### ML Integration Service Example Source: https://context7.com/rootup/smuggleshield/llms.txt This snippet demonstrates how to retrieve ML metrics from the content script using the `mlIntegrationService` and Chrome's message listener. ```APIDOC ## ML Integration Service This section details how to interact with the ML integration service to fetch performance metrics. ### Endpoint `chrome.runtime.onMessage.addListener` ### Description Listens for messages from content scripts. When a message with the action `getMLMetrics` is received, it retrieves the performance report from the `mlIntegrationService` and sends back key metrics. ### Method `chrome.runtime.onMessage.addListener` ### Parameters #### Request Body - **request** (object) - The incoming message object. - **action** (string) - Must be `"getMLMetrics"` to trigger metric retrieval. - **sender** (object) - Information about the sender of the message. - **sendResponse** (function) - Function to send a response back to the sender. ### Response #### Success Response (200) - **metrics** (object) - An object containing the ML performance metrics. - **accuracy** (number) - The model's accuracy. - **totalDetections** (number) - The total number of predictions recorded. - **averageConfidence** (number) - The average confidence score of predictions. - **topFeatures** (array) - An array of the top features and their importance. ### Request Example ```json { "action": "getMLMetrics" } ``` ### Response Example ```json { "metrics": { "accuracy": 0.95, "totalDetections": 1000, "averageConfidence": 0.88, "topFeatures": [ { "feature": "scriptDensity", "importance": 0.75 }, { "feature": "base64Length", "importance": 0.62 } ] } } ``` ``` -------------------------------- ### Setup DOM MutationObserver Source: https://context7.com/rootup/smuggleshield/llms.txt Sets up a MutationObserver to monitor DOM changes. It analyzes added nodes and attribute changes for suspicious content, excluding whitelisted URLs. ```javascript setupObserver() { this.observer = new MutationObserver((mutations) => { if (this.blocker.isUrlWhitelisted) return; const nodesToAnalyze = new Set(); for (const mutation of mutations) { if (mutation.addedNodes.length > 0) { for (const node of mutation.addedNodes) { if (node instanceof HTMLElement) nodesToAnalyze.add(node); } } if (mutation.type === 'attributes' && mutation.target instanceof HTMLElement) { nodesToAnalyze.add(mutation.target); } } if (nodesToAnalyze.size > 0) { this.analyzeNodes(Array.from(nodesToAnalyze)); } }); this.observer.observe(document.documentElement, { childList: true, subtree: true, attributes: true, attributeFilter: ['src', 'href', 'download', 'data-file', 'data-payload'] }); } ``` -------------------------------- ### Retrieve ML Metrics via Chrome Message Listener Source: https://context7.com/rootup/smuggleshield/llms.txt Example of how to expose ML metrics to other parts of the extension using the chrome.runtime message API. ```javascript chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { if (request.action === "getMLMetrics") { const report = mlIntegrationService.getPerformanceReport(); sendResponse({ metrics: { accuracy: report.accuracy, totalDetections: report.totalDetections, averageConfidence: report.averageConfidence, topFeatures: report.topFeatures }}); return true; } }); ``` -------------------------------- ### Extension Popup: Export Logs Message Source: https://context7.com/rootup/smuggleshield/llms.txt Example of how an extension popup can send a message to the background service to export blocked content logs. The response contains an array of log objects. ```javascript // Example: Export logs from extension popup chrome.runtime.sendMessage({action: "exportLogs"}, (response) => { const logs = response.logs; // logs: [{ url: "...", patterns: [...], timestamp: 1234567890 }, ...] }); ``` -------------------------------- ### MLDetector Class Implementation and Usage Source: https://context7.com/rootup/smuggleshield/llms.txt Defines the MLDetector class for feature extraction and smuggling detection, including an example of how to instantiate the detector and provide feedback for learning. ```javascript class MLDetector { constructor() { this.monitor = new MLMonitor(); this.features = { patterns: new Map(), // Feature thresholds contextual: new Map(), // Sample counts weights: new Map() // Feature weights }; this.threshold = 0.75; // Confidence threshold for detection this.learningRate = 0.1; // Rate of weight adjustment this.minSamples = 5; // Minimum samples before adjusting weights this.loadModel(); // Load persisted model from storage } // Extract features from content for ML analysis extractFeatures(content) { const features = new Map(); const limitedContent = content.length > 50000 ? content.substring(0, 25000) + content.substring(content.length - 25000) : content; // Count Base64 blocks and calculate ratios const base64Matches = limitedContent.match(/[A-Za-z0-9+/=]{100,}/g) || []; features.set('base64BlockCount', base64Matches.length); features.set('totalBase64Chars', base64Matches.reduce((sum, m) => sum + m.length, 0)); features.set('base64ContentRatio', features.get('totalBase64Chars') / limitedContent.length); // Count suspicious constructs features.set('blobUsageCount', (limitedContent.match(/new\s+blob/gi) || []).length); features.set('downloadAttrCount', (limitedContent.match(/download\s*=\s*["'][^"']*["']/gi) || []).length); features.set('encodingCallCount', (limitedContent.match(/atob|btoa|encodeURIComponent/gi) || []).length); features.set('binaryConstructCount', (limitedContent.match(/ArrayBuffer|Uint8Array|DataView/gi) || []).length); // Boolean features features.set('hasDataUri', /data:(?:application|text)\/[^;]+;base64,/i.test(limitedContent) ? 1 : 0); features.set('hasBlobUri', /blob:[^"']+/i.test(limitedContent) ? 1 : 0); features.set('hasFileCreationPattern', /\.href\s*=\s*.*?\.download\s*=\s*.*?\.click\(\)/i.test(limitedContent) ? 1 : 0); return features; } // Detect HTML smuggling attempt detect(content) { const features = this.extractFeatures(content); const score = this.calculateScore(features); return { isSmuggling: score >= this.threshold, confidence: score, features: Object.fromEntries(features) }; } // Learn from feedback (true/false positive) async learn(content, isSmuggling) { const features = this.extractFeatures(content); for (const [feature, value] of features) { const currentThreshold = this.features.patterns.get(feature) || 0; const samples = this.features.contextual.get(feature) || 0; // Update threshold as running average const newThreshold = (currentThreshold * samples + value) / (samples + 1); this.features.patterns.set(feature, newThreshold); this.features.contextual.set(feature, samples + 1); // Adjust weights after minimum samples if (samples >= this.minSamples) { const currentWeight = this.features.weights.get(feature) || 1; const correlation = isSmuggling ? 1 : -1; const newWeight = Math.max(0.1, currentWeight + (this.learningRate * correlation)); this.features.weights.set(feature, newWeight); } } this.monitor.recordValidation(isSmuggling); await this.saveModel(); } } // Example usage: const detector = new MLDetector(); const prediction = detector.detect(pageContent); // Result: { isSmuggling: true, confidence: 0.82, features: {...} } // Provide feedback for learning await detector.learn(pageContent, true); // Confirmed smuggling attempt ``` -------------------------------- ### Content Script: Analyze URL Message Source: https://context7.com/rootup/smuggleshield/llms.txt Example of how a content script can send a message to the background service to analyze a URL. It expects a response indicating if the URL is suspicious and if it's whitelisted. ```javascript // Example: Send message from content script to analyze URL chrome.runtime.sendMessage({ action: "analyzeURL", url: "https://example.com/suspicious-page" }, (response) => { if (response.isSuspicious) { console.log("URL flagged as suspicious"); } }); ``` -------------------------------- ### Initialize and Manage HTMLSmugglingBlocker Source: https://context7.com/rootup/smuggleshield/llms.txt The class constructor initializes detection services and pattern configurations, while helper methods manage URL whitelisting and logging of blocked smuggling attempts. ```javascript // The HTMLSmugglingBlocker is automatically instantiated when content.js loads // It initializes with a comprehensive set of suspicious patterns class HTMLSmugglingBlocker { constructor() { this.blocked = false; this.lastBlockedNode = null; this.isUrlWhitelisted = false; // Initialize suspicious patterns with weighted scoring const suspiciousPatternsConfig = [ { pattern: /atob\s*\([^)]+\).*new\s+uint8array/is, weight: 3 }, { pattern: /new\s+blob\s*\(\s*\[\s*(?:data|atob\s*\(/i, weight: 3 }, { pattern: /url\.createobjecturl\s*\(\s*(?:my)?blob\s*\)/i, weight: 3 }, { pattern: /href\s*=\s*["']data:(?:application\/octet-stream|image\/svg\+xml);base64,/i, weight: 3 }, // ... many more patterns ]; // Pattern threshold - score must exceed this to trigger blocking const patternThreshold = 4; // Initialize services this.patternService = new PatternService(suspiciousPatternsConfig, patternThreshold); this.analysisCache = new AnalysisCache(); this.mlIntegrationService = new MLIntegrationService(); this.domScanner = new DomScanner(this.patternService, this.analysisCache, this.mlIntegrationService, this); // Check whitelist and setup listeners this.checkInitialWhitelist(); this.setupListeners(); } } // Example: Check if current URL is whitelisted async checkInitialWhitelist() { const hostname = window.location.hostname; const result = await chrome.storage.local.get('whitelist'); const whitelist = result.whitelist || []; this.isUrlWhitelisted = whitelist.includes(hostname); return this.isUrlWhitelisted; } // Example: Log a blocked smuggling attempt logWarning(elementsRemoved, scriptsDisabled, svgScriptsNeutralized, embedElementsRemoved, detectedPatterns) { const message = `HTML Smuggling attempt blocked. Patterns: ${detectedPatterns.join(', ')}`; console.warn(message); chrome.runtime.sendMessage({ action: "logWarning", message: message, patterns: detectedPatterns }); } ``` -------------------------------- ### MLMonitor Class Overview Source: https://context7.com/rootup/smuggleshield/llms.txt This snippet provides an overview of the MLMonitor class, its constructor, and its core methods for tracking ML model performance. ```APIDOC ## MLMonitor Class The `MLMonitor` class tracks and reports ML model performance metrics including accuracy, confidence scores, feature importance, and learning progress. It provides insights into how well the detection system is performing. ### Constructor Initializes the `MLMonitor` with default metrics and loads existing metrics if available. ### Methods - `recordPrediction(prediction, features)`: Records a prediction, updating total detections, confidence scores, and feature importance. - `recordValidation(wasCorrect)`: Records the validation result of a prediction to update accuracy metrics. - `getPerformanceReport()`: Returns a comprehensive performance report including accuracy, total detections, average confidence, top features, learning progress, and recent performance. - `getTopFeatures(n)`: Calculates and returns the top N most important features based on their impact and occurrences. ``` -------------------------------- ### Initialize DomScanner Class Source: https://context7.com/rootup/smuggleshield/llms.txt Constructor for the DomScanner class. Requires services for pattern matching, analysis caching, ML integration, and a blocker reference. ```javascript class DomScanner { constructor(patternService, analysisCache, mlIntegrationService, htmlSmugglingBlockerRef) { this.patternService = patternService; this.analysisCache = analysisCache; this.mlIntegrationService = mlIntegrationService; this.blocker = htmlSmugglingBlockerRef; this.observer = null; } ``` -------------------------------- ### Implement PatternService for HTML Smuggling Detection Source: https://context7.com/rootup/smuggleshield/llms.txt The PatternService class initializes with a list of patterns and a threshold, providing an analyze method to evaluate content. It optimizes performance by checking high-weight patterns first and includes an early exit for short content. ```javascript class PatternService { constructor(suspiciousPatterns, threshold) { this.threshold = threshold; // Default: 4 this.suspiciousPatterns = suspiciousPatterns.map(({ pattern, weight }) => ({ pattern: new RegExp(pattern, 'is'), weight, category: this.categorizePattern(pattern.source) })); this.patternsByWeight = this.groupPatternsByWeight(); this.metrics = { matchCount: 0 }; } // Analyze content and return detection results analyze(content) { let score = 0; const detectedPatterns = []; // Early exit for small content if (content.length < 50) { return { isSuspicious: false, detectedPatterns: [], score: 0 }; } // Quick check for common smuggling indicators const quickCheck = /blob|atob|download|base64|arraybuffer|uint8array|createobjecturl|fromcharcode/i; if (!quickCheck.test(content)) { return { isSuspicious: false, detectedPatterns: [], score: 0 }; } // Check high-weight patterns first (weight >= 3) const highWeightPatterns = Object.keys(this.patternsByWeight) .filter(weight => parseInt(weight) >= 3) .flatMap(weight => this.patternsByWeight[weight]); for (const { pattern, weight } of highWeightPatterns) { if (pattern.test(content)) { score += weight; detectedPatterns.push(pattern.toString()); this.metrics.matchCount++; if (score >= this.threshold) { return { isSuspicious: true, detectedPatterns, score }; } } } return { isSuspicious: score >= this.threshold, detectedPatterns, score }; } } // Example usage: const patternService = new PatternService([ { pattern: /atob\s*\([^)]+\).*new\s+uint8array/is, weight: 3 }, { pattern: /new\s+blob\s*\(\s*\[\s*(?:data|atob\s*\()/i, weight: 3 } ], 4); const result = patternService.analyze(suspiciousScriptContent); // Result: { isSuspicious: true, detectedPatterns: [...], score: 6 } ``` -------------------------------- ### Define MLMonitor Class Source: https://context7.com/rootup/smuggleshield/llms.txt Initializes the MLMonitor class with default metrics and provides methods for tracking predictions and generating performance reports. ```javascript class MLMonitor { constructor() { this.metrics = { totalDetections: 0, truePositives: 0, falsePositives: 0, modelAccuracy: 0, confidenceScores: [], featureImportance: new Map([ ['base64Length', { totalImpact: 0, occurrences: 0 }], ['blobUsage', { totalImpact: 0, occurrences: 0 }], ['downloadAttr', { totalImpact: 0, occurrences: 0 }], ['scriptDensity', { totalImpact: 0, occurrences: 0 }], ['encodingFunctions', { totalImpact: 0, occurrences: 0 }], ['binaryManipulation', { totalImpact: 0, occurrences: 0 }] ]), learningProgress: [] }; this.loadMetrics(); } // Record a prediction for tracking recordPrediction(prediction, features) { this.metrics.totalDetections++; this.metrics.confidenceScores.push(prediction.confidence); // Update feature importance for (const [feature, value] of Object.entries(features)) { if (value > 0.1) { const current = this.metrics.featureImportance.get(feature) || { totalImpact: 0, occurrences: 0 }; this.metrics.featureImportance.set(feature, { totalImpact: current.totalImpact + (value * prediction.confidence), occurrences: current.occurrences + 1 }); } } this.debouncedSave(); } // Record validation result for accuracy tracking recordValidation(wasCorrect) { if (wasCorrect) { this.metrics.truePositives++; } else { this.metrics.falsePositives++; } this.updateAccuracy(); } // Get comprehensive performance report getPerformanceReport() { return { accuracy: this.metrics.modelAccuracy, totalDetections: this.metrics.totalDetections, averageConfidence: this.getAverageConfidence(), topFeatures: this.getTopFeatures(5), learningProgress: this.metrics.learningProgress, recentPerformance: this.getRecentPerformance() }; } // Get top N most important features getTopFeatures(n) { return Array.from(this.metrics.featureImportance.entries()) .map(([feature, {totalImpact, occurrences}]) => ({ feature, importance: totalImpact / occurrences })) .sort((a, b) => b.importance - a.importance) .slice(0, n); } } ``` -------------------------------- ### Manage Whitelist via DashboardManager Source: https://context7.com/rootup/smuggleshield/llms.txt Methods for adding, removing, and persisting whitelisted domains while notifying background scripts and refreshing tabs. ```javascript // DashboardManager whitelist methods // Add a URL to the whitelist async addUrl() { const rawUrl = this.urlInput.value.trim(); // Parse URL and extract hostname const urlObj = new URL(rawUrl); const hostname = urlObj.hostname.trim().toLowerCase(); // Validate hostname if (!this.isValidHostname(hostname)) { this.showNotification('Invalid hostname', 'error'); return; } // Get current whitelist and add new hostname const result = await chrome.storage.local.get('whitelist'); const whitelist = result.whitelist || []; if (whitelist.includes(hostname)) { this.showNotification('Domain already whitelisted', 'error'); return; } whitelist.push(hostname); await this.saveWhitelist(whitelist); this.showNotification('Hostname added to whitelist', 'success'); } // Remove a URL from the whitelist async removeUrl(hostname) { const result = await chrome.storage.local.get('whitelist'); const whitelist = result.whitelist || []; const newWhitelist = whitelist.filter(url => url !== hostname); await this.saveWhitelist(newWhitelist); this.showNotification('URL removed from whitelist', 'success'); } // Save whitelist and notify all tabs async saveWhitelist(whitelist) { await chrome.storage.local.set({ whitelist }); // Notify background script await chrome.runtime.sendMessage({ action: "whitelistUpdated" }); // Reload tabs that are now whitelisted const tabs = await chrome.tabs.query({}); for (const tab of tabs) { if (tab.url && tab.url.startsWith('http')) { const tabHostname = new URL(tab.url).hostname; if (whitelist.includes(tabHostname)) { setTimeout(() => chrome.tabs.reload(tab.id), 100); } } } return true; } // Example: Add domain via Chrome storage API directly chrome.storage.local.get('whitelist', (result) => { const whitelist = result.whitelist || []; whitelist.push('trusted-domain.com'); chrome.storage.local.set({ whitelist }, () => { chrome.runtime.sendMessage({ action: "whitelistUpdated" }); }); }); ``` -------------------------------- ### Background Service Worker Configuration and Message Handling Source: https://context7.com/rootup/smuggleshield/llms.txt Defines the configuration for suspicious URL patterns and headers, and sets up message handlers for various actions like URL analysis, log export, configuration updates, and whitelist notifications. Requires the Chrome extension API. ```javascript // Configuration for the background service const config = { suspiciousURLPatterns: [ /data:application\/octet-stream/i, /data:application\/x-rar-compressed/i, /blob:/i, /javascript:/i ], suspiciousHeaders: ['content-disposition', 'content-type'], logRetentionDays: 10, cacheDurationMs: 5 * 60 * 1000, whitelistEnabled: true }; // Check if URL is whitelisted async function isWhitelisted(url) { const urlObj = new URL(url); const hostname = urlObj.hostname.toLowerCase(); const result = await chrome.storage.local.get('whitelist'); const whitelist = result.whitelist || []; return whitelist.map(h => h.toLowerCase()).includes(hostname); } // Message handlers in background.js chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { switch (request.action) { case "analyzeURL": // Analyze URL for suspicious patterns isWhitelisted(request.url).then(whitelisted => { if (whitelisted) { sendResponse({isSuspicious: false, whitelisted: true}); } else { const result = memoizedAnalyzeURL(request.url); sendResponse({isSuspicious: result.isSuspicious, whitelisted: false}); } }); return true; // Keep channel open for async response case "exportLogs": // Export blocked content logs chrome.storage.local.get(['blockedLogs'], (result) => { sendResponse({ logs: result.blockedLogs || [] }); }); return true; case "updateConfig": // Update extension configuration if (request.newConfig && typeof request.newConfig === 'object') { Object.assign(config, request.newConfig); sendResponse({success: true}); } return true; case "whitelistUpdated": // Notify all tabs of whitelist changes notifyWhitelistChange(); sendResponse({success: true}); return true; } }); ``` -------------------------------- ### Manage Blocked Content Logs Source: https://context7.com/rootup/smuggleshield/llms.txt Functions for logging blocked smuggling attempts in the background and exporting those logs as a downloadable JSON file. ```javascript // Log blocked content in background.js function logBlockedContent(url, patterns, timestamp) { const validatedUrl = (typeof url === 'string' && url.length > 0) ? url : "Invalid URL"; const validatedPatterns = Array.isArray(patterns) ? patterns : ["Unknown Pattern"]; chrome.storage.local.get(['blockedLogs'], function(result) { let logs = result.blockedLogs || []; // Add new log entry logs.push({ url: validatedUrl, patterns: validatedPatterns, timestamp }); // Remove logs older than retention period (10 days) const retentionDate = Date.now() - (config.logRetentionDays * 24 * 60 * 60 * 1000); logs = logs.filter(log => log.timestamp > retentionDate); chrome.storage.local.set({ blockedLogs: logs }); }); } // Export logs from dashboard async handleExport() { const response = await new Promise((resolve, reject) => { chrome.runtime.sendMessage({action: "exportLogs"}, (response) => { if (chrome.runtime.lastError) { reject(chrome.runtime.lastError); } else { resolve(response); } }); }); if (!response?.logs?.length) { this.showNotification('No logs available to export', 'warning'); return; } // Create downloadable JSON file const blob = new Blob([JSON.stringify(response.logs, null, 2)], { type: "application/json" }); const url = URL.createObjectURL(blob); const a = document.createElement('a'); a.href = url; a.download = `smuggleshield_logs_${new Date().toISOString()}.json`; document.body.appendChild(a); a.click(); document.body.removeChild(a); URL.revokeObjectURL(url); } // Example exported log format: // [ // { // "url": "https://malicious-site.com/payload", // "patterns": ["/atob\\s*\\([^)]+\\).*new\\s+uint8array/is", "/new\\s+blob/i"], // "timestamp": 1704067200000 // } // ] ``` -------------------------------- ### Perform Initial Targeted Scan Source: https://context7.com/rootup/smuggleshield/llms.txt Scans the DOM for specific suspicious elements like inline scripts, data/blob download links, embeds, and SVGs with scripts. Skips scanning if the current URL is whitelisted. ```javascript async performInitialTargetedScan() { if (this.blocker.isUrlWhitelisted) return; const elementsToScan = document.querySelectorAll( 'script:not([src]), a[download][href^="data:"], a[download][href^="blob:"]', embed, svg, iframe[srcdoc]' ); for (const el of elementsToScan) { if (el && el.parentNode) { await this.analyzeSingleNode(el); } } } ``` -------------------------------- ### Handle Suspicious Node Detection Source: https://context7.com/rootup/smuggleshield/llms.txt Removes detected malicious elements from the DOM, including inline scripts, suspicious download links, embeds, and SVG scripts. Logs a warning and updates blocker status if an element is removed. ```javascript handleSuspiciousNode(node, detectedPatterns) { if (this.blocker.isUrlWhitelisted || !node.parentNode) return; let removed = false; // Remove suspicious inline scripts if (node.tagName === 'SCRIPT' && !node.src) { if (this.patternService.isSuspiciousScript(node.textContent)) { this.removeElement(node); removed = true; } } // Remove suspicious download links else if (node.tagName === 'A' && node.hasAttribute('download') && (node.href.startsWith('data:') || node.href.startsWith('blob:'))) { this.removeElement(node); removed = true; } // Remove embed elements else if (node.tagName === 'EMBED') { this.removeElement(node); removed = true; } // Remove scripts inside SVG else if (node.tagName === 'SVG' && node.querySelector('script')) { node.querySelectorAll('script').forEach(script => this.removeElement(script)); removed = true; } if (removed) { this.blocker.blocked = true; this.blocker.lastBlockedNode = node; this.blocker.logWarning(1, 0, 0, 0, detectedPatterns); } } ``` -------------------------------- ### Remove DOM Element Source: https://context7.com/rootup/smuggleshield/llms.txt Utility function to safely remove a DOM element from its parent. ```javascript removeElement(element) { if (element && element.parentNode) { element.parentNode.removeChild(element); } } } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.