0ct0pu5/bromite
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fingerprinting mitigations for SVGGraphicsElement

Browse source 
Shift or scale value for getBBoxFromJavascript, getComputedTextLength,
getSubStringLength, getStartPositionOfChar getEndPositionOfChar,
getExtentOfChar api calls by random data
This commit is contained in:
Carmelo Messina 2022-02-16 17:43:03 +01:00
parent e322916d1d
commit 99ceb81f6b
No known key found for this signature in database
GPG key ID: 968894BE688289FD
1 changed files with 81 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
build/patches/Multiple-fingerprinting-mitigations.patch
View file

@ -19,6 +19,12 @@ ToDataURL and getImageData so that it will contain randomly manipulated
pixels (maximum 20) that slightly change the color of the R,G,B components
without a visible effect.
3. SVG: fingerprinting mitigations for SVGGraphicsElement
Shift or scale value for getBBoxFromJavascript, getComputedTextLength,
getSubStringLength, getStartPositionOfChar getEndPositionOfChar,
getExtentOfChar api calls by random data
Credits to Slaviro (https://github.com/Slaviro) for coming up with a better
approach to change color components.
@ -37,6 +43,8 @@ Added flag --fingerprinting-canvas-image-data-noise to disable Canvas image data
third_party/blink/renderer/core/dom/range.cc | 12 +-
.../renderer/core/html/canvas/text_metrics.cc | 18 ++
.../renderer/core/html/canvas/text_metrics.h | 2 +
.../renderer/core/svg/svg_graphics_element.cc | 2 +
.../core/svg/svg_text_content_element.cc | 18 +-
.../canvas2d/base_rendering_context_2d.cc | 5 +
.../canvas2d/canvas_rendering_context_2d.cc | 8 +-
third_party/blink/renderer/platform/BUILD.gn | 5 +-
@ -48,7 +56,7 @@ Added flag --fingerprinting-canvas-image-data-noise to disable Canvas image data
third_party/ungoogled/BUILD.gn | 10 ++
third_party/ungoogled/ungoogled_switches.cc | 18 ++
third_party/ungoogled/ungoogled_switches.h | 18 ++
24 files changed, 346 insertions(+), 3 deletions(-)
26 files changed, 362 insertions(+), 7 deletions(-)
create mode 100644 third_party/ungoogled/BUILD.gn
create mode 100644 third_party/ungoogled/ungoogled_switches.cc
create mode 100644 third_party/ungoogled/ungoogled_switches.h
@ -332,6 +340,78 @@ diff --git a/third_party/blink/renderer/core/html/canvas/text_metrics.h b/third_
private:
void Update(const Font&,
const TextDirection&,
diff --git a/third_party/blink/renderer/core/svg/svg_graphics_element.cc b/third_party/blink/renderer/core/svg/svg_graphics_element.cc
--- a/third_party/blink/renderer/core/svg/svg_graphics_element.cc
+++ b/third_party/blink/renderer/core/svg/svg_graphics_element.cc
@@ -193,6 +193,8 @@ SVGRectTearOff* SVGGraphicsElement::getBBoxFromJavascript() {
if (layout_object->IsSVGText() || layout_object->IsSVGInline())
UseCounter::Count(GetDocument(), WebFeature::kGetBBoxForText);
+
+ bounding_box.Scale(GetDocument().GetNoiseFactorX(), GetDocument().GetNoiseFactorY());
}
return SVGRectTearOff::CreateDetached(bounding_box);
}
diff --git a/third_party/blink/renderer/core/svg/svg_text_content_element.cc b/third_party/blink/renderer/core/svg/svg_text_content_element.cc
--- a/third_party/blink/renderer/core/svg/svg_text_content_element.cc
+++ b/third_party/blink/renderer/core/svg/svg_text_content_element.cc
@@ -117,11 +117,14 @@ float SVGTextContentElement::getComputedTextLength() {
GetDocument().UpdateStyleAndLayoutForNode(this,
DocumentUpdateReason::kJavaScript);
auto* layout_object = GetLayoutObject();
+ float value = 0;
if (IsNGTextOrInline(layout_object)) {
NGSvgTextQuery query(*layout_object);
- return query.SubStringLength(0, query.NumberOfCharacters());
+ value = query.SubStringLength(0, query.NumberOfCharacters());
+ } else {
+ value = SVGTextQuery(layout_object).TextLength();
}
- return SVGTextQuery(layout_object).TextLength();
+ return value * GetDocument().GetNoiseFactorX();
}
float SVGTextContentElement::getSubStringLength(
@@ -144,9 +147,12 @@ float SVGTextContentElement::getSubStringLength(
nchars = number_of_chars - charnum;
auto* layout_object = GetLayoutObject();
+ float value = 0;
if (IsNGTextOrInline(layout_object))
- return NGSvgTextQuery(*layout_object).SubStringLength(charnum, nchars);
- return SVGTextQuery(layout_object).SubStringLength(charnum, nchars);
+ value = NGSvgTextQuery(*layout_object).SubStringLength(charnum, nchars);
+ else
+ value = SVGTextQuery(layout_object).SubStringLength(charnum, nchars);
+ return value * GetDocument().GetNoiseFactorX();
}
SVGPointTearOff* SVGTextContentElement::getStartPositionOfChar(
@@ -170,6 +176,7 @@ SVGPointTearOff* SVGTextContentElement::getStartPositionOfChar(
} else {
point = SVGTextQuery(layout_object).StartPositionOfCharacter(charnum);
}
+ point.Scale(GetDocument().GetNoiseFactorX(), GetDocument().GetNoiseFactorY());
return SVGPointTearOff::CreateDetached(point);
}
@@ -194,6 +201,7 @@ SVGPointTearOff* SVGTextContentElement::getEndPositionOfChar(
} else {
point = SVGTextQuery(layout_object).EndPositionOfCharacter(charnum);
}
+ point.Scale(GetDocument().GetNoiseFactorX(), GetDocument().GetNoiseFactorY());
return SVGPointTearOff::CreateDetached(point);
}
@@ -218,6 +226,8 @@ SVGRectTearOff* SVGTextContentElement::getExtentOfChar(
} else {
rect = SVGTextQuery(layout_object).ExtentOfCharacter(charnum);
}
+
+ rect.Scale(GetDocument().GetNoiseFactorX(), GetDocument().GetNoiseFactorY());
return SVGRectTearOff::CreateDetached(rect);
}
diff --git a/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc b/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc
--- a/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc
+++ b/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc