This commit improves the management of script execution process by
enhancing the way terminal commands are handled, paving the way for
easier future modifications and providing clearer feedback to users when
scripts are cancelled.
Previously, the UI displayed a generic error message which could lead to
confusion if the user intentionally cancelled the script execution. Now,
a specific error dialog will appear, improving the user experience by
accurately reflecting the action taken by the user.
This change affects code execution on Linux where closing GNOME terminal
returns exit code `137` which is then treated by script cancellation by
privacy.sexy to show the accurate error dialog. It does not affect macOS
and Windows as curret commands result in success (`0`) exit code on
cancellation.
Additionally, this update encapsulates OS-specific logic into dedicated
classes, promoting better separation of concerns and increasing the
modularity of the codebase. This makes it simpler to maintain and extend
the application.
Key changes:
- Display a specific error message for script cancellations.
- Refactor command execution into dedicated classes.
- Improve file permission setting flexibility and avoid setting file
permissions on Windows as it's not required to execute files.
- Introduce more granular error types for script execution.
- Increase logging for shell commands to aid in debugging.
- Expand test coverage to ensure reliability.
- Fix error dialogs not showing the error messages due to incorrect
propagation of errors.
Other supported changes:
- Update `SECURITY.md` with details on script readback and verification.
- Fix a typo in `IpcRegistration.spec.ts`.
- Document antivirus scans in `desktop-vs-web-features.md`.
This commit upgrades the `vitest` library to its first major version
(v1) resolving issues with previously unexecuted tests due to improperly
nested `it` blocks.
The migration to v1 uncovered error messages indicating the misuse of
`it` blocks, as described in vitest-dev/vitest#4229 and
vitest-dev/vitest#4262, prompting a restructuring of test cases for
proper execution.
Additionally, this commit adjusts singleton test definitions in
`DependencyProvider.spec.ts` to better reflect real usage scenarios and
correctly implement singleton pattern tests, enhancing test reliability.
Changes:
- Upgrade `vitest` from v0 to v1.
- Correct test definitions by organizing `it` blocks within `describe`
blocks.
- Fix singleton test definition in `DependencyProvider.spec.ts`.
This commit upgrades TypeScript to the latest version 5.3 and introduces
`verbatimModuleSyntax` in line with the official Vue guide
recommendatinos (vuejs/docs#2592).
By enforcing `import type` for type-only imports, this commit improves
code clarity and supports tooling optimization, ensuring imports are
only bundled when necessary for runtime.
Changes:
- Bump TypeScript to 5.3.3 across the project.
- Adjust import statements to utilize `import type` where applicable,
promoting cleaner and more efficient code.
This commit improves markdown rendering to convert reference labels
(e.g., `[1]`) to superscripts, improving document readability without
cluttering the text. This improvement applies documentation of all
scripts and categories.
Changes:
- Implement superscript conversion for reference labels within markdown
content, ensuring a cleaner presentation of textual references.
- Enable HTML content within markdown, necessary for inserting `<sup>`
elements due to limitations in `markdown-it`, see
markdown-it/markdown-it#999 for details.
- Refactor markdown rendering process for improved testability and
adherence to the Single Responsibility Principle.
- Create `_typography.scss` with font size definitions, facilitating
better control over text presentation.
- Adjust external URL indicator icon sizing for consistency, aligning
images with the top of the text to maintain a uniform appearence.
- Use normal font-size explicitly for documentation text to ensure
consistency.
- Remove text size specification in `markdown-styles` mixin, using `1em`
for spacing to simplify styling.
- Rename font sizing variables for clarity, distinguishing between
absolute and relative units.
- Change `font-size-relative-smaller` to be `80%`, browser default for
`font-size: smaller;` CSS style and use it with `<sup>` elements.
- Improve the logic for converting plain URLs to hyperlinks, removing
trailing whitespace for cleaner link generation.
- Fix plain URL to hyperlink (autolinking) logic removing trailing
whitespace from the original markdown content. This was revealed by
tests after separating its logic.
- Increase test coverage with more tests.
- Add types for `markdown-it` through `@types/markdown-it` package for
better editor support and maintainability.
- Simplify implementation of adding custom anchor attributes in
`markdown-it` using latest documentation.
- Include the script's directory path #304.
- Exclude Windows-specific instructions on non-Windows OS.
- Standardize language across dialogs for consistency.
Other supporting changes:
- Add script diagnostics data collection from main process.
- Document script file storage and execution tamper protection in
SECURITY.md.
- Remove redundant comment in `NodeReadbackFileWriter`.
- Centralize error display for uniformity and simplicity.
- Simpify `WindowVariablesValidator` to omit checks when not on the
renderer process.
- Improve and centralize Electron environment detection.
- Use more emphatic language (don't worry) in error messages.
This commit introduces native operating system file dialogs in the
desktop application replacing the existing web-based dialogs.
It lays the foundation for future enhancements such as:
- Providing error messages when saving or executing files, addressing
#264.
- Creating system restore points, addressing #50.
Documentation updates:
- Update `desktop-vs-web-features.md` with added functionality.
- Update `README.md` with security feature highlights.
- Update home page documentation to emphasize security features.
Other supporting changes include:
- Integrate IPC communication channels for secure Electron dialog API
interactions.
- Refactor `IpcRegistration` for more type-safety and simplicity.
- Introduce a Vue hook to encapsulate dialog functionality.
- Improve errors during IPC registration for easier troubleshooting.
- Move `ClientLoggerFactory` for consistency in hooks organization and
remove `LoggerFactory` interface for simplicity.
- Add tests for the save file dialog in the browser context.
- Add `Blob` polyfill in tests to compensate for the missing
`blob.text()` function in `jsdom` (see jsdom/jsdom#2555).
Improve environment detection logic:
- Treat test environment as browser environments to correctly activate
features based on the environment. This resolves issues where the
environment is misidentified as desktop, but Electron preloader APIs
are missing.
- Rename `isDesktop` environment identification variable to
`isRunningAsDesktopApplication` for better clarity and to avoid
confusion with desktop environments in web/browser/test environments.
- Simplify `BrowserRuntimeEnvironment` to consistently detect
non-desktop application environments.
- Improve environment detection for Electron main process
(electron/electron#2288).
This commit fixes an issue seen on certain Windows environments (Windows
10 22H2 and 11 23H2 Pro Azure VMs) where scripts were being deleted
during execution due to temporary directory usage. To resolve this,
scripts are now stored in a persistent directory, enhancing reliability
for long-running scripts and improving auditability along with
troubleshooting.
Key changes:
- Move script execution logic to the `main` process from `preloader` to
utilize Electron's `app.getPath`.
- Improve runtime environment detection for non-browser environments to
allow its usage in Electron main process.
- Introduce a secure module to expose IPC channels from the main process
to the renderer via the preloader process.
Supporting refactorings include:
- Simplify `CodeRunner` interface by removing the `tempScriptFolderName`
parameter.
- Rename `NodeSystemOperations` to `NodeElectronSystemOperations` as it
now wraps electron APIs too, and convert it to class for simplicity.
- Rename `TemporaryFileCodeRunner` to `ScriptFileCodeRunner` to reflect
its new functinoality.
- Rename `SystemOperations` folder to `System` for simplicity.
- Rename `HostRuntimeEnvironment` to `BrowserRuntimeEnvironment` for
clarity.
- Refactor main Electron process configuration to align with latest
Electron documentation/recommendations.
- Refactor unit tests `BrowserRuntimeEnvironment` to simplify singleton
workaround.
- Use alias imports like `electron/main` and `electron/common` for
better clarity.
This commit enhances application security against potential attacks by
isolating dependencies that access the host system (like file
operations) from the renderer process. It narrows the exposed
functionality to script execution only, adding an extra security layer.
The changes allow secure and scalable API exposure, preparing for future
functionalities such as desktop notifications for script errors (#264),
improved script execution handling (#296), and creating restore points
(#50) in a secure and repeatable way.
Changes include:
- Inject `CodeRunner` into Vue components via dependency injection.
- Move `CodeRunner` to the application layer as an abstraction for
better domain-driven design alignment.
- Refactor `SystemOperations` and related interfaces, removing the `I`
prefix.
- Update architecture documentation for clarity.
- Update return types in `NodeSystemOperations` to match the Node APIs.
- Improve `WindowVariablesProvider` integration tests for better error
context.
- Centralize type checks with common functions like `isArray` and
`isNumber`.
- Change `CodeRunner` to use `os` parameter, ensuring correct window
variable injection.
- Streamline API exposure to the renderer process:
- Automatically bind function contexts to prevent loss of original
context.
- Implement a way to create facades (wrapper/proxy objects) for
increased security.
This commit resolves the issue with the `:active` pseudo-class not
activating in mobile Safari on iOS devices. It introduces a workaround
specifically for mobile Safari on iOS/iPadOS to enable the `:active`
pseudo-class. This ensures a consistent and responsive user interface
in response to touch states on mobile Safari.
Other supporting changes:
- Introduce new test utility functions such as `createWindowEventSpies`
and `formatAssertionMessage` to improve code reusability and
maintainability.
- Improve browser detection:
- Add detection for iPadOS and Windows 10 Mobile.
- Add touch support detection to correctly determine iPadOS vs macOS.
- Fix misidentification of some Windows 10 Mobile platforms as Windows
Phone.
- Improve test coverage and refactor tests.
- Migrate to `electron-log` v5.X.X, centralizing log files to adhere to
best-practices.
- Add critical event logging in the log file.
- Replace `ElectronLog` type with `LogFunctions` for better abstraction.
- Unify log handling in `desktop-runtime-error` by removing
`renderer.log` due to `electron-log` v5 changes.
- Update and extend logger interfaces, removing 'I' prefix and adding
common log levels to abstract `electron-log` completely.
- Move logger interfaces to the application layer as it's cross-cutting
concern, meanwhile keeping the implementations in the infrastructure
layer.
- Introduce `useLogger` hook for easier logging in Vue components.
- Simplify `WindowVariables` by removing nullable properties.
- Improve documentation to clearly differentiate between desktop and web
versions, outlining specific features of each.
This commit applies `strictNullChecks` to the entire codebase to improve
maintainability and type safety. Key changes include:
- Remove some explicit null-checks where unnecessary.
- Add necessary null-checks.
- Refactor static factory functions for a more functional approach.
- Improve some test names and contexts for better debugging.
- Add unit tests for any additional logic introduced.
- Refactor `createPositionFromRegexFullMatch` to its own function as the
logic is reused.
- Prefer `find` prefix on functions that may return `undefined` and
`get` prefix for those that always return a value.
Test improvements:
- Capture titles for all macOS windows, not just the frontmost.
- Incorporate missing application log files.
- Improve log clarity with enriched context.
- Improve application termination on macOS by reducing grace period.
- Ensure complete application termination on macOS.
- Validate Vue application loading through an initial log.
- Support ignoring environment-specific `stderr` errors.
- Do not fail the test if working directory cannot be deleted.
- Use retry pattern when installing dependencies due to network errors.
Refactorings:
- Migrate the test code to TypeScript.
- Replace deprecated `rmdir` with `rm` for error-resistant directory
removal.
- Improve sanity checking by shifting from App.vue to Vue bootstrapper.
- Centralize environment variable management with `EnvironmentVariables`
construct.
- Rename infrastructure/Environment to RuntimeEnvironment for clarity.
- Isolate WindowVariables and SystemOperations from RuntimeEnvironment.
- Inject logging via preloader.
- Correct mislabeled RuntimeSanity tests.
Configuration:
- Introduce `npm run check:desktop` for simplified execution.
- Omit `console.log` override due to `nodeIntegration` restrictions and
reveal logging functionality using context-bridging.
Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
