Testing and cleanup

Author: jonathanKingston

integration-test/test-pages.js

@@ -27,7 +27,8 @@ describe('Test integration pages', () => {
             'runtime-checks/pages/replace-element.html': 'runtime-checks/config/replace-element.json',
             'runtime-checks/pages/filter-props.html': 'runtime-checks/config/filter-props.json',
             'runtime-checks/pages/shadow-dom.html': 'runtime-checks/config/shadow-dom.json',
-            'runtime-checks/pages/script-overload.html': 'runtime-checks/config/script-overload.json'
+            'runtime-checks/pages/script-overload.html': 'runtime-checks/config/script-overload.json',
+            'runtime-checks/pages/generic-overload.html': 'runtime-checks/config/generic-overload.json'
         }
         for (const pageName in pages) {
             const configName = pages[pageName]

integration-test/test-pages/runtime-checks/config/generic-overload.json

@@ -0,0 +1,45 @@
+{
+    "features": {
+        "runtimeChecks": {
+            "state": "enabled",
+            "exceptions": [],
+            "settings": {
+                "taintCheck": "enabled",
+                "matchAllDomains": "enabled",
+                "matchAllStackDomains": "enabled",
+                "overloadInstanceOf": "enabled",
+                "domains": [
+                ],
+                "stackDomains": [
+                ],               
+                "scriptOverload": {
+                },
+                "breakpoints": [
+                    {"height": 768, "width": 1024},
+                    {"height": 1024, "width": 768},
+                    {"height": 375, "width": 812},
+                    {"height": 812, "width": 375}
+                ],
+                "injectGenericOverloads": {
+                    "Date": {},
+                    "Date.prototype.getTimezoneOffset": {},
+                    "NavigatorUAData.prototype.getHighEntropyValues": {},
+                    "localStorage": {
+                        "scheme": "session"
+                    },
+                    "sessionStorage": {
+                        "scheme": "memory"
+                    },
+                    "innerHeight": {
+                        "offset": 100
+                    },
+                    "innerWidth":  {
+                        "offset": 100
+                    },
+                    "Screen.prototype.height": {},
+                    "Screen.prototype.width": {}
+                }
+            }
+        }
+    }
+}

integration-test/test-pages/runtime-checks/index.html

@@ -7,13 +7,34 @@
 </head>
 <body>
     <p><a href="../../index.html">[Home]</a></p>
+    <script>
+      function makeLinkElement (link) {
+          const listItem = document.createElement('li')
+          const linkElement = document.createElement('a')
+          linkElement.href = link.href
+          linkElement.innerText = link.text
+      }
+      async function init () {
+        console.log('init')
+          const response = await fetch('./pages.json')
+          const pages = await response.json()
+          const ulElement = document.querySelector('ul')
+          for (const page of pages) {
+              const linkElement = makeLinkElement(page)
+              ulElement.appendChild(linkElement)
+          }
+      }
+      init()
+    </script>
 
     <p>Runtime element interrogation (runtimeChecks) allows our clients the ability to validate, inspect and modify elements as they get injected into a web page by website scripts.</p>
     <ul>
+      <!--
       <li><a href="./pages/basic-run.html">Basic Run</a> - <a href="./config/basic-run.json">Config</a></li>
       <li><a href="./pages/filter-props.html">Filter props</a> - <a href="./config/filter-props.json">Config</a></li>
       <li><a href="./pages/script-overload.html">Script overloading</a> - <a href="./config/script-overload.json">Config</a></li>
       <li><a href="./pages/shadow-dom.html">Shadow dom support</a> - <a href="./config/shadow-dom.json">Config</a></li>
+      -->
     </ul>
 
 </body>

integration-test/test-pages/runtime-checks/pages.json

@@ -0,0 +1,26 @@
+{
+    "Basic Run": {
+        "html": "runtime-checks/pages/basic-run.html",
+        "config": "runtime-checks/config/basic-run.json"
+    },
+    "Replace element": {
+        "html": "runtime-checks/pages/replace-element.html",
+        "config": "runtime-checks/config/replace-element.json"
+    },
+    "Filter props": {
+        "html": "runtime-checks/pages/filter-props.html",
+        "config": "runtime-checks/config/filter-props.json"
+    },
+    "Shadow DOM": {
+        "html": "runtime-checks/pages/shadow-dom.html",
+        "config": "runtime-checks/config/shadow-dom.json"
+    },
+    "Script overload": {
+        "html": "runtime-checks/pages/script-overload.html",
+        "config": "runtime-checks/config/script-overload.json"
+    },
+    "Generic overload": {
+        "html": "runtime-checks/pages/generic-overload.html",
+        "config": "runtime-checks/config/generic-overload.json"
+    }
+}

integration-test/test-pages/runtime-checks/pages/generic-overload.html

@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width">
+  <title>Runtime checks</title>
+  <link rel="stylesheet" href="../../shared/style.css">
+</head>
+<body>
+    <script src="../../shared/utils.js"></script>
+    <p><a href="../index.html">[Runtime checks]</a></p>
+
+    <p>This page verifies that script overloading works <a href="../config/script-overload.json">config</a></p>
+
+    <script>
+        test('Script should have generic overloaded changes', async () => {
+            // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+            window.scriptOutput = false;
+            window.scriptyRan = false;
+            const scriptElement = document.createElement('script');
+            scriptElement.src = './../../shared/replay.js';
+            scriptElement.id = 'overloadedScript';
+            let resolver
+            const promise = new Promise((resolve) => {
+                resolver = resolve
+            })
+            scriptElement.onload = () => {
+                resolver()
+            }
+            document.body.appendChild(scriptElement);
+            await promise
+            console.log(window.scriptyRan, window.replayScript)
+            localStorage.clear()
+            replayScript(`
+                localStorage.clear();
+                localStorage.setItem('test', 'test');
+                window.scriptyRan = true;
+                window.scriptOutput = {
+                    item: localStorage.getItem('test')
+                }
+            `)
+
+            const scripty = document.querySelector('script#overloadedScript');
+            const nodeAndFakeNodeMatch = scripty === scriptElement;
+
+            return [
+                { name: 'script ran', result: window.scriptyRan, expected: true },
+                { name: 'node and fake node match', result: nodeAndFakeNodeMatch, expected: false },
+                { name: 'expected localStorage first response', result: window.scriptOutput, expected: {
+                    item: 'test'
+                }},
+                { name: 'did not globally store', result: localStorage.getItem('test'), expected: null }
+            ];
+        });
+
+        renderResults();
+    </script>
+</body>
+</html>

integration-test/test-pages/shared/replay.js

@@ -0,0 +1,6 @@
+function replayScript (scriptText) {
+    const scriptElement = document.createElement('script')
+    scriptElement.innerText = scriptText
+    document.head.appendChild(scriptElement)
+}
+window.replayScript = replayScript

src/features/runtime-checks.js

@@ -1,8 +1,8 @@
 /* global TrustedScriptURL, TrustedScript */
 
-import { glob } from 'typedoc/dist/lib/utils/fs.js'
 import ContentFeature from '../content-feature.js'
-import { DDGProxy, getStackTraceOrigins, getStack, matchHostname, injectGlobalStyles, createStyleElement, postDebugMessage, taintSymbol, hasTaintedMethod, defineProperty, getTabHostname } from '../utils.js'
+import { DDGProxy, getStackTraceOrigins, getStack, matchHostname, injectGlobalStyles, createStyleElement, postDebugMessage, taintSymbol, hasTaintedMethod, taintedOrigins } from '../utils.js'
+import { defineProperty } from '../wrapper-utils.js'
 import { wrapScriptCodeOverload } from './runtime-checks/script-overload.js'
 import { Reflect } from '../captured-globals.js'
 
@@ -185,8 +185,8 @@ class DDGRuntimeChecks extends HTMLElement {
             }
             try {
                 const origin = this.src && new URL(this.src, window.location.href).hostname
-                if (origin && navigator?.duckduckgo?.taintedOrigins) {
-                    navigator.duckduckgo.taintedOrigins.add(origin)
+                if (origin && taintedOrigins()) {
+                    taintedOrigins()?.add(origin)
                 }
             } catch {}
         }
@@ -694,7 +694,7 @@ export default class RuntimeChecks extends ContentFeature {
         this.overrideStorage(config, key, storage)
     }
 
-    overloadStorageWithSession (key, config) {
+    overloadStorageWithSession (config, key) {
         const storage = globalThis.sessionStorage
         this.overrideStorage(config, key, storage)
     }
@@ -724,7 +724,7 @@ export default class RuntimeChecks extends ContentFeature {
      * @param {string} key
      * @param {number} [offset]
      */
-    overloadScreenSizes (config, breakpoints, screenSize, key, offset) {
+    overloadScreenSizes (config, breakpoints, screenSize, key, offset = 0) {
         const closest = findClosestBreakpoint(breakpoints, screenSize)
         if (!closest) {
             return

src/utils.js

@@ -351,18 +351,47 @@ export function getContextId (scope) {
     }
 }
 
-const taintedOrigins = createSet()
+/**
+ * Returns a set of origins that are tainted
+ * @returns {Set<string> | null}
+ */
+export function taintedOrigins () {
+    return getGlobalObject('taintedOrigins')
+}
+
+/**
+ * Returns a set of taints
+ * @returns {Set<string> | null}
+ */
+export function taints () {
+    return getGlobalObject('taints')
+}
+
+/**
+ * @param {string} name
+ * @returns {any | null}
+ */
+function getGlobalObject (name) {
+    if ('duckduckgo' in navigator &&
+        typeof navigator.duckduckgo === 'object' &&
+        navigator.duckduckgo &&
+        name in navigator.duckduckgo &&
+        navigator.duckduckgo[name]) {
+        return navigator.duckduckgo[name]
+    }
+    return null
+}
+
 export function hasTaintedMethod (scope, shouldStackCheck = false) {
     if (document?.currentScript?.[taintSymbol]) return true
     if ('__ddg_taint__' in window) return true
     if (getContextId(scope)) return true
-    if (!shouldStackCheck || !navigator?.duckduckgo?.taintedOrigins) {
+    if (!shouldStackCheck || !taintedOrigins()) {
         return false
     }
     const stackOrigins = getStackTraceOrigins(getStack())
     for (const stackOrigin of stackOrigins) {
-        if (navigator.duckduckgo.taintedOrigins.has(stackOrigin)) {
-            console.log('found tainted origin', stackOrigin)
+        if (taintedOrigins()?.has(stackOrigin)) {
             return true
         }
     }