Revision 014f2a2f
Added by koszko about 2 years ago
common/misc.js | ||
---|---|---|
45 | 45 |
return Uint8toHex(randomData); |
46 | 46 |
} |
47 | 47 |
|
48 |
function gen_unique(url) |
|
49 |
{ |
|
50 |
return sha256(get_secure_salt() + url); |
|
51 |
} |
|
52 |
|
|
53 | 48 |
function get_secure_salt() |
54 | 49 |
{ |
55 | 50 |
if (is_chrome) |
... | ... | |
58 | 53 |
return browser.runtime.getURL("dummy"); |
59 | 54 |
} |
60 | 55 |
|
61 |
/* |
|
62 |
* stripping url from query and target (everything after `#' or `?' |
|
63 |
* gets removed) |
|
64 |
*/ |
|
65 |
function url_item(url) |
|
66 |
{ |
|
67 |
let url_re = /^([^?#]*).*$/; |
|
68 |
let match = url_re.exec(url); |
|
69 |
return match[1]; |
|
70 |
} |
|
71 |
|
|
72 |
/* |
|
73 |
* Assume a url like: |
|
74 |
* https://example.com/green?illuminati=confirmed#<injected-policy>#winky |
|
75 |
* This function will make it into an object like: |
|
76 |
* { |
|
77 |
* "base_url": "https://example.com/green?illuminati=confirmed", |
|
78 |
* "target": "#<injected-policy>", |
|
79 |
* "target2": "#winky", |
|
80 |
* "policy": <injected-policy-as-js-object>, |
|
81 |
* "current": <boolean-indicating-whether-policy-url-matches> |
|
82 |
* } |
|
83 |
* In case url doesn't have 2 #'s, target2 and target can be set to undefined. |
|
84 |
*/ |
|
85 |
function url_extract_target(url) |
|
56 |
function extract_signed(signature, data, times) |
|
86 | 57 |
{ |
87 |
const url_re = /^([^#]*)((#[^#]*)(#.*)?)?$/; |
|
88 |
const match = url_re.exec(url); |
|
89 |
const targets = { |
|
90 |
base_url: match[1], |
|
91 |
target: match[3] || "", |
|
92 |
target2: match[4] || "" |
|
93 |
}; |
|
94 |
if (!targets.target) |
|
95 |
return targets; |
|
96 |
|
|
97 |
/* %7B -> { */ |
|
98 |
const index = targets.target.indexOf('%7B'); |
|
99 |
if (index === -1) |
|
100 |
return targets; |
|
101 |
|
|
102 | 58 |
const now = new Date(); |
103 |
const sig = targets.target.substring(1, index); |
|
104 |
const policy = targets.target.substring(index); |
|
105 |
if (sig !== sign_policy(policy, now) && |
|
106 |
sig !== sign_policy(policy, now, -1)) |
|
107 |
return targets; |
|
59 |
times ||= [[now], [now, -1]]; |
|
60 |
|
|
61 |
const reductor = |
|
62 |
(ok, time) => ok || signature === sign_data(data, ...time); |
|
63 |
if (!times.reduce(reductor, false)) |
|
64 |
return undefined; |
|
108 | 65 |
|
109 | 66 |
try { |
110 |
targets.policy = JSON.parse(decodeURIComponent(policy)); |
|
111 |
targets.current = targets.policy.base_url === targets.base_url; |
|
67 |
return JSON.parse(decodeURIComponent(data)); |
|
112 | 68 |
} catch (e) { |
113 | 69 |
/* This should not be reached - it's our self-produced valid JSON. */ |
114 | 70 |
console.log("Unexpected internal error - invalid JSON smuggled!", e); |
115 | 71 |
} |
116 |
|
|
117 |
return targets; |
|
118 | 72 |
} |
119 | 73 |
|
120 | 74 |
/* csp rule that blocks all scripts except for those injected by us */ |
121 | 75 |
function csp_rule(nonce) |
122 | 76 |
{ |
123 |
let rule = `script-src 'nonce-${nonce}';`; |
|
124 |
if (is_chrome) |
|
125 |
rule += `script-src-elem 'nonce-${nonce}';`; |
|
126 |
return rule; |
|
77 |
const rule = `'nonce-${nonce}'`; |
|
78 |
return `script-src ${rule}; script-src-elem ${rule}; script-src-attr 'none'; prefetch-src 'none';`; |
|
127 | 79 |
} |
128 | 80 |
|
129 | 81 |
/* |
... | ... | |
149 | 101 |
return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url); |
150 | 102 |
} |
151 | 103 |
|
152 |
/* Sign a given policy for a given time */
|
|
153 |
function sign_policy(policy, now, hours_offset) {
|
|
104 |
/* Sign a given string for a given time */
|
|
105 |
function sign_data(data, now, hours_offset) {
|
|
154 | 106 |
let time = Math.floor(now / 3600000) + (hours_offset || 0); |
155 |
return gen_unique(time + policy);
|
|
107 |
return sha256(get_secure_salt() + time + data);
|
|
156 | 108 |
} |
157 | 109 |
|
158 | 110 |
/* Parse a CSP header */ |
... | ... | |
175 | 127 |
} |
176 | 128 |
|
177 | 129 |
/* Make CSP headers do our bidding, not interfere */ |
178 |
function sanitize_csp_header(header, rule, block)
|
|
130 |
function sanitize_csp_header(header, rule, allow)
|
|
179 | 131 |
{ |
180 | 132 |
const csp = parse_csp(header.value); |
181 | 133 |
|
182 |
if (block) {
|
|
134 |
if (!allow) {
|
|
183 | 135 |
/* No snitching */ |
184 | 136 |
delete csp['report-to']; |
185 | 137 |
delete csp['report-uri']; |
... | ... | |
223 | 175 |
/* |
224 | 176 |
* EXPORTS_START |
225 | 177 |
* EXPORT gen_nonce |
226 |
* EXPORT gen_unique |
|
227 |
* EXPORT url_item |
|
228 |
* EXPORT url_extract_target |
|
229 |
* EXPORT sign_policy |
|
178 |
* EXPORT extract_signed |
|
179 |
* EXPORT sign_data |
|
230 | 180 |
* EXPORT csp_rule |
231 | 181 |
* EXPORT nice_name |
232 | 182 |
* EXPORT open_in_settings |
Also available in: Unified diff
implement smuggling via cookies instead of URL