From 3a8ce7418c57b866907f7022979a47efe836963b Mon Sep 17 00:00:00 2001
From: NateN1222 <nathannichols454@gmail.com>
Date: Sun, 27 Aug 2017 13:43:00 -0500
Subject: Started implementing a way to change the content of script requests

---
 main_background.js | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)

(limited to 'main_background.js')

diff --git a/main_background.js b/main_background.js
index cf8ca80..8558382 100644
--- a/main_background.js
+++ b/main_background.js
@@ -19,6 +19,8 @@ function set_webex(){
 	}
 }
 
+var addon_id = "";
+
 /*
 *
 *	Called when something changes the persistent data of the add-on.
@@ -317,16 +319,149 @@ function delete_removed_tab_info(tab_id, remove_info){
 	}
 }
 
+/**
+*	Makes it so we can return redirect requests to local blob URLs 
+*
+*/
+
+var edit_these = {
+	"content-security-policy":true,
+	"connect-src":true
+};
+function change_csp(e) {
+	var index = 0;
+	var csp = "";
+	for(var i = 0; i < e["responseHeaders"].length; i++){
+		if(edit_these[e["responseHeaders"][i]["name"].toLowerCase()] !== undefined){		
+			csp = e["responseHeaders"][i]["value"];
+			index = i;
+			var b = csp.replace(/;/g,'","');
+			b = JSON.parse('["' + b.substr(0,b.length) + '"]');
+			for(var j = 0; j < b.length; j++){
+				var matchres = b[j].match(/[\-\w]+/g);
+				if(matchres != null && matchres[0] == e["responseHeaders"][i]["name"].toLowerCase()){
+					// Test to see if they have a hash and then delete it
+					// sha512 sha384 sha256
+					b[j] = b[j].replace(/\s?'sha256-[\w+/]+=+'/g,"");
+					b[j] = b[j].replace(/\s?'sha384-[\w+/]+=+'/g,"");
+					b[j] = b[j].replace(/\s?'sha512-[\w+/]+=+'/g,"");
+					b[j] = b[j].replace(/;/g,"");
+					// This is the string that we add to every CSP
+					b[j] += " data: blob:";	
+					console.log(b[j]);			
+				}
+			}
+			csp = "";
+			for(var j = 0; j < b.length; j++){
+				csp = csp + b[j] + ";";
+			}
+			e["responseHeaders"][i]["value"] = csp;
+		} 
+	}
+	if(csp == ""){
+		console.log("%c no CSP.","color: red;");
+	}else{
+		console.log("%c new CSP:","color: green;");
+		console.log(e["responseHeaders"][index]["value"]);	
+	}
+	return {responseHeaders: e.responseHeaders};
+}
+
+function get_content(url){
+	return new Promise((resolve, reject) => {
+		var xhr = new XMLHttpRequest();
+		xhr.open("get",url);
+		xhr.onload = function(){
+			resolve(this.responseText);
+		}
+		xhr.onerror = function(){
+			reject(JSON.stringify(this));
+		}
+		xhr.send();
+	});
+}
+
+function get_blob_url(blob){
+	return new Promise((resolve, reject) => {
+		//var url = URL.createObjectURL(blob);
+		var reader  = new FileReader();
+		reader.addEventListener("load", function(){
+			console.log("Redirecting to:");
+			console.log(reader.result.substr(0,100));
+			resolve({"redirectUrl": reader.result});
+		});
+		reader.readAsDataURL(blob);
+	});
+}
+
+function read_script(a){
+	var edited = "console.log('it worked');\n";
+	var blob = new Blob([edited], {type : 'application/javascript'});	
+	return get_blob_url(blob);
+	//var url = URL.createObjectURL(blob);
+	//console.log(url);
+	//return {"redirectUrl": url};
+
+
+
+	function get_script(url){
+		return new Promise((resolve, reject) => {
+			var response = get_content(url);
+			response.then(function(response) {
+				//var edited = "console.log('it worked');\n"+response;
+				var edited = "console.log('it worked');\n";
+				var blob = new Blob([edited], {type : 'application/javascript'});	
+				resolve({"redirectUrl": get_blob_url(blob)});
+			});
+		});
+	}	
+	return get_script(a.url);
+}
+
+function read_document(a){
+	//console.log(a);
+
+}
 
 /**
 *	Initializes various add-on functions
 *	only meant to be called once when the script starts
 */
 function init_addon(){
+
 	set_webex();
 	webex.runtime.onConnect.addListener(connected);
 	webex.storage.onChanged.addListener(options_listener);
 	webex.tabs.onRemoved.addListener(delete_removed_tab_info);
+
+	var targetPage = "https://developer.mozilla.org/en-US/Firefox/Developer_Edition";
+
+
+	// gets the addon's ID (part of the local URL format)
+	var blob = new Blob(["asdf"], {type : 'application/json'});
+	addon_id = URL.createObjectURL(blob).match(/[a-z]+/g)[3];
+	console.log("{"+addon_id+"}");
+
+	// Updates the content security policy so we can redirect to local URLs
+	webex.webRequest.onHeadersReceived.addListener(
+		change_csp,
+		{urls: ["<all_urls>"]},
+		["blocking", "responseHeaders"]
+	);
+	// Analyzes remote scripts
+	webex.webRequest.onBeforeRequest.addListener(
+		read_script,
+		{urls:["<all_urls>"], types:["script"]},
+		["blocking"]
+	);
+
+	// Analyzes the scripts inside of HTML
+	webex.webRequest.onBeforeRequest.addListener(
+		read_document,
+		{urls:["<all_urls>"], types:["main_frame"]},
+		["blocking"]
+	);
+
 }
 
 /**
-- 
cgit v1.2.3