From 7f67bd5e2b624a311b8914519cd3b5cea5d8d9dc Mon Sep 17 00:00:00 2001 From: Kuba Orlik Date: Mon, 22 Nov 2021 18:23:11 +0100 Subject: [PATCH] Signal which entries expose origin or are part of a request that exposes origin --- extended-request.ts | 34 +++++++++++++++++++++++---------- sidebar/stolen-data-cluster.tsx | 25 ++++++++++++------------ stolen-data-entry.ts | 15 ++++++++++----- 3 files changed, 46 insertions(+), 28 deletions(-) diff --git a/extended-request.ts b/extended-request.ts index 2a89421..6bc3226 100644 --- a/extended-request.ts +++ b/extended-request.ts @@ -128,19 +128,33 @@ export default class ExtendedRequest { } exposesOrigin() { - const url = new URL(this.origin); + const url = new URL(this.originalURL); const host = url.host; const path = url.pathname; const shorthost = getshorthost(host); - return ( - this.getReferer().includes(host) || - this.stolenData.filter( - (entry) => - entry.value.includes(host) || - entry.value.includes(path) || - entry.value.includes(shorthost) - ).length > 0 - ); + if (this.getReferer().includes(shorthost)) { + return true; + } + for (const entry of this.stolenData) { + if ( + entry.value.includes(host) || + entry.value.includes(path) || + entry.value.includes(shorthost) + ) { + console.log( + "request", + this.data.url, + "exposes origin in ", + entry, + ". Checked", + host, + path, + shorthost + ); + return true; + } + } + return false; } private getAllStolenData(): StolenDataEntry[] { diff --git a/sidebar/stolen-data-cluster.tsx b/sidebar/stolen-data-cluster.tsx index 5b344a7..71836bb 100644 --- a/sidebar/stolen-data-cluster.tsx +++ b/sidebar/stolen-data-cluster.tsx @@ -44,19 +44,10 @@ const icons: Record = { header: "H", }; -function StolenDataRow({ - entry, - cluster, -}: { - entry: StolenDataEntry; - cluster: RequestCluster; -}) { +function StolenDataRow({ entry }: { entry: StolenDataEntry }) { const [version] = useEmitter(entry); return ( - + {entry.name} - {[entry.source].map((source) => icons[source])} + + {[entry.source].map((source) => icons[source])} + {entry.exposesOrigin() ? ( + 🔴 + ) : entry.request.exposesOrigin() ? ( + + 🟡 + + ) : null} + @@ -126,7 +126,6 @@ export default function StolenDataCluster({ diff --git a/stolen-data-entry.ts b/stolen-data-entry.ts index 4c6cf82..43d62bc 100644 --- a/stolen-data-entry.ts +++ b/stolen-data-entry.ts @@ -4,6 +4,7 @@ import ExtendedRequest, { HAREntry } from "./extended-request"; import { getshorthost, + isBase64, isBase64JSON, isJSONObject, isURL, @@ -28,7 +29,7 @@ const id = (function* id() { } })(); -export type DecodingSchema = "base64"; +export type DecodingSchema = "base64" | "raw"; export class StolenDataEntry extends EventEmitter { public isIAB = false; @@ -36,7 +37,8 @@ export class StolenDataEntry extends EventEmitter { public id: number; private marked = false; public classification: keyof typeof Classifications; - public decoding_applied: DecodingSchema = null; + public decoding_applied: DecodingSchema = "raw"; + public decodings_available: DecodingSchema[] = ["raw"]; constructor( public request: ExtendedRequest, @@ -52,9 +54,8 @@ export class StolenDataEntry extends EventEmitter { super(); this.id = id.next().value as number; this.classification = this.classify(); - if (isBase64JSON(value)) { - this.value = atob(value); - this.decoding_applied = "base64"; + if (isBase64(value)) { + this.decodings_available.push("base64"); } } @@ -213,4 +214,8 @@ export class StolenDataEntry extends EventEmitter { getUniqueKey() { return this.request.shorthost + ";" + this.name + ";" + this.value; } + + exposesOrigin(): boolean { + return this.value.includes(getshorthost(this.request.origin)); + } }