🔒️ disable sandbox and nodeIntegration (preload.js)

Signed-off-by: Marc Nuri <[email protected]>
manusa · Sep 6, 2022 · 20d9b7f · 20d9b7f
1 parent 21793e3
commit 20d9b7f
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 16 deletions.
diff --git a/src/chrome-tabs/index.js b/src/chrome-tabs/index.js
@@ -14,6 +14,7 @@
    limitations under the License.
  */
 const {BrowserView, Menu, MenuItem} = require('electron');
+const path = require('path');
 const {openHelpDialog} = require('../help');
 const {openSettingsDialog} = require('../settings');
 
@@ -22,8 +23,9 @@ const TABS_CONTAINER_HEIGHT = 46;
 const webPreferences = {
   contextIsolation: false,
   nativeWindowOpen: true,
-  nodeIntegration: true,
-  preload: `${__dirname}/preload.js`,
+  nodeIntegration: false,
+  sandbox: false,
+  preload: path.resolve(__dirname, 'preload.js'),
   partition: 'persist:electronim'
 };
 

diff --git a/src/constants/index.js b/src/constants/index.js
@@ -16,7 +16,13 @@
 const fs = require('fs');
 const path = require('path');
 
-const ROOT_DIR = path.resolve(__dirname, '../../');
+const findRootDir = () => {
+  let rootDir = __dirname;
+  while (!fs.existsSync(path.join(rootDir, 'package.json'))) {
+    rootDir = path.join(rootDir, '..');
+  }
+  return rootDir;
+};
 
 const APP_EVENTS = {
   activateTab: 'activateTab',
@@ -39,7 +45,7 @@ const APP_EVENTS = {
   zoomReset: 'zoomReset'
 };
 
-const ELECTRONIM_VERSION = JSON.parse(fs.readFileSync(path.resolve(ROOT_DIR, 'package.json'), 'utf8')).version;
+const ELECTRONIM_VERSION = JSON.parse(fs.readFileSync(path.resolve(findRootDir(), 'package.json'), 'utf8')).version;
 
 module.exports = {
   APP_EVENTS, ELECTRONIM_VERSION

diff --git a/src/help/index.js b/src/help/index.js
@@ -25,8 +25,9 @@ const DOCS_DIR = path.resolve(__dirname, '../../docs');
 const webPreferences = {
   contextIsolation: false,
   nativeWindowOpen: true,
-  nodeIntegration: true,
-  preload: `${__dirname}/preload.js`
+  nodeIntegration: false,
+  sandbox: false,
+  preload: path.resolve(__dirname, 'preload.js')
 };
 
 // Visible for testing

diff --git a/src/main/index.js b/src/main/index.js
@@ -14,6 +14,7 @@
    limitations under the License.
  */
 const {BrowserWindow, Notification, app, desktopCapturer, ipcMain: ipc} = require('electron');
+const path = require('path');
 const {APP_EVENTS} = require('../constants');
 const {TABS_CONTAINER_HEIGHT, initTabContainer} = require('../chrome-tabs');
 const {loadSettings, updateSettings, openSettingsDialog} = require('../settings');
@@ -24,8 +25,8 @@ const {initBrowserVersions, userAgentForView} = require('../user-agent');
 const webPreferences = {
   contextIsolation: false,
   nativeWindowOpen: true,
-  nodeIntegration: true,
-  preload: `${__dirname}/preload.js`,
+  sandbox: false,
+  preload: path.resolve(__dirname, 'preload.js'),
   partition: 'persist:electronim'
 };
 
@@ -191,7 +192,6 @@ const init = () => {
       }).show();
       browserVersionsReady();
     });
-
   return mainWindow;
 };
 

diff --git a/src/settings/index.js b/src/settings/index.js
@@ -26,8 +26,9 @@ const DEFAULT_SETTINGS = {tabs: [], enabledDictionaries: ['en-US']};
 const webPreferences = {
   contextIsolation: false,
   nativeWindowOpen: true,
-  nodeIntegration: true,
-  preload: `${__dirname}/preload.js`,
+  nodeIntegration: false,
+  sandbox: false,
+  preload: path.resolve(__dirname, 'preload.js'),
   partition: 'persist:electronim'
 };
 

diff --git a/src/tab-manager/__tests__/index.test.js b/src/tab-manager/__tests__/index.test.js
@@ -24,7 +24,7 @@ describe('Tab Manager module test suite', () => {
     mockBrowserView = {
       setAutoResize: jest.fn(),
       webContents: {
-        executeJavaScript: jest.fn(),
+        executeJavaScript: jest.fn(async () => {}),
         on: jest.fn(),
         loadURL: jest.fn(),
         userAgent: 'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/1337.36 (KHTML, like Gecko) ElectronIM/13.337.0 Chrome/WillBeReplacedByLatestChromium Electron/0.0.99 Safari/537.36',

diff --git a/src/tab-manager/index.js b/src/tab-manager/index.js
@@ -14,6 +14,7 @@
    limitations under the License.
  */
 const {app, BrowserView, Menu, MenuItem, session} = require('electron');
+const path = require('path');
 const {APP_EVENTS} = require('../constants');
 const settings = require('../settings');
 const {contextMenuHandler} = require('../spell-check');
@@ -26,8 +27,9 @@ const tabs = {};
 const webPreferences = {
   contextIsolation: false,
   nativeWindowOpen: true,
-  nodeIntegration: true,
-  preload: `${__dirname}/preload.js`
+  nodeIntegration: false,
+  sandbox: false,
+  preload: path.resolve(__dirname, 'preload.js')
 };
 
 const handlePageTitleUpdated = (ipcSender, tabId) => (_e, title) => {
@@ -104,7 +106,7 @@ const addTabs = ipcSender => tabsMetadata => {
 
     const registerIdInTab = () => tab.webContents.executeJavaScript(`window.tabId = '${id}';`);
     tab.webContents.on('dom-ready', registerIdInTab);
-    registerIdInTab();
+    registerIdInTab().then();
 
     tabs[id.toString()] = tab;
   });

diff --git a/src/tab-manager/preload.js b/src/tab-manager/preload.js
@@ -13,8 +13,8 @@
    See the License for the specific language governing permissions and
    limitations under the License.
  */
-require('../main/preload');
 const {webFrame} = require('electron');
+require('../main/preload');
 require('./browser-notification-shim');
 require('./browser-mediadevices-shim');
 const {initKeyboardShortcuts} = require('./browser-keyboard-shortcuts');