From 9356a53deba0baf53afc200fae73062ac1c42475 Mon Sep 17 00:00:00 2001 From: DongHyun Song Date: Tue, 16 Apr 2019 11:34:46 +0900 Subject: [PATCH] Check access validation This is for checking vailiation of file access, All webapp only can be allowed predefined path list Change-Id: I0a7156a04c40a115c72b7806ee843b5b3d6b66b6 --- wrt_app/src/web_application.js | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/wrt_app/src/web_application.js b/wrt_app/src/web_application.js index 863774e..c81a263 100755 --- a/wrt_app/src/web_application.js +++ b/wrt_app/src/web_application.js @@ -16,7 +16,7 @@ 'use strict'; -const {BrowserWindow, app} = require('electron'); +const {BrowserWindow, app, protocol} = require('electron'); const WAS_EVENT = require('./was_event'); const wrt = require('../browser/wrt'); @@ -43,6 +43,33 @@ class WebApplication { } else { this.preloadState = 'none'; } + this.accessiblePath = wrt.getAccessiblePath(); + console.log(this.accessiblePath); + if (this.accessiblePath) { + protocol.interceptFileProtocol('file', (request, callback) => { + const url = require('url'); + let access_path, parsed_info = url.parse(request.url); + access_path = parsed_info.host + parsed_info.pathname; + console.log("check path: " + access_path); + + for (let p in this.accessiblePath) { + if (access_path.startsWith(this.accessiblePath[p])) { + callback(access_path); + return; + } + } + if (access_path.indexOf("/shared/res/") > -1) { + callback(access_path); + return; + } + else { + console.log("invalid access: " + access_path); + callback(403); + } + }, (error) => { + console.log(error); + }); + } } getBrowserWindowOption(options) { return { -- 2.7.4