security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2025-07-03 03:56:26 +02:00
Code Releases Activity

Linting of .tools and test

Browse source
This commit is contained in:
kkapsner 2019-11-30 02:05:37 +01:00
parent aef6bd3d59
commit 17349dcb05
19 changed files with 333 additions and 173 deletions
Download patch file Download diff file Expand all files Collapse all files

67
test/dataUrlTest.php
View file

@ -112,6 +112,7 @@
}
function getIsPointInPath(ctx){
"use strict";
ctx.beginPath();
ctx.moveTo(20, 19);
ctx.lineTo(40, 19);
@ -120,8 +121,10 @@
ctx.stroke();
return ctx.isPointInPath(30, 19);
};
}
function hashToString(hash){
"use strict";
var chunks = [];
(new Uint32Array(hash)).forEach(function(num){
chunks.push(num.toString(16));
@ -130,35 +133,41 @@
return "0".repeat(8 - chunk.length) + chunk;
}).join("");
}
function send(form, {url, imageData, isPointInPath}){
var buffer = new TextEncoder("utf-8").encode(url);
Promise.all([
crypto.subtle.digest("SHA-256", buffer),
crypto.subtle.digest("SHA-256", imageData.data)
]).then(function(hashes){
var data = JSON.stringify({
urlHash: hashToString(hashes[0]),
imageDataHash: hashToString(hashes[1]),
isPointInPath
}, null, "\t");
form.fingerprint.value = data;
var xhr = new XMLHttpRequest();
xhr.open("POST", form.action + "?main", true);
xhr.onreadystatechange = function(){
if (this.readyState === 4){
const status = this.status;
if (status === 200 || status === 304) {
console.log("Sending xhr successful from main page:", data);
var send = function(){
"use strict";
return function send(form, {url, imageData, isPointInPath}){
var buffer = new TextEncoder("utf-8").encode(url);
Promise.all([
crypto.subtle.digest("SHA-256", buffer),
crypto.subtle.digest("SHA-256", imageData.data)
]).then(function(hashes){
var data = JSON.stringify({
urlHash: hashToString(hashes[0]),
imageDataHash: hashToString(hashes[1]),
isPointInPath
}, null, "\t");
form.fingerprint.value = data;
var xhr = new XMLHttpRequest();
xhr.open("POST", form.action + "?main", true);
xhr.onreadystatechange = function(){
if (this.readyState === 4){
const status = this.status;
if (status === 200 || status === 304) {
console.log("Sending xhr successful from main page:", data);
}
else {
console.log("Sending xhr failed:", this);
}
}
else {
console.log("Sending xhr failed:", this);
}
}
};
xhr.send(new FormData(form));
});
}
};
xhr.send(new FormData(form));
return;
}).catch(function(error){
console.error(error);
});
};
}();
send(document.getElementById("form"), topTest());
</script>

1
test/detectionTest.js
View file

@ -18,7 +18,6 @@ var addTest = (function(){
status = func(log)? 1: 2;
}
catch (error){
// eslint-disable-next-line no-console
console.log(error);
status = 3;
}

1
test/firstPossibleCall.js
View file

@ -1,2 +1 @@
// eslint-disable-next-line no-console
console.log("first possible call");

72
test/iframeTest.html
View file

@ -13,35 +13,91 @@
const iframe = window[0];
log("TEST:", "iframe in html:", compare(test(iframe), reference));
iframe.addEventListener("load", function(){
"use strict";
log("TEST:", "iframe after loading:", compare(test(iframe), reference));
});
document.write("<iframe></iframe><script>log(\"TEST:\", \"iframe and script in document.write:\", compare(test(window[1]), reference));<\/script>");
document.write(
"<iframe></iframe>" +
"<script>log(\"TEST:\", \"iframe and script in document.write:\", compare(test(window[1]), reference));<\/script>"
);
log("TEST:", "iframe in document.write:", compare(test(window[1]), reference));
document.write("<iframe></iframe>");
document.write("<script>log(\"TEST:\", \"iframe and script in separate document.write:\", compare(test(window[2]), reference));<\/script>");
"<iframe></iframe><script>log(\"TEST:\", \"iframe and script in fragmented document.write:\", compare(test(window[3]), reference));<\/script>".split(/(?=<)/).forEach(function(part){
document.write(
"<script>" +
"log(\"TEST:\", \"iframe and script in separate document.write:\", compare(test(window[2]), reference));" +
"<\/script>");
(
"<iframe></iframe>" +
"<script>" +
"log(\"TEST:\", \"iframe and script in fragmented document.write:\", compare(test(window[3]), reference));" +
"<\/script>"
).split(/(?=<)/).forEach(function(part){
"use strict";
document.write(part);
});
document.writeln("<iframe></iframe><script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>");
document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"script with src, iframe and script in document.write:\", compare(test(window[5]), reference));<\/script>");
document.writeln(
"<iframe></iframe>" +
"<script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>"
);
document.write(
"<script src=\"iframeTest.js\"><\/script>" +
"<iframe></iframe>" +
"<script>" +
"log(" +
"\"TEST:\", " +
"\"script with src, iframe and script in document.write:\", " +
"compare(test(window[5]), reference)" +
");" +
"<\/script>"
);
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
"use strict";
document.write(part);
});
document.write("<script>log(\"TEST:\", \"ifr|ame split:\", compare(test(window[6]), reference));<\/script>");
window.addEventListener("load", function(){
"use strict";
// document.open();
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
document.write(part);
});
document.write("<script>log(\"TEST:\", \"reopened document: ifr|ame split:\", compare(test(window[0]), reference));<\/script>");
document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"reopened document: script with src, iframe and script in document.write:\", compare(test(window[1]), reference, true));<\/script>");
document.write(
"<script>" +
"log(\"TEST:\", \"reopened document: ifr|ame split:\", compare(test(window[0]), reference));" +
"<\/script>");
document.write(
"<script src=\"iframeTest.js\"><\/script>" +
"<iframe></iframe>" +
"<script>" +
"log(" +
"\"TEST:\", " +
"\"reopened document: script with src, iframe and script in document.write:\", " +
"compare(test(window[1]), reference, true)" +
");" +
"<\/script>"
);
// document.close();
});
window.setTimeout(function(){
"use strict";
document.body.innerHTML = "<iframe></iframe>";
console.log("TEST:", "innerHTML after 1000ms:", compare(test(window[0]), reference));
document.body.innerHTML = "<h1>Iframe protection</h1>Open console (Ctrl + Shift + K) to see results. Depending on your Browser version you might have to check the \"Persist Logs\" flag and reload the page.<br><h2>Expected result</h2><ul><li>the displayed hashes should not be your native hash (run test with CB disabled to get it)</li><li>all the displayed hashes should be the same (exception if there is a change to a wyciwyg page)</li><li>all lines with \"TEST:\" should have a \"match\" at the end</li></ul>";
document.body.innerHTML = "<h1>Iframe protection</h1>" +
"Open console (Ctrl + Shift + K) to see results. " +
"Depending on your Browser version you might have to check the \"Persist Logs\" flag and reload the page.<br>" +
"<h2>Expected result</h2>" +
"<ul>" +
"<li>the displayed hashes should not be your native hash (run test with CB disabled to get it)</li>" +
"<li>all the displayed hashes should be the same (exception if there is a change to a wyciwyg page)</li>" +
"<li>all lines with \"TEST:\" should have a \"match\" at the end</li>" +
"</ul>";
var title = document.createElement("title");
title.textContent = "iFrame test";
document.getElementsByTagName("head")[0].appendChild(title);

2
test/iframeTest.js
View file

@ -9,7 +9,6 @@ var log = function(){
str.unshift("color: red");
str.unshift("%cX");
}
// eslint-disable-next-line no-console
console.log(...str);
};
}();
@ -67,7 +66,6 @@ function compare(string1, string2, alwaysOutputHashes){
hash(string1),
hash(string2)
]).then(function(hashes){
// eslint-disable-next-line no-console
console.log(message, ...hashes);
return;
});

4
test/navigatorTest.js
View file

@ -22,7 +22,9 @@ var createLog = function(){
var log = createLog();
log("user agent equal between server and client: " + (window.serverUserAgent === navigator.userAgent));
log("user agent equal between server and client: " + (
document.getElementById("serverUserAgent").text === navigator.userAgent
));
Object.keys(navigator.__proto__).sort().forEach(function(property){
"use strict";

4
test/navigatorTest.php
View file

@ -23,8 +23,6 @@ Tests the navigator properties. In the default settings of CanvasBlocker the nav
</div>
</div>
</div>
<script>
var serverUserAgent = <?php echo json_encode($_SERVER["HTTP_USER_AGENT"]);?>;
</script>
<script id="serverUserAgent" type="text/data"><?php echo htmlentities($_SERVER["HTTP_USER_AGENT"], ENT_QUOTES, "UTF-8");?></script>
<script src="navigatorTest.js"></script>
</body></html>

79
test/sendFingerprintTest.html
View file

@ -52,8 +52,10 @@
ctx.stroke();
return ctx.isPointInPath(30, 19);
};
}
function hashToString(hash){
"use strict";
var chunks = [];
(new Uint32Array(hash)).forEach(function(num){
chunks.push(num.toString(16));
@ -63,42 +65,49 @@
}).join("");
}
function send(form, {url, imageData, isPointInPath}){
var buffer = new TextEncoder("utf-8").encode(url);
Promise.all([
crypto.subtle.digest("SHA-256", buffer),
crypto.subtle.digest("SHA-256", imageData.data)
]).then(function(hashes){
var data = JSON.stringify({
urlHash: hashToString(hashes[0]),
imageDataHash: hashToString(hashes[1]),
isPointInPath
}, null, "\t");
form.fingerprint.value = data;
var xhr = new XMLHttpRequest();
xhr.open("POST", form.action, true);
xhr.onreadystatechange = function(){
if (this.readyState === 4){
const status = this.status;
if (status === 200 || status === 304) {
console.log("Sending xhr successful from", origin, ":", data);
var send = function(){
"use strict";
return function send(form, {url, imageData, isPointInPath}){
var buffer = new TextEncoder("utf-8").encode(url);
return Promise.all([
crypto.subtle.digest("SHA-256", buffer),
crypto.subtle.digest("SHA-256", imageData.data)
]).then(function(hashes){
var data = JSON.stringify({
urlHash: hashToString(hashes[0]),
imageDataHash: hashToString(hashes[1]),
isPointInPath
}, null, "\t");
form.fingerprint.value = data;
var xhr = new XMLHttpRequest();
xhr.open("POST", form.action, true);
xhr.onreadystatechange = function(){
if (this.readyState === 4){
const status = this.status;
if (status === 200 || status === 304) {
console.log("Sending xhr successful from", origin, ":", data);
}
else {
console.log("Sending xhr failed:", this);
}
}
else {
console.log("Sending xhr failed:", this);
}
}
};
xhr.send(new FormData(form));
window.setTimeout(function(){
form.submit();
};
xhr.send(new FormData(form));
window.setTimeout(function(){
document.getElementById("log").textContent = "You see the real canvas fingerprint, but it cannot leak from this iFrame.";
},
250
);
}, 1000);
});
}
form.submit();
window.setTimeout(
function(){
document.getElementById("log").textContent =
"You see the real canvas fingerprint, but it cannot leak from this iFrame.";
},
250
);
}, 1000);
return;
});
};
}();
send(document.getElementById("form"), topTest());
</script>

22
test/settingsLoading.php
View file

@ -28,6 +28,8 @@
return canvas.toDataURL();
}
function hash(url){
"use strict";
var buffer = new TextEncoder("utf-8").encode(url);
return crypto.subtle.digest("SHA-256", buffer).then(function(hash){
var chunks = [];
@ -39,12 +41,12 @@
}).join("");
});
}
var firstFingerprint = false;
try {
var firstFingerprint = fingerPrint();
firstFingerprint = fingerPrint();
}
catch (error){
console.log(new Date(), error);
var firstFingerprint = false;
}
</script>
<style>
@ -67,19 +69,29 @@
var output = document.getElementById("output");
output.textContent = "context API not blocked";
window.setTimeout(function(){
"use strict";
console.log(new Date(), "starting second fingerprint", window.name);
output.appendChild(document.createElement("br"));
var secondFingerprint = fingerPrint();
if (firstFingerprint === secondFingerprint){
hash(firstFingerprint).then(function(hash){
return hash(firstFingerprint).then(function(hash){
output.appendChild(document.createTextNode("fingerprint consistent (" + hash + ") -> good!"));
output.style.backgroundColor = "green";
return;
});
}
else {
Promise.all([hash(firstFingerprint), hash(secondFingerprint)]).then(function(hashes){
output.appendChild(document.createTextNode("fingerprint not consistent (" + hashes[0] + " != " + hashes[1] + ") -> very bad! (potential fingerprint leak)"));
return Promise.all([hash(firstFingerprint), hash(secondFingerprint)]).then(function(hashes){
output.appendChild(
document.createTextNode(
"fingerprint not consistent (" +
hashes[0] + " != " + hashes[1] +
") -> very bad! (potential fingerprint leak)"
)
);
output.style.backgroundColor = "red";
return;
});
}
}, 500);

7
test/test.js
View file

@ -32,25 +32,18 @@
if (location.search !== "?notInitial"){
try {show(document.getElementById("top"), topTest());}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe"), iframeTest(document.querySelector("#iframe iframe")));}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe2"), iframeTest(document.querySelector("#iframe2 iframe")));}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe3"), iframeTest(document.querySelector("#iframe3 iframe")));}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe4"), dynamicIframeTest1());}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe5"), dynamicIframeTest2());}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
try {show(document.getElementById("iframe6"), dynamicIframeTest3());}
// eslint-disable-next-line no-console
catch (error){console.error(error);}
}
document.querySelector("#top button").addEventListener("click", function(){