Context Navigation

source: code/trunk/morty.go@ 99

Last change on this file since 99 was 99, checked in by mathieu.brunot, 6 years ago

:bug: Set DEBUG as a var

Signed-off-by: mathieu.brunot <mathieu.brunot@…>

File size: 27.8 KB

Line
1	package main
2
3	import (
4	"bytes"
5	"crypto/hmac"
6	"crypto/sha256"
7	"encoding/base64"
8	"encoding/hex"
9	"errors"
10	"flag"
11	"fmt"
12	"io"
13	"log"
14	"mime"
15	"net/url"
16	"os"
17	"path/filepath"
18	"regexp"
19	"strings"
20	"time"
21	"unicode/utf8"
22
23	"github.com/valyala/fasthttp"
24	"golang.org/x/net/html"
25	"golang.org/x/net/html/charset"
26	"golang.org/x/text/encoding"
27
28	"github.com/asciimoo/morty/contenttype"
29	)
30
31	const (
32	STATE_DEFAULT int = 0
33	STATE_IN_STYLE int = 1
34	STATE_IN_NOSCRIPT int = 2
35	)
36
37	const VERSION = "v0.2.0"
38
39	var DEBUG = os.Getenv("DEBUG") == "true"
40
41	var CLIENT *fasthttp.Client = &fasthttp.Client{
42	MaxResponseBodySize: 10 * 1024 * 1024, // 10M
43	}
44
45	var CSS_URL_REGEXP regexp.Regexp = regexp.MustCompile("url\\((['\"]?)[ \\t\\f]([\u0009\u0021\u0023-\u0026\u0028\u002a-\u007E]+)(['\"]?)\\)?")
46
47	var ALLOWED_CONTENTTYPE_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
48	// html
49	contenttype.NewFilterEquals("text", "html", ""),
50	contenttype.NewFilterEquals("application", "xhtml", "xml"),
51	// css
52	contenttype.NewFilterEquals("text", "css", ""),
53	// images
54	contenttype.NewFilterEquals("image", "gif", ""),
55	contenttype.NewFilterEquals("image", "png", ""),
56	contenttype.NewFilterEquals("image", "jpeg", ""),
57	contenttype.NewFilterEquals("image", "pjpeg", ""),
58	contenttype.NewFilterEquals("image", "webp", ""),
59	contenttype.NewFilterEquals("image", "tiff", ""),
60	contenttype.NewFilterEquals("image", "vnd.microsoft.icon", ""),
61	contenttype.NewFilterEquals("image", "bmp", ""),
62	contenttype.NewFilterEquals("image", "x-ms-bmp", ""),
63	contenttype.NewFilterEquals("image", "x-icon", ""),
64	// fonts
65	contenttype.NewFilterEquals("application", "font-otf", ""),
66	contenttype.NewFilterEquals("application", "font-ttf", ""),
67	contenttype.NewFilterEquals("application", "font-woff", ""),
68	contenttype.NewFilterEquals("application", "vnd.ms-fontobject", ""),
69	})
70
71	var ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER contenttype.Filter = contenttype.NewFilterOr([]contenttype.Filter{
72	// texts
73	contenttype.NewFilterEquals("text", "csv", ""),
74	contenttype.NewFilterEquals("text", "tab-separated-value", ""),
75	contenttype.NewFilterEquals("text", "plain", ""),
76	// API
77	contenttype.NewFilterEquals("application", "json", ""),
78	// Documents
79	contenttype.NewFilterEquals("application", "x-latex", ""),
80	contenttype.NewFilterEquals("application", "pdf", ""),
81	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.text", ""),
82	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.spreadsheet", ""),
83	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.presentation", ""),
84	contenttype.NewFilterEquals("application", "vnd.oasis.opendocument.graphics", ""),
85	// Compressed archives
86	contenttype.NewFilterEquals("application", "zip", ""),
87	contenttype.NewFilterEquals("application", "gzip", ""),
88	contenttype.NewFilterEquals("application", "x-compressed", ""),
89	contenttype.NewFilterEquals("application", "x-gtar", ""),
90	contenttype.NewFilterEquals("application", "x-compress", ""),
91	// Generic binary
92	contenttype.NewFilterEquals("application", "octet-stream", ""),
93	})
94
95	var ALLOWED_CONTENTTYPE_PARAMETERS map[string]bool = map[string]bool{
96	"charset": true,
97	}
98
99	var UNSAFE_ELEMENTS [][]byte = [][]byte{
100	[]byte("applet"),
101	[]byte("canvas"),
102	[]byte("embed"),
103	//[]byte("iframe"),
104	[]byte("math"),
105	[]byte("script"),
106	[]byte("svg"),
107	}
108
109	var SAFE_ATTRIBUTES [][]byte = [][]byte{
110	[]byte("abbr"),
111	[]byte("accesskey"),
112	[]byte("align"),
113	[]byte("alt"),
114	[]byte("as"),
115	[]byte("autocomplete"),
116	[]byte("charset"),
117	[]byte("checked"),
118	[]byte("class"),
119	[]byte("content"),
120	[]byte("contenteditable"),
121	[]byte("contextmenu"),
122	[]byte("dir"),
123	[]byte("for"),
124	[]byte("height"),
125	[]byte("hidden"),
126	[]byte("hreflang"),
127	[]byte("id"),
128	[]byte("lang"),
129	[]byte("media"),
130	[]byte("method"),
131	[]byte("name"),
132	[]byte("nowrap"),
133	[]byte("placeholder"),
134	[]byte("property"),
135	[]byte("rel"),
136	[]byte("spellcheck"),
137	[]byte("tabindex"),
138	[]byte("target"),
139	[]byte("title"),
140	[]byte("translate"),
141	[]byte("type"),
142	[]byte("value"),
143	[]byte("width"),
144	}
145
146	var SELF_CLOSING_ELEMENTS [][]byte = [][]byte{
147	[]byte("area"),
148	[]byte("base"),
149	[]byte("br"),
150	[]byte("col"),
151	[]byte("embed"),
152	[]byte("hr"),
153	[]byte("img"),
154	[]byte("input"),
155	[]byte("keygen"),
156	[]byte("link"),
157	[]byte("meta"),
158	[]byte("param"),
159	[]byte("source"),
160	[]byte("track"),
161	[]byte("wbr"),
162	}
163
164	var LINK_REL_SAFE_VALUES [][]byte = [][]byte{
165	[]byte("alternate"),
166	[]byte("archives"),
167	[]byte("author"),
168	[]byte("copyright"),
169	[]byte("first"),
170	[]byte("help"),
171	[]byte("icon"),
172	[]byte("index"),
173	[]byte("last"),
174	[]byte("license"),
175	[]byte("manifest"),
176	[]byte("next"),
177	[]byte("pingback"),
178	[]byte("prev"),
179	[]byte("publisher"),
180	[]byte("search"),
181	[]byte("shortcut icon"),
182	[]byte("stylesheet"),
183	[]byte("up"),
184	}
185
186	var LINK_HTTP_EQUIV_SAFE_VALUES [][]byte = [][]byte{
187	// X-UA-Compatible will be added automaticaly, so it can be skipped
188	[]byte("date"),
189	[]byte("last-modified"),
190	[]byte("refresh"), // URL rewrite
191	// []byte("location"), TODO URL rewrite
192	[]byte("content-language"),
193	}
194
195	type Proxy struct {
196	Key []byte
197	RequestTimeout time.Duration
198	}
199
200	type RequestConfig struct {
201	Key []byte
202	BaseURL *url.URL
203	}
204
205	var HTML_FORM_EXTENSION string = `<input type="hidden" name="mortyurl" value="%s" /><input type="hidden" name="mortyhash" value="%s" />`
206
207	var HTML_BODY_EXTENSION string = `
208	<input type="checkbox" id="mortytoggle" autocomplete="off" />
209	<div id="mortyheader">
210	<p>This is a <a href="https://github.com/asciimoo/morty">proxified and sanitized</a> view of the page,<br />visit <a href="%s" rel="noreferrer">original site</a>.</p><p><label for="mortytoggle">hide</label></p>
211	</div>
212	<style>
213	#mortyheader { position: fixed; margin: 0; box-sizing: border-box; -webkit-box-sizing: border-box; top: 15%%; left: 0; max-width: 140px; overflow: hidden; z-index: 2147483647 !important; font-size: 12px; line-height: normal; border-width: 4px 4px 4px 0; border-style: solid; border-color: #1abc9c; background: #FFF; padding: 12px 12px 8px 8px; color: #444; }
214	#mortyheader * { box-sizing: content-box; margin: 0; border: none; padding: 0; overflow: hidden; z-index: 2147483647 !important; line-height: 1em; font-size: 12px !important; font-family: sans !important; font-weight: normal; text-align: left; text-decoration: none; }
215	#mortyheader p { padding: 0 0 0.7em 0; display: block; }
216	#mortyheader a { color: #3498db; font-weight: bold; display: inline; }
217	#mortyheader label { text-align: right; cursor: pointer; display: block; color: #444; }
218	input[type=checkbox]#mortytoggle { display: none; }
219	input[type=checkbox]#mortytoggle:checked ~ div { display: none; visibility: hidden; }
220	</style>
221	`
222
223	var HTML_HEAD_CONTENT_TYPE string = `<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
224	<meta http-equiv="X-UA-Compatible" content="IE=edge">
225	<meta name="referrer" content="no-referrer">
226	`
227
228	var MORTY_HTML_PAGE_START string = `<!doctype html>
229	<html>
230	<head>
231	<title>MortyProxy</title>
232	<meta name="viewport" content="width=device-width, initial-scale=1 , maximum-scale=1.0, user-scalable=1" />
233	<style>
234	html { height: 100%; }
235	body { min-height : 100%; display: flex; flex-direction:column; font-family: 'Garamond', 'Georgia', serif; text-align: center; color: #444; background: #FAFAFA; margin: 0; padding: 0; font-size: 1.1em; }
236	input { border: 1px solid #888; padding: 0.3em; color: #444; background: #FFF; font-size: 1.1em; }
237	input[placeholder] { width:80%; }
238	a { text-decoration: none; #2980b9; }
239	h1, h2 { font-weight: 200; margin-bottom: 2rem; }
240	h1 { font-size: 3em; }
241	.container { flex:1; min-height: 100%; margin-bottom: 1em; }
242	.footer { margin: 1em; }
243	.footer p { font-size: 0.8em; }
244	</style>
245	</head>
246	<body>
247	<div class="container">
248	<h1>MortyProxy</h1>
249	`
250
251	var MORTY_HTML_PAGE_END string = `
252	</div>
253	<div class="footer">
254	<p>Morty rewrites web pages to exclude malicious HTML tags and CSS/HTML attributes. It also replaces external resource references to prevent third-party information leaks.<br />
255	<a href="https://github.com/asciimoo/morty">view on github</a>
256	</p>
257	</div>
258	</body>
259	</html>`
260
261	var FAVICON_BYTES []byte
262
263	func init() {
264	FaviconBase64 := "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII"
265
266	FAVICON_BYTES, _ = base64.StdEncoding.DecodeString(FaviconBase64)
267	}
268
269	func (p Proxy) RequestHandler(ctx fasthttp.RequestCtx) {
270
271	if appRequestHandler(ctx) {
272	return
273	}
274
275	requestHash := popRequestParam(ctx, []byte("mortyhash"))
276
277	requestURI := popRequestParam(ctx, []byte("mortyurl"))
278
279	if requestURI == nil {
280	p.serveMainPage(ctx, 200, nil)
281	return
282	}
283
284	if p.Key != nil {
285	if !verifyRequestURI(requestURI, requestHash, p.Key) {
286	// HTTP status code 403 : Forbidden
287	p.serveMainPage(ctx, 403, errors.New(`invalid "mortyhash" parameter`))
288	return
289	}
290	}
291
292	parsedURI, err := url.Parse(string(requestURI))
293
294	if err != nil {
295	// HTTP status code 500 : Internal Server Error
296	p.serveMainPage(ctx, 500, err)
297	return
298	}
299
300	// Serve an intermediate page for protocols other than HTTP(S)
301	if (parsedURI.Scheme != "http" && parsedURI.Scheme != "https") \|\| strings.HasSuffix(parsedURI.Host, ".onion") {
302	p.serveExitMortyPage(ctx, parsedURI)
303	return
304	}
305
306	req := fasthttp.AcquireRequest()
307	defer fasthttp.ReleaseRequest(req)
308	req.SetConnectionClose()
309
310	requestURIStr := string(requestURI)
311
312	if DEBUG {
313	log.Println("getting", requestURIStr)
314	}
315
316	req.SetRequestURI(requestURIStr)
317	req.Header.SetUserAgentBytes([]byte("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"))
318
319	resp := fasthttp.AcquireResponse()
320	defer fasthttp.ReleaseResponse(resp)
321
322	req.Header.SetMethodBytes(ctx.Method())
323	if ctx.IsPost() \|\| ctx.IsPut() {
324	req.SetBody(ctx.PostBody())
325	}
326
327	err = CLIENT.DoTimeout(req, resp, p.RequestTimeout)
328
329	if err != nil {
330	if err == fasthttp.ErrTimeout {
331	// HTTP status code 504 : Gateway Time-Out
332	p.serveMainPage(ctx, 504, err)
333	} else {
334	// HTTP status code 500 : Internal Server Error
335	p.serveMainPage(ctx, 500, err)
336	}
337	return
338	}
339
340	if resp.StatusCode() != 200 {
341	switch resp.StatusCode() {
342	case 301, 302, 303, 307, 308:
343	loc := resp.Header.Peek("Location")
344	if loc != nil {
345	rc := &RequestConfig{Key: p.Key, BaseURL: parsedURI}
346	url, err := rc.ProxifyURI(loc)
347	if err == nil {
348	ctx.SetStatusCode(resp.StatusCode())
349	ctx.Response.Header.Add("Location", url)
350	if DEBUG {
351	log.Println("redirect to", string(loc))
352	}
353	return
354	}
355	}
356	}
357	error_message := fmt.Sprintf("invalid response: %d (%s)", resp.StatusCode(), requestURIStr)
358	p.serveMainPage(ctx, resp.StatusCode(), errors.New(error_message))
359	return
360	}
361
362	contentTypeBytes := resp.Header.Peek("Content-Type")
363
364	if contentTypeBytes == nil {
365	// HTTP status code 503 : Service Unavailable
366	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
367	return
368	}
369
370	contentTypeString := string(contentTypeBytes)
371
372	// decode Content-Type header
373	contentType, error := contenttype.ParseContentType(contentTypeString)
374	if error != nil {
375	// HTTP status code 503 : Service Unavailable
376	p.serveMainPage(ctx, 503, errors.New("invalid content type"))
377	return
378	}
379
380	// content-disposition
381	contentDispositionBytes := ctx.Request.Header.Peek("Content-Disposition")
382
383	// check content type
384	if !ALLOWED_CONTENTTYPE_FILTER(contentType) {
385	// it is not a usual content type
386	if ALLOWED_CONTENTTYPE_ATTACHMENT_FILTER(contentType) {
387	// force attachment for allowed content type
388	contentDispositionBytes = contentDispositionForceAttachment(contentDispositionBytes, parsedURI)
389	} else {
390	// deny access to forbidden content type
391	// HTTP status code 403 : Forbidden
392	p.serveMainPage(ctx, 403, errors.New("forbidden content type"))
393	return
394	}
395	}
396
397	// HACK : replace */xhtml by text/html
398	if contentType.SubType == "xhtml" {
399	contentType.TopLevelType = "text"
400	contentType.SubType = "html"
401	contentType.Suffix = ""
402	}
403
404	// conversion to UTF-8
405	var responseBody []byte
406
407	if contentType.TopLevelType == "text" {
408	e, ename, _ := charset.DetermineEncoding(resp.Body(), contentTypeString)
409	if (e != encoding.Nop) && (!strings.EqualFold("utf-8", ename)) {
410	responseBody, err = e.NewDecoder().Bytes(resp.Body())
411	if err != nil {
412	// HTTP status code 503 : Service Unavailable
413	p.serveMainPage(ctx, 503, err)
414	return
415	}
416	} else {
417	responseBody = resp.Body()
418	}
419	// update the charset or specify it
420	contentType.Parameters["charset"] = "UTF-8"
421	} else {
422	responseBody = resp.Body()
423	}
424
425	//
426	contentType.FilterParameters(ALLOWED_CONTENTTYPE_PARAMETERS)
427
428	// set the content type
429	ctx.SetContentType(contentType.String())
430
431	// output according to MIME type
432	switch {
433	case contentType.SubType == "css" && contentType.Suffix == "":
434	sanitizeCSS(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
435	case contentType.SubType == "html" && contentType.Suffix == "":
436	sanitizeHTML(&RequestConfig{Key: p.Key, BaseURL: parsedURI}, ctx, responseBody)
437	default:
438	if contentDispositionBytes != nil {
439	ctx.Response.Header.AddBytesV("Content-Disposition", contentDispositionBytes)
440	}
441	ctx.Write(responseBody)
442	}
443	}
444
445	// force content-disposition to attachment
446	func contentDispositionForceAttachment(contentDispositionBytes []byte, url *url.URL) []byte {
447	var contentDispositionParams map[string]string
448
449	if contentDispositionBytes != nil {
450	var err error
451	_, contentDispositionParams, err = mime.ParseMediaType(string(contentDispositionBytes))
452	if err != nil {
453	contentDispositionParams = make(map[string]string)
454	}
455	} else {
456	contentDispositionParams = make(map[string]string)
457	}
458
459	_, fileNameDefined := contentDispositionParams["filename"]
460	if !fileNameDefined {
461	// TODO : sanitize filename
462	contentDispositionParams["fileName"] = filepath.Base(url.Path)
463	}
464
465	return []byte(mime.FormatMediaType("attachment", contentDispositionParams))
466	}
467
468	func appRequestHandler(ctx *fasthttp.RequestCtx) bool {
469	// serve robots.txt
470	if bytes.Equal(ctx.Path(), []byte("/robots.txt")) {
471	ctx.SetContentType("text/plain")
472	ctx.Write([]byte("User-Agent: *\nDisallow: /\n"))
473	return true
474	}
475
476	// server favicon.ico
477	if bytes.Equal(ctx.Path(), []byte("/favicon.ico")) {
478	ctx.SetContentType("image/png")
479	ctx.Write(FAVICON_BYTES)
480	return true
481	}
482
483	return false
484	}
485
486	func popRequestParam(ctx *fasthttp.RequestCtx, paramName []byte) []byte {
487	param := ctx.QueryArgs().PeekBytes(paramName)
488
489	if param == nil {
490	param = ctx.PostArgs().PeekBytes(paramName)
491	if param != nil {
492	ctx.PostArgs().DelBytes(paramName)
493	}
494	} else {
495	ctx.QueryArgs().DelBytes(paramName)
496	}
497
498	return param
499	}
500
501	func sanitizeCSS(rc *RequestConfig, out io.Writer, css []byte) {
502	// TODO
503
504	urlSlices := CSS_URL_REGEXP.FindAllSubmatchIndex(css, -1)
505
506	if urlSlices == nil {
507	out.Write(css)
508	return
509	}
510
511	startIndex := 0
512
513	for _, s := range urlSlices {
514	urlStart := s[4]
515	urlEnd := s[5]
516
517	if uri, err := rc.ProxifyURI(css[urlStart:urlEnd]); err == nil {
518	out.Write(css[startIndex:urlStart])
519	out.Write([]byte(uri))
520	startIndex = urlEnd
521	} else if DEBUG {
522	log.Println("cannot proxify css uri:", string(css[urlStart:urlEnd]))
523	}
524	}
525	if startIndex < len(css) {
526	out.Write(css[startIndex:len(css)])
527	}
528	}
529
530	func sanitizeHTML(rc *RequestConfig, out io.Writer, htmlDoc []byte) {
531	r := bytes.NewReader(htmlDoc)
532	decoder := html.NewTokenizer(r)
533	decoder.AllowCDATA(true)
534
535	unsafeElements := make([][]byte, 0, 8)
536	state := STATE_DEFAULT
537	for {
538	token := decoder.Next()
539	if token == html.ErrorToken {
540	err := decoder.Err()
541	if err != io.EOF {
542	log.Println("failed to parse HTML")
543	}
544	break
545	}
546
547	if len(unsafeElements) == 0 {
548
549	switch token {
550	case html.StartTagToken, html.SelfClosingTagToken:
551	tag, hasAttrs := decoder.TagName()
552	safe := !inArray(tag, UNSAFE_ELEMENTS)
553	if !safe {
554	if !inArray(tag, SELF_CLOSING_ELEMENTS) {
555	var unsafeTag []byte = make([]byte, len(tag))
556	copy(unsafeTag, tag)
557	unsafeElements = append(unsafeElements, unsafeTag)
558	}
559	break
560	}
561	if bytes.Equal(tag, []byte("base")) {
562	for {
563	attrName, attrValue, moreAttr := decoder.TagAttr()
564	if bytes.Equal(attrName, []byte("href")) {
565	parsedURI, err := url.Parse(string(attrValue))
566	if err == nil {
567	rc.BaseURL = parsedURI
568	}
569	}
570	if !moreAttr {
571	break
572	}
573	}
574	break
575	}
576	if bytes.Equal(tag, []byte("noscript")) {
577	state = STATE_IN_NOSCRIPT
578	break
579	}
580	var attrs [][][]byte
581	if hasAttrs {
582	for {
583	attrName, attrValue, moreAttr := decoder.TagAttr()
584	attrs = append(attrs, [][]byte{
585	attrName,
586	attrValue,
587	[]byte(html.EscapeString(string(attrValue))),
588	})
589	if !moreAttr {
590	break
591	}
592	}
593	}
594	if bytes.Equal(tag, []byte("link")) {
595	sanitizeLinkTag(rc, out, attrs)
596	break
597	}
598
599	if bytes.Equal(tag, []byte("meta")) {
600	sanitizeMetaTag(rc, out, attrs)
601	break
602	}
603
604	fmt.Fprintf(out, "<%s", tag)
605
606	if hasAttrs {
607	sanitizeAttrs(rc, out, attrs)
608	}
609
610	if token == html.SelfClosingTagToken {
611	fmt.Fprintf(out, " />")
612	} else {
613	fmt.Fprintf(out, ">")
614	if bytes.Equal(tag, []byte("style")) {
615	state = STATE_IN_STYLE
616	}
617	}
618
619	if bytes.Equal(tag, []byte("head")) {
620	fmt.Fprintf(out, HTML_HEAD_CONTENT_TYPE)
621	}
622
623	if bytes.Equal(tag, []byte("form")) {
624	var formURL *url.URL
625	for _, attr := range attrs {
626	if bytes.Equal(attr[0], []byte("action")) {
627	formURL, _ = url.Parse(string(attr[1]))
628	formURL = mergeURIs(rc.BaseURL, formURL)
629	break
630	}
631	}
632	if formURL == nil {
633	formURL = rc.BaseURL
634	}
635	urlStr := formURL.String()
636	var key string
637	if rc.Key != nil {
638	key = hash(urlStr, rc.Key)
639	}
640	fmt.Fprintf(out, HTML_FORM_EXTENSION, urlStr, key)
641
642	}
643
644	case html.EndTagToken:
645	tag, _ := decoder.TagName()
646	writeEndTag := true
647	switch string(tag) {
648	case "body":
649	fmt.Fprintf(out, HTML_BODY_EXTENSION, rc.BaseURL.String())
650	case "style":
651	state = STATE_DEFAULT
652	case "noscript":
653	state = STATE_DEFAULT
654	writeEndTag = false
655	}
656	// skip noscript tags - only the tag, not the content, because javascript is sanitized
657	if writeEndTag {
658	fmt.Fprintf(out, "</%s>", tag)
659	}
660
661	case html.TextToken:
662	switch state {
663	case STATE_DEFAULT:
664	fmt.Fprintf(out, "%s", decoder.Raw())
665	case STATE_IN_STYLE:
666	sanitizeCSS(rc, out, decoder.Raw())
667	case STATE_IN_NOSCRIPT:
668	sanitizeHTML(rc, out, decoder.Raw())
669	}
670
671	case html.CommentToken:
672	// ignore comment. TODO : parse IE conditional comment
673
674	case html.DoctypeToken:
675	out.Write(decoder.Raw())
676	}
677	} else {
678	switch token {
679	case html.StartTagToken:
680	tag, _ := decoder.TagName()
681	if inArray(tag, UNSAFE_ELEMENTS) {
682	unsafeElements = append(unsafeElements, tag)
683	}
684
685	case html.EndTagToken:
686	tag, _ := decoder.TagName()
687	if bytes.Equal(unsafeElements[len(unsafeElements)-1], tag) {
688	unsafeElements = unsafeElements[:len(unsafeElements)-1]
689	}
690	}
691	}
692	}
693	}
694
695	func sanitizeLinkTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
696	exclude := false
697	for _, attr := range attrs {
698	attrName := attr[0]
699	attrValue := attr[1]
700	if bytes.Equal(attrName, []byte("rel")) {
701	if !inArray(attrValue, LINK_REL_SAFE_VALUES) {
702	exclude = true
703	break
704	}
705	}
706	if bytes.Equal(attrName, []byte("as")) {
707	if bytes.Equal(attrValue, []byte("script")) {
708	exclude = true
709	break
710	}
711	}
712	}
713
714	if !exclude {
715	out.Write([]byte("<link"))
716	for _, attr := range attrs {
717	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
718	}
719	out.Write([]byte(">"))
720	}
721	}
722
723	func sanitizeMetaTag(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
724	var http_equiv []byte
725	var content []byte
726
727	for _, attr := range attrs {
728	attrName := attr[0]
729	attrValue := attr[1]
730	if bytes.Equal(attrName, []byte("http-equiv")) {
731	http_equiv = bytes.ToLower(attrValue)
732	// exclude some <meta http-equiv="..." ..>
733	if !inArray(http_equiv, LINK_HTTP_EQUIV_SAFE_VALUES) {
734	return
735	}
736	}
737	if bytes.Equal(attrName, []byte("content")) {
738	content = attrValue
739	}
740	if bytes.Equal(attrName, []byte("charset")) {
741	// exclude <meta charset="...">
742	return
743	}
744	}
745
746	out.Write([]byte("<meta"))
747	urlIndex := bytes.Index(bytes.ToLower(content), []byte("url="))
748	if bytes.Equal(http_equiv, []byte("refresh")) && urlIndex != -1 {
749	contentUrl := content[urlIndex+4:]
750	// special case of <meta http-equiv="refresh" content="0; url='example.com/url.with.quote.outside'">
751	if len(contentUrl) >= 2 && (contentUrl[0] == byte('\'') \|\| contentUrl[0] == byte('"')) {
752	if contentUrl[0] == contentUrl[len(contentUrl)-1] {
753	contentUrl = contentUrl[1 : len(contentUrl)-1]
754	}
755	}
756	// output proxify result
757	if uri, err := rc.ProxifyURI(contentUrl); err == nil {
758	fmt.Fprintf(out, ` http-equiv="refresh" content="%surl=%s"`, content[:urlIndex], uri)
759	}
760	} else {
761	if len(http_equiv) > 0 {
762	fmt.Fprintf(out, ` http-equiv="%s"`, http_equiv)
763	}
764	sanitizeAttrs(rc, out, attrs)
765	}
766	out.Write([]byte(">"))
767	}
768
769	func sanitizeAttrs(rc *RequestConfig, out io.Writer, attrs [][][]byte) {
770	for _, attr := range attrs {
771	sanitizeAttr(rc, out, attr[0], attr[1], attr[2])
772	}
773	}
774
775	func sanitizeAttr(rc *RequestConfig, out io.Writer, attrName, attrValue, escapedAttrValue []byte) {
776	if inArray(attrName, SAFE_ATTRIBUTES) {
777	fmt.Fprintf(out, " %s=\"%s\"", attrName, escapedAttrValue)
778	return
779	}
780	switch string(attrName) {
781	case "src", "href", "action":
782	if uri, err := rc.ProxifyURI(attrValue); err == nil {
783	fmt.Fprintf(out, " %s=\"%s\"", attrName, uri)
784	} else if DEBUG {
785	log.Println("cannot proxify uri:", string(attrValue))
786	}
787	case "style":
788	cssAttr := bytes.NewBuffer(nil)
789	sanitizeCSS(rc, cssAttr, attrValue)
790	fmt.Fprintf(out, " %s=\"%s\"", attrName, html.EscapeString(string(cssAttr.Bytes())))
791	}
792	}
793
794	func mergeURIs(u1, u2 url.URL) url.URL {
795	if u2 == nil {
796	return u1
797	}
798	return u1.ResolveReference(u2)
799	}
800
801	// Sanitized URI : removes all runes bellow 32 (included) as the begining and end of URI, and lower case the scheme.
802	// avoid memory allocation (except for the scheme)
803	func sanitizeURI(uri []byte) ([]byte, string) {
804	first_rune_index := 0
805	first_rune_seen := false
806	scheme_last_index := -1
807	buffer := bytes.NewBuffer(make([]byte, 0, 10))
808
809	// remove trailing space and special characters
810	uri = bytes.TrimRight(uri, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F\x20")
811
812	// loop over byte by byte
813	for i, c := range uri {
814	// ignore special characters and space (c <= 32)
815	if c > 32 {
816	// append to the lower case of the rune to buffer
817	if c < utf8.RuneSelf && 'A' <= c && c <= 'Z' {
818	c = c + 'a' - 'A'
819	}
820
821	buffer.WriteByte(c)
822
823	// update the first rune index that is not a special rune
824	if !first_rune_seen {
825	first_rune_index = i
826	first_rune_seen = true
827	}
828
829	if c == ':' {
830	// colon rune found, we have found the scheme
831	scheme_last_index = i
832	break
833	} else if c == '/' \|\| c == '?' \|\| c == '\\' \|\| c == '#' {
834	// special case : most probably a relative URI
835	break
836	}
837	}
838	}
839
840	if scheme_last_index != -1 {
841	// scheme found
842	// copy the "lower case without special runes scheme" before the ":" rune
843	scheme_start_index := scheme_last_index - buffer.Len() + 1
844	copy(uri[scheme_start_index:], buffer.Bytes())
845	// and return the result
846	return uri[scheme_start_index:], buffer.String()
847	} else {
848	// scheme NOT found
849	return uri[first_rune_index:], ""
850	}
851	}
852
853	func (rc *RequestConfig) ProxifyURI(uri []byte) (string, error) {
854	// sanitize URI
855	uri, scheme := sanitizeURI(uri)
856
857	// remove javascript protocol
858	if scheme == "javascript:" {
859	return "", nil
860	}
861
862	// TODO check malicious data: - e.g. data:script
863	if scheme == "data:" {
864	if bytes.HasPrefix(uri, []byte("data:image/png")) \|\|
865	bytes.HasPrefix(uri, []byte("data:image/jpeg")) \|\|
866	bytes.HasPrefix(uri, []byte("data:image/pjpeg")) \|\|
867	bytes.HasPrefix(uri, []byte("data:image/gif")) \|\|
868	bytes.HasPrefix(uri, []byte("data:image/webp")) {
869	// should be safe
870	return string(uri), nil
871	} else {
872	// unsafe data
873	return "", nil
874	}
875	}
876
877	// parse the uri
878	u, err := url.Parse(string(uri))
879	if err != nil {
880	return "", err
881	}
882
883	// get the fragment (with the prefix "#")
884	fragment := ""
885	if len(u.Fragment) > 0 {
886	fragment = "#" + u.Fragment
887	}
888
889	// reset the fragment: it is not included in the mortyurl
890	u.Fragment = ""
891
892	// merge the URI with the document URI
893	u = mergeURIs(rc.BaseURL, u)
894
895	// simple internal link ?
896	// some web pages describe the whole link https://same:auth@same.host/same.path?same.query#new.fragment
897	if u.Scheme == rc.BaseURL.Scheme &&
898	(rc.BaseURL.User == nil \|\| (u.User != nil && u.User.String() == rc.BaseURL.User.String())) &&
899	u.Host == rc.BaseURL.Host &&
900	u.Path == rc.BaseURL.Path &&
901	u.RawQuery == rc.BaseURL.RawQuery {
902	// the fragment is the only difference between the document URI and the uri parameter
903	return fragment, nil
904	}
905
906	// return full URI and fragment (if not empty)
907	morty_uri := u.String()
908
909	if rc.Key == nil {
910	return fmt.Sprintf("./?mortyurl=%s%s", url.QueryEscape(morty_uri), fragment), nil
911	}
912	return fmt.Sprintf("./?mortyhash=%s&mortyurl=%s%s", hash(morty_uri, rc.Key), url.QueryEscape(morty_uri), fragment), nil
913	}
914
915	func inArray(b []byte, a [][]byte) bool {
916	for _, b2 := range a {
917	if bytes.Equal(b, b2) {
918	return true
919	}
920	}
921	return false
922	}
923
924	func hash(msg string, key []byte) string {
925	mac := hmac.New(sha256.New, key)
926	mac.Write([]byte(msg))
927	return hex.EncodeToString(mac.Sum(nil))
928	}
929
930	func verifyRequestURI(uri, hashMsg, key []byte) bool {
931	h := make([]byte, hex.DecodedLen(len(hashMsg)))
932	_, err := hex.Decode(h, hashMsg)
933	if err != nil {
934	if DEBUG {
935	log.Println("hmac error:", err)
936	}
937	return false
938	}
939	mac := hmac.New(sha256.New, key)
940	mac.Write(uri)
941	return hmac.Equal(h, mac.Sum(nil))
942	}
943
944	func (p Proxy) serveExitMortyPage(ctx fasthttp.RequestCtx, uri *url.URL) {
945	ctx.SetContentType("text/html")
946	ctx.SetStatusCode(403)
947	ctx.Write([]byte(MORTY_HTML_PAGE_START))
948	ctx.Write([]byte("<h2>You are about to exit MortyProxy</h2>"))
949	ctx.Write([]byte("<p>Following</p><p><a href=\""))
950	ctx.Write([]byte(html.EscapeString(uri.String())))
951	ctx.Write([]byte("\" rel=\"noreferrer\">"))
952	ctx.Write([]byte(html.EscapeString(uri.String())))
953	ctx.Write([]byte("</a></p><p>the content of this URL will be <b>NOT</b> sanitized.</p>"))
954	ctx.Write([]byte(MORTY_HTML_PAGE_END))
955	}
956
957	func (p Proxy) serveMainPage(ctx fasthttp.RequestCtx, statusCode int, err error) {
958	ctx.SetContentType("text/html; charset=UTF-8")
959	ctx.SetStatusCode(statusCode)
960	ctx.Write([]byte(MORTY_HTML_PAGE_START))
961	if err != nil {
962	if DEBUG {
963	log.Println("error:", err)
964	}
965	ctx.Write([]byte("<h2>Error: "))
966	ctx.Write([]byte(html.EscapeString(err.Error())))
967	ctx.Write([]byte("</h2>"))
968	}
969	if p.Key == nil {
970	ctx.Write([]byte(`
971	<form action="post">
972	Visit url: <input placeholder="https://url.." name="mortyurl" autofocus />
973	<input type="submit" value="go" />
974	</form>`))
975	} else {
976	ctx.Write([]byte(`<h3>Warning! This instance does not support direct URL opening.</h3>`))
977	}
978	ctx.Write([]byte(MORTY_HTML_PAGE_END))
979	}
980
981	func main() {
982	default_listen_addr := os.Getenv("MORTY_ADDRESS")
983	if default_listen_addr == "" {
984	default_listen_addr = "127.0.0.1:3000"
985	}
986	default_key := os.Getenv("MORTY_KEY")
987	listen := flag.String("listen", default_listen_addr, "Listen address")
988	key := flag.String("key", default_key, "HMAC url validation key (base64 encoded) - leave blank to disable validation")
989	ipv6 := flag.Bool("ipv6", false, "Allow IPv6 HTTP requests")
990	version := flag.Bool("version", false, "Show version")
991	requestTimeout := flag.Uint("timeout", 2, "Request timeout")
992	flag.Parse()
993
994	if *version {
995	fmt.Println(VERSION)
996	return
997	}
998
999	if *ipv6 {
1000	CLIENT.Dial = fasthttp.DialDualStack
1001	}
1002
1003	p := &Proxy{RequestTimeout: time.Duration(requestTimeout) time.Second}
1004
1005	if *key != "" {
1006	var err error
1007	p.Key, err = base64.StdEncoding.DecodeString(*key)
1008	if err != nil {
1009	log.Fatal("Error parsing -key", err.Error())
1010	os.Exit(1)
1011	}
1012	}
1013
1014	log.Println("listening on", *listen)
1015
1016	if err := fasthttp.ListenAndServe(*listen, p.RequestHandler); err != nil {
1017	log.Fatal("Error in ListenAndServe:", err)
1018	}
1019	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: