-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathcontent.js
More file actions
121 lines (110 loc) · 3.51 KB
/
content.js
File metadata and controls
121 lines (110 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
console.log("Content script loaded");
let collectedData = null;
let watchlist = [];
let denylist = [];
Promise.all([
fetch(chrome.runtime.getURL("list/watchlist.txt")),
fetch(chrome.runtime.getURL("list/denylist.txt")),
])
.then(([watchlistResponse, denylistResponse]) =>
Promise.all([watchlistResponse.text(), denylistResponse.text()])
)
.then(([watchlistText, denylistText]) => {
watchlist = watchlistText.split("\n").filter((item) => item.trim() !== "");
denylist = denylistText.split("\n").filter((item) => item.trim() !== "");
});
function checkForRiskyVars(data) {
function isRisky(key) {
return watchlist.some((pattern) => {
if (pattern.startsWith("^") && pattern.endsWith("$")) {
return new RegExp(pattern).test(key);
}
return key.toUpperCase().includes(pattern.toUpperCase());
});
}
// Check global variables
for (const key in data.global) {
if (isRisky(key)) {
return true;
}
}
// Check external script variables
for (const scriptVars of Object.values(data.scripts)) {
for (const key in scriptVars) {
if (isRisky(key)) {
return true;
}
}
}
return false;
}
function injectScript() {
return new Promise((resolve) => {
console.log("Injecting script");
const script = document.createElement("script");
script.src = chrome.runtime.getURL("injected.js");
script.onload = () => {
console.log("Script injected");
script.remove();
};
(document.head || document.documentElement).appendChild(script);
window.addEventListener(
"message",
function (event) {
if (event.data.type && event.data.type === "FROM_PAGE_SCRIPT") {
console.log("Received message from injected script");
const data = JSON.parse(event.data.text);
// Filter out denylisted domains from scripts
if (
chrome.storage.sync.get(["excludeCommonJS"], function (result) {
if (result.excludeCommonJS) {
data.scripts = Object.fromEntries(
Object.entries(data.scripts).filter(
([url]) => !denylist.some((domain) => url.includes(domain))
)
);
}
resolve(JSON.stringify(data));
})
);
}
},
{ once: true }
);
});
}
injectScript().then((variables) => {
collectedData = JSON.parse(variables);
const globalVarCount = Object.keys(collectedData.global).length;
const hasRiskyVars = checkForRiskyVars(collectedData);
console.log(
"Initial injection complete, global var count:",
globalVarCount,
"hasRiskyVars:",
hasRiskyVars
);
chrome.runtime.sendMessage({
action: "updateBadge",
count: globalVarCount,
hasRiskyVars,
});
});
chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
console.log("Message received in content script:", request);
if (request.action === "collect") {
console.log("Collect action received");
if (collectedData) {
console.log("Sending cached data");
const hasRiskyVars = checkForRiskyVars(collectedData);
sendResponse({ success: true, data: collectedData, hasRiskyVars });
} else {
injectScript().then((variables) => {
console.log("Variables collected:", variables);
collectedData = JSON.parse(variables);
const hasRiskyVars = checkForRiskyVars(collectedData);
sendResponse({ success: true, data: collectedData, hasRiskyVars });
});
}
return true;
}
});