Context Navigation

source: code/trunk/morty.go@ 92

Last change on this file since 92 was 92, checked in by alex, 6 years ago

Dockerfile : Various modifications

the key is base64 encoded /!\ break compatibility, see searx project PR #1629
make sure to use golang:1.12-alpine to build morty to support TLS 1.3 (from morty to external)

File size: 27.7 KB

Rev	Line
[1]	1	package main
	2
	3	import (
	4	"bytes"
	5	"crypto/hmac"
	6	"crypto/sha256"
[67]	7	"encoding/base64"
[1]	8	"encoding/hex"
	9	"errors"
	10	"flag"
	11	"fmt"
	12	"io"
	13	"log"
[68]	14	"mime"
[1]	15	"net/url"
[78]	16	"os"
[68]	17	"path/filepath"
[1]	18	"regexp"
	19	"strings"
[4]	20	"time"
[60]	21	"unicode/utf8"
[1]	22
	23	"github.com/valyala/fasthttp"
	24	"golang.org/x/net/html"
[45]	25	"golang.org/x/net/html/charset"
	26	"golang.org/x/text/encoding"
[68]	27
	28	"github.com/asciimoo/morty/contenttype"
[1]	29	)
	30
	31	const (
	32	STATE_DEFAULT int = 0
	33	STATE_IN_STYLE int = 1
	34	STATE_IN_NOSCRIPT int = 2
	35	)
	36
[77]	37	const VERSION = "v0.2.0"
[74]	38
[1]	39	var CLIENT *fasthttp.Client = &fasthttp.Client{
	40	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
	41	}
	42
[27]	43	var CSS_URL_REGEXP regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
[1]	44
[68]	45	var ALLOWED_CONTENTTYPE_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	46	// html
	47	contenttype.NewFilterEquals("text", "html", ""),
	48	contenttype.NewFilterEquals("application", "xhtml", "xml"),
	49	// css
	50	contenttype.NewFilterEquals("text", "css", ""),
	51	// images
	52	contenttype.NewFilterEquals("image", "gif", ""),
	53	contenttype.NewFilterEquals("image", "png", ""),
	54	contenttype.NewFilterEquals("image", "jpeg", ""),
	55	contenttype.NewFilterEquals("image", "pjpeg", ""),
	56	contenttype.NewFilterEquals("image", "webp", ""),
	57	contenttype.NewFilterEquals("image", "tiff", ""),
	58	contenttype.NewFilterEquals("image", "vnd.microsoft.icon", ""),
	59	contenttype.NewFilterEquals("image", "bmp", ""),
	60	contenttype.NewFilterEquals("image", "x-ms-bmp", ""),
[88]	61	contenttype.NewFilterEquals("image", "x-icon", ""),
[68]	62	// fonts
	63	contenttype.NewFilterEquals("application", "font-otf", ""),
	64	contenttype.NewFilterEquals("application", "font-ttf", ""),
	65	contenttype.NewFilterEquals("application", "font-woff", ""),
	66	contenttype.NewFilterEquals("application", "vnd.ms-fontobject", ""),
	67	})
	68
	69	var ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
	70	// texts
	71	contenttype.NewFilterEquals("text", "csv", ""),
	72	contenttype.NewFilterEquals("text", "tab-separated-value", ""),
	73	contenttype.NewFilterEquals("text", "plain", ""),
	74	// API
	75	contenttype.NewFilterEquals("application", "json", ""),
	76	// Documents
	77	contenttype.NewFilterEquals("application", "x-latex", ""),
	78	contenttype.NewFilterEquals("application", "pdf", ""),
	79	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.text", ""),
	80	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.spreadsheet", ""),
	81	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.presentation", ""),
	82	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.graphics", ""),
	83	// Compressed archives
	84	contenttype.NewFilterEquals("application", "zip", ""),
	85	contenttype.NewFilterEquals("application", "gzip", ""),
	86	contenttype.NewFilterEquals("application", "x-compressed", ""),
	87	contenttype.NewFilterEquals("application", "x-gtar", ""),
	88	contenttype.NewFilterEquals("application", "x-compress", ""),
	89	// Generic binary
	90	contenttype.NewFilterEquals("application", "octet-stream", ""),
	91	})
	92
	93	var ALLOWED_CONTENTTYPE_PARAMETERS map[string]bool = map[string]bool{
	94	"charset": true,
	95	}
	96
[1]	97	var UNSAFE_ELEMENTS [][]byte = [][]byte{
	98	[]byte("applet"),
	99	[]byte("canvas"),
	100	[]byte("embed"),
	101	//[]byte("iframe"),
[46]	102	[]byte("math"),
[1]	103	[]byte("script"),
[46]	104	[]byte("svg"),
[1]	105	}
	106
	107	var SAFE_ATTRIBUTES [][]byte = [][]byte{
	108	[]byte("abbr"),
	109	[]byte("accesskey"),
	110	[]byte("align"),
	111	[]byte("alt"),
[13]	112	[]byte("as"),
[1]	113	[]byte("autocomplete"),
	114	[]byte("charset"),
	115	[]byte("checked"),
	116	[]byte("class"),
	117	[]byte("content"),
	118	[]byte("contenteditable"),
	119	[]byte("contextmenu"),
	120	[]byte("dir"),
	121	[]byte("for"),
	122	[]byte("height"),
	123	[]byte("hidden"),
[46]	124	[]byte("hreflang"),
[1]	125	[]byte("id"),
	126	[]byte("lang"),
	127	[]byte("media"),
	128	[]byte("method"),
	129	[]byte("name"),
	130	[]byte("nowrap"),
	131	[]byte("placeholder"),
	132	[]byte("property"),
	133	[]byte("rel"),
	134	[]byte("spellcheck"),
	135	[]byte("tabindex"),
	136	[]byte("target"),
	137	[]byte("title"),
	138	[]byte("translate"),
	139	[]byte("type"),
	140	[]byte("value"),
	141	[]byte("width"),
	142	}
	143
	144	var SELF_CLOSING_ELEMENTS [][]byte = [][]byte{
	145	[]byte("area"),
	146	[]byte("base"),
	147	[]byte("br"),
	148	[]byte("col"),
	149	[]byte("embed"),
	150	[]byte("hr"),
	151	[]byte("img"),
	152	[]byte("input"),
	153	[]byte("keygen"),
	154	[]byte("link"),
	155	[]byte("meta"),
	156	[]byte("param"),
	157	[]byte("source"),
	158	[]byte("track"),
	159	[]byte("wbr"),
	160	}
	161
[46]	162	var LINK_REL_SAFE_VALUES [][]byte = [][]byte{
	163	[]byte("alternate"),
	164	[]byte("archives"),
	165	[]byte("author"),
	166	[]byte("copyright"),
	167	[]byte("first"),
	168	[]byte("help"),
	169	[]byte("icon"),
	170	[]byte("index"),
	171	[]byte("last"),
	172	[]byte("license"),
	173	[]byte("manifest"),
	174	[]byte("next"),
	175	[]byte("pingback"),
	176	[]byte("prev"),
	177	[]byte("publisher"),
	178	[]byte("search"),
	179	[]byte("shortcut icon"),
	180	[]byte("stylesheet"),
	181	[]byte("up"),
	182	}
	183
	184	var LINK_HTTP_EQUIV_SAFE_VALUES [][]byte = [][]byte{
	185	// X-UA-Compatible will be added automaticaly, so it can be skipped
	186	[]byte("date"),
	187	[]byte("last-modified"),
[50]	188	[]byte("refresh"), // URL rewrite
[46]	189	// []byte("location"), TODO URL rewrite
	190	[]byte("content-language"),
	191	}
	192
[1]	193	type Proxy struct {
[4]	194	Key []byte
	195	RequestTimeout time.Duration
[1]	196	}
	197
	198	type RequestConfig struct {
	199	Key []byte
[23]	200	BaseURL *url.URL
[1]	201	}
	202
[2]	203	var HTML_FORM_EXTENSION string = `<input type="hidden" name="mortyurl" value="%s" /><input type="hidden" name="mortyhash" value="%s" />`
[1]	204
	205	var HTML_BODY_EXTENSION string = `
[72]	206	<input type="checkbox" id="mortytoggle" autocomplete="off" />
[1]	207	<div id="mortyheader">
[72]	208	<p>This is a <a href="https://github.com/asciimoo/morty">proxified and sanitized</a> view of the page,<br />visit <a href="%s" rel="noreferrer">original site</a>.</p><p><label for="mortytoggle">hide</label></p>
[1]	209	</div>
	210	<style>
[67]	211	#mortyheader { position: fixed; margin: 0; box-sizing: border-box; -webkit-box-sizing: border-box; top: 15%%; left: 0; max-width: 140px; overflow: hidden; z-index: 2147483647 !important; font-size: 12px; line-height: normal; border-width: 4px 4px 4px 0; border-style: solid; border-color: #1abc9c; background: #FFF; padding: 12px 12px 8px 8px; color: #444; }
	212	#mortyheader * { box-sizing: content-box; margin: 0; border: none; padding: 0; overflow: hidden; z-index: 2147483647 !important; line-height: 1em; font-size: 12px !important; font-family: sans !important; font-weight: normal; text-align: left; text-decoration: none; }
	213	#mortyheader p { padding: 0 0 0.7em 0; display: block; }
	214	#mortyheader a { color: #3498db; font-weight: bold; display: inline; }
	215	#mortyheader label { text-align: right; cursor: pointer; display: block; color: #444; }
[1]	216	input[type=checkbox]#mortytoggle { display: none; }
[72]	217	input[type=checkbox]#mortytoggle:checked ~ div { display: none; visibility: hidden; }
[1]	218	</style>
	219	`
	220
[46]	221	var HTML_HEAD_CONTENT_TYPE string = `<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	222	<meta http-equiv="X-UA-Compatible" content="IE=edge">
[67]	223	<meta name="referrer" content="no-referrer">
[46]	224	`
[45]	225
[69]	226	var MORTY_HTML_PAGE_START string = `<!doctype html>
	227	<html>
	228	<head>
	229	<title>MortyProxy</title>
	230	<meta name="viewport" content="width=device-width, initial-scale=1 , maximum-scale=1.0, user-scalable=1" />
	231	<style>
	232	html { height: 100%; }
	233	body { min-height : 100%; display: flex; flex-direction:column; font-family: 'Garamond', 'Georgia', serif; text-align: center; color: #444; background: #FAFAFA; margin: 0; padding: 0; font-size: 1.1em; }
	234	input { border: 1px solid #888; padding: 0.3em; color: #444; background: #FFF; font-size: 1.1em; }
	235	input[placeholder] { width:80%; }
	236	a { text-decoration: none; #2980b9; }
	237	h1, h2 { font-weight: 200; margin-bottom: 2rem; }
	238	h1 { font-size: 3em; }
	239	.container { flex:1; min-height: 100%; margin-bottom: 1em; }
	240	.footer { margin: 1em; }
	241	.footer p { font-size: 0.8em; }
	242	</style>
	243	</head>
	244	<body>
	245	<div class="container">
	246	<h1>MortyProxy</h1>
	247	`
	248
	249	var MORTY_HTML_PAGE_END string = `
	250	</div>
	251	<div class="footer">
	252	<p>Morty rewrites web pages to exclude malicious HTML tags and CSS/HTML attributes. It also replaces external resource references to prevent third-party information leaks.<br />
	253	<a href="https://github.com/asciimoo/morty">view on github</a>
	254	</p>
	255	</div>
	256	</body>
	257	</html>`
	258
[67]	259	var FAVICON_BYTES []byte
	260
	261	func init() {
	262	FaviconBase64 := "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII"
	263
	264	FAVICON_BYTES, _ = base64.StdEncoding.DecodeString(FaviconBase64)
	265	}
	266
[1]	267	func (p Proxy) RequestHandler(ctx fasthttp.RequestCtx) {
[10]	268
	269	if appRequestHandler(ctx) {
	270	return
	271	}
	272
[1]	273	requestHash := popRequestParam(ctx, []byte("mortyhash"))
	274
	275	requestURI := popRequestParam(ctx, []byte("mortyurl"))
	276
	277	if requestURI == nil {
[35]	278	p.serveMainPage(ctx, 200, nil)
[1]	279	return
	280	}
	281
	282	if p.Key != nil {
	283	if !verifyRequestURI(requestURI, requestHash, p.Key) {
[35]	284	// HTTP status code 403 : Forbidden
	285	p.serveMainPage(ctx, 403, errors.New(`invalid "mortyhash" parameter`))
[1]	286	return
	287	}
	288	}
	289
	290	parsedURI, err := url.Parse(string(requestURI))
	291
[11]	292	if err != nil {
[35]	293	// HTTP status code 500 : Internal Server Error
	294	p.serveMainPage(ctx, 500, err)
[1]	295	return
	296	}
	297
[69]	298	// Serve an intermediate page for protocols other than HTTP(S)
	299	if (parsedURI.Scheme != "http" && parsedURI.Scheme != "https") \|\| strings.HasSuffix(parsedURI.Host, ".onion") {
	300	p.serveExitMortyPage(ctx, parsedURI)
	301	return
	302	}
	303
[1]	304	req := fasthttp.AcquireRequest()
	305	defer fasthttp.ReleaseRequest(req)
[12]	306	req.SetConnectionClose()
[1]	307
[47]	308	requestURIStr := string(requestURI)
[1]	309
[47]	310	log.Println("getting", requestURIStr)
[1]	311
[47]	312	req.SetRequestURI(requestURIStr)
[62]	313	req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"))
[1]	314
	315	resp := fasthttp.AcquireResponse()
	316	defer fasthttp.ReleaseResponse(resp)
	317
	318	req.Header.SetMethodBytes(ctx.Method())
	319	if ctx.IsPost() \|\| ctx.IsPut() {
	320	req.SetBody(ctx.PostBody())
	321	}
	322
[11]	323	err = CLIENT.DoTimeout(req, resp, p.RequestTimeout)
	324
	325	if err != nil {
[35]	326	if err == fasthttp.ErrTimeout {
	327	// HTTP status code 504 : Gateway Time-Out
	328	p.serveMainPage(ctx, 504, err)
	329	} else {
	330	// HTTP status code 500 : Internal Server Error
	331	p.serveMainPage(ctx, 500, err)
	332	}
[1]	333	return
	334	}
	335
	336	if resp.StatusCode() != 200 {
	337	switch resp.StatusCode() {
[7]	338	case 301, 302, 303, 307, 308:
[1]	339	loc := resp.Header.Peek("Location")
	340	if loc != nil {
[23]	341	rc := &RequestConfig{Key: p.Key, BaseURL: parsedURI}
[60]	342	url, err := rc.ProxifyURI(loc)
[1]	343	if err == nil {
	344	ctx.SetStatusCode(resp.StatusCode())
	345	ctx.Response.Header.Add("Location", url)
	346	log.Println("redirect to", string(loc))
	347	return
	348	}
	349	}
	350	}
[47]	351	error_message := fmt.Sprintf("invalid response: %d (%s)", resp.StatusCode(), requestURIStr)
[37]	352	p.serveMainPage(ctx, resp.StatusCode(), errors.New(error_message))
[1]	353	return
	354	}
	355
[68]	356	contentTypeBytes := resp.Header.Peek("Content-Type")
[1]	357
[68]	358	if contentTypeBytes == nil {
[35]	359	// HTTP status code 503 : Service Unavailable
	360	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[1]	361	return
	362	}
	363
[68]	364	contentTypeString := string(contentTypeBytes)
	365
	366	// decode Content-Type header
	367	contentType, error := contenttype.ParseContentType(contentTypeString)
	368	if error != nil {
	369	// HTTP status code 503 : Service Unavailable
	370	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
[63]	371	return
	372	}
	373
[68]	374	// content-disposition
	375	contentDispositionBytes := ctx.Request.Header.Peek("Content-Disposition")
[64]	376
[68]	377	// check content type
	378	if !ALLOWED_CONTENTTYPE_FILTER(contentType) {
	379	// it is not a usual content type
	380	if ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER(contentType) {
	381	// force attachment for allowed content type
	382	contentDispositionBytes = contentDispositionForceAttachment(contentDispositionBytes, parsedURI)
	383	} else {
	384	// deny access to forbidden content type
	385	// HTTP status code 403 : Forbidden
	386	p.serveMainPage(ctx, 403, errors.New("forbidden content type"))
	387	return
	388	}
	389	}
	390
	391	// HACK : replace */xhtml by text/html
	392	if contentType.SubType == "xhtml" {
	393	contentType.TopLevelType = "text"
	394	contentType.SubType = "html"
	395	contentType.Suffix = ""
	396	}
	397
	398	// conversion to UTF-8
[1]	399	var responseBody []byte
	400
[68]	401	if contentType.TopLevelType == "text" {
	402	e, ename, _ := charset.DetermineEncoding(resp.Body(), contentTypeString)
[45]	403	if (e != encoding.Nop) && (!strings.EqualFold("utf-8", ename)) {
	404	responseBody, err = e.NewDecoder().Bytes(resp.Body())
	405	if err != nil {
	406	// HTTP status code 503 : Service Unavailable
	407	p.serveMainPage(ctx, 503, err)
	408	return
	409	}
	410	} else {
	411	responseBody = resp.Body()
[1]	412	}
[68]	413	// update the charset or specify it
	414	contentType.Parameters["charset"] = "UTF-8"
[1]	415	} else {
	416	responseBody = resp.Body()
	417	}
	418
[68]	419	//
	420	contentType.FilterParameters(ALLOWED_CONTENTTYPE_PARAMETERS)
[1]	421
[68]	422	// set the content type
	423	ctx.SetContentType(contentType.String())
	424
	425	// output according to MIME type
[1]	426	switch {
[68]	427	case contentType.SubType == "css" && contentType.Suffix == "":
[23]	428	sanitizeCSS(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
[68]	429	case contentType.SubType == "html" && contentType.Suffix == "":
[23]	430	sanitizeHTML(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
[1]	431	default:
[68]	432	if contentDispositionBytes != nil {
	433	ctx.Response.Header.AddBytesV("Content-Disposition", contentDispositionBytes)
[39]	434	}
[1]	435	ctx.Write(responseBody)
	436	}
	437	}
	438
[68]	439	// force content-disposition to attachment
	440	func contentDispositionForceAttachment(contentDispositionBytes []byte, url *url.URL) []byte {
	441	var contentDispositionParams map[string]string
	442
	443	if contentDispositionBytes != nil {
	444	var err error
	445	_, contentDispositionParams, err = mime.ParseMediaType(string(contentDispositionBytes))
	446	if err != nil {
	447	contentDispositionParams = make(map[string]string)
	448	}
	449	} else {
	450	contentDispositionParams = make(map[string]string)
	451	}
	452
	453	_, fileNameDefined := contentDispositionParams["filename"]
	454	if !fileNameDefined {
	455	// TODO : sanitize filename
	456	contentDispositionParams["fileName"] = filepath.Base(url.Path)
	457	}
	458
	459	return []byte(mime.FormatMediaType("attachment", contentDispositionParams))
	460	}
	461
[10]	462	func appRequestHandler(ctx *fasthttp.RequestCtx) bool {
[11]	463	// serve robots.txt
[10]	464	if bytes.Equal(ctx.Path(), []byte("/robots.txt")) {
	465	ctx.SetContentType("text/plain")
	466	ctx.Write([]byte("User-Agent: *\nDisallow: /\n"))
	467	return true
	468	}
[11]	469
[67]	470	// server favicon.ico
	471	if bytes.Equal(ctx.Path(), []byte("/favicon.ico")) {
	472	ctx.SetContentType("image/png")
	473	ctx.Write(FAVICON_BYTES)
	474	return true
	475	}
	476
[10]	477	return false
	478	}
	479
[1]	480	func popRequestParam(ctx *fasthttp.RequestCtx, paramName []byte) []byte {
	481	param := ctx.QueryArgs().PeekBytes(paramName)
	482
	483	if param == nil {
	484	param = ctx.PostArgs().PeekBytes(paramName)
	485	if param != nil {
	486	ctx.PostArgs().DelBytes(paramName)
	487	}
	488	} else {
	489	ctx.QueryArgs().DelBytes(paramName)
	490	}
	491
	492	return param
	493	}
	494
[9]	495	func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) {
[1]	496	// TODO
	497
	498	urlSlices := CSS_URL_REGEXP.FindAllSubmatchIndex(css, -1)
	499
	500	if urlSlices == nil {
[9]	501	out.Write(css)
[1]	502	return
	503	}
	504
	505	startIndex := 0
	506
	507	for _, s := range urlSlices {
[15]	508	urlStart := s[4]
	509	urlEnd := s[5]
[1]	510
[60]	511	if uri, err := rc.ProxifyURI(css[urlStart:urlEnd]); err == nil {
[9]	512	out.Write(css[startIndex:urlStart])
	513	out.Write([]byte(uri))
[1]	514	startIndex = urlEnd
	515	} else {
[36]	516	log.Println("cannot proxify css uri:", string(css[urlStart:urlEnd]))
[1]	517	}
	518	}
	519	if startIndex < len(css) {
[9]	520	out.Write(css[startIndex:len(css)])
[1]	521	}
	522	}
	523
[9]	524	func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
[1]	525	r := bytes.NewReader(htmlDoc)
	526	decoder := html.NewTokenizer(r)
	527	decoder.AllowCDATA(true)
	528
	529	unsafeElements := make([][]byte, 0, 8)
	530	state := STATE_DEFAULT
	531	for {
	532	token := decoder.Next()
	533	if token == html.ErrorToken {
	534	err := decoder.Err()
	535	if err != io.EOF {
	536	log.Println("failed to parse HTML:")
	537	}
	538	break
	539	}
	540
	541	if len(unsafeElements) == 0 {
	542
	543	switch token {
	544	case html.StartTagToken, html.SelfClosingTagToken:
	545	tag, hasAttrs := decoder.TagName()
	546	safe := !inArray(tag, UNSAFE_ELEMENTS)
	547	if !safe {
	548	if !inArray(tag, SELF_CLOSING_ELEMENTS) {
	549	var unsafeTag []byte = make([]byte, len(tag))
	550	copy(unsafeTag, tag)
	551	unsafeElements = append(unsafeElements, unsafeTag)
	552	}
	553	break
	554	}
[38]	555	if bytes.Equal(tag, []byte("base")) {
	556	for {
	557	attrName, attrValue, moreAttr := decoder.TagAttr()
[45]	558	if bytes.Equal(attrName, []byte("href")) {
	559	parsedURI, err := url.Parse(string(attrValue))
	560	if err == nil {
	561	rc.BaseURL = parsedURI
	562	}
[38]	563	}
	564	if !moreAttr {
	565	break
	566	}
	567	}
	568	break
	569	}
[1]	570	if bytes.Equal(tag, []byte("noscript")) {
	571	state = STATE_IN_NOSCRIPT
	572	break
	573	}
	574	var attrs [][][]byte
	575	if hasAttrs {
	576	for {
	577	attrName, attrValue, moreAttr := decoder.TagAttr()
[21]	578	attrs = append(attrs, [][]byte{
	579	attrName,
	580	attrValue,
	581	[]byte(html.EscapeString(string(attrValue))),
	582	})
[1]	583	if !moreAttr {
	584	break
	585	}
	586	}
[13]	587	}
	588	if bytes.Equal(tag, []byte("link")) {
	589	sanitizeLinkTag(rc, out, attrs)
	590	break
	591	}
	592
[45]	593	if bytes.Equal(tag, []byte("meta")) {
	594	sanitizeMetaTag(rc, out, attrs)
	595	break
	596	}
	597
[13]	598	fmt.Fprintf(out, "<%s", tag)
	599
	600	if hasAttrs {
[45]	601	sanitizeAttrs(rc, out, attrs)
[1]	602	}
[13]	603
[1]	604	if token == html.SelfClosingTagToken {
[9]	605	fmt.Fprintf(out, " />")
[1]	606	} else {
[9]	607	fmt.Fprintf(out, ">")
[1]	608	if bytes.Equal(tag, []byte("style")) {
	609	state = STATE_IN_STYLE
	610	}
	611	}
[13]	612
[45]	613	if bytes.Equal(tag, []byte("head")) {
[46]	614	fmt.Fprintf(out, HTML_HEAD_CONTENT_TYPE)
[45]	615	}
	616
[1]	617	if bytes.Equal(tag, []byte("form")) {
	618	var formURL *url.URL
	619	for _, attr := range attrs {
	620	if bytes.Equal(attr[0], []byte("action")) {
	621	formURL, _ = url.Parse(string(attr[1]))
[28]	622	formURL = mergeURIs(rc.BaseURL, formURL)
[1]	623	break
	624	}
	625	}
	626	if formURL == nil {
[23]	627	formURL = rc.BaseURL
[1]	628	}
[2]	629	urlStr := formURL.String()
	630	var key string
	631	if rc.Key != nil {
	632	key = hash(urlStr, rc.Key)
	633	}
[9]	634	fmt.Fprintf(out, HTML_FORM_EXTENSION, urlStr, key)
[1]	635
	636	}
	637
	638	case html.EndTagToken:
	639	tag, _ := decoder.TagName()
	640	writeEndTag := true
	641	switch string(tag) {
	642	case "body":
[23]	643	fmt.Fprintf(out, HTML_BODY_EXTENSION, rc.BaseURL.String())
[1]	644	case "style":
	645	state = STATE_DEFAULT
	646	case "noscript":
	647	state = STATE_DEFAULT
	648	writeEndTag = false
	649	}
	650	// skip noscript tags - only the tag, not the content, because javascript is sanitized
	651	if writeEndTag {
[9]	652	fmt.Fprintf(out, "</%s>", tag)
[1]	653	}
	654
	655	case html.TextToken:
	656	switch state {
	657	case STATE_DEFAULT:
[9]	658	fmt.Fprintf(out, "%s", decoder.Raw())
[1]	659	case STATE_IN_STYLE:
[9]	660	sanitizeCSS(rc, out, decoder.Raw())
[1]	661	case STATE_IN_NOSCRIPT:
[9]	662	sanitizeHTML(rc, out, decoder.Raw())
[1]	663	}
	664
[62]	665	case html.CommentToken:
	666	// ignore comment. TODO : parse IE conditional comment
	667
	668	case html.DoctypeToken:
[9]	669	out.Write(decoder.Raw())
[1]	670	}
	671	} else {
	672	switch token {
	673	case html.StartTagToken:
	674	tag, _ := decoder.TagName()
	675	if inArray(tag, UNSAFE_ELEMENTS) {
	676	unsafeElements = append(unsafeElements, tag)
	677	}
	678
	679	case html.EndTagToken:
	680	tag, _ := decoder.TagName()
	681	if bytes.Equal(unsafeElements[len(unsafeElements)-1], tag) {
	682	unsafeElements = unsafeElements[:len(unsafeElements)-1]
	683	}
	684	}
	685	}
	686	}
	687	}
	688
[13]	689	func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
	690	exclude := false
	691	for _, attr := range attrs {
	692	attrName := attr[0]
	693	attrValue := attr[1]
	694	if bytes.Equal(attrName, []byte("rel")) {
[46]	695	if !inArray(attrValue, LINK_REL_SAFE_VALUES) {
[13]	696	exclude = true
	697	break
	698	}
	699	}
	700	if bytes.Equal(attrName, []byte("as")) {
	701	if bytes.Equal(attrValue, []byte("script")) {
	702	exclude = true
	703	break
	704	}
	705	}
	706	}
	707
	708	if !exclude {
	709	out.Write([]byte("<link"))
	710	for _, attr := range attrs {
[21]	711	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[13]	712	}
	713	out.Write([]byte(">"))
	714	}
	715	}
	716
[45]	717	func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	718	var http_equiv []byte
	719	var content []byte
	720
	721	for _, attr := range attrs {
	722	attrName := attr[0]
	723	attrValue := attr[1]
	724	if bytes.Equal(attrName, []byte("http-equiv")) {
	725	http_equiv = bytes.ToLower(attrValue)
[46]	726	// exclude some <meta http-equiv="..." ..>
	727	if !inArray(http_equiv, LINK_HTTP_EQUIV_SAFE_VALUES) {
	728	return
	729	}
[1]	730	}
	731	if bytes.Equal(attrName, []byte("content")) {
	732	content = attrValue
	733	}
[45]	734	if bytes.Equal(attrName, []byte("charset")) {
	735	// exclude <meta charset="...">
	736	return
	737	}
[1]	738	}
	739
[45]	740	out.Write([]byte("<meta"))
[14]	741	urlIndex := bytes.Index(bytes.ToLower(content), []byte("url="))
	742	if bytes.Equal(http_equiv, []byte("refresh")) && urlIndex != -1 {
	743	contentUrl := content[urlIndex+4:]
[36]	744	// special case of <meta http-equiv="refresh" content="0; url='example.com/url.with.quote.outside'">
[37]	745	if len(contentUrl) >= 2 && (contentUrl[0] == byte('\'') \|\| contentUrl[0] == byte('"')) {
[36]	746	if contentUrl[0] == contentUrl[len(contentUrl)-1] {
[37]	747	contentUrl = contentUrl[1 : len(contentUrl)-1]
[36]	748	}
	749	}
	750	// output proxify result
[60]	751	if uri, err := rc.ProxifyURI(contentUrl); err == nil {
[14]	752	fmt.Fprintf(out, ` http-equiv="refresh" content="%surl=%s"`, content[:urlIndex], uri)
[1]	753	}
	754	} else {
[46]	755	if len(http_equiv) > 0 {
	756	fmt.Fprintf(out, ` http-equiv="%s"`, http_equiv)
	757	}
[9]	758	sanitizeAttrs(rc, out, attrs)
[1]	759	}
[45]	760	out.Write([]byte(">"))
[1]	761	}
	762
[9]	763	func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
[1]	764	for _, attr := range attrs {
[21]	765	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
[1]	766	}
	767	}
	768
[21]	769	func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escapedAttrValue []byte) {
[1]	770	if inArray(attrName, SAFE_ATTRIBUTES) {
[21]	771	fmt.Fprintf(out, " %s=\"%s\"", attrName, escapedAttrValue)
[1]	772	return
	773	}
	774	switch string(attrName) {
	775	case "src", "href", "action":
[60]	776	if uri, err := rc.ProxifyURI(attrValue); err == nil {
[9]	777	fmt.Fprintf(out, " %s=\"%s\"", attrName, uri)
[1]	778	} else {
[36]	779	log.Println("cannot proxify uri:", string(attrValue))
[1]	780	}
	781	case "style":
[21]	782	cssAttr := bytes.NewBuffer(nil)
	783	sanitizeCSS(rc, cssAttr, attrValue)
	784	fmt.Fprintf(out, " %s=\"%s\"", attrName, html.EscapeString(string(cssAttr.Bytes())))
[1]	785	}
	786	}
	787
[36]	788	func mergeURIs(u1, u2 url.URL) url.URL {
[71]	789	if u2 == nil {
	790	return u1
	791	}
[28]	792	return u1.ResolveReference(u2)
[1]	793	}
	794
[60]	795	// Sanitized URI : removes all runes bellow 32 (included) as the begining and end of URI, and lower case the scheme.
	796	// avoid memory allocation (except for the scheme)
	797	func sanitizeURI(uri []byte) ([]byte, string) {
	798	first_rune_index := 0
	799	first_rune_seen := false
	800	scheme_last_index := -1
	801	buffer := bytes.NewBuffer(make([]byte, 0, 10))
	802
	803	// remove trailing space and special characters
	804	uri = bytes.TrimRight(uri, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F\x20")
	805
	806	// loop over byte by byte
	807	for i, c := range uri {
	808	// ignore special characters and space (c <= 32)
	809	if c > 32 {
	810	// append to the lower case of the rune to buffer
	811	if c < utf8.RuneSelf && 'A' <= c && c <= 'Z' {
	812	c = c + 'a' - 'A'
	813	}
	814
	815	buffer.WriteByte(c)
	816
	817	// update the first rune index that is not a special rune
	818	if !first_rune_seen {
	819	first_rune_index = i
	820	first_rune_seen = true
	821	}
	822
	823	if c == ':' {
	824	// colon rune found, we have found the scheme
	825	scheme_last_index = i
	826	break
	827	} else if c == '/' \|\| c == '?' \|\| c == '\\' \|\| c == '#' {
	828	// special case : most probably a relative URI
	829	break
	830	}
	831	}
	832	}
	833
	834	if scheme_last_index != -1 {
	835	// scheme found
	836	// copy the "lower case without special runes scheme" before the ":" rune
	837	scheme_start_index := scheme_last_index - buffer.Len() + 1
	838	copy(uri[scheme_start_index:], buffer.Bytes())
	839	// and return the result
	840	return uri[scheme_start_index:], buffer.String()
	841	} else {
	842	// scheme NOT found
	843	return uri[first_rune_index:], ""
	844	}
	845	}
	846
	847	func (rc *RequestConfig) ProxifyURI(uri []byte) (string, error) {
	848	// sanitize URI
	849	uri, scheme := sanitizeURI(uri)
	850
[28]	851	// remove javascript protocol
[60]	852	if scheme == "javascript:" {
[28]	853	return "", nil
	854	}
[57]	855
[1]	856	// TODO check malicious data: - e.g. data:script
[60]	857	if scheme == "data:" {
[61]	858	if bytes.HasPrefix(uri, []byte("data:image/png")) \|\|
	859	bytes.HasPrefix(uri, []byte("data:image/jpeg")) \|\|
	860	bytes.HasPrefix(uri, []byte("data:image/pjpeg")) \|\|
	861	bytes.HasPrefix(uri, []byte("data:image/gif")) \|\|
	862	bytes.HasPrefix(uri, []byte("data:image/webp")) {
	863	// should be safe
	864	return string(uri), nil
	865	} else {
	866	// unsafe data
	867	return "", nil
	868	}
[1]	869	}
	870
[57]	871	// parse the uri
[60]	872	u, err := url.Parse(string(uri))
[1]	873	if err != nil {
	874	return "", err
	875	}
[57]	876
	877	// get the fragment (with the prefix "#")
	878	fragment := ""
	879	if len(u.Fragment) > 0 {
	880	fragment = "#" + u.Fragment
	881	}
	882
	883	// reset the fragment: it is not included in the mortyurl
	884	u.Fragment = ""
	885
	886	// merge the URI with the document URI
[28]	887	u = mergeURIs(rc.BaseURL, u)
[1]	888
[57]	889	// simple internal link ?
	890	// some web pages describe the whole link https://same:auth@same.host/same.path?same.query#new.fragment
	891	if u.Scheme == rc.BaseURL.Scheme &&
	892	(rc.BaseURL.User == nil \|\| (u.User != nil && u.User.String() == rc.BaseURL.User.String())) &&
	893	u.Host == rc.BaseURL.Host &&
	894	u.Path == rc.BaseURL.Path &&
	895	u.RawQuery == rc.BaseURL.RawQuery {
	896	// the fragment is the only difference between the document URI and the uri parameter
	897	return fragment, nil
	898	}
	899
	900	// return full URI and fragment (if not empty)
[60]	901	morty_uri := u.String()
[1]	902
	903	if rc.Key == nil {
[60]	904	return fmt.Sprintf("./?mortyurl=%s%s", url.QueryEscape(morty_uri), fragment), nil
[1]	905	}
[60]	906	return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s%s", hash(morty_uri, rc.Key), url.QueryEscape(morty_uri), fragment), nil
[1]	907	}
	908
	909	func inArray(b []byte, a [][]byte) bool {
	910	for _, b2 := range a {
	911	if bytes.Equal(b, b2) {
	912	return true
	913	}
	914	}
	915	return false
	916	}
	917
	918	func hash(msg string, key []byte) string {
	919	mac := hmac.New(sha256.New, key)
	920	mac.Write([]byte(msg))
	921	return hex.EncodeToString(mac.Sum(nil))
	922	}
	923
	924	func verifyRequestURI(uri, hashMsg, key []byte) bool {
	925	h := make([]byte, hex.DecodedLen(len(hashMsg)))
	926	_, err := hex.Decode(h, hashMsg)
	927	if err != nil {
	928	log.Println("hmac error:", err)
	929	return false
	930	}
	931	mac := hmac.New(sha256.New, key)
	932	mac.Write(uri)
	933	return hmac.Equal(h, mac.Sum(nil))
	934	}
	935
[69]	936	func (p Proxy) serveExitMortyPage(ctx fasthttp.RequestCtx, uri *url.URL) {
	937	ctx.SetContentType("text/html")
	938	ctx.SetStatusCode(403)
	939	ctx.Write([]byte(MORTY_HTML_PAGE_START))
	940	ctx.Write([]byte("<h2>You are about to exit MortyProxy</h2>"))
	941	ctx.Write([]byte("<p>Following</p><p><a href=\""))
	942	ctx.Write([]byte(html.EscapeString(uri.String())))
	943	ctx.Write([]byte("\" rel=\"noreferrer\">"))
	944	ctx.Write([]byte(html.EscapeString(uri.String())))
	945	ctx.Write([]byte("</a></p><p>the content of this URL will be <b>NOT</b> sanitized.</p>"))
	946	ctx.Write([]byte(MORTY_HTML_PAGE_END))
	947	}
	948
[35]	949	func (p Proxy) serveMainPage(ctx fasthttp.RequestCtx, statusCode int, err error) {
[67]	950	ctx.SetContentType("text/html; charset=UTF-8")
[35]	951	ctx.SetStatusCode(statusCode)
[69]	952	ctx.Write([]byte(MORTY_HTML_PAGE_START))
[11]	953	if err != nil {
	954	log.Println("error:", err)
	955	ctx.Write([]byte("<h2>Error: "))
	956	ctx.Write([]byte(html.EscapeString(err.Error())))
	957	ctx.Write([]byte("</h2>"))
	958	}
[1]	959	if p.Key == nil {
	960	ctx.Write([]byte(`
[36]	961	<form action="post">
	962	Visit url: <input placeholder="https://url.." name="mortyurl" autofocus />
	963	<input type="submit" value="go" />
	964	</form>`))
[11]	965	} else {
	966	ctx.Write([]byte(`<h3>Warning! This instance does not support direct URL opening.</h3>`))
[1]	967	}
[69]	968	ctx.Write([]byte(MORTY_HTML_PAGE_END))
[1]	969	}
	970
	971	func main() {
[78]	972	default_listen_addr := os.Getenv("MORTY_ADDRESS")
	973	if default_listen_addr == "" {
	974	default_listen_addr = "127.0.0.1:3000"
	975	}
	976	default_key := os.Getenv("MORTY_KEY")
	977	listen := flag.String("listen", default_listen_addr, "Listen address")
[92]	978	key := flag.String("key", default_key, "HMAC url validation key (base64 encoded) - leave blank to disable validation")
[24]	979	ipv6 := flag.Bool("ipv6", false, "Allow IPv6 HTTP requests")
[74]	980	version := flag.Bool("version", false, "Show version")
[4]	981	requestTimeout := flag.Uint("timeout", 2, "Request timeout")
[1]	982	flag.Parse()
	983
[74]	984	if *version {
	985	fmt.Println(VERSION)
	986	return
	987	}
	988
[24]	989	if *ipv6 {
	990	CLIENT.Dial = fasthttp.DialDualStack
	991	}
	992
[4]	993	p := &Proxy{RequestTimeout: time.Duration(requestTimeout) time.Second}
[1]	994
	995	if *key != "" {
[92]	996	var err error
	997	p.Key, err = base64.StdEncoding.DecodeString(*key)
	998	if (err != nil) {
	999	log.Fatal("Error parsing -key", err.Error())
	1000	os.Exit(1)
	1001	}
[1]	1002	}
	1003
	1004	log.Println("listening on", *listen)
	1005
	1006	if err := fasthttp.ListenAndServe(*listen, p.RequestHandler); err != nil {
	1007	log.Fatal("Error in ListenAndServe:", err)
	1008	}
	1009	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: