Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

IPv4 subnet shortcut matching.

This commit is contained in:
hackademix 2019-10-05 15:42:29 +02:00
parent 9e951a378c
commit 5ee30535c4
2 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/common/Policy.js
View File

@ -3,6 +3,7 @@ var {Permissions, Policy, Sites} = (() => {
const SECURE_DOMAIN_PREFIX = "§:"; const SECURE_DOMAIN_PREFIX = "§:";
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`); const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i"); const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
const IPV4_RX = /^(?:\d+\.){1,3}\d+/;
const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/; const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/;
const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/; const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/;
@ -158,6 +159,7 @@ var {Permissions, Policy, Sites} = (() => {
if (!hostname) return null; if (!hostname) return null;
if (!tld.preserveFQDNs) hostname = tld.normalize(hostname); if (!tld.preserveFQDNs) hostname = tld.normalize(hostname);
let secure = protocol === "https:"; let secure = protocol === "https:";
let isIPv4 = IPV4_RX.test(hostname);
for (let domain = hostname;;) { for (let domain = hostname;;) {
if (this.has(domain)) { if (this.has(domain)) {
return domain; return domain;
@ -168,15 +170,26 @@ var {Permissions, Policy, Sites} = (() => {
return ssDomain; return ssDomain;
} }
} }
if (isIPv4) {
// subnet shortcuts
let dotPos = domain.lastIndexOf(".");
if (!(dotPos > 3 || domain.indexOf(".") < dotPos)) {
break; // we want at least the 2 most significant bytes
}
domain = domain.substring(0, dotPos);
} else {
// (sub)domain matching
let dotPos = domain.indexOf("."); let dotPos = domain.indexOf(".");
if (dotPos === -1) { if (dotPos === -1) {
break; break;
} }
domain = domain.substring(dotPos + 1); // sub domain = domain.substring(dotPos + 1); // upper level
if (!domain) { if (!domain) {
break; break;
} }
} }
}
return null; return null;
} }

6
src/test/Policy_test.js
View File

@ -7,6 +7,9 @@
p1.set("https://flashgot.net", p1.TRUSTED); p1.set("https://flashgot.net", p1.TRUSTED);
p1.set("http://flashgot.net", p1.UNTRUSTED); p1.set("http://flashgot.net", p1.UNTRUSTED);
p1.set("perchè.com", p1.TRUSTED); p1.set("perchè.com", p1.TRUSTED);
p1.set("10", p1.TRUSTED);
p1.set("192.168", p1.TRUSTED);
p1.set("192.168.69", p1.UNTRUSTED)
let p2 = new Policy(p1.dry()); let p2 = new Policy(p1.dry());
debug("p1", JSON.stringify(p1.dry())); debug("p1", JSON.stringify(p1.dry()));
debug("p2", JSON.stringify(p2.dry())); debug("p2", JSON.stringify(p2.dry()));
@ -23,6 +26,9 @@
() => !p1.can("http://secure.informaction.com"), () => !p1.can("http://secure.informaction.com"),
() => p1.can("https://secure.informaction.com"), () => p1.can("https://secure.informaction.com"),
() => p1.can("https://www.secure.informaction.com"), () => p1.can("https://www.secure.informaction.com"),
() => !p1.can("https://192.168.69.1"),
() => !p1.can("https://10.0.0.1"),
() => p1.can("http://192.168.1.2"),
]) Test.run(t); ]) Test.run(t);
Test.report(); Test.report();