTPSRules.targets with all of the applicable
-    // target host indexes
-    for (var i = 0; i < targets.length; i++) {
-      var host = targets[i].getAttribute("host");
-      if (!host) {
-        this.log(WARN, "<target> missing host in " + file.path);
-        return null;
-      }
-      if (! rule_store.targets[host])
-        rule_store.targets[host] = [];
-      rule_store.targets[host].push(rs);
-    }
-
     var exclusions = xmlruleset.getElementsByTagName("exclusion");
     for (var i = 0; i < exclusions.length; i++) {
       var exclusion = new Exclusion(exclusions[i].getAttribute("pattern"));
@@ -414,8 +318,8 @@ const HTTPSRules = {
   init: function() {
     try {
       this.rulesets = [];
-      this.targets = {};  // dict mapping target host patterns -> lists of
-                          // applicable rules
+      this.targets = {};  // dict mapping target host pattern -> list of
+                          // applicable ruleset ids
       this.rulesetsByID = {};
       this.rulesetsByName = {};
       var t1 = new Date().getTime();
@@ -428,30 +332,40 @@ const HTTPSRules = {
       this.queryForRuleset = rulesetDBConn.createStatement(
         "select contents from rulesets where id = :id");
 
-      // Preload the list of which targets are available in the DB.
+      // Preload the mapping of hostname target -> ruleset ID from DB.
       // This is a little slow (287 ms on a Core2 Duo @ 2.2GHz with SSD),
       // but is faster than loading all of the rulesets. If this becomes a
       // bottleneck, change it to load in a background webworker, or load
       // a smaller bloom filter instead.
-      this.targetsAvailable = {};
       var targetsQuery = rulesetDBConn.createStatement("select host, ruleset_id from targets");
-      this.log(DBUG, "Adding targets...");
+      this.log(DBUG, "Loading targets...");
       while (targetsQuery.executeStep()) {
         var host = targetsQuery.row.host;
-        this.targetsAvailable[host] = targetsQuery.row.ruleset_id;
+        var id = targetsQuery.row.ruleset_id;
+        if (!this.targets[host]) {
+          this.targets[host] = [id];
+        } else {
+          this.targets[host].push(id);
+        }
       }
-      this.log(DBUG, "Done adding targets.");
+      this.log(DBUG, "Loading adding targets.");
     } catch(e) {
       this.log(DBUG,"Rules Failed: "+e);
     }
     var t2 =  new Date().getTime();
-    this.log(NOTE,"Loading rulesets took " + (t2 - t1) / 1000.0 + " seconds");
+    this.log(NOTE,"Loading targets took " + (t2 - t1) / 1000.0 + " seconds");
+
+    var gitCommitQuery = rulesetDBConn.createStatement("select git_commit from git_commit");
+    if (gitCommitQuery.executeStep()) {
+      this.GITCommitID = gitCommitQuery.row.git_commit;
+    }
+
     try {
       if (HTTPSEverywhere.instance.prefs.getBoolPref("performance_tests")) {
         this.testRulesetRetrievalPerformance();
       }
     } catch(e) {
-      this.log(WARN, "Explosion during testing " + e);
+      this.log(WARN, "Exception during testing " + e);
     }
     return;
   },
@@ -480,21 +394,6 @@ const HTTPSRules = {
     }
   },
 
-  scanRulefiles: function(rulefiles) {
-    var i = 0;
-    var r = null;
-    for(i = 0; i < rulefiles.length; ++i) {
-      try {
-        this.log(DBUG,"Loading ruleset file: "+rulefiles[i].path);
-        RuleWriter.read(rulefiles[i], this);
-      } catch(e) {
-        this.log(WARN, "Error in ruleset file: " + e);
-        if (e.lineNumber)
-          this.log(WARN, "(line number: " + e.lineNumber + ")");
-      }
-    }
-  },
-
   resetRulesetsToDefaults: function() {
     // Callable from within the prefs UI and also for cleaning up buggy
     // configurations...
@@ -503,8 +402,6 @@ const HTTPSRules = {
     }
   },
 
-  httpMatch: /^http/i,
-
   rewrittenURI: function(alist, input_uri) {
     // This function oversees the task of working out if a uri should be
     // rewritten, what it should be rewritten to, and recordkeeping of which
@@ -525,7 +422,7 @@ const HTTPSRules = {
     try {
       var rs = this.potentiallyApplicableRulesets(uri.host);
     } catch(e) {
-      this.log(WARN, 'Could not check applicable rules for '+uri.spec + '\n'+e);
+      this.log(NOTE, 'Could not check applicable rules for '+uri.spec + '\n'+e);
       return null;
     }
 
@@ -609,24 +506,46 @@ const HTTPSRules = {
         intoList.push(fromList[i]);
   },
 
-  // Try to find a ruleset in the SQLite database for a given target (e.g.
-  // '*.openssl.org')
+  // Load a ruleset by numeric id, e.g. 234
   // NOTE: This call runs synchronously, which can lock up the browser UI. Is
   // there any way to fix that, given that we need to run blocking in the request
   // flow? Perhaps we can preload all targets from the DB into memory at startup
   // so we only hit the DB when we know there is something to be had.
-  queryTarget: function(target) {
-    this.log(DBUG, "Querying DB for " + target);
-    var output = [];
-
-    this.queryForRuleset.params.id = this.targetsAvailable[target];
+  loadRulesetById: function(ruleset_id) {
+    this.log(DBUG, "Querying DB for ruleset id " + ruleset_id);
+    this.queryForRuleset.params.id = ruleset_id;
 
     try {
-      while (this.queryForRuleset.executeStep())
-        output.push(this.queryForRuleset.row.contents);
+      if (this.queryForRuleset.executeStep()) {
+        this.log(INFO, "Found ruleset in DB for id " + ruleset_id);
+        RuleWriter.readFromString(this.queryForRuleset.row.contents, this, ruleset_id);
+      } else {
+        this.log(WARN,"Couldn't find ruleset for id " + ruleset_id);
+      }
     } finally {
       this.queryForRuleset.reset();
     }
+  },
+
+  // Get all rulesets matching a given target, lazy-loading from DB as necessary.
+  rulesetsByTarget: function(target) {
+    var rulesetIds = this.targets[target];
+
+    var output = [];
+    if (rulesetIds) {
+      this.log(INFO, "For target " + target + ", found ids " + rulesetIds.toString());
+      for (var i = 0; i < rulesetIds.length; i++) {
+        var id = rulesetIds[i];
+        if (!this.rulesetsByID[id]) {
+          this.loadRulesetById(id);
+        }
+        if (this.rulesetsByID[id]) {
+          output.push(this.rulesetsByID[id]);
+        }
+      }
+    } else {
+      this.log(INFO, "For target " + target + ", found no ids in DB");
+    }
     return output;
   },
 
@@ -636,24 +555,7 @@ const HTTPSRules = {
     var results = [];
 
     var attempt = function(target) {
-      // First try the in-memory rulesets
-      if (this.targets[target] &&
-          this.targets[target].length > 0) {
-        this.setInsert(results, this.targets[target]);
-      } else if (this.targetsAvailable[target]) {
-        // If not found there, check the DB and load the ruleset as appropriate
-        var rulesets = this.queryTarget(target);
-        if (rulesets.length > 0) {
-          for (var i = 0; i < rulesets.length; i++) {
-            var ruleset = rulesets[i];
-            this.log(INFO, "Found ruleset in DB for " + host + ": " + ruleset);
-            RuleWriter.readFromString(ruleset, this);
-            this.setInsert(results, this.targets[target]);
-          }
-        } else {
-          this.nonTargets[target] = 1;
-        }
-      }
+      this.setInsert(results, this.rulesetsByTarget(target));
     }.bind(this);
 
     attempt(host);