[or-cvs] [https-everywhere/master 4/7] First attempt at actually securing some cookies.
pde at torproject.org
pde at torproject.org
Thu Nov 11 00:28:02 UTC 2010
Author: Peter Eckersley <pde at eff.org>
Date: Tue, 9 Nov 2010 12:50:36 -0800
Subject: First attempt at actually securing some cookies.
Commit: 93f729310367c34807eb453e49b068b19672b860
---
src/chrome/content/code/HTTPS.js | 3 +-
src/chrome/content/code/HTTPSRules.js | 35 +++++++++++++++++++++++++++++++-
src/components/https-everywhere.js | 2 +-
3 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/src/chrome/content/code/HTTPS.js b/src/chrome/content/code/HTTPS.js
index 318cf4c..53665b1 100644
--- a/src/chrome/content/code/HTTPS.js
+++ b/src/chrome/content/code/HTTPS.js
@@ -152,13 +152,14 @@ const HTTPS = {
try {
var cookies = req.getResponseHeader("Set-Cookie");
} catch(mayHappen) {
+ this.log(DBUG,"Exception huntting Set-Cookie in headers: " + mayHappen);
return;
}
if (!cookies) return;
var c;
for each (var cs in cookies.split("\n")) {
c = new Cookie(cs, host);
- if (c.matches_target() && !c.secure) {
+ if (!c.secure && HTTPSRules.should_secure_cookie(c)) {
c.secure = true;
req.setResponseHeader("Set-Cookie", c.source + ";Secure", true);
this.log(WARN,msg + c);
diff --git a/src/chrome/content/code/HTTPSRules.js b/src/chrome/content/code/HTTPSRules.js
index e49c1f0..b6ac193 100644
--- a/src/chrome/content/code/HTTPSRules.js
+++ b/src/chrome/content/code/HTTPSRules.js
@@ -9,6 +9,13 @@ function Exclusion(pattern) {
this.pattern_c = new RegExp(pattern);
}
+function CookieRule(host, cookiename) {
+ this.host = host
+ this.host_c = new RegExp(host);
+ this.cookiename = cookiename;
+ this.cookiename_c = new RegExp(cookiename);
+}
+
function RuleSet(name, match_rule, default_off) {
var on_by_default = true;
this.name = name;
@@ -26,6 +33,7 @@ function RuleSet(name, match_rule, default_off) {
}
this.rules = [];
this.exclusions = [];
+ this.cookierules = [];
var prefs = HTTPSEverywhere.instance.get_prefs();
try {
// if this pref exists, use it
@@ -220,6 +228,13 @@ const RuleWriter = {
ret.rules.push(rule);
}
+ for (var i = 0; i < xmlrules.securecookie.length(); i++) {
+ var c_rule = new CookieRule(xmlrules.securecookie[i]. at host,
+ xmlrules.securecookie[i]. at name);
+ ret.cookierules.push(c_rule);
+ this.log(DBUG,"Cookie rule "+ c_rule.host+ " " +c_rule.cookiename);
+ }
+
return ret;
},
@@ -283,11 +298,27 @@ const HTTPSRules = {
var i = 0;
var newuri = null
for(i = 0; i < this.rules.length; ++i) {
- if((newuri = this.rules[i].rewrittenURI(uri)))
+ if ((newuri = this.rules[i].rewrittenURI(uri)))
return newuri;
}
return null;
+ },
+
+ should_secure_cookie: function(cookie) {
+ var i = 0;
+ for (i = 0; i < this.cookierules.length; ++i) {
+ this.log(DBUG, "Testing cookie:");
+ this.log(DBUG, " name: " + c.name);
+ this.log(DBUG, " host: " + c.host);
+ this.log(DBUG, " domain: " + c.domain);
+ this.log(DBUG, " rawhost: " + c.rawHost);
+ var cr = this.cookierules[i];
+ if (cr.host_c.test(c.host) && cr.name_c.test(c.name)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
}
-
};
diff --git a/src/components/https-everywhere.js b/src/components/https-everywhere.js
index 8504cf8..aa5bc6e 100644
--- a/src/components/https-everywhere.js
+++ b/src/components/https-everywhere.js
@@ -222,7 +222,7 @@ HTTPSEverywhere.prototype = {
return;
}
HTTPS.forceChannel(channel);
- } else if (topic == "http-one-examine-merged-response") {
+ } else if (topic == "http-on-examine-merged-response") {
HTTPS.handleSecureCookies(channel);
} else if (topic == "app-startup") {
this.log(DBUG,"Got app-startup");
--
1.7.1
More information about the tor-commits
mailing list