From 57b32c758c5a5929548efa51432aa6513a529111 Mon Sep 17 00:00:00 2001
From: Pedro Pontes <ppontes@gmail.com>
Date: Thu, 2 Nov 2023 18:11:30 +0000
Subject: [PATCH] chore: [25-x-y] cherry-pick 1 changes from Release-0-M119

* 80106e31c7ea from chromium
---
 patches/chromium/.patches                     |   1 +
 .../chromium/cherry-pick-80106e31c7ea.patch   | 155 ++++++++++++++++++
 2 files changed, 156 insertions(+)
 create mode 100644 patches/chromium/cherry-pick-80106e31c7ea.patch

diff --git a/patches/chromium/.patches b/patches/chromium/.patches
index 6ab110b201f22..54800722324fe 100644
--- a/patches/chromium/.patches
+++ b/patches/chromium/.patches
@@ -146,3 +146,4 @@ cherry-pick-f218b4f37018.patch
 cherry-pick-d756d71a652c.patch
 parameterize_axtreeserializer_by_vector_type.patch
 avoid_allocating_recordid_objects_in_elementtiming_and_lcp.patch
+cherry-pick-80106e31c7ea.patch
diff --git a/patches/chromium/cherry-pick-80106e31c7ea.patch b/patches/chromium/cherry-pick-80106e31c7ea.patch
new file mode 100644
index 0000000000000..2e0a05428b028
--- /dev/null
+++ b/patches/chromium/cherry-pick-80106e31c7ea.patch
@@ -0,0 +1,155 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Pedro Pontes <pepontes@microsoft.com>
+Date: Mon, 25 Sep 2023 14:50:19 -0700
+Subject: Only enable Node inspector if a specific reg value is present.
+
+Electron will not pass the debug CLI arguments to Node unless
+a speficic HKLM\\[reg-key]\InspectorAllowed is found in the 64-bit
+view of the registry (even for 32-bit apps). The reg-key is specified
+as a build flag.
+This prevents attacks where the Electron App is started with the
+Node inspector enabled to achieve main process RCE via the debugger.
+
+diff --git a/shell/common/node_bindings.cc b/shell/common/node_bindings.cc
+index 02b9af097ef0c36259cd3fc7d47d5ebd86b0a205..2a0fd48cc994d9dc370ecd644747b26d289ec4ab 100644
+--- a/shell/common/node_bindings.cc
++++ b/shell/common/node_bindings.cc
+@@ -8,7 +8,6 @@
+ #include <memory>
+ #include <set>
+ #include <string>
+-#include <unordered_set>
+ #include <utility>
+ #include <vector>
+ 
+@@ -205,21 +204,6 @@ void ErrorMessageListener(v8::Local<v8::Message> message,
+   }
+ }
+ 
+-const std::unordered_set<base::StringPiece, base::StringPieceHash>
+-GetAllowedDebugOptions() {
+-  if (electron::fuses::IsNodeCliInspectEnabled()) {
+-    // Only allow DebugOptions in non-ELECTRON_RUN_AS_NODE mode
+-    return {
+-        "--inspect",          "--inspect-brk",
+-        "--inspect-port",     "--debug",
+-        "--debug-brk",        "--debug-port",
+-        "--inspect-brk-node", "--inspect-publish-uid",
+-    };
+-  }
+-  // If node CLI inspect support is disabled, allow no debug options.
+-  return {};
+-}
+-
+ // Initialize NODE_OPTIONS to pass to Node.js
+ // See https://nodejs.org/api/cli.html#cli_node_options_options
+ void SetNodeOptions(base::Environment* env) {
+@@ -635,6 +619,21 @@ void NodeBindings::RunMessageLoop() {
+   UvRunOnce();
+ }
+ 
++const std::unordered_set<base::StringPiece, base::StringPieceHash>
++NodeBindings::GetAllowedDebugOptions() {
++  if (electron::fuses::IsNodeCliInspectEnabled()) {
++    // Only allow DebugOptions in non-ELECTRON_RUN_AS_NODE mode
++    return {
++        "--inspect",          "--inspect-brk",
++        "--inspect-port",     "--debug",
++        "--debug-brk",        "--debug-port",
++        "--inspect-brk-node", "--inspect-publish-uid",
++    };
++  }
++  // If node CLI inspect support is disabled, allow no debug options.
++  return {};
++}
++
+ void NodeBindings::UvRunOnce() {
+   node::Environment* env = uv_env();
+ 
+diff --git a/shell/common/node_bindings.h b/shell/common/node_bindings.h
+index d0627bb4ec372cd386a106b1bcba74e111d836e1..96795d03b4d47fa434fce847f2ececfdcd4969d5 100644
+--- a/shell/common/node_bindings.h
++++ b/shell/common/node_bindings.h
+@@ -6,6 +6,7 @@
+ #define ELECTRON_SHELL_COMMON_NODE_BINDINGS_H_
+ 
+ #include <type_traits>
++#include <unordered_set>
+ 
+ #include "base/files/file_path.h"
+ #include "base/memory/weak_ptr.h"
+@@ -123,6 +124,9 @@ class NodeBindings {
+  protected:
+   explicit NodeBindings(BrowserEnvironment browser_env);
+ 
++  virtual const std::unordered_set<base::StringPiece, base::StringPieceHash>
++  GetAllowedDebugOptions();
++
+   // Called to poll events in new thread.
+   virtual void PollEvents() = 0;
+ 
+diff --git a/shell/common/node_bindings_win.cc b/shell/common/node_bindings_win.cc
+index 1410925f195c569cd4a19a0836a6f62156c888f8..0517db8d200cc1b259b2a5e4dc86dbaaed201a90 100644
+--- a/shell/common/node_bindings_win.cc
++++ b/shell/common/node_bindings_win.cc
+@@ -8,6 +8,7 @@
+ 
+ #include "base/logging.h"
+ #include "base/system/sys_info.h"
++#include "base/win/registry.h"
+ 
+ namespace electron {
+ 
+@@ -68,6 +69,24 @@ void NodeBindingsWin::PollEvents() {
+     PostQueuedCompletionStatus(uv_loop_->iocp, bytes, key, overlapped);
+ }
+ 
++#if BUILDFLAG(MICROSOFT_ENABLE_NODE_INSPECTOR_ONLY_IF_REGKEY_PRESENT)
++const std::unordered_set<base::StringPiece, base::StringPieceHash>
++NodeBindingsWin::GetAllowedDebugOptions() {
++  const auto* teams_key = BUILDFLAG(MICROSOFT_NODE_INSPECTOR_REGKEY);
++  // Always use the 64-bit registry view, even from a 32-bit app.
++  const auto regAccess = KEY_QUERY_VALUE | KEY_WOW64_64KEY;
++  const base::win::RegKey teamsRegKey{HKEY_LOCAL_MACHINE, teams_key, regAccess};
++  const auto* node_inspector_value = L"InspectorAllowed";
++  if (teamsRegKey.Valid() && teamsRegKey.HasValue(node_inspector_value)) {
++    // Only if the Node inspector value is present in the Teams key
++    // is that the app potentially allows the debug options.
++    return NodeBindings::GetAllowedDebugOptions();
++  }
++
++  return {};
++}
++#endif
++
+ // static
+ NodeBindings* NodeBindings::Create(BrowserEnvironment browser_env) {
+   return new NodeBindingsWin(browser_env);
+diff --git a/shell/common/node_bindings_win.h b/shell/common/node_bindings_win.h
+index 59d7469b0ff756f5ad3e0aae6766987f3b7b62c0..9cf6f981ae63fcb8e7aa8469e567d3b6c54b0d60 100644
+--- a/shell/common/node_bindings_win.h
++++ b/shell/common/node_bindings_win.h
+@@ -5,7 +5,10 @@
+ #ifndef ELECTRON_SHELL_COMMON_NODE_BINDINGS_WIN_H_
+ #define ELECTRON_SHELL_COMMON_NODE_BINDINGS_WIN_H_
+ 
++#include <unordered_set>
++
+ #include "base/compiler_specific.h"
++#include "microsoft/buildflags/buildflags.h"
+ #include "shell/common/node_bindings.h"
+ 
+ namespace electron {
+@@ -18,6 +21,12 @@ class NodeBindingsWin : public NodeBindings {
+   void PrepareMessageLoop() override;
+   void RunMessageLoop() override;
+ 
++ protected:
++#if BUILDFLAG(MICROSOFT_ENABLE_NODE_INSPECTOR_ONLY_IF_REGKEY_PRESENT)
++  const std::unordered_set<base::StringPiece, base::StringPieceHash>
++  GetAllowedDebugOptions() override;
++#endif
++
+  private:
+   void PollEvents() override;
+