Prevent users from specifying an unexpected executable as Chromium (#3348)
This commit is contained in:
parent
19873e5b9e
commit
3b9c95a8a8
|
@ -7,9 +7,60 @@ const childProcess = require("child_process");
|
||||||
const path = require("path");
|
const path = require("path");
|
||||||
const Database = require("../database");
|
const Database = require("../database");
|
||||||
const jwt = require("jsonwebtoken");
|
const jwt = require("jsonwebtoken");
|
||||||
|
const config = require("../config");
|
||||||
|
|
||||||
let browser = null;
|
let browser = null;
|
||||||
|
|
||||||
|
let allowedList = [];
|
||||||
|
let lastAutoDetectChromeExecutable = null;
|
||||||
|
|
||||||
|
if (process.platform === "win32") {
|
||||||
|
allowedList.push(process.env.LOCALAPPDATA + "\\Google\\Chrome\\Application\\chrome.exe");
|
||||||
|
allowedList.push(process.env.PROGRAMFILES + "\\Google\\Chrome\\Application\\chrome.exe");
|
||||||
|
allowedList.push(process.env["ProgramFiles(x86)"] + "\\Google\\Chrome\\Application\\chrome.exe");
|
||||||
|
|
||||||
|
// Allow Chromium too
|
||||||
|
allowedList.push(process.env.LOCALAPPDATA + "\\Chromium\\Application\\chrome.exe");
|
||||||
|
allowedList.push(process.env.PROGRAMFILES + "\\Chromium\\Application\\chrome.exe");
|
||||||
|
allowedList.push(process.env["ProgramFiles(x86)"] + "\\Chromium\\Application\\chrome.exe");
|
||||||
|
|
||||||
|
// For Loop A to Z
|
||||||
|
for (let i = 65; i <= 90; i++) {
|
||||||
|
let drive = String.fromCharCode(i);
|
||||||
|
allowedList.push(drive + ":\\Program Files\\Google\\Chrome\\Application\\chrome.exe");
|
||||||
|
allowedList.push(drive + ":\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe");
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if (process.platform === "linux") {
|
||||||
|
allowedList = [
|
||||||
|
"chromium",
|
||||||
|
"chromium-browser",
|
||||||
|
"google-chrome",
|
||||||
|
|
||||||
|
"/usr/bin/chromium",
|
||||||
|
"/usr/bin/chromium-browser",
|
||||||
|
"/usr/bin/google-chrome",
|
||||||
|
];
|
||||||
|
} else if (process.platform === "darwin") {
|
||||||
|
// TODO: Generated by GitHub Copilot, but not sure if it's correct
|
||||||
|
allowedList = [
|
||||||
|
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome",
|
||||||
|
"/Applications/Chromium.app/Contents/MacOS/Chromium",
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
log.debug("chrome", allowedList);
|
||||||
|
|
||||||
|
async function isAllowedChromeExecutable(executablePath) {
|
||||||
|
console.log(config.args);
|
||||||
|
if (config.args["allow-all-chrome-exec"] || process.env.UPTIME_KUMA_ALLOW_ALL_CHROME_EXEC === "1") {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the executablePath is in the list of allowed executables
|
||||||
|
return allowedList.includes(executablePath);
|
||||||
|
}
|
||||||
|
|
||||||
async function getBrowser() {
|
async function getBrowser() {
|
||||||
if (!browser) {
|
if (!browser) {
|
||||||
let executablePath = await Settings.get("chromeExecutable");
|
let executablePath = await Settings.get("chromeExecutable");
|
||||||
|
@ -27,6 +78,7 @@ async function getBrowser() {
|
||||||
async function prepareChromeExecutable(executablePath) {
|
async function prepareChromeExecutable(executablePath) {
|
||||||
// Special code for using the playwright_chromium
|
// Special code for using the playwright_chromium
|
||||||
if (typeof executablePath === "string" && executablePath.toLocaleLowerCase() === "#playwright_chromium") {
|
if (typeof executablePath === "string" && executablePath.toLocaleLowerCase() === "#playwright_chromium") {
|
||||||
|
// Set to undefined = use playwright_chromium
|
||||||
executablePath = undefined;
|
executablePath = undefined;
|
||||||
} else if (!executablePath) {
|
} else if (!executablePath) {
|
||||||
if (process.env.UPTIME_KUMA_IS_CONTAINER) {
|
if (process.env.UPTIME_KUMA_IS_CONTAINER) {
|
||||||
|
@ -56,30 +108,30 @@ async function prepareChromeExecutable(executablePath) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if (process.platform === "win32") {
|
} else {
|
||||||
executablePath = findChrome([
|
executablePath = findChrome(allowedList);
|
||||||
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
|
}
|
||||||
"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
|
} else {
|
||||||
"D:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
|
// User specified a path
|
||||||
"D:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
|
// Check if the executablePath is in the list of allowed
|
||||||
"E:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
|
if (!await isAllowedChromeExecutable(executablePath)) {
|
||||||
"E:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
|
throw new Error("This Chromium executable path is not allowed by default. If you are sure this is safe, please add an environment variable UPTIME_KUMA_ALLOW_ALL_CHROME_EXEC=1 to allow it.");
|
||||||
]);
|
|
||||||
} else if (process.platform === "linux") {
|
|
||||||
executablePath = findChrome([
|
|
||||||
"chromium-browser",
|
|
||||||
"chromium",
|
|
||||||
"google-chrome",
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
// TODO: Mac??
|
|
||||||
}
|
}
|
||||||
return executablePath;
|
return executablePath;
|
||||||
}
|
}
|
||||||
|
|
||||||
function findChrome(executables) {
|
function findChrome(executables) {
|
||||||
|
// Use the last working executable, so we don't have to search for it again
|
||||||
|
if (lastAutoDetectChromeExecutable) {
|
||||||
|
if (commandExistsSync(lastAutoDetectChromeExecutable)) {
|
||||||
|
return lastAutoDetectChromeExecutable;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (let executable of executables) {
|
for (let executable of executables) {
|
||||||
if (commandExistsSync(executable)) {
|
if (commandExistsSync(executable)) {
|
||||||
|
lastAutoDetectChromeExecutable = executable;
|
||||||
return executable;
|
return executable;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue