Improve desktop security by isolating Electron
Enable `contextIsolation` in Electron to securely expose a limited set of Node.js APIs to the renderer process. It: 1. Isolates renderer and main process contexts. It ensures that the powerful main process functions aren't directly accessible from renderer process(es), adding a security boundary. 2. Mitigates remote exploitation risks. By isolating contexts, potential malicious code injections in the renderer can't directly reach and compromise the main process. 3. Reduces attack surface. 4. Protect against prototype pollution: It prevents tampering of JavaScript object prototypes in one context from affecting another context, improving app reliability and security. Supporting changes include: - Extract environment and system operations classes to the infrastructure layer. This removes node dependencies from core domain and application code. - Introduce `ISystemOperations` to encapsulate OS interactions. Use it from `CodeRunner` to isolate node API usage. - Add a preloader script to inject validated environment variables into renderer context. This keeps Electron integration details encapsulated. - Add new sanity check to fail fast on issues with preloader injected variables. - Improve test coverage of runtime sanity checks and environment components. Move validation logic into separate classes for Single Responsibility. - Improve absent value test case generation.
This commit is contained in:
undergroundwires
40
tests/unit/shared/Stubs/LocationOpsStub.ts
Normal file
40
tests/unit/shared/Stubs/LocationOpsStub.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
import { ILocationOps } from '@/infrastructure/Environment/SystemOperations/ISystemOperations';
|
||||
import { StubWithObservableMethodCalls } from './StubWithObservableMethodCalls';
|
||||
|
||||
export class LocationOpsStub
|
||||
extends StubWithObservableMethodCalls<ILocationOps>
|
||||
implements ILocationOps {
|
||||
private sequence = new Array<string>();
|
||||
|
||||
private scenarios = new Map<string, string>();
|
||||
|
||||
public withJoinResult(returnValue: string, ...paths: string[]): this {
|
||||
this.scenarios.set(LocationOpsStub.getScenarioKey(paths), returnValue);
|
||||
return this;
|
||||
}
|
||||
|
||||
public withJoinResultSequence(...valuesToReturn: string[]): this {
|
||||
this.sequence.push(...valuesToReturn);
|
||||
this.sequence.reverse();
|
||||
return this;
|
||||
}
|
||||
|
||||
public combinePaths(...pathSegments: string[]): string {
|
||||
this.registerMethodCall({
|
||||
methodName: 'combinePaths',
|
||||
args: pathSegments,
|
||||
});
|
||||
if (this.sequence.length > 0) {
|
||||
return this.sequence.pop();
|
||||
}
|
||||
const key = LocationOpsStub.getScenarioKey(pathSegments);
|
||||
if (!this.scenarios.has(key)) {
|
||||
return pathSegments.join('/PATH-SEGMENT-SEPARATOR/');
|
||||
}
|
||||
return this.scenarios.get(key);
|
||||
}
|
||||
|
||||
private static getScenarioKey(paths: string[]): string {
|
||||
return paths.join('|');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user