mirror of
https://github.com/electron/electron.git
synced 2026-02-19 03:14:51 -05:00
a65cfed500
* chore: bump chromium in DEPS to 146.0.7652.0 * fix(patch-conflict): update mas_avoid_private_macos_api_usage context for constrainFrameRect method The upstream CL added a new constrainFrameRect:toScreen: method override to NativeWidgetMacNSWindow as part of headless mode window zoom implementation. The MAS patch's #endif for frameViewClassForStyleMask now correctly appears after that method, since constrainFrameRect is a public API override that doesn't need to be guarded. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7487666 * fix(patch-conflict): update printing.patch for base::DictValue rename Updated printing.patch to use the new base::DictValue type name instead of base::Value::Dict following Chromium's type renaming change. This affects CompleteUpdatePrintSettings() signature and related code. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820 * fix(patch-conflict): update accessibility_ui patch for base::DictValue/ListValue rename Updated adjust_accessibility_ui_for_electron.patch to use the new base::DictValue and base::ListValue type names instead of base::Value::Dict and base::Value::List following Chromium's type renaming change. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820 * chore: update patches * 6625736: Rename DURABLE_STORAGE to PERSISTENT_STORAGE for consistency | https://chromium-review.googlesource.com/c/chromium/src/+/6625736 * chore: bump chromium in DEPS to 146.0.7653.0 * chore: update patches * 7000847: add type tag to v8::External for gin_helper function templates The upstream gin function templates now use v8::ExternalPointerTypeTag for type safety when using v8::External. Updated Electron's forked gin_helper function template to use the same kGinInternalCallbackHolderBaseTag that Chromium's gin uses. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847 * fix(patch-update): extend V8 Object API deprecation patch for Node.js Extended the existing patch to cover additional files that use GetAlignedPointerFromInternalField and SetAlignedPointerInInternalField: - src/stream_base-inl.h - src/udp_wrap.cc - src/js_udp_wrap.cc - src/node_process_methods.cc - src/node_snapshotable.cc - src/base_object.cc These APIs now require an EmbedderDataTypeTag parameter. Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956 * 7000847: add type tag to v8::External calls in shared_texture Updated v8::External::New and v8::External::Value calls to use the kExternalPointerTypeTagDefault tag as required by the V8 API change that deprecates the tagless versions. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847 * 7508687: use ChildProcessId for file permission APIs The ChildProcessSecurityPolicy::CanReadFile and GrantReadFile APIs now require ChildProcessId instead of int. Updated to use GetID() instead of GetDeprecatedID() for these specific calls. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7508687 * 7000847: add type tag to v8::External calls in callback and osr_converter The v8::External API now requires an EmbedderPointerTypeTag parameter for both New() and Value() methods to improve V8 sandbox type safety. Updated calls in: - callback.cc: TranslatorHolder constructor and CallTranslator - osr_converter.cc: OffscreenSharedTextureValue converter Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7000847 * fixup! 7087956: [api] Promote deprecation of v8::Context and v8::Object API methods Extended the Node.js patch to cover histogram.cc which also uses SetAlignedPointerInInternalField and GetAlignedPointerFromInternalField APIs that now require the EmbedderDataTypeTag parameter. Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956 * chore: bump chromium in DEPS to 146.0.7655.0 * chore: update patches * 7509043: update WebSpellingMarker type for API change The upstream Chromium API changed - WebSpellingMarker was moved from a nested type within WebTextCheckClient to a standalone type in the blink namespace. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509043 * 7498491: update process_id to use OriginatingProcess type The upstream Chromium API changed - URLLoaderFactoryParams::process_id was changed from an integer to a union type network::OriginatingProcess that distinguishes between browser and renderer processes. - For browser process requests, use OriginatingProcess::browser() - For renderer process lookups, check !is_browser() and use renderer_process().value() to get the child_id Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7498491 * 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception | https://chromium-review.googlesource.com/c/chromium/src/+/5710330 5710330 added a new NSNextStepFrame interface extension and implementations for NativeWidgetMacNSWindowTitledFrame and NativeWidgetMacNSWindowBorderlessFrame. These use private macOS APIs that are not available in Mac App Store builds. * chore: update patches * chore: bump chromium in DEPS to 146.0.7661.0 * chore: bump chromium in DEPS to 146.0.7663.0 * fix(patch-conflict): update accessibility_ui for string_view API change Upstream removed redundant std::string(default_api_type) conversion as part of a string_view optimization cleanup. Updated patch context to match. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7514107 * fix(patch-conflict): update service process launch options for sandbox API refactor Upstream removed content/common/sandbox_init_win.cc and content/public/common/sandbox_init_win.h, moving the functionality directly into ChildProcessLauncherHelper. Updated patch to call sandbox::policy::SandboxWin::StartSandboxedProcess directly with the LaunchOptions pointer instead of going through the removed helper. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7528253 * fix(patch-conflict): update MAS safestorage for keychain API refactor Upstream refactored KeychainPassword::GetPassword() to use a new GetPasswordImpl() helper function with improved error tracking via base::expected<std::string, OSStatus>. Adapted patch to use the new GetPasswordImpl with the suffixed account name and handle migration from legacy accounts through the new API. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7516438 * chore: update patches * chore: bump chromium in DEPS to 146.0.7663.0 * fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889 * fix: include new cookie exclusion reason https://chromium-review.googlesource.com/c/chromium/src/+/7486527 * fix: enable libc++ ABI flag for trivially copyable std::vector<bool> Required for changes introduced in the following CL https://chromium-review.googlesource.com/c/chromium/src/+/7513653 * fixup! fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889 * fix: spellcheck not working in tests https://chromium-review.googlesource.com/c/chromium/src/+/7452579 * fix: cookie test failing due to multiple rejection reasons https://chromium-review.googlesource.com/c/chromium/src/+/7506629 * fix: macos sizing unmaximized window incorrectly https://chromium-review.googlesource.com/c/chromium/src/+/7487666 Changes to headless mode caused the unmaximized window to subtract the height of the menubar. * fix: skip tests for incompatible BoringSSL ML-DSA crypto https://boringssl-review.googlesource.com/c/boringssl/+/84929 * test: fix pseudonymization registration in utility process on Linux Ref: 7486913: Pass pseudonymization salt via shared memory at process launch | https://chromium-review.googlesource.com/c/chromium/src/+/7486913 * fix: restore MAS patch-outs Restores some `#if !IS_MAS_BUILD()` gates dropped in773054ad59* fixup! 7508687: use ChildProcessId for file permission APIs * fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor * chore: add note about parallel upstream change * fixup! Merge remote-tracking branch 'origin/main' into roller/chromium/main * Revert "fixup! 7508687: use ChildProcessId for file permission APIs" This reverts commit05c43e4e5d. The _impl version has the signature, but not the public interface. :oof: * fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Keeley Hammond <khammond@slack-corp.com> Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org> Co-authored-by: clavin <clavin@electronjs.org>
397 lines
11 KiB
C++
397 lines
11 KiB
C++
// Copyright (c) 2014 GitHub, Inc.
|
|
// Use of this source code is governed by the MIT license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "shell/common/asar/archive.h"
|
|
|
|
#include <string>
|
|
#include <string_view>
|
|
#include <utility>
|
|
#include <vector>
|
|
|
|
#include "base/check.h"
|
|
#include "base/containers/span.h"
|
|
#include "base/files/file.h"
|
|
#include "base/files/file_util.h"
|
|
#include "base/json/json_reader.h"
|
|
#include "base/logging.h"
|
|
#include "base/pickle.h"
|
|
#include "base/strings/string_number_conversions.h"
|
|
#include "base/values.h"
|
|
#include "electron/fuses.h"
|
|
#include "shell/common/asar/asar_util.h"
|
|
#include "shell/common/asar/scoped_temporary_file.h"
|
|
#include "shell/common/thread_restrictions.h"
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
#include <io.h>
|
|
#endif
|
|
|
|
namespace asar {
|
|
|
|
namespace {
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
const char kSeparators[] = "\\/";
|
|
#else
|
|
const char kSeparators[] = "/";
|
|
#endif
|
|
|
|
const base::DictValue* GetNodeFromPath(std::string path,
|
|
const base::DictValue& root);
|
|
|
|
// Gets the "files" from "dir".
|
|
const base::DictValue* GetFilesNode(const base::DictValue& root,
|
|
const base::DictValue& dir) {
|
|
// Test for symbol linked directory.
|
|
const std::string* link = dir.FindString("link");
|
|
if (link != nullptr) {
|
|
const base::DictValue* linked_node = GetNodeFromPath(*link, root);
|
|
if (!linked_node)
|
|
return nullptr;
|
|
return linked_node->FindDict("files");
|
|
}
|
|
|
|
return dir.FindDict("files");
|
|
}
|
|
|
|
// Gets sub-file "name" from "dir".
|
|
const base::DictValue* GetChildNode(const base::DictValue& root,
|
|
const std::string& name,
|
|
const base::DictValue& dir) {
|
|
if (name.empty())
|
|
return &root;
|
|
|
|
const base::DictValue* files = GetFilesNode(root, dir);
|
|
return files ? files->FindDict(name) : nullptr;
|
|
}
|
|
|
|
// Gets the node of "path" from "root".
|
|
const base::DictValue* GetNodeFromPath(std::string path,
|
|
const base::DictValue& root) {
|
|
if (path.empty())
|
|
return &root;
|
|
|
|
const base::DictValue* dir = &root;
|
|
for (size_t delimiter_position = path.find_first_of(kSeparators);
|
|
delimiter_position != std::string::npos;
|
|
delimiter_position = path.find_first_of(kSeparators)) {
|
|
const base::DictValue* child =
|
|
GetChildNode(root, path.substr(0, delimiter_position), *dir);
|
|
if (!child)
|
|
return nullptr;
|
|
|
|
dir = child;
|
|
path.erase(0, delimiter_position + 1);
|
|
}
|
|
|
|
return GetChildNode(root, path, *dir);
|
|
}
|
|
|
|
bool FillFileInfoWithNode(Archive::FileInfo* info,
|
|
uint32_t header_size,
|
|
bool load_integrity,
|
|
const base::DictValue* node) {
|
|
if (std::optional<int> size = node->FindInt("size")) {
|
|
info->size = static_cast<uint32_t>(*size);
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
if (std::optional<bool> unpacked = node->FindBool("unpacked")) {
|
|
info->unpacked = *unpacked;
|
|
if (info->unpacked) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
const std::string* offset = node->FindString("offset");
|
|
if (offset &&
|
|
base::StringToUint64(std::string_view{*offset}, &info->offset)) {
|
|
info->offset += header_size;
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
if (std::optional<bool> executable = node->FindBool("executable")) {
|
|
info->executable = *executable;
|
|
}
|
|
|
|
#if BUILDFLAG(IS_MAC) || BUILDFLAG(IS_WIN)
|
|
if (load_integrity &&
|
|
electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled()) {
|
|
if (const base::DictValue* integrity = node->FindDict("integrity")) {
|
|
const std::string* algorithm = integrity->FindString("algorithm");
|
|
const std::string* hash = integrity->FindString("hash");
|
|
std::optional<int> block_size = integrity->FindInt("blockSize");
|
|
const base::ListValue* blocks = integrity->FindList("blocks");
|
|
|
|
if (algorithm && hash && block_size && block_size > 0 && blocks) {
|
|
IntegrityPayload integrity_payload;
|
|
integrity_payload.hash = *hash;
|
|
integrity_payload.block_size =
|
|
static_cast<uint32_t>(block_size.value());
|
|
for (auto& value : *blocks) {
|
|
if (const std::string* block = value.GetIfString()) {
|
|
integrity_payload.blocks.push_back(*block);
|
|
} else {
|
|
LOG(FATAL)
|
|
<< "Invalid block integrity value for file in ASAR archive";
|
|
}
|
|
}
|
|
if (*algorithm == "SHA256") {
|
|
integrity_payload.algorithm = HashAlgorithm::kSHA256;
|
|
info->integrity = std::move(integrity_payload);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!info->integrity.has_value()) {
|
|
LOG(FATAL) << "Failed to read integrity for file in ASAR archive";
|
|
}
|
|
}
|
|
#endif
|
|
|
|
return true;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
IntegrityPayload::IntegrityPayload() = default;
|
|
IntegrityPayload::~IntegrityPayload() = default;
|
|
IntegrityPayload::IntegrityPayload(const IntegrityPayload& other) = default;
|
|
|
|
Archive::FileInfo::FileInfo() = default;
|
|
Archive::FileInfo::~FileInfo() = default;
|
|
|
|
Archive::Archive(const base::FilePath& path) : path_{path} {
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
file_.Initialize(path_, base::File::FLAG_OPEN | base::File::FLAG_READ);
|
|
#if BUILDFLAG(IS_WIN)
|
|
fd_ = _open_osfhandle(reinterpret_cast<intptr_t>(file_.GetPlatformFile()), 0);
|
|
#elif BUILDFLAG(IS_POSIX)
|
|
fd_ = file_.GetPlatformFile();
|
|
#endif
|
|
}
|
|
|
|
Archive::~Archive() {
|
|
#if BUILDFLAG(IS_WIN)
|
|
if (fd_ != -1) {
|
|
_close(fd_);
|
|
// Don't close the handle since we already closed the fd.
|
|
file_.TakePlatformFile();
|
|
}
|
|
#endif
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
file_.Close();
|
|
}
|
|
|
|
bool Archive::Init() {
|
|
// Should only be initialized once
|
|
CHECK(!initialized_);
|
|
initialized_ = true;
|
|
|
|
if (!file_.IsValid()) {
|
|
if (file_.error_details() != base::File::FILE_ERROR_NOT_FOUND) {
|
|
LOG(WARNING) << "Opening " << path_.value() << ": "
|
|
<< base::File::ErrorToString(file_.error_details());
|
|
}
|
|
return false;
|
|
}
|
|
|
|
std::vector<uint8_t> buf;
|
|
|
|
buf.resize(8);
|
|
{
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
if (!file_.ReadAtCurrentPosAndCheck(buf)) {
|
|
PLOG(ERROR) << "Failed to read header size from " << path_.value();
|
|
return false;
|
|
}
|
|
}
|
|
|
|
uint32_t size;
|
|
if (!base::PickleIterator(base::Pickle::WithData(buf)).ReadUInt32(&size)) {
|
|
LOG(ERROR) << "Failed to parse header size from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
buf.resize(size);
|
|
{
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
if (!file_.ReadAtCurrentPosAndCheck(buf)) {
|
|
PLOG(ERROR) << "Failed to read header from " << path_.value();
|
|
return false;
|
|
}
|
|
}
|
|
|
|
std::string header;
|
|
if (!base::PickleIterator(base::Pickle::WithData(buf)).ReadString(&header)) {
|
|
LOG(ERROR) << "Failed to parse header from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
#if BUILDFLAG(IS_MAC) || BUILDFLAG(IS_WIN)
|
|
// Validate header signature if required and possible
|
|
if (electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled() &&
|
|
RelativePath().has_value()) {
|
|
std::optional<IntegrityPayload> integrity = HeaderIntegrity();
|
|
if (!integrity.has_value()) {
|
|
LOG(FATAL) << "Failed to get integrity for validatable asar archive: "
|
|
<< RelativePath().value();
|
|
}
|
|
|
|
// Currently we only support the sha256 algorithm, we can add support for
|
|
// more below ensure we read them in preference order from most secure to
|
|
// least
|
|
if (integrity->algorithm != HashAlgorithm::kNone) {
|
|
ValidateIntegrityOrDie(base::as_byte_span(header), *integrity);
|
|
} else {
|
|
LOG(FATAL) << "No eligible hash for validatable asar archive: "
|
|
<< RelativePath().value();
|
|
}
|
|
|
|
header_validated_ = true;
|
|
}
|
|
#endif
|
|
|
|
std::optional<base::Value> value =
|
|
base::JSONReader::Read(header, base::JSON_PARSE_CHROMIUM_EXTENSIONS);
|
|
if (!value || !value->is_dict()) {
|
|
LOG(ERROR) << "Failed to parse header";
|
|
return false;
|
|
}
|
|
|
|
header_size_ = 8 + size;
|
|
header_ = std::move(*value).TakeDict();
|
|
return true;
|
|
}
|
|
|
|
#if !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_WIN)
|
|
std::optional<IntegrityPayload> Archive::HeaderIntegrity() const {
|
|
return std::nullopt;
|
|
}
|
|
|
|
std::optional<base::FilePath> Archive::RelativePath() const {
|
|
return std::nullopt;
|
|
}
|
|
#endif
|
|
|
|
bool Archive::GetFileInfo(const base::FilePath& path, FileInfo* info) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::DictValue* node = GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const std::string* link = node->FindString("link");
|
|
if (link)
|
|
return GetFileInfo(base::FilePath::FromUTF8Unsafe(*link), info);
|
|
|
|
return FillFileInfoWithNode(info, header_size_, header_validated_, node);
|
|
}
|
|
|
|
bool Archive::Stat(const base::FilePath& path, Stats* stats) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::DictValue* node = GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
if (node->Find("link")) {
|
|
stats->type = FileType::kLink;
|
|
return true;
|
|
}
|
|
|
|
if (node->Find("files")) {
|
|
stats->type = FileType::kDirectory;
|
|
return true;
|
|
}
|
|
|
|
return FillFileInfoWithNode(stats, header_size_, header_validated_, node);
|
|
}
|
|
|
|
bool Archive::Readdir(const base::FilePath& path,
|
|
std::vector<base::FilePath>* files) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::DictValue* node = GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const base::DictValue* files_node = GetFilesNode(*header_, *node);
|
|
if (!files_node)
|
|
return false;
|
|
|
|
for (const auto iter : *files_node)
|
|
files->push_back(base::FilePath::FromUTF8Unsafe(iter.first));
|
|
return true;
|
|
}
|
|
|
|
bool Archive::Realpath(const base::FilePath& path,
|
|
base::FilePath* realpath) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::DictValue* node = GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const std::string* link = node->FindString("link");
|
|
if (link) {
|
|
*realpath = base::FilePath::FromUTF8Unsafe(*link);
|
|
return true;
|
|
}
|
|
|
|
*realpath = path;
|
|
return true;
|
|
}
|
|
|
|
bool Archive::CopyFileOut(const base::FilePath& path, base::FilePath* out) {
|
|
if (!header_)
|
|
return false;
|
|
|
|
base::AutoLock auto_lock(external_files_lock_);
|
|
|
|
auto it = external_files_.find(path.value());
|
|
if (it != external_files_.end()) {
|
|
*out = it->second->path();
|
|
return true;
|
|
}
|
|
|
|
FileInfo info;
|
|
if (!GetFileInfo(path, &info))
|
|
return false;
|
|
|
|
if (info.unpacked) {
|
|
*out = path_.AddExtension(FILE_PATH_LITERAL("unpacked")).Append(path);
|
|
return true;
|
|
}
|
|
|
|
auto temp_file = std::make_unique<ScopedTemporaryFile>();
|
|
base::FilePath::StringType ext = path.Extension();
|
|
if (!temp_file->InitFromFile(&file_, ext, info.offset, info.size,
|
|
info.integrity))
|
|
return false;
|
|
|
|
#if BUILDFLAG(IS_POSIX)
|
|
if (info.executable) {
|
|
// chmod a+x temp_file;
|
|
base::SetPosixFilePermissions(temp_file->path(), 0755);
|
|
}
|
|
#endif
|
|
|
|
*out = temp_file->path();
|
|
external_files_[path.value()] = std::move(temp_file);
|
|
return true;
|
|
}
|
|
|
|
int Archive::GetUnsafeFD() const {
|
|
return fd_;
|
|
}
|
|
|
|
} // namespace asar
|