From 6b3ff4f1f76b961bd7b6a4f46850b19187ce0a2b Mon Sep 17 00:00:00 2001
From: Felix Rieseberg <felix@felixrieseberg.com>
Date: Sat, 16 Feb 2019 17:06:30 -0800
Subject: [PATCH] refactor: Port security warnings to TypeScript (#16937)

* refactor: Port security-warnings to TypeScript

* chore: make aliasify work on .ts files as well

* refactor: Implement feedback <3

* refactor: Correctly call executeJavaScript
---
 filenames.gni                                 |  2 +-
 lib/renderer/init.js                          |  3 +-
 ...urity-warnings.js => security-warnings.ts} | 36 +++++++++----------
 lib/sandboxed_renderer/init.js                |  3 +-
 typings/internal-ambient.d.ts                 |  5 +++
 5 files changed, 27 insertions(+), 22 deletions(-)
 rename lib/renderer/{security-warnings.js => security-warnings.ts} (89%)

diff --git a/filenames.gni b/filenames.gni
index c00656a9e4..c20ddef77b 100644
--- a/filenames.gni
+++ b/filenames.gni
@@ -70,7 +70,7 @@ filenames = {
     "lib/renderer/ipc-renderer-internal-utils.ts",
     "lib/renderer/ipc-renderer-internal.ts",
     "lib/renderer/remote.ts",
-    "lib/renderer/security-warnings.js",
+    "lib/renderer/security-warnings.ts",
     "lib/renderer/web-frame-init.js",
     "lib/renderer/window-setup.ts",
     "lib/renderer/web-view/guest-view-internal.js",
diff --git a/lib/renderer/init.js b/lib/renderer/init.js
index 32c6096608..89718270b1 100644
--- a/lib/renderer/init.js
+++ b/lib/renderer/init.js
@@ -167,5 +167,6 @@ for (const preloadScript of preloadScripts) {
 
 // Warn about security issues
 if (process.isMainFrame) {
-  require('@electron/internal/renderer/security-warnings')(nodeIntegration)
+  const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
+  securityWarnings(nodeIntegration)
 }
diff --git a/lib/renderer/security-warnings.js b/lib/renderer/security-warnings.ts
similarity index 89%
rename from lib/renderer/security-warnings.js
rename to lib/renderer/security-warnings.ts
index cf141662df..9c58606458 100644
--- a/lib/renderer/security-warnings.js
+++ b/lib/renderer/security-warnings.ts
@@ -1,6 +1,7 @@
-'use strict'
+import { webFrame } from 'electron'
+import { invokeSync } from '@electron/internal/renderer/ipc-renderer-internal-utils'
 
-let shouldLog = null
+let shouldLog: boolean | null = null
 
 /**
  * This method checks if a security message should be logged.
@@ -10,7 +11,7 @@ let shouldLog = null
  *
  * @returns {boolean} - Should we log?
  */
-const shouldLogSecurityWarnings = function () {
+const shouldLogSecurityWarnings = function (): boolean {
   if (shouldLog !== null) {
     return shouldLog
   }
@@ -63,8 +64,6 @@ const getIsRemoteProtocol = function () {
  * @returns {boolean} Is a CSP with `unsafe-eval` set?
  */
 const isUnsafeEvalEnabled = function () {
-  const { webFrame } = require('electron')
-
   return new Promise((resolve) => {
     webFrame.executeJavaScript(`(${(() => {
       try {
@@ -73,7 +72,7 @@ const isUnsafeEvalEnabled = function () {
         return false
       }
       return true
-    }).toString()})()`, resolve)
+    }).toString()})()`, false, resolve)
   })
 }
 
@@ -117,7 +116,7 @@ const warnAboutInsecureResources = function () {
  *
  * Logs a warning message about Node integration.
  */
-const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
+const warnAboutNodeWithRemoteContent = function (nodeIntegration: boolean) {
   if (!nodeIntegration) return
 
   if (getIsRemoteProtocol()) {
@@ -141,7 +140,7 @@ const warnAboutNodeWithRemoteContent = function (nodeIntegration) {
  *
  * Logs a warning message about disabled webSecurity.
  */
-const warnAboutDisabledWebSecurity = function (webPreferences) {
+const warnAboutDisabledWebSecurity = function (webPreferences?: Electron.WebPreferences) {
   if (!webPreferences || webPreferences.webSecurity !== false) return
 
   const warning = `This renderer process has "webSecurity" disabled. This
@@ -177,7 +176,7 @@ const warnAboutInsecureCSP = function () {
  *
  * Logs a warning message about disabled webSecurity.
  */
-const warnAboutInsecureContentAllowed = function (webPreferences) {
+const warnAboutInsecureContentAllowed = function (webPreferences?: Electron.WebPreferences) {
   if (!webPreferences || !webPreferences.allowRunningInsecureContent) return
 
   const warning = `This renderer process has "allowRunningInsecureContent"
@@ -193,7 +192,7 @@ const warnAboutInsecureContentAllowed = function (webPreferences) {
  *
  * Logs a warning message about experimental features.
  */
-const warnAboutExperimentalFeatures = function (webPreferences) {
+const warnAboutExperimentalFeatures = function (webPreferences?: Electron.WebPreferences) {
   if (!webPreferences || (!webPreferences.experimentalFeatures)) {
     return
   }
@@ -211,10 +210,10 @@ const warnAboutExperimentalFeatures = function (webPreferences) {
  *
  * Logs a warning message about enableBlinkFeatures
  */
-const warnAboutEnableBlinkFeatures = function (webPreferences) {
-  if (webPreferences === null ||
+const warnAboutEnableBlinkFeatures = function (webPreferences?: Electron.WebPreferences) {
+  if (!webPreferences ||
     !webPreferences.hasOwnProperty('enableBlinkFeatures') ||
-    webPreferences.enableBlinkFeatures.length === 0) {
+    (webPreferences.enableBlinkFeatures && webPreferences.enableBlinkFeatures.length === 0)) {
     return
   }
 
@@ -252,7 +251,9 @@ const warnAboutAllowedPopups = function () {
 // Currently missing since we can't easily programmatically check for it:
 //   #12WebViews: Verify the options and params of all `<webview>` tags
 
-const logSecurityWarnings = function (webPreferences, nodeIntegration) {
+const logSecurityWarnings = function (
+  webPreferences: Electron.WebPreferences | undefined, nodeIntegration: boolean
+) {
   warnAboutNodeWithRemoteContent(nodeIntegration)
   warnAboutDisabledWebSecurity(webPreferences)
   warnAboutInsecureResources()
@@ -264,17 +265,14 @@ const logSecurityWarnings = function (webPreferences, nodeIntegration) {
 }
 
 const getWebPreferences = function () {
-  const ipcRendererUtils = require('@electron/internal/renderer/ipc-renderer-internal-utils')
-
   try {
-    return ipcRendererUtils.invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
+    return invokeSync('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES')
   } catch (error) {
     console.warn(`getLastWebPreferences() failed: ${error}`)
-    return null
   }
 }
 
-module.exports = function (nodeIntegration) {
+export function securityWarnings (nodeIntegration: boolean) {
   const loadHandler = function () {
     if (shouldLogSecurityWarnings()) {
       const webPreferences = getWebPreferences()
diff --git a/lib/sandboxed_renderer/init.js b/lib/sandboxed_renderer/init.js
index f34ddf9894..70f10f4b44 100644
--- a/lib/sandboxed_renderer/init.js
+++ b/lib/sandboxed_renderer/init.js
@@ -168,5 +168,6 @@ for (const { preloadPath, preloadSrc, preloadError } of preloadScripts) {
 
 // Warn about security issues
 if (process.isMainFrame) {
-  require('@electron/internal/renderer/security-warnings')()
+  const { securityWarnings } = require('@electron/internal/renderer/security-warnings')
+  securityWarnings()
 }
diff --git a/typings/internal-ambient.d.ts b/typings/internal-ambient.d.ts
index 5c01fe9f57..f310045ff0 100644
--- a/typings/internal-ambient.d.ts
+++ b/typings/internal-ambient.d.ts
@@ -28,3 +28,8 @@ declare namespace NodeJS {
     activateUvLoop(): void;
   }
 }
+
+declare interface Window {
+  ELECTRON_DISABLE_SECURITY_WARNINGS?: boolean
+  ELECTRON_ENABLE_SECURITY_WARNINGS?: boolean
+}