diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2022-06-10 14:53:31 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2022-06-10 14:53:31 +0200 |
| commit | 051d2472407c1dc1e6c2b88a00be04fe77da8919 (patch) | |
| tree | daec6d822a65d9e9747a69a692fd608419cc8e0a | |
| parent | f8dedf60638bffde3f92116db3f418d2e6260e80 (diff) | |
| parent | d9441412a6052e5fb057d01b745208070f8bdfd4 (diff) | |
| download | browser-extension-051d2472407c1dc1e6c2b88a00be04fe77da8919.tar.gz browser-extension-051d2472407c1dc1e6c2b88a00be04fe77da8919.zip | |
merge support for CORS bypassing and eval()
| -rw-r--r-- | Makefile.in | 13 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | background/stream_filter.js | 13 | ||||
| -rw-r--r-- | common/patterns.js | 2 | ||||
| -rw-r--r-- | common/sha256.js | 32 | ||||
| -rw-r--r-- | test/haketilo_test/unit/test_patterns.py | 15 | ||||
| -rwxr-xr-x | upload_amo.sh | 2 | ||||
| -rw-r--r-- | version | 2 | ||||
| -rw-r--r-- | version_chromium | 2 |
9 files changed, 34 insertions, 49 deletions
diff --git a/Makefile.in b/Makefile.in index 48335a9..8f77085 100644 --- a/Makefile.in +++ b/Makefile.in @@ -36,7 +36,7 @@ default: $(default_target) install install-html install-dvi install-pdf install-ps uninstall \ install-strip clean distclean mostlyclean maintainer-clean TAGS info \ dvi html pdf ps dist check installcheck installdirs \ - test-prepare test test-environment haketilo-$(version).tar + test-prepare test test-environment haketilo-$(version).tar.gz # core files icons/haketilo16.png: icons/haketilo.svg @@ -99,7 +99,7 @@ clean mostlyclean: rm -f mozilla-build.zip chromium-build.zip exports_init.js rm -rf pytest.ini certs injected_scripts geckodriver.log rm -rf certs/ test__pycache__/ .pytest_cache/ - rm -f *.tar *.tar.gz + rm -f *.tar.gz distclean: clean rm -f Makefile config.status record.conf @@ -119,19 +119,16 @@ $(srcdir)/FILES.txt: $(srcdir)/.git printf 'FILES.txt\n' >> $@; \ fi -haketilo-$(version).tar: FILES.txt +haketilo-$(version).tar.gz: FILES.txt HERE="$$(pwd)"; \ cd "$(srcdir)"; \ - tar -caf "$$HERE/$@" --transform='s_^_haketilo-$(version)/_' \ + tar -czf "$$HERE/$@" --transform='s_^_haketilo-$(version)/_' \ $$(cat FILES.txt) -haketilo-$(version).tar.gz: haketilo-$(version).tar - gzip < haketilo-$(version).tar > haketilo-$(version).tar.gz - dist: haketilo-$(version).tar.gz # Files for constructing the makefile -Makefile: config.status Makefile.in record.conf +Makefile: config.status Makefile.in record.conf version ./config.status config.status: write_makefile.sh @@ -114,7 +114,7 @@ make test-prepare python3 -m pytest -vv -k popup ``` -As of Haketilo 1.0-beta1 some tests may spuriously fail. This is the result it being notoriously difficult to avoid some weirdnesses when driving Firefox using Selenium. To make sure a failed test is not the result of some more serious bug, you might want to rerun the test suite. +As of Haketilo 1.0 some tests may spuriously fail. This is the result it being notoriously difficult to avoid some weirdnesses when driving Firefox using Selenium. To make sure a failed test is not the result of some more serious bug, you might want to rerun the test suite. ### Setting up an environment for manual testing diff --git a/background/stream_filter.js b/background/stream_filter.js index 921523a..b7879ea 100644 --- a/background/stream_filter.js +++ b/background/stream_filter.js @@ -35,7 +35,7 @@ function validate_encoding(charset) { try { - new TextDecoder(); + new TextDecoder(charset); return charset; } catch(e) { return undefined; @@ -44,7 +44,7 @@ function validate_encoding(charset) function is_content_type_header(header) { - header.name.toLowerCase().trim() === "content-type"; + return header.name.toLowerCase().trim() === "content-type"; } const charset_reg = /;\s*charset\s*=\s*([\w-]+)/i; @@ -55,7 +55,8 @@ function properties_from_headers(headers) for (const header of headers.filter(is_content_type_header)) { const match = charset_reg.exec(header.value); - if (!properties.detected_charset && validate_encoding(match[1])) + if (match && !properties.detected_charset && + validate_encoding(match[1])) properties.detected_charset = match[1]; if (/html/i.test(header.value)) @@ -105,7 +106,11 @@ function charset_from_meta_tags(doc) function create_decoder(properties, data) { let charset = charset_from_BOM(data) || properties.detected_charset; - if (!charset && data.indexOf(0) !== -1) { + + if (charset) + return new TextDecoder(charset); + + if (data.indexOf(0) !== -1) { console.warn("Haketilo: zeroes in bytestream, probable cached encoding mismatch. Trying to decode it as UTF-16.", properties); return new TextDecoder("utf-16be"); diff --git a/common/patterns.js b/common/patterns.js index 9e9d387..7381cdd 100644 --- a/common/patterns.js +++ b/common/patterns.js @@ -192,7 +192,7 @@ const patterns_doc_url = function reconstruct_url(deco) { - const domain = deco.domain.join("."); + const domain = (deco.domain || []).join("."); const path = ["", ...deco.path].join("/"); const trail = deco.trailing_slash ? "/" : ""; return `${deco.proto}://${domain}${path}${trail}`; diff --git a/common/sha256.js b/common/sha256.js index 5149f97..13c8c7c 100644 --- a/common/sha256.js +++ b/common/sha256.js @@ -36,10 +36,7 @@ if (root.JS_SHA256_NO_WINDOW) { WINDOW = false; } var WEB_WORKER = !WINDOW && typeof self === 'object'; -var NODE_JS = !root.JS_SHA256_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node; -if (NODE_JS) { - root = global; -} else if (WEB_WORKER) { +if (WEB_WORKER) { root = self; } var COMMON_JS = !root.JS_SHA256_NO_COMMON_JS && typeof module === 'object' && module.exports; @@ -82,9 +79,6 @@ var createOutputMethod = function (outputType, is224) { var createMethod = function (is224) { var method = createOutputMethod('hex', is224); - if (NODE_JS) { - method = nodeWrap(method, is224); - } method.create = function () { return new Sha256(is224); }; @@ -98,30 +92,6 @@ var createMethod = function (is224) { return method; }; -var nodeWrap = function (method, is224) { - var crypto = eval("require('crypto')"); - var Buffer = eval("require('buffer').Buffer"); - var algorithm = is224 ? 'sha224' : 'sha256'; - var nodeMethod = function (message) { - if (typeof message === 'string') { - return crypto.createHash(algorithm).update(message, 'utf8').digest('hex'); - } else { - if (message === null || message === undefined) { - throw new Error(ERROR); - } else if (message.constructor === ArrayBuffer) { - message = new Uint8Array(message); - } - } - if (Array.isArray(message) || ArrayBuffer.isView(message) || - message.constructor === Buffer) { - return crypto.createHash(algorithm).update(new Buffer(message)).digest('hex'); - } else { - return method(message); - } - }; - return nodeMethod; -}; - var createHmacOutputMethod = function (outputType, is224) { return function (key, message) { return new HmacSha256(key, is224, true).update(message)[outputType](); diff --git a/test/haketilo_test/unit/test_patterns.py b/test/haketilo_test/unit/test_patterns.py index f2eeaf8..2ba4dce 100644 --- a/test/haketilo_test/unit/test_patterns.py +++ b/test/haketilo_test/unit/test_patterns.py @@ -103,6 +103,9 @@ def test_deconstruct_url(execute_in_page): assert deco['domain'] == ['example', 'com'] assert deco['path'] == ['a', 'b'] + reco = execute_in_page('returnval(reconstruct_url(arguments[0]));', deco) + assert reco == 'https://example.com/a/b' + deco = execute_in_page('returnval(deconstruct_url(arguments[0]));', 'http://**.example.com/') assert deco @@ -111,6 +114,9 @@ def test_deconstruct_url(execute_in_page): assert deco['domain'] == ['**', 'example', 'com'] assert deco['path'] == [] + reco = execute_in_page('returnval(reconstruct_url(arguments[0]));', deco) + assert reco == 'http://**.example.com/' + deco = execute_in_page('returnval(deconstruct_url(arguments[0]));', 'ftp://user@ftp.example.com/all///passwords.txt/') assert deco @@ -119,6 +125,9 @@ def test_deconstruct_url(execute_in_page): assert deco['domain'] == ['ftp', 'example', 'com'] assert deco['path'] == ['all', 'passwords.txt'] + reco = execute_in_page('returnval(reconstruct_url(arguments[0]));', deco) + assert reco == 'ftp://ftp.example.com/all/passwords.txt/' + deco = execute_in_page('returnval(deconstruct_url(arguments[0]));', 'ftp://mirror.edu.pl.eu.org') assert deco @@ -127,6 +136,9 @@ def test_deconstruct_url(execute_in_page): assert deco['domain'] == ['mirror', 'edu', 'pl', 'eu', 'org'] assert deco['path'] == [] + reco = execute_in_page('returnval(reconstruct_url(arguments[0]));', deco) + assert reco == 'ftp://mirror.edu.pl.eu.org' + deco = execute_in_page('returnval(deconstruct_url(arguments[0]));', 'file:///mnt/parabola_chroot///etc/passwd') assert deco @@ -135,6 +147,9 @@ def test_deconstruct_url(execute_in_page): assert deco['path'] == ['mnt', 'parabola_chroot', 'etc', 'passwd'] assert 'domain' not in deco + reco = execute_in_page('returnval(reconstruct_url(arguments[0]));', deco) + assert reco == 'file:///mnt/parabola_chroot/etc/passwd' + for bad_url in [ '://bad-url.missing/protocol', 'http:/example.com/a/b', diff --git a/upload_amo.sh b/upload_amo.sh index 3739c9c..4aff80e 100755 --- a/upload_amo.sh +++ b/upload_amo.sh @@ -15,8 +15,6 @@ set -e -. ./shell_utils.sh - _PROG_NAME="$0" OPERATION="$1" API_KEY="$2" @@ -1 +1 @@ -"1.0-beta2" +"1.0" diff --git a/version_chromium b/version_chromium index fbaa389..ea1da60 100644 --- a/version_chromium +++ b/version_chromium @@ -1 +1 @@ -"0.65536.2" +"1.0" |