Report cookies task (#44)

* Adds code to report cookies

Signed-off-by: karthikuj <[email protected]>

Author: karthikuj

.eslintrc.json

@@ -8,6 +8,7 @@
 		"project": [
 			"./tsconfig.json",
 			"./test/ContentScript/tsconfig.json",
+			"./test/Background/tsconfig.json",
 			"./__mocks__/tsconfig.json"
 		],
 		"sourceType": "module"

__mocks__/webextension-polyfill.ts

@@ -27,12 +27,36 @@ const Browser = {
     onMessage: {
       addListener: jest.fn(),
     },
+    onInstalled: {
+      addListener: jest.fn(),
+    },
   },
   storage: {
     sync: {
       get: mockStorageSyncGet,
     },
   },
+  cookies: {
+    onChanged: {
+      addListener: jest.fn(),
+    },
+    set: jest.fn().mockImplementation(() =>
+      Promise.resolve({
+        name: 'ZAP',
+        value: 'Proxy',
+        path: '/',
+        domain: 'example.com',
+      })
+    ),
+  },
+  action: {
+    onClicked: {
+      addListener: jest.fn(),
+    },
+  },
+  tabs: {
+    query: jest.fn(),
+  },
 };
 
 export default Browser;

source/Background/index.ts

@@ -18,7 +18,7 @@
  * limitations under the License.
  */
 import 'emoji-log';
-import Browser, {Runtime} from 'webextension-polyfill';
+import Browser, {Cookies, Runtime} from 'webextension-polyfill';
 import {ReportedStorage} from '../types/ReportedModel';
 import {ZestScript, ZestScriptMessage} from '../types/zestScript/ZestScript';
 
@@ -39,6 +39,105 @@ function zapApiUrl(zapurl: string, action: string): string {
   return `${zapurl}JSON/client/action/${action}/`;
 }
 
+function getUrlFromCookieDomain(domain: string): string {
+  return domain.startsWith('.')
+    ? `http://${domain.substring(1)}`
+    : `http://${domain}`;
+}
+
+function getCookieTabUrl(cookie: Cookies.Cookie): Promise<string> {
+  const getAllTabs = Browser.tabs.query({
+    currentWindow: true,
+  });
+  return new Promise((resolve, reject) => {
+    getAllTabs
+      .then((allTabs) => {
+        for (const tab of allTabs) {
+          if (tab.url) {
+            const getAllCookiesForTab = Browser.cookies.getAll({url: tab.url});
+            getAllCookiesForTab.then((cookies) => {
+              for (const c of cookies) {
+                if (
+                  c.name === cookie.name &&
+                  c.value === cookie.value &&
+                  c.domain === cookie.domain &&
+                  c.storeId === cookie.storeId
+                ) {
+                  resolve(
+                    tab.url ? tab.url : getUrlFromCookieDomain(cookie.domain)
+                  );
+                }
+              }
+            });
+          }
+        }
+      })
+      .catch((error) => {
+        console.error(`Could not fetch tabs: ${error.message}`);
+        reject(getUrlFromCookieDomain(cookie.domain));
+      });
+  });
+}
+
+function reportCookies(
+  cookie: Cookies.Cookie,
+  zapurl: string,
+  zapkey: string
+): boolean {
+  let cookieString = `${cookie.name}=${cookie.value}; path=${cookie.path}; domain=${cookie.domain}`;
+  if (cookie.expirationDate) {
+    cookieString = cookieString.concat(
+      `; expires=${new Date(cookie.expirationDate * 1000).toUTCString()}`
+    );
+  }
+  if (cookie.secure) {
+    cookieString = cookieString.concat(`; secure`);
+  }
+  if (cookie.sameSite === 'lax' || cookie.sameSite === 'strict') {
+    cookieString = cookieString.concat(`; SameSite=${cookie.sameSite}`);
+  }
+  if (cookie.httpOnly) {
+    cookieString = cookieString.concat(`; HttpOnly`);
+  }
+
+  getCookieTabUrl(cookie)
+    .then((cookieUrl) => {
+      const repStorage = new ReportedStorage(
+        'Cookies',
+        '',
+        cookie.name,
+        '',
+        cookieString,
+        cookieUrl
+      );
+      const repStorStr: string = repStorage.toShortString();
+      if (
+        !reportedStorage.has(repStorStr) &&
+        repStorage.url.startsWith('http')
+      ) {
+        const body = `objectJson=${encodeURIComponent(
+          repStorage.toString()
+        )}&apikey=${encodeURIComponent(zapkey)}`;
+
+        fetch(zapApiUrl(zapurl, 'reportObject'), {
+          method: 'POST',
+          body,
+          headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+          },
+        });
+
+        reportedStorage.add(repStorStr);
+      }
+    })
+    .catch((error) => {
+      console.log(error);
+      return false;
+    });
+
+  return true;
+}
+
 function handleMessage(
   request: MessageEvent,
   zapurl: string,
@@ -134,10 +233,24 @@ async function onMessageHandler(
   return Promise.resolve(val);
 }
 
+function cookieChangeHandler(
+  changeInfo: Cookies.OnChangedChangeInfoType
+): void {
+  Browser.storage.sync
+    .get({
+      zapurl: 'http://localhost:8080/',
+      zapkey: 'not set',
+    })
+    .then((items) => {
+      reportCookies(changeInfo.cookie, items.zapurl, items.zapkey);
+    });
+}
+
 Browser.action.onClicked.addListener((_tab: Browser.Tabs.Tab) => {
   Browser.runtime.openOptionsPage();
 });
 
+Browser.cookies.onChanged.addListener(cookieChangeHandler);
 Browser.runtime.onMessage.addListener(onMessageHandler);
 
 Browser.runtime.onInstalled.addListener((): void => {
@@ -147,3 +260,5 @@ Browser.runtime.onInstalled.addListener((): void => {
     zapkey: 'not set',
   });
 });
+
+export {reportCookies};

source/manifest.json

@@ -15,7 +15,8 @@
   "short_name": "OWASP ZAP",
 
   "permissions": [
-    "activeTab",
+    "tabs",
+    "cookies",
     "storage"
   ],
 

source/types/ReportedModel.ts

@@ -41,15 +41,16 @@ class ReportedObject {
     tagName: string,
     id: string,
     nodeName: string,
-    text: string | null
+    text: string | null,
+    url: string = window.location.href
   ) {
     this.timestamp = Date.now();
     this.type = type;
     this.tagName = tagName;
     this.id = id;
     this.nodeName = nodeName;
     this.text = text;
-    this.url = window.location.href;
+    this.url = url;
   }
 
   public toString(): string {
@@ -80,7 +81,12 @@ class ReportedObject {
 class ReportedStorage extends ReportedObject {
   public toShortString(): string {
     return JSON.stringify(this, function replacer(k: string, v: string) {
-      if (k === 'xpath' || k === 'url' || k === 'href' || k === 'timestamp') {
+      if (
+        k === 'xpath' ||
+        k === 'href' ||
+        k === 'timestamp' ||
+        (k === 'url' && !(this.type === 'cookies'))
+      ) {
         // Storage events are not time or URL specific
         return undefined;
       }

test/Background/tsconfig.json

@@ -0,0 +1,11 @@
+{
+    "extends": "../../tsconfig.json",
+    "compilerOptions": {
+      "esModuleInterop": true,
+      "module": "commonjs",
+      "outDir": "../dist"
+    },
+    "include": [
+      "**/*.test.ts"
+    ]
+}

test/Background/unitTests.test.ts

@@ -0,0 +1,61 @@
+/**
+ * @jest-environment jsdom
+ */
+/*
+ * Zed Attack Proxy (ZAP) and its related source files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2023 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import {TextEncoder, TextDecoder} from 'util';
+import * as src from '../../source/Background/index';
+
+console.log(src);
+console.log(TextEncoder);
+console.log(TextDecoder);
+
+jest.mock('webextension-polyfill');
+
+// These lines must appear before the JSDOM import
+global.TextEncoder = TextEncoder;
+global.TextDecoder = TextDecoder as typeof global.TextDecoder;
+
+// eslint-disable-next-line import/order,import/first
+import Browser from 'webextension-polyfill';
+
+test('Report storage', () => {
+  // Given
+
+  const setCookie = Browser.cookies.set({
+    url: 'https://www.example.com/',
+    name: 'ZAP',
+    value: 'Proxy',
+    domain: 'example.com',
+    path: '/',
+  });
+
+  setCookie.then((newCookie) => {
+    console.log(newCookie);
+    // When
+    const success = src.reportCookies(
+      newCookie,
+      'http://localhost:8080/',
+      'secretKey'
+    );
+    // Then
+    expect(success).toBe(true);
+  });
+});