Issue #1356 - Improve detection of the issuer of the request

src/plugin/PluginWbPassThrough.cpp

 #include "PluginStdAfx.h"
 
 #include "PluginWbPassThrough.h"
 #include "PluginClient.h"
 #include "PluginClientFactory.h"
 #include "PluginFilter.h"
 #include "PluginSettings.h"
 #include "PluginClass.h"
 #include "PluginSystem.h"
 #include <WinInet.h>
 #include "wtypes.h"
 #include "../shared/Utils.h"
 
 namespace
 {
   std::string g_blockedByABPPage = "<!DOCTYPE html>"
     "<html>"
         "<body>"
           "<!-- blocked by AdblockPlus -->"
         "</body>"
     "</html>";
+
+  template <class T>
+  T ExtractHttpHeader(const T& allHeaders, const T& targetHeaderNameWithColon, const T& delimiter)
+  {
+    auto targetHeaderBeginsAt = allHeaders.find(targetHeaderNameWithColon);
+    if (targetHeaderBeginsAt == T::npos)
+    {
+      return T();
+    }
+    targetHeaderBeginsAt += targetHeaderNameWithColon.length();
+    auto targetHeaderEndsAt = allHeaders.find(delimiter, targetHeaderBeginsAt);
+    if (targetHeaderEndsAt == T::npos)
+    {
+      return T();
+    }
+    return allHeaders.substr(targetHeaderBeginsAt, targetHeaderEndsAt - targetHeaderBeginsAt);
+  }
+
+  std::string ExtractHttpAcceptHeader(IInternetProtocol* internetProtocol)
+  {
+    // Despite there being HTTP_QUERY_ACCEPT and other query info flags, they don't work here,
+    // only HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS does work.
+    ATL::CComPtr<IWinInetHttpInfo> winInetHttpInfo;
+    HRESULT hr = internetProtocol->QueryInterface(&winInetHttpInfo);
+    if (FAILED(hr))
+    {
+      return "";
+    }
+    DWORD size = 0;
+    DWORD flags = 0;
+    DWORD queryOption = HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS;
+    hr = winInetHttpInfo->QueryInfo(queryOption, /*buffer*/ nullptr, /*get size*/ &size, &flags, /*reserved*/ 0);
+    if (FAILED(hr))
+    {
+      return "";
+    }
+    std::string buf(size, '\0');
+    hr = winInetHttpInfo->QueryInfo(queryOption, &buf[0], &size, &flags, 0);
+    if (FAILED(hr))
+    {
+      return "";
+    }
+    return ExtractHttpHeader<std::string>(buf, "Accept:", "\r\n");
+  }
 }
 
 WBPassthruSink::WBPassthruSink()
   : m_currentPositionOfSentPage(0)
   , m_contentType(CFilter::EContentType::contentTypeAny)
   , m_blockedInTransaction(false)
 {
 }
 
 int WBPassthruSink::GetContentTypeFromMimeType(const CString& mimeType)
@@ skipping 155 matching lines @@
   PROTOCOLDATA::grfFlags, eventually URLMon will turn around and call 
   IInternetProtocol::Continue on the main thread. 
 
   Or, if you happen to have a window handy that was created on the main 
   thread, you can post yourself a message.
   "
   */
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->Switch(pProtocolData) : E_UNEXPECTED;
 }
 
+// This is the heuristic which detects the requests issued by Flash.ocx.
+// It turned out that the implementation from ''Flash.ocx'' (tested version is 15.0.0.152)
+// returns quite minimal configuration in comparison with the implementation from Microsofts'
+// libraries (see grfBINDF and bindInfo.dwOptions). The impl from MS often includes something
+// else.
+bool WBPassthruSink::IsFlashRequest()
+{
+  ATL::CComPtr<IBindStatusCallback> bscb;
+  if (SUCCEEDED(QueryServiceFromClient(&bscb)) && !!bscb)
+  {
+    DWORD grfBINDF = 0;
+    BINDINFO bindInfo = {};
+    bindInfo.cbSize = sizeof(bindInfo);
+    if (SUCCEEDED(bscb->GetBindInfo(&grfBINDF, &bindInfo)) &&
+      (BINDF_ASYNCHRONOUS | BINDF_ASYNCSTORAGE| BINDF_PULLDATA) == grfBINDF &&
+      (BINDINFO_OPTIONS_ENABLE_UTF8 | BINDINFO_OPTIONS_USE_IE_ENCODING) == bindInfo.dwOptions
+      )
+    {
+      return true;
+    }
+  }
+  return false;
+}
+
 STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR* pszAdditionalHeaders)
 {
+  std::wstring src = szURL;
+  DEBUG_GENERAL(ToCString(src));
+
+  std::string acceptHeader = ExtractHttpAcceptHeader(m_spTargetProtocol);
+  m_contentType = GetContentTypeFromMimeType(ATL::CString(acceptHeader.c_str()));
+
   if (pszAdditionalHeaders)
   {
     *pszAdditionalHeaders = nullptr;
   }
-  std::wstring src = szURL;
-  DEBUG_GENERAL(src);

[sergei, 2014/10/28 14:08:46]

DEBUG_GENERAL expects ATL::CString, it's not compilable.

-
-  CComPtr<IHttpNegotiate> spHttpNegotiate;
-  QueryServiceFromClient(&spHttpNegotiate);
+
+  CComPtr<IHttpNegotiate> httpNegotiate;
+  QueryServiceFromClient(&httpNegotiate);
   // This fills the pszAdditionalHeaders with more headers. One of which is the Referer header, which we need.
   // There doesn't seem to be any other way to get this header before the request has been made.
-  HRESULT nativeHr = spHttpNegotiate ? spHttpNegotiate->BeginningTransaction(szURL, szHeaders,dwReserved, pszAdditionalHeaders) : S_OK;
-
-  auto acceptHeader = [&]() -> std::string
-  {
-    // Despite there is HTTP_QUERY_ACCEPT and other query info flags, they don't work here,
-    // only HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS does dork.
-    ATL::CComPtr<IWinInetHttpInfo> winInetHttpInfo;
-    HRESULT hr = m_spTargetProtocol->QueryInterface(&winInetHttpInfo);
-    if(FAILED(hr))
-    {
-      return "";
-    }
-    DWORD size = 0;
-    DWORD flags = 0;
-    hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
-        /*buffer*/nullptr, /* get size */&size, &flags, /*reserved*/ 0);
-    if(FAILED(hr))
-    {
-      return "";
-    }
-    std::string buf(size, '\0');
-    hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
-      &buf[0], &size, &flags, 0);
-    if(FAILED(hr))
-    {
-      return "";
-    }
-    return ExtractHTTPHeader<std::string>(buf, "Accept:", "\r\n");
-  }();
-  m_contentType = GetContentTypeFromMimeType(ATL::CString(acceptHeader.c_str()));
+  HRESULT nativeHr = httpNegotiate ? httpNegotiate->BeginningTransaction(szURL, szHeaders, dwReserved, pszAdditionalHeaders) : S_OK;
+
   if (*pszAdditionalHeaders != 0)
   {
-    m_boundDomain = ExtractHTTPHeader<std::wstring>(std::wstring(*pszAdditionalHeaders), L"Referer:", L"\n").c_str();
+    m_boundDomain = ExtractHttpHeader<std::wstring>(*pszAdditionalHeaders, L"Referer:", L"\n").c_str();
   }
   m_boundDomain = TrimString(m_boundDomain);
   CPluginTab* tab = CPluginClass::GetTab(::GetCurrentThreadId());
   CPluginClient* client = CPluginClient::GetInstance();
 
   if (tab && client)
   {
     CString documentUrl = tab->GetDocumentUrl();
     // Page is identical to document => don't block
     if (documentUrl == ToCString(src))
     {
       return nativeHr;
     }
     else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))
     {
       if (tab->IsFrameCached(ToCString(src)))
       {
         m_contentType = CFilter::contentTypeSubdocument;
       }
     }
   }
 
-  {
-    // Here is the heuristic which detects the requests issued by Flash.ocx.

[sergei, 2014/10/28 14:08:46]

I've also discovered that flash plugin on my computer adds "x-flash-version:
15,0,0,189" header into `pszAdditionalHeaders`, I would add it but as another
issue.

-    // It turned out that the implementation from ''Flash.ocx'' (tested version is 15.0.0.152)
-    // returns quite minimal configuration in comparison with the implementation from Microsofts'
-    // libraries (see grfBINDF and bindInfo.dwOptions). The impl from MS often includes something
-    // else.
-    ATL::CComPtr<IBindStatusCallback> bscb;
-    if (SUCCEEDED(QueryServiceFromClient(&bscb)) && !!bscb)
-    {
-      DWORD grfBINDF = 0;
-      BINDINFO bindInfo = {};
-      bindInfo.cbSize = sizeof(bindInfo);
-      if (SUCCEEDED(bscb->GetBindInfo(&grfBINDF, &bindInfo))
-        && (BINDF_ASYNCHRONOUS | BINDF_ASYNCSTORAGE| BINDF_PULLDATA) == grfBINDF
-        && (BINDINFO_OPTIONS_ENABLE_UTF8 | BINDINFO_OPTIONS_USE_IE_ENCODING) == bindInfo.dwOptions
-        )
-      {
-        m_contentType = CFilter::EContentType::contentTypeObjectSubrequest;
-      }
-    }
+  if (IsFlashRequest())
+  {
+    m_contentType = CFilter::EContentType::contentTypeObjectSubrequest; 
   }
 
   m_blockedInTransaction = client->ShouldBlock(szURL, m_contentType, m_boundDomain, /*debug flag but must be set*/true);
-  // For IE6 and earlier there is iframe back button issue, so avoid it.

[sergei, 2014/10/28 14:08:46]

the comment is not relevant here

   if (m_blockedInTransaction)
   {
     return E_ABORT;
   }
   return nativeHr;
 }
 
 STDMETHODIMP WBPassthruSink::OnResponse(DWORD dwResponseCode, LPCWSTR szResponseHeaders, LPCWSTR szRequestHeaders, LPWSTR *pszAdditionalRequestHeaders)
 {
   if (pszAdditionalRequestHeaders)
@@ skipping 11 matching lines @@
 {
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->ReportProgress(ulStatusCode, szStatusText) : S_OK;
 }
 
 STDMETHODIMP WBPassthruSink::ReportResult(/* [in] */ HRESULT hrResult, /* [in] */ DWORD dwError, /* [in] */ LPCWSTR szResult)
 {
   if (m_blockedInTransaction)
   {
     // Don't notify the client about aborting of the operation, thus don't call BaseClass::ReportResult.
     // Current method is called by the original protocol implementation and we are intercepting the
     // call here and eating it, we will call the proper ReportResult later by ourself.

[sergei, 2014/10/28 14:08:46]

The code is correct but I've recognized that the comment is not enough clear. I
think we should document it somewhere, may be not directly here. Normally this
method is called from Read/OnRead but if we return E_ABORT from
BeginningTransaction then it's called by the original implementation of Start.
In that case the original implementation becomes into aborted state and does not
do anything else. So it seems the last chance for it to notify the client that
the request aborted and then client becomes into corresponding state and does
not expect anything else as well. But it's not what we want, we need the client
waiting for the result which we are generating just after original Start called
and we call m_spInternetProtocolSink->ReportResult from OnRead. JIC,
BaseClass::ReportResult(...) makes the same,
m_spInternetProtocolSink->ReportResult.

     return S_OK;
   }
   return BaseClass::ReportResult(hrResult, dwError, szResult);
 }
 
 
 WBPassthru::WBPassthru()
   : m_shouldSupplyCustomContent(false)
-  , m_hasOriginalStartCalled(false)
 {
 }
 
 STDMETHODIMP WBPassthru::Start(LPCWSTR szUrl, IInternetProtocolSink *pOIProtSink,
     IInternetBindInfo *pOIBindInfo, DWORD grfPI, HANDLE_PTR dwReserved)
 {
   ATLASSERT(m_spInternetProtocol != 0);
   if (!m_spInternetProtocol)
   {
     return E_UNEXPECTED;
   }
 
   return OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, m_spInternetProtocol);
 }
 
 STDMETHODIMP WBPassthru::Read(/* [in, out] */ void *pv,/* [in] */ ULONG cb,/* [out] */ ULONG *pcbRead)
 {
   WBPassthruSink* pSink = GetSink();
   return pSink->OnRead(pv, cb, pcbRead);
 }
 
 STDMETHODIMP WBPassthru::LockRequest(/* [in] */ DWORD options)
 {
-  if (!m_hasOriginalStartCalled)
-  {
-    return S_OK;
-  }
   return BaseClass::LockRequest(options);
 }
 
 STDMETHODIMP WBPassthru::UnlockRequest()
 {
-  if (!m_hasOriginalStartCalled)

[sergei, 2014/10/28 14:08:46]

Since we always call original Start let's delete m_hasOriginalStartCalled
completely. Just remove member and check compilation errors
initialization in ctr, if blocks in Lock/Unlock and an assigning in
src/plugin/SinkPolicy.inl, 

-  {
-    return S_OK;
-  }
   return BaseClass::UnlockRequest();
 }