[superseded] Issue 1265 - Improve detection of mime type of the expected response

src/plugin/PluginWbPassThrough.cpp

 #include "PluginStdAfx.h"
 
 #include "PluginWbPassThrough.h"
 #include "PluginClient.h"
 #include "PluginClientFactory.h"
 #ifdef SUPPORT_FILTER
 #include "PluginFilter.h"
 #endif
 #include "PluginSettings.h"
 #include "PluginClass.h"
 #include "PluginSystem.h"
-
+#include <WinInet.h>
 #include "wtypes.h"
 
-EXTERN_C IMAGE_DOS_HEADER __ImageBase;
-
 namespace
 {
   std::string g_myPageBlocked = "<!DOCTYPE html>"
     "<html>"
         "<body>"
           "<!-- blocked by AdblockPlus -->"
         "</body>"
     "</html>";
 }
 
-int WBPassthruSink::GetContentTypeFromMimeType(CString mimeType)
+WBPassthruSink::WBPassthruSink()
+  : m_currentPositionOfSentPage(0)
+  , m_contentType(CFilter::EContentType::contentTypeAny)
+{
+}
+
+int WBPassthruSink::GetContentTypeFromMimeType(const CString& mimeType)
 {
   if (mimeType.Find(L"image/") >= 0)
   {
     return CFilter::contentTypeImage;
   }
   if (mimeType.Find(L"text/css") >= 0)
   {
     return CFilter::contentTypeStyleSheet;
   }
   if ((mimeType.Find(L"application/javascript") >= 0) || (mimeType.Find(L"application/json") >= 0))
@@ skipping 10 matching lines @@
   }
   // It is important to have this check last, since it is rather generic, and might overlay text/html, for example
   if (mimeType.Find(L"xml") >= 0)
   {
     return CFilter::contentTypeXmlHttpRequest;
   }
 
   return CFilter::contentTypeAny;
 }
 
-int WBPassthruSink::GetContentTypeFromURL(CString src)
+int WBPassthruSink::GetContentTypeFromURL(const CString& src)
 {
   CString srcExt = src;
 
   int pos = 0;
   if ((pos = src.Find('?')) > 0)
   {
     srcExt = src.Left(pos);
   }
 
   int lastDotIndex = srcExt.ReverseFind('.');
@@ skipping 17 matching lines @@
     return CFilter::contentTypeXmlHttpRequest;
   }
   else if (ext == L".swf")
   {
     return CFilter::contentTypeObject;
   }
   else if (ext == L".jsp" || ext == L".php" || ext == L".html")
   {
     return CFilter::contentTypeSubdocument;
   }
-  else
-  {
-    return CFilter::contentTypeAny & ~CFilter::contentTypeSubdocument;
-  }
-
+  return CFilter::contentTypeAny;
 }
 
-int WBPassthruSink::GetContentType(CString mimeType, CString domain, CString src)
+int WBPassthruSink::GetContentType(const CString& mimeType, const CString& domain, const CString& src)
 {
   // No referer or mime type
   // BINDSTRING_XDR_ORIGIN works only for IE v8+
   if (mimeType.IsEmpty() && domain.IsEmpty() && CPluginClient::GetInstance()->GetIEVersion() >= 8)
   {
     return CFilter::contentTypeXmlHttpRequest;
   }
   int contentType = GetContentTypeFromMimeType(mimeType);
   if (contentType == CFilter::contentTypeAny)
   {
     contentType = GetContentTypeFromURL(src);
   }
   return contentType;
 }
 
 ////////////////////////////////////////////////////////////////////////////////////////
 //WBPassthruSink
 //Monitor and/or cancel every request and responde
 //WB makes, including images, sounds, scripts, etc
 ////////////////////////////////////////////////////////////////////////////////////////
 HRESULT WBPassthruSink::OnStart(LPCWSTR szUrl, IInternetProtocolSink *pOIProtSink,
                                 IInternetBindInfo *pOIBindInfo, DWORD grfPI, HANDLE_PTR dwReserved,
                                 IInternetProtocol* pTargetProtocol, bool& handled)
 {
   m_pTargetProtocol = pTargetProtocol;
   bool isBlocked = false;
-  m_currentPositionOfSentPage = 0;
-  CString src;
-  src.Append(szUrl);
+  CString src = szUrl;
   DEBUG_GENERAL(src);
   CPluginClient::UnescapeUrl(src);
 
-  CString boundDomain;
   CString mimeType;
-  LPOLESTR mime[10];
   if (pOIBindInfo)
   {
     ULONG resLen = 0;
 
     // Apparently IE will report random mime type if there's more then 1 in the list.
     // So we get the whole list and just use the first one (top priority one)
+    LPOLESTR mime[10];
     pOIBindInfo->GetBindString(BINDSTRING_ACCEPT_MIMES, mime, 10, &resLen);
     if (mime && resLen > 0)
     {
       mimeType.SetString(mime[0]);
     }
-    LPOLESTR bindToObject = 0;
+    LPOLESTR bindToObject = nullptr;
     pOIBindInfo->GetBindString(BINDSTRING_FLAG_BIND_TO_OBJECT, &bindToObject, 1, &resLen);
-    LPOLESTR domainRetrieved = 0;
+    LPOLESTR domainRetrieved = nullptr;
     if (resLen == 0 || wcscmp(bindToObject, L"FALSE") == 0)
-    {   
+    {
       HRESULT hr = pOIBindInfo->GetBindString(BINDSTRING_XDR_ORIGIN, &domainRetrieved, 1, &resLen);
-      
       if ((hr == S_OK) && domainRetrieved && (resLen > 0))
       {
-        boundDomain.SetString(domainRetrieved);
+        m_boundDomain = domainRetrieved;
       }
     }
   }
 
   CString cookie;
   ULONG len1 = 2048;
   ULONG len2 = 2048;
 
 #ifdef SUPPORT_FILTER
-  int contentType = CFilter::contentTypeAny;
-
   CPluginTab* tab = CPluginClass::GetTab(::GetCurrentThreadId());
   CPluginClient* client = CPluginClient::GetInstance();
 
-
   if (tab && client)
   {
     CString documentUrl = tab->GetDocumentUrl();
     // Page is identical to document => don't block
     if (documentUrl == src)
     {
       // fall through
     }
     else if (CPluginSettings::GetInstance()->IsPluginEnabled() && !client->IsWhitelistedUrl(std::wstring(documentUrl)))
     {
-      boundDomain = tab->GetDocumentUrl();
-
-      contentType = CFilter::contentTypeAny;
-
+      m_boundDomain = tab->GetDocumentUrl();
+      m_contentType = CFilter::contentTypeAny;
 #ifdef SUPPORT_FRAME_CACHING
-      if ((tab != 0) && (tab->IsFrameCached(src)))
+      if (nullptr != tab && tab->IsFrameCached(src))
       {
-        contentType = CFilter::contentTypeSubdocument;
+        m_contentType = CFilter::contentTypeSubdocument;
       }
       else
 #endif // SUPPORT_FRAME_CACHING
-      contentType = GetContentType(mimeType, boundDomain, src);
-      if (client->ShouldBlock(src, contentType, boundDomain, true))
       {
-        isBlocked = true;
-
-        DEBUG_BLOCKER("Blocker::Blocking Http-request:" + src);
+        m_contentType = GetContentType(mimeType, m_boundDomain, src);
       }
     }
-    if (!isBlocked)
-    {
-      DEBUG_BLOCKER("Blocker::Ignoring Http-request:" + src)
-    }
+    
   }
 
-
-  if (tab == NULL)
+  if (nullptr == tab)

[Oleksandr, 2014/10/01 09:15:39]

I personally don't like yoda conditions, and I think we have it in our coding
style not to use them. 

if (tab == nullptr) looks better, imho.

   {
-    contentType = GetContentType(mimeType, boundDomain, src);
-    if (client->ShouldBlock(src, contentType, boundDomain, true))
-    {
-      isBlocked = true;
-    }
+    m_contentType = GetContentType(mimeType, m_boundDomain, src);
   }
 
-#ifdef _DEBUG
-  CString type;
+  if (nullptr != client
+    && CFilter::EContentType::contentTypeAny != m_contentType
+    && client->ShouldBlock(src, m_contentType, m_boundDomain, true))

[Oleksandr, 2014/10/01 09:15:39]

Comment about yoda conditions applies here as well. And further below for all
the m_contentType checks.

+  {
+    isBlocked = true;
+  }
 
-  if (contentType == CFilter::contentTypeDocument) type = "DOCUMENT";
-  else if (contentType == CFilter::contentTypeObject) type = "OBJECT";
-  else if (contentType == CFilter::contentTypeImage) type = "IMAGE";
-  else if (contentType == CFilter::contentTypeScript) type = "SCRIPT";
-  else if (contentType == CFilter::contentTypeOther) type = "OTHER";
-  else if (contentType == CFilter::contentTypeUnknown) type = "OTHER";
-  else if (contentType == CFilter::contentTypeSubdocument) type = "SUBDOCUMENT";
-  else if (contentType == CFilter::contentTypeStyleSheet) type = "STYLESHEET";
-  else type = "OTHER";
-
-  if (isBlocked)
+  // For IE6 and earlier there is iframe back button issue, so avoid it.
+  if (isBlocked && client->GetIEVersion() > 6)
   {
-    CPluginDebug::DebugResultBlocking(type, src, boundDomain);
-  }
-  else
-  {
-    CPluginDebug::DebugResultIgnoring(type, src, boundDomain);
-  }
-#endif
-
-  //Fixes the iframe back button issue
-  if (client->GetIEVersion() > 6)
-  {
-    if (contentType == CFilter::contentTypeImage && isBlocked)
+    handled = true;
+    if (CFilter::EContentType::contentTypeImage == m_contentType)
     {
       BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-      handled = true;
       // IE shows a cross that img is not loaded
       return INET_E_REDIRECT_FAILED;
     }
-    if (contentType == CFilter::contentTypeSubdocument && isBlocked)
+    if (CFilter::EContentType::contentTypeSubdocument == m_contentType)
     {
       PassthroughAPP::CustomSinkStartPolicy<WBPassthru, WBPassthruSink>::GetProtocol(this)->m_shouldSupplyCustomContent = true;
       BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-
       m_spInternetProtocolSink->ReportProgress(BINDSTATUS_MIMETYPEAVAILABLE, L"text/html");
       m_spInternetProtocolSink->ReportData(BSCF_FIRSTDATANOTIFICATION, 0, static_cast<ULONG>(g_myPageBlocked.size()));
-      handled = true;
       return S_OK;
     } 
-    if (contentType == CFilter::contentTypeScript && isBlocked)
+    if (CFilter::EContentType::contentTypeScript == m_contentType)
     {
       BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
       m_spInternetProtocolSink->ReportProgress(BINDSTATUS_MIMETYPEAVAILABLE, L"text/javascript");
       m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");
-      handled = true;
       return INET_E_REDIRECT_FAILED;
     }
-    if (contentType == CFilter::contentTypeXmlHttpRequest && isBlocked)
+    if (CFilter::EContentType::contentTypeXmlHttpRequest == m_contentType)

[Oleksandr, 2014/10/01 09:15:39]

Looks like we don't need a special case for contentTypeXmlHttpRequest do we? The
'if' below will do the same anyway.

     {
       BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
       m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");
-      handled = true;
       return INET_E_REDIRECT_FAILED;
     }
-    if (isBlocked)
+    if (CFilter::EContentType::contentTypeAny != m_contentType)
     {
       BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
-      m_spInternetProtocolSink->ReportResult(S_FALSE, 0, L"");
-      handled = true;
+      m_spInternetProtocolSink->ReportResult(INET_E_REDIRECTING, 301, L"data:");

[Oleksandr, 2014/10/01 09:15:39]

I don't think redirecting all requests to 'data:' is a good idea. This should be
done only for predefined types (contentTypeObject and
contentTypeObjectSubrequest, I think). Otherwise IE might present a download
prompt to the user, if we block CSS, for example. Redirecting to
res://mshtml.dll/blank.htm is a safer option here from my experience.

       return INET_E_REDIRECT_FAILED;
     }
   }
 #endif // SUPPORT_FILTER
 
   return isBlocked ? S_FALSE : BaseClass::OnStart(szUrl, pOIProtSink, pOIBindInfo, grfPI, dwReserved, pTargetProtocol);
 }
 
-
 HRESULT WBPassthruSink::OnRead(void* pv, ULONG cb, ULONG* pcbRead)
 {
   if (nullptr == pv)
   {
     return E_POINTER;
   }
   if (nullptr == pcbRead)
   {
     return E_POINTER;
   }
@@ skipping 45 matching lines @@
   PROTOCOLDATA::grfFlags, eventually URLMon will turn around and call 
   IInternetProtocol::Continue on the main thread. 
 
   Or, if you happen to have a window handy that was created on the main 
   thread, you can post yourself a message.
   "
   */
   return m_spInternetProtocolSink ? m_spInternetProtocolSink->Switch(pProtocolData) : E_UNEXPECTED;
 }
 
-STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR *pszAdditionalHeaders)
+STDMETHODIMP WBPassthruSink::BeginningTransaction(LPCWSTR szURL, LPCWSTR szHeaders, DWORD dwReserved, LPWSTR* pszAdditionalHeaders)
 {
   if (pszAdditionalHeaders)
   {
-    *pszAdditionalHeaders = 0;
+    *pszAdditionalHeaders = nullptr;
   }
 
+  CPluginClient* client = nullptr;
+  if (CFilter::EContentType::contentTypeAny == m_contentType && (client = CPluginClient::GetInstance()))
+  {
+    auto acceptHeader = [&]() -> std::string
+    {
+      ATL::CComPtr<IWinInetHttpInfo> winInetHttpInfo;
+      HRESULT hr = m_spTargetProtocol->QueryInterface(&winInetHttpInfo);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      DWORD size = 0;
+      DWORD flags = 0;
+      hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
+          /*buffer*/nullptr, /* get size */&size, &flags, /*reserved*/ 0);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      std::string buf(size, '\0');
+      hr = winInetHttpInfo->QueryInfo(HTTP_QUERY_RAW_HEADERS_CRLF | HTTP_QUERY_FLAG_REQUEST_HEADERS,
+        &buf[0], &size, &flags, 0);
+      if(FAILED(hr))
+      {
+        return "";
+      }
+      char acceptHeader[] = "Accept:";
+      auto acceptHeaderBeginsAt = buf.find(acceptHeader);
+      if (std::string::npos == acceptHeaderBeginsAt)
+      {
+        return "";
+      }
+      acceptHeaderBeginsAt += sizeof(acceptHeader);
+      auto acceptHeaderEndsAt = buf.find("\n", acceptHeaderBeginsAt);
+      if (std::string::npos == acceptHeaderEndsAt)
+      {
+        return "";
+      }
+      return buf.substr(acceptHeaderBeginsAt, acceptHeaderEndsAt - acceptHeaderBeginsAt);
+    }();
+    m_contentType = GetContentTypeFromMimeType(ATL::CString(acceptHeader.c_str()));
+    bool isBlocked = client->ShouldBlock(szURL, m_contentType, m_boundDomain, /*debug flag but must be set*/true);
+    if (isBlocked)
+    {
+      return E_ABORT;
+    }
+  }
   CComPtr<IHttpNegotiate> spHttpNegotiate;
   QueryServiceFromClient(&spHttpNegotiate);
   return spHttpNegotiate ? spHttpNegotiate->BeginningTransaction(szURL, szHeaders,dwReserved, pszAdditionalHeaders) : S_OK;
 }
 
 STDMETHODIMP WBPassthruSink::OnResponse(DWORD dwResponseCode, LPCWSTR szResponseHeaders, LPCWSTR szRequestHeaders, LPWSTR *pszAdditionalRequestHeaders)
 {
   if (pszAdditionalRequestHeaders)
   {
     *pszAdditionalRequestHeaders = 0;
@@ skipping 43 matching lines @@
 }
 
 STDMETHODIMP WBPassthru::UnlockRequest()
 {
   if (m_shouldSupplyCustomContent)
   {
     return S_OK;
   }
   return PassthroughAPP::CInternetProtocol<WBStartPolicy>::UnlockRequest();
 }