forked from signalapp/Signal-Desktop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprotocol_filter.ts
177 lines (156 loc) · 5.16 KB
/
protocol_filter.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
// Copyright 2018 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
import type { ProtocolRequest, ProtocolResponse, Session } from 'electron';
import { isAbsolute, normalize } from 'path';
import { existsSync, realpathSync } from 'fs';
import {
getAvatarsPath,
getBadgesPath,
getDraftPath,
getPath,
getStickersPath,
getTempPath,
getUpdateCachePath,
} from './attachments';
type CallbackType = (response: string | ProtocolResponse) => void;
function _eliminateAllAfterCharacter(
string: string,
character: string
): string {
const index = string.indexOf(character);
if (index < 0) {
return string;
}
return string.slice(0, index);
}
export function _urlToPath(
targetUrl: string,
options?: { isWindows: boolean }
): string {
const decoded = decodeURIComponent(targetUrl);
// We generally expect URLs to start with file:// or file:/// here, but for users with
// their home directory redirected to a UNC share, it will start with //.
const withoutScheme = decoded.startsWith('//')
? decoded
: decoded.slice(options?.isWindows ? 8 : 7);
const withoutQuerystring = _eliminateAllAfterCharacter(withoutScheme, '?');
return withoutQuerystring;
}
function _createFileHandler({
userDataPath,
installPath,
isWindows,
}: {
userDataPath: string;
installPath: string;
isWindows: boolean;
}) {
const allowedRoots = [
userDataPath,
installPath,
getAvatarsPath(userDataPath),
getBadgesPath(userDataPath),
getDraftPath(userDataPath),
getPath(userDataPath),
getStickersPath(userDataPath),
getTempPath(userDataPath),
getUpdateCachePath(userDataPath),
];
return (request: ProtocolRequest, callback: CallbackType): void => {
let targetPath;
if (!request.url) {
// This is an "invalid URL" error. See [Chromium's net error list][0].
//
// [0]: https://source.chromium.org/chromium/chromium/src/+/master:net/base/net_error_list.h;l=563;drc=a836ee9868cf1b9673fce362a82c98aba3e195de
callback({ error: -300 });
return;
}
try {
targetPath = _urlToPath(request.url, { isWindows });
// normalize() is primarily useful here for switching / to \ on windows
const target = normalize(targetPath);
// here we attempt to follow symlinks to the ultimate final path, reflective of what
// we do in main.js on userDataPath and installPath
const realPath = existsSync(target) ? realpathSync(target) : target;
// finally we do case-insensitive checks on windows
const properCasing = isWindows ? realPath.toLowerCase() : realPath;
if (!isAbsolute(realPath)) {
console.log(
`Warning: denying request to non-absolute path '${realPath}'`
);
// This is an "Access Denied" error. See [Chromium's net error list][0].
//
// [0]: https://source.chromium.org/chromium/chromium/src/+/master:net/base/net_error_list.h;l=57;drc=a836ee9868cf1b9673fce362a82c98aba3e195de
callback({ error: -10 });
return;
}
for (const root of allowedRoots) {
if (properCasing.startsWith(isWindows ? root.toLowerCase() : root)) {
callback({ path: realPath });
return;
}
}
console.log(
`Warning: denying request to path '${realPath}' (allowedRoots: '${allowedRoots}')`
);
callback({ error: -10 });
} catch (err) {
const errorMessage =
err && typeof err.message === 'string'
? err.message
: 'no error message';
console.log(
`Warning: denying request because of an error: ${errorMessage}`
);
callback({ error: -300 });
}
};
}
export function installFileHandler({
session,
userDataPath,
installPath,
isWindows,
}: {
session: Session;
userDataPath: string;
installPath: string;
isWindows: boolean;
}): void {
session.protocol.interceptFileProtocol(
'file',
_createFileHandler({ userDataPath, installPath, isWindows })
);
}
// Turn off browser URI scheme since we do all network requests via Node.js
function _disabledHandler(
_request: ProtocolRequest,
callback: CallbackType
): void {
callback({ error: -10 });
}
export function installWebHandler({
session,
enableHttp,
}: {
session: Session;
enableHttp: boolean;
}): void {
const { protocol } = session;
protocol.interceptFileProtocol('about', _disabledHandler);
protocol.interceptFileProtocol('content', _disabledHandler);
protocol.interceptFileProtocol('chrome', _disabledHandler);
protocol.interceptFileProtocol('cid', _disabledHandler);
protocol.interceptFileProtocol('data', _disabledHandler);
protocol.interceptFileProtocol('filesystem', _disabledHandler);
protocol.interceptFileProtocol('ftp', _disabledHandler);
protocol.interceptFileProtocol('gopher', _disabledHandler);
protocol.interceptFileProtocol('javascript', _disabledHandler);
protocol.interceptFileProtocol('mailto', _disabledHandler);
if (!enableHttp) {
protocol.interceptFileProtocol('http', _disabledHandler);
protocol.interceptFileProtocol('https', _disabledHandler);
protocol.interceptFileProtocol('ws', _disabledHandler);
protocol.interceptFileProtocol('wss', _disabledHandler);
}
}