AG-35350 fix restricted domain for $to modifier

Merge in ADGUARD-FILTERS/tsurlfilter from fix/AG-35350 to master Squashed commit of the following: commit 689b985 Author: Maxim Topciu <mtopciu@adguard.com> Date: Wed Aug 21 18:43:35 2024 +0300 AG-35350 update changelog commit 756aa83 Author: Maxim Topciu <mtopciu@adguard.com> Date: Wed Aug 21 18:29:44 2024 +0300 AG-35350 fix restricted domain for $to modifier
AdguardTeam · Aug 21, 2024 · b97a6a6 · b97a6a6
1 parent 73ce48b
commit b97a6a6
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 14 deletions.
diff --git a/packages/tsurlfilter/CHANGELOG.md b/packages/tsurlfilter/CHANGELOG.md
@@ -8,6 +8,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <!-- TODO: manually add compare links for version changes -->
 <!-- e.g. [1.0.77]: https://github.com/AdguardTeam/tsurlfilter/compare/tsurlfilter-v1.0.76...tsurlfilter-v1.0.77 -->
 
+## [Unreleased]
+
+### Fixed
+
+- Negated domains in the $to modifier are not working as expected [AdguardBrowserExtension#2910]
+
+[AdguardBrowserExtension#2910]: https://github.com/AdguardTeam/AdguardBrowserExtension/issues/2910
+
 ## [3.0.0] - 2024-08-15
 
 ### Added

diff --git a/packages/tsurlfilter/src/rules/network-rule.ts b/packages/tsurlfilter/src/rules/network-rule.ts
@@ -809,28 +809,30 @@ export class NetworkRule implements rule.IRule {
     }
 
     /**
-     * Checks if request target matches with specified domains
+     * Checks if the request domain matches the specified conditions.
      *
-     * @param domain request's domain
-     * @return true if request domain matches with specified domains
+     * @param domain The request's domain.
+     * @return true if the request domain matches the permitted domains and does not match the restricted domains.
      */
     private matchToModifier(domain: string): boolean {
         if (!this.toModifier) {
             return true;
         }
         /**
-         * Request's domain must be either explicitly
-         * permitted and not be included in list of restricted domains
-         * for the rule to apply
+         * The request's domain must be either explicitly permitted or not be included
+         * in the list of restricted domains for the rule to apply.
          */
         const permittedDomains = this.getPermittedToDomains();
         const restrictedDomains = this.getRestrictedToDomains();
-        const isPermittedDomain = !!permittedDomains
-            && DomainModifier.isDomainOrSubdomainOfAny(domain, permittedDomains);
-        const isRestrictedDomain = !!restrictedDomains
-            && DomainModifier.isDomainOrSubdomainOfAny(domain, restrictedDomains);
 
-        return isPermittedDomain && !isRestrictedDomain;
+        let matches = false;
+        if (permittedDomains) {
+            matches = DomainModifier.isDomainOrSubdomainOfAny(domain, permittedDomains);
+        }
+        if (restrictedDomains) {
+            matches = !DomainModifier.isDomainOrSubdomainOfAny(domain, restrictedDomains);
+        }
+        return matches;
     }
 
     /**

diff --git a/packages/tsurlfilter/test/rules/network-rule.test.ts b/packages/tsurlfilter/test/rules/network-rule.test.ts
@@ -1330,19 +1330,26 @@ describe('NetworkRule.match', () => {
         expect(rule.getRestrictedToDomains()).toHaveLength(1);
         expect(rule.getPermittedToDomains()).toHaveLength(1);
 
-        // Correctly matches domain that is specified in permitted domains list
+        // Correctly matches a domain specified in the permitted domains list
         rule = createNetworkRule('/ads^$to=evil.com', 0);
         request = new Request('https://evil.com/ads', 'https://example.org/', RequestType.Script);
         expect(rule.match(request)).toBeTruthy();
         request = new Request('https://good.com/ads', 'https://example.org/', RequestType.Script);
         expect(rule.match(request)).toBeFalsy();
 
-        // Correctly matches subdomain that is specified in permitted domains list
+        // Correctly matches a domain specified in the restricted domains list
+        rule = createNetworkRule('/ads^$to=~evil.com', 0);
+        request = new Request('https://evil.com/ads', 'https://example.org/', RequestType.Script);
+        expect(rule.match(request)).toBeFalsy();
+        request = new Request('https://good.com/ads', 'https://example.org/', RequestType.Script);
+        expect(rule.match(request)).toBeTruthy();
+
+        // Correctly matches a subdomain specified in the permitted domains list
         rule = createNetworkRule('/ads^$to=sub.evil.com', 0);
         request = new Request('https://sub.evil.com/ads', 'https://example.org/', RequestType.Image);
         expect(rule.match(request)).toBeTruthy();
 
-        // Inverted value excludes subdomain from matching
+        // The inverted value excludes a subdomain from matching
         rule = createNetworkRule('/ads^$to=evil.com|~sub.one.evil.com', 0);
 
         request = new Request('https://evil.com/ads', 'https://example.org/', RequestType.Script);