2019-01-22 19:24:46 +00:00
|
|
|
const { expect } = require('chai')
|
|
|
|
const { remote } = require('electron')
|
|
|
|
const path = require('path')
|
2019-06-20 10:10:56 +00:00
|
|
|
const http = require('http')
|
2019-01-22 19:24:46 +00:00
|
|
|
|
|
|
|
const { emittedNTimes, emittedOnce } = require('./events-helpers')
|
|
|
|
const { closeWindow } = require('./window-helpers')
|
|
|
|
|
2019-06-20 10:10:56 +00:00
|
|
|
const { app, BrowserWindow, ipcMain } = remote
|
2019-01-22 19:24:46 +00:00
|
|
|
|
|
|
|
describe('renderer nodeIntegrationInSubFrames', () => {
|
2019-03-07 22:46:57 +00:00
|
|
|
const generateTests = (description, webPreferences) => {
|
|
|
|
describe(description, () => {
|
2019-03-15 17:39:20 +00:00
|
|
|
const fixtureSuffix = webPreferences.webviewTag ? '-webview' : ''
|
2019-01-22 19:24:46 +00:00
|
|
|
let w
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
await closeWindow(w)
|
|
|
|
w = new BrowserWindow({
|
|
|
|
show: false,
|
|
|
|
width: 400,
|
|
|
|
height: 400,
|
2019-03-15 17:39:20 +00:00
|
|
|
webPreferences
|
2019-01-22 19:24:46 +00:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
afterEach(() => {
|
2019-03-07 22:46:57 +00:00
|
|
|
return closeWindow(w).then(() => {
|
|
|
|
w = null
|
|
|
|
})
|
2019-01-22 19:24:46 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should load preload scripts in top level iframes', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 2)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1, event2] = await detailsPromise
|
|
|
|
expect(event1[0].frameId).to.not.equal(event2[0].frameId)
|
|
|
|
expect(event1[0].frameId).to.equal(event1[2])
|
|
|
|
expect(event2[0].frameId).to.equal(event2[2])
|
|
|
|
})
|
|
|
|
|
|
|
|
it('should load preload scripts in nested iframes', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 3)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`))
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1, event2, event3] = await detailsPromise
|
|
|
|
expect(event1[0].frameId).to.not.equal(event2[0].frameId)
|
|
|
|
expect(event1[0].frameId).to.not.equal(event3[0].frameId)
|
|
|
|
expect(event2[0].frameId).to.not.equal(event3[0].frameId)
|
|
|
|
expect(event1[0].frameId).to.equal(event1[2])
|
|
|
|
expect(event2[0].frameId).to.equal(event2[2])
|
|
|
|
expect(event3[0].frameId).to.equal(event3[2])
|
|
|
|
})
|
|
|
|
|
|
|
|
it('should correctly reply to the main frame with using event.reply', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 2)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
|
2019-01-22 19:24:46 +00:00
|
|
|
const [event1] = await detailsPromise
|
|
|
|
const pongPromise = emittedOnce(remote.ipcMain, 'preload-pong')
|
|
|
|
event1[0].reply('preload-ping')
|
|
|
|
const details = await pongPromise
|
|
|
|
expect(details[1]).to.equal(event1[0].frameId)
|
|
|
|
})
|
|
|
|
|
|
|
|
it('should correctly reply to the sub-frames with using event.reply', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 2)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
|
2019-01-22 19:24:46 +00:00
|
|
|
const [, event2] = await detailsPromise
|
|
|
|
const pongPromise = emittedOnce(remote.ipcMain, 'preload-pong')
|
|
|
|
event2[0].reply('preload-ping')
|
|
|
|
const details = await pongPromise
|
|
|
|
expect(details[1]).to.equal(event2[0].frameId)
|
|
|
|
})
|
|
|
|
|
|
|
|
it('should correctly reply to the nested sub-frames with using event.reply', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 3)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-with-frame-container${fixtureSuffix}.html`))
|
2019-03-07 22:46:57 +00:00
|
|
|
const [, , event3] = await detailsPromise
|
2019-01-22 19:24:46 +00:00
|
|
|
const pongPromise = emittedOnce(remote.ipcMain, 'preload-pong')
|
|
|
|
event3[0].reply('preload-ping')
|
|
|
|
const details = await pongPromise
|
|
|
|
expect(details[1]).to.equal(event3[0].frameId)
|
|
|
|
})
|
2019-03-07 22:46:57 +00:00
|
|
|
|
|
|
|
it('should not expose globals in main world', async () => {
|
|
|
|
const detailsPromise = emittedNTimes(remote.ipcMain, 'preload-ran', 2)
|
2019-03-15 17:39:20 +00:00
|
|
|
w.loadFile(path.resolve(__dirname, `fixtures/sub-frames/frame-container${fixtureSuffix}.html`))
|
2019-03-07 22:46:57 +00:00
|
|
|
const details = await detailsPromise
|
|
|
|
const senders = details.map(event => event[0].sender)
|
2019-04-30 14:08:33 +00:00
|
|
|
await new Promise(async resolve => {
|
2019-03-07 22:46:57 +00:00
|
|
|
let resultCount = 0
|
2019-04-30 14:08:33 +00:00
|
|
|
senders.forEach(async sender => {
|
|
|
|
const result = await sender.webContents.executeJavaScript('window.isolatedGlobal')
|
|
|
|
if (webPreferences.contextIsolation) {
|
|
|
|
expect(result).to.be.null()
|
|
|
|
} else {
|
|
|
|
expect(result).to.equal(true)
|
|
|
|
}
|
|
|
|
resultCount++
|
|
|
|
if (resultCount === senders.length) resolve()
|
2019-03-07 22:46:57 +00:00
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
2019-01-22 19:24:46 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2019-03-15 17:39:20 +00:00
|
|
|
const generateConfigs = (webPreferences, ...permutations) => {
|
|
|
|
const configs = [{ webPreferences, names: [] }]
|
|
|
|
for (let i = 0; i < permutations.length; i++) {
|
|
|
|
const length = configs.length
|
|
|
|
for (let j = 0; j < length; j++) {
|
|
|
|
const newConfig = Object.assign({}, configs[j])
|
|
|
|
newConfig.webPreferences = Object.assign({},
|
|
|
|
newConfig.webPreferences, permutations[i].webPreferences)
|
|
|
|
newConfig.names = newConfig.names.slice(0)
|
|
|
|
newConfig.names.push(permutations[i].name)
|
|
|
|
configs.push(newConfig)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return configs.map(config => {
|
|
|
|
if (config.names.length > 0) {
|
|
|
|
config.title = `with ${config.names.join(', ')} on`
|
|
|
|
} else {
|
|
|
|
config.title = `without anything special turned on`
|
|
|
|
}
|
|
|
|
delete config.names
|
|
|
|
|
|
|
|
return config
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
generateConfigs(
|
|
|
|
{
|
|
|
|
preload: path.resolve(__dirname, 'fixtures/sub-frames/preload.js'),
|
|
|
|
nodeIntegrationInSubFrames: true
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'sandbox',
|
|
|
|
webPreferences: { sandbox: true }
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'context isolation',
|
|
|
|
webPreferences: { contextIsolation: true }
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'webview',
|
|
|
|
webPreferences: { webviewTag: true, preload: false }
|
|
|
|
}
|
|
|
|
).forEach(config => {
|
|
|
|
generateTests(config.title, config.webPreferences)
|
|
|
|
})
|
2019-01-22 19:24:46 +00:00
|
|
|
})
|
2019-06-20 10:10:56 +00:00
|
|
|
|
|
|
|
describe('cross-site frame sandboxing', () => {
|
|
|
|
let server = null
|
|
|
|
|
|
|
|
beforeEach(function () {
|
|
|
|
if (process.platform === 'linux') {
|
|
|
|
this.skip()
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
before(function (done) {
|
|
|
|
server = http.createServer((req, res) => {
|
|
|
|
res.end(`<iframe name="frame" src="${server.cross_site_url}" />`)
|
|
|
|
})
|
|
|
|
server.listen(0, '127.0.0.1', () => {
|
|
|
|
server.url = `http://127.0.0.1:${server.address().port}/`
|
|
|
|
server.cross_site_url = `http://localhost:${server.address().port}/`
|
|
|
|
done()
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
after(() => {
|
|
|
|
server.close()
|
|
|
|
server = null
|
|
|
|
})
|
|
|
|
|
|
|
|
const fixtures = path.resolve(__dirname, 'fixtures')
|
|
|
|
const preload = path.join(fixtures, 'module', 'preload-pid.js')
|
|
|
|
|
|
|
|
let w
|
|
|
|
|
|
|
|
afterEach(() => {
|
|
|
|
return closeWindow(w).then(() => {
|
|
|
|
w = null
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
const generateSpecs = (description, webPreferences) => {
|
|
|
|
describe(description, () => {
|
|
|
|
it('iframe process is sandboxed if possible', async () => {
|
|
|
|
w = new BrowserWindow({
|
|
|
|
show: false,
|
|
|
|
webPreferences
|
|
|
|
})
|
|
|
|
|
|
|
|
await w.loadURL(server.url)
|
|
|
|
|
|
|
|
const pidMain = w.webContents.getOSProcessId()
|
|
|
|
const pidFrame = w.webContents._getOSProcessIdForFrame('frame', server.cross_site_url)
|
|
|
|
|
|
|
|
const metrics = app.getAppMetrics()
|
|
|
|
const isProcessSandboxed = function (pid) {
|
|
|
|
const entry = metrics.filter(metric => metric.pid === pid)[0]
|
|
|
|
return entry && entry.sandboxed
|
|
|
|
}
|
|
|
|
|
|
|
|
const sandboxMain = !!(webPreferences.sandbox || process.mas)
|
|
|
|
const sandboxFrame = sandboxMain || !webPreferences.nodeIntegrationInSubFrames
|
|
|
|
|
|
|
|
expect(isProcessSandboxed(pidMain)).to.equal(sandboxMain)
|
|
|
|
expect(isProcessSandboxed(pidFrame)).to.equal(sandboxFrame)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = false, sandbox = false', {
|
|
|
|
nodeIntegrationInSubFrames: false,
|
|
|
|
sandbox: false
|
|
|
|
})
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = false, sandbox = true', {
|
|
|
|
nodeIntegrationInSubFrames: false,
|
|
|
|
sandbox: true
|
|
|
|
})
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = true, sandbox = false', {
|
|
|
|
nodeIntegrationInSubFrames: true,
|
|
|
|
sandbox: false
|
|
|
|
})
|
|
|
|
|
|
|
|
generateSpecs('nodeIntegrationInSubFrames = true, sandbox = true', {
|
|
|
|
nodeIntegrationInSubFrames: true,
|
|
|
|
sandbox: true
|
|
|
|
})
|
|
|
|
})
|