feat: add support for validating asar archives on macOS (#30667)
* feat: add support for validating asar archives on macOS * chore: fix lint * chore: update as per feedback * feat: switch implementation to asar integrity hash checks * feat: make ranged requests work with the asar file validator DataSourceFilter * chore: fix lint * chore: fix missing log include on non-darwin * fix: do not pull block size out of missing optional * fix: match ValidateOrDie symbol on non-darwin * chore: fix up asar specs by repacking archives * fix: maintain integrity chain, do not load file integrity if header integrity was not loaded * debug test * Update node-spec.ts * fix: initialize header_validated_ * chore: update PR per feedback * chore: update per feedback * build: use final asar module * Update fuses.json5
This commit is contained in:
Samuel Attard
GitHub
parent
fcad531f2e
commit
57d088517c
35 changed files with 705 additions and 43 deletions
|
|
@ -6,12 +6,14 @@
|
|||
#define SHELL_COMMON_ASAR_ARCHIVE_H_
|
||||
|
||||
#include <memory>
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
#include <vector>
|
||||
|
||||
#include "base/files/file.h"
|
||||
#include "base/files/file_path.h"
|
||||
#include "base/synchronization/lock.h"
|
||||
#include "third_party/abseil-cpp/absl/types/optional.h"
|
||||
|
||||
namespace base {
|
||||
class DictionaryValue;
|
||||
|
|
@ -21,6 +23,19 @@ namespace asar {
|
|||
|
||||
class ScopedTemporaryFile;
|
||||
|
||||
enum HashAlgorithm {
|
||||
SHA256,
|
||||
NONE,
|
||||
};
|
||||
|
||||
struct IntegrityPayload {
|
||||
IntegrityPayload() : algorithm(HashAlgorithm::NONE), block_size(0) {}
|
||||
HashAlgorithm algorithm;
|
||||
std::string hash;
|
||||
uint32_t block_size;
|
||||
std::vector<std::string> blocks;
|
||||
};
|
||||
|
||||
// This class represents an asar package, and provides methods to read
|
||||
// information from it. It is thread-safe after |Init| has been called.
|
||||
class Archive {
|
||||
|
|
@ -31,6 +46,7 @@ class Archive {
|
|||
bool executable;
|
||||
uint32_t size;
|
||||
uint64_t offset;
|
||||
absl::optional<IntegrityPayload> integrity;
|
||||
};
|
||||
|
||||
struct Stats : public FileInfo {
|
||||
|
|
@ -46,6 +62,9 @@ class Archive {
|
|||
// Read and parse the header.
|
||||
bool Init();
|
||||
|
||||
absl::optional<IntegrityPayload> HeaderIntegrity() const;
|
||||
absl::optional<base::FilePath> RelativePath() const;
|
||||
|
||||
// Get the info of a file.
|
||||
bool GetFileInfo(const base::FilePath& path, FileInfo* info) const;
|
||||
|
||||
|
|
@ -64,12 +83,16 @@ class Archive {
|
|||
bool CopyFileOut(const base::FilePath& path, base::FilePath* out);
|
||||
|
||||
// Returns the file's fd.
|
||||
int GetFD() const;
|
||||
// Using this fd will not validate the integrity of any files
|
||||
// you read out of the ASAR manually. Callers are responsible
|
||||
// for integrity validation after this fd is handed over.
|
||||
int GetUnsafeFD() const;
|
||||
|
||||
base::FilePath path() const { return path_; }
|
||||
|
||||
private:
|
||||
bool initialized_;
|
||||
bool header_validated_ = false;
|
||||
const base::FilePath path_;
|
||||
base::File file_;
|
||||
int fd_ = -1;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue