Commit graph

121 commits

Author SHA1 Message Date
Milan Burda
7389dfca59 fix: report module name when require fails in sandboxed renderers (#17413) 2019-03-19 12:00:41 -07:00
Shelley Vohr
38d75010c7
chore: rename atomBinding to electronBinding (#17419) 2019-03-18 12:37:06 -07:00
Milan Burda
a8698d092b chore: increase security of default_app (#17318) 2019-03-11 16:13:46 -07:00
Milan Burda
d34f81972d refactor: make ELECTRON_BROWSER_SANDBOX_LOAD handler async (#17107) 2019-03-08 11:21:41 +01:00
Samuel Maddock
42b7b25ac3 feat: support chrome extensions in sandboxed renderer (#16218)
* Add content script injector to sandboxed renderer

* Fix 'getRenderProcessPreferences' binding to the wrong object

* Pass getRenderProcessPreferences to content-scripts-injector

* Emit document-start and document-end  events in sandboxed renderer

* Use GetContext from RendererClientBase

* Prevent script context crash caused by lazily initialization

* Remove frame filtering logic for onExit callback

Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.

* Add initial content script tests

* Add contextIsolation variants to content script tests

* Add set include

* Fix already loaded extension error

* Add tests for content scripts 'run_at' options

* Catch script injection eval error when CSP forbids it

This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.

* Fix content script tests not properly cleaning up extensions

* Fix lint and type errors
2019-03-07 16:00:28 -08:00
Felix Rieseberg
f3fc4023cf refactor: Port renderer/web-view to TypeScript (#17250) 2019-03-07 15:26:23 -08:00
Felix Rieseberg
596acdcb91 refactor: Port web-frame-init to TypeScript (#16934)
* refactor: Port web-frame-init to TypeScript

* refactor: Use ipcRendererInternal
2019-02-18 00:24:18 +00:00
Felix Rieseberg
6b3ff4f1f7 refactor: Port security warnings to TypeScript (#16937)
* refactor: Port security-warnings to TypeScript

* chore: make aliasify work on .ts files as well

* refactor: Implement feedback <3

* refactor: Correctly call executeJavaScript
2019-02-16 17:06:30 -08:00
Felix Rieseberg
2498e8d1c2 refactor: Port renderer-internal to TypeScript (#16939)
* chore: make aliasify work on .ts files as well

* refactor: Port ipc-renderer-internal to TypeScript

* refactor: Correctly import internal ipcRenderer

* refactor: One more rename

* refactor: Fix one more lint issue

* refactor: Correctly reference ipcRendererInternal
2019-02-14 17:24:25 -08:00
Samuel Attard
5790869a3f
chore: refactor browser IPC into TS and app API into TS (#16921)
* chore: refactor browser IPC into typescript

* chore: refactor app.ts into Typescript

* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
2019-02-14 14:29:20 -08:00
Samuel Attard
01c442de64 refactor: convert more files to typescript (#16820) 2019-02-12 04:22:33 -10:00
Milan Burda
fa5442f211 fix: execute session preload scripts in sandboxed renderers (#16538) 2019-01-29 10:16:46 +09:00
Milan Burda
713df08e3e chore: remove deprecated modules internally using remote.require in sandboxed renderer context (#15957) 2019-01-24 10:53:52 -08:00
Milan Burda
fef262f829 fix: check process.isMainFrame in sandboxed_renderer/init.js (#16500) 2019-01-24 10:53:16 -08:00
Milan Burda
cc90919384 refactor: pass internal flag via IPC message struct for consistency (#16490) 2019-01-23 08:24:57 -08:00
Milan Burda
b965e54efc fix: <webview> not working with contextIsolation + sandbox (#16469) 2019-01-22 10:08:16 +09:00
Milan Burda
7d4a1223fd feat: add preload-error event to webContents (#16411) 2019-01-18 12:03:43 +01:00
Robo
52fe92d02e feat: Upgrade to Chromium 71.0.3578.98 (#15966) 2019-01-11 17:00:43 -08:00
Milan Burda
5c250455ad refactor: pass isWebViewTagEnabled via ELECTRON_BROWSER_SANDBOX_LOAD (#16238) 2019-01-08 10:12:34 +01:00
Milan Burda
3f1d22759a refactor: use helpers for command-line parsing in renderer/init.js (#16239) 2019-01-03 11:22:34 -05:00
Milan Burda
7a6fe00f49 chore: simplify code for modules internally using remote.require in sandbox (#16104) 2018-12-17 22:47:41 +03:00
Cheng Zhao
8584c2f14b
fix: register webview in main world when using contextIsolation (#16067) 2018-12-14 15:38:35 +09:00
Milan Burda
764a10f7c7 refactor: simplify isRemoteModuleEnabled handling in sandboxed renderers (#15961) 2018-12-05 10:07:56 -08:00
Milan Burda
ab2a061b59 refactor: use helpers when using the remote module in sandboxed renderers (#15960) 2018-12-05 10:07:32 -08:00
Milan Burda
d561c5531b feat: deprecate modules internally using remote.require in sandboxed renderer context (#15145) 2018-12-05 10:34:09 +01:00
Milan Burda
559fd5cb31 chore: remove unused module (#15917) 2018-12-02 14:43:04 -08:00
Samuel Attard
0b0a17ff91 fix: load the chrome.* API on chrome-extension pages in sandbox mode (#15563)
With mixed sandbox enabled we need to load the chrome.* APIs in the
sandbox init.js so that chrome extensions load correctly.

This mirrors the equivilant impl in `atom_renderer_client.cc`

Fixes #15561
2018-11-21 12:56:58 -05:00
Milan Burda
d3efc52745 feat: add webPreferences.enableRemoteModule option (#13028) 2018-10-13 20:50:07 +03:00
Milan Burda
b50f86ef43 refactor: use separate ipc-renderer-internal / ipc-main-internal APIs for Electron internals (#13940) 2018-10-07 00:48:00 +13:00
Milan Burda
5efb0fdff1 feat: add security warnings to sandboxed renderers (#14869)
Also refactor not to use the remote module.
2018-10-03 21:36:12 +02:00
Milan Burda
3ad3ade828 refactor: add prefer-const to .eslintrc + fix errors (#14880) 2018-10-02 11:56:31 +10:00
Milan Burda
ce38be74df refactor: simplify process object initialization for sandboxed renderers (#14878)
Also fix `process.windowsStore`.
2018-09-30 23:24:00 +02:00
Milan Burda
b499d57cfd refactor: use error-utils for remote exception serialization / deserialization (#14788)
* refactor: use error-utils for remote exception serialization / deserialization

* fix internal process.type in sandboxed renderer
2018-09-26 15:44:55 +10:00
Samuel Attard
176a76217c
chore: have 'use strict' consistently across our lib files (#14721) 2018-09-23 00:28:50 +12:00
Samuel Attard
54ef906832
[RFC] perf: use an internal module resolver to improve require performance (#14633)
* perf: use an internal module resolver instead of relative requires

* perf: memoize the results of getting exported Electron properties

* perf: make internal module changes consistent across sandboxed / bundled files
2018-09-20 13:43:26 +10:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00
Samuel Attard
14df89f214 Remove the 'getProcessMemoryInfo' API
* Underlying APIs have been removed in Chromium
  * https://chromium-review.googlesource.com/c/chromium/src/+/969089
  * https://chromium-review.googlesource.com/c/chromium/src/+/953723
  * https://bugs.chromium.org/p/chromium/issues/detail?id=819289
* https://github.com/electron/electron/projects/11#card-11509601
2018-09-11 20:21:32 +02:00
Milan Burda
c17a1b37ea feat: add event.senderId property to IPCs sent via ipcRenderer.sendTo (#14395) 2018-08-31 20:13:51 -05:00
Milan Burda
3a79eacb6f refactor: don't expose CallbacksRegistry as an internal module (#14389) 2018-08-31 11:29:00 -07:00
Milan Burda
f1fe485768 fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14310) 2018-08-27 13:16:52 -05:00
Milan Burda
fc85d02786 feat: expose missing process APIs in sandboxed renderers (#13505) 2018-08-21 11:05:45 -07:00
Milan Burda
702cc84bd3 Don't pass preloadPath via ELECTRON_BROWSER_SANDBOX_LOAD for security reasons (#13031) 2018-08-10 17:19:49 -05:00
Milan Burda
db38c8b620 Fix process.execPath returning parent process path instead of the helper in sandboxed renderer (#13839) 2018-07-30 11:13:42 +10:00
Cheng Zhao
305e3aad40
refactor: remove private webContents.getId() API (#13674) 2018-07-23 18:08:36 +09:00
PalmerAL
ffc15e02a6 fix: add native function to create preload script (#13032)
* add native function to create preload script

* add tests

* fix formatting

* fix tests

* rerun CI
2018-07-13 11:17:11 +09:00
Hari Juturu
eb223f8bc3 Enable webview in sandbox renderer (#13435)
* Enable webview in sandbox renderer
Security: Inherit embedder prefs onto webview

* cache lastwebprefs
2018-07-03 02:06:26 +10:00
Alexey Kuzmin
dee9aef975 Add "enable_desktop_capturer" build flag (#13133)
* Make it possible to disable a module for a renderer

* Put DesktopCapturer API under a build flag

The name is "enable_desktop_capturer".
Enabled by default.
2018-06-13 11:15:34 -05:00
Milan Burda
6ad0a22602 Add process.getHeapStatistics() (#13183) 2018-06-10 22:00:36 +10:00
Thiago de Arruda
6f076f7433 Refactor sandbox preload initialization. (#12877)
Use a single synchronous IPC call to retrieve data required by early
sandbox scripts. This has two purposes:

- Optimize preload script initialization by:
  - Using one synchronous IPC call to retrieve preload script,
  webContentsId (more on that later), process.{platform,execPath,env}
  - Lazy loading as many modules as possible.
- Fix #12316 for sandbox. @MarshallOfSound addressed the issue in
  #12342, but it was still present in sandbox mode. By loading
  webContentsId very early and skipping remote module at early
  startup, we fix it for sandbox.
2018-05-21 22:56:05 +10:00
Milan Burda
48fe013549 Expose events (EventEmitter) to sandboxed renderer (#12828) 2018-05-04 09:51:32 -07:00
Jeremy Apthorp
97fb15ac49 Enable WebFrame method forwarding in sandboxed renderers (#12538)
* Enable WebFrame method forwarding in sandboxed renderers

Fixes #9073

* Non-change to kick CI
2018-04-12 11:57:40 +10:00
Nitish Sakhawalkar
9d1527b1df Fix context menu for sandbox devtools (#11933) 2018-03-22 16:15:57 +09:00
Hari Juturu
704af29543 Exposing process.env status (#12166) 2018-03-14 12:01:40 +09:00
Thiago de Arruda
be0e3d9555 Expose desktopCapturer in sandbox mode. 2017-11-16 16:57:29 -03:00
sungpark
eca7ff986c add webFrame to sandboxed renderer 2017-08-23 10:52:02 -07:00
Kevin Sawicki
14178d9826 Expose argv to preload process object 2017-06-26 13:52:19 -07:00
Thiago de Arruda
bbe21cce67 Expose more atom_bindings.cc functions to sandbox 2017-05-01 09:12:39 -03:00
Thiago de Arruda
ce1a5e3c9c Fix sandboxed crashReporter for windows.
- Use `path` module from browser process in sandboxed renderer. This is required
  because the return value of `path.join` is platform-specific, and this is an
  assumtion of crash-reporter.js which is shared between sandboxed and
  non-sandboxed renderers.
- Set `process.platform` and `process.execPath` in sandboxed renderer
  environment. This is required to spawn the windows crash service from
  sandboxed renderer.
- Use a single temporary directory for all crashReporter tests. This is required
  to make tests more deterministic across platforms(since mac's crashpad doesn't
  support changing the crash dump directory). Also make a few improvements/fixes
  to the `uploadToServer` test.
2017-04-05 18:09:24 -03:00
Thiago de Arruda
3a97cfc359 Expose crashReporter to sandbox 2017-03-23 10:01:02 -03:00
Thiago de Arruda
e1aebef57c Make sandbox APIs more compatible with normal renderers
- Expose remote shortcuts for the `fs`, `os` and `child_process` modules.
- Expose the `url` and `timers` modules(the browserify versions)
- Add `process.crash` and `process.platform`
2017-03-23 10:01:02 -03:00
Kevin Sawicki
f71353a4c5 Merge pull request #8939 from electron/expose-remote-to-sandbox
Expose remote module to sandbox
2017-03-17 09:41:59 -07:00
Thiago de Arruda
e9b955b9ec Use remote/fs to read preload script during sandboxed setup
Also expose the "fs" module to preload scripts, as a shortcut to
`require('electron').remote.require('fs')`
2017-03-16 14:23:00 -03:00
Thiago de Arruda
f6befbe764 Expose lib/renderer/api/remote.js to sandboxed renderer 2017-03-16 14:21:23 -03:00
Thiago de Arruda
a6e4867111 Handle Buffer deserialization in sandboxed renderers
In sandboxed renderers we use browserify to provide a node-like environment. The
Buffer class used by browserify is actually just a wrapper around Uint8Array,
but to deserialize Buffer correctly we must expose the class as a hidden value
and use it in V8ValueConverter.
2017-03-16 13:20:09 -03:00
Thiago de Arruda
da023b72ee Dynamically generate dependencies of browserify build actions
Instead of having to list in filenames.gypi every javascript file that may go
into a browserify build, generate this list dynamically when the build files are
created by gyp.
2017-03-10 16:30:23 -03:00
Thiago de Arruda
cd05834d96 Refactor sandboxed renderer init scripts
This change gives sandboxed renderer scripts a similar structure to what already
exists in the lib/{browser,renderer,common} directories.

It also allows sandboxed renderer initialization to share more code with
non-sandboxed renderers (ipcRenderer is now imported directly from
lib/renderer/api/ipc-renderer).
2017-03-09 20:39:14 -03:00
Thiago de Arruda
2b8203e383 Make sandboxed ipcRenderer API compatible with non-sandboxed version 2017-03-09 20:39:14 -03:00
Thiago de Arruda
d78f3cae7b Expose builtin v8 modules to AtomSandboxedRendererClient
- Adapt node.cc code that implements `process.binding` to create a similar
  object in AtomSandboxedRendererClient.
- Replace the ipc binding object passed to `lib/sandboxed_renderer/init.js` by
  the new binding object.
- Refactor the initialization script to use this new object to fetch the ipc
  binding and store as a hidden value using the `v8_util` module.

This change also required applying a patch to node.js, so the submodule commit
was updated.
2017-03-09 20:39:14 -03:00
Kevin Sawicki
c8ff67ab75 Use spread syntax instead of function apply 2016-12-01 14:56:00 -08:00
Kevin Sawicki
e0afb814aa Only call browserify when one of sandbox sources change 2016-11-07 08:19:59 -08:00
Thiago de Arruda
72154b64ed Embed setup bundle for preload scripts in sandboxed renderers.
Add a gyp target that creates a browserify bundle starting with
`lib/sandboxed_renderer/init.js`, which is embedded into the executable using
the `atom_js2c` target.

The goal of this bundle is to provide a very basic environment for preload
scripts where a `require` function is available.
2016-09-27 06:01:47 -03:00