Rename to hkt.sh

2026-03-21 01:10:53 +08:00
parent 76a263d0f9
commit 8f1171fe99
6676 changed files with 1724268 additions and 0 deletions
--- a/node_modules/puppeteer-extra-plugin-stealth/evasions/iframe.contentWindow/index.test.js
+++ b/node_modules/puppeteer-extra-plugin-stealth/evasions/iframe.contentWindow/index.test.js
@@ -0,0 +1,448 @@
+const test = require('ava')
+
+const {
+  getVanillaFingerPrint,
+  getStealthFingerPrint,
+  dummyHTMLPath,
+  vanillaPuppeteer,
+  addExtra
+} = require('../../test/util')
+// const Plugin = require('.')
+// NOTE: We're using the full plugin for testing here as `iframe.contentWindow` uses data set by `chrome.runtime`
+const Plugin = require('puppeteer-extra-plugin-stealth')
+
+// Fix CI issues with old versions
+const isOldPuppeteerVersion = () => {
+  const version = process.env.PUPPETEER_VERSION
+  const isOld = version && (version === '1.9.0' || version === '1.6.2')
+  return isOld
+}
+
+test('vanilla: will be undefined', async t => {
+  const { iframeChrome } = await getVanillaFingerPrint()
+  t.is(iframeChrome, 'undefined')
+})
+
+test('stealth: will be object', async t => {
+  const { iframeChrome } = await getStealthFingerPrint(Plugin)
+  t.is(iframeChrome, 'object')
+})
+
+test('stealth: will not break iframes', async t => {
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  const testFuncReturnValue = 'TESTSTRING'
+  await page.evaluate(returnValue => {
+    const { document } = window // eslint-disable-line
+    const body = document.querySelector('body')
+    const iframe = document.createElement('iframe')
+    body.srcdoc = 'foobar'
+    body.appendChild(iframe)
+    iframe.contentWindow.mySuperFunction = () => returnValue
+  }, testFuncReturnValue)
+  const realReturn = await page.evaluate(
+    () => document.querySelector('iframe').contentWindow.mySuperFunction() // eslint-disable-line
+  )
+  await browser.close()
+
+  t.is(realReturn, 'TESTSTRING')
+})
+
+test('vanilla: will not have contentWindow[0]', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  const zero = await page.evaluate(returnValue => {
+    const { document } = window // eslint-disable-line
+    const body = document.querySelector('body')
+    const iframe = document.createElement('iframe')
+    iframe.srcdoc = 'foobar'
+    body.appendChild(iframe)
+    return typeof iframe.contentWindow[0]
+  })
+  await browser.close()
+
+  t.is(zero, 'undefined')
+})
+
+test('stealth: will not have contentWindow[0]', async t => {
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  const zero = await page.evaluate(returnValue => {
+    const { document } = window // eslint-disable-line
+    const body = document.querySelector('body')
+    const iframe = document.createElement('iframe')
+    iframe.srcdoc = 'foobar'
+    body.appendChild(iframe)
+    return typeof iframe.contentWindow[0]
+  })
+  await browser.close()
+
+  t.is(zero, 'undefined')
+})
+
+test('vanilla: will not have chrome runtine in any frame', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  await page.goto('file://' + dummyHTMLPath)
+
+  const basiciframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const sandboxSOiframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.setAttribute('sandbox', 'allow-same-origin')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const sandboxSOASiframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.setAttribute('sandbox', 'allow-same-origin allow-scripts')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const srcdociframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.srcdoc = 'blank page, boys.'
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  // console.log('basic iframe', basiciframe)
+  // console.log('sandbox same-origin iframe', sandboxSOiframe)
+  // console.log('sandbox same-origin&scripts iframe', sandboxSOASiframe)
+  // console.log('srcdoc iframe', srcdociframe)
+
+  await browser.close()
+
+  t.is(typeof basiciframe, 'undefined')
+  t.is(typeof sandboxSOiframe, 'undefined')
+  t.is(typeof sandboxSOASiframe, 'undefined')
+  t.is(typeof srcdociframe, 'undefined')
+})
+
+test('stealth: it will cover all frames including srcdoc', async t => {
+  // const browser = await vanillaPuppeteer.launch({ headless: false })
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  await page.goto('file://' + dummyHTMLPath)
+
+  const basiciframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const sandboxSOiframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.setAttribute('sandbox', 'allow-same-origin')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const sandboxSOASiframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.setAttribute('sandbox', 'allow-same-origin allow-scripts')
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  const srcdociframe = await page.evaluate(() => {
+    const el = document.createElement('iframe')
+    el.srcdoc = 'blank page, boys.'
+    document.body.appendChild(el)
+    return el.contentWindow.chrome
+  })
+
+  // console.log('basic iframe', basiciframe)
+  // console.log('sandbox same-origin iframe', sandboxSOiframe)
+  // console.log('sandbox same-origin&scripts iframe', sandboxSOASiframe)
+  // console.log('srcdoc iframe', srcdociframe)
+
+  await browser.close()
+
+  if (isOldPuppeteerVersion()) {
+    t.is(typeof basiciframe, 'object')
+  } else {
+    t.is(typeof basiciframe, 'object')
+    t.is(typeof sandboxSOiframe, 'object')
+    t.is(typeof sandboxSOASiframe, 'object')
+    t.is(typeof srcdociframe, 'object')
+  }
+})
+
+test('vanilla: will allow to define property contentWindow', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  const iframe = await page.evaluate(() => {
+    const { document } = window // eslint-disable-line
+    const iframe = document.createElement('iframe')
+    iframe.srcdoc = 'foobar'
+    return Object.defineProperty(iframe, 'contentWindow', { value: 'baz' })
+  })
+  await browser.close()
+
+  t.is(typeof iframe, 'object')
+})
+
+// test('stealth: will allow to define property contentWindow', async t => {
+//   const browser = await addExtra(vanillaPuppeteer)
+//     .use(Plugin())
+//     .launch({ headless: true })
+//   const page = await browser.newPage()
+
+//   const iframe = await page.evaluate(() => {
+//     const { document } = window // eslint-disable-line
+//     const iframe = document.createElement('iframe')
+//     iframe.srcdoc = 'foobar'
+//     return Object.defineProperty(iframe, 'contentWindow', { value: 'baz' })
+//   })
+//   await browser.close()
+
+//   t.is(typeof iframe, 'object')
+// })
+
+test('vanilla: will return undefined for getOwnPropertyDescriptor of contentWindow', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  const iframe = await page.evaluate(() => {
+    const { document } = window // eslint-disable-line
+    const iframe = document.createElement('iframe')
+    iframe.srcdoc = 'foobar'
+    return Object.getOwnPropertyDescriptor(iframe, 'contentWindow')
+  })
+  await browser.close()
+
+  t.is(iframe, undefined)
+})
+
+// test('stealth: will return undefined for getOwnPropertyDescriptor of contentWindow', async t => {
+//   const browser = await addExtra(vanillaPuppeteer)
+//     .use(Plugin())
+//     .launch({ headless: true })
+//   const page = await browser.newPage()
+
+//   const iframe = await page.evaluate(() => {
+//     const { document } = window // eslint-disable-line
+//     const iframe = document.createElement('iframe')
+//     iframe.srcdoc = 'foobar'
+//     return Object.getOwnPropertyDescriptor(iframe, 'contentWindow')
+//   })
+//   await browser.close()
+
+//   t.is(iframe, undefined)
+// })
+
+/* global HTMLIFrameElement */
+test('stealth: it will emulate advanved contentWindow features correctly', async t => {
+  // const browser = await vanillaPuppeteer.launch({ headless: false })
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  await page.goto('file://' + dummyHTMLPath)
+
+  // page.on('console', msg => {
+  //   console.log('Page console: ', msg.text())
+  // })
+
+  const results = await page.evaluate(() => {
+    const results = {}
+
+    const iframe = document.createElement('iframe')
+    iframe.srcdoc = 'page intentionally left blank' // Note: srcdoc
+    document.body.appendChild(iframe)
+
+    const basicIframe = document.createElement('iframe')
+    basicIframe.src = 'data:text/plain;charset=utf-8,foobar'
+    document.body.appendChild(iframe)
+
+    results.descriptors = (() => {
+      // Verify iframe prototype isn't touched
+      const descriptors = Object.getOwnPropertyDescriptors(
+        HTMLIFrameElement.prototype
+      )
+      return descriptors.contentWindow.get.toString()
+    })()
+
+    results.noProxySignature = (() => {
+      return iframe.srcdoc.toString.hasOwnProperty('[[IsRevoked]]') // eslint-disable-line
+    })()
+
+    results.doesExist = (() => {
+      // Verify iframe isn't remapped to main window
+      return !!iframe.contentWindow
+    })()
+
+    results.isNotAClone = (() => {
+      // Verify iframe isn't remapped to main window
+      return iframe.contentWindow !== window
+    })()
+
+    results.hasPlugins = (() => {
+      return iframe.contentWindow.navigator.plugins.length > 0
+    })()
+
+    results.hasSameNumberOfPlugins = (() => {
+      return (
+        window.navigator.plugins.length ===
+        iframe.contentWindow.navigator.plugins.length
+      )
+    })()
+
+    results.SelfIsNotWindow = (() => {
+      return iframe.contentWindow.self !== window
+    })()
+
+    results.SelfIsNotWindowTop = (() => {
+      return iframe.contentWindow.self !== window.top
+    })()
+
+    results.TopIsNotSame = (() => {
+      return iframe.contentWindow.top !== iframe.contentWindow
+    })()
+
+    results.FrameElementMatches = (() => {
+      return iframe.contentWindow.frameElement === iframe
+    })()
+
+    results.StackTraces = (() => {
+      try {
+        // eslint-disable-next-line
+        document['createElement'](0)
+      } catch (e) {
+        return e.stack
+      }
+      return false
+    })()
+
+    return results
+  })
+
+  await browser.close()
+
+  if (isOldPuppeteerVersion()) {
+    t.true(true)
+    return
+  }
+
+  t.is(results.descriptors, 'function get contentWindow() { [native code] }')
+  t.true(results.doesExist)
+  t.true(results.isNotAClone)
+  t.true(results.hasPlugins)
+  t.true(results.hasSameNumberOfPlugins)
+  t.true(results.SelfIsNotWindow)
+  t.true(results.SelfIsNotWindowTop)
+  t.true(results.TopIsNotSame)
+  t.false(results.StackTraces.includes(`at Object.apply`))
+})
+
+test('regression: new method will not break hcaptcha', async t => {
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  page.waitForTimeout = page.waitForTimeout || page.waitFor
+
+  await page.goto('https://democaptcha.com/demo-form-eng/hcaptcha.html', {
+    waitUntil: 'networkidle2'
+  })
+  await page.evaluate(() => {
+    window.hcaptcha.execute()
+  })
+  await page.waitForTimeout(2 * 1000)
+  const { hasChallengePopup } = await page.evaluate(() => {
+    const hasChallengePopup = !!document.querySelectorAll(
+      `div[style*='visible'] iframe[title*='hCaptcha challenge']`
+    ).length
+    return { hasChallengePopup }
+  })
+  await browser.close()
+  t.true(hasChallengePopup)
+})
+
+test('regression: new method will not break recaptcha popup', async t => {
+  // const browser = await vanillaPuppeteer.launch({ headless: false })
+  const browser = await addExtra(vanillaPuppeteer)
+    .use(Plugin())
+    .launch({ headless: true })
+  const page = await browser.newPage()
+
+  page.waitForTimeout = page.waitForTimeout || page.waitFor
+
+  await page.goto('https://www.fbdemo.com/invisible-captcha/index.html', {
+    waitUntil: 'networkidle2'
+  })
+
+  await page.type('#tswname', 'foo')
+  await page.type('#tswemail', 'foo@foo.foo')
+  await page.type(
+    '#tswcomments',
+    'In the depth of winter, I finally learned that within me there lay an invincible summer.'
+  )
+  await page.click('#tswsubmit')
+  await page.waitForTimeout(1000)
+  const { hasRecaptchaPopup } = await page.evaluate(() => {
+    const hasRecaptchaPopup = !!document.querySelectorAll(
+      `iframe[title*="recaptcha challenge"]`
+    ).length
+    return { hasRecaptchaPopup }
+  })
+  await browser.close()
+  t.true(hasRecaptchaPopup)
+})
+
+test('regression: old method indeed did break recaptcha popup', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  page.waitForTimeout = page.waitForTimeout || page.waitFor
+  // Old method
+  await page.evaluateOnNewDocument(() => {
+    // eslint-disable-next-line
+    Object.defineProperty(HTMLIFrameElement.prototype, 'contentWindow', {
+      get: function() {
+        return window
+      }
+    })
+  })
+  await page.goto('https://www.fbdemo.com/invisible-captcha/index.html', {
+    waitUntil: 'networkidle2'
+  })
+  await page.type('#tswname', 'foo')
+  await page.type('#tswemail', 'foo@foo.foo')
+  await page.type(
+    '#tswcomments',
+    'In the depth of winter, I finally learned that within me there lay an invincible summer.'
+  )
+  await page.click('#tswsubmit')
+  await page.waitForTimeout(1000)
+
+  const { hasRecaptchaPopup } = await page.evaluate(() => {
+    const hasRecaptchaPopup = !!document.querySelectorAll(
+      `iframe[title*="recaptcha challenge"]`
+    ).length
+    return { hasRecaptchaPopup }
+  })
+  await browser.close()
+  t.false(hasRecaptchaPopup)
+})