Improve security by isolating code execution more
This commit enhances application security against potential attacks by isolating dependencies that access the host system (like file operations) from the renderer process. It narrows the exposed functionality to script execution only, adding an extra security layer. The changes allow secure and scalable API exposure, preparing for future functionalities such as desktop notifications for script errors (#264), improved script execution handling (#296), and creating restore points (#50) in a secure and repeatable way. Changes include: - Inject `CodeRunner` into Vue components via dependency injection. - Move `CodeRunner` to the application layer as an abstraction for better domain-driven design alignment. - Refactor `SystemOperations` and related interfaces, removing the `I` prefix. - Update architecture documentation for clarity. - Update return types in `NodeSystemOperations` to match the Node APIs. - Improve `WindowVariablesProvider` integration tests for better error context. - Centralize type checks with common functions like `isArray` and `isNumber`. - Change `CodeRunner` to use `os` parameter, ensuring correct window variable injection. - Streamline API exposure to the renderer process: - Automatically bind function contexts to prevent loss of original context. - Implement a way to create facades (wrapper/proxy objects) for increased security.
This commit is contained in:
undergroundwires
7
tests/unit/shared/Stubs/CodeRunnerStub.ts
Normal file
7
tests/unit/shared/Stubs/CodeRunnerStub.ts
Normal file
@@ -0,0 +1,7 @@
|
||||
import { CodeRunner } from '@/application/CodeRunner';
|
||||
|
||||
export class CodeRunnerStub implements CodeRunner {
|
||||
public runCode(): Promise<void> {
|
||||
return Promise.resolve();
|
||||
}
|
||||
}
|
||||
@@ -1,13 +1,14 @@
|
||||
import { ICommandOps } from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import { CommandOps } from '@/infrastructure/CodeRunner/SystemOperations/SystemOperations';
|
||||
import { StubWithObservableMethodCalls } from './StubWithObservableMethodCalls';
|
||||
|
||||
export class CommandOpsStub
|
||||
extends StubWithObservableMethodCalls<ICommandOps>
|
||||
implements ICommandOps {
|
||||
public execute(command: string): void {
|
||||
extends StubWithObservableMethodCalls<CommandOps>
|
||||
implements CommandOps {
|
||||
public execute(command: string): Promise<void> {
|
||||
this.registerMethodCall({
|
||||
methodName: 'execute',
|
||||
args: [command],
|
||||
});
|
||||
return Promise.resolve();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { IFileSystemOps } from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import { FileSystemOps } from '@/infrastructure/CodeRunner/SystemOperations/SystemOperations';
|
||||
import { StubWithObservableMethodCalls } from './StubWithObservableMethodCalls';
|
||||
|
||||
export class FileSystemOpsStub
|
||||
extends StubWithObservableMethodCalls<IFileSystemOps>
|
||||
implements IFileSystemOps {
|
||||
extends StubWithObservableMethodCalls<FileSystemOps>
|
||||
implements FileSystemOps {
|
||||
public setFilePermissions(filePath: string, mode: string | number): Promise<void> {
|
||||
this.registerMethodCall({
|
||||
methodName: 'setFilePermissions',
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { ILocationOps } from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import { LocationOps } from '@/infrastructure/CodeRunner/SystemOperations/SystemOperations';
|
||||
import { StubWithObservableMethodCalls } from './StubWithObservableMethodCalls';
|
||||
|
||||
export class LocationOpsStub
|
||||
extends StubWithObservableMethodCalls<ILocationOps>
|
||||
implements ILocationOps {
|
||||
extends StubWithObservableMethodCalls<LocationOps>
|
||||
implements LocationOps {
|
||||
private sequence = new Array<string>();
|
||||
|
||||
private scenarios = new Map<string, string>();
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { IOperatingSystemOps } from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import { OperatingSystemOps } from '@/infrastructure/CodeRunner/SystemOperations/SystemOperations';
|
||||
import { StubWithObservableMethodCalls } from './StubWithObservableMethodCalls';
|
||||
|
||||
export class OperatingSystemOpsStub
|
||||
extends StubWithObservableMethodCalls<IOperatingSystemOps>
|
||||
implements IOperatingSystemOps {
|
||||
extends StubWithObservableMethodCalls<OperatingSystemOps>
|
||||
implements OperatingSystemOps {
|
||||
private temporaryDirectory = '/stub-temp-dir/';
|
||||
|
||||
public withTemporaryDirectoryResult(directory: string): this {
|
||||
|
||||
@@ -1,40 +1,40 @@
|
||||
import {
|
||||
ICommandOps,
|
||||
IFileSystemOps,
|
||||
IOperatingSystemOps,
|
||||
ILocationOps,
|
||||
ISystemOperations,
|
||||
} from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import type {
|
||||
CommandOps,
|
||||
FileSystemOps,
|
||||
OperatingSystemOps,
|
||||
LocationOps,
|
||||
SystemOperations,
|
||||
} from '@/infrastructure/CodeRunner/SystemOperations/SystemOperations';
|
||||
import { CommandOpsStub } from './CommandOpsStub';
|
||||
import { FileSystemOpsStub } from './FileSystemOpsStub';
|
||||
import { LocationOpsStub } from './LocationOpsStub';
|
||||
import { OperatingSystemOpsStub } from './OperatingSystemOpsStub';
|
||||
|
||||
export class SystemOperationsStub implements ISystemOperations {
|
||||
public operatingSystem: IOperatingSystemOps = new OperatingSystemOpsStub();
|
||||
export class SystemOperationsStub implements SystemOperations {
|
||||
public operatingSystem: OperatingSystemOps = new OperatingSystemOpsStub();
|
||||
|
||||
public location: ILocationOps = new LocationOpsStub();
|
||||
public location: LocationOps = new LocationOpsStub();
|
||||
|
||||
public fileSystem: IFileSystemOps = new FileSystemOpsStub();
|
||||
public fileSystem: FileSystemOps = new FileSystemOpsStub();
|
||||
|
||||
public command: ICommandOps = new CommandOpsStub();
|
||||
public command: CommandOps = new CommandOpsStub();
|
||||
|
||||
public withOperatingSystem(operatingSystemOps: IOperatingSystemOps): this {
|
||||
public withOperatingSystem(operatingSystemOps: OperatingSystemOps): this {
|
||||
this.operatingSystem = operatingSystemOps;
|
||||
return this;
|
||||
}
|
||||
|
||||
public withLocation(location: ILocationOps): this {
|
||||
public withLocation(location: LocationOps): this {
|
||||
this.location = location;
|
||||
return this;
|
||||
}
|
||||
|
||||
public withFileSystem(fileSystem: IFileSystemOps): this {
|
||||
public withFileSystem(fileSystem: FileSystemOps): this {
|
||||
this.fileSystem = fileSystem;
|
||||
return this;
|
||||
}
|
||||
|
||||
public withCommand(command: ICommandOps): this {
|
||||
public withCommand(command: CommandOps): this {
|
||||
this.command = command;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
import { OperatingSystem } from '@/domain/OperatingSystem';
|
||||
import { Logger } from '@/application/Common/Log/Logger';
|
||||
import { ISystemOperations } from '@/infrastructure/SystemOperations/ISystemOperations';
|
||||
import { WindowVariables } from '@/infrastructure/WindowVariables/WindowVariables';
|
||||
import { SystemOperationsStub } from './SystemOperationsStub';
|
||||
import { CodeRunner } from '@/application/CodeRunner';
|
||||
import { LoggerStub } from './LoggerStub';
|
||||
import { CodeRunnerStub } from './CodeRunnerStub';
|
||||
|
||||
export class WindowVariablesStub implements WindowVariables {
|
||||
public system?: ISystemOperations = new SystemOperationsStub();
|
||||
public codeRunner?: CodeRunner = new CodeRunnerStub();
|
||||
|
||||
public isDesktop = false;
|
||||
|
||||
@@ -29,8 +29,8 @@ export class WindowVariablesStub implements WindowVariables {
|
||||
return this;
|
||||
}
|
||||
|
||||
public withSystem(value?: ISystemOperations): this {
|
||||
this.system = value;
|
||||
public withCodeRunner(value?: CodeRunner): this {
|
||||
this.codeRunner = value;
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user