refactor: Port security warnings to TypeScript (#16937)

* refactor: Port security-warnings to TypeScript

* chore: make aliasify work on .ts files as well

* refactor: Implement feedback <3

* refactor: Correctly call executeJavaScript
This commit is contained in:
Felix Rieseberg 2019-02-16 17:06:30 -08:00 committed by Samuel Attard
parent 0a84c61074
commit 6b3ff4f1f7
5 changed files with 27 additions and 22 deletions

View file

@ -70,7 +70,7 @@ filenames = {
"lib/renderer/ipc-renderer-internal-utils.ts", "lib/renderer/ipc-renderer-internal-utils.ts",
"lib/renderer/ipc-renderer-internal.ts", "lib/renderer/ipc-renderer-internal.ts",
"lib/renderer/remote.ts", "lib/renderer/remote.ts",
"lib/renderer/security-warnings.js", "lib/renderer/security-warnings.ts",
"lib/renderer/web-frame-init.js", "lib/renderer/web-frame-init.js",
"lib/renderer/window-setup.ts", "lib/renderer/window-setup.ts",
"lib/renderer/web-view/guest-view-internal.js", "lib/renderer/web-view/guest-view-internal.js",

View file

@ -167,5 +167,6 @@ for (const preloadScript of preloadScripts) {
// Warn about security issues // Warn about security issues
if (process.isMainFrame) { if (process.isMainFrame) {
require('@electron/internal/renderer/security-warnings')(nodeIntegration) const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
securityWarnings(nodeIntegration)
} }

View file

@ -1,6 +1,7 @@
'use strict' import { webFrame } from 'electron'
import { invokeSync } from '@electron/internal/renderer/ipc-renderer-internal-utils'
let shouldLog = null let shouldLog: boolean | null = null
/** /**
* This method checks if a security message should be logged. * This method checks if a security message should be logged.
@ -10,7 +11,7 @@ let shouldLog = null
* *
* @returns {boolean} - Should we log? * @returns {boolean} - Should we log?
*/ */
const shouldLogSecurityWarnings = function () { const shouldLogSecurityWarnings = function (): boolean {
if (shouldLog !== null) { if (shouldLog !== null) {
return shouldLog return shouldLog
} }
@ -63,8 +64,6 @@ const getIsRemoteProtocol = function () {
* @returns {boolean} Is a CSP with `unsafe-eval` set? * @returns {boolean} Is a CSP with `unsafe-eval` set?
*/ */
const isUnsafeEvalEnabled = function () { const isUnsafeEvalEnabled = function () {
const { webFrame } = require('electron')
return new Promise((resolve) => { return new Promise((resolve) => {
webFrame.executeJavaScript(`(${(() => { webFrame.executeJavaScript(`(${(() => {
try { try {
@ -73,7 +72,7 @@ const isUnsafeEvalEnabled = function () {
return false return false
} }
return true return true
}).toString()})()`, resolve) }).toString()})()`, false, resolve)
}) })
} }
@ -117,7 +116,7 @@ const warnAboutInsecureResources = function () {
* *
* Logs a warning message about Node integration. * Logs a warning message about Node integration.
*/ */
const warnAboutNodeWithRemoteContent = function (nodeIntegration) { const warnAboutNodeWithRemoteContent = function (nodeIntegration: boolean) {
if (!nodeIntegration) return if (!nodeIntegration) return
if (getIsRemoteProtocol()) { if (getIsRemoteProtocol()) {
@ -141,7 +140,7 @@ const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
* *
* Logs a warning message about disabled webSecurity. * Logs a warning message about disabled webSecurity.
*/ */
const warnAboutDisabledWebSecurity = function (webPreferences) { const warnAboutDisabledWebSecurity = function (webPreferences?: Electron.WebPreferences) {
if (!webPreferences || webPreferences.webSecurity !== false) return if (!webPreferences || webPreferences.webSecurity !== false) return
const warning = `This renderer process has "webSecurity" disabled. This const warning = `This renderer process has "webSecurity" disabled. This
@ -177,7 +176,7 @@ const warnAboutInsecureCSP = function () {
* *
* Logs a warning message about disabled webSecurity. * Logs a warning message about disabled webSecurity.
*/ */
const warnAboutInsecureContentAllowed = function (webPreferences) { const warnAboutInsecureContentAllowed = function (webPreferences?: Electron.WebPreferences) {
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
const warning = `This renderer process has "allowRunningInsecureContent" const warning = `This renderer process has "allowRunningInsecureContent"
@ -193,7 +192,7 @@ const warnAboutInsecureContentAllowed = function (webPreferences) {
* *
* Logs a warning message about experimental features. * Logs a warning message about experimental features.
*/ */
const warnAboutExperimentalFeatures = function (webPreferences) { const warnAboutExperimentalFeatures = function (webPreferences?: Electron.WebPreferences) {
if (!webPreferences || (!webPreferences.experimentalFeatures)) { if (!webPreferences || (!webPreferences.experimentalFeatures)) {
return return
} }
@ -211,10 +210,10 @@ const warnAboutExperimentalFeatures = function (webPreferences) {
* *
* Logs a warning message about enableBlinkFeatures * Logs a warning message about enableBlinkFeatures
*/ */
const warnAboutEnableBlinkFeatures = function (webPreferences) { const warnAboutEnableBlinkFeatures = function (webPreferences?: Electron.WebPreferences) {
if (webPreferences === null || if (!webPreferences ||
!webPreferences.hasOwnProperty('enableBlinkFeatures') || !webPreferences.hasOwnProperty('enableBlinkFeatures') ||
webPreferences.enableBlinkFeatures.length === 0) { (webPreferences.enableBlinkFeatures && webPreferences.enableBlinkFeatures.length === 0)) {
return return
} }
@ -252,7 +251,9 @@ const warnAboutAllowedPopups = function () {
// Currently missing since we can't easily programmatically check for it: // Currently missing since we can't easily programmatically check for it:
// #12WebViews: Verify the options and params of all `<webview>` tags // #12WebViews: Verify the options and params of all `<webview>` tags
const logSecurityWarnings = function (webPreferences, nodeIntegration) { const logSecurityWarnings = function (
webPreferences: Electron.WebPreferences | undefined, nodeIntegration: boolean
) {
warnAboutNodeWithRemoteContent(nodeIntegration) warnAboutNodeWithRemoteContent(nodeIntegration)
warnAboutDisabledWebSecurity(webPreferences) warnAboutDisabledWebSecurity(webPreferences)
warnAboutInsecureResources() warnAboutInsecureResources()
@ -264,17 +265,14 @@ const logSecurityWarnings = function (webPreferences, nodeIntegration) {
} }
const getWebPreferences = function () { const getWebPreferences = function () {
const ipcRendererUtils = require('@electron/internal/renderer/ipc-renderer-internal-utils')
try { try {
return ipcRendererUtils.invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES') return invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
} catch (error) { } catch (error) {
console.warn(`getLastWebPreferences() failed: ${error}`) console.warn(`getLastWebPreferences() failed: ${error}`)
return null
} }
} }
module.exports = function (nodeIntegration) { export function securityWarnings (nodeIntegration: boolean) {
const loadHandler = function () { const loadHandler = function () {
if (shouldLogSecurityWarnings()) { if (shouldLogSecurityWarnings()) {
const webPreferences = getWebPreferences() const webPreferences = getWebPreferences()

View file

@ -168,5 +168,6 @@ for (const { preloadPath, preloadSrc, preloadError } of preloadScripts) {
// Warn about security issues // Warn about security issues
if (process.isMainFrame) { if (process.isMainFrame) {
require('@electron/internal/renderer/security-warnings')() const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
securityWarnings()
} }

View file

@ -28,3 +28,8 @@ declare namespace NodeJS {
activateUvLoop(): void; activateUvLoop(): void;
} }
} }
declare interface Window {
ELECTRON_DISABLE_SECURITY_WARNINGS?: boolean
ELECTRON_ENABLE_SECURITY_WARNINGS?: boolean
}