From 5ad0967b075b8b1270441e1f9152b3871f19e11e Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Wed, 13 Jan 2021 15:21:00 +0000 Subject: [PATCH] Enable context isolation, bridge expected IPC This enables Electron's context isolation mode as recommended in their guidance. We use the context bridge feature to regain access to only the IPC channels we expect to have access to. --- src/electron-main.js | 9 ++------- src/preload.js | 45 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 43 insertions(+), 11 deletions(-) diff --git a/src/electron-main.js b/src/electron-main.js index 95d3a8f..132e49d 100644 --- a/src/electron-main.js +++ b/src/electron-main.js @@ -1,9 +1,8 @@ /* Copyright 2016 Aviral Dasgupta Copyright 2016 OpenMarket Ltd -Copyright 2018, 2019 New Vector Ltd Copyright 2017, 2019 Michael Telatynski <7t3chguy@gmail.com> -Copyright 2020 The Matrix.org Foundation C.I.C. +Copyright 2018 - 2021 New Vector Ltd Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -922,11 +921,7 @@ app.on('ready', async () => { nodeIntegration: false, //sandbox: true, // We enable sandboxing from app.enableSandbox() above enableRemoteModule: false, - // We don't use this: it's useful for the preload script to - // share a context with the main page so we can give select - // objects to the main page. The sandbox option isolates the - // main page from the background script. - contextIsolation: false, + contextIsolation: true, webgl: false, spellcheck: true, }, diff --git a/src/preload.js b/src/preload.js index 0862ec6..f3b25df 100644 --- a/src/preload.js +++ b/src/preload.js @@ -1,5 +1,5 @@ /* -Copyright 2018, 2019 New Vector Ltd +Copyright 2018, 2019, 2021 New Vector Ltd Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,44 @@ See the License for the specific language governing permissions and limitations under the License. */ -const { ipcRenderer } = require('electron'); +const { contextBridge, ipcRenderer } = require("electron"); -// expose ipcRenderer to the renderer process -window.ipcRenderer = ipcRenderer; +// Expose only expected IPC wrapper APIs to the renderer process to avoid +// handing out generalised messaging access. + +const CHANNELS = [ + "app_onAction", + "before-quit", + "check_updates", + "install_update", + "ipcCall", + "ipcReply", + "loudNotification", + "preferences", + "seshat", + "seshatReply", + "setBadgeCount", + "update-downloaded", + "userDownloadCompleted", + "userDownloadOpen", +]; + +contextBridge.exposeInMainWorld( + "electron", + { + on(channel, listener) { + if (!CHANNELS.includes(channel)) { + console.error(`Unknown IPC channel ${channel} ignored`); + return; + } + ipcRenderer.on(channel, listener); + }, + send(channel, ...args) { + if (!CHANNELS.includes(channel)) { + console.error(`Unknown IPC channel ${channel} ignored`); + return; + } + ipcRenderer.send(channel, ...args); + }, + }, +);