github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-08 23:18:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: ensure snapshot is valid (#48101)

Browse Source
This commit is contained in:
Samuel Attard
2025-08-18 14:35:58 -07:00
committed by GitHub
parent 3770bb31a7
commit fdf29ce838
5 changed files with 144 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
shell/app/electron_main_delegate.cc
View File

@@ -19,15 +19,20 @@
#include "base/logging.h"
#include "base/path_service.h"
#include "base/strings/cstring_view.h"
#include "base/strings/string_number_conversions.cc"
#include "base/strings/string_util_internal.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/common/chrome_switches.h"
#include "components/content_settings/core/common/content_settings_pattern.h"
#include "content/public/app/initialize_mojo_core.h"
#include "content/public/common/content_switches.h"
#include "crypto/hash.h"
#include "electron/buildflags/buildflags.h"
#include "electron/fuses.h"
#include "electron/mas.h"
#include "electron/snapshot_checksum.h"
#include "extensions/common/constants.h"
#include "gin/v8_initializer.h"
#include "sandbox/policy/switches.h"
#include "services/tracing/public/cpp/stack_sampling/tracing_sampler_profiler.h"
#include "shell/app/command_line_args.h"
@@ -49,6 +54,7 @@
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "ui/base/resource/resource_bundle.h"
#include "ui/base/ui_base_switches.h"
#include "v8/include/v8-snapshot.h"
#if BUILDFLAG(IS_MAC)
#include "shell/app/electron_main_delegate_mac.h"
@@ -207,6 +213,20 @@ void RegisterPathProvider() {
PATH_END);
}
void ValidateV8Snapshot(v8::StartupData* data) {
if (data->data &&
electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled()) {
CHECK_GT(data->raw_size, 0);
UNSAFE_BUFFERS({
base::span<const char> span_data(
data->data, static_cast<unsigned long>(data->raw_size));
CHECK(base::ToLowerASCII(base::HexEncode(
crypto::hash::Sha256(base::as_bytes(span_data)))) ==
electron::snapshot_checksum::kChecksum);
})
}
}
} // namespace
std::string LoadResourceBundle(const std::string& locale) {
@@ -230,7 +250,9 @@ std::string LoadResourceBundle(const std::string& locale) {
return loaded_locale;
}
ElectronMainDelegate::ElectronMainDelegate() = default;
ElectronMainDelegate::ElectronMainDelegate() {
gin::SetV8SnapshotValidator(base::BindRepeating(&ValidateV8Snapshot));
}
ElectronMainDelegate::~ElectronMainDelegate() = default;