feat(Desktop): Harden security based on best practices

Implement several security checks based on https://github.com/doyensec/electronegativity/wiki
stencila · Jun 29, 2021 · a210883 · a210883
1 parent 77fcd7d
commit a210883
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 10 deletions.
diff --git a/desktop/src/main/config/window.ts b/desktop/src/main/config/window.ts
@@ -1,7 +1,7 @@
 import { BrowserWindow } from 'electron'
 import { registerConfigHandlers, removeConfigHandlers } from '.'
-import { createWindow } from '../../app/window'
 import { i18n } from '../../i18n'
+import { createWindow } from '../window'
 
 let settingsWindow: BrowserWindow | null
 

diff --git a/desktop/src/main/launcher/window.ts b/desktop/src/main/launcher/window.ts
@@ -1,7 +1,7 @@
 import { BrowserWindow } from 'electron'
 import { registerLauncherHandlers, removeLauncherHandlers } from '.'
-import { createWindow } from '../../app/window'
 import { registerProjectHandlers } from '../project'
+import { createWindow } from '../window'
 
 let launcherWindow: BrowserWindow | null
 
@@ -20,7 +20,7 @@ export const openLauncherWindow = () => {
     maxWidth: 1200,
     minHeight: 350,
     minWidth: 600,
-    center: true
+    center: true,
   })
 
   launcherWindow.on('closed', () => {

diff --git a/desktop/src/main/onboarding/window.ts b/desktop/src/main/onboarding/window.ts
@@ -1,9 +1,9 @@
 import { BrowserWindow } from 'electron'
 import { registerOnboardingHandlers, removeOnboaringHandlers } from '.'
-import { createWindow } from '../../app/window'
 import { i18n } from '../../i18n'
 import { registerConfigHandlers, removeConfigHandlers } from '../config'
 import { registerLauncherHandlers, removeLauncherHandlers } from '../launcher'
+import { createWindow } from '../window'
 
 let onboardingWindow: BrowserWindow | null
 
@@ -20,7 +20,7 @@ export const openOnboardingWindow = () => {
     show: false,
     title: i18n.t('onboarding.title'),
     fullscreenable: false,
-    center: true
+    center: true,
   })
 
   onboardingWindow.on('closed', () => {

diff --git a/desktop/src/main/project/window.ts b/desktop/src/main/project/window.ts
@@ -1,8 +1,8 @@
 import { parse } from 'path'
 import { projects } from 'stencila'
 import { registerProjectHandlers, removeProjectHandlers } from '.'
-import { createWindow } from '../../app/window'
 import { registerDocumentHandlers, removeDocoumentHandlers } from '../document'
+import { createWindow } from '../window'
 
 const getProjectName = (path: string): string => parse(path).base
 

diff --git a/desktop/src/app/window.ts → desktop/src/main/window/index.ts b/desktop/src/app/window.ts → desktop/src/main/window/index.ts
@@ -1,6 +1,7 @@
 import { app, BrowserWindow, BrowserWindowConstructorOptions } from 'electron'
-import { i18n } from '../i18n'
-import { scheme } from '../main/app-protocol'
+import { i18n } from '../../i18n'
+import { scheme } from '../app-protocol'
+import { hardenWindow } from './security'
 
 // declare const MAIN_WINDOW_WEBPACK_ENTRY: string
 declare const MAIN_WINDOW_PRELOAD_WEBPACK_ENTRY: string
@@ -23,8 +24,8 @@ export const createWindow = (
       contextIsolation: true, // protect against prototype pollution
       enableRemoteModule: false,
       preload: MAIN_WINDOW_PRELOAD_WEBPACK_ENTRY,
-      additionalArguments: [`storePath:${app.getPath('userData')}`]
-    }
+      additionalArguments: [`storePath:${app.getPath('userData')}`],
+    },
   })
 
   win.loadURL(
@@ -36,5 +37,7 @@ export const createWindow = (
     win.webContents.openDevTools()
   }
 
+  hardenWindow(win)
+
   return win
 }
diff --git a/desktop/src/main/window/security.ts b/desktop/src/main/window/security.ts
@@ -0,0 +1,46 @@
+import { BrowserWindow } from 'electron'
+import { scheme } from '../app-protocol'
+
+const isTrustedOrigin = (url: string): boolean =>
+  url.startsWith('http://localhost') || url.startsWith(`${scheme}://rse`)
+
+// Enable security best practices
+// @see: https://github.com/doyensec/electronegativity/wiki
+export const hardenWindow = (win: BrowserWindow) => {
+  // @see: https://github.com/doyensec/electronegativity/wiki/LIMIT_NAVIGATION_JS_CHECK
+  win.webContents.on('new-window', (e, url) => {
+    if (!isTrustedOrigin(url)) {
+      e.preventDefault()
+    }
+  })
+
+  win.webContents.on('will-navigate', (e, url) => {
+    if (!isTrustedOrigin(url)) {
+      e.preventDefault()
+    }
+  })
+
+  win.webContents.setWindowOpenHandler(({ url }) => {
+    if (!isTrustedOrigin(url)) {
+      return { action: 'deny' }
+    }
+
+    return {
+      action: 'allow',
+    }
+  })
+
+  // https://github.com/doyensec/electronegativity/wiki/PERMISSION_REQUEST_HANDLER_JS_CHECK
+  win.webContents.session.setPermissionRequestHandler(
+    (webContents, permission, callback) => {
+      if (
+        !isTrustedOrigin(webContents.getURL()) &&
+        permission === 'openExternal'
+      ) {
+        return callback(false)
+      } else {
+        return callback(true)
+      }
+    }
+  )
+}