Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security: allow to block desktopCapturer.getSources() calls #15964

Merged
merged 3 commits into from Dec 20, 2018
Merged
Changes from 1 commit
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

return empty instead of error

  • Loading branch information...
miniak committed Dec 8, 2018
commit be0212582613cdd468d608ff81f388232f6815b2
@@ -409,7 +409,7 @@ Returns:
* `webContents` [WebContents](web-contents.md)

Emitted when `desktopCapturer.getSources()` is called in the renderer process of `webContents`.
Calling `event.preventDefault()` will make it throw an error.
Calling `event.preventDefault()` will make it return empty sources.

### Event: 'remote-require'

@@ -670,7 +670,7 @@ Returns:
* `event` Event

Emitted when `desktopCapturer.getSources()` is called in the renderer process.
Calling `event.preventDefault()` will make it throw an error.
Calling `event.preventDefault()` will make it return empty sources.

#### Event: 'remote-require'

@@ -1,7 +1,6 @@
'use strict'

const ipcMain = require('@electron/internal/browser/ipc-main-internal')
const errorUtils = require('@electron/internal/common/error-utils')

const { desktopCapturer } = process.atomBinding('desktop_capturer')
const eventBinding = process.atomBinding('event')
@@ -19,8 +18,7 @@ ipcMain.on(electronSources, (event, captureWindow, captureScreen, thumbnailSize,
event.sender.emit('desktop-capturer-get-sources', customEvent)

if (customEvent.defaultPrevented) {
const error = new Error('desktopCapturer.getSources() blocked')
event.sender._sendInternal(capturerResult(id), errorUtils.serialize(error))
event.sender._sendInternal(capturerResult(id), [])
return
}

@@ -63,15 +61,15 @@ desktopCapturer.emit = (event, name, sources, fetchWindowIcons) => {
})

if (handledWebContents) {
handledWebContents._sendInternal(capturerResult(handledRequest.id), null, result)
handledWebContents._sendInternal(capturerResult(handledRequest.id), result)
}

// Check the queue to see whether there is another identical request & handle
requestsQueue.forEach(request => {
const webContents = request.webContents
if (deepEqual(handledRequest.options, request.options)) {
if (webContents) {
webContents._sendInternal(capturerResult(request.id), null, result)
webContents._sendInternal(capturerResult(request.id), result)
}
} else {
unhandledRequestsQueue.push(request)
@@ -1,9 +1,7 @@
'use strict'

const { nativeImage } = require('electron')

const ipcRenderer = require('@electron/internal/renderer/ipc-renderer-internal')
const errorUtils = require('@electron/internal/common/error-utils')

const includes = [].includes
let currentId = 0
@@ -46,11 +44,11 @@ exports.getSources = function (options, callback) {

const id = incrementId()
ipcRenderer.send('ELECTRON_BROWSER_DESKTOP_CAPTURER_GET_SOURCES', captureWindow, captureScreen, options.thumbnailSize, options.fetchWindowIcons, id)
return ipcRenderer.once(`ELECTRON_RENDERER_DESKTOP_CAPTURER_RESULT_${id}`, (event, error, sources) => {
if (error) {
callback(errorUtils.deserialize(error))
} else {
return ipcRenderer.once(`ELECTRON_RENDERER_DESKTOP_CAPTURER_RESULT_${id}`, (event, sources) => {
try {
callback(null, mapSources(sources))
} catch (error) {
callback(error)
}
})
}
@@ -39,15 +39,6 @@ describe('desktopCapturer', () => {
})
})

it('throws an error when blocked', done => {
ipcRenderer.send('handle-next-desktop-capturer-get-sources')
desktopCapturer.getSources({ types: ['screen'] }, (error, sources) => {
expect(error.message).to.equal('desktopCapturer.getSources() blocked')
expect(sources).to.be.undefined()
done()
})
})

it('does not throw an error when called more than once (regression)', (done) => {
let callCount = 0
const callback = (error, sources) => {
@@ -108,5 +99,14 @@ describe('desktopCapturer', () => {
}
done()
})

it('returns empty sources when blocked', done => {
ipcRenderer.send('handle-next-desktop-capturer-get-sources')
desktopCapturer.getSources({ types: ['screen'] }, (error, sources) => {
expect(error).to.be.null()
expect(sources).to.be.empty()
done()
})
})
})
})
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.