Add stack trace check to cookie protection (#349)

* Add stack trace check to cookie protection
* Reinstate tracker expiry policy
* Move tracker lookup out of cookiePolicy to save the effort of copying
* Move args to class props
* Clean up access of featureSettings
* Add disclosure to code
* Simplify passing of config keys
* Move over tracker generation from the extension
* Use import.meta.trackerLookup everywhere instead of json import
* Add parsing of bundledConfig and made args private
* Support file writing output of bundledTrackers
* Handle updating the policy for non extension environments

Author: jonathanKingston

.eslintrc

@@ -11,7 +11,6 @@
         "$USER_PREFERENCES$": "readonly",
         "$USER_UNPROTECTED_DOMAINS$": "readonly",
         "$CONTENT_SCOPE$": "readonly",
-        "$TRACKER_LOOKUP$": "readonly",
         "$BUNDLED_CONFIG$": "readonly",
         "windowsInteropPostMessage": "readonly",
         "windowsInteropAddEventListener": "readonly",

inject/android.js

@@ -4,6 +4,7 @@
  */
 import { load, init, update } from '../src/content-scope-features.js'
 import { processConfig, isGloballyDisabled } from './../src/utils'
+import { isTrackerOrigin } from '../src/trackers'
 
 const allowedMessages = [
     'getClickToLoadState',
@@ -22,7 +23,9 @@ function initCode () {
     }
 
     load({
-        platform: processedConfig.platform
+        platform: processedConfig.platform,
+        trackerLookup: processedConfig.trackerLookup,
+        documentOriginIsTracker: isTrackerOrigin(processedConfig.trackerLookup)
     })
 
     const messageSecret = processedConfig.messageSecret

inject/apple.js

@@ -4,6 +4,7 @@
  */
 import { load, init } from '../src/content-scope-features.js'
 import { processConfig, isGloballyDisabled } from './../src/utils'
+import { isTrackerOrigin } from '../src/trackers'
 
 function initCode () {
     // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
@@ -13,7 +14,9 @@ function initCode () {
     }
 
     load({
-        platform: processedConfig.platform
+        platform: processedConfig.platform,
+        trackerLookup: processedConfig.trackerLookup,
+        documentOriginIsTracker: isTrackerOrigin(processedConfig.trackerLookup)
     })
 
     init(processedConfig)

inject/chrome-mv3.js

@@ -7,12 +7,14 @@ import { isTrackerOrigin } from '../src/trackers'
 
 const secret = (crypto.getRandomValues(new Uint32Array(1))[0] / 2 ** 32).toString().replace('0.', '')
 
+const trackerLookup = import.meta.trackerLookup
+
 load({
     platform: {
         name: 'extension'
     },
-    // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
-    documentOriginIsTracker: isTrackerOrigin($TRACKER_LOOKUP$),
+    trackerLookup,
+    documentOriginIsTracker: isTrackerOrigin(trackerLookup),
     // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
     bundledConfig: $BUNDLED_CONFIG$
 })

inject/chrome.js

@@ -38,8 +38,8 @@ function randomString () {
 }
 
 function init () {
-    // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
-    const documentOriginIsTracker = isTrackerOrigin($TRACKER_LOOKUP$)
+    const trackerLookup = import.meta.trackerLookup
+    const documentOriginIsTracker = isTrackerOrigin(trackerLookup)
     // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
     const bundledConfig = $BUNDLED_CONFIG$
     const randomMethodName = '_d' + randomString()
@@ -52,6 +52,7 @@ function init () {
           platform: {
               name: 'extension'
           },
+          trackerLookup: ${JSON.stringify(trackerLookup)},
           documentOriginIsTracker: ${documentOriginIsTracker},
           bundledConfig: ${JSON.stringify(bundledConfig)}
       })

inject/integration.js

@@ -1,4 +1,5 @@
 import { load, init } from '../src/content-scope-features.js'
+import { isTrackerOrigin } from '../src/trackers'
 function getTopLevelURL () {
     try {
         // FROM: https://stackoverflow.com/a/7739035/73479
@@ -15,6 +16,7 @@ function getTopLevelURL () {
 
 function generateConfig (data, userList) {
     const topLevelUrl = getTopLevelURL()
+    const trackerLookup = import.meta.trackerLookup
     return {
         debug: false,
         sessionKey: 'randomVal',
@@ -30,7 +32,8 @@ function generateConfig (data, userList) {
                 'fingerprintingScreenSize',
                 'navigatorInterface'
             ]
-        }
+        },
+        trackerLookup
     }
 }
 
@@ -71,7 +74,9 @@ async function initCode () {
     const processedConfig = generateConfig()
 
     load({
-        platform: processedConfig.platform
+        platform: processedConfig.platform,
+        trackerLookup: processedConfig.trackerLookup,
+        documentOriginIsTracker: isTrackerOrigin(processedConfig.trackerLookup)
     })
 
     // mark this phase as loaded

inject/mozilla.js

@@ -21,12 +21,13 @@ function randomString () {
 }
 
 function initCode () {
+    const trackerLookup = import.meta.trackerLookup
     load({
         platform: {
             name: 'extension'
         },
-        // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
-        documentOriginIsTracker: isTrackerOrigin($TRACKER_LOOKUP$),
+        trackerLookup,
+        documentOriginIsTracker: isTrackerOrigin(trackerLookup),
         // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
         bundledConfig: $BUNDLED_CONFIG$
     })

inject/windows.js

@@ -4,6 +4,7 @@
  */
 import { load, init } from '../src/content-scope-features.js'
 import { processConfig, isGloballyDisabled, windowsSpecificFeatures } from './../src/utils'
+import { isTrackerOrigin } from '../src/trackers'
 
 function initCode () {
     // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
@@ -13,7 +14,9 @@ function initCode () {
     }
 
     load({
-        platform: processedConfig.platform
+        platform: processedConfig.platform,
+        trackerLookup: processedConfig.trackerLookup,
+        documentOriginIsTracker: isTrackerOrigin(processedConfig.trackerLookup)
     })
 
     init(processedConfig)

integration-test/test-pages.js

@@ -21,7 +21,7 @@ describe('Test integration pages', () => {
         await teardown()
     })
 
-    it('Script that should not execute', async () => {
+    it('Should be successful page script check', async () => {
         const pages = {
             'runtime-checks/pages/basic-run.html': 'runtime-checks/config/basic-run.json',
             'runtime-checks/pages/filter-props.html': 'runtime-checks/config/filter-props.json',

package.json

@@ -10,7 +10,7 @@
     "postinstall": "npm run copy-sjcl",
     "copy-sjcl": "node scripts/generateSJCL.js",
     "bundle-config": "node scripts/bundleConfig.mjs",
-    "build": "npm run build-locales && npm run build-firefox && npm run build-chrome && npm run build-apple && npm run build-android && npm run build-windows && npm run build-integration && npm run build-chrome-mv3",
+    "build": "npm run build-locales && npm run bundle-trackers && npm run build-firefox && npm run build-chrome && npm run build-apple && npm run build-android && npm run build-windows && npm run build-integration && npm run build-chrome-mv3",
     "build-locales": "node scripts/buildLocales.js --dir src/locales/click-to-load --output build/locales/ctl-locales.js",
     "build-firefox": "node scripts/inject.js --platform firefox",
     "build-chrome": "node scripts/inject.js --platform chrome",
@@ -19,6 +19,7 @@
     "build-android": "node scripts/inject.js --platform android",
     "build-windows": "node scripts/inject.js --platform windows",
     "build-integration": "node scripts/inject.js --platform integration",
+    "bundle-trackers": "node scripts/bundleTrackers.mjs --output build/tracker-lookup.json",
     "docs": "typedoc",
     "docs-watch": "typedoc --watch",
     "postbuild": "npm run build --workspaces --if-present",

scripts/bundleTrackers.mjs

@@ -0,0 +1,33 @@
+import fetch from 'node-fetch'
+import { writeFileSync } from 'fs'
+import { parseArgs, write } from './script-utils.js'
+
+const tdsUrl = 'https://staticcdn.duckduckgo.com/trackerblocking/v4/tds.json'
+const resp = await fetch(tdsUrl)
+const tds = await resp.json()
+
+// Build a trie of tracker domains, starting with the broadest subdomain. Leaves are set to 1 to indicate success
+// i.e. lookup['com']['example'] === 1 if example.com is a tracker domain
+const trackerLookupTrie = {}
+function insert (domainParts, node) {
+    if (domainParts.length === 1) {
+        node[domainParts[0]] = 1
+    } else if (node[domainParts[0]]) {
+        insert(domainParts.slice(1), node[domainParts[0]])
+    } else {
+        node[domainParts[0]] = {}
+        insert(domainParts.slice(1), node[domainParts[0]])
+    }
+}
+Object.keys(tds.trackers).forEach((tracker) => {
+    insert(tracker.split('.').reverse(), trackerLookupTrie)
+})
+
+const outputString = JSON.stringify(trackerLookupTrie)
+const args = parseArgs(process.argv.slice(2), [])
+if (args.output) {
+    write([args.output], outputString)
+} else {
+    // Used by the extension code
+    console.log(outputString)
+}

scripts/generateSJCL.js

@@ -1,5 +1,4 @@
-// @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
-import fs from 'fs/promises'
+import { readFile, writeFile } from 'fs/promises'
 import { existsSync } from 'fs'
 // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
 import util from 'util'
@@ -18,14 +17,14 @@ async function init () {
     }
 
     await exec('cd node_modules/sjcl/ && perl ./configure --no-export --compress=none --without-all --with-hmac --with-codecHex && make')
-    const sjclFileContents = await fs.readFile('node_modules/sjcl/sjcl.js')
+    const sjclFileContents = await readFile('node_modules/sjcl/sjcl.js')
     // Reexport the file as es6 module format
     const contents = `// @ts-nocheck
     export const sjcl = (() => {
     ${sjclFileContents}
     return sjcl;
   })()`
-    fs.writeFile('lib/sjcl.js', contents)
+    writeFile('lib/sjcl.js', contents)
 }
 
 init()

scripts/utils/build.js

@@ -5,6 +5,7 @@ import resolve from '@rollup/plugin-node-resolve'
 import css from 'rollup-plugin-import-css'
 import svg from 'rollup-plugin-svg-import'
 import { runtimeInjected, platformSupport } from '../../src/features.js'
+import { readFileSync } from 'fs'
 
 /**
  * This is a helper function to require all files in a directory
@@ -81,9 +82,11 @@ export async function rollupScript (params) {
         supportsMozProxies = false
     } = params
 
+    const trackerLookupData = readFileSync('./build/tracker-lookup.json', 'utf8')
+    const extensions = ['firefox', 'chrome', 'chrome-mv3']
+    const trackerLookup = extensions.includes(platform) ? '$TRACKER_LOOKUP$' : trackerLookupData
     // The code is using a global, that we define here which means once tree shaken we get a browser specific output.
     const mozProxies = supportsMozProxies
-
     const plugins = [
         css(),
         svg({
@@ -98,7 +101,9 @@ export async function rollupScript (params) {
             values: {
                 // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
                 mozProxies,
-                'import.meta.injectName': JSON.stringify(platform)
+                'import.meta.injectName': JSON.stringify(platform),
+                // To be replaced by the extension, but prevents tree shaking
+                'import.meta.trackerLookup': trackerLookup
             }
         }),
         prefixPlugin(prefixMessage)