Signal which entries expose origin or are part of a request that
exposes origin
This commit is contained in:
parent
68078546fa
commit
7f67bd5e2b
@ -128,19 +128,33 @@ export default class ExtendedRequest {
|
||||
}
|
||||
|
||||
exposesOrigin() {
|
||||
const url = new URL(this.origin);
|
||||
const url = new URL(this.originalURL);
|
||||
const host = url.host;
|
||||
const path = url.pathname;
|
||||
const shorthost = getshorthost(host);
|
||||
return (
|
||||
this.getReferer().includes(host) ||
|
||||
this.stolenData.filter(
|
||||
(entry) =>
|
||||
entry.value.includes(host) ||
|
||||
entry.value.includes(path) ||
|
||||
entry.value.includes(shorthost)
|
||||
).length > 0
|
||||
);
|
||||
if (this.getReferer().includes(shorthost)) {
|
||||
return true;
|
||||
}
|
||||
for (const entry of this.stolenData) {
|
||||
if (
|
||||
entry.value.includes(host) ||
|
||||
entry.value.includes(path) ||
|
||||
entry.value.includes(shorthost)
|
||||
) {
|
||||
console.log(
|
||||
"request",
|
||||
this.data.url,
|
||||
"exposes origin in ",
|
||||
entry,
|
||||
". Checked",
|
||||
host,
|
||||
path,
|
||||
shorthost
|
||||
);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private getAllStolenData(): StolenDataEntry[] {
|
||||
|
@ -44,19 +44,10 @@ const icons: Record<Sources, string> = {
|
||||
header: "H",
|
||||
};
|
||||
|
||||
function StolenDataRow({
|
||||
entry,
|
||||
cluster,
|
||||
}: {
|
||||
entry: StolenDataEntry;
|
||||
cluster: RequestCluster;
|
||||
}) {
|
||||
function StolenDataRow({ entry }: { entry: StolenDataEntry }) {
|
||||
const [version] = useEmitter(entry);
|
||||
return (
|
||||
<tr
|
||||
data-key={origin + cluster.id + entry.getUniqueKey()}
|
||||
data-version={version}
|
||||
>
|
||||
<tr data-key={entry.id} data-version={version}>
|
||||
<td>
|
||||
<input
|
||||
type="checkbox"
|
||||
@ -73,7 +64,16 @@ function StolenDataRow({
|
||||
>
|
||||
{entry.name}
|
||||
</th>
|
||||
<td>{[entry.source].map((source) => icons[source])}</td>
|
||||
<td style={{ whiteSpace: "nowrap" }}>
|
||||
{[entry.source].map((source) => icons[source])}
|
||||
{entry.exposesOrigin() ? (
|
||||
<span title="Pokazuje część historii przeglądania">🔴</span>
|
||||
) : entry.request.exposesOrigin() ? (
|
||||
<span title="Jest częścią zapytania, które ujawnia historię przeglądania">
|
||||
🟡
|
||||
</span>
|
||||
) : null}
|
||||
</td>
|
||||
<td style={{ wordWrap: "anywhere" as any }}>
|
||||
<StolenDataValue entry={entry} />
|
||||
</td>
|
||||
@ -126,7 +126,6 @@ export default function StolenDataCluster({
|
||||
<StolenDataRow
|
||||
{...{
|
||||
entry,
|
||||
cluster,
|
||||
key: entry.id,
|
||||
}}
|
||||
/>
|
||||
|
@ -4,6 +4,7 @@ import ExtendedRequest, { HAREntry } from "./extended-request";
|
||||
|
||||
import {
|
||||
getshorthost,
|
||||
isBase64,
|
||||
isBase64JSON,
|
||||
isJSONObject,
|
||||
isURL,
|
||||
@ -28,7 +29,7 @@ const id = (function* id() {
|
||||
}
|
||||
})();
|
||||
|
||||
export type DecodingSchema = "base64";
|
||||
export type DecodingSchema = "base64" | "raw";
|
||||
|
||||
export class StolenDataEntry extends EventEmitter {
|
||||
public isIAB = false;
|
||||
@ -36,7 +37,8 @@ export class StolenDataEntry extends EventEmitter {
|
||||
public id: number;
|
||||
private marked = false;
|
||||
public classification: keyof typeof Classifications;
|
||||
public decoding_applied: DecodingSchema = null;
|
||||
public decoding_applied: DecodingSchema = "raw";
|
||||
public decodings_available: DecodingSchema[] = ["raw"];
|
||||
|
||||
constructor(
|
||||
public request: ExtendedRequest,
|
||||
@ -52,9 +54,8 @@ export class StolenDataEntry extends EventEmitter {
|
||||
super();
|
||||
this.id = id.next().value as number;
|
||||
this.classification = this.classify();
|
||||
if (isBase64JSON(value)) {
|
||||
this.value = atob(value);
|
||||
this.decoding_applied = "base64";
|
||||
if (isBase64(value)) {
|
||||
this.decodings_available.push("base64");
|
||||
}
|
||||
}
|
||||
|
||||
@ -213,4 +214,8 @@ export class StolenDataEntry extends EventEmitter {
|
||||
getUniqueKey() {
|
||||
return this.request.shorthost + ";" + this.name + ";" + this.value;
|
||||
}
|
||||
|
||||
exposesOrigin(): boolean {
|
||||
return this.value.includes(getshorthost(this.request.origin));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user