From e4a3586a14996bbece3b26c9e3b7704ea6af8615 Mon Sep 17 00:00:00 2001
From: Ruben Rodriguez <ruben@gnu.org>
Date: Sat, 28 Nov 2015 15:24:36 -0600
Subject: LibreJS upgraded to 6.0.10

---
 .../librejs/lib/js_checker/nontrivial_checker.js   | 376 ---------------------
 1 file changed, 376 deletions(-)
 delete mode 100644 data/extensions/jid1-KtlZuoiikVfFew@jetpack/resources/librejs/lib/js_checker/nontrivial_checker.js

(limited to 'data/extensions/jid1-KtlZuoiikVfFew@jetpack/resources/librejs/lib/js_checker/nontrivial_checker.js')

diff --git a/data/extensions/jid1-KtlZuoiikVfFew@jetpack/resources/librejs/lib/js_checker/nontrivial_checker.js b/data/extensions/jid1-KtlZuoiikVfFew@jetpack/resources/librejs/lib/js_checker/nontrivial_checker.js
deleted file mode 100644
index 6a22992..0000000
--- a/data/extensions/jid1-KtlZuoiikVfFew@jetpack/resources/librejs/lib/js_checker/nontrivial_checker.js
+++ /dev/null
@@ -1,376 +0,0 @@
-/**
- * GNU LibreJS - A browser add-on to block nonfree nontrivial JavaScript.
- * *
- * Copyright (C) 2011, 2012, 2013, 2014 Loic J. Duros
- * Copyright (C) 2014, 2015 Nik Nyby
- *
- * This file is part of GNU LibreJS.
- *
- * GNU LibreJS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GNU LibreJS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with GNU LibreJS.  If not, see <http://www.gnu.org/licenses/>.
- */
-const types = require("js_checker/constant_types");
-
-// constants from Narcissus for function types.
-const DECLARED_FORM = 0, EXPRESSED_FORM = 1, STATEMENT_FORM = 2;
-
-const token = types.token;
-
-var checkTypes = types.checkTypes;
-
-var utils = {
-    /**
-     * nodeContains
-     * Checks that node contains both a type and a value.
-     * Shortcut to check for null/undefined.
-     *
-     * @param {object} n. The current node being studied.
-     * @return {boolean} . True if matching.
-     */
-    nodeContains: function (n, type, value) {
-        if (n != undefined) {
-            return n.type === type &&
-                n.value === value;
-        }
-    },
-
-    /**
-     * isType
-     * Checks that node is of a certain type.
-     * Shortcut to check for null/undefined.
-     *
-     * @param {object} n. The current node being studied.
-     * @return {boolean}. True if it's the right type.
-     */
-    isType: function (n, type) {
-        return n != undefined && n.type === type;
-    },
-
-    isNotType: function (n, type) {
-        return n != undefined && n.type !== type;
-    },
-
-    /**
-     * hasChildren
-     *
-     * Checks the token on the left
-     * and on the right.
-     *
-     * @param {object} n. The current node being studied.
-     * @param {leftType} token constant. The type on the
-     * left.
-     * @param {rightType} token constant. The type of child
-     * on the right
-     *
-     */
-    hasChildren: function (n, leftType, rightType) {
-        if (types == undefined) {
-            return false;
-        }
-        return this.isType(n.children[0], leftType) &&
-            this.isType(n.children[1], rightType);
-    },
-
-    /**
-     * findScriptTag
-     *
-     * This method should probably be replaced with DOM testing
-     * as regex is rather insufficiant, and this wouldn't cover
-     * tricky constructs as shown in http://ha.ckers.org/xss.html.
-     */
-    findScriptTag: function (n) {
-        return n.value != undefined &&
-            /<script[^>]*?>/i.test(n.value);
-    }
-};
-
-var NonTrivialChecker = function() {
-    this.definesFunction = false;
-    this.hash = null;
-};
-
-/**
- * definesFunctionFound
- *
- * Returns true if it finds a node of type FUNCTION
- * that isn't a callback or an IIFE.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- */
-NonTrivialChecker.prototype.definesFunctionFound = function (n) {
-    var isFunction = false;
-    if (n.type === token.FUNCTION &&
-        n.body != undefined) {
-
-        if (n.functionForm !== token.DECLARED_FORM &&
-            ((n.parent.type === token.LIST &&
-              n.parent.parent.type === token.CALL) ||
-             n.parent.type === token.CALL) &&
-            n.name == undefined) {
-            // this is a callback or an immediately
-            // invoked function expression "IIFE".
-            isFunction = false;
-        } else {
-            // this is a regular function declaration or
-            // function expression assigned to a variable.
-            //console.log("THIS DEFINES FUNCTION");
-            isFunction = true;
-        }
-    }
-
-    // look for Function constructor.
-    if (n.type === token.IDENTIFIER &&
-        n.value === 'Function' &&
-        (n.parent.type === token.NEW_WITH_ARGS ||
-         n.parent.type === token.CALL)) {
-        // this is a Function constructor.
-        //console.log("THIS DEFINES FUNCTION");
-        isFunction = true;
-    }
-
-    return isFunction;
-};
-
-
-/**
- * invokesEval
- *
- * Returns true (nontrivial) if it finds any use of
- * the eval function. For simplicity, we assume any
- * use of an identifier "eval" is the eval function.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- */
-NonTrivialChecker.prototype.invokesEval = function (n) {
-    return (n.type === token.CALL &&
-            utils.nodeContains(n.children[0], token.IDENTIFIER, 'eval') ||
-            n.type === token.IDENTIFIER && n.value === 'eval');
-};
-
-/**
- * evalIdentifier
- *
- * Returns true (nontrivial) if it finds any use of
- * the eval function. For simplicity, we assume any
- * use of an identifier "eval" is the eval function.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- */
-NonTrivialChecker.prototype.evalIdentifier = function (n) {
-    return n.type === token.IDENTIFIER && n.value === 'eval';
-};
-
-
-/**
- * invokesMethodBracketSuffix
- *
- * Finds a method being invoked using the bracket suffix notation
- * rather than the dot notation. It is difficult without keeping track of
- * variable values to check for what method is actually being called.
- * So we're just flagging any use of this construct as nontrivial.
- * e.g., should catch: xhr[a+b]('GET', 'http://www.example.com');
- * Should not catch other uses such as: myArray[num];
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- */
-NonTrivialChecker.prototype.invokesMethodBracketSuffix = function (n) {
-    return n.type === token.CALL && utils.isType(n.children[0], token.INDEX);
-};
-
-/**
- * createsXhrObject
- *
- * Creates an xhr object.
- * Since all "new XMLHttpRequest", "XMLHttpRequest()",
- * and "new window.XMLHttpRequest" instantiate the xhr object,
- * we assume (without further proof) that any use
- * of the identifier "XMLHttpRequest" and "ActiveXObject"
- * is an xhr object.
- * Constructs like window[a+b]() are already caught by the
- * bracket suffix check.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- */
-NonTrivialChecker.prototype.createsXhrObject = function (n) {
-    return (n.type === token.IDENTIFIER) &&
-        (n.value === 'XMLHttpRequest' ||
-         n.value === 'ActiveXObject');
-};
-
-/**
- * invokesXhrOpen
- *
- * Here we assume the call of an open method must be an xhr request
- * (and not some other object) by checking the number of arguments.
- * In most cases this method won't be used since createsXhrObject
- * will already have caught the xhr.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- *
- */
-NonTrivialChecker.prototype.invokesXhrOpen = function (n) {
-    return n.type === token.CALL &&
-        utils.hasChildren(n, token.DOT, token.LIST) &&
-        utils.isType(n.children[0].children[0], token.IDENTIFIER) &&
-        utils.nodeContains(n.children[0].children[1], token.IDENTIFIER, 'open') &&
-        n.children[1].children.length > 1;
-};
-
-/**
- * createsScriptElement
- *
- * Checks for document.createElement() that create a script. In the case
- * it creates an element from a variable, we assume it's a script. In the
- * future we might want to check for the value of that string variable
- * (e.g., if a variable is assigned 'script', raise a flag)
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- *
- *
- */
-NonTrivialChecker.prototype.createsScriptElement = function (n) {
-    return n.type === token.CALL &&
-        utils.hasChildren(n, token.DOT, token.LIST) &&
-        utils.isType(n.children[0].children[0], token.IDENTIFIER) &&
-        utils.nodeContains(n.children[0].children[1], token.IDENTIFIER, 'createElement') &&
-        (utils.nodeContains(n.children[1].children[0], token.STRING, 'script') ||
-         utils.isType(n.children[1].children[0], token.IDENTIFIER));
-};
-
-/**
- * writesScriptAsHtmlString
- *
- * catches myObj.write('<script></script>');
- * or any myObj.write(myStringVariable);
- * or concatenation such as:
- * myObj.write('<scri' + stringVariable);
- * or 'something' + 'somethingelse'.
- *
- * To check for javascript here we might want to look at the list
- * from ha.ckers.org/xss.html for the future.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- *
- */
-NonTrivialChecker.prototype.writesScriptAsHtmlString = function (n) {
-    var listArg;
-
-    if (n.type === token.CALL &&
-        utils.hasChildren(n, token.DOT, token.LIST) &&
-        utils.isType(n.children[0].children[0], token.IDENTIFIER) &&
-        utils.nodeContains(n.children[0].children[1], token.IDENTIFIER, 'write')
-       ) {
-        if (utils.isNotType(n.children[1].children[0], token.STRING)) {
-            // return true if any operation or concatenation.
-            // We are cautious (as it could
-            // embed a script) and flag this as nontrivial.
-
-            return true;
-        }
-        return utils.findScriptTag(n.children[1].children[0]);
-    } else {
-        return false;
-    }
-};
-
-/**
- * nontrivial anytime we see an identifier as innerHTML
- */
-NonTrivialChecker.prototype.innerHTMLIdentifier = function (n) {
-    if ((n.type === token.IDENTIFIER ||
-         n.type === token.STRING) &&
-        n.value === 'innerHTML'
-       ) {
-        return true;
-    }
-};
-
-/**
- * checkNontrivial
- *
- * Contains all the conditionals that try to identify,
- * step by step, all code that could be flagged as
- * nontrivial.
- *
- * @param {object} n. The current node being studied.
- * @return {boolean} . True if found.
- *
- */
-NonTrivialChecker.prototype.checkNontrivial = function (n, t) {
-
-    if (n.type === token.IDENTIFIER && this.evalIdentifier(n)) {
-        //console.log("NONTRIVIAL: eval has been found in code");
-        return types.nontrivialWithComment("NONTRIVIAL: eval has been found in code");
-    }
-
-    if (this.innerHTMLIdentifier(n)) {
-        //console.log("NONTRIVIAL: innerHTML identifier");
-        return types.nontrivialWithComment("NONTRIVIAL: innerHTML identifier");
-    }
-
-    // the node is an identifier
-    if (n.type === token.IDENTIFIER && this.createsXhrObject(n)) {
-        //console.log('NONTRIVIAL: Creates an xhr object');
-        return types.nontrivialWithComment('NONTRIVIAL: Creates an xhr object');
-    }
-
-    // this is a method/function call
-    if (n.type === token.CALL) {
-
-        if (this.invokesEval(n)) {
-            //console.log("NONTRIVIAL: eval has been found in code");
-            return types.nontrivialWithComment("NONTRIVIAL: eval has been found in code");
-        }
-
-        if (this.invokesMethodBracketSuffix(n)) {
-            //console.log('NONTRIVIAL: square bracket suffix method call detected');
-            return types.nontrivialWithComment("NONTRIVIAL: eval has been found in code");
-        }
-
-        if (this.invokesXhrOpen(n)) {
-            //console.log('NONTRIVIAL: an open method similar to xhr.open is used');
-            return types.nontrivialWithComment('NONTRIVIAL: square bracket suffix method call detected');
-        }
-
-        if (this.createsScriptElement(n)) {
-            //console.log('NONTRIVIAL: creates script element dynamically.');
-            return types.nontrivialWithComment('NONTRIVIAL: an open method similar to xhr.open is used');
-        }
-
-        if (this.writesScriptAsHtmlString(n)) {
-            //console.log('NONTRIVIAL: writes script as html dynamically.');
-            return types.nontrivialWithComment('NONTRIVIAL: creates script element dynamically.');
-        }
-    }
-
-    // The node is a function definition.
-    // Most common occurence.
-    if (this.definesFunctionFound(n)) {
-        return types.trivialFuncWithComment("Script is trivial but defines one or more functions");
-    }
-
-    // found nothing else, so trivial.
-    return types.trivialWithComment("Script is trivial");
-};
-
-exports.nonTrivialChecker = function () {
-    return new NonTrivialChecker();
-};
-- 
cgit v1.2.3