/ - Diff - Haketilo - Hydrilla issue tracker

+    }
     #EXPORT get_used_files AS get_files
     /*
      * Regex to parse URIs like:
      *     https://hydrilla.koszko.org/schemas/api_mapping_description-2.schema.json
      */
     const name_base_re    = "(?<name_base>[^/]*)";
     const major_number_re = "(?<major>[1-9][0-9]*)";
     const minor_number_re = "(?:[1-9][0-9]*|0)";
     const numbers_rest_re = `(?:\\.${minor_number_re})*`;
     const version_re      = `(?<ver>${major_number_re}${numbers_rest_re})`;
     const schema_name_re  = `${name_base_re}-${version_re}\\.schema\\.json`;
     const haketilo_schema_name_regex = new RegExp(schema_name_re);
     #EXPORT haketilo_schema_name_regex
     /* Extract the number that indicates entity's compatibility mode. */
     function get_schema_major_version(instance) {
         const match = haketilo_schema_name_regex.exec(instance.$schema);
         return parseInt(match.groups.major);
+    }
     #EXPORT get_schema_major_version
     #IF NEVER
     /*

     #FROM common/jsonschema/scan.js IMPORT SchemaScanResult, scan
     #FROM common/entities.js IMPORT haketilo_schema_name_regex
     #EXPORT scan
     #EXPORT SchemaScanResult
-...
     #INCLUDE schemas/2.x/common_definitions-2.schema.json
     ].reduce((ac, s) => Object.assign(ac, {[s.$id]: s}), {});
     const name_base_re    = "(?<name_base>[^/]*)";
     const major_number_re = "(?<major>[1-9][0-9]*)";
     const minor_number_re = "(?:[1-9][0-9]*|0)";
     const numbers_rest_re = `(?:\\.${minor_number_re})*`;
     const version_re      = `(?<ver>${major_number_re}${numbers_rest_re})`;
     const schema_name_re  = `${name_base_re}-${version_re}\\.schema\\.json`;
     const haketilo_schema_name_regex = new RegExp(schema_name_re);
     for (const [$id, schema] of [...Object.entries(haketilo_schemas)]) {
         const match = haketilo_schema_name_regex.exec($id);
         const schema_name =
-...
+    }
     #EXPORT haketilo_schemas
     #EXPORT haketilo_schema_name_regex
     const haketilo_validator = new Validator();
     Object.values(haketilo_schemas)

      * CSP rule that either blocks all scripts or only allows scripts with specified
      * nonce attached.
      */
     function make_csp(nonce)
+    {
         const rule = nonce ? `nonce-${nonce}` : "none";
     function make_csp(nonce) {
         const rule = nonce ? `'nonce-${nonce}'` : "'none'";
         const csp_list = [
     	["prefetch-src",    "none"],
     	["script-src-attr", "none"],
     	["script-src",      rule],
     	["prefetch-src",    "'none'"],
     	["script-src-attr", "'none'"],
     	["script-src",      rule, "'unsafe-eval'"],
     	["script-src-elem", rule]
         ];
         return csp_list.map(([a, b]) => `${a} '${b}';`).join(" ");
         return csp_list.map(words => `${words.join(" ")};`).join(" ");
+    }
     function decide_policy(patterns_tree, url, default_allow, secret)
-...
     #EXPORT decide_policy
     #EXPORT  () => ({allow: false, csp: make_csp()})  AS fallback_policy
     #IF NEVER
     /*
      * Note: the functions below were overeagerly written and are not used now but
      * might prove useful to once we add more functionalities and are hence kept...
      */
     function relaxed_csp_eval(csp) {
         const new_csp_list = [];
         for (const directive of csp.split(";")) {
     	const directive_words = directive.trim().split(" ");
     	if (directive_words[0] === "script-src")
     	    directive_words.push("'unsafe-eval'");
     	new_csp_list.push(directive_words);
+        }
         new_policy.csp = new_csp_list.map(d => `${d.join(" ")}';`).join(" ");
+    }
     function relax_policy_eval(policy) {
         const new_policy = Object.assign({}, policy);
         return Object.assign(new_policy, {csp: relaxed_csp_eval(policy.csp)});
+    }
     #EXPORT relax_policy_eval
     #ENDIF

     #FROM html/DOM_helpers.js  IMPORT clone_template, Showable
     #FROM common/entities.js   IMPORT item_id_string, version_string, get_files
     #FROM common/misc.js       IMPORT sha256_async AS compute_sha256
     #FROM common/jsonschema.js IMPORT haketilo_validator, haketilo_schemas, \
                                       haketilo_schema_name_regex
     #FROM common/jsonschema.js IMPORT haketilo_validator, haketilo_schemas
     #FROM common/entities.js   IMPORT haketilo_schema_name_regex
     #FROM html/repo_query_cacher_client.js IMPORT indirect_fetch

     from ..script_loader import load_script
     csp_re = re.compile(r'^\S+\s+\S+;(?:\s+\S+\s+\S+;)*$')
     rule_re = re.compile(r'^\s*(?P<src_kind>\S+)\s+(?P<allowed_origins>\S+)$')
     csp_re = re.compile(r'''
+    ^
     \S+(?:\s+\S+)+;      # first directive
     (?:
       \s+\S+(?:\s+\S+)+; # subsequent directive
     )*
+    $
     ''',
     re.VERBOSE)
     rule_re = re.compile(r'''
+    ^
     \s*
     (?P<src_kind>\S+)
     \s+
     (?P<allowed_origins>
       \S+(?:\s+\S+)*
+    )
+    $
     ''', re.VERBOSE)
     def parse_csp(csp):
         '''
         Parsing of CSP string into a dict. A simplified format of CSP is assumed.
         '''
         '''Parsing of CSP string into a dict.'''
         assert csp_re.match(csp)
         result = {}
         for rule in csp.split(';')[:-1]:
             match = rule_re.match(rule)
             result[match.group('src_kind')] = match.group('allowed_origins')
             result[match.group('src_kind')] = match.group('allowed_origins').split()
         return result
-...
         for prop in ('mapping', 'payload', 'nonce', 'error'):
             assert prop not in policy
         assert parse_csp(policy['csp']) == {
             'prefetch-src':    "'none'",
             'script-src-attr': "'none'",
             'script-src':      "'none'",
             'script-src-elem': "'none'"
             'prefetch-src':    ["'none'"],
             'script-src-attr': ["'none'"],
             'script-src':      ["'none'", "'unsafe-eval'"],
             'script-src-elem': ["'none'"]
+        }
         policy = execute_in_page(
-...
         for prop in ('payload', 'nonce', 'error'):
             assert prop not in policy
         assert parse_csp(policy['csp']) == {
             'prefetch-src':    "'none'",
             'script-src-attr': "'none'",
             'script-src':      "'none'",
             'script-src-elem': "'none'"
             'prefetch-src':    ["'none'"],
             'script-src-attr': ["'none'"],
             'script-src':      ["'none'", "'unsafe-eval'"],
             'script-src-elem': ["'none'"]
+        }
         policy = execute_in_page(
-...
         assert policy['nonce'] == \
             sha256('m1:res1:http://kno.wn/:abcd'.encode()).digest().hex()
         assert parse_csp(policy['csp']) == {
             'prefetch-src':    f"'none'",
             'script-src-attr': f"'none'",
             'script-src':      f"'nonce-{policy['nonce']}'",
             'script-src-elem': f"'nonce-{policy['nonce']}'"
             'prefetch-src':    ["'none'"],
             'script-src-attr': ["'none'"],
             'script-src':      [f"'nonce-{policy['nonce']}'", "'unsafe-eval'"],
             'script-src-elem': [f"'nonce-{policy['nonce']}'"]
+        }
         policy = execute_in_page(
-...
         for prop in ('mapping', 'payload', 'nonce'):
             assert prop not in policy
         assert parse_csp(policy['csp']) == {
             'prefetch-src':    "'none'",
             'script-src-attr': "'none'",
             'script-src':      "'none'",
             'script-src-elem': "'none'"
             'prefetch-src':    ["'none'"],
             'script-src-attr': ["'none'"],
             'script-src':      ["'none'", "'unsafe-eval'"],
             'script-src-elem': ["'none'"]
+        }

     allow_policy = {'allow': True}
     block_policy = {
         'allow': False,
         'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none'; script-src-elem 'none'; frame-src http://* https://*;"
         'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none' 'unsafe-eval'; script-src-elem 'none'; frame-src http://* https://*;"
+    }
     payload_policy = {
         'mapping': 'somemapping',
         'payload': {'identifier': 'someresource'},
         'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}'; script-src-elem 'nonce-{nonce}';"
         'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}' 'unsafe-eval'; script-src-elem 'nonce-{nonce}';"
+    }
     def content_script():

     payload_csp_header = {
         'name': f'Content-Security-Policy',
         'value': ("prefetch-src 'none'; script-src-attr 'none'; "
                   f"script-src '{nonce}'; script-src-elem '{nonce}';")
                   f"script-src '{nonce}' 'unsafe-eval'; script-src-elem '{nonce}';")
+    }
     sample_payload_headers = [
-...
     sample_blocked_headers.append({
         'name': f'Content-Security-Policy',
         'value': ("prefetch-src 'none'; script-src-attr 'none'; "
                   f"script-src 'none'; script-src-elem 'none';")
                   "script-src 'none' 'unsafe-eval'; script-src-elem 'none';")
     })
     @pytest.mark.get_page('https://gotmyowndoma.in')

             return driver.execute_script(
                 '''
                 document.haketilo_scripts_allowed = false;
                 document.haketilo_eval_allowed = false;
                 const html_ns = "http://www.w3.org/1999/xhtml";
                 const script = document.createElementNS(html_ns, "script");
                 script.innerHTML = "document.haketilo_scripts_allowed = true;";
                 script.innerHTML = `
                     document.haketilo_scripts_allowed = true;
                     eval('document.haketilo_eval_allowed = true;');
                 `;
                 if (arguments[0])
                     script.setAttribute("nonce", arguments[0]);
                 (document.head || document.documentElement).append(script);
                 if (document.haketilo_scripts_allowed !=
                     document.haketilo_eval_allowed)
                     throw "scripts allowed but eval blocked";
                 return document.haketilo_scripts_allowed;
                 ''',
                 nonce)

         'id_suffix':         'a-w-required-mapping-v1',
         'files_count':       1,
         'dependencies':      [],
         'required_mappings': [{'identifier': 'mapping-a'}]
         'required_mappings': [{'identifier': 'mapping-a'}],
         'include_in_query':  False
     })
     sample_resource_templates.append({
-...
         'files_count':       1,
         'dependencies':      [],
         'required_mappings': [{'identifier': 'mapping-a'}],
         'schema_ver':        '2'
         'schema_ver':        '2',
         'include_in_query':  False
     })
     sample_resources_catalog = {}
-...
         sufs = [srt["id_suffix"], *[l for l in srt["id_suffix"] if l.isalpha()]]
         patterns = [f'https://example_{suf}.com/*' for suf in set(sufs)]
         payloads = {}
         mapping['payloads'] = {}
         for pat in patterns:
             payloads[pat] = {'identifier': resource['identifier']}
             mapping['payloads'][pat] = {'identifier': resource['identifier']}
             queryable_url = pat.replace('*', 'something')
             if queryable_url not in sample_queries:
                 sample_queries[queryable_url] = []
             if not srt.get('include_in_query', True):
                 continue
             sample_queries[queryable_url].append({
             sample_queries.setdefault(pat.replace('*', 'something'), []).append({
                 'identifier': mapping['identifier'],
                 'long_name':  mapping['long_name'],
                 'version':    mapping_versions[1]
             })
         mapping['payloads'] = payloads
         for item in resource, mapping:
             if 'required_mappings' in srt:
                 item['required_mappings'] = srt['required_mappings']

Project

General

Profile

Haketilo

Revision f8dedf60

Added by koszko about 1 year ago