lib/csp.js - Issue 29680696: [$csp4 adblockpluschrome] Issue 5241 - Add support for Content Security Policy filters

Delta Between Two Patch Sets: lib/csp.js

Issue 29680696: [$csp4 adblockpluschrome] Issue 5241 - Add support for Content Security Policy filters (Closed)

Left Patch Set: Use extractHostFromFrame and attempt to match $csp exceptions non-recursively Created March 16, 2018, 12:43 p.m.

Right Patch Set: Rebased Created March 26, 2018, 6:22 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12 * GNU General Public License for more details.	12 * GNU General Public License for more details.

13 *	13 *

14 * You should have received a copy of the GNU General Public License	14 * You should have received a copy of the GNU General Public License

15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.	15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.

16 */	16 */

17	17

18 "use strict";	18 "use strict";

19	19

20 const {defaultMatcher} = require("matcher");	20 const {defaultMatcher} = require("matcher");

21 const {BlockingFilter, RegExpFilter} = require("filterClasses");	21 const {RegExpFilter, WhitelistFilter} = require("filterClasses");

22 const {extractHostFromFrame, getDecodedHostname,	22 const {extractHostFromFrame, getDecodedHostname,

23 isThirdParty, stringifyURL} = require("url");	23 isThirdParty, stringifyURL} = require("url");

24 const {checkWhitelisted} = require("whitelisting");	24 const {checkWhitelisted} = require("whitelisting");

25 const {FilterNotifier} = require("filterNotifier");	25 const {FilterNotifier} = require("filterNotifier");

26 const devtools = require("devtools");	26 const devtools = require("devtools");

27	27

28 const {typeMap} = RegExpFilter;	28 const {typeMap} = RegExpFilter;

29	29

30 browser.webRequest.onHeadersReceived.addListener(details =>	30 browser.webRequest.onHeadersReceived.addListener(details =>

31 {	31 {

32 let url = new URL(details.url);	32 let url = new URL(details.url);

33 let urlString = stringifyURL(url);	33 let urlString = stringifyURL(url);

34	34 let parentFrame = ext.getFrame(details.tabId, details.parentFrameId);

35 let parentFrame = details.parentFrameId != -1 &&	35 let hostname = extractHostFromFrame(parentFrame) \|\| getDecodedHostname(url);

36 ext.getFrame(details.tabId, details.parentFrameId);	36 let thirdParty = isThirdParty(url, hostname);

37 let hostname = extractHostFromFrame(parentFrame);

38 let thirdParty = false;

39 if (hostname)

40 thirdParty = isThirdParty(url, hostname);

41 else

42 hostname = getDecodedHostname(url);
Sebastian Noack 2018/03/16 23:52:38 Is this micro-optimization worth it? Otherwise, th Is this micro-optimization worth it? Otherwise, this code could be simplified: let hostname = extractHostFromFrame(parentFrame) \|\| getDecodedHostname(url); let thirdParty = isThirdParty(url, hostname); kzar 2018/03/19 14:41:30 Done. Show quoted text On 2018/03/16 23:52:38, Sebastian Noack wrote: > Is this micro-optimization worth it? Otherwise, this code could be simplified: > > let hostname = extractHostFromFrame(parentFrame) \|\| getDecodedHostname(url); > let thirdParty = isThirdParty(url, hostname); Done.
43	37

44 let cspMatch = defaultMatcher.matchesAny(urlString, typeMap.CSP, hostname,	38 let cspMatch = defaultMatcher.matchesAny(urlString, typeMap.CSP, hostname,

45 thirdParty, null, false);	39 thirdParty, null, false);

46 if (cspMatch)	40 if (cspMatch)

47 {	41 {

48 let page = new ext.Page({id: details.tabId, url: details.url});	42 let page = new ext.Page({id: details.tabId, url: details.url});

49 let frame = ext.getFrame(details.tabId, details.frameId);	43 let frame = ext.getFrame(details.tabId, details.frameId);

50	44

	45 if (checkWhitelisted(page, frame))

	46 return;

	47

51 // To avoid an extra matchesAny for the common case we assumed no	48 // To avoid an extra matchesAny for the common case we assumed no

52 // $genericblock filters applied when searching for a matching $csp filter.	49 // $genericblock filters applied when searching for a matching $csp filter.

53 // We must now pay the price by first checking for a $genericblock filter	50 // We must now pay the price by first checking for a $genericblock filter

54 // and if necessary that our $csp filter is specific.	51 // and if necessary that our $csp filter is specific.

55 let specificOnly = checkWhitelisted(page, frame, typeMap.GENERICBLOCK);	52 let specificOnly = !!checkWhitelisted(page, frame, typeMap.GENERICBLOCK);

56 if (specificOnly)	53 if (specificOnly)

57 {	54 {

58 cspMatch = defaultMatcher.matchesAny(urlString, typeMap.CSP, hostname,	55 cspMatch = defaultMatcher.matchesAny(urlString, typeMap.CSP, hostname,

59 thirdParty, null, specificOnly);	56 thirdParty, null, specificOnly);

60 if (!cspMatch)	57 if (!cspMatch)

61 return;	58 return;

62 }	59 }

63	60

64 devtools.logRequest(page, urlString, "CSP", hostname, thirdParty, null,	61 devtools.logRequest(page, urlString, "CSP", hostname, thirdParty, null,

65 specificOnly, cspMatch);	62 specificOnly, cspMatch);

	63 FilterNotifier.emit("filter.hitCount", cspMatch, 0, 0, page);

66	64

67 if (checkWhitelisted(page, frame))	65 if (cspMatch instanceof WhitelistFilter)
Sebastian Noack 2018/03/16 23:52:39 Why not doing this check earlier? Why not doing this check earlier? kzar 2018/03/19 14:41:30 Done. Show quoted text On 2018/03/16 23:52:39, Sebastian Noack wrote: > Why not doing this check earlier? Done.
68 return;	66 return;

69

70 FilterNotifier.emit("filter.hitCount", cspMatch, 0, 0, page);

71	67

72 details.responseHeaders.push({	68 details.responseHeaders.push({
Sebastian Noack 2018/03/16 23:52:38 It seems this code path is reached if cspMatch is It seems this code path is reached if cspMatch is a whitelisting filter. kzar 2018/03/19 14:41:30 Done. Show quoted text On 2018/03/16 23:52:38, Sebastian Noack wrote: > It seems this code path is reached if cspMatch is a whitelisting filter. Done.
73 name: "Content-Security-Policy",	69 name: "Content-Security-Policy",

74 value: cspMatch.csp	70 value: cspMatch.csp

75 });	71 });

76	72

77 return {responseHeaders: details.responseHeaders};	73 return {responseHeaders: details.responseHeaders};

78 }	74 }

79 }, {	75 }, {

80 urls: ["http:///", "https:///"],	76 urls: ["http:///", "https:///"],

81 types: ["main_frame", "sub_frame"]	77 types: ["main_frame", "sub_frame"]

82 }, ["blocking", "responseHeaders"]);	78 }, ["blocking", "responseHeaders"]);

LEFT	RIGHT