Microsoft has acquired GitHub. Decentraleyes has left GitHub. Welcome to its new home!

To participate, please register, or sign in with an existing GitLab.com, Bitbucket, or GitHub account.

Past contributions on GitHub? Be sure to reclaim your Comments, Issues, and Pull Requests.

Verified Commit e3d9163f authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement a temporary list of tainted domains

parent deed173d
......@@ -31,7 +31,7 @@ const HTTP_EXPRESSION = /^http?:\/\//;
interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
let validCandidate, targetDetails, targetPath;
let validCandidate, tabDomain, targetDetails, targetPath;
validCandidate = requestAnalyzer.isValidCandidate(requestDetails, tab);
......@@ -42,6 +42,31 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
};
}
try {
tabDomain = tab.url.match(WEB_DOMAIN_EXPRESSION)[1];
tabDomain = requestAnalyzer._normalizeDomain(tabDomain);
} catch (exception) {
tabDomain = 'example.org';
}
// Temporary list of undetectable tainted domains.
let undetectableTaintedDomains = {
'cdnjs.com': true,
'dropbox.com': true,
'minigames.mail.ru': true,
'report-uri.io': true,
'securityheaders.io': true,
'stefansundin.github.io': true,
'udacity.com': true
};
if (undetectableTaintedDomains[tabDomain] || /yandex\./.test(tabDomain)) {
if (tabDomain !== 'yandex.ru') {
return interceptor._handleMissingCandidate(requestDetails.url);
}
}
targetDetails = requestAnalyzer.getLocalTarget(requestDetails);
targetPath = targetDetails.path;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment