ver:2.0.15 (momosecurity#35)

## [2.0.15]-2023-06-26 感谢独自等待、 Wild Code Developer、 MiaoTony、 KexinCC 对无法登录问题的反馈。感谢 Xc1Ym 对白名单问题的反馈。 ### 修复 - 修复部分网站无法登录的问题。导致这个问题的原因是打开页面后插件会再次请求页面，这会导致一次性的token失效。现在通过直接使用页面源码提取信息代替了再次请求。 - 修复了白名单的bug，现在白名单能以域名(IP)或域名(IP)+端口维度进行限制，如a.com可以认为对sub.a.com、a.com:8001都生效。 - 修复了StaticUrl的重复问题。
xElkomy · Jun 27, 2023 · 9e5d26c · 9e5d26c
1 parent d516816
commit 9e5d26c
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 58 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # 变更日志
 此项目的所有显著更改将记录在此文件中。
+## [2.0.15]-2023-06-26
+感谢 独自等待、 Wild Code Developer、 MiaoTony、 KexinCC 对无法登录问题的反馈。
+感谢 Xc1Ym 对白名单问题的反馈。
+### 修复
+- 修复部分网站无法登录的问题。导致这个问题的原因是打开页面后插件会再次请求页面，这会导致一次性的token失效。现在通过直接使用页面源码提取信息代替了再次请求。
+- 修复了白名单的bug，现在白名单能以域名(IP)或域名(IP)+端口维度进行限制，如a.com可以认为对sub.a.com、a.com:8001都生效。
+- 修复了StaticUrl的重复问题。
+
 ## [2.0.14]-2023-03-15
 感谢 hyasin 对复制字符体验的反馈
 ### 变更

diff --git a/background.js b/background.js
@@ -715,17 +715,23 @@ function get_js(){
 function add_js(js_name) {
 	js.push(js_name);
 }
-function unique(arr){
-  if(arr == 'null'){
+function unique(arr1){
+  if(arr1 == 'null'){
     return null;
   }
-  var array=[];
-  for (var i = 0;i<arr.length;i++){
-    if (array.indexOf(arr[i])===-1){
-      array.push(arr[i])
+  let arr2=[];
+  arr1.forEach(function (item,index,array) {
+    console.log(item, arr2.indexOf(item), arr2)
+    if(arr2.indexOf(item)==-1){
+      arr2.push(item)
     }
-  }
-  return array
+  })
+  // for (var i = 0;i<arr.length;i++){
+  //   if (array.indexOf(arr[i])===-1){
+  //     array.push(arr[i])
+  //   }
+  // }
+  return arr2
 }
 //查找search_data中是否已经存在了，如果已存在则不返回
 function find(arr1,arr2) {
@@ -770,8 +776,10 @@ function collect_static(arr1,arr2) {
   arr1.forEach(function (item,index,array) {
     for (var i = 0; i < static_file.length; i++) {
       if(item.indexOf(static_file[i])!=-1){
-        arr2.push(item)
         arr3.splice(arr3.indexOf(item),1)
+        if(arr2.indexOf(item)==-1){
+            arr2.push(item)
+        }
       }
     }
   })
@@ -905,6 +913,54 @@ function refresh_count() {
   chrome.action.setBadgeText({ text: "" + cnt });
 }
 
+function persist_tmp_data(tmp_data, req_url, current) {
+    //遍历所有数据类型
+    for (var i = 0; i < key.length; i++) {
+        //如果传入的数据没有这个类型，就看下一个
+        if (tmp_data[key[i]] == null){
+          continue;
+        }
+        // 把前端的处理放到这里避免重复
+        if (not_sub_key.indexOf(key[i])<0){
+          tmp_data[key[i]] = sub_1(tmp_data[key[i]])
+        }
+        tmp_data[key[i]].map((item)=>{
+            search_data[tmp_data['current']]['source'][item] = req_url
+        })
+        //如果search_data有历史数据，进行检查--20230625 这里没看懂，先注释看看
+        // console.log(tmp_data[key[i]])
+        // if (tmp_data['current'] in search_data){
+        //   for (var j = 0; j < key.length; j++) {
+        //     if (search_data[tmp_data['current']][key[j]]!=null){
+        //       tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
+        //     }
+        //     // console.log(tmp_data[key[i]], search_data[tmp_data['current']][key[j]])
+        //   }
+        // }
+        // console.log(tmp_data[key[i]])
+        if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
+          var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
+          if ('static' in search_data[tmp_data['current']]){
+            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
+          }else{
+            var res = collect_static(search_data_value,[])
+          }
+          search_data[tmp_data['current']][key[i]] = res['arr1']
+          search_data[tmp_data['current']]['static'] = res['static']
+        }else{
+          var search_data_value = unique(tmp_data[key[i]]).sort()
+          if ('static' in search_data[tmp_data['current']]){
+            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
+          }else{
+            var res = collect_static(search_data_value,[])
+          }
+          search_data[tmp_data['current']]['static'] = unique(res['static'])
+          search_data[tmp_data['current']][key[i]] = unique(res['arr1'])
+        }
+    }
+
+}
+
 chrome.runtime.onMessage.addListener(
   function(request, sender, sendResponse) {
     var abort_controller = new AbortController();
@@ -926,64 +982,35 @@ chrome.runtime.onMessage.addListener(
         }else{
             search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': [], 'source': {}};
         }
+        let tmp_data = extract_info(request.source);
+        tmp_data['current'] = request.current;
+        tmp_data['static'] = null;
+        console.log(tmp_data)
+        persist_tmp_data(tmp_data, request.current, request.current);
+        chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
+        tab_url[sender.tab.id] = request.current;
+        refresh_count();
         let promiseTask = [];
         request.data.map((req_url)=>{
             try{
+                if(req_url==request.current){
+                    return
+                }
                 var myRequest = new Request(req_url, myInit);
                 let p = fetch(myRequest,myInit).then(function(response) {
                     search_data[request.current]['tasklist'].push(0);
                     // console.log(response);
                     response.text().then(function(text) {
                     // console.log(text);
-                    var tmp_data=text;
+                    let tmp_data=text;
                     tmp_data = extract_info(tmp_data);
                     tmp_data['current'] = request.current;
-
-                    //遍历所有数据类型
-                    for (var i = 0; i < key.length; i++) {
-                        //如果传入的数据没有这个类型，就看下一个
-                        if (tmp_data[key[i]] == null){
-                          continue;
-                        }
-                        // 把前端的处理放到这里避免重复
-                        if (not_sub_key.indexOf(key[i])<0){
-                          tmp_data[key[i]] = sub_1(tmp_data[key[i]])
-                        }
-                        tmp_data[key[i]].map((item)=>{
-                            search_data[tmp_data['current']]['source'][item] = req_url
-                        })
-                        //如果search_data有历史数据，进行检查
-                        if (tmp_data['current'] in search_data){
-                          for (var j = 0; j < key.length; j++) {
-                            if (search_data[tmp_data['current']][key[j]]!=null){
-                              tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
-                            }
-                          }
-                        }
-                        if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
-                          var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
-                          if ('static' in search_data[tmp_data['current']]){
-                            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
-                          }else{
-                            var res = collect_static(search_data_value,[])
-                          }
-                          search_data[tmp_data['current']][key[i]] = res['arr1']
-                          search_data[tmp_data['current']]['static'] = res['static']
-                        }else{
-                          var search_data_value = unique(tmp_data[key[i]]).sort()
-                          if ('static' in search_data[tmp_data['current']]){
-                            var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
-                          }else{
-                            var res = collect_static(search_data_value,[])
-                          }
-                          search_data[tmp_data['current']]['static'] = res['static']
-                          search_data[tmp_data['current']][key[i]] = res['arr1']
-                        }
-                    }
+                    persist_tmp_data(tmp_data, req_url, request.current);
                     search_data[request.current]['donetasklist'].push(0);
+                    chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
                     tab_url[sender.tab.id] = request.current;
                     refresh_count();
-                    chrome.storage.local.set({["findsomething_result_"+request.current]: search_data[request.current]}, function(){});
+
                     });
                 }).catch(err=>{
                     console.log("fetch error",err);

diff --git a/content.js b/content.js
@@ -3,8 +3,10 @@
 (function(){
     var protocol = window.location.protocol;
     var host = window.location.host;
+    var domain_host = host.split(':')[0];
     var href = window.location.href;
-    var source = document.getElementsByTagName('html')[0].innerHTML;
+    // var source = document.getElementsByTagName('html')[0].innerHTML;
+    var source = document.documentElement.outerHTML;
     var hostPath;
     var urlPath;
     var urlWhiteList = ['.google.com','.amazon.com','portswigger.net'];
@@ -18,12 +20,12 @@
             urlWhiteList = settings['allowlist'];
         }
         for(var i = 0;i < urlWhiteList.length;i++){
-            if(host.endsWith(urlWhiteList[i])){
+            if(host.endsWith(urlWhiteList[i]) || domain_host.endsWith(urlWhiteList[i])){
                 console.log('域名在白名单中，跳过当前页')
                 return ;
             }
         }
-        target_list.push(window.location.href);
+        // target_list.push(window.location.href);
 
         // console.log(source_href,source_src,script_src)
         if(source_href){
@@ -43,7 +45,14 @@
             }
         }
 
-        chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href});
+        const tmp_target_list=[];
+        for (var i = 0;i<target_list.length;i++){
+            if (tmp_target_list.indexOf(target_list[i])===-1){
+              tmp_target_list.push(target_list[i])
+            }
+        }
+        tmp_target_list.pop(href)
+        chrome.runtime.sendMessage({greeting: "find",data: target_list, current: href, source: source});
     });
     function is_script(u){
         if(script_src){

diff --git a/manifest.json b/manifest.json
@@ -1,6 +1,6 @@
 {
   "name": "FindSomething",
-  "version": "2.0.14",
+  "version": "2.0.15",
   "manifest_version": 3,
   "description": "在网页的源代码或js中找到一些有趣的东西",  
   "permissions": [