refactor: Port security warnings to TypeScript (#16937)
* refactor: Port security-warnings to TypeScript * chore: make aliasify work on .ts files as well * refactor: Implement feedback <3 * refactor: Correctly call executeJavaScript
This commit is contained in:
parent
0a84c61074
commit
6b3ff4f1f7
5 changed files with 27 additions and 22 deletions
|
@ -70,7 +70,7 @@ filenames = {
|
||||||
"lib/renderer/ipc-renderer-internal-utils.ts",
|
"lib/renderer/ipc-renderer-internal-utils.ts",
|
||||||
"lib/renderer/ipc-renderer-internal.ts",
|
"lib/renderer/ipc-renderer-internal.ts",
|
||||||
"lib/renderer/remote.ts",
|
"lib/renderer/remote.ts",
|
||||||
"lib/renderer/security-warnings.js",
|
"lib/renderer/security-warnings.ts",
|
||||||
"lib/renderer/web-frame-init.js",
|
"lib/renderer/web-frame-init.js",
|
||||||
"lib/renderer/window-setup.ts",
|
"lib/renderer/window-setup.ts",
|
||||||
"lib/renderer/web-view/guest-view-internal.js",
|
"lib/renderer/web-view/guest-view-internal.js",
|
||||||
|
|
|
@ -167,5 +167,6 @@ for (const preloadScript of preloadScripts) {
|
||||||
|
|
||||||
// Warn about security issues
|
// Warn about security issues
|
||||||
if (process.isMainFrame) {
|
if (process.isMainFrame) {
|
||||||
require('@electron/internal/renderer/security-warnings')(nodeIntegration)
|
const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
|
||||||
|
securityWarnings(nodeIntegration)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
'use strict'
|
import { webFrame } from 'electron'
|
||||||
|
import { invokeSync } from '@electron/internal/renderer/ipc-renderer-internal-utils'
|
||||||
|
|
||||||
let shouldLog = null
|
let shouldLog: boolean | null = null
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This method checks if a security message should be logged.
|
* This method checks if a security message should be logged.
|
||||||
|
@ -10,7 +11,7 @@ let shouldLog = null
|
||||||
*
|
*
|
||||||
* @returns {boolean} - Should we log?
|
* @returns {boolean} - Should we log?
|
||||||
*/
|
*/
|
||||||
const shouldLogSecurityWarnings = function () {
|
const shouldLogSecurityWarnings = function (): boolean {
|
||||||
if (shouldLog !== null) {
|
if (shouldLog !== null) {
|
||||||
return shouldLog
|
return shouldLog
|
||||||
}
|
}
|
||||||
|
@ -63,8 +64,6 @@ const getIsRemoteProtocol = function () {
|
||||||
* @returns {boolean} Is a CSP with `unsafe-eval` set?
|
* @returns {boolean} Is a CSP with `unsafe-eval` set?
|
||||||
*/
|
*/
|
||||||
const isUnsafeEvalEnabled = function () {
|
const isUnsafeEvalEnabled = function () {
|
||||||
const { webFrame } = require('electron')
|
|
||||||
|
|
||||||
return new Promise((resolve) => {
|
return new Promise((resolve) => {
|
||||||
webFrame.executeJavaScript(`(${(() => {
|
webFrame.executeJavaScript(`(${(() => {
|
||||||
try {
|
try {
|
||||||
|
@ -73,7 +72,7 @@ const isUnsafeEvalEnabled = function () {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}).toString()})()`, resolve)
|
}).toString()})()`, false, resolve)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -117,7 +116,7 @@ const warnAboutInsecureResources = function () {
|
||||||
*
|
*
|
||||||
* Logs a warning message about Node integration.
|
* Logs a warning message about Node integration.
|
||||||
*/
|
*/
|
||||||
const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
|
const warnAboutNodeWithRemoteContent = function (nodeIntegration: boolean) {
|
||||||
if (!nodeIntegration) return
|
if (!nodeIntegration) return
|
||||||
|
|
||||||
if (getIsRemoteProtocol()) {
|
if (getIsRemoteProtocol()) {
|
||||||
|
@ -141,7 +140,7 @@ const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
|
||||||
*
|
*
|
||||||
* Logs a warning message about disabled webSecurity.
|
* Logs a warning message about disabled webSecurity.
|
||||||
*/
|
*/
|
||||||
const warnAboutDisabledWebSecurity = function (webPreferences) {
|
const warnAboutDisabledWebSecurity = function (webPreferences?: Electron.WebPreferences) {
|
||||||
if (!webPreferences || webPreferences.webSecurity !== false) return
|
if (!webPreferences || webPreferences.webSecurity !== false) return
|
||||||
|
|
||||||
const warning = `This renderer process has "webSecurity" disabled. This
|
const warning = `This renderer process has "webSecurity" disabled. This
|
||||||
|
@ -177,7 +176,7 @@ const warnAboutInsecureCSP = function () {
|
||||||
*
|
*
|
||||||
* Logs a warning message about disabled webSecurity.
|
* Logs a warning message about disabled webSecurity.
|
||||||
*/
|
*/
|
||||||
const warnAboutInsecureContentAllowed = function (webPreferences) {
|
const warnAboutInsecureContentAllowed = function (webPreferences?: Electron.WebPreferences) {
|
||||||
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
|
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
|
||||||
|
|
||||||
const warning = `This renderer process has "allowRunningInsecureContent"
|
const warning = `This renderer process has "allowRunningInsecureContent"
|
||||||
|
@ -193,7 +192,7 @@ const warnAboutInsecureContentAllowed = function (webPreferences) {
|
||||||
*
|
*
|
||||||
* Logs a warning message about experimental features.
|
* Logs a warning message about experimental features.
|
||||||
*/
|
*/
|
||||||
const warnAboutExperimentalFeatures = function (webPreferences) {
|
const warnAboutExperimentalFeatures = function (webPreferences?: Electron.WebPreferences) {
|
||||||
if (!webPreferences || (!webPreferences.experimentalFeatures)) {
|
if (!webPreferences || (!webPreferences.experimentalFeatures)) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -211,10 +210,10 @@ const warnAboutExperimentalFeatures = function (webPreferences) {
|
||||||
*
|
*
|
||||||
* Logs a warning message about enableBlinkFeatures
|
* Logs a warning message about enableBlinkFeatures
|
||||||
*/
|
*/
|
||||||
const warnAboutEnableBlinkFeatures = function (webPreferences) {
|
const warnAboutEnableBlinkFeatures = function (webPreferences?: Electron.WebPreferences) {
|
||||||
if (webPreferences === null ||
|
if (!webPreferences ||
|
||||||
!webPreferences.hasOwnProperty('enableBlinkFeatures') ||
|
!webPreferences.hasOwnProperty('enableBlinkFeatures') ||
|
||||||
webPreferences.enableBlinkFeatures.length === 0) {
|
(webPreferences.enableBlinkFeatures && webPreferences.enableBlinkFeatures.length === 0)) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -252,7 +251,9 @@ const warnAboutAllowedPopups = function () {
|
||||||
// Currently missing since we can't easily programmatically check for it:
|
// Currently missing since we can't easily programmatically check for it:
|
||||||
// #12WebViews: Verify the options and params of all `<webview>` tags
|
// #12WebViews: Verify the options and params of all `<webview>` tags
|
||||||
|
|
||||||
const logSecurityWarnings = function (webPreferences, nodeIntegration) {
|
const logSecurityWarnings = function (
|
||||||
|
webPreferences: Electron.WebPreferences | undefined, nodeIntegration: boolean
|
||||||
|
) {
|
||||||
warnAboutNodeWithRemoteContent(nodeIntegration)
|
warnAboutNodeWithRemoteContent(nodeIntegration)
|
||||||
warnAboutDisabledWebSecurity(webPreferences)
|
warnAboutDisabledWebSecurity(webPreferences)
|
||||||
warnAboutInsecureResources()
|
warnAboutInsecureResources()
|
||||||
|
@ -264,17 +265,14 @@ const logSecurityWarnings = function (webPreferences, nodeIntegration) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const getWebPreferences = function () {
|
const getWebPreferences = function () {
|
||||||
const ipcRendererUtils = require('@electron/internal/renderer/ipc-renderer-internal-utils')
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return ipcRendererUtils.invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
|
return invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
console.warn(`getLastWebPreferences() failed: ${error}`)
|
console.warn(`getLastWebPreferences() failed: ${error}`)
|
||||||
return null
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = function (nodeIntegration) {
|
export function securityWarnings (nodeIntegration: boolean) {
|
||||||
const loadHandler = function () {
|
const loadHandler = function () {
|
||||||
if (shouldLogSecurityWarnings()) {
|
if (shouldLogSecurityWarnings()) {
|
||||||
const webPreferences = getWebPreferences()
|
const webPreferences = getWebPreferences()
|
|
@ -168,5 +168,6 @@ for (const { preloadPath, preloadSrc, preloadError } of preloadScripts) {
|
||||||
|
|
||||||
// Warn about security issues
|
// Warn about security issues
|
||||||
if (process.isMainFrame) {
|
if (process.isMainFrame) {
|
||||||
require('@electron/internal/renderer/security-warnings')()
|
const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
|
||||||
|
securityWarnings()
|
||||||
}
|
}
|
||||||
|
|
5
typings/internal-ambient.d.ts
vendored
5
typings/internal-ambient.d.ts
vendored
|
@ -28,3 +28,8 @@ declare namespace NodeJS {
|
||||||
activateUvLoop(): void;
|
activateUvLoop(): void;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
declare interface Window {
|
||||||
|
ELECTRON_DISABLE_SECURITY_WARNINGS?: boolean
|
||||||
|
ELECTRON_ENABLE_SECURITY_WARNINGS?: boolean
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue