1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/usr/bin/perl
use strict;
require LWP::UserAgent;
use LWP::Simple;
use Regexp::Assemble;
use File::stat;
use File::Basename;
use List::MoreUtils qw(uniq);
my $HTML_ATOMS_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/xpcom/ds/StaticAtoms.py";
my $HERE = dirname($0);
my $SOURCE_FILE = "$HERE/../src/xss/InjectionChecker.js";
sub create_re
{
my $cache = "$HERE/html5_events.re";
my $archive = "$HERE/html5_events_archive.txt";
my $sb = stat($cache);
if ($sb && time() - $sb->mtime < 86400)
{
open IN, "<$cache";
my @content = <IN>;
close IN;
return $content[0];
}
sub fetch_url
{
my $url = shift(@_);
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/5.0');
$ua->ssl_opts('verify_hostname' => 0);
my $res = $ua->get($url);
if ($res->is_success)
{
return $res->decoded_content;
}
else
{
my $err = $res->content;
my $ca_file = $ua->ssl_opts('SSL_ca_file');
die ("Could not fetch $url: $err\n$ca_file");
}
}
my $content = fetch_url($HTML_ATOMS_URL);
$content = join("\n", grep(/^\s*Atom\("on\w+"/, split(/[\n\r]/, $content)));
$content =~ s/.*"(on\w+)".*/$1 /g;
open IN, "<$archive";
my @archived = <IN>;
close IN;
$content .= join("\n", @archived);
$content =~ s/\s+/\n/g;
$content =~ s/^\s+|\s+$//g;
my @all_events = grep(!/^only$/, uniq(split("\n", $content)));
open (OUT, ">$archive");
print OUT join("\n", @all_events);
close OUT;
my $l = Regexp::Assemble->new;
$l->add(@all_events);
my $re = $l->re;
$re =~ s/\(\?[-^]\w+:(.*)\)/$1/;
open (OUT, ">$cache");
print OUT $re;
close OUT;
$re;
}
sub patch
{
my $src = shift;
my $dst = "$src.tmp";
my $re = create_re();
my $must_replace = 0;
print "Patching $src...\n";
open IN, "<$src" or die ("Can't open $src!");
open OUT, ">$dst" or die ("Can't open $dst!");
while (<IN>)
{
my $line = $_;
$must_replace = $line ne $_ if s/^(\s*const IC_EVENT_PATTERN\s*=\s*")([^"]+)/$1$re/;
print OUT $_;
}
close IN;
close OUT;
if ($must_replace) {
rename $dst, $src;
print "Patched.\n";
}
else
{
unlink $dst;
print "Nothing to do.\n";
}
}
patch($SOURCE_FILE);
|