Merge pull request #323 from brave/quoted-args

antonok-edm · web-flow · commit dd49b9b4c44a · 2023-11-07T15:24:26.000-08:00
Support quoted scriptlet arguments
diff --git a/src/engine.rs b/src/engine.rs
@@ -853,4 +853,39 @@ mod tests {
         assert_eq!(engine.url_cosmetic_resources("https://sub8.example.com").injected_script, wrap_try("trusted-set-cookie"));
         assert_eq!(engine.url_cosmetic_resources("https://sub9.example.com").injected_script, wrap_try("brave-fix"));
     }
+
+    #[test]
+    fn quoted_scriptlet_args() {
+        use crate::resources::{MimeType, ResourceType};
+
+        let resources = [
+            Resource {
+                name: "trusted-set-local-storage-item.js".into(),
+                aliases: vec![],
+                kind: ResourceType::Mime(MimeType::ApplicationJavascript),
+                content: base64::encode("function trustedSetLocalStorageItem(key = '', value = '') { setLocalStorageItemFn('local', true, key, value); }"),
+                dependencies: vec![],
+                permission: Default::default(),
+            },
+        ];
+
+        let mut filter_set = FilterSet::new(false);
+        filter_set.add_filters([
+            r#"dailymail.co.uk##+js(trusted-set-local-storage-item, mol.ads.cmp.tcf.cache, '{"getTCData":{"cmpId":27,"cmpVersion":3,"gdprApplies":true,"tcfPolicyVersion":2,"tcString":"CPyz5QAPyz5QAAbADCENC6CgAAAAAAAAAAwIAAASjAJINW4gCLMscGaQEIoEAIgjCQggUAAFAILRAQAODgp2VgE6MIkAAAUARABAhwAQAQCAAASABCAAJAAwQAAAiAQAAAAQCAAAMCAILACgAAAABANAhRCgAECQAyIAIpTAgKgSCAFsKAAADJCQCAKgMAKARGgEACIIARGAAACwMAgBICFggABMQbBAAMACAESoBoCTEwBACDQFgBkADLAGzAPsA_ACAAEFAIwASYAp8BaAFpAOqAfIBDoCJgEiAKRAXIAyMBk4DlAI_gSKEQEwBkADLAGzAPsA_ACAAEYAJMAU8A6oB8gEOgJEAUiAuQBkYDJwHKAR_AkU.f_gAAagAAAAA","eventStatus":"useractioncomplete","cmpStatus":"loaded","isServiceSpecific":true,"useNonStandardStacks":false,"publisherCC":"GB","purposeOneTreatment":false,"addtlConsent":"1~","acmVersion":2,"molGvlVersion":"186.gb.web","nrvString":"1~","nrvVersion":1,"repromptVersion":5},"getStoredRepromptVersion":5,"hasUserConsentedToAll":false,"hasUserDissentedToAll":true,"getConsentDegree":"no","getValidTCData":{"cmpId":27,"cmpVersion":3,"gdprApplies":true,"tcfPolicyVersion":2,"tcString":"CPyz5QAPyz5QAAbADCENC6CgAAAAAAAAAAwIAAASjAJINW4gCLMscGaQEIoEAIgjCQggUAAFAILRAQAODgp2VgE6MIkAAAUARABAhwAQAQCAAASABCAAJAAwQAAAiAQAAAAQCAAAMCAILACgAAAABANAhRCgAECQAyIAIpTAgKgSCAFsKAAADJCQCAKgMAKARGgEACIIARGAAACwMAgBICFggABMQbBAAMACAESoBoCTEwBACDQFgBkADLAGzAPsA_ACAAEFAIwASYAp8BaAFpAOqAfIBDoCJgEiAKRAXIAyMBk4DlAI_gSKEQEwBkADLAGzAPsA_ACAAEYAJMAU8A6oB8gEOgJEAUiAuQBkYDJwHKAR_AkU.f_gAAagAAAAA","listenerId":1,"eventStatus":"useractioncomplete","cmpStatus":"loaded","isServiceSpecific":true,"useNonStandardStacks":false,"publisherCC":"GB","purposeOneTreatment":false,"addtlConsent":"1~","acmVersion":2,"molGvlVersion":"186.gb.web","nrvString":"1~","nrvVersion":1,"repromptVersion":5}}')"#,
+            // invalid - unclosed quoted arg
+            r#"example.com##+js(trusted-set-local-storage-item, "test)"#,
+            // invalid - closing quote does not surround the argument
+            r#"example.com##+js(trusted-set-local-storage-item, "test"test, 3)"#,
+        ], Default::default());
+
+        let mut engine = Engine::from_filter_set(filter_set, true);
+        engine.use_resources(resources);
+
+        assert_eq!(engine.url_cosmetic_resources("https://dailymail.co.uk").injected_script, r#"try {
+(function trustedSetLocalStorageItem(key = '', value = '') { setLocalStorageItemFn('local', true, key, value); })("mol.ads.cmp.tcf.cache", "{\"getTCData\":{\"cmpId\":27,\"cmpVersion\":3,\"gdprApplies\":true,\"tcfPolicyVersion\":2,\"tcString\":\"CPyz5QAPyz5QAAbADCENC6CgAAAAAAAAAAwIAAASjAJINW4gCLMscGaQEIoEAIgjCQggUAAFAILRAQAODgp2VgE6MIkAAAUARABAhwAQAQCAAASABCAAJAAwQAAAiAQAAAAQCAAAMCAILACgAAAABANAhRCgAECQAyIAIpTAgKgSCAFsKAAADJCQCAKgMAKARGgEACIIARGAAACwMAgBICFggABMQbBAAMACAESoBoCTEwBACDQFgBkADLAGzAPsA_ACAAEFAIwASYAp8BaAFpAOqAfIBDoCJgEiAKRAXIAyMBk4DlAI_gSKEQEwBkADLAGzAPsA_ACAAEYAJMAU8A6oB8gEOgJEAUiAuQBkYDJwHKAR_AkU.f_gAAagAAAAA\",\"eventStatus\":\"useractioncomplete\",\"cmpStatus\":\"loaded\",\"isServiceSpecific\":true,\"useNonStandardStacks\":false,\"publisherCC\":\"GB\",\"purposeOneTreatment\":false,\"addtlConsent\":\"1~\",\"acmVersion\":2,\"molGvlVersion\":\"186.gb.web\",\"nrvString\":\"1~\",\"nrvVersion\":1,\"repromptVersion\":5},\"getStoredRepromptVersion\":5,\"hasUserConsentedToAll\":false,\"hasUserDissentedToAll\":true,\"getConsentDegree\":\"no\",\"getValidTCData\":{\"cmpId\":27,\"cmpVersion\":3,\"gdprApplies\":true,\"tcfPolicyVersion\":2,\"tcString\":\"CPyz5QAPyz5QAAbADCENC6CgAAAAAAAAAAwIAAASjAJINW4gCLMscGaQEIoEAIgjCQggUAAFAILRAQAODgp2VgE6MIkAAAUARABAhwAQAQCAAASABCAAJAAwQAAAiAQAAAAQCAAAMCAILACgAAAABANAhRCgAECQAyIAIpTAgKgSCAFsKAAADJCQCAKgMAKARGgEACIIARGAAACwMAgBICFggABMQbBAAMACAESoBoCTEwBACDQFgBkADLAGzAPsA_ACAAEFAIwASYAp8BaAFpAOqAfIBDoCJgEiAKRAXIAyMBk4DlAI_gSKEQEwBkADLAGzAPsA_ACAAEYAJMAU8A6oB8gEOgJEAUiAuQBkYDJwHKAR_AkU.f_gAAagAAAAA\",\"listenerId\":1,\"eventStatus\":\"useractioncomplete\",\"cmpStatus\":\"loaded\",\"isServiceSpecific\":true,\"useNonStandardStacks\":false,\"publisherCC\":\"GB\",\"purposeOneTreatment\":false,\"addtlConsent\":\"1~\",\"acmVersion\":2,\"molGvlVersion\":\"186.gb.web\",\"nrvString\":\"1~\",\"nrvVersion\":1,\"repromptVersion\":5}}")
+} catch ( e ) { }
+"#.to_owned());
+
+        assert_eq!(engine.url_cosmetic_resources("https://example.com").injected_script, "");
+    }
 }
diff --git a/src/filters/cosmetic.rs b/src/filters/cosmetic.rs
@@ -38,6 +38,8 @@ pub enum CosmeticFilterError {
     EmptyRule,
     #[error("html filtering is unsupported")]
     HtmlFilteringUnsupported,
+    #[error("scriptlet args could not be parsed")]
+    InvalidScriptletArgs,
 }
 
 /// Refer to <https://github.com/uBlockOrigin/uBlock-issues/wiki/Static-filter-syntax#action-operators>
@@ -349,6 +351,10 @@ impl CosmeticFilter {
                 if sharp_index == 0 {
                     return Err(CosmeticFilterError::GenericScriptInject);
                 }
+                let args = &line[suffix_start_index + 4..line.len() - 1];
+                if crate::resources::parse_scriptlet_args(args).is_none() {
+                    return Err(CosmeticFilterError::InvalidScriptletArgs);
+                }
                 mask |= CosmeticFilterMask::SCRIPT_INJECT;
                 (
                     String::from(&line[suffix_start_index + 4..line.len() - 1]),
diff --git a/src/resources/mod.rs b/src/resources/mod.rs
@@ -15,6 +15,7 @@ pub mod resource_assembler;
 mod resource_storage;
 #[doc(inline)]
 pub use resource_storage::{AddResourceError, ResourceStorage, ScriptletResourceError};
+pub(crate) use resource_storage::parse_scriptlet_args;
 
 use memchr::memrchr as find_char_reverse;
 use serde::{Deserialize, Serialize};
diff --git a/src/resources/resource_storage.rs b/src/resources/resource_storage.rs

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,8 @@ pub enum CosmeticFilterError {`
`38`	`38`	`EmptyRule,`
`39`	`39`	`#[error("html filtering is unsupported")]`
`40`	`40`	`HtmlFilteringUnsupported,`
	`41`	`+ #[error("scriptlet args could not be parsed")]`
	`42`	`+ InvalidScriptletArgs,`
`41`	`43`	`}`
`42`	`44`
`43`	`45`	`/// Refer to <https://github.com/uBlockOrigin/uBlock-issues/wiki/Static-filter-syntax#action-operators>`
`@@ -349,6 +351,10 @@ impl CosmeticFilter {`
`349`	`351`	`if sharp_index == 0 {`
`350`	`352`	`return Err(CosmeticFilterError::GenericScriptInject);`
`351`	`353`	`}`
	`354`	`+ let args = &line[suffix_start_index + 4..line.len() - 1];`
	`355`	`+ if crate::resources::parse_scriptlet_args(args).is_none() {`
	`356`	`+ return Err(CosmeticFilterError::InvalidScriptletArgs);`
	`357`	`+ }`
`352`	`358`	`mask \|= CosmeticFilterMask::SCRIPT_INJECT;`
`353`	`359`	`(`
`354`	`360`	`String::from(&line[suffix_start_index + 4..line.len() - 1]),`