From 46669115dc6d143284ec0f3d73e170e079103d01 Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Sun, 17 Jun 2018 08:22:47 -0400 Subject: [PATCH] code review: various fixes - Ensure REFERER spoofing is always reported in logger - Fixed possible exception thrown when asynchronously reporting cookies --- src/js/background.js | 1 - src/js/cookies.js | 1 + src/js/pagestats.js | 1 + src/js/traffic.js | 27 +++++++++++++-------------- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/js/background.js b/src/js/background.js index e2a64fc..d6450cd 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -237,7 +237,6 @@ return { cookieRemovedCounter: 0, localStorageRemovedCounter: 0, cookieHeaderFoiledCounter: 0, - refererHeaderFoiledCounter: 0, hyperlinkAuditingFoiledCounter: 0, browserCacheClearedCounter: 0, storageUsed: 0, diff --git a/src/js/cookies.js b/src/js/cookies.js index 6e4690e..ffd3ecb 100644 --- a/src/js/cookies.js +++ b/src/js/cookies.js @@ -209,6 +209,7 @@ var recordPageCookie = (function() { if ( pageStore.tabId === '' ) { continue; } for ( let cookieKey of qentry[1] ) { let cookieEntry = cookieDict.get(cookieKey); + if ( cookieEntry === undefined ) { continue; } let block = µm.mustBlock( pageStore.pageHostname, cookieEntry.hostname, diff --git a/src/js/pagestats.js b/src/js/pagestats.js index 33d1ded..28f95c6 100644 --- a/src/js/pagestats.js +++ b/src/js/pagestats.js @@ -123,6 +123,7 @@ PageStore.prototype = { this.distinctRequestCount = 0; this.perLoadAllowedRequestCount = 0; this.perLoadBlockedRequestCount = 0; + this.perLoadBlockedReferrerCount = 0; this.has3pReferrer = false; this.hasMixedContent = false; this.hasNoscriptTags = false; diff --git a/src/js/traffic.js b/src/js/traffic.js index 18a9bcf..eb62c50 100644 --- a/src/js/traffic.js +++ b/src/js/traffic.js @@ -182,7 +182,7 @@ var onBeforeRequestHandler = function(details) { // Sanitize outgoing headers as per user settings. var onBeforeSendHeadersHandler = function(details) { - var µm = µMatrix, + let µm = µMatrix, µmuri = µm.URI, requestURL = details.url, requestScheme = µmuri.schemeFromURI(requestURL); @@ -197,11 +197,10 @@ var onBeforeSendHeadersHandler = function(details) { // to scope on unknown scheme? Etc. // https://github.com/gorhill/httpswitchboard/issues/191 // https://github.com/gorhill/httpswitchboard/issues/91#issuecomment-37180275 - var tabId = details.tabId, + let tabId = details.tabId, pageStore = µm.mustPageStoreFromTabId(tabId), requestType = requestTypeNormalizer[details.type] || 'other', - requestHeaders = details.requestHeaders, - headerIndex, headerValue; + requestHeaders = details.requestHeaders; // https://github.com/gorhill/httpswitchboard/issues/342 // Is this hyperlink auditing? @@ -224,9 +223,9 @@ var onBeforeSendHeadersHandler = function(details) { // With hyperlink-auditing, removing header(s) is pointless, the whole // request must be cancelled. - headerIndex = headerIndexFromName('ping-to', requestHeaders); + let headerIndex = headerIndexFromName('ping-to', requestHeaders); if ( headerIndex !== -1 ) { - headerValue = requestHeaders[headerIndex].value; + let headerValue = requestHeaders[headerIndex].value; if ( headerValue !== '' ) { var block = µm.userSettings.processHyperlinkAuditing; pageStore.recordRequest('other', requestURL + '{Ping-To:' + headerValue + '}', block); @@ -241,7 +240,7 @@ var onBeforeSendHeadersHandler = function(details) { // If we reach this point, request is not blocked, so what is left to do // is to sanitize headers. - var rootHostname = pageStore.pageHostname, + let rootHostname = pageStore.pageHostname, requestHostname = µmuri.hostnameFromURI(requestURL), modified = false; @@ -253,7 +252,7 @@ var onBeforeSendHeadersHandler = function(details) { µm.mustBlock(rootHostname, requestHostname, 'cookie') ) { modified = true; - headerValue = requestHeaders[headerIndex].value; + let headerValue = requestHeaders[headerIndex].value; requestHeaders.splice(headerIndex, 1); µm.cookieHeaderFoiledCounter++; if ( requestType === 'doc' ) { @@ -284,28 +283,28 @@ var onBeforeSendHeadersHandler = function(details) { headerIndex = headerIndexFromName('referer', requestHeaders); if ( headerIndex !== -1 ) { - headerValue = requestHeaders[headerIndex].value; + let headerValue = requestHeaders[headerIndex].value; if ( headerValue !== '' ) { - var toDomain = µmuri.domainFromHostname(requestHostname); + let toDomain = µmuri.domainFromHostname(requestHostname); if ( toDomain !== '' && toDomain !== µmuri.domainFromURI(headerValue) ) { pageStore.has3pReferrer = true; if ( µm.tMatrix.evaluateSwitchZ('referrer-spoof', rootHostname) ) { modified = true; - var newValue; + let newValue; if ( details.method === 'GET' ) { newValue = requestHeaders[headerIndex].value = requestScheme + '://' + requestHostname + '/'; } else { requestHeaders.splice(headerIndex, 1); } - µm.refererHeaderFoiledCounter++; - if ( requestType === 'doc' ) { - pageStore.perLoadBlockedRequestCount++; + if ( pageStore.perLoadBlockedReferrerCount === 0 ) { + pageStore.perLoadBlockedRequestCount += 1; µm.logger.writeOne(tabId, 'net', '', headerValue, 'REFERER', true); if ( newValue !== undefined ) { µm.logger.writeOne(tabId, 'net', '', newValue, 'REFERER', false); } } + pageStore.perLoadBlockedReferrerCount += 1; } } }