From 0118d671769109dbbdfbbe9e27ce0da3dc07887a Mon Sep 17 00:00:00 2001
From: Nils Maier <maierman@web.de>
Date: Thu, 20 Nov 2014 08:43:10 +0100
Subject: [PATCH] Refine api leak check whitelist

---
 extension/modules/api.js                      |  4 ++-
 .../commonjs/security/api-check-filenames.js  | 27 ++++++++++++++-----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/extension/modules/api.js b/extension/modules/api.js
index 30e8b12a..ce286aba 100644
--- a/extension/modules/api.js
+++ b/extension/modules/api.js
@@ -19,8 +19,10 @@ lazyImport(this, "resource://scriptish/api/GM_xmlhttpRequester.js", ["GM_xmlhttp
 lazyImport(this, "resource://scriptish/api/GM_Resources.js", ["GM_Resources"]);
 lazyImport(this, "resource://scriptish/api/GM_setClipboard.js", ["GM_setClipboard"]);
 
-const { add, check } = jetpack('scriptish/security/api-check-filenames');
+const { add, addPrefix, check } = jetpack('scriptish/security/api-check-filenames');
 add(Components.stack.filename);
+addPrefix("resource://gre/modules/");
+addPrefix("resource://gre/components/");
 
 const NS_XHTML = "http://www.w3.org/1999/xhtml";
 const DOLITTLE = function(){};
diff --git a/extension/modules/commonjs/security/api-check-filenames.js b/extension/modules/commonjs/security/api-check-filenames.js
index 1fc4c581..b0ebcfb1 100644
--- a/extension/modules/commonjs/security/api-check-filenames.js
+++ b/extension/modules/commonjs/security/api-check-filenames.js
@@ -1,19 +1,32 @@
 "use strict";
 
+let compiled = null;
 let filenames = [];
+let prefixes = [];
+
+const escapeRegex = string => string.replace(/([.*+?^${}()|\[\]\/\\])/g, "\\$1");
+
+function compile() {
+  let rv = filenames.map(e => "^" + escapeRegex(e) + "$").
+           concat(prefixes.map(e => "^" + escapeRegex(e))).
+           join("|");
+  compiled = new RegExp(rv);
+}
 
 function add(filename) {
   filenames.push(filename);
-  return;
+  compile();
 }
 exports.add = add;
 
+let prefixes = [];
+function addPrefix(prefix) {
+  prefixes.push(prefix);
+  compile();
+}
+exports.addPrefix = addPrefix;
+
 function check(filename) {
-  for (let i = filenames.length - 1; i >= 0; i--) {
-  	if (filenames[i] == filename) {
-  	  return true;
-  	}
-  }
-  return false;
+  return compiled.test(filename);
 }
 exports.check = check;