| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright (c) 2014 Google Inc. All rights reserved. | 2 # Copyright (c) 2014 Google Inc. All rights reserved. |
| 3 # | 3 # |
| 4 # Redistribution and use in source and binary forms, with or without | 4 # Redistribution and use in source and binary forms, with or without |
| 5 # modification, are permitted provided that the following conditions are | 5 # modification, are permitted provided that the following conditions are |
| 6 # met: | 6 # met: |
| 7 # | 7 # |
| 8 # * Redistributions of source code must retain the above copyright | 8 # * Redistributions of source code must retain the above copyright |
| 9 # notice, this list of conditions and the following disclaimer. | 9 # notice, this list of conditions and the following disclaimer. |
| 10 # * Redistributions in binary form must reproduce the above | 10 # * Redistributions in binary form must reproduce the above |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 import re | 30 import re |
| 31 import sys | 31 import sys |
| 32 import os | 32 import os |
| 33 | 33 |
| 34 | 34 |
| 35 def validate_injected_script(fileName): | 35 def validate_injected_script(fileName): |
| 36 f = open(fileName, "r") | 36 f = open(fileName, "r") |
| 37 lines = f.readlines() | 37 lines = f.readlines() |
| 38 f.close() | 38 f.close() |
| 39 | 39 |
| 40 array_proto_functions = "|".join(["concat", "every", "filter", "forEach", "i
ndexOf", "join", "lastIndexOf", "map", "pop", "push", "reduce", "reduceRight", "
reverse", "shift", "slice", "some", "sort", "splice", "toLocaleString", "toStrin
g", "unshift"]) | 40 proto_functions = "|".join([ |
| 41 # Array.prototype.* |
| 42 "concat", "every", "filter", "forEach", "indexOf", "join", "lastIndexOf"
, "map", "pop", |
| 43 "push", "reduce", "reduceRight", "reverse", "shift", "slice", "some", "s
ort", "splice", "toLocaleString", "toString", "unshift", |
| 44 # Function.prototype.* |
| 45 "apply", "bind", "call", "isGenerator", "toSource", |
| 46 ]) |
| 41 | 47 |
| 42 # Black list: | 48 # Black list: |
| 43 # - Function.prototype.bind() | |
| 44 # - Object.prototype.toString() | 49 # - Object.prototype.toString() |
| 45 # - Array.prototype.* | 50 # - Array.prototype.* |
| 51 # - Function.prototype.* |
| 46 # - Math.* | 52 # - Math.* |
| 47 black_list_call_regex = re.compile(r"\bMath\.\w+\(|\.(bind|toString|" + arra
y_proto_functions + r")\(") | 53 black_list_call_regex = re.compile(r"\bMath\.\w+\(|\.(toString|" + proto_fun
ctions + r")\(") |
| 48 | 54 |
| 49 errors_found = False | 55 errors_found = False |
| 50 for i, line in enumerate(lines): | 56 for i, line in enumerate(lines): |
| 51 for match in re.finditer(black_list_call_regex, line): | 57 for match in re.finditer(black_list_call_regex, line): |
| 52 errors_found = True | 58 errors_found = True |
| 53 print "ERROR: Black list function call in %s at line %02d column %02
d: %s" % (os.path.basename(fileName), i + 1, match.start(), match.group(0)) | 59 print "ERROR: Black list function call in %s at line %02d column %02
d: %s" % (os.path.basename(fileName), i + 1, match.start(), match.group(0)) |
| 54 | 60 |
| 55 if not errors_found: | 61 if not errors_found: |
| 56 print "OK" | 62 print "OK" |
| 57 | 63 |
| 58 | 64 |
| 59 def main(argv): | 65 def main(argv): |
| 60 if len(argv) < 2: | 66 if len(argv) < 2: |
| 61 print('ERROR: Usage: %s path/to/InjectedScriptSource.js' % argv[0]) | 67 print('ERROR: Usage: %s path/to/InjectedScriptSource.js' % argv[0]) |
| 62 return 1 | 68 return 1 |
| 63 | 69 |
| 64 validate_injected_script(argv[1]) | 70 validate_injected_script(argv[1]) |
| 65 | 71 |
| 66 if __name__ == '__main__': | 72 if __name__ == '__main__': |
| 67 sys.exit(main(sys.argv)) | 73 sys.exit(main(sys.argv)) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 445333005:
DevTools: Fix tainted Function.prototype methods may disable console. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk