Skip to content

Commit

Permalink
Add ability to control trusted status of filter lists
Browse files Browse the repository at this point in the history 
Related discussion:
uBlockOrigin/uBlock-issues#2895

Changes:

The _content of the My filters_ pane is now considered untrusted by
default, and only uBO's own lists are now trusted by default.

It has been observed that too many people will readily copy-paste
filters from random sources. Copy-pasting filters which require trust
represents a security risk to users with no understanding of how the
filters work and their potential abuse.

Using a filter which requires trust in a filter list from an untrusted
source will cause the filter to be invalid, i.e. shown as an error.

A new advanced setting has been added to control which lists are
considered trustworthy: `trustedListPrefixes`, which is a space-
separated list of tokens. Examples of possible values:

- `ublock-`: trust only uBO lists, exclude everything else including
  content of _My filters_ (default value)

- `ublock- user-`: trust uBO lists and content of _My filters_

- `-`: trust no list, essentially disabling all filters requiring
  trust (admins or people who don't trust us may want to use this)

One can also decide to trust lists maintained elsewhere. For example,
for stock AdGuard lists add ` adguard-`. To trust stock EasyList lists,
add ` easylist-`.

To trust a specific regional stock list, look-up its token in
assets.json and add to `trustedListPrefixes`.

The matching is made with String.startsWith(), hence why `ublock-`
matches all uBO's own filter lists.

This also allows to trust imported lists, for example add
` https://filters.adtidy.org/extension/ublock/filters/` to trust all
non-stock AdGuard lists.

Add the complete URL of a given imported list to trust only that one
list.

URLs not starting with `https://` or `file:///` will be rejected,
i.e. `http://example.org` will be ignored.

Invalid URLs are rejected.
  • Loading branch information
@gorhill
gorhill committed Oct 21, 2023
1 parent 801d569 commit 64c1f87
Show file tree
Hide file tree
Showing 8 changed files with 114 additions and 14 deletions.
9 changes: 8 additions & 1 deletion src/js/1p-filters.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ const cmEditor = new CodeMirror(qs$('#userFilters'), {
styleActiveLine: {
nonEmpty: true,
},
trustedSource: true,
});

uBlockDashboard.patchCodeMirrorEditor(cmEditor);
Expand Down Expand Up @@ -89,6 +88,12 @@ let cachedUserFilters = '';
getHints();
}

vAPI.messaging.send('dashboard', {
what: 'getTrustedScriptletTokens',
}).then(tokens => {
cmEditor.setOption('trustedScriptletTokens', tokens);
});

/******************************************************************************/

function getEditorText() {
Expand Down Expand Up @@ -167,6 +172,8 @@ async function renderUserFilters(merge = false) {
});
if ( details instanceof Object === false || details.error ) { return; }

cmEditor.setOption('trustedSource', details.trustedSource === true);

const newContent = details.content.trim();

if ( merge && self.hasUnsavedData() ) {
Expand Down
19 changes: 12 additions & 7 deletions src/js/asset-viewer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,15 +68,20 @@ import './codemirror/ubo-static-filtering.js';

uBlockDashboard.patchCodeMirrorEditor(cmEditor);

const hints = await vAPI.messaging.send('dashboard', {
vAPI.messaging.send('dashboard', {
what: 'getAutoCompleteDetails'
});
if ( hints instanceof Object ) {
}).then(hints => {
if ( hints instanceof Object === false ) { return; }
const mode = cmEditor.getMode();
if ( mode.setHints instanceof Function ) {
mode.setHints(hints);
}
}
if ( mode.setHints instanceof Function === false ) { return; }
mode.setHints(hints);
});

vAPI.messaging.send('dashboard', {
what: 'getTrustedScriptletTokens',
}).then(tokens => {
cmEditor.setOption('trustedScriptletTokens', tokens);
});

const details = await vAPI.messaging.send('default', {
what : 'getAssetContent',
Expand Down
2 changes: 2 additions & 0 deletions src/js/background.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ const hiddenSettingsDefault = {
selfieAfter: 2,
strictBlockingBypassDuration: 120,
toolbarWarningTimeout: 60,
trustedListPrefixes: 'ublock-',
uiPopupConfig: 'unset',
uiStyles: 'unset',
updateAssetBypassBrowserCache: false,
Expand Down Expand Up @@ -255,6 +256,7 @@ const µBlock = { // jshint ignore:line

liveBlockingProfiles: [],
blockingProfileColorCache: new Map(),
parsedTrustedListPrefixes: [],
uiAccentStylesheet: '',
};

Expand Down
31 changes: 28 additions & 3 deletions src/js/codemirror/ubo-static-filtering.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,20 +39,32 @@ let hintHelperRegistered = false;

/******************************************************************************/

const trustedScriptletTokens = new Set();
let trustedSource = false;

CodeMirror.defineOption('trustedSource', false, (cm, state) => {
trustedSource = state;
CodeMirror.defineOption('trustedSource', false, (cm, value) => {
trustedSource = value;
self.dispatchEvent(new Event('trustedSource'));
});

CodeMirror.defineOption('trustedScriptletTokens', trustedScriptletTokens, (cm, tokens) => {
if ( tokens === undefined || tokens === null ) { return; }
if ( typeof tokens[Symbol.iterator] !== 'function' ) { return; }
trustedScriptletTokens.clear();
for ( const token of tokens ) {
trustedScriptletTokens.add(token);
}
self.dispatchEvent(new Event('trustedScriptletTokens'));
});

/******************************************************************************/

CodeMirror.defineMode('ubo-static-filtering', function() {
const astParser = new sfp.AstFilterParser({
interactive: true,
trustedSource,
nativeCssHas: vAPI.webextFlavor.env.includes('native_css_has'),
trustedSource,
trustedScriptletTokens,
});
const astWalker = astParser.getWalker();
let currentWalkerNode = 0;
Expand Down Expand Up @@ -218,6 +230,10 @@ CodeMirror.defineMode('ubo-static-filtering', function() {
astParser.options.trustedSource = trustedSource;
});

self.addEventListener('trustedScriptletTokens', ( ) => {
astParser.options.trustedScriptletTokens = trustedScriptletTokens;
});

return {
lineComment: '!',
token: function(stream) {
Expand Down Expand Up @@ -679,6 +695,8 @@ CodeMirror.registerHelper('fold', 'ubo-static-filtering', (( ) => {
const astParser = new sfp.AstFilterParser({
interactive: true,
nativeCssHas: vAPI.webextFlavor.env.includes('native_css_has'),
trustedSource,
trustedScriptletTokens,
});

const changeset = [];
Expand Down Expand Up @@ -715,6 +733,9 @@ CodeMirror.registerHelper('fold', 'ubo-static-filtering', (( ) => {
case sfp.AST_ERROR_IF_TOKEN_UNKNOWN:
msg = `${msg}: Unknown preparsing token`;
break;
case sfp.AST_ERROR_UNTRUSTED_SOURCE:
msg = `${msg}: Filter requires trusted source`;
break;
default:
if ( astParser.isCosmeticFilter() && astParser.result.error ) {
msg = `${msg}: ${astParser.result.error}`;
Expand Down Expand Up @@ -994,6 +1015,10 @@ CodeMirror.registerHelper('fold', 'ubo-static-filtering', (( ) => {
astParser.options.trustedSource = trustedSource;
});

self.addEventListener('trustedScriptletTokens', ( ) => {
astParser.options.trustedScriptletTokens = trustedScriptletTokens;
});

CodeMirror.defineInitHook(cm => {
cm.on('changes', onChanges);
cm.on('beforeChange', onBeforeChanges);
Expand Down
5 changes: 5 additions & 0 deletions src/js/messaging.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,10 @@ const onMessage = function(request, sender, callback) {
response = getDomainNames(request.targets);
break;

case 'getTrustedScriptletTokens':
response = redirectEngine.getTrustedScriptletTokens();
break;

case 'getWhitelist':
response = {
whitelist: µb.arrayFromWhitelist(µb.netWhitelist),
Expand Down Expand Up @@ -1570,6 +1574,7 @@ const onMessage = function(request, sender, callback) {

case 'readUserFilters':
return µb.loadUserFilters().then(result => {
result.trustedSource = µb.isTrustedList(µb.userFiltersPath);
callback(result);
});

Expand Down
20 changes: 20 additions & 0 deletions src/js/redirect-engine.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,6 +426,26 @@ class RedirectEngine {
});
}

getTrustedScriptletTokens() {
const out = [];
const isTrustedScriptlet = entry => {
if ( entry.requiresTrust !== true ) { return false; }
if ( entry.warURL !== undefined ) { return false; }
if ( typeof entry.data !== 'string' ) { return false; }
if ( entry.name.endsWith('.js') === false ) { return false; }
return true;
};
for ( const [ name, entry ] of this.resources ) {
if ( isTrustedScriptlet(entry) === false ) { continue; }
out.push(name.slice(0, -3));
}
for ( const [ alias, name ] of this.aliases ) {
if ( out.includes(name.slice(0, -3)) === false ) { continue; }
out.push(alias.slice(0, -3));
}
return out;
}

selfieFromResources(storage) {
storage.put(
RESOURCES_SELFIE_NAME,
Expand Down
17 changes: 16 additions & 1 deletion src/js/static-filtering-parser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ export const AST_ERROR_DOMAIN_NAME = 1 << iota++;
export const AST_ERROR_OPTION_DUPLICATE = 1 << iota++;
export const AST_ERROR_OPTION_UNKNOWN = 1 << iota++;
export const AST_ERROR_IF_TOKEN_UNKNOWN = 1 << iota++;
export const AST_ERROR_UNTRUSTED_SOURCE = 1 << iota++;

iota = 0;
const NODE_RIGHT_INDEX = iota++;
Expand Down Expand Up @@ -2244,12 +2245,25 @@ export class AstFilterParser {
if ( (flags & NODE_FLAG_ERROR) !== 0 ) { continue; }
realBad = false;
switch ( type ) {
case NODE_TYPE_EXT_PATTERN_RESPONSEHEADER:
case NODE_TYPE_EXT_PATTERN_RESPONSEHEADER: {
const pattern = this.getNodeString(targetNode);
realBad =
pattern !== '' && removableHTTPHeaders.has(pattern) === false ||
pattern === '' && isException === false;
break;
}
case NODE_TYPE_EXT_PATTERN_SCRIPTLET_TOKEN: {
if ( this.interactive !== true ) { break; }
if ( isException ) { break; }
const { trustedSource, trustedScriptletTokens } = this.options;
if ( trustedScriptletTokens instanceof Set === false ) { break; }
const token = this.getNodeString(targetNode);
if ( trustedScriptletTokens.has(token) && trustedSource !== true ) {
this.astError = AST_ERROR_UNTRUSTED_SOURCE;
realBad = true;
}
break;
}
default:
break;
}
Expand Down Expand Up @@ -2338,6 +2352,7 @@ export class AstFilterParser {
parentBeg + details.argBeg,
parentBeg + tokenEnd
);
this.addNodeToRegister(NODE_TYPE_EXT_PATTERN_SCRIPTLET_TOKEN, next);
if ( details.failed ) {
this.addNodeFlags(next, NODE_FLAG_ERROR);
this.addFlags(AST_FLAG_HAS_ERROR);
Expand Down
25 changes: 23 additions & 2 deletions src/js/storage.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,11 +370,32 @@ import {
/******************************************************************************/

µb.isTrustedList = function(assetKey) {
if ( assetKey.startsWith('ublock-') ) { return true; }
if ( assetKey === this.userFiltersPath ) { return true; }
if ( this.parsedTrustedListPrefixes.length === 0 ) {
this.parsedTrustedListPrefixes =
µb.hiddenSettings.trustedListPrefixes.split(/ +/).map(prefix => {
if ( prefix === '' ) { return; }
if ( prefix.startsWith('http://') ) { return; }
if ( prefix.startsWith('file:///') ) { return prefix; }
if ( prefix.startsWith('https://') === false ) {
return prefix.includes('://') ? undefined : prefix;
}
try {
const url = new URL(prefix);
if ( url.hostname.length > 0 ) { return url.href; }
} catch(_) {
}
}).filter(prefix => prefix !== undefined);
}
for ( const prefix of this.parsedTrustedListPrefixes ) {
if ( assetKey.startsWith(prefix) ) { return true; }
}
return false;
};

µb.onEvent('hiddenSettingsChanged', ( ) => {
µb.parsedTrustedListPrefixes = [];
});

/******************************************************************************/

µb.loadSelectedFilterLists = async function() {
Expand Down

0 comments on commit 64c1f87

Please sign in to comment.