Skip to content

/ ghostery-extension

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH-1477 Wildcard/Regex Whitelisting #497

Closed
wants to merge 24 commits into from
+574 −176
Closed

GH-1477 Wildcard/Regex Whitelisting #497

Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
7db8cdd
Add regex and wildcard functionality to whitelist and blacklist
benstrumeyer Feb 8, 2020
7fdc2d8
Escape inputted regex and add error handling
benstrumeyer Feb 10, 2020
f07e151
Add escape-string-regexp dependency
benstrumeyer Feb 10, 2020
3cff5eb
Refactor matchesWildcardOrRegex and remove escape-strings-regex depen…
benstrumeyer Feb 11, 2020
a03896f
Make regex variables const
benstrumeyer Feb 11, 2020
b025685
Merge branch 'develop' into regex-whitelisting
christophertino Feb 14, 2020
3930487
Prevent ReDoS attack. Validate url, wildcard or regex. Update error m…
benstrumeyer Feb 18, 2020
48e8e60
Merge branch 'regex-whitelisting' of github.com:ghostery/ghostery-ext…
benstrumeyer Feb 18, 2020
63ec3b6
Remove newline
benstrumeyer Feb 18, 2020
fc1f621
Add period to error text
benstrumeyer Feb 18, 2020
fcd5e9a
Merge branch 'develop' into regex-whitelisting
benstrumeyer Feb 18, 2020
b9186bc
GH-1947 Plus checkout UTM params (#499)
benstrumeyer Feb 21, 2020
a726e87
update translations
christophertino Feb 21, 2020
be06d00
Add regex and wildcard functionality to whitelist and blacklist
benstrumeyer Feb 8, 2020
863f225
Escape inputted regex and add error handling
benstrumeyer Feb 10, 2020
032cbc6
Add escape-string-regexp dependency
benstrumeyer Feb 10, 2020
8a6533c
Refactor matchesWildcardOrRegex and remove escape-strings-regex depen…
benstrumeyer Feb 11, 2020
5e6e3c2
Make regex variables const
benstrumeyer Feb 11, 2020
16b89a7
Prevent ReDoS attack. Validate url, wildcard or regex. Update error m…
benstrumeyer Feb 18, 2020
1c63fcb
Remove newline
benstrumeyer Feb 18, 2020
d35ef22
Add period to error text
benstrumeyer Feb 18, 2020
6fdf07b
Create unit and snapshot test for isValidUrlWildcard function
benstrumeyer Feb 19, 2020
ab3ce25
Add unit tests for background portion
benstrumeyer Feb 21, 2020
abe1de5
Fix merge conflicts
benstrumeyer Feb 21, 2020
File filter
Filter file types
Clear filters
Jump to
Jump to file
Failed to load files.

Always

Just for now

Prev Next
Loading status checks…
Escape inputted regex and add error handling
  • Loading branch information
@benstrumeyer
benstrumeyer committed Feb 10, 2020
commit 7fdc2d8940bdddcad6cd1911fe05f3c1a121039d
11 src/classes/Policy.js
View file
Open in desktop
@@ -15,6 +15,7 @@

/* eslint no-param-reassign: 0 */

import escapeStringRegexp from 'escape-string-regexp';
import c2pDb from './Click2PlayDb';
import conf from './Conf';
import globals from './Globals';
@@ -184,14 +185,18 @@ class Policy {
* @return {boolean}
*/
matchesWildcardOrRegex(url, pattern) {
let regex;
let regex = escapeStringRegexp(pattern);
This conversation was marked as resolved by Eden12345

This comment has been minimized.

Sign in to view
@Eden12345

Eden12345 Feb 11, 2020
Contributor

I'm not sure if I'm missing something here with the node module you're using, but when do we actually use this value that the var regex is initialized with?

This comment has been minimized.

Sign in to view
@Eden12345

Eden12345 Feb 11, 2020
Contributor

Did you mean to pass the var regex to the first RegExp instantiation and the wildcardPattern var initialization? And if so, do you still need the try/catches?

This comment has been minimized.

Sign in to view
@benstrumeyer

benstrumeyer Feb 11, 2020
Author Contributor

Yup, that's absolutely what I meant to do. I was also able to get rid of the try/catches because of the escape function you commented below. Thanks for the help.
try {
regex = RegExp(pattern);
if (regex.test(url)) { return true; }
} catch {
const wildcardPattern = pattern.replace(/\*/g, '.*');
regex = RegExp(wildcardPattern);
if (regex.test(url)) { return true; }
try {
regex = RegExp(wildcardPattern);
if (regex.test(url)) { return true; }
} catch {
// Invalid pattern
}
}
return false;
}
ProTip! Use n and p to navigate between commits in a pull request.