uBlockOrigin / uBlock-issues

This is the community-maintained issue tracker for uBlock Origin
https://github.com/gorhill/uBlock
943 stars 80 forks source link

`!#if`-`!#else`-`!#endif` issue with unknown preprocessing tokens #3393

Closed nicolas-yangli closed 1 month ago

nicolas-yangli commented 1 month ago

Prerequisites

URL(s) where the issue occurs.

https://mikewang000000.github.io/ClashScan/

Description

The provided URL is a demo to fingerprint by scaning open ports on 127.0.0.1. When using a SOCKS5 proxy and also proxy DNS queries, the filter is not able to block access to 127.0.0.1.

I think this is related to this part in the filter list:

!#if cap_ipaddress
! https://github.com/uBlockOrigin/uBlock-issues/issues/1070#issuecomment-707237653
! https://github.com/uBlockOrigin/uBlock-discussions/discussions/910
*$3p,strict3p,ipaddress=lan,domain=~localhost|~127.0.0.1|~[::1]|~0.0.0.0|~[::]|~local
!#else

I tried copying /^\w+:\/\/127\.(?:(?:[1-9]?\d|1\d\d|2(?:[0-4]\d|5[0-5]))\.){2}(?:[1-9]?\d|1\d\d|2(?:[0-4]\d|5[0-5]))[:/]/$3p,domain=~localhost|~127.0.0.1|~[::1]|~0.0.0.0|~[::]|~local to custom filter list, without guarded by #if cap_ipaddress, it blocks access to 127.0.0.1.

Other extensions used

Screenshot(s)

Screenshot(s) ![图片](https://github.com/user-attachments/assets/6f2c6280-4c8b-4496-9e0b-0eedd34699ff)

Configuration

Details ```yaml uBlock Origin: 1.59.0 Firefox: 130 filterset (summary): network: 167781 cosmetic: 72141 scriptlet: 21520 html: 1999 listset (total-discarded, last-updated): added: adguard-spyware-url: 1720-126, 1d.22h.9m block-lan: 62-0, 31m JPN-1: 15175-84, 3d.15h.53m default: user-filters: 9-0, never ublock-filters: 40547-138, 1h.17m Δ ublock-badware: 11173-6, 1h.17m Δ ublock-privacy: 1254-22, 1h.17m Δ ublock-unbreak: 2538-1, 1h.17m Δ ublock-quick-fixes: 139-8, 1h.17m Δ easylist: 85567-184, 1h.17m Δ easyprivacy: 53111-64, 1h.17m Δ urlhaus-1: 25255-0, 20h.59m plowe-0: 3546-993, 20h.58m CHN-0: 25223-102, 1d.22h.9m filterset (user): [array of 9 redacted] userSettings: advancedUserEnabled: true hiddenSettings: [none] supportStats: allReadyAfter: 287 ms (selfie) maxAssetCacheWait: 46 ms cacheBackend: indexedDB popupPanel: blocked: 0 ```
stephenhawk8054 commented 1 month ago

I think it's more related to uBlock-issues repo. I'll transfer to that.

gorhill commented 1 month ago

The issue is not really related to using SOCKS5 proxies, it's a !#if-!#else-!#endif preprocessing issue.

When !#if is used with an unknown token, the intended behavior is to discard the preprocessing directives and to not ignore filters in the preprocessing block. However I see there is an issue now which is that the !#else block is not ignored and its content is discarded.

For example, the following should not cause all webpages to be blocked:

!#if cap_ipaddress
*$doc
!#else
@@*$doc
!#endif

But it does because @@*$doc is discarded, while it should not because cap_ipaddress is unknown token in 1.59.0. This needs to be fixed.

Meanwhile the conditional can be rewritten in the form:

!#if cap_ipaddress
*$doc
!#endif
!#if !cap_ipaddress
@@*$doc
!#endif

... to address the issue in the list until there is a fix in uBO itself.

gorhill commented 1 month ago

Test page: https://example.com/.

Unknown token, should not block -- was erroneously blocking before fix:

!#if huh
*$doc
!#else
@@*$doc
!#endif

Unknown token, should block -- was erroneously not blocking before fix:

!#if huh
!#else
*$doc
!#endif