fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14310)

2018-08-27 20:16:52 +02:00 · 2018-08-27 20:16:52 +02:00 · f1fe485768
commit f1fe485768
parent a43a292d18
4 changed files with 60 additions and 50 deletions
--- a/lib/browser/rpc-server.js
+++ b/lib/browser/rpc-server.js
@ -438,8 +438,8 @@ ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) {
    }
  }
  event.returnValue = {
-    preloadSrc: preloadSrc,
+    preloadSrc,
-    preloadError: preloadError,
+    preloadError,
    process: {
      arch: process.arch,
      platform: process.platform,
--- a/lib/sandboxed_renderer/api/exports/electron.js
+++ b/lib/sandboxed_renderer/api/exports/electron.js
@ -1,48 +1,17 @@
-Object.defineProperties(exports, {
+const moduleList = require('../module-list')
-  ipcRenderer: {
+
-    enumerable: true,
+for (const {
-    get: function () {
+        name,
-      return require('../ipc-renderer')
+        load,
-    }
+        enabled = true,
-  },
+        private: isPrivate = false
-  remote: {
+    } of moduleList) {
-    enumerable: true,
+  if (!enabled) {
-    get: function () {
+    continue
      return require('../../../renderer/api/remote')
    }
  },
  webFrame: {
    enumerable: true,
    get: function () {
      return require('../../../renderer/api/web-frame')
    }
  },
  crashReporter: {
    enumerable: true,
    get: function () {
      return require('../../../common/api/crash-reporter')
    }
  },
  CallbacksRegistry: {
    get: function () {
      return require('../../../common/api/callbacks-registry')
    }
  },
  isPromise: {
    get: function () {
      return require('../../../common/api/is-promise')
    }
  },
  // XXX(alexeykuzmin): It won't be available if the Desktop Capturer
  // was disabled during build time.
  desktopCapturer: {
    get: function () {
      return require('../../../renderer/api/desktop-capturer')
    }
  },
  nativeImage: {
    get: function () {
      return require('../../../common/api/native-image')
    }
  }
-})
+
  Object.defineProperty(exports, name, {
    enumerable: !isPrivate,
    get: load
  })
 }
--- a/lib/sandboxed_renderer/api/module-list.js
+++ b/lib/sandboxed_renderer/api/module-list.js
@ -0,0 +1,39 @@
 const features = process.atomBinding('features')
 module.exports = [
  {
    name: 'CallbacksRegistry',
    load: () => require('../../common/api/callbacks-registry'),
    private: true
  },
  {
    name: 'crashReporter',
    load: () => require('../../common/api/crash-reporter')
  },
  {
    name: 'desktopCapturer',
    load: () => require('../../renderer/api/desktop-capturer'),
    enabled: features.isDesktopCapturerEnabled()
  },
  {
    name: 'ipcRenderer',
    load: () => require('./ipc-renderer')
  },
  {
    name: 'isPromise',
    load: () => require('../../common/api/is-promise'),
    private: true
  },
  {
    name: 'nativeImage',
    load: () => require('../../common/api/native-image')
  },
  {
    name: 'remote',
    load: () => require('../../renderer/api/remote')
  },
  {
    name: 'webFrame',
    load: () => require('../../renderer/api/web-frame')
  }
 ]
--- a/lib/sandboxed_renderer/init.js
+++ b/lib/sandboxed_renderer/init.js
@ -1,10 +1,12 @@
 /* eslint no-eval: "off" */
 /* global binding, Buffer */
 const events = require('events')
 const electron = require('electron')
 process.atomBinding = require('../common/atom-binding-setup')(binding.get, 'renderer')
 // The electron module depends on process.atomBinding
 const electron = require('electron')
 const v8Util = process.atomBinding('v8_util')
 // Expose browserify Buffer as a hidden value. This is used by C++ code to
 // deserialize Buffer instances sent from browser process.