diff options
-rw-r--r-- | main_background.js | 16 | ||||
-rw-r--r-- | manifest.json | 4 | ||||
-rw-r--r-- | test.js | 71 | ||||
-rw-r--r-- | test_bundle.js | 69 |
4 files changed, 103 insertions, 57 deletions
diff --git a/main_background.js b/main_background.js index d26c5f8..c61c4f2 100644 --- a/main_background.js +++ b/main_background.js @@ -1569,7 +1569,7 @@ var fname_data = { "NodeList": true, "StopIteration": true }; -//************************Comes from HTML file index.html's script test.js**************************** +//************************this part can be tested in the HTML file index.html's script test.js**************************** function full_evaluate(script){ var res = true; @@ -1679,11 +1679,13 @@ function full_evaluate(script){ } } // Is there bracket suffix notation? - if(is_bsn(toke.end)){ - dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); - if(DEBUG == false){ - return [false,"NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; - } + if(operators[toke.value] === undefined){ + if(is_bsn(toke.end)){ + dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); + if(DEBUG == false){ + return [false,"NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; + } + } } }else{ dbg_print("trivial token:"+toke.value); @@ -1695,8 +1697,6 @@ function full_evaluate(script){ }catch(e){ dbg_print("Denied script because it cannot be parsed."); return [false,"NONTRIVIAL: Cannot be parsed."]; - console.warn("Continuing evaluation"); - error_count++; } } diff --git a/manifest.json b/manifest.json index 9e46fab..197bd0b 100644 --- a/manifest.json +++ b/manifest.json @@ -3,11 +3,11 @@ "name": "GNU LibreJS [webExtensions]", "short_name": "LibreJS [experimental]", "version": "7.0", - "author": "See file 'authors'", + "author": "various", "description": "Only allows free and/or trivial Javascript to run.", "applications": { "gecko": { - "id": "bug-librejs@gnu.org", + "id": "librejs_webex@gnu.org", "strict_min_version": "42.0" } }, @@ -847,23 +847,34 @@ console.log("DEBUG:"+DEBUG); function dbg_print(a,b){ if(DEBUG == true){ - console.log(a,b) + //console.log(a,b) } } - function full_evaluate(script){ var res = true; if(script === undefined || script == ""){ - return true; + return [true,"Harmless null script"]; } + var ast = acorn.parse_dammit(script).body[0]; var flag = false; var amtloops = 0; var loopkeys = {"for":true,"if":true,"while":true,"switch":true}; - var tokens = acorn_base.tokenizer(script); - var toke = tokens.getToken(); + var operators = {"||":true,"&&":true,"=":true,"==":true,"++":true,"--":true,"+=":true,"-=":true,"*":true}; + try{ + var tokens = acorn_base.tokenizer(script); + }catch(e){ + console.warn("Tokenizer could not be initiated (probably invalid code)"); + return [false,"Tokenizer could not be initiated (probably invalid code)"]; + } + try{ + var toke = tokens.getToken(); + }catch(e){ + console.warn("couldn't get first token (probably invalid code)"); + console.warn("Continuing evaluation"); + } /** * Given the end of an identifer token, it tests for bracket suffix notation @@ -899,16 +910,16 @@ function full_evaluate(script){ return false; } } + var error_count = 0; while(toke.type != acorn_base.tokTypes.eof){ - console.log(toke); if(toke.type.keyword !== undefined){ // This type of loop detection ignores functional loop alternatives and ternary operators - dbg_print("Keyword:"+toke.type.keyword); - + //dbg_print("Keyword:"+toke.type.keyword); + console.log(toke); if(toke.type.keyword == "function"){ dbg_print("%c NONTRIVIAL: Function declaration.","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: Function declaration."]; } } @@ -917,7 +928,7 @@ function full_evaluate(script){ if(amtloops > 3){ dbg_print("%c NONTRIVIAL: Too many loops/conditionals.","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: Too many loops/conditionals."]; } } } @@ -926,42 +937,54 @@ function full_evaluate(script){ if(status === true){ // is the identifier banned? dbg_print("%c NONTRIVIAL: nontrivial token: '"+toke.value+"'","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: nontrivial token: '"+toke.value+"'"]; } }else if(status === false){// is the identifier not banned? // Is there bracket suffix notation? - if(is_bsn(toke.end)){ - dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); - if(DEBUG == false){ - return false; - } + if(operators[toke.value] === undefined){ + if(is_bsn(toke.end)){ + dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); + if(DEBUG == false){ + return [false,"%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; + } + } } }else if(status === undefined){// is the identifier user defined? // Are arguments being passed to a user defined variable? if(being_called(toke.end)){ dbg_print("%c NONTRIVIAL: User defined variable '"+toke.value+"' called as function","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: User defined variable '"+toke.value+"' called as function"]; } } // Is there bracket suffix notation? - if(is_bsn(toke.end)){ - dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); - if(DEBUG == false){ - return false; - } + if(operators[toke.value] === undefined){ + if(is_bsn(toke.end)){ + dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); + if(DEBUG == false){ + return [false,"NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; + } + } } }else{ dbg_print("trivial token:"+toke.value); } } // If not a keyword or an identifier it's some kind of operator, field parenthesis, brackets - toke = tokens.getToken(); + try{ + toke = tokens.getToken(); + }catch(e){ + dbg_print("Denied script because it cannot be parsed."); + return [false,"NONTRIVIAL: Cannot be parsed."]; + console.warn("Continuing evaluation"); + error_count++; + } } dbg_print("%cAppears to be trivial.","color:green;"); - return true; + return [true,"Script appears to be trivial."]; } + //**************************************************************************************************** window.onload = function () { diff --git a/test_bundle.js b/test_bundle.js index 5d38cd8..62b50d6 100644 --- a/test_bundle.js +++ b/test_bundle.js @@ -851,20 +851,31 @@ function dbg_print(a,b){ console.log(a,b) } } - function full_evaluate(script){ var res = true; if(script === undefined || script == ""){ - return true; + return [true,"Harmless null script"]; } + var ast = acorn.parse_dammit(script).body[0]; var flag = false; var amtloops = 0; var loopkeys = {"for":true,"if":true,"while":true,"switch":true}; - var tokens = acorn_base.tokenizer(script); - var toke = tokens.getToken(); + var operators = {"||":true,"&&":true,"=":true,"==":true,"++":true,"--":true,"+=":true,"-=":true,"*":true}; + try{ + var tokens = acorn_base.tokenizer(script); + }catch(e){ + console.warn("Tokenizer could not be initiated (probably invalid code)"); + return [false,"Tokenizer could not be initiated (probably invalid code)"]; + } + try{ + var toke = tokens.getToken(); + }catch(e){ + console.warn("couldn't get first token (probably invalid code)"); + console.warn("Continuing evaluation"); + } /** * Given the end of an identifer token, it tests for bracket suffix notation @@ -900,16 +911,16 @@ function full_evaluate(script){ return false; } } + var error_count = 0; while(toke.type != acorn_base.tokTypes.eof){ - console.log(toke); if(toke.type.keyword !== undefined){ // This type of loop detection ignores functional loop alternatives and ternary operators - dbg_print("Keyword:"+toke.type.keyword); - + //dbg_print("Keyword:"+toke.type.keyword); + console.log(toke); if(toke.type.keyword == "function"){ dbg_print("%c NONTRIVIAL: Function declaration.","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: Function declaration."]; } } @@ -918,7 +929,7 @@ function full_evaluate(script){ if(amtloops > 3){ dbg_print("%c NONTRIVIAL: Too many loops/conditionals.","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: Too many loops/conditionals."]; } } } @@ -927,42 +938,54 @@ function full_evaluate(script){ if(status === true){ // is the identifier banned? dbg_print("%c NONTRIVIAL: nontrivial token: '"+toke.value+"'","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: nontrivial token: '"+toke.value+"'"]; } }else if(status === false){// is the identifier not banned? // Is there bracket suffix notation? - if(is_bsn(toke.end)){ - dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); - if(DEBUG == false){ - return false; - } + if(operators[toke.value] === undefined){ + if(is_bsn(toke.end)){ + dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); + if(DEBUG == false){ + return [false,"%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; + } + } } }else if(status === undefined){// is the identifier user defined? // Are arguments being passed to a user defined variable? if(being_called(toke.end)){ dbg_print("%c NONTRIVIAL: User defined variable '"+toke.value+"' called as function","color:red"); if(DEBUG == false){ - return false; + return [false,"NONTRIVIAL: User defined variable '"+toke.value+"' called as function"]; } } // Is there bracket suffix notation? - if(is_bsn(toke.end)){ - dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); - if(DEBUG == false){ - return false; - } + if(operators[toke.value] === undefined){ + if(is_bsn(toke.end)){ + dbg_print("%c NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'","color:red"); + if(DEBUG == false){ + return [false,"NONTRIVIAL: Bracket suffix notation on variable '"+toke.value+"'"]; + } + } } }else{ dbg_print("trivial token:"+toke.value); } } // If not a keyword or an identifier it's some kind of operator, field parenthesis, brackets - toke = tokens.getToken(); + try{ + toke = tokens.getToken(); + }catch(e){ + dbg_print("Denied script because it cannot be parsed."); + return [false,"NONTRIVIAL: Cannot be parsed."]; + console.warn("Continuing evaluation"); + error_count++; + } } dbg_print("%cAppears to be trivial.","color:green;"); - return true; + return [true,"Script appears to be trivial."]; } + //**************************************************************************************************** window.onload = function () { |