blob: 6cded84bcc8b17c164d6a1da3fdc4718a2a12da3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
/**
* Hachette miscellaneous operations refactored to a separate file
*
* Copyright (C) 2021 Wojtek Kosior
* Copyright (C) 2021 jahoti
* Redistribution terms are gathered in the `copyright' file.
*/
/*
* IMPORTS_START
* IMPORT browser
* IMPORT TYPE_NAME
* IMPORT TYPE_PREFIX
* IMPORTS_END
*/
/* Generate a random base64-encoded 128-bit sequence */
function gen_nonce()
{
let randomData = new Uint8Array(16);
crypto.getRandomValues(randomData);
return btoa(String.fromCharCode.apply(null, randomData));
}
/*
* generating unique, per-site value that can be computed synchronously
* and is impossible to guess for a malicious website
*/
/* Uint8toHex is a separate function not exported as (a) it's useful and (b) it will be used in crypto.subtle-based digests */
function Uint8toHex(data)
{
let returnValue = '';
for (let byte of data)
returnValue += ('00' + byte.toString(16)).slice(-2);
return returnValue;
}
function gen_nonce(length=16)
{
let randomData = new Uint8Array(length);
crypto.getRandomValues(randomData);
return Uint8toHex(randomData);
}
/* CSP rule that blocks scripts according to policy's needs. */
function make_csp_rule(policy)
{
let rule = "prefetch-src 'none'; script-src-attr 'none';";
const script_src = policy.has_payload ?
`'nonce-${policy.nonce}'` : "'none'";
rule += ` script-src ${script_src}; script-src-elem ${script_src};`;
return rule;
}
/* Check if some HTTP header might define CSP rules. */
const csp_header_regex =
/^\s*(content-security-policy|x-webkit-csp|x-content-security-policy)/i;
/*
* Print item together with type, e.g.
* nice_name("s", "hello") → "hello (script)"
*/
function nice_name(prefix, name)
{
return `${name} (${TYPE_NAME[prefix]})`;
}
/* Open settings tab with given item's editing already on. */
function open_in_settings(prefix, name)
{
name = encodeURIComponent(name);
const url = browser.runtime.getURL("html/options.html#" + prefix + name);
window.open(url, "_blank");
}
/*
* Check if url corresponds to a browser's special page (or a directory index in
* case of `file://' protocol).
*/
const privileged_reg =
/^(chrome(-extension)?|moz-extension):\/\/|^about:|^file:\/\/.*\/$/;
const is_privileged_url = url => privileged_reg.test(url);
/* Parse a CSP header */
function parse_csp(csp) {
let directive, directive_array;
let directives = {};
for (directive of csp.split(';')) {
directive = directive.trim();
if (directive === '')
continue;
directive_array = directive.split(/\s+/);
directive = directive_array.shift();
/* The "true" case should never occur; nevertheless... */
directives[directive] = directive in directives ?
directives[directive].concat(directive_array) :
directive_array;
}
return directives;
}
/* Regexes and objects to use as/in schemas for parse_json_with_schema(). */
const nonempty_string_matcher = /.+/;
const matchers = {
sha256: /^[0-9a-f]{64}$/,
nonempty_string: nonempty_string_matcher,
component: [
new RegExp(`^[${TYPE_PREFIX.SCRIPT}${TYPE_PREFIX.BAG}]$`),
nonempty_string_matcher
]
};
/*
* EXPORTS_START
* EXPORT gen_nonce
* EXPORT make_csp_rule
* EXPORT csp_header_regex
* EXPORT nice_name
* EXPORT open_in_settings
* EXPORT is_privileged_url
* EXPORT matchers
* EXPORTS_END
*/
|
