Issue 1530 - Improve detecting of subrequest issued by flash addon

src/plugin/PluginWbPassThrough.cpp

 #include "PluginStdAfx.h"
 
 #include "PluginWbPassThrough.h"
 #include "PluginClient.h"
 #include "PluginClientFactory.h"
 #include "PluginFilter.h"
 #include "PluginSettings.h"
 #include "PluginClass.h"
 #include "PluginSystem.h"
 #include <WinInet.h>
 #include "wtypes.h"
 #include "../shared/Utils.h"
 
 namespace
 {
-  std::string g_blockedByABPPage = "<!DOCTYPE html>"
+  const std::string g_blockedByABPPage = "<!DOCTYPE html>"

[Oleksandr, 2014/11/13 04:44:42]

Unrelated change

[sergei, 2014/11/13 08:49:32]

removed from here

     "<html>"
         "<body>"
           "<!-- blocked by AdblockPlus -->"
         "</body>"
     "</html>";
 
   template <class T>
-  T ExtractHttpHeader(const T& allHeaders, const T& targetHeaderNameWithColon, const T& delimiter)
+  std::pair<T, bool> ExtractHttpHeader(const T& allHeaders, const T& targetHeaderNameWithColon, const T& delimiter)

[Oleksandr, 2014/11/13 04:44:42]

Unrelated change. Also, I think was good enough as it was. What was wrong with
just a check if the returned value is empty? From the looks of it, only Accept
header can be empty, and even when it is we don't really care (you rightfully
didn't change the Accept header handling to be like X-Requested-With).

[sergei, 2014/11/13 08:49:32]

Right, it's not necessary. Reverted.

   {
+    std::pair<T, bool> notFoundHeader;
     auto targetHeaderBeginsAt = allHeaders.find(targetHeaderNameWithColon);
     if (targetHeaderBeginsAt == T::npos)
     {
-      return T();
+      return notFoundHeader;
     }
     targetHeaderBeginsAt += targetHeaderNameWithColon.length();
     auto targetHeaderEndsAt = allHeaders.find(delimiter, targetHeaderBeginsAt);
     if (targetHeaderEndsAt == T::npos)
     {
-      return T();
+      return notFoundHeader;
     }
-    return allHeaders.substr(targetHeaderBeginsAt, targetHeaderEndsAt - targetHeaderBeginsAt);
+    return std::make_pair(allHeaders.substr(targetHeaderBeginsAt, targetHeaderEndsAt - targetHeaderBeginsAt), true);
   }
 
   std::string ExtractHttpAcceptHeader(IInternetProtocol* internetProtocol)
   {
     // Despite there being HTTP_QUERY_ACCEPT and other query info flags, they don't work here,
     // only HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS does work.
     ATL::CComPtr<IWinInetHttpInfo> winInetHttpInfo;
     HRESULT hr = internetProtocol->QueryInterface(&winInetHttpInfo);
     if (FAILED(hr))
     {
       return "";
     }
     DWORD size = 0;
     DWORD flags = 0;
     DWORD queryOption = HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS;
     hr = winInetHttpInfo->QueryInfo(queryOption, /*buffer*/ nullptr, /*get size*/ &size, &flags, /*reserved*/ 0);
     if (FAILED(hr))
     {
       return "";
     }
     std::string buf(size, '\0');
     hr = winInetHttpInfo->QueryInfo(queryOption, &buf[0], &size, &flags, 0);
     if (FAILED(hr))
     {
       return "";
     }
-    return ExtractHttpHeader<std::string>(buf, "Accept:", "\r\n");
+    auto acceptHeader = ExtractHttpHeader<std::string>(buf, "Accept:", "\r\n");
+    return acceptHeader.first;
+  }
+
+  bool IsXmlHttpRequest(const std::wstring& additionalHeaders)
+  {
+    auto requestedWithHeader = ExtractHttpHeader<std::wstring>(additionalHeaders, L"X-Requested-With: ", L"\n");

[Oleksandr, 2014/11/13 04:44:42]

X-Requested-With is only part of the story, I think. How about also detecting
CORS requests. By detecting "Origin" header, for example. Also, this deserves to
be separated into it's own issue, IMHO.

+    return requestedWithHeader.second && TrimString(requestedWithHeader.first) == L"XMLHttpRequest";
   }
 }
 
 WBPassthruSink::WBPassthruSink()
   : m_currentPositionOfSentPage(0)
   , m_contentType(CFilter::EContentType::contentTypeAny)
   , m_blockedInTransaction(false)
 {
 }
 
@@ skipping 161 matching lines @@
   "
   */
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->Switch(pProtocolData) : E_UNEXPECTED;
 }
 
 // This is the heuristic which detects the requests issued by Flash.ocx.
 // It turned out that the implementation from ''Flash.ocx'' (tested version is 15.0.0.152)
 // returns quite minimal configuration in comparison with the implementation from Microsofts'
 // libraries (see grfBINDF and bindInfo.dwOptions). The impl from MS often includes something
 // else.
-bool WBPassthruSink::IsFlashRequest()
+bool WBPassthruSink::IsFlashRequest(const wchar_t* const* additionalHeaders)
 {
+  if (additionalHeaders && *additionalHeaders)
+  {
+    auto flashVersionHeader = ExtractHttpHeader<std::wstring>(*additionalHeaders, L"x-flash-version: ", L"\n");
+    if (flashVersionHeader.second)
+    {
+      return true;
+    }
+  }
   ATL::CComPtr<IBindStatusCallback> bscb;
   if (SUCCEEDED(QueryServiceFromClient(&bscb)) && !!bscb)
   {
     DWORD grfBINDF = 0;
     BINDINFO bindInfo = {};
     bindInfo.cbSize = sizeof(bindInfo);
     if (SUCCEEDED(bscb->GetBindInfo(&grfBINDF, &bindInfo)) &&
       (BINDF_ASYNCHRONOUS | BINDF_ASYNCSTORAGE| BINDF_PULLDATA) == grfBINDF &&
       (BINDINFO_OPTIONS_ENABLE_UTF8 | BINDINFO_OPTIONS_USE_IE_ENCODING) == bindInfo.dwOptions
       )
     {
       return true;
     }
   }
   return false;
 }
 
 STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR* pszAdditionalHeaders)
 {
+  if (!szURL || !szHeaders)
+  {
+    return E_POINTER;
+  }

[Oleksandr, 2014/11/13 04:44:42]

Unrelated change.

[sergei, 2014/11/13 08:49:32]

Removed from here.

   std::wstring src = szURL;
   DEBUG_GENERAL(ToCString(src));
 
   std::string acceptHeader = ExtractHttpAcceptHeader(m_spTargetProtocol);
   m_contentType = GetContentTypeFromMimeType(ATL::CString(acceptHeader.c_str()));
 
   if (pszAdditionalHeaders)
   {
     *pszAdditionalHeaders = nullptr;
   }
 
   CComPtr<IHttpNegotiate> httpNegotiate;
   QueryServiceFromClient(&httpNegotiate);
   // This fills the pszAdditionalHeaders with more headers. One of which is the Referer header, which we need.
   // There doesn't seem to be any other way to get this header before the request has been made.
   HRESULT nativeHr = httpNegotiate ? httpNegotiate->BeginningTransaction(szURL, szHeaders, dwReserved, pszAdditionalHeaders) : S_OK;
 
-  if (*pszAdditionalHeaders != 0)
+  if (pszAdditionalHeaders && *pszAdditionalHeaders)
   {
-    m_boundDomain = ExtractHttpHeader<std::wstring>(*pszAdditionalHeaders, L"Referer:", L"\n").c_str();
+    m_boundDomain = ExtractHttpHeader<std::wstring>(*pszAdditionalHeaders, L"Referer:", L"\n").first;
   }
   m_boundDomain = TrimString(m_boundDomain);
   CPluginTab* tab = CPluginClass::GetTab(::GetCurrentThreadId());
   CPluginClient* client = CPluginClient::GetInstance();
 
   if (tab && client)
   {
     CString documentUrl = tab->GetDocumentUrl();
     // Page is identical to document => don't block
     if (documentUrl == ToCString(src))
     {
       return nativeHr;
     }
     else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))
     {
       if (tab->IsFrameCached(ToCString(src)))
       {
         m_contentType = CFilter::contentTypeSubdocument;
       }
     }
   }
 
-  if (IsFlashRequest())
+  if (IsFlashRequest(pszAdditionalHeaders))
   {
-    m_contentType = CFilter::EContentType::contentTypeObjectSubrequest; 
+    m_contentType = CFilter::EContentType::contentTypeObjectSubrequest;
+  }
+
+  if (pszAdditionalHeaders && IsXmlHttpRequest(*pszAdditionalHeaders))
+  {
+    m_contentType = CFilter::EContentType::contentTypeXmlHttpRequest;
   }
 
   m_blockedInTransaction = client->ShouldBlock(szURL, m_contentType, m_boundDomain, /*debug flag but must be set*/true);
   if (m_blockedInTransaction)
   {
     return E_ABORT;
   }
   return nativeHr;
 }
 
@@ skipping 53 matching lines @@
 
 STDMETHODIMP WBPassthru::LockRequest(/* [in] */ DWORD options)
 {
   return BaseClass::LockRequest(options);
 }
 
 STDMETHODIMP WBPassthru::UnlockRequest()
 {
   return BaseClass::UnlockRequest();
 }