From: Georgios Kontaxis Date: Mon, 22 Aug 2016 18:48:24 +0000 (-0400) Subject: Account for entries missing the 'force-https' mode. X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=3b4231d75c277f01d76584057055d7dfad405932;p=hstsPreloadChromium.git Account for entries missing the 'force-https' mode. --- diff --git a/Makefile b/Makefile index 537424a..3a31c3c 100644 --- a/Makefile +++ b/Makefile @@ -2,11 +2,11 @@ all: db.sqlite3 -chromium_hsts_list.dat: +transport_security_state_static: bash get_list.sh -db.sqlite3: chromium_hsts_list.dat +db.sqlite3: transport_security_state_static python makedb.py clean: - rm -i chromium_hsts_list.dat db.sqlite3 + rm -i transport_security_state_static db.sqlite3 diff --git a/get_list.sh b/get_list.sh index e0aa7a8..289db15 100644 --- a/get_list.sh +++ b/get_list.sh @@ -4,4 +4,4 @@ URL="https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT" curl -L "${URL}" | base64 --decode | - egrep -v "^([ ]*\/\/|$)" > "chromium_hsts_list.dat"; + egrep -v "^([ ]*\/\/|$)" > "transport_security_state_static"; diff --git a/hstsPreloadChromium.py b/hstsPreloadChromium.py index b87ca70..65d06a9 100755 --- a/hstsPreloadChromium.py +++ b/hstsPreloadChromium.py @@ -29,6 +29,7 @@ class hstsPreloadChromium: def __init__(self, dbPath): conn = sqlite3.connect(dbpath) + conn.row_factory = sqlite3.Row conn.text_factory = str self._dbConnCursor = conn.cursor() @@ -38,16 +39,18 @@ class hstsPreloadChromium: for hostname in entries: self.verbose and print("hsts '%s' : " % hostname, end="") - self._dbConnCursor.execute('SELECT domain from hsts where domain=?', + self._dbConnCursor.execute('SELECT name,mode from entries where name=?', (hostname,)) match = self._dbConnCursor.fetchone() if match: + self.verbose and print("HIT") + if match["mode"] != "force-https": + continue hits.append(hostname) - self.verbose and print("TRUE") continue # Lookup was a miss. - self.verbose and print("FALSE") + self.verbose and print("MISS") # Look for ever shorter wildcards. labels = hostname.strip(".").split(".") @@ -57,16 +60,18 @@ class hstsPreloadChromium: self.verbose and print("hsts '%s' : " % hsts_wild, end="") - self._dbConnCursor.execute('SELECT domain from hsts where domain=?', + self._dbConnCursor.execute('SELECT name,mode from entries where name=?', (hsts_wild,)) match = self._dbConnCursor.fetchone() if match: + self.verbose and print("HIT") + if match["mode"] != "force-https": + break hits.append(hostname) - self.verbose and print("TRUE") break # Wildcard lookup was a miss. - self.verbose and print("FALSE") + self.verbose and print("MISS") return hits diff --git a/makedb.py b/makedb.py index 5978966..b7cc2c6 100644 --- a/makedb.py +++ b/makedb.py @@ -15,23 +15,24 @@ import time dirname = os.path.dirname(sys.argv[0]) -# Populate hsts records array -hsts = [] +# Populate entries array +entries = [] -f = file(os.path.join(dirname, "chromium_hsts_list.dat"), "r") +f = file(os.path.join(dirname, "transport_security_state_static"), "r") j = json.loads(f.read()) f.close() for entry in j["entries"]: - if not "mode" in entry or entry["mode"] != "force-https": - continue # We expect a name. if not "name" in entry: continue - hsts.append((entry["name"],)) + mode = "" + if "mode" in entry: + mode = entry["mode"] + entries.append((entry["name"],mode)) if not "include_subdomains" in entry or entry["include_subdomains"] != True: continue - hsts.append(("*.%s" % entry["name"],)) + entries.append(("*.%s" % entry["name"],mode)) # Make it happen conn = sqlite3.connect("db.sqlite3") @@ -44,15 +45,15 @@ c.execute("SELECT name FROM sqlite_master WHERE type='table' AND name=?", match = c.fetchone() if not match: c.execute("CREATE TABLE last_generated (epoch integer);") - c.execute("CREATE TABLE hsts (domain text);") - c.execute("CREATE INDEX hsts_domain on hsts (domain);") + c.execute("CREATE TABLE entries (name text, mode text);") + c.execute("CREATE INDEX name on entries (name);") c.execute('DELETE FROM last_generated'); c.execute('INSERT INTO last_generated VALUES(?)', (str(int(time.time())),)) -c.execute('DELETE FROM hsts'); -c.executemany('INSERT INTO hsts VALUES (?)', hsts) +c.execute('DELETE FROM entries'); +c.executemany('INSERT INTO entries VALUES (?,?)', entries) conn.commit() conn.close()