From 3020fc5718c955d905080158502610b60c1bf921 Mon Sep 17 00:00:00 2001 From: Yuchen Pei Date: Tue, 20 Sep 2022 18:00:35 +1000 Subject: clean up checks for reserved objects --- main_background.js | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/main_background.js b/main_background.js index a9bfd7d..087c583 100644 --- a/main_background.js +++ b/main_background.js @@ -67,7 +67,7 @@ function dbg_print(a, b) { */ // These are objects that it will search for in an initial regex pass over non-free scripts. -var reserved_objects = [ +const RESERVED_OBJECTS = [ //"document", //"window", 'fetch', @@ -416,6 +416,12 @@ var fname_data = require('./fname_data.json').fname_data; //************************this part can be tested in the HTML file index.html's script test.js**************************** +/** + * Checks whether script is trivial by analysing its tokens. + * + * Returns an array of + * [flag (boolean, true if trivial), reason (string, human readable report)]. + */ function full_evaluate(script) { if (script === undefined || script == '') { return [true, 'Harmless null script']; @@ -536,40 +542,37 @@ function full_evaluate(script) { * */ function evaluate(script, name) { - function reserved_object_regex(object) { - var arith_operators = '\\+\\-\\*\\/\\%\\='; + const reservedResult = evaluateForReservedObj(script, name); + if (reservedResult[0] === true) { + dbg_print('%c pass', 'color:green;'); + } else { + return reservedResult; + } + + return full_evaluate(script); +} + +function evaluateForReservedObj(script, name) { + function reservedObjectRegex(object) { + const arith_operators = '\\+\\-\\*\\/\\%\\='; return new RegExp('(?:[^\\w\\d]|^|(?:' + arith_operators + '))' + object + '(?:\\s*?(?:[\\;\\,\\.\\(\\[])\\s*?)', 'g'); } - reserved_object_regex('window'); const ml_comment = /\/\*([\s\S]+?)\*\//g; const il_comment = /\/\/.+/gm; - var temp = script.replace(/'.+?'+/gm, '\'string\''); - temp = temp.replace(/".+?"+/gm, '"string"'); - temp = temp.replace(ml_comment, ''); - temp = temp.replace(il_comment, ''); + const temp = script.replace(/'.+?'+/gm, '\'string\'').replace(/".+?"+/gm, '"string"').replace(ml_comment, '').replace(il_comment, ''); dbg_print('%c ------evaluation results for ' + name + '------', 'color:white'); dbg_print('Script accesses reserved objects?'); - var flag = true; - var reason = '' + // This is where individual "passes" are made over the code - for (var i = 0; i < reserved_objects.length; i++) { - var res = reserved_object_regex(reserved_objects[i]).exec(temp); - if (res != null) { + for (const reserved of RESERVED_OBJECTS) { + if (reservedObjectRegex(reserved).exec(temp) != null) { dbg_print('%c fail', 'color:red;'); - flag = false; - reason = 'Script uses a reserved object (' + reserved_objects[i] + ')'; + return [false, 'Script uses a reserved object (' + reserved + ')']; } } - if (flag) { - dbg_print('%c pass', 'color:green;'); - } else { - return [flag, reason]; - } - - return full_evaluate(script); + return [true, 'Reserved object not found.']; } - function validateLicense(matches) { if (!(Array.isArray(matches) && matches.length >= 4)) { return [false, 'Malformed or unrecognized license tag.']; -- cgit v1.2.3