import

Author: antelle

.editorconfig

@@ -0,0 +1,22 @@
+# http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.json]
+indent_size = 2
+
+[{*.yml,*.yaml}]
+indent_size = 2

.eslintrc.json

@@ -0,0 +1,11 @@
+{
+  "parserOptions": {
+    "ecmaVersion": 2020
+  },
+  "extends": "eslint:recommended",
+  "env": {
+    "es6": true,
+    "node": true,
+    "jest": true
+  }
+}

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: antelle

.github/workflows/ci-checks.yaml

@@ -0,0 +1,21 @@
+name: CI Checks
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: NPM install
+        run: npm ci
+      - name: Run CI checks
+        run: npm test

.gitignore

@@ -0,0 +1,7 @@
+.idea/
+tmp/
+node_modules/
+.DS_Store
+._*
+*.iml
+*.log

.prettierrc

@@ -0,0 +1,8 @@
+{
+    "tabWidth": 4,
+    "singleQuote": true,
+    "printWidth": 100,
+    "trailingComma": "none",
+    "quoteProps": "preserve",
+    "endOfLine": "auto"
+}

LICENSE.md

@@ -0,0 +1,7 @@
+Copyright 2020 Antelle
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,65 @@
+# Electron evil feature patcher
+
+Patches Electron to remove certain features from it, such as debugging flags, that can be used for evil.
+
+## Motivation
+
+Electron has great debugging support! Unfortunately this can be used not only while developing an app, but also after you built and packaged it. This way your app can be started in an unexpected way, for example, an attacker may want to pass `--inspect-brk` and execute code as if it was done by your app.
+
+Is this a concern in Electron? Yes and no. If your app is not dealing with secrets or if it's not codesigned, it's not an issue at all. However, if you would like to limit the code run under the identity of your app, it can be an issue.
+
+This is being addressed in Electron in form of so-called "fuses", run-time toggles that can be switched on and off: https://github.com/electron/electron/pull/24241. These features should be eventually "fuses" but I'm too lazy to contribute to Electron because the patches we need are located in interesting, hard-to-reach pieces of code, for example in node.js or Chromium. This is not fun to change! In this sense this solution, or should I say this dirty hack, is a short-lived thing.
+
+## Goals
+
+- disable certain feature flags
+- test on all supported operating systems
+- have it right now, not in a year
+
+## Non-goals
+
+- do it all in a nice way
+- support other features
+- provide a long-term solution
+- patch old Electron versions
+
+## Removed capabilities
+
+- [`--inspect-brk`](https://www.electronjs.org/docs/api/command-line-switches#--inspect-brkhostport)
+- [`--inspect-brk-node`](https://github.com/nodejs/node/blob/master/src/node_options.cc#L263)
+- [`--inspect-port`](https://www.electronjs.org/docs/api/command-line-switches#--inspect-porthostport)
+- [`--inspect`](https://www.electronjs.org/docs/api/command-line-switches#--inspecthostport)
+- [`--inspect-publish-uid`](https://www.electronjs.org/docs/api/command-line-switches#--inspect-publish-uidstderrhttp)
+- [`--remote-debugging-port`](https://www.electronjs.org/docs/api/command-line-switches#--remote-debugging-portport)
+- [`--js-flags`](https://www.electronjs.org/docs/api/command-line-switches#--js-flagsflags)
+- [`SIGUSR1`](https://nodejs.org/fr/docs/guides/debugging-getting-started/#enable-inspector)
+- [`ELECTRON_RUN_AS_NODE`](https://www.electronjs.org/docs/api/environment-variables#electron_run_as_node)
+
+## Usage
+
+Using the command line:
+```sh
+node electron-evil-feature-patcher your-app-path os
+```
+
+For example:
+```sh
+node electron-evil-feature-patcher my.app darwin
+```
+
+Using node.js:
+```js
+const patch = require('electron-evil-feature-patcher');
+patch({ path: 'your-app-path',  platfor: 'platform' });
+```
+
+For example:
+```js
+patch({ path: 'my.app', platform: process.platform });
+```
+
+Patching is done in-place, no backup is made. Second attempt to patch will result in an error.
+
+## License
+
+MIT

make-test-package.js

@@ -0,0 +1,18 @@
+const packager = require('electron-packager');
+
+if (require.main === module) {
+    makeTestPackage();
+}
+
+async function makeTestPackage() {
+    const [appPath] = await packager({
+        dir: 'test-app',
+        out: 'tmp',
+        overwrite: true,
+        name: 'test-app',
+        quiet: true
+    });
+    return appPath;
+}
+
+module.exports = makeTestPackage;