From 5f8ef8127732c181b090d389bead76bae384b761 Mon Sep 17 00:00:00 2001
From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com>
Date: Mon, 11 Sep 2023 14:12:58 -0700
Subject: [PATCH] fix: ensure app load is limited to real asar files when
 appropriate (#39811)

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>
---
 lib/asar/fs-wrapper.ts        | 4 +++-
 lib/browser/init.ts           | 9 +++++++++
 shell/common/node_bindings.cc | 7 +++++++
 typings/internal-ambient.d.ts | 1 +
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/asar/fs-wrapper.ts b/lib/asar/fs-wrapper.ts
index 2059dc447fe54..30322482fc26f 100644
--- a/lib/asar/fs-wrapper.ts
+++ b/lib/asar/fs-wrapper.ts
@@ -27,7 +27,7 @@ const cachedArchives = new Map<string, NodeJS.AsarArchive>();
 const getOrCreateArchive = (archivePath: string) => {
   const isCached = cachedArchives.has(archivePath);
   if (isCached) {
-    return cachedArchives.get(archivePath);
+    return cachedArchives.get(archivePath)!;
   }
 
   try {
@@ -39,6 +39,8 @@ const getOrCreateArchive = (archivePath: string) => {
   }
 };
 
+process._getOrCreateArchive = getOrCreateArchive;
+
 const asarRe = /\.asar/i;
 
 // Separate asar package's path from full path.
diff --git a/lib/browser/init.ts b/lib/browser/init.ts
index db29322a5e6dd..d2331dcc0eafe 100644
--- a/lib/browser/init.ts
+++ b/lib/browser/init.ts
@@ -84,11 +84,20 @@ const v8Util = process._linkedBinding('electron_common_v8_util');
 let packagePath = null;
 let packageJson = null;
 const searchPaths: string[] = v8Util.getHiddenValue(global, 'appSearchPaths');
+const searchPathsOnlyLoadASAR: boolean = v8Util.getHiddenValue(global, 'appSearchPathsOnlyLoadASAR');
+// Borrow the _getOrCreateArchive asar helper
+const getOrCreateArchive = process._getOrCreateArchive;
+delete process._getOrCreateArchive;
 
 if (process.resourcesPath) {
   for (packagePath of searchPaths) {
     try {
       packagePath = path.join(process.resourcesPath, packagePath);
+      if (searchPathsOnlyLoadASAR) {
+        if (!getOrCreateArchive?.(packagePath)) {
+          continue;
+        }
+      }
       packageJson = Module._load(path.join(packagePath, 'package.json'));
       break;
     } catch {
diff --git a/shell/common/node_bindings.cc b/shell/common/node_bindings.cc
index 6cb2c3956ba3e..ed8cc4d89e092 100644
--- a/shell/common/node_bindings.cc
+++ b/shell/common/node_bindings.cc
@@ -521,6 +521,13 @@ node::Environment* NodeBindings::CreateEnvironment(
                          electron::fuses::IsOnlyLoadAppFromAsarEnabled()
                              ? app_asar_search_paths
                              : search_paths));
+    context->Global()->SetPrivate(
+        context,
+        v8::Private::ForApi(
+            isolate, gin::ConvertToV8(isolate, "appSearchPathsOnlyLoadASAR")
+                         .As<v8::String>()),
+        gin::ConvertToV8(isolate,
+                         electron::fuses::IsOnlyLoadAppFromAsarEnabled()));
   }
 
   base::FilePath resources_path = GetResourcesPath();
diff --git a/typings/internal-ambient.d.ts b/typings/internal-ambient.d.ts
index d972d03eda129..5bf421231574e 100644
--- a/typings/internal-ambient.d.ts
+++ b/typings/internal-ambient.d.ts
@@ -252,6 +252,7 @@ declare namespace NodeJS {
     // Additional properties
     _firstFileName?: string;
     _serviceStartupScript: string;
+    _getOrCreateArchive?: (path: string) => NodeJS.AsarArchive | null;
 
     helperExecPath: string;
     mainModule?: NodeJS.Module | undefined;