From 1e01979e41901e19aaf25c88f1a15dcaf51d2c69 Mon Sep 17 00:00:00 2001 From: hackademix Date: Sun, 19 Apr 2020 23:43:28 +0200 Subject: [XSS] Fixed false positives and timeouts (thanks riaggren for report). --- src/bg/main.js | 2 +- src/xss/InjectionCheckWorker.js | 2 +- src/xss/InjectionChecker.js | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/bg/main.js b/src/bg/main.js index b09dcb1..aaa60e8 100644 --- a/src/bg/main.js +++ b/src/bg/main.js @@ -296,7 +296,7 @@ async collectSeen(tabId) { try { - let seen = Array.from(await Messages.send("collect", {}, {tabId, frameId: 0})); + let seen = Array.from(await Messages.send("collect", {uiid: ns.local.uiid}, {tabId, frameId: 0})); debug("Collected seen", seen); return seen; } catch (e) { diff --git a/src/xss/InjectionCheckWorker.js b/src/xss/InjectionCheckWorker.js index 47f007d..50ab138 100644 --- a/src/xss/InjectionCheckWorker.js +++ b/src/xss/InjectionCheckWorker.js @@ -74,7 +74,7 @@ Entities = { if (msg.handler in Handlers) try { await Handlers[msg.handler](msg); } catch (e) { - postMessage({error: e}); + postMessage({error: e.message}); } } diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 2ea7a25..9b306eb 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -327,7 +327,7 @@ XSS.InjectionChecker = (async () => { _assignmentRx: /^(?:[^()="'\s]+=(?:[^(='"\[+]+|[?a-zA-Z_0-9;,&=/]+|[\d.|]+))$/, _badRightHandRx: /=[\s\S]*(?:_QS_\b|[|.][\s\S]*source\b|<[\s\S]*\/[^>]*>)/, _wikiParensRx: /^(?:[\w.|-]+\/)*\(*[\w\s-]+\([\w\s-]+\)[\w\s-]*\)*$/, - _neutralDotsRx: /(?:^|[\/;&#])[\w-]+\.[\w-]+[\?;\&#]/g, + _neutralDotsOrParensRx: /(?:^|[\/;&#])(?:[\w-]+\.[\w-]+[\?;\&#]|[\s\d]*\()/g, _openIdRx: /^scope=(?:\w+\+)\w/, // OpenID authentication scope parameter, see http://forums.informaction.com/viewtopic.php?p=69851#p69851 _gmxRx: /\$\(clientName\)-\$\(dataCenter\)\.(\w+\.)+\w+/, // GMX webmail, see http://forums.informaction.com/viewtopic.php?p=69700#p69700 @@ -354,7 +354,7 @@ XSS.InjectionChecker = (async () => { return this._singleAssignmentRx.test(expr) || this._riskyAssignmentRx.test(expr) && this._nameRx.test(expr); return this._riskyParensRx.test(expr) || - this._maybeJSRx.test(expr.replace(this._neutralDotsRx, '')) && + this._maybeJSRx.test(expr.replace(this._neutralDotsOrParensRx, '')) && !this._wikiParensRx.test(expr); }, @@ -457,7 +457,7 @@ XSS.InjectionChecker = (async () => { checkLastFunction: function() { var fn = this.syntax.lastFunction; if (!fn) return false; - var m = fn.toSource().match(/\{([\s\S]*)\}/); + var m = fn.toString().match(/\{([\s\S]*)\}/); if (!m) return false; var expr = this.stripLiteralsAndComments(m[1]); return /=[\s\S]*cookie|\b(?:setter|document|location|(?:inn|out)erHTML|\.\W*src)[\s\S]*=|[\w$\u0080-\uffff\)\]]\s*[\[\(]/.test(expr) || @@ -778,7 +778,7 @@ XSS.InjectionChecker = (async () => { if (ret) { let msg = "JavaScript Injection in " + s; if (this.syntax.lastFunction) { - msg += "\n" + this.syntax.lastFunction.toSource(); + msg += `\n${this.syntax.lastFunction}`; } this.escalate(msg); } -- cgit v1.2.3