Commit graph

24 commits

Author SHA1 Message Date
Milan Burda
3301e05f33 fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14345) 2018-08-28 19:51:07 -05:00
Milan Burda
b5bfd9867b Don't pass preloadPath via ELECTRON_BROWSER_SANDBOX_LOAD for security reasons (#13031) (#14026) 2018-08-11 12:53:33 -05:00
Milan Burda
98033e4f45 Fix process.execPath returning parent process path instead of the helper in sandboxed renderer (#13959) 2018-08-09 09:58:44 -05:00
Hari Juturu
32e40cb4c3 Enable webview in sandbox renderer Security: Inherit embedder prefs onto webview 2018-07-02 16:09:17 +00:00
Milan Burda
6ad0a22602 Add process.getHeapStatistics() (#13183) 2018-06-10 22:00:36 +10:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
Milan Burda
48fe013549 Expose events (EventEmitter) to sandboxed renderer (#12828) 2018-05-04 09:51:32 -07:00
Jeremy Apthorp
97fb15ac49 Enable WebFrame method forwarding in sandboxed renderers (#12538)
* Enable WebFrame method forwarding in sandboxed renderers

Fixes #9073

* Non-change to kick CI
2018-04-12 11:57:40 +10:00
Nitish Sakhawalkar
9d1527b1df Fix context menu for sandbox devtools (#11933) 2018-03-22 16:15:57 +09:00
Hari Juturu
704af29543 Exposing process.env status (#12166) 2018-03-14 12:01:40 +09:00
Kevin Sawicki
14178d9826 Expose argv to preload process object 2017-06-26 13:52:19 -07:00
Thiago de Arruda
bbe21cce67 Expose more atom_bindings.cc functions to sandbox 2017-05-01 09:12:39 -03:00
Thiago de Arruda
ce1a5e3c9c Fix sandboxed crashReporter for windows.
- Use `path` module from browser process in sandboxed renderer. This is required
  because the return value of `path.join` is platform-specific, and this is an
  assumtion of crash-reporter.js which is shared between sandboxed and
  non-sandboxed renderers.
- Set `process.platform` and `process.execPath` in sandboxed renderer
  environment. This is required to spawn the windows crash service from
  sandboxed renderer.
- Use a single temporary directory for all crashReporter tests. This is required
  to make tests more deterministic across platforms(since mac's crashpad doesn't
  support changing the crash dump directory). Also make a few improvements/fixes
  to the `uploadToServer` test.
2017-04-05 18:09:24 -03:00
Thiago de Arruda
e1aebef57c Make sandbox APIs more compatible with normal renderers
- Expose remote shortcuts for the `fs`, `os` and `child_process` modules.
- Expose the `url` and `timers` modules(the browserify versions)
- Add `process.crash` and `process.platform`
2017-03-23 10:01:02 -03:00
Kevin Sawicki
f71353a4c5 Merge pull request #8939 from electron/expose-remote-to-sandbox
Expose remote module to sandbox
2017-03-17 09:41:59 -07:00
Thiago de Arruda
e9b955b9ec Use remote/fs to read preload script during sandboxed setup
Also expose the "fs" module to preload scripts, as a shortcut to
`require('electron').remote.require('fs')`
2017-03-16 14:23:00 -03:00
Thiago de Arruda
a6e4867111 Handle Buffer deserialization in sandboxed renderers
In sandboxed renderers we use browserify to provide a node-like environment. The
Buffer class used by browserify is actually just a wrapper around Uint8Array,
but to deserialize Buffer correctly we must expose the class as a hidden value
and use it in V8ValueConverter.
2017-03-16 13:20:09 -03:00
Thiago de Arruda
da023b72ee Dynamically generate dependencies of browserify build actions
Instead of having to list in filenames.gypi every javascript file that may go
into a browserify build, generate this list dynamically when the build files are
created by gyp.
2017-03-10 16:30:23 -03:00
Thiago de Arruda
cd05834d96 Refactor sandboxed renderer init scripts
This change gives sandboxed renderer scripts a similar structure to what already
exists in the lib/{browser,renderer,common} directories.

It also allows sandboxed renderer initialization to share more code with
non-sandboxed renderers (ipcRenderer is now imported directly from
lib/renderer/api/ipc-renderer).
2017-03-09 20:39:14 -03:00
Thiago de Arruda
2b8203e383 Make sandboxed ipcRenderer API compatible with non-sandboxed version 2017-03-09 20:39:14 -03:00
Thiago de Arruda
d78f3cae7b Expose builtin v8 modules to AtomSandboxedRendererClient
- Adapt node.cc code that implements `process.binding` to create a similar
  object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
  the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
  binding and store as a hidden value using the `v8_util` module.

This change also required applying a patch to node.js, so the submodule commit
was updated.
2017-03-09 20:39:14 -03:00
Kevin Sawicki
c8ff67ab75 Use spread syntax instead of function apply 2016-12-01 14:56:00 -08:00
Kevin Sawicki
e0afb814aa Only call browserify when one of sandbox sources change 2016-11-07 08:19:59 -08:00
Thiago de Arruda
72154b64ed Embed setup bundle for preload scripts in sandboxed renderers.
Add a gyp target that creates a browserify bundle starting with
`lib/sandboxed_renderer/init.js`, which is embedded into the executable using
the `atom_js2c` target.

The goal of this bundle is to provide a very basic environment for preload
scripts where a `require` function is available.
2016-09-27 06:01:47 -03:00