Using a default profile with --keep-profile-changes will break Firefox

[kumar303]

Is this a feature request or a bug?

bug

What is the current behavior?

Consider a command like this (DO NOT run this):

web-ext run --firefox-profile=default --keep-profile-changes

What is the expected or desired behavior?

Here's what web-ext will do to your default profile:

• It will disable automatic updates to Firefox
• It will disable updates to all add-ons
• It will disable the prompt for accepting a remote debugging connection -- this means anyone can silently connect a remote debugger to your Firefox
• It will disable signature checks for add-ons (but only in pre-release builds of Firefox)
• It will allow side loading add-ons which is how a lot of crapware installers inject their add-ons without user consent

This really shouldn't be possible at all. It should raise an error. We could possibly allow it with an option like --allow-web-ext-to-completely-break-my-profile because it's possible that someone may not care about trashing their default profile? I don't know, I'm leaning to not allowing this at all.

Version information (for bug reports)

• Firefox version: N/A
• Your OS and version: N/A
• Paste the output of these commands:

node --version && npm --version && web-ext --version
v6.10.3
3.10.10
master-7b390e45f3a998a57238ddb9f163da4a61dfb08a

[kumar303]

The fix that landed was to completely disallow any default profile with the --keep-profile-changes option. You will see an error.

[autonome]

@kumar303 what determines the "default" profile? i've created a new profile and am seeing this message.

eg:

1. create new profile in Nightly named "foo"
2. open it, everything looks fine
3. web-ext run -p foo --keep-profile-changes

[autonome]

This might be a side effect of #1309, or at least related.

[kumar303]

Hi Dietrich. I’m on full time baby duty (parental leave) until June but @rpl can probably help out. Did you try with a full path to the foo profile directory? There are some bugs with named aliases.

…

On Sun, Apr 22, 2018 at 10:04 PM Dietrich Ayala ***@***.***> wrote: This might be a side effect of #1309 <#1309>, or at least related. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1005 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADYZjPuueg5VxygihviIQEDj12mtZJHks5trUTJgaJpZM4OYfJz> .

[autonome]

Congratulations :D The named alias is the buggy part. The file path works fine still. On Tue, Apr 24, 2018 at 11:02 AM Kumar McMillan <notifications@github.com> wrote:

…

Hi Dietrich. I’m on full time baby duty (parental leave) until June but @rpl can probably help out. Did you try with a full path to the foo profile directory? There are some bugs with named aliases. On Sun, Apr 22, 2018 at 10:04 PM Dietrich Ayala ***@***.***> wrote: > This might be a side effect of #1309 > <#1309>, or at least related. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#1005 (comment)>, > or mute the thread > < https://github.com/notifications/unsubscribe-auth/AADYZjPuueg5VxygihviIQEDj12mtZJHks5trUTJgaJpZM4OYfJz > > . > — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1005 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADDtx16__TuG_eMMAwCy3jlpbC9jld4ks5trz5vgaJpZM4OYfJz> .

[rpl]

@autonome The available profiles names are discovered using the firefox-profile dependency (https://github.com/saadtazi/firefox-profile-js), which looks into the profiles.ini file from the user directory:

https://github.com/saadtazi/firefox-profile-js/blob/46aca6c72fc889dfdd7114e1aa796797a3b9cabb/lib/profile_finder.js#L11-L25

and

https://github.com/saadtazi/firefox-profile-js/blob/46aca6c72fc889dfdd7114e1aa796797a3b9cabb/lib/profile_finder.js#L52-L64

Then web-ext will consider a default profile:

• a profile named "default" or "dev-edition-default":

  web-ext/src/firefox/index.js

  Lines 194 to 197 in 532951f

  	const DEFAULT_PROFILES_NAMES = [
  	'default',
  	'dev-edition-default',
  	];

• or one that has Default=1 in its profiles.ini section:

  web-ext/src/firefox/index.js

  Lines 247 to 270 in 532951f

  	for (const profile of finder.profiles) {
  	// Check if the profile dir path or name is one of the default profiles
  	// defined in the profiles.ini file.
  	if (DEFAULT_PROFILES_NAMES.includes(profile.Name) ||
  	profile.Default === '1') {
  	let profileFullPath;
  	// Check for profile name.
  	if (profile.Name === profilePathOrName) {
  	return true;
  	}
  	// Check for profile path.
  	if (profile.IsRelative === '1') {
  	profileFullPath = path.join(baseProfileDir, profile.Path, path.sep);
  	} else {
  	profileFullPath = path.join(profile.Path, path.sep);
  	}
  	if (path.normalize(profileFullPath) === normalizedProfileDirPath) {
  	return true;
  	}
  	}
  	}

My guess is that this last part is likely the one that is triggering the error.

@autonome could you attach here a "cleaned / anonymized" version of your profiles.ini?
(or even just the fragment related to the profile that is wrongly considered a default profile)

Thanks in advance.

[autonome]

Yeah after looking at profile.ini, it looks like the profile manager creates new profiles and sets them to default. Will send you mine over email.

[autonome]

To clarify: I see the same error if using a default or non-default profile.

So just using profile name as seen in profile manager UI (no path and no randomized directory name prefix + ".") is broken for any profile that I try, and shows that error.