Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable context isolation and disable nodejs support. Fixes #2018 #12299

Merged
merged 5 commits into from
Apr 19, 2023

Conversation

tsmaeder
Copy link
Contributor

@tsmaeder tsmaeder commented Mar 14, 2023

What it does

All access to electron API is now done through an API exposed via a preload script. Access to the electron API (including electron-remote) and nodejs API is no longer possible.
Theia extensions can contribute to the preload script via a theiaExtensions module declaration in their package.json

Fixes #2018

Contributed on behalf or STMicroelectronics

How to test

Run the electron version of Theia and make sure nothing is broken. Particular areas of interest is anything to do with menus and windows, for example "zoom in/out", "maximize", etc.

CQ

Review checklist

Reminder for reviewers

@tsmaeder
Copy link
Contributor Author

I'm opening a draft PR because I'll be working on updating to a newer electron version, as well. I'd be interested in feedback and testing, though.

@tsmaeder tsmaeder force-pushed the 2018_context_isolation branch 2 times, most recently from 0fab8d5 to 4d6e063 Compare March 15, 2023 09:12
@tsmaeder tsmaeder marked this pull request as ready for review March 15, 2023 15:27
@tsmaeder tsmaeder requested review from colin-grant-work, msujew and paul-marechal and removed request for msujew March 15, 2023 15:27
Copy link
Member

@paul-marechal paul-marechal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick first review pass. Note that the CI doesn't look happy.

@tsmaeder
Copy link
Contributor Author

The license check shows npm/npmjs/@babel/plugin-transform-async-to-generator/7.20.7 to be "under review", but if you looka the issue, it's approved. What gives? https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/6230

@tsmaeder
Copy link
Contributor Author

tsmaeder commented Mar 16, 2023

One of the linter issues is this:

packages/debug/src/browser/debug-variables-source-tree.ts(46,11): error TS4114: This member must have an 'override' modifier because it overrides a member in the base class 'SourceTree'.

But that's not even part of this PR. What gives?

@vince-fugnitto vince-fugnitto added electron issues related to the electron target CQ Required (deprecated) issues requiring a CQ (contributor questionnaire) labels Mar 16, 2023
@vince-fugnitto
Copy link
Member

vince-fugnitto commented Mar 16, 2023

The license check shows npm/npmjs/@babel/plugin-transform-async-to-generator/7.20.7 to be "under review", but if you looka the issue, it's approved. What gives? https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/6230

@tsmaeder I don't believe these are errors, only electron is:

The other entries were added to our baseline at the time but can likely be cleaned up as they are approved:

{
"npm/npmjs/-/eslint-plugin-deprecation/1.2.1": "Approved as 'works-with': https://dev.eclipse.org/ipzilla/show_bug.cgi?id=22573",
"npm/npmjs/-/jschardet/2.3.0": "Approved for Eclipse Theia: https://dev.eclipse.org/ipzilla/show_bug.cgi?id=22481",
"npm/npmjs/-/jsdom/11.12.0": "Approved as 'works-with': https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23640https://dev.eclipse.org/ipzilla/show_bug.cgi?id=23640",
"npm/npmjs/-/lzma-native/8.0.6": "Approved as 'works-with': https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/1850",
"npm/npmjs/-/playwright-core/1.22.2": "Approved as 'works-with': https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/2734",
"npm/npmjs/@babel/helper-compilation-targets/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5989",
"npm/npmjs/@babel/helper-member-expression-to-functions/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5986",
"npm/npmjs/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5987",
"npm/npmjs/@babel/plugin-transform-arrow-functions/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5990",
"npm/npmjs/@babel/plugin-transform-async-to-generator/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/6230",
"npm/npmjs/@babel/plugin-transform-computed-properties/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5984",
"npm/npmjs/@babel/template/7.20.7": "Under review: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5988"
}


Please also note that bumping electron requires a pretty significant CQ with the foundation.

@tsmaeder
Copy link
Contributor Author

@vince-fugnitto thanks for chiming in. Is there any documentation on what a "baseline" is and how to resolve issues with this check?

@marcdumais-work
Copy link
Contributor

marcdumais-work commented Mar 16, 2023

I think the component failing the IP check is the new version of Electron:
X npm/npmjs/-/electron/22.3.2,

Please also note that bumping electron requires a pretty significant CQ with the foundation.

Indeed, in part because Electron bundles Chromium which bundles ffmpeg, a component that can have GPL content and/or proprietary codecs, depending on how it's built.

@vince-fugnitto can you point-out a past example of such CQ IP Check? I get no result when searching on EF Gitlab. (Wayne would really like us to stop the term CQ)

@vince-fugnitto
Copy link
Member

vince-fugnitto commented Mar 16, 2023

@vince-fugnitto can you point-out a past example of such CQ IP Check? I get no result when searching on EF Gitlab. (Wayne would really like us to stop the term CQ)

Here is a past "IP Due Diligence Check" (CQ) for electron when we bumped to 15.1.2:


Here is an example of using the new GitLab repo to submit a CQ: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5022.

@vince-fugnitto
Copy link
Member

@vince-fugnitto thanks for chiming in. Is there any documentation on what a "baseline" is and how to resolve issues with this check?

There is no documentation afaik that details the processes but we can look towards updating https://github.com/eclipse-theia/theia/wiki/Registering-CQs.

The baseline is used to suppress errors from dash-licenses when the foundation has specifically approved a dependency for our project, or as works-with. For actual license incompatibilities our CI will perform an automatic review of a dependency to https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab where we need to wait for the dependency to be checked and approved for us to use.

@tsmaeder
Copy link
Contributor Author

FYI: I got the dash-licenses check to pass by poking at clearlydefined to harvest data for the electron versions in question. Not that I know what I'm doing 🤷

@vince-fugnitto
Copy link
Member

@tsmaeder do you need assistance with the CQ, or would like me to handle it?

@tsmaeder
Copy link
Contributor Author

tsmaeder commented Mar 20, 2023

@vince-fugnitto thanks for the help. While I would like to get this PR merged, the most important outcome for me is is that we clarify and document the process. The documentation we have is woefully out of date. There's also the fact that I can make the PR check pass by fiddling with clearlydefined. And yet, we still seem to need a CQ? Is our PR check wrong? Do you have additional info that says we still need a CQ?

@vince-fugnitto
Copy link
Member

Do you have additional info that says we still need a CQ?

It is required due to Electron distributing ffmpeg which we both file a CQ for and have @theia/ffmpeg which performs a replacement to only include non-proprietary codecs.

The foundation has requested in the past that we submit requests to be able to use Electron in the project.
cc @marcdumais-work

@tsmaeder
Copy link
Contributor Author

@paul-marechal you mentioned you would prefer using dependency injection for some of the API. Could you sketch what would do differently?

@paul-marechal
Copy link
Member

Instead of creating hardcoded APIs and exposing them all in the global scope, we'd do like any other entry point and load various Inversify container modules. Doing this in the preload context was easy, but then it gets tricky when trying to expose the things bound there to the browser window.

Ultimately the idea is to go from referring to preload services as window.whateverGlobalVariable to be able to use the @inject(PreloadComponentApi) pattern.

This means that downstream app makers will be able to override services/apis/etc just like everywhere else. With this PR in its current state it's not possible to change much.

@tsmaeder
Copy link
Contributor Author

tsmaeder commented Mar 21, 2023

@paul-marechal that's sounds interesting, but it's not really in scope for this PR, IMO. It sounds like a complete rewrite of the code. I would much rather focus on getting this one merged and to proceed from there.

@tsmaeder
Copy link
Contributor Author

In German, there is a saying: "the better is the enemy of the good" ;-)

This was referenced Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CQ Required (deprecated) issues requiring a CQ (contributor questionnaire) electron issues related to the electron target
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

Electron security considerations
6 participants