external/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-10 01:02:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

Rewrite cname uncloaking code to account for new ipaddress= option

Browse source 
This commit makes the DNS resolution code better suited for both
filtering on cname and ip address. The change allows early availability
of ip address so that `ipaddress=` option can be matched at
onBeforeRequest time.

As a result, it is now possible to block root document using
`ipaddress=` option -- so long as an ip address can be extracted
before first onBeforeRequest() call.

Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2792

Caveat
------

the ip address used is the first one among the list of ip
addresses returned by dns.resolve() method. There is no way for uBO
to know which exact ip address will be used by the browser when
sending the request, so this is at most a best guess. The exact IP
address used by the browser is available at onHeadersReceived time,
and uBO will also filter according to this value, but by then the
network request has already been sent to the remote server.

Possibly a future improvement would make available the whole list
of ip addresses to the filtering engine, but even then it's impossible
to know with certainty which ip address will ultimately be used by the
browser -- it is entirely possible that the ip address used by the
browser might not be in the list received through dns.resolve().
This commit is contained in:
Raymond Hill 2024-09-12 11:19:57 -04:00
parent 44b6519db1
commit 6acf97bf51
No known key found for this signature in database
GPG key ID: 25E1490B761470C2
4 changed files with 155 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
platform/chromium/manifest.json
View file

@ -89,7 +89,7 @@
}, },
"incognito": "split", "incognito": "split",
"manifest_version": 2, "manifest_version": 2,
"minimum_chrome_version": "73.0", "minimum_chrome_version": "80.0",
"name": "uBlock Origin", "name": "uBlock Origin",
"options_ui": { "options_ui": {
"page": "dashboard.html", "page": "dashboard.html",

248
platform/firefox/vapi-background-ext.js
View file

@ -26,8 +26,10 @@ import {
/******************************************************************************/ /******************************************************************************/
// Canonical name-uncloaking feature. const dnsAPI = browser.dns;
let cnameUncloakEnabled = browser.dns instanceof Object;
const isPromise = o => o instanceof Promise;
const reIPv4 = /^\d+\.\d+\.\d+\.\d+$/
// Related issues: // Related issues:
// - https://github.com/gorhill/uBlock/issues/1327 // - https://github.com/gorhill/uBlock/issues/1327
@ -40,21 +42,24 @@ vAPI.Net = class extends vAPI.Net {
constructor() { constructor() {
super(); super();
this.pendingRequests = []; this.pendingRequests = [];
this.canUncloakCnames = browser.dns instanceof Object; this.dnsList = []; // ring buffer
this.cnames = new Map([ [ '', null ] ]); this.dnsWritePtr = 0; // next write pointer in ring buffer
this.dnsMaxCount = 256; // max size of ring buffer
this.dnsDict = new Map(); // hn to index in ring buffer
this.dnsEntryTTL = 60000; // delay after which an entry is obsolete
this.canUncloakCnames = true;
this.cnameUncloakEnabled = true;
this.cnameIgnoreList = null; this.cnameIgnoreList = null;
this.cnameIgnore1stParty = true; this.cnameIgnore1stParty = true;
this.cnameIgnoreExceptions = true; this.cnameIgnoreExceptions = true;
this.cnameIgnoreRootDocument = true; this.cnameIgnoreRootDocument = true;
this.cnameMaxTTL = 120;
this.cnameReplayFullURL = false; this.cnameReplayFullURL = false;
this.cnameFlushTime = Date.now() + this.cnameMaxTTL * 60000;
} }
setOptions(options) { setOptions(options) {
super.setOptions(options); super.setOptions(options);
if ( 'cnameUncloakEnabled' in options ) { if ( 'cnameUncloakEnabled' in options ) {
cnameUncloakEnabled = this.cnameUncloakEnabled =
this.canUncloakCnames &&
options.cnameUncloakEnabled !== false; options.cnameUncloakEnabled !== false;
} }
if ( 'cnameIgnoreList' in options ) { if ( 'cnameIgnoreList' in options ) {
@ -73,15 +78,13 @@ vAPI.Net = class extends vAPI.Net {
this.cnameIgnoreRootDocument = this.cnameIgnoreRootDocument =
options.cnameIgnoreRootDocument !== false; options.cnameIgnoreRootDocument !== false;
} }
if ( 'cnameMaxTTL' in options ) {
this.cnameMaxTTL = options.cnameMaxTTL || 120;
}
if ( 'cnameReplayFullURL' in options ) { if ( 'cnameReplayFullURL' in options ) {
this.cnameReplayFullURL = options.cnameReplayFullURL === true; this.cnameReplayFullURL = options.cnameReplayFullURL === true;
} }
this.cnames.clear(); this.cnames.set('', null); this.dnsList.fill(null);
this.cnameFlushTime = Date.now() + this.cnameMaxTTL * 60000; this.dnsDict.clear();
} }
normalizeDetails(details) { normalizeDetails(details) {
const type = details.type; const type = details.type;
@ -104,6 +107,7 @@ vAPI.Net = class extends vAPI.Net {
} }
} }
} }
denormalizeTypes(types) { denormalizeTypes(types) {
if ( types.length === 0 ) { if ( types.length === 0 ) {
return Array.from(this.validTypes); return Array.from(this.validTypes);
@ -122,75 +126,19 @@ vAPI.Net = class extends vAPI.Net {
} }
return Array.from(out); return Array.from(out);
} }
canonicalNameFromHostname(hn) { canonicalNameFromHostname(hn) {
const cnRecord = this.cnames.get(hn); if ( hn === '' ) { return; }
if ( cnRecord !== undefined && cnRecord !== null ) { const dnsEntry = this.dnsFromCache(hn);
return cnRecord.cname; if ( isPromise(dnsEntry) ) { return; }
} return dnsEntry?.cname;
}
processCanonicalName(hn, cnRecord, details) {
if ( cnRecord === null ) { return; }
if ( cnRecord.isRootDocument ) { return; }
const hnBeg = details.url.indexOf(hn);
if ( hnBeg === -1 ) { return; }
const oldURL = details.url;
let newURL = oldURL.slice(0, hnBeg) + cnRecord.cname;
const hnEnd = hnBeg + hn.length;
if ( this.cnameReplayFullURL ) {
newURL += oldURL.slice(hnEnd);
} else {
const pathBeg = oldURL.indexOf('/', hnEnd);
if ( pathBeg !== -1 ) {
newURL += oldURL.slice(hnEnd, pathBeg + 1);
}
}
details.url = newURL;
details.aliasURL = oldURL;
return super.onBeforeSuspendableRequest(details);
}
recordCanonicalName(hn, record, isRootDocument) {
if ( (this.cnames.size & 0b111111) === 0 ) {
const now = Date.now();
if ( now >= this.cnameFlushTime ) {
this.cnames.clear(); this.cnames.set('', null);
this.cnameFlushTime = now + this.cnameMaxTTL * 60000;
}
}
let cname =
typeof record.canonicalName === 'string' &&
record.canonicalName !== hn
? record.canonicalName
: '';
if (
cname !== '' &&
this.cnameIgnore1stParty &&
domainFromHostname(cname) === domainFromHostname(hn)
) {
cname = '';
}
if (
cname !== '' &&
this.cnameIgnoreList !== null &&
this.cnameIgnoreList.test(cname)
) {
cname = '';
}
const cnRecord = cname !== '' ? { cname, isRootDocument } : null;
this.cnames.set(hn, cnRecord);
return cnRecord;
} }
regexFromStrList(list) { regexFromStrList(list) {
if ( if ( typeof list !== 'string' || list.length === 0 || list === 'unset' ) {
typeof list !== 'string' ||
list.length === 0 ||
list === 'unset' ||
browser.dns instanceof Object === false
) {
return null; return null;
} }
if ( list === '*' ) { if ( list === '*' ) { return /^./; }
return /^./;
}
return new RegExp( return new RegExp(
'(?:^|\\.)(?:' + '(?:^|\\.)(?:' +
list.trim() list.trim()
@ -200,9 +148,14 @@ vAPI.Net = class extends vAPI.Net {
')$' ')$'
); );
} }
onBeforeSuspendableRequest(details) { onBeforeSuspendableRequest(details) {
const hn = hostnameFromNetworkURL(details.url);
const dnsEntry = this.dnsFromCache(hn);
if ( dnsEntry?.ip ) {
details.ip = dnsEntry.ip;
}
const r = super.onBeforeSuspendableRequest(details); const r = super.onBeforeSuspendableRequest(details);
if ( cnameUncloakEnabled === false ) { return r; }
if ( r !== undefined ) { if ( r !== undefined ) {
if ( if (
r.cancel === true || r.cancel === true ||
@ -212,25 +165,128 @@ vAPI.Net = class extends vAPI.Net {
return r; return r;
} }
} }
const hn = hostnameFromNetworkURL(details.url); if ( dnsEntry !== undefined ) {
const cnRecord = this.cnames.get(hn); if ( isPromise(dnsEntry) === false ) {
if ( cnRecord !== undefined ) { return this.onAfterDNSResolution(hn, details, dnsEntry);
return this.processCanonicalName(hn, cnRecord, details);
}
if ( details.proxyInfo && details.proxyInfo.proxyDNS ) { return; }
const documentUrl = details.documentUrl || details.url;
const isRootDocument = this.cnameIgnoreRootDocument &&
hn === hostnameFromNetworkURL(documentUrl);
return browser.dns.resolve(hn, [ 'canonical_name' ]).then(
rec => {
const cnRecord = this.recordCanonicalName(hn, rec, isRootDocument);
return this.processCanonicalName(hn, cnRecord, details);
},
( ) => {
this.cnames.set(hn, null);
} }
); }
if ( this.dnsShouldResolve(hn) === false ) { return; }
if ( details.proxyInfo?.proxyDNS ) { return; }
const promise = dnsEntry || this.dnsResolve(hn, details);
return promise.then(( ) => this.onAfterDNSResolution(hn, details));
} }
onAfterDNSResolution(hn, details, dnsEntry) {
if ( dnsEntry === undefined ) {
dnsEntry = this.dnsFromCache(hn);
if ( dnsEntry === undefined || isPromise(dnsEntry) ) { return; }
}
let proceed = false;
if ( dnsEntry.cname && this.cnameUncloakEnabled ) {
const newURL = this.uncloakURL(hn, dnsEntry, details);
if ( newURL ) {
details.aliasURL = details.url;
details.url = newURL;
proceed = true;
}
}
if ( dnsEntry.ip && details.ip !== dnsEntry.ip ) {
details.ip = dnsEntry.ip
proceed = true;
}
if ( proceed === false ) { return; }
// Must call method on base class
return super.onBeforeSuspendableRequest(details);
}
dnsToCache(hn, record, details) {
const i = this.dnsDict.get(hn);
if ( i === undefined ) { return; }
const dnsEntry = {
hn,
until: Date.now() + this.dnsEntryTTL,
};
if ( record ) {
const cname = this.cnameFromRecord(hn, record, details);
if ( cname ) { dnsEntry.cname = cname; }
const ip = this.ipFromRecord(record);
if ( ip ) { dnsEntry.ip = ip; }
}
this.dnsList[i] = dnsEntry;
return dnsEntry;
}
dnsFromCache(hn) {
const i = this.dnsDict.get(hn);
if ( i === undefined ) { return; }
const dnsEntry = this.dnsList[i];
if ( dnsEntry === null ) { return; }
if ( isPromise(dnsEntry) ) { return dnsEntry; }
if ( dnsEntry.hn !== hn ) { return; }
if ( dnsEntry.until >= Date.now() ) { return dnsEntry; }
this.dnsList[i] = null;
this.dnsDict.delete(hn)
}
dnsShouldResolve(hn) {
if ( hn === '' ) { return false; }
const c0 = hn.charCodeAt(0);
if ( c0 === 0x5B /* [ */ ) { return false; }
if ( c0 > 0x39 /* 9 */ ) { return true; }
return reIPv4.test(hn) === false;
}
dnsResolve(hn, details) {
const i = this.dnsWritePtr++;
this.dnsWritePtr %= this.dnsMaxCount;
this.dnsDict.set(hn, i);
const promise = dnsAPI.resolve(hn, [ 'canonical_name' ]).then(
rec => this.dnsToCache(hn, rec, details),
( ) => this.dnsToCache(hn)
);
return (this.dnsList[i] = promise);
}
cnameFromRecord(hn, record, details) {
const cn = record.canonicalName;
if ( cn === undefined ) { return; }
if ( cn === hn ) { return; }
if ( this.cnameIgnore1stParty ) {
if ( domainFromHostname(cn) === domainFromHostname(hn) ) { return; }
}
if ( this.cnameIgnoreList !== null ) {
if ( this.cnameIgnoreList.test(cn) === false ) { return; }
}
if ( this.cnameIgnoreRootDocument ) {
const origin = hostnameFromNetworkURL(details.documentUrl || details.url);
if ( hn === origin ) { return; }
}
return cn;
}
uncloakURL(hn, dnsEntry, details) {
const hnBeg = details.url.indexOf(hn);
if ( hnBeg === -1 ) { return; }
const oldURL = details.url;
const newURL = oldURL.slice(0, hnBeg) + dnsEntry.cname;
const hnEnd = hnBeg + hn.length;
if ( this.cnameReplayFullURL ) {
return newURL + oldURL.slice(hnEnd);
}
const pathBeg = oldURL.indexOf('/', hnEnd);
if ( pathBeg !== -1 ) {
return newURL + oldURL.slice(hnEnd, pathBeg + 1);
}
return newURL;
}
ipFromRecord(record) {
const { addresses } = record;
if ( Array.isArray(addresses) === false ) { return; }
if ( addresses.length === 0 ) { return; }
return addresses[0];
}
suspendOneRequest(details) { suspendOneRequest(details) {
const pending = { const pending = {
details: Object.assign({}, details), details: Object.assign({}, details),
@ -243,6 +299,7 @@ vAPI.Net = class extends vAPI.Net {
this.pendingRequests.push(pending); this.pendingRequests.push(pending);
return pending.promise; return pending.promise;
} }
unsuspendAllRequests(discard = false) { unsuspendAllRequests(discard = false) {
const pendingRequests = this.pendingRequests; const pendingRequests = this.pendingRequests;
this.pendingRequests = []; this.pendingRequests = [];
@ -254,6 +311,7 @@ vAPI.Net = class extends vAPI.Net {
); );
} }
} }
static canSuspend() { static canSuspend() {
return true; return true;
} }

2
platform/opera/manifest.json
View file

@ -88,7 +88,7 @@
}, },
"incognito": "split", "incognito": "split",
"manifest_version": 2, "manifest_version": 2,
"minimum_opera_version": "60.0", "minimum_opera_version": "67.0",
"name": "uBlock Origin", "name": "uBlock Origin",
"options_page": "dashboard.html", "options_page": "dashboard.html",
"permissions": [ "permissions": [

1
src/js/background.js
View file

@ -59,7 +59,6 @@ const hiddenSettingsDefault = {
cnameIgnore1stParty: true, cnameIgnore1stParty: true,
cnameIgnoreExceptions: true, cnameIgnoreExceptions: true,
cnameIgnoreRootDocument: true, cnameIgnoreRootDocument: true,
cnameMaxTTL: 120,
cnameReplayFullURL: false, cnameReplayFullURL: false,
consoleLogLevel: 'unset', consoleLogLevel: 'unset',
debugAssetsJson: false, debugAssetsJson: false,