From f1fe485768eb0267db58ffaea8914aecd88ec23b Mon Sep 17 00:00:00 2001 From: Milan Burda Date: Mon, 27 Aug 2018 20:16:52 +0200 Subject: [PATCH] fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14310) --- lib/browser/rpc-server.js | 4 +- .../api/exports/electron.js | 63 +++++-------------- lib/sandboxed_renderer/api/module-list.js | 39 ++++++++++++ lib/sandboxed_renderer/init.js | 4 +- 4 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 lib/sandboxed_renderer/api/module-list.js diff --git a/lib/browser/rpc-server.js b/lib/browser/rpc-server.js index aa284864a1bf7..1114d641160f2 100644 --- a/lib/browser/rpc-server.js +++ b/lib/browser/rpc-server.js @@ -438,8 +438,8 @@ ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event) { } } event.returnValue = { - preloadSrc: preloadSrc, - preloadError: preloadError, + preloadSrc, + preloadError, process: { arch: process.arch, platform: process.platform, diff --git a/lib/sandboxed_renderer/api/exports/electron.js b/lib/sandboxed_renderer/api/exports/electron.js index 3a2615152a65d..693c5e7539ed0 100644 --- a/lib/sandboxed_renderer/api/exports/electron.js +++ b/lib/sandboxed_renderer/api/exports/electron.js @@ -1,48 +1,17 @@ -Object.defineProperties(exports, { - ipcRenderer: { - enumerable: true, - get: function () { - return require('../ipc-renderer') - } - }, - remote: { - enumerable: true, - get: function () { - return require('../../../renderer/api/remote') - } - }, - webFrame: { - enumerable: true, - get: function () { - return require('../../../renderer/api/web-frame') - } - }, - crashReporter: { - enumerable: true, - get: function () { - return require('../../../common/api/crash-reporter') - } - }, - CallbacksRegistry: { - get: function () { - return require('../../../common/api/callbacks-registry') - } - }, - isPromise: { - get: function () { - return require('../../../common/api/is-promise') - } - }, - // XXX(alexeykuzmin): It won't be available if the Desktop Capturer - // was disabled during build time. - desktopCapturer: { - get: function () { - return require('../../../renderer/api/desktop-capturer') - } - }, - nativeImage: { - get: function () { - return require('../../../common/api/native-image') - } +const moduleList = require('../module-list') + +for (const { + name, + load, + enabled = true, + private: isPrivate = false + } of moduleList) { + if (!enabled) { + continue } -}) + + Object.defineProperty(exports, name, { + enumerable: !isPrivate, + get: load + }) +} diff --git a/lib/sandboxed_renderer/api/module-list.js b/lib/sandboxed_renderer/api/module-list.js new file mode 100644 index 0000000000000..845cb1d406059 --- /dev/null +++ b/lib/sandboxed_renderer/api/module-list.js @@ -0,0 +1,39 @@ +const features = process.atomBinding('features') + +module.exports = [ + { + name: 'CallbacksRegistry', + load: () => require('../../common/api/callbacks-registry'), + private: true + }, + { + name: 'crashReporter', + load: () => require('../../common/api/crash-reporter') + }, + { + name: 'desktopCapturer', + load: () => require('../../renderer/api/desktop-capturer'), + enabled: features.isDesktopCapturerEnabled() + }, + { + name: 'ipcRenderer', + load: () => require('./ipc-renderer') + }, + { + name: 'isPromise', + load: () => require('../../common/api/is-promise'), + private: true + }, + { + name: 'nativeImage', + load: () => require('../../common/api/native-image') + }, + { + name: 'remote', + load: () => require('../../renderer/api/remote') + }, + { + name: 'webFrame', + load: () => require('../../renderer/api/web-frame') + } +] diff --git a/lib/sandboxed_renderer/init.js b/lib/sandboxed_renderer/init.js index 30a3fa55216f6..afb505490e659 100644 --- a/lib/sandboxed_renderer/init.js +++ b/lib/sandboxed_renderer/init.js @@ -1,10 +1,12 @@ /* eslint no-eval: "off" */ /* global binding, Buffer */ const events = require('events') -const electron = require('electron') process.atomBinding = require('../common/atom-binding-setup')(binding.get, 'renderer') +// The electron module depends on process.atomBinding +const electron = require('electron') + const v8Util = process.atomBinding('v8_util') // Expose browserify Buffer as a hidden value. This is used by C++ code to // deserialize Buffer instances sent from browser process.