[Mm 37198] enable global sandboxing to increase security (#1667)

* prevent creating new windows from popup windows * enable sandbox * fix windows detection logic * disable on testing environment Co-authored-by: = <=>
2021-07-23 16:07:48 +02:00
parent c567449854
commit 4e75007362
8 changed files with 24 additions and 10 deletions
--- a/src/main/main.ts
+++ b/src/main/main.ts
@@ -190,6 +190,9 @@ function initializeBeforeAppReady() {
        log.error('No config loaded');
        return;
    }
+    if (process.env.NODE_ENV !== 'test') {
+        app.enableSandbox();
+    }
    certificateStore = new CertificateStore(path.resolve(app.getPath('userData'), 'certificate.json'));
    trustedOriginsStore = new TrustedOriginsStore(path.resolve(app.getPath('userData'), 'trustedOrigins.json'));
    trustedOriginsStore.load();
--- a/src/main/preload/mainWindow.js
+++ b/src/main/preload/mainWindow.js
@@ -4,7 +4,6 @@

 'use strict';

-import os from 'os';
 import {ipcRenderer, contextBridge} from 'electron';

 contextBridge.exposeInMainWorld('ipcRenderer', {
@@ -13,10 +12,6 @@ contextBridge.exposeInMainWorld('ipcRenderer', {
    invoke: ipcRenderer.invoke,
 });

-contextBridge.exposeInMainWorld('os', {
-    isWindows10: os.platform() === 'win32' && os.release().startsWith('10'),
-});
-
 contextBridge.exposeInMainWorld('process', {
    platform: process.platform,
    env: {
--- a/src/main/views/webContentEvents.ts
+++ b/src/main/views/webContentEvents.ts
@@ -82,6 +82,12 @@ const generateDidStartNavigation = (getServersFunction: () => TeamWithTabs[]) =>
    };
 };

+const denyNewWindow = (event: Event, url: string) => {
+    event.preventDefault();
+    log.warn(`Prevented popup window to open a new window to ${url}.`);
+    return null;
+};
+
 const generateNewWindowListener = (getServersFunction: () => TeamWithTabs[], spellcheck?: boolean) => {
    return (event: Event, url: string) => {
        const parsedURL = urlUtils.parseURL(url);
@@ -160,12 +166,14 @@ const generateNewWindowListener = (getServersFunction: () => TeamWithTabs[], spe
                    show: false,
                    center: true,
                    webPreferences: {
+                        nativeWindowOpen: true,
                        nodeIntegration: process.env.NODE_ENV === 'test',
                        contextIsolation: process.env.NODE_ENV !== 'test',
                        spellcheck: (typeof spellcheck === 'undefined' ? true : spellcheck),
                        enableRemoteModule: process.env.NODE_ENV === 'test',
                    },
                });
+                popupWindow.webContents.on('new-window', denyNewWindow);
                popupWindow.once('ready-to-show', () => {
                    popupWindow!.show();
                });