Issue 5760 - Use relative require paths

lib/requestBlocker.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-present eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with Adblock Plus.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 /** @module requestBlocker */
 
 "use strict";
 
-const {Filter, RegExpFilter, BlockingFilter} = require(
-"../adblockpluscore/lib/filterClasses");
+const {Filter, RegExpFilter, BlockingFilter} =
+  require("../adblockpluscore/lib/filterClasses");
 const {Subscription} = require("../adblockpluscore/lib/subscriptionClasses");
 const {defaultMatcher} = require("../adblockpluscore/lib/matcher");
 const {FilterNotifier} = require("../adblockpluscore/lib/filterNotifier");
 const {Prefs} = require("./prefs");
 const {checkWhitelisted, getKey} = require("./whitelisting");
 const {stringifyURL, extractHostFromFrame, isThirdParty} = require("./url");
 const {port} = require("./messaging");
 const devtools = require("./devtools");
 
 // Chrome can't distinguish between OBJECT_SUBREQUEST and OBJECT requests.
@@ skipping 23 matching lines @@
 exports.filterTypes = new Set(function*()
 {
   // Microsoft Edge does not have webRequest.ResourceType or the devtools panel.
   // Since filterTypes is only used by devtools, we can just bail out here.
   if (!(browser.webRequest.ResourceType))
     return;
 
   for (let type in browser.webRequest.ResourceType)
     yield resourceTypes.get(browser.webRequest.ResourceType[type]) || "OTHER";
 
-  // WEBSOCKET and WEBRTC get addressed through workarounds, even if the
-  // webRequest API is lacking support to block these kind of requests.
-  yield "WEBSOCKET";
+  // WEBRTC gets addressed through a workaround, even if the webRequest API is
+  // lacking support to block this kind of a request.
   yield "WEBRTC";
 
-  // POPUP and ELEMHIDE filters aren't blocked on the request level but by other
-  // means. They don't have a corresponding value in webRequest.ResourceType.
+  // POPUP, CSP and ELEMHIDE filters aren't mapped to resource types.
   yield "POPUP";
   yield "ELEMHIDE";
+  yield "CSP";
 }());
 
-function onBeforeRequestAsync(page, url, type, docDomain,
-                              thirdParty, sitekey,
-                              specificOnly, filter)
-{
-  if (filter)
-    FilterNotifier.emit("filter.hitCount", filter, 0, 0, page);
-
-  if (devtools)
-  {
+function getRelatedTabIds(details)
+{
+  // This is the common case, the request is associated with a single tab.
+  // If tabId is -1, its not (e.g. the request was sent by
+  // a Service/Shared Worker) and we have to identify the related tabs.
+  if (details.tabId != -1)
+    return Promise.resolve([details.tabId]);
+
+  let url;                    // Firefox provides "originUrl" indicating the
+  if (details.originUrl)      // URL of the tab that caused this request.
+    url = details.originUrl;  // In case of Service/Shared Worker, this is the
+                              // URL of the tab that caused the worker to spawn.
+
+  else if (details.initiator)        // Chromium >=63 provides "intiator" which
+    url = details.initiator + "/*";  // is equivalent to "originUrl" on Firefox
+                                     // except that its not a full URL but just
+                                     // an origin (proto + host).
+  else
+    return Promise.resolve([]);
+
+  return browser.tabs.query({url}).then(tabs => tabs.map(tab => tab.id));
+}
+
+function logRequest(details, url, type, docDomain, thirdParty,
+                    sitekey, specificOnly, filter)
+{
+  getRelatedTabIds(details).then(tabIds =>
+  {
+    if (filter)
+      FilterNotifier.emit("filter.hitCount", filter, 0, 0, tabIds);
+
     devtools.logRequest(
-      page, url, type, docDomain,
+      tabIds, url, type, docDomain,
       thirdParty, sitekey,
       specificOnly, filter
     );
+  });
+}
+
+browser.webRequest.onBeforeRequest.addListener(details =>
+{
+  // Never block top-level documents.
+  if (details.type == "main_frame")
+    return;
+
+  // Filter out requests from non web protocols. Ideally, we'd explicitly
+  // specify the protocols we are interested in (i.e. http://, https://,
+  // ws:// and wss://) with the url patterns, given below, when adding this
+  // listener. But unfortunately, Chrome <=57 doesn't support the WebSocket
+  // protocol and is causing an error if it is given.
+  let url = new URL(details.url);
+  if (url.protocol != "http:" && url.protocol != "https:" &&
+      url.protocol != "ws:" && url.protocol != "wss:")
+    return;
+
+  let originUrl = null;
+  if (details.originUrl)
+  {
+    originUrl = new URL(details.originUrl);
+
+    // Firefox (only) allows to intercept requests sent by the browser
+    // and other extensions. We don't want to block these.
+    if (originUrl.protocol == "chrome:" ||
+        originUrl.protocol == "moz-extension:")
+      return;
   }
-}
-
-ext.webRequest.onBeforeRequest.addListener((url, type, page, frame) =>
-{
-  let docDomain = null;
-  let sitekey = null;
-  let specificOnly = false;
-  let thirdParty = false;
+  // Fallback to "initiator" on Chrome >=63. It doesn't include the
+  // path (unlike "originUrl" on Firefox), but is still good enough
+  // (in case the tab/frame is unknown) for the $domain filter option
+  // and most document exception rules which only match the domain part.
+  else if (details.initiator)
+    originUrl = new URL(details.initiator);
+
+  let page = null;
+  let frame = null;
+  if (details.tabId != -1)
+  {
+    page = new ext.Page({id: details.tabId});
+    frame = ext.getFrame(
+      details.tabId,
+      // We are looking for the frame that contains the element which
+      // has triggered this request. For most requests (e.g. images) we
+      // can just use the request's frame ID, but for subdocument requests
+      // (e.g. iframes) we must instead use the request's parent frame ID.
+      details.type == "sub_frame" ? details.parentFrameId : details.frameId
+    );
+  }
+
+  if (checkWhitelisted(page, frame, originUrl))
+    return;
+
   let urlString = stringifyURL(url);
-
-
-  if (frame && page)
-  {
-    if (checkWhitelisted(page, frame))
-      return true;
-
-    docDomain = extractHostFromFrame(frame);
-    sitekey = getKey(page, frame);
-    thirdParty = isThirdParty(url, docDomain);
-    specificOnly = !!checkWhitelisted(page, frame,
-                                      RegExpFilter.typeMap.GENERICBLOCK);
-  }
-
-  let mappedType = resourceTypes.get(type) || "OTHER";
+  let type = resourceTypes.get(details.type) || "OTHER";
+  let docDomain = extractHostFromFrame(frame, originUrl);
+  let thirdParty = isThirdParty(url, docDomain);
+  let sitekey = getKey(page, frame, originUrl);
+  let specificOnly = !!checkWhitelisted(page, frame, originUrl,
+                                        RegExpFilter.typeMap.GENERICBLOCK);
 
   let filter = defaultMatcher.matchesAny(
-    urlString, RegExpFilter.typeMap[mappedType],
+    urlString, RegExpFilter.typeMap[type],
     docDomain, thirdParty, sitekey, specificOnly
   );
 
-  setTimeout(onBeforeRequestAsync, 0, page, urlString,
-                                      mappedType, docDomain,
-                                      thirdParty, sitekey,
-                                      specificOnly, filter);
-
-  return !(filter instanceof BlockingFilter);
-});
+  logRequest(details, urlString, type, docDomain,
+             thirdParty, sitekey, specificOnly, filter);
+
+  if (filter instanceof BlockingFilter)
+    return {cancel: true};
+}, {urls: ["<all_urls>"]}, ["blocking"]);
 
 port.on("filters.collapse", (message, sender) =>
 {
   if (checkWhitelisted(sender.page, sender.frame))
     return false;
 
   let typeMask = RegExpFilter.typeMap[message.mediatype];
   let documentHost = extractHostFromFrame(sender.frame);
   let sitekey = getKey(sender.page, sender.frame);
   let blocked = false;
 
   let specificOnly = checkWhitelisted(
-    sender.page, sender.frame,
+    sender.page, sender.frame, null,
     RegExpFilter.typeMap.GENERICBLOCK
   );
 
   for (let url of message.urls)
   {
     let urlObj = new URL(url, message.baseURL);
     let filter = defaultMatcher.matchesAny(
       stringifyURL(urlObj),
       typeMask, documentHost,
       isThirdParty(urlObj, documentHost),
@@ skipping 46 matching lines @@
 
 FilterNotifier.on("subscription.added", onFilterChange);
 FilterNotifier.on("subscription.removed", onFilterChange);
 FilterNotifier.on("subscription.updated", onFilterChange);
 FilterNotifier.on("subscription.disabled", arg => onFilterChange(arg, true));
 FilterNotifier.on("filter.added", onFilterChange);
 FilterNotifier.on("filter.removed", onFilterChange);
 FilterNotifier.on("filter.disabled", arg => onFilterChange(arg, true));
 FilterNotifier.on("load", onFilterChange);
 
-port.on("request.blockedByWrapper", (msg, sender) =>
-{
-  // Chrome 58 onwards directly supports WebSocket blocking, so we can ignore
-  // messages from the wrapper here (see https://crbug.com/129353). Hopefully
-  // WebRTC will be supported soon too (see https://crbug.com/707683).
-  // Edge supports neither webRequest.ResourceType nor WebSocket blocking yet:
-  // https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/10297376/
-  if (browser.webRequest.ResourceType &&
-      (msg.requestType.toUpperCase() in browser.webRequest.ResourceType))
-  {
-    return false;
-  }
-
+port.on("request.blockedByRTCWrapper", (msg, sender) =>
+{
   return ext.webRequest.onBeforeRequest._dispatch(
      new URL(msg.url),
-     msg.requestType,
+     "webrtc",
      sender.page,
      sender.frame
   ).includes(false);
 });