Improve desktop security by isolating Electron
Enable `contextIsolation` in Electron to securely expose a limited set of Node.js APIs to the renderer process. It: 1. Isolates renderer and main process contexts. It ensures that the powerful main process functions aren't directly accessible from renderer process(es), adding a security boundary. 2. Mitigates remote exploitation risks. By isolating contexts, potential malicious code injections in the renderer can't directly reach and compromise the main process. 3. Reduces attack surface. 4. Protect against prototype pollution: It prevents tampering of JavaScript object prototypes in one context from affecting another context, improving app reliability and security. Supporting changes include: - Extract environment and system operations classes to the infrastructure layer. This removes node dependencies from core domain and application code. - Introduce `ISystemOperations` to encapsulate OS interactions. Use it from `CodeRunner` to isolate node API usage. - Add a preloader script to inject validated environment variables into renderer context. This keeps Electron integration details encapsulated. - Add new sanity check to fail fast on issues with preloader injected variables. - Improve test coverage of runtime sanity checks and environment components. Move validation logic into separate classes for Single Responsibility. - Improve absent value test case generation.
This commit is contained in:
undergroundwires
31
src/infrastructure/RuntimeSanity/Common/FactoryValidator.ts
Normal file
31
src/infrastructure/RuntimeSanity/Common/FactoryValidator.ts
Normal file
@@ -0,0 +1,31 @@
|
||||
import { ISanityCheckOptions } from './ISanityCheckOptions';
|
||||
import { ISanityValidator } from './ISanityValidator';
|
||||
|
||||
export type FactoryFunction<T> = () => T;
|
||||
|
||||
export abstract class FactoryValidator<T> implements ISanityValidator {
|
||||
private readonly factory: FactoryFunction<T>;
|
||||
|
||||
protected constructor(factory: FactoryFunction<T>) {
|
||||
if (!factory) {
|
||||
throw new Error('missing factory');
|
||||
}
|
||||
this.factory = factory;
|
||||
}
|
||||
|
||||
public abstract shouldValidate(options: ISanityCheckOptions): boolean;
|
||||
|
||||
public abstract name: string;
|
||||
|
||||
public* collectErrors(): Iterable<string> {
|
||||
try {
|
||||
const value = this.factory();
|
||||
if (!value) {
|
||||
// Do not remove this check, it ensures that the factory call is not optimized away.
|
||||
yield 'Factory resulted in a falsy value';
|
||||
}
|
||||
} catch (error) {
|
||||
yield `Error in factory creation: ${error.message}`;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,3 +1,4 @@
|
||||
export interface ISanityCheckOptions {
|
||||
readonly validateMetadata: boolean;
|
||||
readonly validateEnvironment: boolean;
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
import { ISanityCheckOptions } from './ISanityCheckOptions';
|
||||
|
||||
export interface ISanityValidator {
|
||||
readonly name: string;
|
||||
shouldValidate(options: ISanityCheckOptions): boolean;
|
||||
collectErrors(): Iterable<string>;
|
||||
}
|
||||
@@ -1,24 +1,23 @@
|
||||
import { ISanityCheckOptions } from './ISanityCheckOptions';
|
||||
import { ISanityValidator } from './ISanityValidator';
|
||||
import { ISanityCheckOptions } from './Common/ISanityCheckOptions';
|
||||
import { ISanityValidator } from './Common/ISanityValidator';
|
||||
import { MetadataValidator } from './Validators/MetadataValidator';
|
||||
|
||||
const SanityValidators: ISanityValidator[] = [
|
||||
const DefaultSanityValidators: ISanityValidator[] = [
|
||||
new MetadataValidator(),
|
||||
];
|
||||
|
||||
/* Helps to fail-fast on errors */
|
||||
export function validateRuntimeSanity(
|
||||
options: ISanityCheckOptions,
|
||||
validators: readonly ISanityValidator[] = SanityValidators,
|
||||
validators: readonly ISanityValidator[] = DefaultSanityValidators,
|
||||
): void {
|
||||
if (!options) {
|
||||
throw new Error('missing options');
|
||||
}
|
||||
if (!validators?.length) {
|
||||
throw new Error('missing validators');
|
||||
}
|
||||
validateContext(options, validators);
|
||||
const errorMessages = validators.reduce((errors, validator) => {
|
||||
if (validator.shouldValidate(options)) {
|
||||
errors.push(...validator.collectErrors());
|
||||
const errorMessage = getErrorMessage(validator);
|
||||
if (errorMessage) {
|
||||
errors.push(errorMessage);
|
||||
}
|
||||
}
|
||||
return errors;
|
||||
}, new Array<string>());
|
||||
@@ -26,3 +25,26 @@ export function validateRuntimeSanity(
|
||||
throw new Error(`Sanity check failed.\n${errorMessages.join('\n---\n')}`);
|
||||
}
|
||||
}
|
||||
|
||||
function validateContext(
|
||||
options: ISanityCheckOptions,
|
||||
validators: readonly ISanityValidator[],
|
||||
) {
|
||||
if (!options) {
|
||||
throw new Error('missing options');
|
||||
}
|
||||
if (!validators?.length) {
|
||||
throw new Error('missing validators');
|
||||
}
|
||||
if (validators.some((validator) => !validator)) {
|
||||
throw new Error('missing validator in validators');
|
||||
}
|
||||
}
|
||||
|
||||
function getErrorMessage(validator: ISanityValidator): string | undefined {
|
||||
const errorMessages = [...validator.collectErrors()];
|
||||
if (!errorMessages.length) {
|
||||
return undefined;
|
||||
}
|
||||
return `${validator.name}:\n${errorMessages.join('\n')}`;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
import { Environment } from '@/infrastructure/Environment/Environment';
|
||||
import { IEnvironment } from '@/infrastructure/Environment/IEnvironment';
|
||||
import { ISanityCheckOptions } from '../Common/ISanityCheckOptions';
|
||||
import { FactoryValidator, FactoryFunction } from '../Common/FactoryValidator';
|
||||
|
||||
export class EnvironmentValidator extends FactoryValidator<IEnvironment> {
|
||||
constructor(factory: FactoryFunction<IEnvironment> = () => Environment.CurrentEnvironment) {
|
||||
super(factory);
|
||||
}
|
||||
|
||||
public override name = 'environment';
|
||||
|
||||
public override shouldValidate(options: ISanityCheckOptions): boolean {
|
||||
return options.validateEnvironment;
|
||||
}
|
||||
}
|
||||
@@ -1,66 +1,16 @@
|
||||
import { IAppMetadata } from '@/infrastructure/Metadata/IAppMetadata';
|
||||
import { AppMetadataFactory } from '@/infrastructure/Metadata/AppMetadataFactory';
|
||||
import { ISanityCheckOptions } from '../ISanityCheckOptions';
|
||||
import { ISanityValidator } from '../ISanityValidator';
|
||||
import { ISanityCheckOptions } from '../Common/ISanityCheckOptions';
|
||||
import { FactoryValidator, FactoryFunction } from '../Common/FactoryValidator';
|
||||
|
||||
export class MetadataValidator implements ISanityValidator {
|
||||
private readonly metadata: IAppMetadata;
|
||||
|
||||
constructor(metadataFactory: () => IAppMetadata = () => AppMetadataFactory.Current) {
|
||||
this.metadata = metadataFactory();
|
||||
export class MetadataValidator extends FactoryValidator<IAppMetadata> {
|
||||
constructor(factory: FactoryFunction<IAppMetadata> = () => AppMetadataFactory.Current.instance) {
|
||||
super(factory);
|
||||
}
|
||||
|
||||
public shouldValidate(options: ISanityCheckOptions): boolean {
|
||||
public override name = 'metadata';
|
||||
|
||||
public override shouldValidate(options: ISanityCheckOptions): boolean {
|
||||
return options.validateMetadata;
|
||||
}
|
||||
|
||||
public* collectErrors(): Iterable<string> {
|
||||
if (!this.metadata) {
|
||||
yield 'missing metadata';
|
||||
return;
|
||||
}
|
||||
const keyValues = capturePropertyValues(this.metadata);
|
||||
if (!Object.keys(keyValues).length) {
|
||||
yield 'Unable to capture metadata key/value pairs';
|
||||
return;
|
||||
}
|
||||
const keysMissingValue = getMissingMetadataKeys(keyValues);
|
||||
if (keysMissingValue.length > 0) {
|
||||
yield `Metadata keys missing: ${keysMissingValue.join(', ')}`;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function getMissingMetadataKeys(keyValuePairs: Record<string, unknown>): string[] {
|
||||
return Object.entries(keyValuePairs)
|
||||
.reduce((acc, [key, value]) => {
|
||||
if (!value) {
|
||||
acc.push(key);
|
||||
}
|
||||
return acc;
|
||||
}, new Array<string>());
|
||||
}
|
||||
|
||||
/**
|
||||
* Captures values of properties and getters from the provided instance.
|
||||
* Necessary because code transformations can make class getters non-enumerable during bundling.
|
||||
* This ensures that even if getters are non-enumerable, their values are still captured and used.
|
||||
*/
|
||||
function capturePropertyValues(instance: unknown): Record<string, unknown> {
|
||||
const obj: Record<string, unknown> = {};
|
||||
const descriptors = Object.getOwnPropertyDescriptors(instance.constructor.prototype);
|
||||
|
||||
// Capture regular properties from the instance
|
||||
for (const [key, value] of Object.entries(instance)) {
|
||||
obj[key] = value;
|
||||
}
|
||||
|
||||
// Capture getter properties from the instance's prototype
|
||||
for (const [key, descriptor] of Object.entries(descriptors)) {
|
||||
if (typeof descriptor.get === 'function') {
|
||||
obj[key] = descriptor.get.call(instance);
|
||||
}
|
||||
}
|
||||
|
||||
return obj;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user