fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14345)

This commit is contained in:
Milan Burda 2018-08-29 02:51:07 +02:00 committed by Charles Kerr
parent b1c22ba531
commit 3301e05f33
3 changed files with 58 additions and 48 deletions

View file

@ -1,48 +1,17 @@
Object.defineProperties(exports, {
ipcRenderer: {
enumerable: true,
get: function () {
return require('../ipc-renderer')
}
},
remote: {
enumerable: true,
get: function () {
return require('../../../renderer/api/remote')
}
},
webFrame: {
enumerable: true,
get: function () {
return require('../../../renderer/api/web-frame')
}
},
crashReporter: {
enumerable: true,
get: function () {
return require('../../../common/api/crash-reporter')
}
},
CallbacksRegistry: {
get: function () {
return require('../../../common/api/callbacks-registry')
}
},
isPromise: {
get: function () {
return require('../../../common/api/is-promise')
}
},
// XXX(alexeykuzmin): It won't be available if the Desktop Capturer
// was disabled during build time.
desktopCapturer: {
get: function () {
return require('../../../renderer/api/desktop-capturer')
}
},
nativeImage: {
get: function () {
return require('../../../common/api/native-image')
}
const moduleList = require('../module-list')
for (const {
name,
load,
enabled = true,
private: isPrivate = false
} of moduleList) {
if (!enabled) {
continue
}
})
Object.defineProperty(exports, name, {
enumerable: !isPrivate,
get: load
})
}

View file

@ -0,0 +1,39 @@
const features = process.atomBinding('features')
module.exports = [
{
name: 'CallbacksRegistry',
load: () => require('../../common/api/callbacks-registry'),
private: true
},
{
name: 'crashReporter',
load: () => require('../../common/api/crash-reporter')
},
{
name: 'desktopCapturer',
load: () => require('../../renderer/api/desktop-capturer'),
enabled: features.isDesktopCapturerEnabled()
},
{
name: 'ipcRenderer',
load: () => require('./ipc-renderer')
},
{
name: 'isPromise',
load: () => require('../../common/api/is-promise'),
private: true
},
{
name: 'nativeImage',
load: () => require('../../common/api/native-image')
},
{
name: 'remote',
load: () => require('../../renderer/api/remote')
},
{
name: 'webFrame',
load: () => require('../../renderer/api/web-frame')
}
]

View file

@ -1,10 +1,12 @@
/* eslint no-eval: "off" */
/* global binding, Buffer */
const events = require('events')
const electron = require('electron')
process.atomBinding = require('../common/atom-binding-setup')(binding.get, 'renderer')
// The electron module depends on process.atomBinding
const electron = require('electron')
const v8Util = process.atomBinding('v8_util')
// Expose browserify Buffer as a hidden value. This is used by C++ code to
// deserialize Buffer instances sent from browser process.