Revision 692577bb
Added by jahoti about 2 years ago
| common/misc.js | ||
|---|---|---|
| 2 | 2 |
* Myext miscellaneous operations refactored to a separate file |
| 3 | 3 |
* |
| 4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
| 5 |
* Copyright (C) 2021 jahoti |
|
| 5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
| 6 | 7 |
*/ |
| 7 | 8 |
|
| ... | ... | |
| 14 | 15 |
* IMPORTS_END |
| 15 | 16 |
*/ |
| 16 | 17 |
|
| 18 |
/* Generate a random base64-encoded 128-bit sequence */ |
|
| 19 |
function gen_nonce() |
|
| 20 |
{
|
|
| 21 |
let randomData = new Uint8Array(16); |
|
| 22 |
crypto.getRandomValues(randomData); |
|
| 23 |
return btoa(String.fromCharCode.apply(null, randomData)); |
|
| 24 |
} |
|
| 25 |
|
|
| 17 | 26 |
/* |
| 18 | 27 |
* generating unique, per-site value that can be computed synchronously |
| 19 | 28 |
* and is impossible to guess for a malicious website |
| ... | ... | |
| 26 | 35 |
function get_secure_salt() |
| 27 | 36 |
{
|
| 28 | 37 |
if (is_chrome) |
| 29 |
return browser.runtime.getManifest().key.substring(0, 50);
|
|
| 38 |
return browser.runtime.getManifest().key.substring(0, 36);
|
|
| 30 | 39 |
else |
| 31 |
return browser.runtime.getURL("dummy");
|
|
| 40 |
return browser.runtime.getURL("dummy").substr(16, 36);
|
|
| 32 | 41 |
} |
| 33 | 42 |
|
| 34 | 43 |
/* |
| ... | ... | |
| 95 | 104 |
return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url); |
| 96 | 105 |
} |
| 97 | 106 |
|
| 107 |
/* Extract any policy present in the URL */ |
|
| 108 |
function url_extract_policy(url) |
|
| 109 |
{
|
|
| 110 |
const targets = url_extract_target(url); |
|
| 111 |
const key = '#' + get_secure_salt(); |
|
| 112 |
targets.sig = key + gen_unique(targets.base_url); |
|
| 113 |
|
|
| 114 |
if (targets.target && targets.target.startsWith(key)) {
|
|
| 115 |
targets.signed = true; |
|
| 116 |
if (targets.target.startsWith(targets.sig)) |
|
| 117 |
try {
|
|
| 118 |
const policy_string = targets.target.substring(101); |
|
| 119 |
targets.policy = JSON.parse(decodeURIComponent(policy_string)); |
|
| 120 |
} catch (e) {
|
|
| 121 |
/* TODO what should happen here? */ |
|
| 122 |
} |
|
| 123 |
} |
|
| 124 |
|
|
| 125 |
return targets; |
|
| 126 |
} |
|
| 127 |
|
|
| 98 | 128 |
/* |
| 99 | 129 |
* EXPORTS_START |
| 130 |
* EXPORT gen_nonce |
|
| 100 | 131 |
* EXPORT gen_unique |
| 101 | 132 |
* EXPORT url_item |
| 102 | 133 |
* EXPORT url_extract_target |
| 134 |
* EXPORT url_extract_policy |
|
| 103 | 135 |
* EXPORT csp_rule |
| 104 | 136 |
* EXPORT nice_name |
| 105 | 137 |
* EXPORT open_in_settings |
Also available in: Unified diff
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.