Conversation
Standalone tool for validating Declarative Net Request rulesets against WebKit's content extension translator. Ships prebuilt Linux x64 and macOS arm64 binaries from a GitHub Actions release workflow so Ghostery engineers can vet rulesets without a full WebKit build.
|
|
||
| bool characterClassMayContainStrings(BuiltInCharacterClassID) | ||
| { | ||
| return false; |
Member
There was a problem hiding this comment.
Since it is expected to be never called, you can crash (in all three cases):
std::abort();
When I try, it is not reached. But then you have guarantees that it was never called in a run.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a CLI tool that validates Declarative Net Request rulesets against WebKit's actual URL filter parser — the same code Safari runs at match time — so extension developers find out which rules will silently fail to block before shipping to Safari users.
Both
regexFilterand Chrome-styleurlFilterpatterns (e.g.||tracker.example.com^) are checked. urlFilter rules go through the same anchor/escape/wildcard conversion WebKit applies at runtime; errors are reported against the pattern the author wrote, not the converted form.What's included
ghostery/validate-dnr-rules/— Standalone C++ tool that links against WebKit's own WTF library and compilesURLFilterParser.cppdirectly. Builds into a single ~900 KB binary on Linux and macOS via WebKit's existing CMake (-DPORT=JSCOnly -DUSE_SYSTEM_MALLOC=ON). No WebKit source is duplicated — every commit on this fork stays in sync automatically..github/workflows/validate-dnr-rules.yml— Builds on ubuntu-24.04 (x64) and macOS arm64 on pushes and PRs toghostery. On merge toghostery, publishes a GitHub Release with both binaries attached (macOS ad-hoc signed for Gatekeeper).Tools/Scripts/validate-dnr-rules— Shell wrapper that compiles a small ObjC++ tool on-the-fly against a locally-builtWebKit.framework. Exercises the full DNR translator pipeline (JSON → WebKit-native rules → content-blocker bytecode) and optionally compiles end-to-end with--compile. Useful for WebKit developers iterating on DNR/content-extension changes:CMakeLists.txt— one-line hook toadd_subdirectory(ghostery/validate-dnr-rules)at the repo root.Usage
Each error is tagged
[regex]or[url]so authors know which field the failing pattern came from. Exit code is 0 on success, 1 with per-rule details on failure — suitable for extension CI pipelines.Test plan
dist/rule_resources/dnr-ads.jsonfrom the ghostery-extension build). Verify the tool reports per-rule errors, ends withFAILED: N error(s) found., and exits non-zero.||example.com^). Verify it printsOK: All rules validated successfully.and exits 0.ghostery, confirm a new release appears with both the Linux x64 and macOS arm64 binaries attached, and that the macOS binary runs without a Gatekeeper prompt on Apple Silicon.