Commit graph

138 commits

Author SHA1 Message Date
Samuel Attard
0090616f7b
feat: add a new contextBridge module (#20307)
* feat: add a new contextBridge module

* chore: fix docs linting

* feat: add support for function arguments being proxied

* chore: ensure that contextBridge can only be used when contextIsolation is enabled

* docs: getReverseBinding can be null

* docs: fix broken links in md file

* feat: add support for promises in function parameters

* fix: linting failure for explicit constructor

* Update atom_api_context_bridge.cc

* chore: update docs and API design as per feedback

* refactor: remove reverse bindings and handle GC'able functions across the bridge

* chore: only expose debugGC in testing builds

* fix: do not proxy promises as objects

* spec: add complete spec coverage for contextBridge

* spec: add tests for null/undefined and the anti-overwrite logic

* chore: fix linting

* spec: add complex nested back-and-forth function calling

* fix: expose contextBridge in sandboxed renderers

* refactor: improve security of default_app using the new contextBridge module

* s/bindAPIInMainWorld/exposeInMainWorld

* chore: sorry for this commit, its a big one, I fixed like everything and refactored a lot

* chore: remove PassedValueCache as it is unused now

Values transferred from context A to context B are now cachde in the RenderFramePersistenceStore

* chore: move to anonymous namespace

* refactor: remove PassValueToOtherContextWithCache

* chore: remove commented unused code blocks

* chore: remove .only

* chore: remote commented code

* refactor: extract RenderFramePersistenceStore

* spec: ensure it works with numbered keys

* fix: handle number keys correctly

* fix: sort out the linter

* spec: update default_app asar spec for removed file

* refactor: change signatures to return v8 objects directly rather than the mate dictionary handle

* refactor: use the v8 serializer to support cloneable buffers and other object types

* chore: fix linting

* fix: handle hash collisions with a linked list in the map

* fix: enforce a recursion limit on the context bridge

* chore: fix linting

* chore: remove TODO

* chore: adapt for PR feedback

* chore: remove .only

* chore: clean up docs and clean up the proxy map when objects are released

* chore: ensure we cache object values that are cloned through the V8 serializer
2019-10-18 12:57:09 -07:00
Milan Burda
b92163d226 refactor: take advantage of structured clone algorithm in the remote module (#20427) 2019-10-10 09:59:08 -04:00
Milan Burda
11cd0db86b build: add enable_remote_module build flag (#19821) 2019-09-18 09:52:06 -07:00
Milan Burda
7825d043f2 refactor: unify module-list format and exports/electron (#19697) 2019-08-23 11:18:58 +02:00
Milan Burda
3011a0f14f refactor: convert ipc-renderer.ts to TypeScript (#19556)
* refactor: convert ipc-renderer.ts to TypeScript

* Update typings/internal-ambient.d.ts

Co-Authored-By: Samuel Attard <sattard@slack-corp.com>
2019-08-02 14:35:04 -05:00
Jeremy Apthorp
c71cdce0b7
chore: disable JS impl when //extensions support is on (#19512) 2019-07-31 14:25:41 -07:00
Ian Sanders
079a173a72 feat: add stack trace log to preload script error handling (#18905)
* Add console.trace to preload script error handling

* Log error directly instead of error string + trace

* Log full error object instead of error message
2019-07-14 21:54:33 -07:00
Milan Burda
69369cf365 refactor: don't expose isPromise as an internal module (#19139) 2019-07-08 15:17:50 +09:00
Milan Burda
edb56500c7 refactor: piggy-back on ELECTRON_BROWSER_SANDBOX_LOAD to get content scripts (#18823) 2019-06-19 17:23:44 +02:00
Milan Burda
370e9522b4 refactor: re-implement desktop-capturer in TypeScript (#18580) 2019-06-15 19:44:18 +09:00
Jeremy Apthorp
ed5fb4a720
refactor: simplify content script injection (#18532) 2019-06-04 16:07:34 -07:00
Samuel Attard
bc527f6b51
refactor: bundle the browser and renderer process electron code (#18553)
* refactor: bundle the browser and renderer process electron code

* Bundles browser/init and renderer/init
  * Improves load performance of main process by ~40%
  * Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal.  This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)

TLDR: Things are faster and better :)

* fix: I really do not want to talk about it

* chore: add performance improvements from debugging

* fix: resolve the provided path so webpack thinks it is absolute

* chore: fixup per PR review

* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code

* fix: bundle worker/init as well to make node-in-workers work

* chore: update wording as per feedback

* chore: make the timers hack work when yarn is not used
2019-06-02 13:03:03 -07:00
Nitish Sakhawalkar
cf5224140b Chrome changed the devtools url
chrome-devtools:// to devtools://
28b21a67f0
2019-05-17 16:16:25 -07:00
Milan Burda
18b77a4de6 chore: rename atom-binding-setup.ts to electron-binding-setup.ts (#17949) 2019-04-29 10:57:32 -04:00
Milan Burda
77d59e99b6 feat: emit process 'loaded' event in sandboxed renderers (#17680) 2019-04-04 11:35:06 -07:00
Jeremy Apthorp
53f6cbccbf
refactor: use mojo for electron internal IPC (#17406)
* refactor: use mojo for electron internal IPC

* add sender_id, drop MessageSync

* remove usages of AtomFrameMsg_Message

* iwyu

* first draft of renderer->browser direction

* refactor to reuse a single ipc interface

* implement TakeHeapSnapshot through mojo

* the rest of the owl^WtakeHeapSnapshot mojofication

* remove no-op overrides in AtomRendererClient

* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed

* looks like we don't need to overlay the renderer manifest after all

* don't try to send 2 replies to a sync rpc

* undo changes to manifests.cc

* unify sandboxed + unsandboxed ipc events

* lint

* register ElectronBrowser mojo service on devtools WebContents

* fix takeHeapSnapshopt failure paths

* {electron_api => atom}::mojom

* add send_to_all to ElectronRenderer::Message

* keep interface alive until callback is called

* review comments

* use GetContext from RendererClientBase

* robustify a test that uses window.open

* MessageSync posts a task to put sync messages in the same queue as async ones

* add v8::MicrotasksScope and node::CallbackScope

* iwyu

* use weakptr to api::WebContents instead of Unretained

* make MessageSync an asynchronous message & use non-associated interface

* iwyu + comments

* remove unused WeakPtrFactory

* inline OnRendererMessage[Sync]

* cleanups & comments

* use helper methods instead of inline lambdas

* remove unneeded async in test

* add mojo to manifests deps

* add gn check for //electron/manifests and mojo

* don't register renderer side service until preload has been run

* update gn check targets list

* move interface registration back to RenderFrameCreated
2019-04-02 15:38:16 -07:00
Milan Burda
336db33d18 refactor: use ipcMainUtils.invokeInWebContents / ipcRendererUtils.handle helpers for Chrome APIs (#17417) 2019-03-26 11:38:35 +09:00
Milan Burda
7389dfca59 fix: report module name when require fails in sandboxed renderers (#17413) 2019-03-19 12:00:41 -07:00
Shelley Vohr
38d75010c7
chore: rename atomBinding to electronBinding (#17419) 2019-03-18 12:37:06 -07:00
Milan Burda
a8698d092b chore: increase security of default_app (#17318) 2019-03-11 16:13:46 -07:00
Milan Burda
d34f81972d refactor: make ELECTRON_BROWSER_SANDBOX_LOAD handler async (#17107) 2019-03-08 11:21:41 +01:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Felix Rieseberg
f3fc4023cf refactor: Port renderer/web-view to TypeScript (#17250) 2019-03-07 15:26:23 -08:00
Felix Rieseberg
596acdcb91 refactor: Port web-frame-init to TypeScript (#16934)
* refactor: Port web-frame-init to TypeScript

* refactor: Use ipcRendererInternal
2019-02-18 00:24:18 +00:00
Felix Rieseberg
6b3ff4f1f7 refactor: Port security warnings to TypeScript (#16937)
* refactor: Port security-warnings to TypeScript

* chore: make aliasify work on .ts files as well

* refactor: Implement feedback <3

* refactor: Correctly call executeJavaScript
2019-02-16 17:06:30 -08:00
Felix Rieseberg
2498e8d1c2 refactor: Port renderer-internal to TypeScript (#16939)
* chore: make aliasify work on .ts files as well

* refactor: Port ipc-renderer-internal to TypeScript

* refactor: Correctly import internal ipcRenderer

* refactor: One more rename

* refactor: Fix one more lint issue

* refactor: Correctly reference ipcRendererInternal
2019-02-14 17:24:25 -08:00
Samuel Attard
5790869a3f
chore: refactor browser IPC into TS and app API into TS (#16921)
* chore: refactor browser IPC into typescript

* chore: refactor app.ts into Typescript

* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
2019-02-14 14:29:20 -08:00
Samuel Attard
01c442de64 refactor: convert more files to typescript (#16820) 2019-02-12 04:22:33 -10:00
Milan Burda
fa5442f211 fix: execute session preload scripts in sandboxed renderers (#16538) 2019-01-29 10:16:46 +09:00
Milan Burda
713df08e3e chore: remove deprecated modules internally using remote.require in sandboxed renderer context (#15957) 2019-01-24 10:53:52 -08:00
Milan Burda
fef262f829 fix: check process.isMainFrame in sandboxed_renderer/init.js (#16500) 2019-01-24 10:53:16 -08:00
Milan Burda
cc90919384 refactor: pass internal flag via IPC message struct for consistency (#16490) 2019-01-23 08:24:57 -08:00
Milan Burda
b965e54efc fix: <webview> not working with contextIsolation + sandbox (#16469) 2019-01-22 10:08:16 +09:00
Milan Burda
7d4a1223fd feat: add preload-error event to webContents (#16411) 2019-01-18 12:03:43 +01:00
Robo
52fe92d02e feat: Upgrade to Chromium 71.0.3578.98 (#15966) 2019-01-11 17:00:43 -08:00
Milan Burda
5c250455ad refactor: pass isWebViewTagEnabled via ELECTRON_BROWSER_SANDBOX_LOAD (#16238) 2019-01-08 10:12:34 +01:00
Milan Burda
3f1d22759a refactor: use helpers for command-line parsing in renderer/init.js (#16239) 2019-01-03 11:22:34 -05:00
Milan Burda
7a6fe00f49 chore: simplify code for modules internally using remote.require in sandbox (#16104) 2018-12-17 22:47:41 +03:00
Cheng Zhao
8584c2f14b
fix: register webview in main world when using contextIsolation (#16067) 2018-12-14 15:38:35 +09:00
Milan Burda
764a10f7c7 refactor: simplify isRemoteModuleEnabled handling in sandboxed renderers (#15961) 2018-12-05 10:07:56 -08:00
Milan Burda
ab2a061b59 refactor: use helpers when using the remote module in sandboxed renderers (#15960) 2018-12-05 10:07:32 -08:00
Milan Burda
d561c5531b feat: deprecate modules internally using remote.require in sandboxed renderer context (#15145) 2018-12-05 10:34:09 +01:00
Milan Burda
559fd5cb31 chore: remove unused module (#15917) 2018-12-02 14:43:04 -08:00
Samuel Attard
0b0a17ff91 fix: load the chrome.* API on chrome-extension pages in sandbox mode (#15563)
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.

This mirrors the equivilant impl in `atom_renderer_client.cc`

Fixes #15561
2018-11-21 12:56:58 -05:00
Milan Burda
d3efc52745 feat: add webPreferences.enableRemoteModule option (#13028) 2018-10-13 20:50:07 +03:00
Milan Burda
b50f86ef43 refactor: use separate ipc-renderer-internal / ipc-main-internal APIs for Electron internals (#13940) 2018-10-07 00:48:00 +13:00
Milan Burda
5efb0fdff1 feat: add security warnings to sandboxed renderers (#14869)
Also refactor not to use the remote module.
2018-10-03 21:36:12 +02:00
Milan Burda
3ad3ade828 refactor: add prefer-const to .eslintrc + fix errors (#14880) 2018-10-02 11:56:31 +10:00
Milan Burda
ce38be74df refactor: simplify process object initialization for sandboxed renderers (#14878)
Also fix `process.windowsStore`.
2018-09-30 23:24:00 +02:00
Milan Burda
b499d57cfd refactor: use error-utils for remote exception serialization / deserialization (#14788)
* refactor: use error-utils for remote exception serialization / deserialization

* fix internal process.type in sandboxed renderer
2018-09-26 15:44:55 +10:00
Samuel Attard
176a76217c
chore: have 'use strict' consistently across our lib files (#14721) 2018-09-23 00:28:50 +12:00
Samuel Attard
54ef906832
[RFC] perf: use an internal module resolver to improve require performance (#14633)
* perf: use an internal module resolver instead of relative requires

* perf: memoize the results of getting exported Electron properties

* perf: make internal module changes consistent across sandboxed / bundled files
2018-09-20 13:43:26 +10:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00
Samuel Attard
14df89f214 Remove the 'getProcessMemoryInfo' API
* Underlying APIs have been removed in Chromium
  * https://chromium-review.googlesource.com/c/chromium/src/+/969089
  * https://chromium-review.googlesource.com/c/chromium/src/+/953723
  * https://bugs.chromium.org/p/chromium/issues/detail?id=819289
* https://github.com/electron/electron/projects/11#card-11509601
2018-09-11 20:21:32 +02:00
Milan Burda
c17a1b37ea feat: add event.senderId property to IPCs sent via ipcRenderer.sendTo (#14395) 2018-08-31 20:13:51 -05:00
Milan Burda
3a79eacb6f refactor: don't expose CallbacksRegistry as an internal module (#14389) 2018-08-31 11:29:00 -07:00
Milan Burda
f1fe485768 fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14310) 2018-08-27 13:16:52 -05:00
Milan Burda
fc85d02786 feat: expose missing process APIs in sandboxed renderers (#13505) 2018-08-21 11:05:45 -07:00
Milan Burda
702cc84bd3 Don't pass preloadPath via ELECTRON_BROWSER_SANDBOX_LOAD for security reasons (#13031) 2018-08-10 17:19:49 -05:00
Milan Burda
db38c8b620 Fix process.execPath returning parent process path instead of the helper in sandboxed renderer (#13839) 2018-07-30 11:13:42 +10:00
Cheng Zhao
305e3aad40
refactor: remove private webContents.getId() API (#13674) 2018-07-23 18:08:36 +09:00
PalmerAL
ffc15e02a6 fix: add native function to create preload script (#13032)
* add native function to create preload script

* add tests

* fix formatting

* fix tests

* rerun CI
2018-07-13 11:17:11 +09:00
Hari Juturu
eb223f8bc3 Enable webview in sandbox renderer (#13435)
* Enable webview in sandbox renderer
Security: Inherit embedder prefs onto webview

* cache lastwebprefs
2018-07-03 02:06:26 +10:00
Alexey Kuzmin
dee9aef975 Add "enable_desktop_capturer" build flag (#13133)
* Make it possible to disable a module for a renderer

* Put DesktopCapturer API under a build flag

The name is "enable_desktop_capturer".
Enabled by default.
2018-06-13 11:15:34 -05:00
Milan Burda
6ad0a22602 Add process.getHeapStatistics() (#13183) 2018-06-10 22:00:36 +10:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
Milan Burda
48fe013549 Expose events (EventEmitter) to sandboxed renderer (#12828) 2018-05-04 09:51:32 -07:00
Jeremy Apthorp
97fb15ac49 Enable WebFrame method forwarding in sandboxed renderers (#12538)
* Enable WebFrame method forwarding in sandboxed renderers

Fixes #9073

* Non-change to kick CI
2018-04-12 11:57:40 +10:00
Nitish Sakhawalkar
9d1527b1df Fix context menu for sandbox devtools (#11933) 2018-03-22 16:15:57 +09:00
Hari Juturu
704af29543 Exposing process.env status (#12166) 2018-03-14 12:01:40 +09:00
Thiago de Arruda
be0e3d9555 Expose desktopCapturer in sandbox mode. 2017-11-16 16:57:29 -03:00
sungpark
eca7ff986c add webFrame to sandboxed renderer 2017-08-23 10:52:02 -07:00
Kevin Sawicki
14178d9826 Expose argv to preload process object 2017-06-26 13:52:19 -07:00
Thiago de Arruda
bbe21cce67 Expose more atom_bindings.cc functions to sandbox 2017-05-01 09:12:39 -03:00
Thiago de Arruda
ce1a5e3c9c Fix sandboxed crashReporter for windows.
- Use `path` module from browser process in sandboxed renderer. This is required
  because the return value of `path.join` is platform-specific, and this is an
  assumtion of crash-reporter.js which is shared between sandboxed and
  non-sandboxed renderers.
- Set `process.platform` and `process.execPath` in sandboxed renderer
  environment. This is required to spawn the windows crash service from
  sandboxed renderer.
- Use a single temporary directory for all crashReporter tests. This is required
  to make tests more deterministic across platforms(since mac's crashpad doesn't
  support changing the crash dump directory). Also make a few improvements/fixes
  to the `uploadToServer` test.
2017-04-05 18:09:24 -03:00
Thiago de Arruda
3a97cfc359 Expose crashReporter to sandbox 2017-03-23 10:01:02 -03:00
Thiago de Arruda
e1aebef57c Make sandbox APIs more compatible with normal renderers
- Expose remote shortcuts for the `fs`, `os` and `child_process` modules.
- Expose the `url` and `timers` modules(the browserify versions)
- Add `process.crash` and `process.platform`
2017-03-23 10:01:02 -03:00
Kevin Sawicki
f71353a4c5 Merge pull request #8939 from electron/expose-remote-to-sandbox
Expose remote module to sandbox
2017-03-17 09:41:59 -07:00
Thiago de Arruda
e9b955b9ec Use remote/fs to read preload script during sandboxed setup
Also expose the "fs" module to preload scripts, as a shortcut to
`require('electron').remote.require('fs')`
2017-03-16 14:23:00 -03:00
Thiago de Arruda
f6befbe764 Expose lib/renderer/api/remote.js to sandboxed renderer 2017-03-16 14:21:23 -03:00
Thiago de Arruda
a6e4867111 Handle Buffer deserialization in sandboxed renderers
In sandboxed renderers we use browserify to provide a node-like environment. The
Buffer class used by browserify is actually just a wrapper around Uint8Array,
but to deserialize Buffer correctly we must expose the class as a hidden value
and use it in V8ValueConverter.
2017-03-16 13:20:09 -03:00
Thiago de Arruda
da023b72ee Dynamically generate dependencies of browserify build actions
Instead of having to list in filenames.gypi every javascript file that may go
into a browserify build, generate this list dynamically when the build files are
created by gyp.
2017-03-10 16:30:23 -03:00
Thiago de Arruda
cd05834d96 Refactor sandboxed renderer init scripts
This change gives sandboxed renderer scripts a similar structure to what already
exists in the lib/{browser,renderer,common} directories.

It also allows sandboxed renderer initialization to share more code with
non-sandboxed renderers (ipcRenderer is now imported directly from
lib/renderer/api/ipc-renderer).
2017-03-09 20:39:14 -03:00
Thiago de Arruda
2b8203e383 Make sandboxed ipcRenderer API compatible with non-sandboxed version 2017-03-09 20:39:14 -03:00
Thiago de Arruda
d78f3cae7b Expose builtin v8 modules to AtomSandboxedRendererClient
- Adapt node.cc code that implements `process.binding` to create a similar
  object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
  the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
  binding and store as a hidden value using the `v8_util` module.

This change also required applying a patch to node.js, so the submodule commit
was updated.
2017-03-09 20:39:14 -03:00
Kevin Sawicki
c8ff67ab75 Use spread syntax instead of function apply 2016-12-01 14:56:00 -08:00
Kevin Sawicki
e0afb814aa Only call browserify when one of sandbox sources change 2016-11-07 08:19:59 -08:00
Thiago de Arruda
72154b64ed Embed setup bundle for preload scripts in sandboxed renderers.
Add a gyp target that creates a browserify bundle starting with
`lib/sandboxed_renderer/init.js`, which is embedded into the executable using
the `atom_js2c` target.

The goal of this bundle is to provide a very basic environment for preload
scripts where a `require` function is available.
2016-09-27 06:01:47 -03:00