rentgen/extended-request.ts

import { StolenDataEntry } from "./request-cluster";
import { getshorthost, parseCookie, Request } from "./util";

const whitelisted_cookies = [
  /^Accept.*$/,
  /^Host$/,
  /^Connection$/,
  /^Sec-Fetch-.*$/,
  /^Content-Type$/,
  /^Cookie$/, // we're extracting it in getCookie separately anyway
  /^User-Agent$/,
];

export default class ExtendedRequest {
  public tabId: number;
  public url: string;
  public requestHeaders: Request["requestHeaders"];
  public origin: string;
  public initialized = false;

  async init() {
    await this.cacheOrigin();
    this.initialized = true;
  }

  async cacheOrigin(): Promise<void> {
    let url: string;
    if (this.data.tabId && this.data.tabId >= 0) {
      const tab = await browser.tabs.get(this.data.tabId);
      url = tab.url;
    } else {
      url = (this.data as any).frameAncestors[0].url;
    }
    this.origin = new URL(url).origin;
  }

  getOrigin(): string {
    if (!this.initialized) {
      throw new Error("initialize first!!");
    }
    return this.origin;
  }

  isThirdParty() {
    const request_url = new URL(this.data.url);
    const origin_url = new URL(this.getOrigin());
    if (request_url.host.includes(origin_url.host)) {
      return false;
    }
    if (getshorthost(request_url.host) == getshorthost(origin_url.host)) {
      return false;
    }
    return (
      request_url.origin != origin_url.origin ||
      (this.data as any).urlClassification.thirdParty.length > 0
    );
  }

  getReferer() {
    return this.data.requestHeaders.filter((h) => h.name === "Referer")[0]
      .value;
  }

  exposesOrigin() {
    const url = new URL(this.getOrigin());
    const host = url.host;
    const path = url.pathname;
    return (
      this.getReferer().includes(host) ||
      this.getAllStolenData().filter(
        (entry) => entry.value.includes(host) || entry.value.includes(path)
      ).length > 0
    );
  }

  getAllStolenData(): StolenDataEntry[] {
    return [
      ...this.getPathParams(),
      ...this.getCookieData(),
      ...this.getQueryParams(),
      ...this.getHeadersData(),
    ];
  }

  getCookieData(): StolenDataEntry[] {
    if (!this.hasCookie() || this.getCookie() === undefined) {
      return [];
    }
    return Object.entries(parseCookie(this.getCookie()))
      .map(([key, value]) => [key, value || ""])
      .map(([key, value]) => new StolenDataEntry(this, "cookie", key, value));
  }

  hasReferer() {
    return this.data.requestHeaders.some((h) => h.name === "Referer");
  }

  hasCookie() {
    return this.data.requestHeaders.some((h) => h.name === "Cookie");
  }

  getCookie(): string {
    return this.requestHeaders.find((h) => h.name == "Cookie")?.value;
  }

  getPathParams(): StolenDataEntry[] {
    const url = new URL(this.data.url);
    const path = url.pathname;
    if (!path.includes(";")) {
      return [];
    }
    return path
      .split(";")
      .map((e) => e.split("="))
      .map(([key, value]) => [key, value || ""])
      .map(
        ([key, value]) =>
          new StolenDataEntry(this, "pathname", key, decodeURIComponent(value))
      );
  }

  getQueryParams(): StolenDataEntry[] {
    const url = new URL(this.data.url);
    return Array.from((url.searchParams as any).entries())
      .map(([key, value]) => [key, value || ""])
      .map(([key, value]) => {
        try {
          value = decodeURIComponent(value);
        } catch (e) {}
        return new StolenDataEntry(this, "queryparams", key, value);
      });
  }

  getHeadersData(): StolenDataEntry[] {
    return this.data.requestHeaders
      .filter((header) => {
        for (const regex of whitelisted_cookies) {
          if (regex.test(header.name)) {
            return false;
          }
        }
        return true;
      })
      .map(
        (header) =>
          new StolenDataEntry(this, "header", header.name, header.value)
      );
  }

  constructor(public data: Request) {
    this.tabId = data.tabId;
    this.url = data.url;
    this.requestHeaders = data.requestHeaders;
  }
}
New types of data 2021-10-03 18:13:36 +00:00			`import { StolenDataEntry } from "./request-cluster";`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`import { getshorthost, parseCookie, Request } from "./util";`
Working sidebar 2021-10-03 07:03:56 +00:00
Add headers data. Detect if a cookie is IAB consent 2021-10-06 15:22:33 +00:00			`const whitelisted_cookies = [`
			`/^Accept.*$/,`
			`/^Host$/,`
			`/^Connection$/,`
			`/^Sec-Fetch-.*$/,`
			`/^Content-Type$/,`
			`/^Cookie$/, // we're extracting it in getCookie separately anyway`
			`/^User-Agent$/,`
			`];`

Working sidebar 2021-10-03 07:03:56 +00:00			`export default class ExtendedRequest {`
			`public tabId: number;`
			`public url: string;`
			`public requestHeaders: Request["requestHeaders"];`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`public origin: string;`
			`public initialized = false;`
Working sidebar 2021-10-03 07:03:56 +00:00
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`async init() {`
			`await this.cacheOrigin();`
			`this.initialized = true;`
			`}`

			`async cacheOrigin(): Promise<void> {`
Working sidebar 2021-10-03 07:03:56 +00:00			`let url: string;`
			`if (this.data.tabId && this.data.tabId >= 0) {`
			`const tab = await browser.tabs.get(this.data.tabId);`
			`url = tab.url;`
			`} else {`
			`url = (this.data as any).frameAncestors[0].url;`
			`}`
Add option to clear cookies 2021-11-06 20:48:25 +00:00			`this.origin = new URL(url).origin;`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`}`

			`getOrigin(): string {`
			`if (!this.initialized) {`
			`throw new Error("initialize first!!");`
			`}`
			`return this.origin;`
Working sidebar 2021-10-03 07:03:56 +00:00			`}`

Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`isThirdParty() {`
Working sidebar 2021-10-03 07:03:56 +00:00			`const request_url = new URL(this.data.url);`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`const origin_url = new URL(this.getOrigin());`
Working sidebar 2021-10-03 07:03:56 +00:00			`if (request_url.host.includes(origin_url.host)) {`
			`return false;`
			`}`
			`if (getshorthost(request_url.host) == getshorthost(origin_url.host)) {`
			`return false;`
			`}`
			`return (`
			`request_url.origin != origin_url.origin \|\|`
			`(this.data as any).urlClassification.thirdParty.length > 0`
			`);`
			`}`

			`getReferer() {`
			`return this.data.requestHeaders.filter((h) => h.name === "Referer")[0]`
			`.value;`
			`}`

Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`exposesOrigin() {`
			`const url = new URL(this.getOrigin());`
			`const host = url.host;`
			`const path = url.pathname;`
			`return (`
			`this.getReferer().includes(host) \|\|`
			`this.getAllStolenData().filter(`
			`(entry) => entry.value.includes(host) \|\| entry.value.includes(path)`
			`).length > 0`
			`);`
			`}`

			`getAllStolenData(): StolenDataEntry[] {`
			`return [`
			`...this.getPathParams(),`
			`...this.getCookieData(),`
			`...this.getQueryParams(),`
Add headers data. Detect if a cookie is IAB consent 2021-10-06 15:22:33 +00:00			`...this.getHeadersData(),`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`];`
			`}`

			`getCookieData(): StolenDataEntry[] {`
			`if (!this.hasCookie() \|\| this.getCookie() === undefined) {`
			`return [];`
			`}`
			`return Object.entries(parseCookie(this.getCookie()))`
			`.map(([key, value]) => [key, value \|\| ""])`
			`.map(([key, value]) => new StolenDataEntry(this, "cookie", key, value));`
Working sidebar 2021-10-03 07:03:56 +00:00			`}`

			`hasReferer() {`
			`return this.data.requestHeaders.some((h) => h.name === "Referer");`
			`}`

			`hasCookie() {`
			`return this.data.requestHeaders.some((h) => h.name === "Cookie");`
			`}`

Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`getCookie(): string {`
Working sidebar 2021-10-03 07:03:56 +00:00			`return this.requestHeaders.find((h) => h.name == "Cookie")?.value;`
			`}`

New types of data 2021-10-03 18:13:36 +00:00			`getPathParams(): StolenDataEntry[] {`
			`const url = new URL(this.data.url);`
			`const path = url.pathname;`
			`if (!path.includes(";")) {`
			`return [];`
			`}`
			`return path`
			`.split(";")`
			`.map((e) => e.split("="))`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`.map(([key, value]) => [key, value \|\| ""])`
New types of data 2021-10-03 18:13:36 +00:00			`.map(`
			`([key, value]) =>`
Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`new StolenDataEntry(this, "pathname", key, decodeURIComponent(value))`
New types of data 2021-10-03 18:13:36 +00:00			`);`
			`}`

Add README and dedupe data entries 2021-10-04 16:51:51 +00:00			`getQueryParams(): StolenDataEntry[] {`
			`const url = new URL(this.data.url);`
			`return Array.from((url.searchParams as any).entries())`
			`.map(([key, value]) => [key, value \|\| ""])`
			`.map(([key, value]) => {`
			`try {`
			`value = decodeURIComponent(value);`
			`} catch (e) {}`
			`return new StolenDataEntry(this, "queryparams", key, value);`
			`});`
			`}`

Add headers data. Detect if a cookie is IAB consent 2021-10-06 15:22:33 +00:00			`getHeadersData(): StolenDataEntry[] {`
			`return this.data.requestHeaders`
			`.filter((header) => {`
			`for (const regex of whitelisted_cookies) {`
			`if (regex.test(header.name)) {`
			`return false;`
			`}`
			`}`
			`return true;`
			`})`
			`.map(`
			`(header) =>`
			`new StolenDataEntry(this, "header", header.name, header.value)`
			`);`
			`}`

Working sidebar 2021-10-03 07:03:56 +00:00			`constructor(public data: Request) {`
			`this.tabId = data.tabId;`
			`this.url = data.url;`
			`this.requestHeaders = data.requestHeaders;`
			`}`
			`}`