Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: lib/filterClasses.js

Issue 29680689: [$csp2 adblockpluscore] Issue 6329 - Add the CSP filter type (Closed)
Patch Set: Addressed some more nits Created March 15, 2018, 10:24 a.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | test/filterClasses.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/filterClasses.js
diff --git a/lib/filterClasses.js b/lib/filterClasses.js
index 1498ad8db2da7975ef3dce4916ef843d29d51420..809d90d2bf5750ad2c21e0f8238c542ef1f822a2 100644
--- a/lib/filterClasses.js
+++ b/lib/filterClasses.js
@@ -97,7 +97,7 @@ Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,
* Regular expression that options on a RegExp filter should match
* @type {RegExp}
*/
-Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,\s]+)?)*)$/;
+Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]+)?(?:,~?[\w-]+(?:=[^,]+)?)*)$/;
/**
* Creates a filter of correct type from its text representation - does the
@@ -173,21 +173,51 @@ Filter.normalize = function(text)
return text;
// Remove line breaks and such
- text = text.replace(/[^\S ]/g, "");
+ text = text.replace(/[^\S ]+/g, "");
- if (/^\s*!/.test(text))
- {
- // Don't remove spaces inside comments
+ // Don't remove spaces inside comments
+ if (/^ *!/.test(text))
return text.trim();
- }
- else if (Filter.elemhideRegExp.test(text))
+
+ // Special treatment for element hiding filters, right side is allowed to
+ // contain spaces
+ if (Filter.elemhideRegExp.test(text))
{
- // Special treatment for element hiding filters, right side is allowed to
- // contain spaces
let [, domain, separator, selector] = /^(.*?)(#@?#?)(.*)$/.exec(text);
- return domain.replace(/\s/g, "") + separator + selector.trim();
+ return domain.replace(/ +/g, "") + separator + selector.trim();
+ }
+
+ // For most regexp filters we strip all whitespace.
+ let strippedText = text.replace(/ +/g, "");
+ if (!strippedText.includes("$") || !/\bcsp=/i.test(strippedText))
+ return strippedText;
+
+ let optionsMatch = Filter.optionsRegExp.exec(strippedText);
+ if (!optionsMatch)
+ return strippedText;
+
+ // But since the values of $csp filter options are allowed to contain single
+ // (non trailing) spaces we have to be more careful if they might be present.
+ let beforeOptions = strippedText.substring(0, optionsMatch.index);
+ let optionsText = text;
Manish Jethani 2018/03/15 11:13:25 By the way, I was wondering if we could avoid crea
Manish Jethani 2018/03/16 06:47:09 Out of curiosity, what do you think about this? It
kzar 2018/03/16 11:29:05 Well I think that what we have already is plenty g
Manish Jethani 2018/03/16 12:05:06 But the effort has already been spent, the code ha
kzar 2018/03/17 14:35:06 Then we have bigger problems, e.g. we ran the opti
sergei 2018/03/19 15:47:30 I actually agree with Manish here, in both the per
kzar 2018/03/19 16:38:58 Well I still disagree on the readability aspect, b
Manish Jethani 2018/03/19 18:03:38 Acknowledged.
+ for (let i = beforeOptions.split("$").length; i > 0; i--)
+ optionsText = optionsText.substr(optionsText.indexOf("$") + 1);
+
+ let options = optionsText.split(",");
+ for (let i = 0; i < options.length; i++)
+ {
+ let option = options[i];
+ let cspMatch = /^ *c *s *p *=/i.exec(option);
+ if (cspMatch)
+ {
+ options[i] = cspMatch[0].replace(/ +/g, "") +
+ option.substr(cspMatch[0].length).trim().replace(/ +/g, " ");
+ }
+ else
+ options[i] = option.replace(/ +/g, "");
}
- return text.replace(/\s/g, "");
+
+ return beforeOptions + "$" + options.join();
};
/**
@@ -727,11 +757,12 @@ RegExpFilter.fromText = function(text)
let sitekeys = null;
let thirdParty = null;
let collapse = null;
+ let csp = null;
let options;
let match = (text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null);
if (match)
{
- options = match[1].toUpperCase().split(",");
+ options = match[1].split(",");
text = match.input.substr(0, match.index);
for (let option of options)
{
@@ -742,12 +773,20 @@ RegExpFilter.fromText = function(text)
value = option.substr(separatorIndex + 1);
option = option.substr(0, separatorIndex);
}
- option = option.replace(/-/, "_");
+ option = option.replace(/-/, "_").toUpperCase();
if (option in RegExpFilter.typeMap)
{
if (contentType == null)
contentType = 0;
contentType |= RegExpFilter.typeMap[option];
+
+ if (option == "CSP" && typeof value != "undefined")
+ {
+ if (csp)
+ csp.push(value);
+ else
+ csp = [value];
+ }
}
else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap)
{
@@ -760,7 +799,7 @@ RegExpFilter.fromText = function(text)
else if (option == "~MATCH_CASE")
matchCase = false;
else if (option == "DOMAIN" && typeof value != "undefined")
- domains = value;
+ domains = value.toUpperCase();
else if (option == "THIRD_PARTY")
thirdParty = true;
else if (option == "~THIRD_PARTY")
@@ -770,7 +809,7 @@ RegExpFilter.fromText = function(text)
else if (option == "~COLLAPSE")
collapse = false;
else if (option == "SITEKEY" && typeof value != "undefined")
- sitekeys = value;
+ sitekeys = value.toUpperCase();
else
return new InvalidFilter(origText, "filter_unknown_option");
}
@@ -780,8 +819,19 @@ RegExpFilter.fromText = function(text)
{
if (blocking)
{
+ if (csp)
+ {
+ csp = csp.join("; ").toLowerCase();
+
+ // Prevent filters from injecting report-uri or report-to directives
+ // since they are a privacy concern. Regexp based upon reBadCSP[1].
+ // [1] - https://github.com/gorhill/uBlock/blob/67e06f53b4d73df6179f6d320553a55da4ead40e/src/js/static-net-filtering.js#L1362
kzar 2018/03/15 16:09:47 Note: I no longer attribute uBlock here since we p
Manish Jethani 2018/03/15 16:55:34 Acknowledged.
+ if (/(;|^)\s*report-(to|uri)\b/.test(csp))
Manish Jethani 2018/03/15 13:24:44 Since we allow single spaces in the CSP, we should
kzar 2018/03/15 13:44:45 I don't think that's a problem, Sebastian noticed
Manish Jethani 2018/03/15 13:47:33 Thanks, I was just wondering about this. In that c
Manish Jethani 2018/03/15 13:50:48 Also, in the interest of landing this (so we can s
kzar 2018/03/15 14:13:37 I'd prefer not to land this without the security /
kzar 2018/03/15 14:13:37 It should be here at parse time IMO.
kzar 2018/03/15 14:13:38 Well spotted, there's a non-outdated version calle
Manish Jethani 2018/03/15 14:28:31 Referrer-Policy doesn't really concern us since we
Manish Jethani 2018/03/15 14:28:31 My only concern was to not allow filter authors to
Sebastian Noack 2018/03/15 19:03:05 Agreed. In the end, there is nothing we can effect
Manish Jethani 2018/03/16 12:25:05 Ack.
+ return new InvalidFilter(origText, "filter_invalid_csp");
+ }
+
return new BlockingFilter(origText, text, contentType, matchCase, domains,
- thirdParty, sitekeys, collapse);
+ thirdParty, sitekeys, collapse, csp);
}
return new WhitelistFilter(origText, text, contentType, matchCase, domains,
thirdParty, sitekeys);
@@ -805,6 +855,7 @@ RegExpFilter.typeMap = {
DOCUMENT: 64,
WEBSOCKET: 128,
WEBRTC: 256,
+ CSP: 512,
XBL: 1,
PING: 1024,
XMLHTTPREQUEST: 2048,
@@ -821,9 +872,10 @@ RegExpFilter.typeMap = {
GENERICHIDE: 0x80000000
};
-// DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options shouldn't
-// be there by default
-RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT |
+// CSP, DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options
+// shouldn't be there by default
+RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.CSP |
+ RegExpFilter.typeMap.DOCUMENT |
RegExpFilter.typeMap.ELEMHIDE |
RegExpFilter.typeMap.POPUP |
RegExpFilter.typeMap.GENERICHIDE |
@@ -840,16 +892,19 @@ RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT |
* @param {string} sitekeys see RegExpFilter()
* @param {boolean} collapse
* defines whether the filter should collapse blocked content, can be null
+ * @param {string} [csp]
+ * Content Security Policy to inject when the filter matches
* @constructor
* @augments RegExpFilter
*/
function BlockingFilter(text, regexpSource, contentType, matchCase, domains,
- thirdParty, sitekeys, collapse)
+ thirdParty, sitekeys, collapse, csp)
{
RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains,
thirdParty, sitekeys);
this.collapse = collapse;
+ this.csp = csp;
}
exports.BlockingFilter = BlockingFilter;
@@ -861,7 +916,13 @@ BlockingFilter.prototype = extend(RegExpFilter, {
* Can be null (use the global preference).
* @type {boolean}
*/
- collapse: null
+ collapse: null,
+
+ /**
+ * Content Security Policy to inject for matching requests.
+ * @type {string}
+ */
+ csp: null
});
/**
« no previous file with comments | « no previous file | test/filterClasses.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld