github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/pvl/interp.go (about)

     1  // Copyright 2016 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package pvl
     5  
     6  import (
     7  	"bytes"
     8  	b64 "encoding/base64"
     9  	"fmt"
    10  	"net/url"
    11  	"regexp"
    12  	"strings"
    13  
    14  	"net"
    15  
    16  	"github.com/PuerkitoBio/goquery"
    17  	"github.com/keybase/client/go/jsonhelpers"
    18  	libkb "github.com/keybase/client/go/libkb"
    19  	keybase1 "github.com/keybase/client/go/protocol/keybase1"
    20  	jsonw "github.com/keybase/go-jsonw"
    21  	"github.com/miekg/dns"
    22  )
    23  
    24  // SupportedVersion is which version of PVL is supported by this client.
    25  const SupportedVersion int = 1
    26  
    27  // state of execution in a script
    28  // copies of a scriptState will point to the same internal mutable data, so be careful
    29  type scriptState struct {
    30  	WhichScript int
    31  	PC          int
    32  	Service     keybase1.ProofType
    33  	Regs        namedRegsStore
    34  	Sig         []byte
    35  	HasFetched  bool
    36  	// nil until fetched
    37  	FetchResult *fetchResult
    38  }
    39  
    40  type fetchResult struct {
    41  	fetchMode fetchMode
    42  	// One of these 3 must be filled.
    43  	String string
    44  	HTML   *goquery.Document
    45  	JSON   *jsonw.Wrapper
    46  }
    47  
    48  type regexDescriptor struct {
    49  	Template        string
    50  	CaseInsensitive bool
    51  	MultiLine       bool
    52  }
    53  
    54  type fetchMode string
    55  
    56  const (
    57  	fetchModeJSON   fetchMode = "json"
    58  	fetchModeHTML   fetchMode = "html"
    59  	fetchModeString fetchMode = "string"
    60  	fetchModeDNS    fetchMode = "dns"
    61  )
    62  
    63  type commandName string
    64  
    65  const (
    66  	cmdAssertRegexMatch    commandName = "assert_regex_match"
    67  	cmdAssertFindBase64    commandName = "assert_find_base64"
    68  	cmdAssertCompare       commandName = "assert_compare"
    69  	cmdWhitespaceNormalize commandName = "whitespace_normalize"
    70  	cmdRegexCapture        commandName = "regex_capture"
    71  	cmdReplaceAll          commandName = "replace_all"
    72  	cmdParseURL            commandName = "parse_url"
    73  	cmdFetch               commandName = "fetch"
    74  	cmdParseHTML           commandName = "parse_html"
    75  	cmdSelectorJSON        commandName = "selector_json"
    76  	cmdSelectorCSS         commandName = "selector_css"
    77  	cmdFill                commandName = "fill"
    78  )
    79  
    80  type stateMaker func(int) (scriptState, libkb.ProofError)
    81  
    82  // ProofInfo contains all the data about a proof PVL needs to check it.
    83  // It can be derived from a RemoteProofChainLink and SigHint.
    84  type ProofInfo struct {
    85  	ArmoredSig     string
    86  	Username       string
    87  	RemoteUsername string
    88  	Hostname       string
    89  	Protocol       string
    90  	APIURL         string
    91  	stubDNS        *stubDNSEngine
    92  }
    93  
    94  // NewProofInfo creates a new ProofInfo
    95  func NewProofInfo(link libkb.RemoteProofChainLink, h libkb.SigHint) ProofInfo {
    96  	return ProofInfo{
    97  		ArmoredSig:     link.GetArmoredSig(),
    98  		RemoteUsername: link.GetRemoteUsername(),
    99  		Username:       link.GetUsername(),
   100  		Hostname:       link.GetHostname(),
   101  		Protocol:       link.GetProtocol(),
   102  		APIURL:         h.GetAPIURL(),
   103  	}
   104  }
   105  
   106  // CheckProof verifies one proof by running the pvl on the provided proof information.
   107  func CheckProof(m libkb.MetaContext, pvlS string, service keybase1.ProofType, info ProofInfo) libkb.ProofError {
   108  	m1 := newMetaContext(m, info.stubDNS)
   109  	perr := checkProofInner(m1, pvlS, service, info)
   110  	if perr != nil {
   111  		debug(m1, "CheckProof failed: %v", perr)
   112  	}
   113  	if perr != nil && perr.GetProofStatus() == keybase1.ProofStatus_INVALID_PVL {
   114  		return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   115  			"Invalid proof verification instructions! Let us know at https://github.com/keybase/keybase-issues/new")
   116  	}
   117  	return perr
   118  }
   119  
   120  func checkProofInner(m metaContext, pvlS string, service keybase1.ProofType, info ProofInfo) libkb.ProofError {
   121  	pvl, err := parse(pvlS)
   122  	if err != nil {
   123  		if strings.Contains(err.Error(), "cannot unmarshal string into Go struct") && strings.Contains(pvlS, "from iced tests") {
   124  			return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   125  				"Corrupted pvl in merkle tree from iced tests. To fix see test/merkle_pvl.iced. : %v", err)
   126  		}
   127  		return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   128  			"Could not parse pvl: %v", err)
   129  	}
   130  
   131  	if perr := validateChunk(m, &pvl, service); perr != nil {
   132  		return perr
   133  	}
   134  
   135  	sigBody, sigIDBase, err := libkb.OpenSig(info.ArmoredSig)
   136  	if err != nil {
   137  		return libkb.NewProofError(keybase1.ProofStatus_BAD_SIGNATURE,
   138  			"Bad signature: %v", err)
   139  	}
   140  
   141  	scripts, perr := chunkGetScripts(&pvl, service)
   142  	if perr != nil {
   143  		return perr
   144  	}
   145  
   146  	// validate hostname
   147  	webish := (service == keybase1.ProofType_DNS || service == keybase1.ProofType_GENERIC_WEB_SITE)
   148  	if webish {
   149  		if !validateDomain(info.Hostname) {
   150  			return libkb.NewProofError(keybase1.ProofStatus_BAD_SIGNATURE,
   151  				"Bad hostname in sig: %s", info.Hostname)
   152  		}
   153  	}
   154  
   155  	// validate protocol
   156  	if service == keybase1.ProofType_GENERIC_WEB_SITE {
   157  		_, ok := validateProtocol(info.Protocol, []string{"http", "https"})
   158  		if !ok {
   159  			return libkb.NewProofError(keybase1.ProofStatus_BAD_SIGNATURE,
   160  				"Bad protocol in sig: %s", info.Protocol)
   161  		}
   162  	}
   163  
   164  	sigID := sigIDBase.ToSigIDLegacy()
   165  
   166  	mknewstate := func(i int) (scriptState, libkb.ProofError) {
   167  		state := scriptState{
   168  			WhichScript: i,
   169  			PC:          0,
   170  			Service:     service,
   171  			Regs:        *newNamedRegsStore(),
   172  			Sig:         sigBody,
   173  			HasFetched:  false,
   174  			FetchResult: nil,
   175  		}
   176  
   177  		err := setupRegs(m, &state.Regs, info, sigBody, sigID, service)
   178  		return state, err
   179  	}
   180  
   181  	var errs []libkb.ProofError
   182  	if service == keybase1.ProofType_DNS {
   183  		if perr = runDNS(m, info.Hostname, scripts, mknewstate, sigID.ToMediumID()); perr != nil {
   184  			errs = append(errs, perr)
   185  		}
   186  	} else {
   187  		// Run the scripts in order.
   188  		// If any succeed, the proof succeeds.
   189  		// If one fails, the next takes over.
   190  		// If all fail, log and report errors.
   191  		for i, script := range scripts {
   192  			state, perr := mknewstate(i)
   193  			if perr != nil {
   194  				return perr
   195  			}
   196  			perr = runScript(m, &script, state)
   197  			if perr == nil {
   198  				return nil
   199  			}
   200  			errs = append(errs, perr)
   201  		}
   202  	}
   203  
   204  	switch len(errs) {
   205  	case 0:
   206  		return nil
   207  	case 1:
   208  		return errs[0]
   209  	default:
   210  		for _, err := range errs {
   211  			debug(m, "multiple failures include: %v", err)
   212  		}
   213  		// Arbitrarily use the error code of the first error
   214  		return libkb.NewProofError(errs[0].GetProofStatus(), "Multiple errors while verifying proof")
   215  	}
   216  }
   217  
   218  func setupRegs(m metaContext, regs *namedRegsStore, info ProofInfo, sigBody []byte, sigID keybase1.SigID, service keybase1.ProofType) libkb.ProofError {
   219  	webish := (service == keybase1.ProofType_DNS || service == keybase1.ProofType_GENERIC_WEB_SITE)
   220  
   221  	// hint_url
   222  	if err := regs.Set("hint_url", info.APIURL); err != nil {
   223  		return err
   224  	}
   225  
   226  	// username_service
   227  	if webish {
   228  		if err := regs.Ban("username_service"); err != nil {
   229  			return err
   230  		}
   231  	} else {
   232  		if err := regs.Set("username_service", info.RemoteUsername); err != nil {
   233  			return err
   234  		}
   235  	}
   236  
   237  	// username_keybase
   238  	if err := regs.Set("username_keybase", info.Username); err != nil {
   239  		return err
   240  	}
   241  
   242  	// sig
   243  	// Store it b64 encoded. This is rarely used, assert_find_base64 is better.
   244  	if err := regs.Set("sig", b64.StdEncoding.EncodeToString(sigBody)); err != nil {
   245  		return err
   246  	}
   247  
   248  	// sig_id_medium
   249  	if err := regs.Set("sig_id_medium", sigID.ToMediumID()); err != nil {
   250  		return err
   251  	}
   252  
   253  	// sig_id_short
   254  	if err := regs.Set("sig_id_short", sigID.ToShortID()); err != nil {
   255  		return err
   256  	}
   257  
   258  	// hostname
   259  	if webish {
   260  		if err := regs.Set("hostname", info.Hostname); err != nil {
   261  			return err
   262  		}
   263  	} else {
   264  		if err := regs.Ban("hostname"); err != nil {
   265  			return err
   266  		}
   267  	}
   268  
   269  	// protocol
   270  	if service == keybase1.ProofType_GENERIC_WEB_SITE {
   271  		canonicalProtocol, ok := validateProtocol(info.Protocol, []string{"http", "https"})
   272  		if !ok {
   273  			return libkb.NewProofError(keybase1.ProofStatus_BAD_SIGNATURE,
   274  				"Bad protocol in sig: %s", info.Protocol)
   275  		}
   276  		if err := regs.Set("protocol", canonicalProtocol); err != nil {
   277  			return err
   278  		}
   279  	} else if err := regs.Ban("protocol"); err != nil {
   280  		return err
   281  	}
   282  
   283  	return nil
   284  }
   285  
   286  // Get the list of scripts for a given service.
   287  func chunkGetScripts(pvl *pvlT, service keybase1.ProofType) ([]scriptT, libkb.ProofError) {
   288  	scripts, ok := pvl.Services.Map[service]
   289  	if !ok {
   290  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   291  			"No entry for service: %v", service)
   292  	}
   293  	return scripts, nil
   294  }
   295  
   296  // Check that a chunk of PVL is valid code.
   297  // Will always accept valid code, but may not always notice invalidities.
   298  func validateChunk(m metaContext, pvl *pvlT, service keybase1.ProofType) libkb.ProofError {
   299  	if pvl.PvlVersion != SupportedVersion {
   300  		return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   301  			"PVL is for the wrong version %v != %v", pvl.PvlVersion, SupportedVersion)
   302  	}
   303  
   304  	debug(m, "valid version:%v revision:%v", pvl.PvlVersion, pvl.Revision)
   305  
   306  	scripts, perr := chunkGetScripts(pvl, service)
   307  	if perr != nil {
   308  		return perr
   309  	}
   310  	if len(scripts) == 0 {
   311  		return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   312  			"Empty scripts list for service: %v", service)
   313  	}
   314  
   315  	// Scan all the scripts (for this service) for errors. Report the first error.
   316  	var errs []libkb.ProofError
   317  	for whichscript, script := range scripts {
   318  		perr = validateScript(m, &script, service, whichscript)
   319  		errs = append(errs, perr)
   320  	}
   321  	return errs[0]
   322  }
   323  
   324  func validateScript(m metaContext, script *scriptT, service keybase1.ProofType, whichscript int) libkb.ProofError {
   325  	// Scan the script.
   326  	// Does not validate each instruction's format. (That is done when running it)
   327  	// Validate each instruction's "error" field.
   328  
   329  	logerr := func(m metaContext, service keybase1.ProofType, whichscript int, pc int, format string, arg ...interface{}) libkb.ProofError {
   330  		debugWithPosition(m, service, whichscript, pc, format, arg...)
   331  		return libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL, format, arg...)
   332  	}
   333  
   334  	var modeknown = false
   335  	var mode fetchMode
   336  	if service == keybase1.ProofType_DNS {
   337  		modeknown = true
   338  		mode = fetchModeDNS
   339  	}
   340  	if len(script.Instructions) < 1 {
   341  		return logerr(m, service, whichscript, 0, "Empty script")
   342  	}
   343  
   344  	for i, ins := range script.Instructions {
   345  		if ins.variantsFilled() != 1 {
   346  			return logerr(m, service, whichscript, i, "exactly 1 variant must appear in instruction")
   347  		}
   348  
   349  		switch {
   350  
   351  		// These can always run, but must be cases so that the default case works.
   352  		case ins.AssertRegexMatch != nil:
   353  		case ins.AssertFindBase64 != nil:
   354  		case ins.AssertCompare != nil:
   355  		case ins.WhitespaceNormalize != nil:
   356  		case ins.RegexCapture != nil:
   357  		case ins.ReplaceAll != nil:
   358  		case ins.ParseURL != nil:
   359  		case ins.Fill != nil:
   360  
   361  		case ins.Fetch != nil:
   362  			// A script can contain only <=1 fetches.
   363  			// A DNS script cannot contain fetches.
   364  
   365  			fetchType := ins.Fetch.Kind
   366  
   367  			if service == keybase1.ProofType_DNS {
   368  				return logerr(m, service, whichscript, i,
   369  					"DNS script cannot contain fetch instruction")
   370  			}
   371  			if modeknown {
   372  				return logerr(m, service, whichscript, i,
   373  					"Script cannot contain multiple fetch instructions")
   374  			}
   375  			switch fetchMode(fetchType) {
   376  			case fetchModeString:
   377  				modeknown = true
   378  				mode = fetchModeString
   379  			case fetchModeHTML:
   380  				modeknown = true
   381  				mode = fetchModeHTML
   382  			case fetchModeJSON:
   383  				modeknown = true
   384  				mode = fetchModeJSON
   385  			default:
   386  				return logerr(m, service, whichscript, i,
   387  					"Unsupported fetch type: %v", fetchType)
   388  			}
   389  		case ins.ParseHTML != nil:
   390  		case ins.SelectorJSON != nil:
   391  			// Can only select after fetching.
   392  			switch {
   393  			case service == keybase1.ProofType_DNS:
   394  				return logerr(m, service, whichscript, i,
   395  					"DNS script cannot use json selector")
   396  			case !modeknown:
   397  				return logerr(m, service, whichscript, i,
   398  					"Script cannot select before fetch")
   399  			case mode != fetchModeJSON:
   400  				return logerr(m, service, whichscript, i,
   401  					"Script contains json selector in non-html mode")
   402  			}
   403  		case ins.SelectorCSS != nil:
   404  			// Can only select one of text, attr, or data.
   405  			if ins.SelectorCSS.Attr != "" && ins.SelectorCSS.Data {
   406  				return logerr(m, service, whichscript, i,
   407  					"Script contains css selector with both 'attr' and 'data' set")
   408  			}
   409  		default:
   410  			return logerr(m, service, whichscript, i,
   411  				"Unsupported PVL instruction: %v", ins)
   412  		}
   413  	}
   414  
   415  	return nil
   416  }
   417  
   418  // Run each script on each TXT record of each domain.
   419  // Succeed if any succeed.
   420  func runDNS(m metaContext, userdomain string, scripts []scriptT, mknewstate stateMaker, sigIDMedium string) libkb.ProofError {
   421  	domains := []string{userdomain, "_keybase." + userdomain}
   422  	var errs []libkb.ProofError
   423  	for _, d := range domains {
   424  		debug(m, "Trying DNS for domain: %v", d)
   425  
   426  		err := runDNSOne(m, d, scripts, mknewstate, sigIDMedium)
   427  		if err != nil {
   428  			errs = append(errs, err)
   429  		} else {
   430  			return nil
   431  		}
   432  	}
   433  
   434  	// Return only the error for the first domain error
   435  	if len(errs) == 0 {
   436  		return nil
   437  	}
   438  	var descs []string
   439  	for _, err := range errs {
   440  		descs = append(descs, err.GetDesc())
   441  	}
   442  	// Use the code from the first error
   443  	return libkb.NewProofError(errs[0].GetProofStatus(), strings.Join(descs, "; "))
   444  }
   445  
   446  func formatDNSServer(srv string) string {
   447  	if strings.Contains(srv, ":") {
   448  		return fmt.Sprintf("[%s]:53", srv)
   449  	}
   450  	return srv + ":53"
   451  }
   452  
   453  func runDNSTXTQuery(m metaContext, domain string) (res []string, err error) {
   454  
   455  	// Attempt to use the built-in resolver first, but this might fail on mobile.
   456  	// The reason for that is currently (as of Go 1.8), LookupTXT does not properly
   457  	// use the cgo DNS routines if they are configured to be used (like they are for mobile).
   458  	// As for now, we can use a different library to specify our own name servers, since the
   459  	// Go resolver will attempt to use /etc/resolv.conf, which is not a thing on mobile.
   460  	if res, err = net.LookupTXT(domain); err != nil {
   461  		debug(m, "DNS LookupTXT failed: %s", err.Error())
   462  	} else {
   463  		return res, nil
   464  	}
   465  
   466  	// Google IPv4 and IPV6 addresses
   467  	publicServers := []string{
   468  		formatDNSServer("8.8.8.8"),
   469  		formatDNSServer("2001:4860:4860::8888"),
   470  	}
   471  	var fetchedSrvs []string
   472  	if m.G().GetDNSNameServerFetcher() != nil {
   473  		fetchedSrvs = m.G().GetDNSNameServerFetcher().GetServers()
   474  		for i := 0; i < len(fetchedSrvs); i++ {
   475  			fetchedSrvs[i] = formatDNSServer(fetchedSrvs[i])
   476  		}
   477  	}
   478  	servers := fetchedSrvs
   479  	servers = append(servers, publicServers...)
   480  
   481  	var r *dns.Msg
   482  	c := dns.Client{}
   483  	msg := dns.Msg{}
   484  	found := false
   485  	for _, srv := range servers {
   486  		debug(m, "DNS trying backup server: %s", srv)
   487  		msg.SetQuestion(domain+".", dns.TypeTXT)
   488  		r, _, err = c.Exchange(&msg, srv)
   489  		if err != nil {
   490  			debug(m, "DNS backup server failed; %s", err.Error())
   491  		} else {
   492  			found = true
   493  			break
   494  		}
   495  	}
   496  	if !found {
   497  		return res, fmt.Errorf("failed to lookup DNS: %s", domain)
   498  	}
   499  
   500  	for _, ans := range r.Answer {
   501  		if record, ok := ans.(*dns.TXT); ok {
   502  			if len(record.Txt) > 0 {
   503  				res = append(res, record.Txt[len(record.Txt)-1])
   504  			}
   505  		}
   506  	}
   507  	return res, err
   508  }
   509  
   510  // Run each script on each TXT record of the domain.
   511  func runDNSOne(m metaContext, domain string, scripts []scriptT, mknewstate stateMaker, sigIDMedium string) libkb.ProofError {
   512  	// Fetch TXT records
   513  	var txts []string
   514  	var err error
   515  	if m.getStubDNS() == nil {
   516  		txts, err = runDNSTXTQuery(m, domain)
   517  	} else {
   518  		txts, err = m.getStubDNS().LookupTXT(domain)
   519  	}
   520  
   521  	if err != nil {
   522  		return libkb.NewProofError(keybase1.ProofStatus_DNS_ERROR,
   523  			"DNS failure for %s: %s", domain, err)
   524  	}
   525  
   526  	for _, record := range txts {
   527  		debug(m, "For DNS domain '%s' got TXT record: '%s'", domain, record)
   528  
   529  		// Try all scripts.
   530  		for i, script := range scripts {
   531  			state, err := mknewstate(i)
   532  			if err != nil {
   533  				return err
   534  			}
   535  
   536  			if err = state.Regs.Set("txt", record); err != nil {
   537  				return err
   538  			}
   539  
   540  			if err = runScript(m, &script, state); err == nil {
   541  				return nil
   542  			}
   543  
   544  			// Discard error, it has already been reported by stepInstruction.
   545  		}
   546  	}
   547  
   548  	return libkb.NewProofError(keybase1.ProofStatus_NOT_FOUND,
   549  		"Checked %d TXT entries of %s, but didn't find signature keybase-site-verification=%s",
   550  		len(txts), domain, sigIDMedium)
   551  }
   552  
   553  func runScript(m metaContext, script *scriptT, startstate scriptState) libkb.ProofError {
   554  	var state = startstate
   555  	if len(script.Instructions) < 1 {
   556  		perr := libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   557  			"Empty scripts are not allowed.")
   558  		debugWithStateError(m, state, perr)
   559  		return perr
   560  	}
   561  	for i, ins := range script.Instructions {
   562  		// Sanity check.
   563  		if state.PC != i {
   564  			perr := libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   565  				"Execution failure, PC mismatch %v %v", state.PC, i)
   566  			debugWithStateError(m, state, perr)
   567  			return perr
   568  		}
   569  
   570  		newstate, perr := stepInstruction(m, ins, state)
   571  		if perr != nil {
   572  			return perr
   573  		}
   574  		state = newstate
   575  		state.PC++
   576  	}
   577  
   578  	// Script executed successfully with no errors.
   579  	return nil
   580  }
   581  
   582  // stepInstruction decides which instruction to run.
   583  func stepInstruction(m metaContext, ins instructionT, state scriptState) (scriptState, libkb.ProofError) {
   584  	debugWithState(m, state, "Running instruction %v: %v", ins.Name(), ins)
   585  
   586  	var newState scriptState
   587  	var stepErr libkb.ProofError
   588  	var customErrSpec *errorT
   589  	switch {
   590  	case ins.AssertRegexMatch != nil:
   591  		newState, stepErr = stepAssertRegexMatch(m, *ins.AssertRegexMatch, state)
   592  		customErrSpec = ins.AssertRegexMatch.Error
   593  	case ins.AssertFindBase64 != nil:
   594  		newState, stepErr = stepAssertFindBase64(m, *ins.AssertFindBase64, state)
   595  		customErrSpec = ins.AssertFindBase64.Error
   596  	case ins.AssertCompare != nil:
   597  		newState, stepErr = stepAssertCompare(m, *ins.AssertCompare, state)
   598  		customErrSpec = ins.AssertCompare.Error
   599  	case ins.WhitespaceNormalize != nil:
   600  		newState, stepErr = stepWhitespaceNormalize(m, *ins.WhitespaceNormalize, state)
   601  		customErrSpec = ins.WhitespaceNormalize.Error
   602  	case ins.RegexCapture != nil:
   603  		newState, stepErr = stepRegexCapture(m, *ins.RegexCapture, state)
   604  		customErrSpec = ins.RegexCapture.Error
   605  	case ins.ReplaceAll != nil:
   606  		newState, stepErr = stepReplaceAll(m, *ins.ReplaceAll, state)
   607  		customErrSpec = ins.ReplaceAll.Error
   608  	case ins.ParseURL != nil:
   609  		newState, stepErr = stepParseURL(m, *ins.ParseURL, state)
   610  		customErrSpec = ins.ParseURL.Error
   611  	case ins.Fetch != nil:
   612  		newState, stepErr = stepFetch(m, *ins.Fetch, state)
   613  		customErrSpec = ins.Fetch.Error
   614  	case ins.ParseHTML != nil:
   615  		newState, stepErr = stepParseHTML(m, *ins.ParseHTML, state)
   616  		customErrSpec = ins.ParseHTML.Error
   617  	case ins.SelectorJSON != nil:
   618  		newState, stepErr = stepSelectorJSON(m, *ins.SelectorJSON, state)
   619  		customErrSpec = ins.SelectorJSON.Error
   620  	case ins.SelectorCSS != nil:
   621  		newState, stepErr = stepSelectorCSS(m, *ins.SelectorCSS, state)
   622  		customErrSpec = ins.SelectorCSS.Error
   623  	case ins.Fill != nil:
   624  		newState, stepErr = stepFill(m, *ins.Fill, state)
   625  		customErrSpec = ins.Fill.Error
   626  	default:
   627  		newState = state
   628  		stepErr = libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   629  			"Invalid instruction: %v", ins)
   630  	}
   631  
   632  	if stepErr != nil {
   633  		debugWithStateError(m, state, stepErr)
   634  		stepErr = replaceCustomError(m, state, customErrSpec, stepErr)
   635  	}
   636  	return newState, stepErr
   637  
   638  }
   639  
   640  func stepAssertRegexMatch(m metaContext, ins assertRegexMatchT, state scriptState) (scriptState, libkb.ProofError) {
   641  	rdesc := regexDescriptor{
   642  		Template:        ins.Pattern,
   643  		CaseInsensitive: ins.CaseInsensitive,
   644  		MultiLine:       ins.MultiLine,
   645  	}
   646  	from, err := state.Regs.Get(ins.From)
   647  	if err != nil {
   648  		return state, err
   649  	}
   650  	re, err := interpretRegex(m, state, rdesc)
   651  	if err != nil {
   652  		return state, err
   653  	}
   654  	if re.MatchString(from) == ins.Negate {
   655  		negate := "not "
   656  		if ins.Negate {
   657  			negate = ""
   658  		}
   659  		debugWithState(m, state, "Regex did %smatch:\n  %v\n  %v\n  %q",
   660  			negate, rdesc.Template, re, from)
   661  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   662  			"Regex did %smatch (%v)", negate, rdesc.Template)
   663  	}
   664  
   665  	return state, nil
   666  }
   667  
   668  func stepAssertFindBase64(m metaContext, ins assertFindBase64T, state scriptState) (scriptState, libkb.ProofError) {
   669  	if ins.Needle != "sig" {
   670  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   671  			"Can only assert_find_base64 for sig")
   672  	}
   673  	haystack, err := state.Regs.Get(ins.Haystack)
   674  	if err != nil {
   675  		return state, err
   676  	}
   677  	if libkb.FindBase64Block(haystack, state.Sig, false) {
   678  		return state, nil
   679  	}
   680  	return state, libkb.NewProofError(keybase1.ProofStatus_TEXT_NOT_FOUND,
   681  		"Signature not found")
   682  }
   683  
   684  func stepAssertCompare(m metaContext, ins assertCompareT, state scriptState) (scriptState, libkb.ProofError) {
   685  	a, err := state.Regs.Get(ins.A)
   686  	if err != nil {
   687  		return state, err
   688  	}
   689  	b, err := state.Regs.Get(ins.B)
   690  	if err != nil {
   691  		return state, err
   692  	}
   693  
   694  	var same bool
   695  	switch ins.Cmp {
   696  	case "exact":
   697  		same = (a == b)
   698  	case "cicmp":
   699  		same = libkb.Cicmp(a, b)
   700  	case "stripdots-then-cicmp":
   701  		norm := func(s string) string {
   702  			return strings.ToLower(strings.ReplaceAll(s, ".", ""))
   703  		}
   704  		same = libkb.Cicmp(norm(a), norm(b))
   705  	default:
   706  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   707  			"Unsupported comparison method: '%v'", ins.Cmp)
   708  	}
   709  
   710  	if !same {
   711  		debugWithState(m, state, "Comparison (%v) failed\n  %v != %v\n  '%v' != '%v'",
   712  			ins.Cmp, ins.A, ins.B, a, b)
   713  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   714  			"Comparison (%v) failed '%v' != '%v'", ins.Cmp, a, b)
   715  	}
   716  
   717  	return state, nil
   718  }
   719  
   720  func stepWhitespaceNormalize(m metaContext, ins whitespaceNormalizeT, state scriptState) (scriptState, libkb.ProofError) {
   721  	from, err := state.Regs.Get(ins.From)
   722  	if err != nil {
   723  		return state, err
   724  	}
   725  	normed := libkb.WhitespaceNormalize(from)
   726  	err = state.Regs.Set(ins.Into, normed)
   727  	return state, err
   728  }
   729  
   730  func stepRegexCapture(m metaContext, ins regexCaptureT, state scriptState) (scriptState, libkb.ProofError) {
   731  	rdesc := regexDescriptor{
   732  		Template:        ins.Pattern,
   733  		CaseInsensitive: ins.CaseInsensitive,
   734  		MultiLine:       ins.MultiLine,
   735  	}
   736  
   737  	from, err := state.Regs.Get(ins.From)
   738  	if err != nil {
   739  		return state, err
   740  	}
   741  
   742  	re, err := interpretRegex(m, state, rdesc)
   743  	if err != nil {
   744  		return state, err
   745  	}
   746  
   747  	// There must be some registers to write results to.
   748  	if len(ins.Into) == 0 {
   749  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   750  			"Into list cannot be empty")
   751  	}
   752  
   753  	match := re.FindStringSubmatch(from)
   754  	// Assert that the match matched and has at least one capture group.
   755  	// -1 for the ignored first element of match
   756  	if len(match)-1 < len(ins.Into) {
   757  		debugWithState(m, state, "Regex capture did not match enough groups:\n  %v\n  %v\n  %q\n  %v",
   758  			rdesc.Template, re, from, match)
   759  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   760  			"Regex capture did not match enough groups (%v)", rdesc.Template)
   761  	}
   762  	for i := 0; i < len(ins.Into); i++ {
   763  		err := state.Regs.Set(ins.Into[i], match[i+1])
   764  		if err != nil {
   765  			return state, err
   766  		}
   767  	}
   768  	return state, nil
   769  }
   770  
   771  func stepReplaceAll(m metaContext, ins replaceAllT, state scriptState) (scriptState, libkb.ProofError) {
   772  	from, err := state.Regs.Get(ins.From)
   773  	if err != nil {
   774  		return state, err
   775  	}
   776  
   777  	replaced := strings.ReplaceAll(from, ins.Old, ins.New)
   778  	if err = state.Regs.Set(ins.Into, replaced); err != nil {
   779  		return state, err
   780  	}
   781  
   782  	return state, nil
   783  }
   784  
   785  func stepParseURL(m metaContext, ins parseURLT, state scriptState) (scriptState, libkb.ProofError) {
   786  	s, err := state.Regs.Get(ins.From)
   787  	if err != nil {
   788  		return state, err
   789  	}
   790  
   791  	u, err2 := url.Parse(s)
   792  	if err2 != nil {
   793  		return state, libkb.NewProofError(keybase1.ProofStatus_FAILED_PARSE,
   794  			"Could not parse url: '%v'", s)
   795  	}
   796  
   797  	if ins.Path != "" {
   798  		err := state.Regs.Set(ins.Path, u.Path)
   799  		if err != nil {
   800  			return state, err
   801  		}
   802  	}
   803  
   804  	if ins.Host != "" {
   805  		err := state.Regs.Set(ins.Host, u.Host)
   806  		if err != nil {
   807  			return state, err
   808  		}
   809  	}
   810  
   811  	if ins.Scheme != "" {
   812  		err := state.Regs.Set(ins.Scheme, u.Scheme)
   813  		if err != nil {
   814  			return state, err
   815  		}
   816  	}
   817  
   818  	return state, nil
   819  }
   820  
   821  func stepFetch(m metaContext, ins fetchT, state scriptState) (scriptState, libkb.ProofError) {
   822  	if state.FetchResult != nil {
   823  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   824  			"Script cannot contain more than one fetch")
   825  	}
   826  	if state.Service == keybase1.ProofType_DNS {
   827  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   828  			"Script cannot fetch in DNS mode")
   829  	}
   830  
   831  	from, err := state.Regs.Get(ins.From)
   832  	if err != nil {
   833  		return state, err
   834  	}
   835  	if state.Service == keybase1.ProofType_ROOTER {
   836  		from2, err := rooterRewriteURL(m, from)
   837  		if err != nil {
   838  			return state, libkb.NewProofError(keybase1.ProofStatus_FAILED_PARSE,
   839  				"Could not rewrite rooter URL: %v", err)
   840  		}
   841  		from = from2
   842  	}
   843  
   844  	switch fetchMode(ins.Kind) {
   845  	case fetchModeString:
   846  		debugWithState(m, state, "fetchurl: %v", from)
   847  		res, err1 := m.G().GetExternalAPI().GetText(m.MetaContext, libkb.APIArg{Endpoint: from})
   848  		if err1 != nil {
   849  			return state, libkb.XapiError(err1, from)
   850  		}
   851  		state.FetchResult = &fetchResult{
   852  			fetchMode: fetchModeString,
   853  			String:    res.Body,
   854  		}
   855  		err := state.Regs.Set(ins.Into, state.FetchResult.String)
   856  		if err != nil {
   857  			return state, err
   858  		}
   859  		return state, nil
   860  	case fetchModeJSON:
   861  		if ins.Into != "" {
   862  			return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   863  				"JSON fetch must not specify 'into' register")
   864  		}
   865  		res, err1 := m.G().GetExternalAPI().Get(m.MetaContext, libkb.APIArg{Endpoint: from})
   866  		if err1 != nil {
   867  			return state, libkb.XapiError(err1, from)
   868  		}
   869  		state.FetchResult = &fetchResult{
   870  			fetchMode: fetchModeJSON,
   871  			JSON:      res.Body,
   872  		}
   873  		return state, nil
   874  	case fetchModeHTML:
   875  		if ins.Into != "" {
   876  			return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   877  				"HTML fetch must not specify 'into' register")
   878  		}
   879  		res, err1 := m.G().GetExternalAPI().GetHTML(m.MetaContext, libkb.APIArg{Endpoint: from})
   880  		if err1 != nil {
   881  			return state, libkb.XapiError(err1, from)
   882  		}
   883  		state.FetchResult = &fetchResult{
   884  			fetchMode: fetchModeHTML,
   885  			HTML:      res.GoQuery,
   886  		}
   887  		return state, nil
   888  	default:
   889  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   890  			"Unsupported fetch kind %v", ins.Kind)
   891  	}
   892  }
   893  
   894  func stepParseHTML(m metaContext, ins parseHTMLT, state scriptState) (scriptState, libkb.ProofError) {
   895  	from, err := state.Regs.Get(ins.From)
   896  	if err != nil {
   897  		return state, err
   898  	}
   899  
   900  	gq, err2 := goquery.NewDocumentFromReader(bytes.NewBuffer([]byte(from)))
   901  	if err2 != nil {
   902  		return state, libkb.NewProofError(keybase1.ProofStatus_FAILED_PARSE, "Failed to parse html from '%v': %v", ins.From, err2)
   903  	}
   904  
   905  	state.FetchResult = &fetchResult{
   906  		fetchMode: fetchModeHTML,
   907  		HTML:      gq,
   908  	}
   909  	return state, nil
   910  }
   911  
   912  func stepSelectorJSON(m metaContext, ins selectorJSONT, state scriptState) (scriptState, libkb.ProofError) {
   913  	if state.FetchResult == nil || state.FetchResult.fetchMode != fetchModeJSON {
   914  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   915  			"Cannot use json selector with non-json fetch result")
   916  	}
   917  
   918  	if len(ins.Selectors) < 1 {
   919  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   920  			"Json selector list must contain at least 1 element")
   921  	}
   922  
   923  	results, perr := runSelectorJSONInner(m, state, state.FetchResult.JSON, ins.Selectors)
   924  	if perr != nil {
   925  		return state, perr
   926  	}
   927  	if len(results) < 1 {
   928  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   929  			"Json selector did not match any values")
   930  	}
   931  	s := strings.Join(results, " ")
   932  
   933  	err := state.Regs.Set(ins.Into, s)
   934  	return state, err
   935  }
   936  
   937  func stepSelectorCSS(m metaContext, ins selectorCSST, state scriptState) (scriptState, libkb.ProofError) {
   938  	if state.FetchResult == nil || state.FetchResult.fetchMode != fetchModeHTML {
   939  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   940  			"Cannot use css selector with non-html fetch result")
   941  	}
   942  
   943  	selection, perr := runCSSSelectorInner(m, state.FetchResult.HTML.Selection, ins.Selectors)
   944  	if perr != nil {
   945  		return state, perr
   946  	}
   947  
   948  	if selection.Size() < 1 {
   949  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   950  			"No elements matched by selector")
   951  	}
   952  
   953  	if selection.Size() > 1 && !ins.Multi {
   954  		return state, libkb.NewProofError(keybase1.ProofStatus_CONTENT_FAILURE,
   955  			"CSS selector matched too many elements")
   956  	}
   957  
   958  	// Get the text, attribute, or data.
   959  	var res string
   960  	switch {
   961  	case ins.Attr != "":
   962  		res = selectionAttr(selection, ins.Attr)
   963  	case ins.Data:
   964  		res = selectionData(selection)
   965  	default:
   966  		res = selectionText(selection)
   967  	}
   968  
   969  	err := state.Regs.Set(ins.Into, res)
   970  	return state, err
   971  }
   972  
   973  func stepFill(m metaContext, ins fillT, state scriptState) (scriptState, libkb.ProofError) {
   974  	s, err := substituteExact(ins.With, state)
   975  	if err != nil {
   976  		debugWithState(m, state, "Fill did not succeed:\n  %v\n  %v\n  %v",
   977  			ins.With, err, ins.Into)
   978  		return state, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   979  			"Could not fill variable (%v): %v", ins.Into, err)
   980  	}
   981  
   982  	err = state.Regs.Set(ins.Into, s)
   983  	return state, err
   984  }
   985  
   986  // Run a PVL CSS selector.
   987  // selectors is a list like [ "div .foo", 0, ".bar"] ].
   988  // Each string runs a selector, each integer runs a Eq.
   989  func runCSSSelectorInner(m metaContext, html *goquery.Selection,
   990  	selectors []keybase1.SelectorEntry) (*goquery.Selection, libkb.ProofError) {
   991  	if len(selectors) < 1 {
   992  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
   993  			"CSS selectors array must not be empty")
   994  	}
   995  
   996  	selection := html
   997  	for _, selector := range selectors {
   998  		switch {
   999  		case selector.IsIndex:
  1000  			selection = selection.Eq(selector.Index)
  1001  		case selector.IsKey:
  1002  			selection = selection.Find(selector.Key)
  1003  		case selector.IsContents:
  1004  			selection = selection.Contents()
  1005  		default:
  1006  			return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
  1007  				"CSS selector entry must be a string, int, or 'contents' %v", selector)
  1008  		}
  1009  	}
  1010  
  1011  	return selection, nil
  1012  }
  1013  
  1014  func runSelectorJSONInner(m metaContext, state scriptState, selectedObject *jsonw.Wrapper,
  1015  	selectors []keybase1.SelectorEntry) ([]string, libkb.ProofError) {
  1016  	logger := func(format string, args ...interface{}) {
  1017  		debugWithState(m, state, format, args)
  1018  	}
  1019  	jsonResults, perr := jsonhelpers.AtSelectorPath(selectedObject, selectors, logger, libkb.NewInvalidPVLSelectorError)
  1020  	if perrInner, _ := perr.(libkb.ProofError); perrInner != nil {
  1021  		return nil, perrInner
  1022  	}
  1023  	if perr != nil {
  1024  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL, "json select error in pvl interp")
  1025  	}
  1026  	results := []string{}
  1027  	for _, object := range jsonResults {
  1028  		s, err := jsonhelpers.JSONStringSimple(object)
  1029  		if err != nil {
  1030  			logger("JSON could not read object: %v (%v)", err, object)
  1031  			continue
  1032  		}
  1033  		results = append(results, s)
  1034  	}
  1035  	return results, nil
  1036  }
  1037  
  1038  // Take a regex descriptor, do variable substitution, and build a regex.
  1039  func interpretRegex(m metaContext, state scriptState, rdesc regexDescriptor) (*regexp.Regexp, libkb.ProofError) {
  1040  	// Check that regex is bounded by "^" and "$".
  1041  	if !strings.HasPrefix(rdesc.Template, "^") {
  1042  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
  1043  			"Could not build regex: %v (%v)", "must start with '^'", rdesc.Template)
  1044  	}
  1045  	if !strings.HasSuffix(rdesc.Template, "$") {
  1046  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
  1047  			"Could not build regex: %v (%v)", "must end with '$'", rdesc.Template)
  1048  	}
  1049  
  1050  	var optstring = ""
  1051  	if rdesc.CaseInsensitive {
  1052  		optstring += "i"
  1053  	}
  1054  	if rdesc.MultiLine {
  1055  		optstring += "m"
  1056  	}
  1057  
  1058  	var prefix = ""
  1059  	if len(optstring) > 0 {
  1060  		prefix = "(?" + optstring + ")"
  1061  	}
  1062  
  1063  	// Do variable interpolation.
  1064  	prepattern, perr := substituteReEscape(rdesc.Template, state)
  1065  	if perr != nil {
  1066  		return nil, perr
  1067  	}
  1068  	pattern := prefix + prepattern
  1069  
  1070  	// Build the regex.
  1071  	re, err := regexp.Compile(pattern)
  1072  	if err != nil {
  1073  		debugWithState(m, state, "Could not compile regex: %v\n  %v\n  %v", err, rdesc.Template, pattern)
  1074  		return nil, libkb.NewProofError(keybase1.ProofStatus_INVALID_PVL,
  1075  			"Could not compile regex: %v (%v)", err, rdesc.Template)
  1076  	}
  1077  	return re, nil
  1078  }
  1079  
  1080  // Use a custom error spec to derive an error.
  1081  // spec can be none
  1082  // Copies over the error code if none is specified.
  1083  func replaceCustomError(m metaContext, state scriptState, spec *errorT, err1 libkb.ProofError) libkb.ProofError {
  1084  	if err1 == nil {
  1085  		return err1
  1086  	}
  1087  
  1088  	// Don't rewrite invalid_pvl errors
  1089  	if err1.GetProofStatus() == keybase1.ProofStatus_INVALID_PVL {
  1090  		return err1
  1091  	}
  1092  
  1093  	if spec == nil {
  1094  		return err1
  1095  	}
  1096  
  1097  	if (spec.Status != err1.GetProofStatus()) || (spec.Description != err1.GetDesc()) {
  1098  		newDesc := spec.Description
  1099  		subbedDesc, subErr := substituteExact(spec.Description, state)
  1100  		if subErr == nil {
  1101  			newDesc = subbedDesc
  1102  		}
  1103  		err2 := libkb.NewProofError(spec.Status, newDesc)
  1104  		debugWithState(m, state, "Replacing error with custom error")
  1105  		debugWithStateError(m, state, err2)
  1106  
  1107  		return err2
  1108  	}
  1109  	return err1
  1110  }