Signal which entries expose origin or are part of a request that

exposes origin
This commit is contained in:
Kuba Orlik 2021-11-22 18:23:11 +01:00
parent 68078546fa
commit 7f67bd5e2b
3 changed files with 46 additions and 28 deletions

View File

@ -128,19 +128,33 @@ export default class ExtendedRequest {
}
exposesOrigin() {
const url = new URL(this.origin);
const url = new URL(this.originalURL);
const host = url.host;
const path = url.pathname;
const shorthost = getshorthost(host);
return (
this.getReferer().includes(host) ||
this.stolenData.filter(
(entry) =>
if (this.getReferer().includes(shorthost)) {
return true;
}
for (const entry of this.stolenData) {
if (
entry.value.includes(host) ||
entry.value.includes(path) ||
entry.value.includes(shorthost)
).length > 0
) {
console.log(
"request",
this.data.url,
"exposes origin in ",
entry,
". Checked",
host,
path,
shorthost
);
return true;
}
}
return false;
}
private getAllStolenData(): StolenDataEntry[] {

View File

@ -44,19 +44,10 @@ const icons: Record<Sources, string> = {
header: "H",
};
function StolenDataRow({
entry,
cluster,
}: {
entry: StolenDataEntry;
cluster: RequestCluster;
}) {
function StolenDataRow({ entry }: { entry: StolenDataEntry }) {
const [version] = useEmitter(entry);
return (
<tr
data-key={origin + cluster.id + entry.getUniqueKey()}
data-version={version}
>
<tr data-key={entry.id} data-version={version}>
<td>
<input
type="checkbox"
@ -73,7 +64,16 @@ function StolenDataRow({
>
{entry.name}
</th>
<td>{[entry.source].map((source) => icons[source])}</td>
<td style={{ whiteSpace: "nowrap" }}>
{[entry.source].map((source) => icons[source])}
{entry.exposesOrigin() ? (
<span title="Pokazuje część historii przeglądania">🔴</span>
) : entry.request.exposesOrigin() ? (
<span title="Jest częścią zapytania, które ujawnia historię przeglądania">
🟡
</span>
) : null}
</td>
<td style={{ wordWrap: "anywhere" as any }}>
<StolenDataValue entry={entry} />
</td>
@ -126,7 +126,6 @@ export default function StolenDataCluster({
<StolenDataRow
{...{
entry,
cluster,
key: entry.id,
}}
/>

View File

@ -4,6 +4,7 @@ import ExtendedRequest, { HAREntry } from "./extended-request";
import {
getshorthost,
isBase64,
isBase64JSON,
isJSONObject,
isURL,
@ -28,7 +29,7 @@ const id = (function* id() {
}
})();
export type DecodingSchema = "base64";
export type DecodingSchema = "base64" | "raw";
export class StolenDataEntry extends EventEmitter {
public isIAB = false;
@ -36,7 +37,8 @@ export class StolenDataEntry extends EventEmitter {
public id: number;
private marked = false;
public classification: keyof typeof Classifications;
public decoding_applied: DecodingSchema = null;
public decoding_applied: DecodingSchema = "raw";
public decodings_available: DecodingSchema[] = ["raw"];
constructor(
public request: ExtendedRequest,
@ -52,9 +54,8 @@ export class StolenDataEntry extends EventEmitter {
super();
this.id = id.next().value as number;
this.classification = this.classify();
if (isBase64JSON(value)) {
this.value = atob(value);
this.decoding_applied = "base64";
if (isBase64(value)) {
this.decodings_available.push("base64");
}
}
@ -213,4 +214,8 @@ export class StolenDataEntry extends EventEmitter {
getUniqueKey() {
return this.request.shorthost + ";" + this.name + ";" + this.value;
}
exposesOrigin(): boolean {
return this.value.includes(getshorthost(this.request.origin));
}
}