// Copyright (c) 2018 GitHub, Inc. // Use of this source code is governed by the MIT license that can be // found in the LICENSE file. #include "shell/app/command_line_args.h" #include #include #include "sandbox/policy/switches.h" #include "shell/common/options_switches.h" namespace { #if BUILDFLAG(IS_WIN) constexpr auto DashDash = base::CommandLine::StringPieceType{L"--"}; #else constexpr auto DashDash = base::CommandLine::StringPieceType{"--"}; #endif // we say it's a URL arg if it starts with a URI scheme that: // 1. starts with an alpha, and // 2. contains no spaces, and // 3. is longer than one char (to ensure it's not a Windows drive path) bool IsUrlArg(const base::CommandLine::StringPieceType arg) { const auto scheme_end = arg.find(':'); if (scheme_end == base::CommandLine::StringPieceType::npos) return false; const auto& c_locale = std::locale::classic(); const auto isspace = [&](auto ch) { return std::isspace(ch, c_locale); }; const auto scheme = arg.substr(0U, scheme_end); return std::size(scheme) > 1U && std::isalpha(scheme.front(), c_locale) && std::ranges::none_of(scheme, isspace); } } // namespace namespace electron { // Check for CVE-2018-1000006 issues. Return true iff argv looks safe. // Sample exploit: 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa=' // Prevent it by returning false if any arg except '--' follows a URL arg. // More info at https://www.electronjs.org/blog/protocol-handler-fix bool CheckCommandLineArguments(const base::CommandLine::StringVector& argv) { bool block_args = false; for (const auto& arg : argv) { if (arg == DashDash) break; if (block_args) return false; if (IsUrlArg(arg)) block_args = true; } return true; } bool IsSandboxEnabled(base::CommandLine* command_line) { return command_line->HasSwitch(switches::kEnableSandbox) || !command_line->HasSwitch(sandbox::policy::switches::kNoSandbox); } } // namespace electron