Permalink
Browse files

Refine api leak check whitelist

  • Loading branch information...
1 parent 3fcb12c commit 0118d671769109dbbdfbbe9e27ce0da3dc07887a @nmaier nmaier committed Nov 20, 2014
Showing with 23 additions and 8 deletions.
  1. +3 −1 extension/modules/api.js
  2. +20 −7 extension/modules/commonjs/security/api-check-filenames.js
View
@@ -19,8 +19,10 @@ lazyImport(this, "resource://scriptish/api/GM_xmlhttpRequester.js", ["GM_xmlhttp
lazyImport(this, "resource://scriptish/api/GM_Resources.js", ["GM_Resources"]);
lazyImport(this, "resource://scriptish/api/GM_setClipboard.js", ["GM_setClipboard"]);
-const { add, check } = jetpack('scriptish/security/api-check-filenames');
+const { add, addPrefix, check } = jetpack('scriptish/security/api-check-filenames');
add(Components.stack.filename);
+addPrefix("resource://gre/modules/");
+addPrefix("resource://gre/components/");
const NS_XHTML = "http://www.w3.org/1999/xhtml";
const DOLITTLE = function(){};
@@ -1,19 +1,32 @@
"use strict";
+let compiled = null;
let filenames = [];
+let prefixes = [];
+
+const escapeRegex = string => string.replace(/([.*+?^${}()|\[\]\/\\])/g, "\\$1");
+
+function compile() {
+ let rv = filenames.map(e => "^" + escapeRegex(e) + "$").
+ concat(prefixes.map(e => "^" + escapeRegex(e))).
+ join("|");
+ compiled = new RegExp(rv);
+}
function add(filename) {
filenames.push(filename);
- return;
+ compile();
}
exports.add = add;
+let prefixes = [];
+function addPrefix(prefix) {
+ prefixes.push(prefix);
+ compile();
+}
+exports.addPrefix = addPrefix;
+
function check(filename) {
- for (let i = filenames.length - 1; i >= 0; i--) {
- if (filenames[i] == filename) {
- return true;
- }
- }
- return false;
+ return compiled.test(filename);
}
exports.check = check;

0 comments on commit 0118d67

Please sign in to comment.