feat: add support for validating asar archives on macOS (#30667)

* feat: add support for validating asar archives on macOS * chore: fix lint * chore: update as per feedback * feat: switch implementation to asar integrity hash checks * feat: make ranged requests work with the asar file validator DataSourceFilter * chore: fix lint * chore: fix missing log include on non-darwin * fix: do not pull block size out of missing optional * fix: match ValidateOrDie symbol on non-darwin * chore: fix up asar specs by repacking archives * fix: maintain integrity chain, do not load file integrity if header integrity was not loaded * debug test * Update node-spec.ts * fix: initialize header_validated_ * chore: update PR per feedback * chore: update per feedback * build: use final asar module * Update fuses.json5
2021-09-09 14:49:01 -07:00 · 2021-09-09 14:49:01 -07:00 · 57d088517c
commit 57d088517c
parent fcad531f2e
35 changed files with 705 additions and 43 deletions
--- a/shell/common/api/electron_api_asar.cc
+++ b/shell/common/api/electron_api_asar.cc
@ -32,13 +32,12 @@ class Archive : public gin::Wrappable<Archive> {
  gin::ObjectTemplateBuilder GetObjectTemplateBuilder(
      v8::Isolate* isolate) override {
    return gin::ObjectTemplateBuilder(isolate)
-        .SetProperty("path", &Archive::GetPath)
        .SetMethod("getFileInfo", &Archive::GetFileInfo)
        .SetMethod("stat", &Archive::Stat)
        .SetMethod("readdir", &Archive::Readdir)
        .SetMethod("realpath", &Archive::Realpath)
        .SetMethod("copyFileOut", &Archive::CopyFileOut)
-        .SetMethod("getFd", &Archive::GetFD);
+        .SetMethod("getFdAndValidateIntegrityLater", &Archive::GetFD);
  }

  const char* GetTypeName() override { return "Archive"; }
@ -47,9 +46,6 @@ class Archive : public gin::Wrappable<Archive> {
  Archive(v8::Isolate* isolate, std::unique_ptr<asar::Archive> archive)
      : archive_(std::move(archive)) {}

-  // Returns the path of the file.
-  base::FilePath GetPath() { return archive_->path(); }
-
  // Reads the offset and size of file.
  v8::Local<v8::Value> GetFileInfo(v8::Isolate* isolate,
                                   const base::FilePath& path) {
@ -60,6 +56,20 @@ class Archive : public gin::Wrappable<Archive> {
    dict.Set("size", info.size);
    dict.Set("unpacked", info.unpacked);
    dict.Set("offset", info.offset);
+    if (info.integrity.has_value()) {
+      gin_helper::Dictionary integrity(isolate, v8::Object::New(isolate));
+      asar::HashAlgorithm algorithm = info.integrity.value().algorithm;
+      switch (algorithm) {
+        case asar::HashAlgorithm::SHA256:
+          integrity.Set("algorithm", "SHA256");
+          break;
+        case asar::HashAlgorithm::NONE:
+          CHECK(false);
+          break;
+      }
+      integrity.Set("hash", info.integrity.value().hash);
+      dict.Set("integrity", integrity);
+    }
    return dict.GetHandle();
  }

@ -108,7 +118,7 @@ class Archive : public gin::Wrappable<Archive> {
  int GetFD() const {
    if (!archive_)
      return -1;
-    return archive_->GetFD();
+    return archive_->GetUnsafeFD();
  }

 private: