feat: add CSGuard

Author: errorcodeQQ

AniZen/build.gradle.kts

@@ -18,3 +18,4 @@ cloudstream {
     iconUrl = "https://anizen.tr/favicon.png"
     isCrossPlatform = true
 }
+

CSGuard/build.gradle.kts

@@ -0,0 +1,20 @@
+version = 1
+
+cloudstream {
+    description = "Defensive CloudStream plugin that intercepts and neutralizes malicious browser-redirect ad injections from other extensions. Wraps provider Context objects so raw Intent.ACTION_VIEW calls to ad networks are silently dropped to the void."
+    authors = listOf("CSGuard")
+    status = 1
+    tvTypes = listOf("Others")
+    requiresResources = false
+    language = "en"
+    iconUrl = "https://raw.githubusercontent.com/google/material-design-icons/master/png/communication/security/png48/security_48dp.png"
+}
+
+android {
+    namespace = "com.csguard"
+    lint { abortOnError = false }
+    buildFeatures {
+        buildConfig = true
+        viewBinding = false
+    }
+}

CSGuard/gradle.properties

@@ -0,0 +1,3 @@
+org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
+android.useAndroidX=true
+android.enableJetifier=true

CSGuard/src/main/AndroidManifest.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest />

CSGuard/src/main/kotlin/com/csguard/AdBlockList.kt

@@ -0,0 +1,95 @@
+package com.csguard
+
+object AdBlockList {
+
+    val BLOCKED_HOSTS: Set<String> = setOf(
+
+        "omg10.com",
+        "omg1.com", "omg2.com", "omg3.com", "omg4.com", "omg5.com",
+        "omg6.com", "omg7.com", "omg8.com", "omg9.com",
+
+        "propellerads.com", "propeller-tracking.com",
+        "monetag.com", "monetag-handhub.com",
+
+        "adsterra.com", "adsterra.network", "prohitshere.com",
+
+        "hilltopads.com", "hilltopads.net", "hilltopads-delivery.com",
+
+        "popads.net", "popcash.net", "popmyads.com",
+
+        "ad-maven.com", "a-mo.net", "mvn.link",
+
+        "bit.ly", "t.ly", "cutt.ly", "shorturl.at", "tinyurl.com",
+        "shrtco.de", "soo.gd", "s.id", "is.gd", "v.gd",
+        "linkvertise.com", "linkvertise.net",
+
+        "onclickperformance.com", "onclickprediction.com",
+        "onclickscript.com", "highperformanceformat.com",
+        "pushmonetization.com", "realtimepush.com",
+        "highratecpm.com", "profithighrate.com",
+        "crazypushsub.com", "push-notification.tools",
+        "bemobtrcks.com", "bemobpath.com",
+        "go2cloud.org", "go2affise.com",
+        "trackings.selfpublishing.com",
+        "xl-trail.com", "trail_trk.com",
+
+)
+
+val SAFE_HOSTS: Set<String> = setOf(
+
+        "cs.repo", "cloudstream.on.fleek.co",
+        "recloudstream.github.io", "github.com", "raw.githubusercontent.com",
+
+        "t.me", "telegram.me",
+
+        "discord.com", "discord.gg", "patreon.com", "ko-fi.com",
+        "buymeacoffee.com",
+
+        "www.google.com", "duckduckgo.com",
+
+        "wikipedia.org", "imdb.com"
+    )
+
+val NON_MEDIA_PATH_PATTERNS: List<Regex> = listOf(
+        Regex("/\\d+/(\\d{6,})"),         // /4/11104489 style ad zone IDs
+        Regex("/(popunder|popunderinit)"),
+        Regex("/(redirect|go|visit|jump)/[a-zA-Z0-9]+"),
+        Regex("/watch\\?key="),
+        Regex("click\\?"),
+        Regex("/aff(_)?id=")
+    )
+
+        fun isHostBlocked(host: String?): Boolean {
+        if (host.isNullOrBlank()) return false
+        val h = host.lowercase().trim()
+
+        if (h in BLOCKED_HOSTS) return true
+
+        for (blocked in BLOCKED_HOSTS) {
+            if (h == blocked || h.endsWith(".$blocked")) return true
+        }
+        return false
+    }
+
+        fun isHostSafe(host: String?): Boolean {
+        if (host.isNullOrBlank()) return false
+        val h = host.lowercase().trim()
+
+        if (h in SAFE_HOSTS) return true
+        for (safe in SAFE_HOSTS) {
+            if (h == safe || h.endsWith(".$safe")) return true
+        }
+
+        return try {
+            AllowlistStore.isAllowed(h)
+        } catch (_: Throwable) {
+
+            false
+        }
+    }
+
+        fun looksLikeAdPath(url: String?): Boolean {
+        if (url.isNullOrBlank()) return false
+        return NON_MEDIA_PATH_PATTERNS.any { it.containsMatchIn(url) }
+    }
+}

CSGuard/src/main/kotlin/com/csguard/AllowlistStore.kt

@@ -0,0 +1,144 @@
+package com.csguard
+
+import android.content.Context
+import android.content.SharedPreferences
+import android.util.Log
+import org.json.JSONArray
+import org.json.JSONObject
+
+object AllowlistStore {
+
+    private const val TAG = "CSGuard"
+    private const val PREFS_NAME = "csguard_allowlist"
+    private const val KEY_ALWAYS = "always_allow_hosts"
+    private const val KEY_BLOCKED_PROVIDERS = "blocked_providers"
+    private const val KEY_BLOCKED = "blocked_attempts_log"
+    private const val MAX_BLOCKED_LOG = 200
+
+    @Volatile private var prefs: SharedPreferences? = null
+
+    private val sessionAllowOnce = java.util.Collections.synchronizedSet(HashSet<String>())
+
+    fun init(context: Context) {
+        if (prefs != null) return
+        prefs = context.applicationContext.getSharedPreferences(PREFS_NAME, Context.MODE_PRIVATE)
+        Log.i(TAG, "AllowlistStore initialized — alwaysAllow=${alwaysAllow().size} hosts")
+    }
+
+fun alwaysAllow(): Set<String> {
+        val raw = prefs?.getString(KEY_ALWAYS, "[]") ?: "[]"
+        return try {
+            val arr = JSONArray(raw)
+            (0 until arr.length()).map { arr.getString(it).lowercase().trim() }.toSet()
+        } catch (_: Throwable) { emptySet() }
+    }
+
+    fun addAlwaysAllow(host: String): Boolean {
+        val normalized = host.lowercase().trim()
+        if (normalized.isEmpty()) return false
+        val current = alwaysAllow().toMutableSet()
+        if (!current.add(normalized)) return false
+        prefs?.edit()?.putString(KEY_ALWAYS, JSONArray(current.toList()).toString())?.apply()
+        Log.i(TAG, "AllowlistStore: added always-allow → $normalized")
+        return true
+    }
+
+    fun removeAlwaysAllow(host: String): Boolean {
+        val normalized = host.lowercase().trim()
+        val current = alwaysAllow().toMutableSet()
+        if (!current.remove(normalized)) return false
+        prefs?.edit()?.putString(KEY_ALWAYS, JSONArray(current.toList()).toString())?.apply()
+        Log.i(TAG, "AllowlistStore: removed always-allow → $normalized")
+        return true
+    }
+
+fun blockedProviders(): Set<String> {
+        val raw = prefs?.getString(KEY_BLOCKED_PROVIDERS, "[]") ?: "[]"
+        return try {
+            val arr = JSONArray(raw)
+            (0 until arr.length()).map { arr.getString(it).trim() }.toSet()
+        } catch (_: Throwable) { emptySet() }
+    }
+
+    fun addBlockedProvider(providerName: String): Boolean {
+        val normalized = providerName.trim()
+        if (normalized.isEmpty()) return false
+        val current = blockedProviders().toMutableSet()
+        if (!current.add(normalized)) return false
+        prefs?.edit()?.putString(KEY_BLOCKED_PROVIDERS, JSONArray(current.toList()).toString())?.apply()
+        Log.i(TAG, "AllowlistStore: added blocked provider → $normalized")
+        return true
+    }
+
+    fun removeBlockedProvider(providerName: String): Boolean {
+        val normalized = providerName.trim()
+        val current = blockedProviders().toMutableSet()
+        if (!current.remove(normalized)) return false
+        prefs?.edit()?.putString(KEY_BLOCKED_PROVIDERS, JSONArray(current.toList()).toString())?.apply()
+        Log.i(TAG, "AllowlistStore: removed blocked provider → $normalized")
+        return true
+    }
+
+fun allowOnce(host: String) {
+        sessionAllowOnce.add(host.lowercase().trim())
+        Log.i(TAG, "AllowlistStore: allow-once (session) → $host")
+    }
+
+    fun clearSessionAllowOnce() {
+        sessionAllowOnce.clear()
+    }
+
+fun isAllowed(host: String?): Boolean {
+        if (host.isNullOrBlank()) return false
+        val h = host.lowercase().trim()
+        if (h in sessionAllowOnce) return true
+        val always = alwaysAllow()
+        if (h in always) return true
+
+        for (allowed in always) {
+            if (h.endsWith(".$allowed")) return true
+        }
+        return false
+    }
+
+data class BlockedEntry(
+        val url: String,
+        val caller: String,
+        val timestamp: Long
+    )
+
+    fun blockedLog(): List<BlockedEntry> {
+        val raw = prefs?.getString(KEY_BLOCKED, "[]") ?: "[]"
+        return try {
+            val arr = JSONArray(raw)
+            (0 until arr.length()).map { idx ->
+                val obj = arr.getJSONObject(idx)
+                BlockedEntry(
+                    url = obj.optString("url"),
+                    caller = obj.optString("caller"),
+                    timestamp = obj.optLong("ts")
+                )
+            }
+        } catch (_: Throwable) { emptyList() }
+    }
+
+    fun recordBlocked(url: String, caller: String) {
+        val current = blockedLog().toMutableList()
+        current.add(0, BlockedEntry(url, caller, System.currentTimeMillis()))
+
+        val trimmed = current.take(MAX_BLOCKED_LOG)
+        val arr = JSONArray()
+        for (entry in trimmed) {
+            val obj = JSONObject()
+            obj.put("url", entry.url)
+            obj.put("caller", entry.caller)
+            obj.put("ts", entry.timestamp)
+            arr.put(obj)
+        }
+        prefs?.edit()?.putString(KEY_BLOCKED, arr.toString())?.apply()
+    }
+
+    fun clearBlockedLog() {
+        prefs?.edit()?.remove(KEY_BLOCKED)?.apply()
+    }
+}

CSGuard/src/main/kotlin/com/csguard/BlockedLog.kt

@@ -0,0 +1,21 @@
+package com.csguard
+
+object BlockedLog {
+    @JvmStatic
+    fun record(url: String, caller: String) {
+        try {
+            AllowlistStore.recordBlocked(url, caller)
+        } catch (_: Throwable) {
+
+        }
+    }
+
+    @JvmStatic
+    fun all(): List<AllowlistStore.BlockedEntry> =
+        try { AllowlistStore.blockedLog() } catch (_: Throwable) { emptyList() }
+
+    @JvmStatic
+    fun clear() {
+        try { AllowlistStore.clearBlockedLog() } catch (_: Throwable) {}
+    }
+}