mirror of
https://gitlab.futo.org/videostreaming/grayjay.git
synced 2025-05-30 13:30:22 +02:00
SLD crash fix
This commit is contained in:
Kelvin
parent
de5a4aa5f3
commit
716d8caf4d
@ -360,11 +360,11 @@ fun String.matchesDomain(queryDomain: String): Boolean {
|
|||||||
|
|
||||||
val parts = queryDomain.lowercase().split(".");
|
val parts = queryDomain.lowercase().split(".");
|
||||||
if(parts.size < 3)
|
if(parts.size < 3)
|
||||||
throw IllegalStateException("Illegal use of wildcards on First-Level-Domain");
|
throw IllegalStateException("Illegal use of wildcards on First-Level-Domain (" + queryDomain + ")");
|
||||||
if(parts.size >= 3){
|
if(parts.size >= 3){
|
||||||
val isSLD = slds.contains("." + parts[parts.size - 2] + "." + parts[parts.size - 1]);
|
val isSLD = slds.contains("." + parts[parts.size - 2] + "." + parts[parts.size - 1]);
|
||||||
if(isSLD && parts.size <= 3)
|
if(isSLD && parts.size <= 3)
|
||||||
throw IllegalStateException("Illegal use of wildcards on Second-Level-Domain");
|
throw IllegalStateException("Illegal use of wildcards on Second-Level-Domain (" + queryDomain + ")");
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: Should be safe, but double verify if can't be exploited
|
//TODO: Should be safe, but double verify if can't be exploited
|
||||||
@ -372,4 +372,13 @@ fun String.matchesDomain(queryDomain: String): Boolean {
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
return this == queryDomain;
|
return this == queryDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
fun String.getSubdomainWildcardQuery(): String {
|
||||||
|
val domainParts = this.split(".");
|
||||||
|
val sldParts = "." + domainParts[domainParts.size - 2].lowercase() + "." + domainParts[domainParts.size - 1].lowercase();
|
||||||
|
if(slds.contains(sldParts))
|
||||||
|
return "." + domainParts.drop(domainParts.size - 3).joinToString(".");
|
||||||
|
else
|
||||||
|
return "." + domainParts.drop(domainParts.size - 2).joinToString(".");
|
||||||
}
|
}
|
||||||
@ -14,6 +14,7 @@ import com.futo.platformplayer.api.media.platforms.js.SourcePluginAuthConfig
|
|||||||
import com.futo.platformplayer.api.media.platforms.js.SourcePluginConfig
|
import com.futo.platformplayer.api.media.platforms.js.SourcePluginConfig
|
||||||
import com.futo.platformplayer.constructs.Event1
|
import com.futo.platformplayer.constructs.Event1
|
||||||
import com.futo.platformplayer.constructs.Event2
|
import com.futo.platformplayer.constructs.Event2
|
||||||
|
import com.futo.platformplayer.getSubdomainWildcardQuery
|
||||||
import com.futo.platformplayer.logging.Logger
|
import com.futo.platformplayer.logging.Logger
|
||||||
import com.futo.platformplayer.matchesDomain
|
import com.futo.platformplayer.matchesDomain
|
||||||
import kotlinx.serialization.encodeToString
|
import kotlinx.serialization.encodeToString
|
||||||
@ -109,8 +110,9 @@ class LoginWebViewClient : WebViewClient {
|
|||||||
//TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway
|
//TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway
|
||||||
val cookieString = CookieManager.getInstance().getCookie(request.url.toString());
|
val cookieString = CookieManager.getInstance().getCookie(request.url.toString());
|
||||||
if(cookieString != null) {
|
if(cookieString != null) {
|
||||||
val domainParts = domain!!.split(".");
|
//val domainParts = domain!!.split(".");
|
||||||
val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString(".");
|
//val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString(".");
|
||||||
|
val cookieDomain = domain!!.getSubdomainWildcardQuery();
|
||||||
if(_pluginConfig == null || _pluginConfig.allowUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) })
|
if(_pluginConfig == null || _pluginConfig.allowUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) })
|
||||||
_authConfig.cookiesToFind?.let { cookiesToFind ->
|
_authConfig.cookiesToFind?.let { cookiesToFind ->
|
||||||
val cookies = cookieString.split(";");
|
val cookies = cookieString.split(";");
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package com.futo.platformplayer.others
|
|||||||
import android.net.Uri
|
import android.net.Uri
|
||||||
import android.webkit.CookieManager
|
import android.webkit.CookieManager
|
||||||
import android.webkit.WebResourceRequest
|
import android.webkit.WebResourceRequest
|
||||||
|
import com.futo.platformplayer.getSubdomainWildcardQuery
|
||||||
import com.futo.platformplayer.logging.Logger
|
import com.futo.platformplayer.logging.Logger
|
||||||
import com.futo.platformplayer.matchesDomain
|
import com.futo.platformplayer.matchesDomain
|
||||||
|
|
||||||
@ -64,8 +65,8 @@ class WebViewRequirementExtractor {
|
|||||||
//TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway
|
//TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway
|
||||||
val cookieString = CookieManager.getInstance().getCookie(request.url.toString());
|
val cookieString = CookieManager.getInstance().getCookie(request.url.toString());
|
||||||
if(cookieString != null) {
|
if(cookieString != null) {
|
||||||
val domainParts = domain!!.split(".");
|
//val domainParts = domain!!.split(".");
|
||||||
val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString(".");
|
val cookieDomain = domain!!.getSubdomainWildcardQuery()//"." + domainParts.drop(domainParts.size - 2).joinToString(".");
|
||||||
if(allowedUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) })
|
if(allowedUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) })
|
||||||
cookiesToFind?.let { cookiesToFind ->
|
cookiesToFind?.let { cookiesToFind ->
|
||||||
val cookies = cookieString.split(";");
|
val cookies = cookieString.split(";");
|
||||||
|
|||||||
@ -68,9 +68,19 @@ class ExtensionsFormattingTests {
|
|||||||
@Test
|
@Test
|
||||||
fun testMatchesDomain() {
|
fun testMatchesDomain() {
|
||||||
assertTrue("google.com".matchesDomain("google.com"))
|
assertTrue("google.com".matchesDomain("google.com"))
|
||||||
|
assertTrue("google.com".matchesDomain(".google.com"))
|
||||||
assertFalse("yahoo.com".matchesDomain("google.com"))
|
assertFalse("yahoo.com".matchesDomain("google.com"))
|
||||||
assertTrue("mail.google.com".matchesDomain(".google.com"))
|
assertTrue("mail.google.com".matchesDomain(".google.com"))
|
||||||
}
|
}
|
||||||
|
@Test
|
||||||
|
fun testPrimaryDomain() {
|
||||||
|
assertEquals(".google.com", "google.com".getSubdomainWildcardQuery());
|
||||||
|
assertEquals(".google.com", "test.google.com".getSubdomainWildcardQuery());
|
||||||
|
assertEquals(".google.com", "test1.test2.google.com".getSubdomainWildcardQuery());
|
||||||
|
assertEquals(".google.co.uk", "google.co.uk".getSubdomainWildcardQuery());
|
||||||
|
assertEquals(".google.co.uk", "test.google.co.uk".getSubdomainWildcardQuery());
|
||||||
|
assertEquals(".google.co.uk", "test1.test2.google.co.uk".getSubdomainWildcardQuery());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun testTimeDiff() {
|
fun testTimeDiff() {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user