From 692577bbde5e8110855c022ec913324dfddce9ae Mon Sep 17 00:00:00 2001 From: jahoti Date: Fri, 16 Jul 2021 00:00:00 +0000 Subject: Use URL-based policy smuggling Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a structure. While the details still need to be worked out, the potential for future expansion is there. --- common/misc.js | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) (limited to 'common') diff --git a/common/misc.js b/common/misc.js index 8b56e79..825a117 100644 --- a/common/misc.js +++ b/common/misc.js @@ -2,6 +2,7 @@ * Myext miscellaneous operations refactored to a separate file * * Copyright (C) 2021 Wojtek Kosior + * Copyright (C) 2021 jahoti * Redistribution terms are gathered in the `copyright' file. */ @@ -14,6 +15,14 @@ * IMPORTS_END */ +/* Generate a random base64-encoded 128-bit sequence */ +function gen_nonce() +{ + let randomData = new Uint8Array(16); + crypto.getRandomValues(randomData); + return btoa(String.fromCharCode.apply(null, randomData)); +} + /* * generating unique, per-site value that can be computed synchronously * and is impossible to guess for a malicious website @@ -26,9 +35,9 @@ function gen_unique(url) function get_secure_salt() { if (is_chrome) - return browser.runtime.getManifest().key.substring(0, 50); + return browser.runtime.getManifest().key.substring(0, 36); else - return browser.runtime.getURL("dummy"); + return browser.runtime.getURL("dummy").substr(16, 36); } /* @@ -95,11 +104,34 @@ function is_privileged_url(url) return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url); } +/* Extract any policy present in the URL */ +function url_extract_policy(url) +{ + const targets = url_extract_target(url); + const key = '#' + get_secure_salt(); + targets.sig = key + gen_unique(targets.base_url); + + if (targets.target && targets.target.startsWith(key)) { + targets.signed = true; + if (targets.target.startsWith(targets.sig)) + try { + const policy_string = targets.target.substring(101); + targets.policy = JSON.parse(decodeURIComponent(policy_string)); + } catch (e) { + /* TODO what should happen here? */ + } + } + + return targets; +} + /* * EXPORTS_START + * EXPORT gen_nonce * EXPORT gen_unique * EXPORT url_item * EXPORT url_extract_target + * EXPORT url_extract_policy * EXPORT csp_rule * EXPORT nice_name * EXPORT open_in_settings -- cgit v1.2.3