Merge branch 'master' into fix/AG-24824

AdguardTeam · Sep 5, 2023 · 417eb0d · 417eb0d
2 parents 23c4bbb + ca37cf3
commit 417eb0d
Show file tree

Hide file tree

Showing 17 changed files with 494 additions and 136 deletions.
diff --git a/packages/agtree/.eslintrc.cjs b/packages/agtree/.eslintrc.cjs
@@ -56,6 +56,7 @@ module.exports = {
         ],
         'no-restricted-syntax': ['error', 'LabeledStatement', 'WithStatement'],
         'no-continue': 'off',
+        'no-new': 'off',
         'jsdoc/require-param-type': 'off',
         'jsdoc/require-returns-type': 'off',
         'jsdoc/tag-lines': [

diff --git a/packages/agtree/CHANGELOG.md b/packages/agtree/CHANGELOG.md
@@ -9,7 +9,7 @@ The format is based on [Keep a Changelog][keepachangelog], and this project adhe
 
 ### Changed
 
-- Validation of `$csp` modifier value
+- Validation of `$csp` and `$permissions` modifiers value
   by custom pre-defined validator instead of regular expression
 
 ## 1.1.4 - 2023-08-30

diff --git a/packages/agtree/src/compatibility-tables/modifiers/README.md b/packages/agtree/src/compatibility-tables/modifiers/README.md
@@ -56,9 +56,12 @@ The value format describes the format of the modifier value. It can be one of th
             - `pipe_separated_domains` validates value for `$domain` modifier
             - `pipe_separated_denyallow_domains` validates value for `$denyallow` modifier —
               negation and wildcard are not allowed compared to `$domain` modifier
+            <!-- TODO: implement later -->
+            <!-- - `pipe_separated_extensions` validates value for `$extension` modifier -->
             - `pipe_separated_methods` validates value for `$method` modifier
             - `pipe_separated_stealth_options` validates value for `$stealth` modifier
             - `csp_value` validates value for `$csp` modifier
+            - `permissions_value` validates value for `$permissions` modifier
         - `url` validates that the value is a valid URL.
         - `regexp` validates that the value is a valid regular expression.
             > :warning: **This is not the same as when you assign a regular expression to value_format!**

diff --git a/packages/agtree/src/compatibility-tables/modifiers/extension.yml b/packages/agtree/src/compatibility-tables/modifiers/extension.yml
@@ -15,3 +15,5 @@ adg_os_any:
     - badfilter
   inverse_conflicts: true
   exception_only: true
+  # TODO: 'value_optional' and 'value_format: pipe_separated_extensions' should be added
+  # because CoreLibs are going to support userscript name since v1.13
diff --git a/packages/agtree/src/compatibility-tables/modifiers/permissions.yml b/packages/agtree/src/compatibility-tables/modifiers/permissions.yml
@@ -13,46 +13,5 @@ adg_os_any:
   inverse_conflicts: true
   assignable: true
   negatable: false
-  value_format: |-
-    (?x)
-      ^
-        (
-          ?:(
-            accelerometer|
-            ambient-light-sensor|
-            autoplay|
-            battery|
-            camera|
-            display-capture|
-            document-domain|
-            encrypted-media|
-            execution-while-not-rendered|
-            execution-while-out-of-viewport|
-            fullscreen|
-            gamepad|
-            geolocation|
-            gyroscope|
-            hid|
-            identity-credentials-get|
-            idle-detection|
-            local-fonts|
-            magnetometer|
-            microphone|
-            midi|
-            payment|
-            picture-in-picture|
-            publickey-credentials-create|
-            publickey-credentials-get|
-            screen-wake-lock|
-            serial|
-            speaker-selection|
-            storage-access|
-            usb|
-            web-share|
-            xr-spatial-tracking
-          )
-          =\(\)
-          # optional escaped comma for multiple permissions
-          (\\,(\s+)?)?
-        )+
-      $
+  value_optional: true
+  value_format: permissions_value
diff --git a/packages/agtree/src/utils/constants.ts b/packages/agtree/src/utils/constants.ts
@@ -3,6 +3,10 @@
  */
 
 // General
+
+/**
+ * Empty string.
+ */
 export const EMPTY = '';
 export const SPACE = ' ';
 export const TAB = '\t';

diff --git a/packages/agtree/src/validator/constants.ts b/packages/agtree/src/validator/constants.ts
@@ -1,7 +1,9 @@
 import { AdblockSyntax } from '../utils/adblockers';
 import {
     CAPITAL_LETTERS,
+    CLOSE_PARENTHESIS,
     NUMBERS,
+    OPEN_PARENTHESIS,
     SMALL_LETTERS,
     UNDERSCORE,
 } from '../utils/constants';
@@ -97,6 +99,60 @@ export const ALLOWED_CSP_DIRECTIVES = new Set([
     'worker-src',
 ]);
 
+/**
+ * Allowed stealth options for $permissions modifier.
+ *
+ * @see {@link https://adguard.app/kb/general/ad-filtering/create-own-filters/#permissions-modifier}
+ */
+export const ALLOWED_PERMISSION_DIRECTIVES = new Set([
+    'accelerometer',
+    'ambient-light-sensor',
+    'autoplay',
+    'battery',
+    'camera',
+    'display-capture',
+    'document-domain',
+    'encrypted-media',
+    'execution-while-not-rendered',
+    'execution-while-out-of-viewport',
+    'fullscreen',
+    'gamepad',
+    'geolocation',
+    'gyroscope',
+    'hid',
+    'identity-credentials-get',
+    'idle-detection',
+    'local-fonts',
+    'magnetometer',
+    'microphone',
+    'midi',
+    'payment',
+    'picture-in-picture',
+    'publickey-credentials-create',
+    'publickey-credentials-get',
+    'screen-wake-lock',
+    'serial',
+    'speaker-selection',
+    'storage-access',
+    'usb',
+    'web-share',
+    'xr-spatial-tracking',
+]);
+
+/**
+ * One of available tokens for $permission modifier value.
+ *
+ * @see {@link https://w3c.github.io/webappsec-permissions-policy/#structured-header-serialization}
+ */
+export const PERMISSIONS_TOKEN_SELF = 'self';
+
+/**
+ * One of allowlist values for $permissions modifier.
+ *
+ * @see {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy#allowlists}
+ */
+export const EMPTY_PERMISSIONS_ALLOWLIST = `${OPEN_PARENTHESIS}${CLOSE_PARENTHESIS}`;
+
 /**
  * Prefixes for error messages used in modifier validation.
  */
@@ -106,9 +162,15 @@ export const VALIDATION_ERROR_PREFIX = {
     INVALID_CSP_DIRECTIVES: 'Invalid CSP directives for the modifier',
     INVALID_LIST_VALUES: 'Invalid values for the modifier',
     INVALID_NOOP: 'Invalid noop modifier',
+    INVALID_PERMISSION_DIRECTIVE: 'Invalid Permissions-Policy directive for the modifier',
+    INVALID_PERMISSION_ORIGINS: 'Origins in the value is invalid for the modifier and the directive',
+    INVALID_PERMISSION_ORIGIN_QUOTES: 'Double quotes should be used for origins in the value of the modifier',
     MIXED_NEGATIONS: 'Simultaneous usage of negated and not negated values is forbidden for the modifier',
     NO_CSP_VALUE: 'No CSP value for the modifier and the directive',
     NO_CSP_DIRECTIVE_QUOTE: 'CSP directives should no be quoted for the modifier',
+    NO_UNESCAPED_PERMISSION_COMMA: 'Unescaped comma in the value is not allowed for the modifier',
+    // TODO: implement later for $scp and $permissions
+    // NO_VALUE_ONLY_FOR_EXCEPTION: 'Modifier without value can be used only in exception rules',
     NOT_EXISTENT: 'Non-existent modifier',
     NOT_NEGATABLE_MODIFIER: 'Non-negatable modifier',
     NOT_NEGATABLE_VALUE: 'Values cannot be negated for the modifier',

diff --git a/packages/agtree/src/validator/index.ts b/packages/agtree/src/validator/index.ts
@@ -90,6 +90,10 @@ const validateForSpecificSyntax = (
     // e.g. 'domain'
     if (specificBlockerData[SpecificKey.Assignable]) {
         if (!modifier.value) {
+            // TODO: ditch value_optional after custom validators are implemented for value_format for all modifiers.
+            // This checking should be done in each separate custom validator,
+            // because $csp and $permissions without value can be used only in extension rules,
+            // but $cookie with no value can be used in both blocking and exception rules.
             /**
              * Some assignable modifiers can be used without a value,
              * e.g. '@@||example.com^$cookie'.