From 849fd0c7a93e78a588c426706ecbd5bcaefa4248 Mon Sep 17 00:00:00 2001 From: hackademix Date: Tue, 3 Jul 2018 17:36:36 +0200 Subject: Minor build script and code tree cleanup, including license info inside the XPI. --- build.sh | 11 +++-- html5_events.pl | 99 -------------------------------------------- html5_events.re | 1 - html5_events/html5_events.pl | 99 ++++++++++++++++++++++++++++++++++++++++++++ html5_events/html5_events.re | 1 + 5 files changed, 105 insertions(+), 106 deletions(-) delete mode 100644 html5_events.pl delete mode 100644 html5_events.re create mode 100644 html5_events/html5_events.pl create mode 100644 html5_events/html5_events.re diff --git a/build.sh b/build.sh index 0159a17..ea1c8da 100644 --- a/build.sh +++ b/build.sh @@ -15,11 +15,11 @@ if ! [ $(date -r "$LIB/tld.js" +'%Y%m%d') -ge $(date +'%Y%m%d') ] && "$TLD/gene cp -u "$TLD/tld.js" $LIB fi -./html5_events.pl - -rm -rf $BUILD $XPI -cp -pR $SRC $BUILD +./html5_events/html5_events.pl +rm -rf "$BUILD" "$XPI" +cp -pR "$SRC" "$BUILD" +cp -p LICENSE.txt GPL.txt "$BUILD"/ if [[ $VER == *rc* ]]; then sed -re 's/^(\s+)"strict_min_version":.*$/\1"update_url": "https:\/\/secure.informaction.com\/update\/?v='$VER'",\n\0/' \ @@ -43,7 +43,7 @@ else fi echo "Creating $XPI.xpi..." -mkdir -p $XPI_DIR +mkdir -p "$XPI_DIR" "$BUILD_CMD" $BUILD_OPTS --source-dir=$(cygpath -w $BUILD) --artifacts-dir=$(cygpath -w $XPI_DIR) --ignore-files=test/XSS_test.js SIGNED="$XPI_DIR/noscript_security_suite-$VER-an+fx.xpi" @@ -56,5 +56,4 @@ else exit 3 fi echo "Created $XPI.xpi" - rm -rf "$BUILD" diff --git a/html5_events.pl b/html5_events.pl deleted file mode 100644 index 1fb02fe..0000000 --- a/html5_events.pl +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/perl -use strict; - -require LWP::UserAgent; -use LWP::Simple; -use RegExp::List; -use File::stat; -use File::Basename; -use List::MoreUtils qw(uniq); - -my $HTML5_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/parser/html/nsHtml5AtomList.h"; -my $GECKO_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/xpcom/ds/nsGkAtomList.h"; - -my $HERE = dirname($0); -my $SOURCE_FILE = $HERE . '/src/xss/InjectionChecker.js'; - -sub create_re -{ - my $cache = "$HERE/html5_events.re"; - my $sb = stat($cache); - - if ($sb && time() - $sb->mtime < 86400) - { - open IN, "<$cache"; - my @content = ; - close IN; - return $content[0]; - } - - sub fetch_url - { - my $url = shift(@_); - my $ua = LWP::UserAgent->new; - $ua->agent('Mozilla/5.0'); - $ua->ssl_opts('verify_hostname' => 0); - my $res = $ua->get($url); - if ($res->is_success) - { - return $res->decoded_content; - } - else - { - my $err = $res->content; - my $ca_file = $ua->ssl_opts('SSL_ca_file'); - die ("Could not fetch $url: $err\n$ca_file"); - } - } - - - my $content = # fetch_url($HTML5_URL) . - fetch_url($GECKO_URL); - - $content = join("\n", grep(/^(?:HTML5|GK)_ATOM.*"on\w+"/, split(/[\n\r]/, $content))); - - $content =~ s/.*"(on\w+)".*/$1 /g; - $content =~ s/\s+/ /g; - $content =~ s/^\s+|\s+$//g; - - my $l = Regexp::List->new; - my $re = $l->list2re(uniq(split(' ', $content))); - $re =~ s/\(\?[-^]\w+:(.*)\)/$1/; - open (OUT, ">$cache"); - print OUT $re; - close OUT; - $re; -} - -sub patch -{ - my $src = shift; - my $dst = "$src.tmp"; - my $re = create_re(); - my $must_replace = 0; - print "Patching $src...\n"; - open IN, "<$src" or die ("Can't open $src!"); - open OUT, ">$dst" or die ("Can't open $dst!"); - - while () - { - my $line = $_; - $must_replace = $line ne $_ if s/^(\s*const IC_EVENT_PATTERN\s*=\s*")([^"]+)/$1$re/; - - print OUT $_; - } - close IN; - close OUT; - - if ($must_replace) { - rename $dst, $src; - print "Patched.\n"; - } - else - { - unlink $dst; - print "Nothing to do.\n"; - } -} - -patch($SOURCE_FILE); diff --git a/html5_events.re b/html5_events.re deleted file mode 100644 index b59716d..0000000 --- a/html5_events.re +++ /dev/null @@ -1 +0,0 @@ -on(?:p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n)|positioned)|state))|a(?:(?:ymentmethodchang|st|us)e|ge(?:hide|show))|ush(?:subscriptionchange)?|ro(?:cessorerror|gress)|lay(?:ing)?|hoto)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|m(?:o(?:z(?:pointerlock(?:change|error)|fullscreen(?:change|error)|key(?:down|up)onplugin|accesskeynotfound|orientationchange)|use(?:l(?:ongtap|eave)|o(?:ver|ut)|enter|wheel|down|move|up))|(?:idimessag|ut)e|essage(?:error)?|ark)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rollerchange|extmenu)|nect(?:ionavailable)?)|py)|h(?:(?:arging(?:time)?ch)?ange|ecking)|a(?:n(?:play(?:through)?|cel)|ched)|u(?:echange|t)|l(?:ick|ose))|s(?:ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|t)|h(?:ipping(?:address|option)change|ow)|t(?:a(?:techange|lled|rt)|o(?:rage|p))|u(?:ccess|spend|bmit)|peech(?:start|end)|croll)|d(?:r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|leave|start|drop|over)?|in)|op)|evice(?:(?:orienta|mo)tion|proximity|change|light)|(?:ischargingtime|uration)change|ata(?:available)?|ownloading|blclick)|a(?:nimation(?:iteration|cancel|start|end)|u(?:dio(?:process|start|end)|xclick)|b(?:solutedeviceorientation|ort)|fter(?:scriptexecute|print)|dd(?:sourcebuffer|track)|ppinstalled|ctivate)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:ourcetimingbufferfull|ponseprogress|u(?:lt|me)|ize|et)|move(?:sourcebuffer|track)|adystatechange|pea(?:tEven)?t|questprogress)|atechange)|w(?:ebkit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|a(?:iting(?:forkey)?|rning)|heel)|v(?:rdisplay(?:(?:presentchang|activat)e|d(?:eactivate|isconnect)|connect)|o(?:iceschanged|lumechange)|(?:isibility|ersion)change)|b(?:e(?:fore(?:p(?:aste|rint)|scriptexecute|c(?:opy|ut)|unload)|gin(?:Event)?)|ufferedamountlow|l(?:ocked|ur)|roadcast|oundary)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ransition(?:cancel|start|end|run)|ime(?:update|out)|e(?:rminate|xt)|ypechange)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|stpointercapture)|(?:anguage|evel)change|y)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|n(?:derflow|load|mute)|serproximity)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|otpointercapture|et)|o(?:(?:rientationchang|(?:ff|n)lin|bsolet)e|verflow|pen)|e(?:n(?:d(?:Event|ed)?|crypted|ter)|mptied|rror|xit)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|no(?:tificationcl(?:ick|ose)|update|match)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:statuseschange|press|down|up)|(?:CheckboxStateC|hashc)hange|R(?:adioStateChange|equest)|in(?:stall|valid|put)|AppCommand|zoom) \ No newline at end of file diff --git a/html5_events/html5_events.pl b/html5_events/html5_events.pl new file mode 100644 index 0000000..b2e8bee --- /dev/null +++ b/html5_events/html5_events.pl @@ -0,0 +1,99 @@ +#!/usr/bin/perl +use strict; + +require LWP::UserAgent; +use LWP::Simple; +use RegExp::List; +use File::stat; +use File::Basename; +use List::MoreUtils qw(uniq); + +my $HTML5_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/parser/html/nsHtml5AtomList.h"; +my $GECKO_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/xpcom/ds/nsGkAtomList.h"; + +my $HERE = dirname($0); +my $SOURCE_FILE = "$HERE/../src/xss/InjectionChecker.js"; + +sub create_re +{ + my $cache = "$HERE/html5_events.re"; + my $sb = stat($cache); + + if ($sb && time() - $sb->mtime < 86400) + { + open IN, "<$cache"; + my @content = ; + close IN; + return $content[0]; + } + + sub fetch_url + { + my $url = shift(@_); + my $ua = LWP::UserAgent->new; + $ua->agent('Mozilla/5.0'); + $ua->ssl_opts('verify_hostname' => 0); + my $res = $ua->get($url); + if ($res->is_success) + { + return $res->decoded_content; + } + else + { + my $err = $res->content; + my $ca_file = $ua->ssl_opts('SSL_ca_file'); + die ("Could not fetch $url: $err\n$ca_file"); + } + } + + + my $content = # fetch_url($HTML5_URL) . + fetch_url($GECKO_URL); + + $content = join("\n", grep(/^(?:HTML5|GK)_ATOM.*"on\w+"/, split(/[\n\r]/, $content))); + + $content =~ s/.*"(on\w+)".*/$1 /g; + $content =~ s/\s+/ /g; + $content =~ s/^\s+|\s+$//g; + + my $l = Regexp::List->new; + my $re = $l->list2re(uniq(split(' ', $content))); + $re =~ s/\(\?[-^]\w+:(.*)\)/$1/; + open (OUT, ">$cache"); + print OUT $re; + close OUT; + $re; +} + +sub patch +{ + my $src = shift; + my $dst = "$src.tmp"; + my $re = create_re(); + my $must_replace = 0; + print "Patching $src...\n"; + open IN, "<$src" or die ("Can't open $src!"); + open OUT, ">$dst" or die ("Can't open $dst!"); + + while () + { + my $line = $_; + $must_replace = $line ne $_ if s/^(\s*const IC_EVENT_PATTERN\s*=\s*")([^"]+)/$1$re/; + + print OUT $_; + } + close IN; + close OUT; + + if ($must_replace) { + rename $dst, $src; + print "Patched.\n"; + } + else + { + unlink $dst; + print "Nothing to do.\n"; + } +} + +patch($SOURCE_FILE); diff --git a/html5_events/html5_events.re b/html5_events/html5_events.re new file mode 100644 index 0000000..b59716d --- /dev/null +++ b/html5_events/html5_events.re @@ -0,0 +1 @@ +on(?:p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n)|positioned)|state))|a(?:(?:ymentmethodchang|st|us)e|ge(?:hide|show))|ush(?:subscriptionchange)?|ro(?:cessorerror|gress)|lay(?:ing)?|hoto)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|m(?:o(?:z(?:pointerlock(?:change|error)|fullscreen(?:change|error)|key(?:down|up)onplugin|accesskeynotfound|orientationchange)|use(?:l(?:ongtap|eave)|o(?:ver|ut)|enter|wheel|down|move|up))|(?:idimessag|ut)e|essage(?:error)?|ark)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rollerchange|extmenu)|nect(?:ionavailable)?)|py)|h(?:(?:arging(?:time)?ch)?ange|ecking)|a(?:n(?:play(?:through)?|cel)|ched)|u(?:echange|t)|l(?:ick|ose))|s(?:ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|t)|h(?:ipping(?:address|option)change|ow)|t(?:a(?:techange|lled|rt)|o(?:rage|p))|u(?:ccess|spend|bmit)|peech(?:start|end)|croll)|d(?:r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|leave|start|drop|over)?|in)|op)|evice(?:(?:orienta|mo)tion|proximity|change|light)|(?:ischargingtime|uration)change|ata(?:available)?|ownloading|blclick)|a(?:nimation(?:iteration|cancel|start|end)|u(?:dio(?:process|start|end)|xclick)|b(?:solutedeviceorientation|ort)|fter(?:scriptexecute|print)|dd(?:sourcebuffer|track)|ppinstalled|ctivate)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:ourcetimingbufferfull|ponseprogress|u(?:lt|me)|ize|et)|move(?:sourcebuffer|track)|adystatechange|pea(?:tEven)?t|questprogress)|atechange)|w(?:ebkit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|a(?:iting(?:forkey)?|rning)|heel)|v(?:rdisplay(?:(?:presentchang|activat)e|d(?:eactivate|isconnect)|connect)|o(?:iceschanged|lumechange)|(?:isibility|ersion)change)|b(?:e(?:fore(?:p(?:aste|rint)|scriptexecute|c(?:opy|ut)|unload)|gin(?:Event)?)|ufferedamountlow|l(?:ocked|ur)|roadcast|oundary)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ransition(?:cancel|start|end|run)|ime(?:update|out)|e(?:rminate|xt)|ypechange)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|stpointercapture)|(?:anguage|evel)change|y)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|n(?:derflow|load|mute)|serproximity)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|otpointercapture|et)|o(?:(?:rientationchang|(?:ff|n)lin|bsolet)e|verflow|pen)|e(?:n(?:d(?:Event|ed)?|crypted|ter)|mptied|rror|xit)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|no(?:tificationcl(?:ick|ose)|update|match)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:statuseschange|press|down|up)|(?:CheckboxStateC|hashc)hange|R(?:adioStateChange|equest)|in(?:stall|valid|put)|AppCommand|zoom) \ No newline at end of file -- cgit v1.2.3