Merge pull request #244 from ezzak/improved_coverage

Coverage improvements

Author: rich-hansen

config/v2/manifest.json

@@ -59,6 +59,7 @@
         "webRequest",
         "https://*.privacy-auditability.cloudflare.com/",
         "https://static.xx.fbcdn.net/",
+        "https://static.cdninstagram.com/",
         "*://*.messenger.com/*",
         "*://*.facebook.com/*",
         "*://*.instagram.com/*",

config/v3/manifest.json

@@ -60,6 +60,7 @@
     "host_permissions": [
         "https://*.privacy-auditability.cloudflare.com/",
         "https://static.xx.fbcdn.net/",
+        "https://static.cdninstagram.com/",
         "*://*.messenger.com/*",
         "*://*.facebook.com/*",
         "*://*.instagram.com/*",

src/js/background.ts

@@ -13,7 +13,7 @@ import {
   updateContentScriptState,
 } from './background/tab_state_tracker/tabStateTracker';
 import setupCSPListener from './background/setupCSPListener';
-import setupNoCacheListeners from './background/setupNoCacheListeners';
+import setUpWebRequestsListener from './background/setUpWebRequestsListener';
 import {validateMetaCompanyManifest} from './background/validateMetaCompanyManifest';
 import {validateManifest} from './background/validateManifest';
 import isFbMsgrOrIgOrigin from './shared/isFbMsgrOrIgOrigin';
@@ -38,7 +38,10 @@ type Manifest = {
   leaves: Array<string>;
 };
 
-function logReceivedMessage(message: MessagePayload): void {
+function logReceivedMessage(
+  message: MessagePayload,
+  sender: chrome.runtime.MessageSender,
+): void {
   let logger = console.log;
   switch (message.type) {
     case MESSAGE_TYPE.UPDATE_STATE:
@@ -52,15 +55,15 @@ function logReceivedMessage(message: MessagePayload): void {
       logger = console.debug;
       break;
   }
-  logger?.('background, handleMessages', message);
+  logger?.(`handleMessages from tab:${sender.tab.id}`, message);
 }
 
 function handleMessages(
   message: MessagePayload,
   sender: chrome.runtime.MessageSender,
   sendResponse: (_: MessageResponse) => void,
 ): void | boolean {
-  logReceivedMessage(message);
+  logReceivedMessage(message, sender);
   if (message.type == MESSAGE_TYPE.LOAD_MANIFEST) {
     // validate manifest
     if (isFbMsgrOrIgOrigin(message.origin)) {
@@ -207,7 +210,7 @@ function handleMessages(
 chrome.runtime.onMessage.addListener(handleMessages);
 
 setupCSPListener(CSP_HEADERS, CSP_REPORT_HEADERS);
-setupNoCacheListeners(CACHED_SCRIPTS_URLS);
+setUpWebRequestsListener(CACHED_SCRIPTS_URLS);
 
 // Emulate PageActions
 chrome.runtime.onInstalled.addListener(() => {

src/js/background/setUpWebRequestsListener.ts

@@ -0,0 +1,116 @@
+/**
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+const isMetaInitiatedResponse = (
+  response: chrome.webRequest.WebResponseCacheDetails,
+) =>
+  [
+    'https://www.facebook.com',
+    'https://www.messenger.com',
+    'https://www.instagram.com',
+    'https://web.whatsapp.com',
+  ].some(v => response.initiator.includes(v));
+
+function checkResponseMIMEType(
+  response: chrome.webRequest.WebResponseCacheDetails,
+): void {
+  // Sniffable MIME types are a violation
+  if (
+    response.responseHeaders.find(header =>
+      header.name.includes('x-content-type-options'),
+    )?.value !== 'nosniff'
+  ) {
+    chrome.tabs.sendMessage(
+      response.tabId,
+      {
+        greeting: 'sniffableMimeTypeResource',
+        src: response.url,
+      },
+      {frameId: response.frameId},
+    );
+  }
+}
+
+export default function setUpWebRequestsListener(
+  cachedScriptsUrls: Map<number, Set<string>>,
+): void {
+  chrome.webRequest.onResponseStarted.addListener(
+    response => {
+      if (response.tabId === -1) {
+        if (!isMetaInitiatedResponse(response)) {
+          return;
+        }
+        checkResponseMIMEType(response);
+
+        // Potential `importScripts` call from Shared or Service Worker
+        if (
+          !response.url.startsWith('chrome-extension://') &&
+          !response.url.startsWith('moz-extension://') &&
+          response.type === 'script'
+        ) {
+          const origin = response.initiator;
+
+          // Send to all tabs of this origin
+          chrome.tabs.query({url: `${origin}/*`}, tabs => {
+            tabs.forEach(tab => {
+              chrome.tabs.sendMessage(
+                tab.id,
+                {
+                  greeting: 'checkIfScriptWasProcessed',
+                  response,
+                },
+                // Send this to the topframe since child frames
+                // might have a different origin
+                {frameId: 0},
+              );
+            });
+          });
+        }
+        return;
+      }
+
+      // Detect uncached responses
+      if (
+        response.type === 'xmlhttprequest' &&
+        cachedScriptsUrls.get(response.tabId)?.has(response.url)
+      ) {
+        if (!response.fromCache) {
+          chrome.tabs.sendMessage(
+            response.tabId,
+            {
+              greeting: 'nocacheHeaderFound',
+              uncachedUrl: response.url,
+            },
+            {frameId: response.frameId},
+          );
+        }
+        cachedScriptsUrls.get(response.tabId)?.delete(response.url);
+        return;
+      }
+
+      if (response.type === 'script') {
+        checkResponseMIMEType(response);
+        /*
+         * Scripts could be from main thread or dedicates WebWorkers.
+         * Content scripts can't detect scripts from Workers so we need
+         * to send them back to content script for verification.
+         * */
+        chrome.tabs.sendMessage(
+          response.tabId,
+          {
+            greeting: 'checkIfScriptWasProcessed',
+            response,
+          },
+          {frameId: response.frameId},
+        );
+        return;
+      }
+    },
+    {urls: ['<all_urls>']},
+    ['responseHeaders'],
+  );
+}

src/js/background/setupNoCacheListeners.ts

@@ -36,6 +36,7 @@ const INLINE_SCRIPTS: Array<Map<string, string>> = [];
 
 // Map<version, Array<ScriptDetails>>
 export const FOUND_SCRIPTS = new Map<string, Array<ScriptDetails>>([['', []]]);
+const ALL_FOUND_SCRIPT_TAGS = new Set();
 
 type ScriptDetailsWithSrc = {
   otherType: string;
@@ -204,6 +205,7 @@ export function storeFoundJS(scriptNodeMaybe: HTMLScriptElement): void {
       src: scriptNodeMaybe.src,
       otherType, // TODO: read from DOM when available
     };
+    ALL_FOUND_SCRIPT_TAGS.add(scriptNodeMaybe.src);
   } else {
     // no src, access innerHTML for the code
     const hashLookupAttribute =
@@ -368,16 +370,18 @@ export const processFoundJS = async (version: string): Promise<void> => {
           if (response.type === 'EXTENSION') {
             updateCurrentState(STATES.RISK);
           } else {
-            updateCurrentState(STATES.INVALID, 'Invalid ScriptDetailsWithSrc');
+            updateCurrentState(
+              STATES.INVALID,
+              `Invalid ScriptDetailsWithSrc ${script.src}`,
+            );
           }
         }
         sendMessageToBackground({
           type: MESSAGE_TYPE.DEBUG,
           log:
-            'processed JS with SRC, ' +
-            script.src +
-            ',response is ' +
+            'processed JS with SRC response is ' +
             JSON.stringify(response).substring(0, 500),
+          src: script.src,
         });
       });
     } else {
@@ -471,13 +475,37 @@ export function startFor(
   }
 }
 
-chrome.runtime.onMessage.addListener(function (request) {
+chrome.runtime.onMessage.addListener(request => {
   if (request.greeting === 'downloadSource' && DOWNLOAD_JS_ENABLED) {
     downloadJSArchive(SOURCE_SCRIPTS, INLINE_SCRIPTS);
   } else if (request.greeting === 'nocacheHeaderFound') {
     updateCurrentState(
       STATES.INVALID,
       `Detected uncached script ${request.uncachedUrl}`,
     );
+  } else if (request.greeting === 'checkIfScriptWasProcessed') {
+    if (!ALL_FOUND_SCRIPT_TAGS.has(request.response.url)) {
+      if (
+        'serviceWorker' in navigator &&
+        navigator.serviceWorker.controller?.scriptURL === request.response.url
+      ) {
+        return;
+      }
+      sendMessageToBackground({
+        type: MESSAGE_TYPE.DEBUG,
+        log: `Tab is processing ${request.response.url}`,
+      });
+      ALL_FOUND_SCRIPT_TAGS.add(request.response.url);
+      FOUND_SCRIPTS.get(FOUND_SCRIPTS.keys().next().value).push({
+        src: request.response.url,
+        otherType: currentFilterType,
+      });
+      updateCurrentState(STATES.PROCESSING);
+    }
+  } else if (request.greeting === 'sniffableMimeTypeResource') {
+    updateCurrentState(
+      STATES.INVALID,
+      `Sniffable MIME type resource: ${request.src}`,
+    );
   }
 });

src/js/contentUtils.ts

@@ -27,6 +27,7 @@ export type MessagePayload =
   | {
       type: typeof MESSAGE_TYPE.DEBUG;
       log: string;
+      src?: string;
     }
   | {
       type: typeof MESSAGE_TYPE.STATE_UPDATED;