Skip to content

Instantly share code, notes, and snippets.

Avatar
🚸
currently working part-time

Frederik Braun mozfreddyb

🚸
currently working part-time
View GitHub Profile
@mozfreddyb
mozfreddyb / csmlogparser.py
Last active Jan 27, 2021
parse entries from MOZ_LOG CSMLog entries
View csmlogparser.py
#!/usr/bin/env python3
import yaml
import sys
from functools import reduce
def lines_into_blocks():
consume_into_block = False
block = []
@mozfreddyb
mozfreddyb / principals-reference.md
Last active Aug 3, 2020
reference sheet for principals in mozilla code
View principals-reference.md

Reference Sheet for Principals in Mozilla Code

Note: This is the "reference sheet" version. The details and the big picture are covered in Understanding Web Security Checks in Firefox (Part 1).

Principals as a level of privilege

A security context is always using one of these four kinds of Principals:

  • ContentPrincipal: This principal is used for typical web pages and can be serialized to an origin URL, e.g., https://example.com/
  • NullPrincipal: Some pages are never same-origin with anything else. E.g., <iframes sandbox> or documents loaded with a data: URI. The standard calls this an opaque origin.
  • SystemPrincipal: The SystemPrincipal is used for the browser's user interface, commonly referred to as "browser chrome". Pages like about:preferences use the SystemPrincipal.
@mozfreddyb
mozfreddyb / foo.js
Last active Feb 22, 2021
turn searchfox results object into audit spreadsheet
View foo.js
/* This script can be run on a searchfox.org results page as it is.
* the results.normal from line 9 is already in global scope and can be iterated as it is
* Note that this "results.normal" does /not/ include occurences in tests or generated code.
* Use other properties of the "results" object instead, if you need these.
*/
// objkey is something like "Uses (searchterm)"
objkey = Object.keys(results.normal)[0];
occs = results.normal[objkey];
t = [];
@mozfreddyb
mozfreddyb / vimdiff.md
Last active Feb 5, 2020 — forked from mattratleph/vimdiff.md
vimdiff cheat sheet
View vimdiff.md

vimdiff cheat sheet

git mergetool

In the middle file (future merged file), you can navigate between conflicts with ]c and [c.

Choose which version you want to keep with :diffget //2 or :diffget //3 (the //2 and //3 are unique identifiers for the target/master copy and the merge/branch copy file names).

:diffupdate (to remove leftover spacing issues)
:only (once you’re done reviewing all conflicts, this shows only the middle/merged file)
View weekly_release.py
#!/usr/local/bin/python3
import requests
import json
from twilio.rest import Client
HEADERS = {'Accept': 'application/vnd.github.inertia-preview+json'}
GH_TOKEN = "XXX" # Your auth token from https://github.com/settings/tokens
TW_SID = "XXX" # Your Account SID from twilio.com/console
TW_TOKEN = "XXX" # Your Auth Token from twilio.com/console
@mozfreddyb
mozfreddyb / log.txt
Created Dec 10, 2018
content security data for top level load of about:addons (plus some extra in between
View log.txt
[Parent 10611: Main Thread]: D/CSMLog doContentSecurityCheck {
[Parent 10611: Main Thread]: D/CSMLog channelURI: about:addons
[Parent 10611: Main Thread]: D/CSMLog loadingPrincipal: nullptr
[Parent 10611: Main Thread]: D/CSMLog triggeringPrincipal: SystemPrincipal
[Parent 10611: Main Thread]: D/CSMLog principalToInherit: NullPrincipal
[Parent 10611: Main Thread]: D/CSMLog RedirectChain:
[Parent 10611: Main Thread]: D/CSMLog internalContentPolicyType: 6
[Parent 10611: Main Thread]: D/CSMLog externalContentPolicyType: 6
[Parent 10611: Main Thread]: D/CSMLog upgradeInsecureRequests: false
@mozfreddyb
mozfreddyb / log.txt
Created Dec 10, 2018
content security data for a top level about:blank load
View log.txt
[Child 10890: Main Thread]: D/CSMLog doContentSecurityCheck {
[Child 10890: Main Thread]: D/CSMLog channelURI: about:blank
[Child 10890: Main Thread]: D/CSMLog loadingPrincipal: nullptr
[Child 10890: Main Thread]: D/CSMLog triggeringPrincipal: SystemPrincipal
[Child 10890: Main Thread]: D/CSMLog principalToInherit: NullPrincipal
[Child 10890: Main Thread]: D/CSMLog RedirectChain:
[Child 10890: Main Thread]: D/CSMLog internalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog externalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog upgradeInsecureRequests: false
[Child 10890: Main Thread]: D/CSMLog initalSecurityChecksDone: false
@mozfreddyb
mozfreddyb / log.txt
Created Dec 10, 2018
content security data for a top level URL load
View log.txt
[Child 10890: Main Thread]: D/CSMLog doContentSecurityCheck {
[Child 10890: Main Thread]: D/CSMLog channelURI: http://example.com/
[Child 10890: Main Thread]: D/CSMLog HTTP Method: GET
[Child 10890: Main Thread]: D/CSMLog loadingPrincipal: nullptr
[Child 10890: Main Thread]: D/CSMLog triggeringPrincipal: SystemPrincipal
[Child 10890: Main Thread]: D/CSMLog principalToInherit: NullPrincipal
[Child 10890: Main Thread]: D/CSMLog RedirectChain:
[Child 10890: Main Thread]: D/CSMLog internalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog externalContentPolicyType: 6
[Child 10890: Main Thread]: D/CSMLog upgradeInsecureRequests: false
View export-passwords.js
// for use within chrome://passwordmgr/content/passwordManager.xul
// this is the title of the CSV data
var csv = `"hostname", "username", "password"`;
// the signons variable already exists when the document is loaded.
// looping through all entries, called e.
for (var e of signons) {
// JSON.stringify properly adds quotes, regardless of what characters the entries.
// so for every entry, take e.hostname, e.username, e.passwowrd and turn them into a quoted string
@mozfreddyb
mozfreddyb / add-ca-cert.js
Created Jul 10, 2017
privileged JS for Firefox to add a certificate as a trusted CA
View add-ca-cert.js
if (typeof Cc == "undefined") { Cc = Components.classes; }
if (typeof Cu == "undefined") { Cu = Components.utils; }
if (typeof Ci == "undefined") { Ci = Components.interfaces; }
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509Cert = Ci.nsIX509Cert;
const nsIX509CertDB = Ci.nsIX509CertDB;
const certdb = Cc[nsX509CertDB].getService(nsIX509CertDB);
let certstring = `-----BEGIN CERTIFICATE-----