1 #!/usr/bin/env python 2 # Copyright (c) 2014 Google Inc. All rights reserved. 3 # 4 # Redistribution and use in source and binary forms, with or without 5 # modification, are permitted provided that the following conditions are 6 # met: 7 # 8 # * Redistributions of source code must retain the above copyright 9 # notice, this list of conditions and the following disclaimer. 10 # * Redistributions in binary form must reproduce the above 11 # copyright notice, this list of conditions and the following disclaimer 12 # in the documentation and/or other materials provided with the 13 # distribution. 14 # * Neither the name of Google Inc. nor the names of its 15 # contributors may be used to endorse or promote products derived from 16 # this software without specific prior written permission. 17 # 18 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 # 30 # Copied from blink: 31 # WebKit/Source/devtools/scripts/check_injected_script_source.py 32 # 33 34 import re 35 import sys 36 import os 37 38 39 def validate_injected_script(fileName): 40 f = open(fileName, "r") 41 lines = f.readlines() 42 f.close() 43 44 proto_functions = "|".join([ 45 # Array.prototype.* 46 "concat", "every", "filter", "forEach", "indexOf", "join", "lastIndexOf", "map", "pop", 47 "push", "reduce", "reduceRight", "reverse", "shift", "slice", "some", "sort", "splice", "toLocaleString", "toString", "unshift", 48 # Function.prototype.* 49 "apply", "bind", "call", "isGenerator", "toSource", 50 # Object.prototype.* 51 "toString", 52 ]) 53 54 global_functions = "|".join([ 55 "eval", "uneval", "isFinite", "isNaN", "parseFloat", "parseInt", "decodeURI", "decodeURIComponent", 56 "encodeURI", "encodeURIComponent", "escape", "unescape", "Map", "Set" 57 ]) 58 59 # Black list: 60 # - instanceof, since e.g. "obj instanceof Error" may throw if Error is overridden and is not a function 61 # - Object.prototype.toString() 62 # - Array.prototype.* 63 # - Function.prototype.* 64 # - Math.* 65 # - Global functions 66 black_list_call_regex = re.compile(r"\sinstanceof\s+\w*|\bMath\.\w+\(|(?<!InjectedScriptHost)\.(" + proto_functions + r")\(|[^\.]\b(" + global_functions + r")\(") 67 68 errors_found = False 69 for i, line in enumerate(lines): 70 if line.find("suppressBlacklist") != -1: 71 continue 72 for match in re.finditer(black_list_call_regex, line): 73 errors_found = True 74 print "ERROR: Black listed expression in %s at line %02d column %02d: %s" % (os.path.basename(fileName), i + 1, match.start(), match.group(0)) 75 76 if not errors_found: 77 print "OK" 78 79 80 def main(argv): 81 if len(argv) < 2: 82 print('ERROR: Usage: %s path/to/injected-script-source.js' % argv[0]) 83 return 1 84 85 validate_injected_script(argv[1]) 86 87 if __name__ == '__main__': 88 sys.exit(main(sys.argv)) 89
