Prevent users from specifying an unexpected executable as Chromium (#3348)
This commit is contained in:
		
							parent
							
								
									19873e5b9e
								
							
						
					
					
						commit
						3b9c95a8a8
					
				
					 1 changed files with 68 additions and 16 deletions
				
			
		|  | @ -7,9 +7,60 @@ const childProcess = require("child_process"); | ||||||
| const path = require("path"); | const path = require("path"); | ||||||
| const Database = require("../database"); | const Database = require("../database"); | ||||||
| const jwt = require("jsonwebtoken"); | const jwt = require("jsonwebtoken"); | ||||||
|  | const config = require("../config"); | ||||||
| 
 | 
 | ||||||
| let browser = null; | let browser = null; | ||||||
| 
 | 
 | ||||||
|  | let allowedList = []; | ||||||
|  | let lastAutoDetectChromeExecutable = null; | ||||||
|  | 
 | ||||||
|  | if (process.platform === "win32") { | ||||||
|  |     allowedList.push(process.env.LOCALAPPDATA + "\\Google\\Chrome\\Application\\chrome.exe"); | ||||||
|  |     allowedList.push(process.env.PROGRAMFILES + "\\Google\\Chrome\\Application\\chrome.exe"); | ||||||
|  |     allowedList.push(process.env["ProgramFiles(x86)"] + "\\Google\\Chrome\\Application\\chrome.exe"); | ||||||
|  | 
 | ||||||
|  |     // Allow Chromium too
 | ||||||
|  |     allowedList.push(process.env.LOCALAPPDATA + "\\Chromium\\Application\\chrome.exe"); | ||||||
|  |     allowedList.push(process.env.PROGRAMFILES + "\\Chromium\\Application\\chrome.exe"); | ||||||
|  |     allowedList.push(process.env["ProgramFiles(x86)"] + "\\Chromium\\Application\\chrome.exe"); | ||||||
|  | 
 | ||||||
|  |     // For Loop A to Z
 | ||||||
|  |     for (let i = 65; i <= 90; i++) { | ||||||
|  |         let drive = String.fromCharCode(i); | ||||||
|  |         allowedList.push(drive + ":\\Program Files\\Google\\Chrome\\Application\\chrome.exe"); | ||||||
|  |         allowedList.push(drive + ":\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  | } else if (process.platform === "linux") { | ||||||
|  |     allowedList = [ | ||||||
|  |         "chromium", | ||||||
|  |         "chromium-browser", | ||||||
|  |         "google-chrome", | ||||||
|  | 
 | ||||||
|  |         "/usr/bin/chromium", | ||||||
|  |         "/usr/bin/chromium-browser", | ||||||
|  |         "/usr/bin/google-chrome", | ||||||
|  |     ]; | ||||||
|  | } else if (process.platform === "darwin") { | ||||||
|  |     // TODO: Generated by GitHub Copilot, but not sure if it's correct
 | ||||||
|  |     allowedList = [ | ||||||
|  |         "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome", | ||||||
|  |         "/Applications/Chromium.app/Contents/MacOS/Chromium", | ||||||
|  |     ]; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | log.debug("chrome", allowedList); | ||||||
|  | 
 | ||||||
|  | async function isAllowedChromeExecutable(executablePath) { | ||||||
|  |     console.log(config.args); | ||||||
|  |     if (config.args["allow-all-chrome-exec"] || process.env.UPTIME_KUMA_ALLOW_ALL_CHROME_EXEC === "1") { | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     // Check if the executablePath is in the list of allowed executables
 | ||||||
|  |     return allowedList.includes(executablePath); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| async function getBrowser() { | async function getBrowser() { | ||||||
|     if (!browser) { |     if (!browser) { | ||||||
|         let executablePath = await Settings.get("chromeExecutable"); |         let executablePath = await Settings.get("chromeExecutable"); | ||||||
|  | @ -27,6 +78,7 @@ async function getBrowser() { | ||||||
| async function prepareChromeExecutable(executablePath) { | async function prepareChromeExecutable(executablePath) { | ||||||
|     // Special code for using the playwright_chromium
 |     // Special code for using the playwright_chromium
 | ||||||
|     if (typeof executablePath === "string" && executablePath.toLocaleLowerCase() === "#playwright_chromium") { |     if (typeof executablePath === "string" && executablePath.toLocaleLowerCase() === "#playwright_chromium") { | ||||||
|  |         // Set to undefined = use playwright_chromium
 | ||||||
|         executablePath = undefined; |         executablePath = undefined; | ||||||
|     } else if (!executablePath) { |     } else if (!executablePath) { | ||||||
|         if (process.env.UPTIME_KUMA_IS_CONTAINER) { |         if (process.env.UPTIME_KUMA_IS_CONTAINER) { | ||||||
|  | @ -56,30 +108,30 @@ async function prepareChromeExecutable(executablePath) { | ||||||
|                 }); |                 }); | ||||||
|             } |             } | ||||||
| 
 | 
 | ||||||
|         } else if (process.platform === "win32") { |         } else { | ||||||
|             executablePath = findChrome([ |             executablePath = findChrome(allowedList); | ||||||
|                 "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", |         } | ||||||
|                 "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", |     } else { | ||||||
|                 "D:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", |         // User specified a path
 | ||||||
|                 "D:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", |         // Check if the executablePath is in the list of allowed
 | ||||||
|                 "E:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", |         if (!await isAllowedChromeExecutable(executablePath)) { | ||||||
|                 "E:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", |             throw new Error("This Chromium executable path is not allowed by default. If you are sure this is safe, please add an environment variable UPTIME_KUMA_ALLOW_ALL_CHROME_EXEC=1 to allow it."); | ||||||
|             ]); |  | ||||||
|         } else if (process.platform === "linux") { |  | ||||||
|             executablePath = findChrome([ |  | ||||||
|                 "chromium-browser", |  | ||||||
|                 "chromium", |  | ||||||
|                 "google-chrome", |  | ||||||
|             ]); |  | ||||||
|         } |         } | ||||||
|         // TODO: Mac??
 |  | ||||||
|     } |     } | ||||||
|     return executablePath; |     return executablePath; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| function findChrome(executables) { | function findChrome(executables) { | ||||||
|  |     // Use the last working executable, so we don't have to search for it again
 | ||||||
|  |     if (lastAutoDetectChromeExecutable) { | ||||||
|  |         if (commandExistsSync(lastAutoDetectChromeExecutable)) { | ||||||
|  |             return lastAutoDetectChromeExecutable; | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     for (let executable of executables) { |     for (let executable of executables) { | ||||||
|         if (commandExistsSync(executable)) { |         if (commandExistsSync(executable)) { | ||||||
|  |             lastAutoDetectChromeExecutable = executable; | ||||||
|             return executable; |             return executable; | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue