refactor: Port security warnings to TypeScript (#16937)
* refactor: Port security-warnings to TypeScript * chore: make aliasify work on .ts files as well * refactor: Implement feedback <3 * refactor: Correctly call executeJavaScript
This commit is contained in:
parent
0a84c61074
commit
6b3ff4f1f7
5 changed files with 27 additions and 22 deletions
|
@ -70,7 +70,7 @@ filenames = {
|
|||
"lib/renderer/ipc-renderer-internal-utils.ts",
|
||||
"lib/renderer/ipc-renderer-internal.ts",
|
||||
"lib/renderer/remote.ts",
|
||||
"lib/renderer/security-warnings.js",
|
||||
"lib/renderer/security-warnings.ts",
|
||||
"lib/renderer/web-frame-init.js",
|
||||
"lib/renderer/window-setup.ts",
|
||||
"lib/renderer/web-view/guest-view-internal.js",
|
||||
|
|
|
@ -167,5 +167,6 @@ for (const preloadScript of preloadScripts) {
|
|||
|
||||
// Warn about security issues
|
||||
if (process.isMainFrame) {
|
||||
require('@electron/internal/renderer/security-warnings')(nodeIntegration)
|
||||
const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
|
||||
securityWarnings(nodeIntegration)
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
'use strict'
|
||||
import { webFrame } from 'electron'
|
||||
import { invokeSync } from '@electron/internal/renderer/ipc-renderer-internal-utils'
|
||||
|
||||
let shouldLog = null
|
||||
let shouldLog: boolean | null = null
|
||||
|
||||
/**
|
||||
* This method checks if a security message should be logged.
|
||||
|
@ -10,7 +11,7 @@ let shouldLog = null
|
|||
*
|
||||
* @returns {boolean} - Should we log?
|
||||
*/
|
||||
const shouldLogSecurityWarnings = function () {
|
||||
const shouldLogSecurityWarnings = function (): boolean {
|
||||
if (shouldLog !== null) {
|
||||
return shouldLog
|
||||
}
|
||||
|
@ -63,8 +64,6 @@ const getIsRemoteProtocol = function () {
|
|||
* @returns {boolean} Is a CSP with `unsafe-eval` set?
|
||||
*/
|
||||
const isUnsafeEvalEnabled = function () {
|
||||
const { webFrame } = require('electron')
|
||||
|
||||
return new Promise((resolve) => {
|
||||
webFrame.executeJavaScript(`(${(() => {
|
||||
try {
|
||||
|
@ -73,7 +72,7 @@ const isUnsafeEvalEnabled = function () {
|
|||
return false
|
||||
}
|
||||
return true
|
||||
}).toString()})()`, resolve)
|
||||
}).toString()})()`, false, resolve)
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -117,7 +116,7 @@ const warnAboutInsecureResources = function () {
|
|||
*
|
||||
* Logs a warning message about Node integration.
|
||||
*/
|
||||
const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
|
||||
const warnAboutNodeWithRemoteContent = function (nodeIntegration: boolean) {
|
||||
if (!nodeIntegration) return
|
||||
|
||||
if (getIsRemoteProtocol()) {
|
||||
|
@ -141,7 +140,7 @@ const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
|
|||
*
|
||||
* Logs a warning message about disabled webSecurity.
|
||||
*/
|
||||
const warnAboutDisabledWebSecurity = function (webPreferences) {
|
||||
const warnAboutDisabledWebSecurity = function (webPreferences?: Electron.WebPreferences) {
|
||||
if (!webPreferences || webPreferences.webSecurity !== false) return
|
||||
|
||||
const warning = `This renderer process has "webSecurity" disabled. This
|
||||
|
@ -177,7 +176,7 @@ const warnAboutInsecureCSP = function () {
|
|||
*
|
||||
* Logs a warning message about disabled webSecurity.
|
||||
*/
|
||||
const warnAboutInsecureContentAllowed = function (webPreferences) {
|
||||
const warnAboutInsecureContentAllowed = function (webPreferences?: Electron.WebPreferences) {
|
||||
if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
|
||||
|
||||
const warning = `This renderer process has "allowRunningInsecureContent"
|
||||
|
@ -193,7 +192,7 @@ const warnAboutInsecureContentAllowed = function (webPreferences) {
|
|||
*
|
||||
* Logs a warning message about experimental features.
|
||||
*/
|
||||
const warnAboutExperimentalFeatures = function (webPreferences) {
|
||||
const warnAboutExperimentalFeatures = function (webPreferences?: Electron.WebPreferences) {
|
||||
if (!webPreferences || (!webPreferences.experimentalFeatures)) {
|
||||
return
|
||||
}
|
||||
|
@ -211,10 +210,10 @@ const warnAboutExperimentalFeatures = function (webPreferences) {
|
|||
*
|
||||
* Logs a warning message about enableBlinkFeatures
|
||||
*/
|
||||
const warnAboutEnableBlinkFeatures = function (webPreferences) {
|
||||
if (webPreferences === null ||
|
||||
const warnAboutEnableBlinkFeatures = function (webPreferences?: Electron.WebPreferences) {
|
||||
if (!webPreferences ||
|
||||
!webPreferences.hasOwnProperty('enableBlinkFeatures') ||
|
||||
webPreferences.enableBlinkFeatures.length === 0) {
|
||||
(webPreferences.enableBlinkFeatures && webPreferences.enableBlinkFeatures.length === 0)) {
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -252,7 +251,9 @@ const warnAboutAllowedPopups = function () {
|
|||
// Currently missing since we can't easily programmatically check for it:
|
||||
// #12WebViews: Verify the options and params of all `<webview>` tags
|
||||
|
||||
const logSecurityWarnings = function (webPreferences, nodeIntegration) {
|
||||
const logSecurityWarnings = function (
|
||||
webPreferences: Electron.WebPreferences | undefined, nodeIntegration: boolean
|
||||
) {
|
||||
warnAboutNodeWithRemoteContent(nodeIntegration)
|
||||
warnAboutDisabledWebSecurity(webPreferences)
|
||||
warnAboutInsecureResources()
|
||||
|
@ -264,17 +265,14 @@ const logSecurityWarnings = function (webPreferences, nodeIntegration) {
|
|||
}
|
||||
|
||||
const getWebPreferences = function () {
|
||||
const ipcRendererUtils = require('@electron/internal/renderer/ipc-renderer-internal-utils')
|
||||
|
||||
try {
|
||||
return ipcRendererUtils.invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
|
||||
return invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
|
||||
} catch (error) {
|
||||
console.warn(`getLastWebPreferences() failed: ${error}`)
|
||||
return null
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = function (nodeIntegration) {
|
||||
export function securityWarnings (nodeIntegration: boolean) {
|
||||
const loadHandler = function () {
|
||||
if (shouldLogSecurityWarnings()) {
|
||||
const webPreferences = getWebPreferences()
|
|
@ -168,5 +168,6 @@ for (const { preloadPath, preloadSrc, preloadError } of preloadScripts) {
|
|||
|
||||
// Warn about security issues
|
||||
if (process.isMainFrame) {
|
||||
require('@electron/internal/renderer/security-warnings')()
|
||||
const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
|
||||
securityWarnings()
|
||||
}
|
||||
|
|
5
typings/internal-ambient.d.ts
vendored
5
typings/internal-ambient.d.ts
vendored
|
@ -28,3 +28,8 @@ declare namespace NodeJS {
|
|||
activateUvLoop(): void;
|
||||
}
|
||||
}
|
||||
|
||||
declare interface Window {
|
||||
ELECTRON_DISABLE_SECURITY_WARNINGS?: boolean
|
||||
ELECTRON_ENABLE_SECURITY_WARNINGS?: boolean
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue