-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
integration tests related to recent security advisory (#9983)
* test if an uninitialized iframe can call the ipc * test that calls without __TAURI_INVOKE_KEY__ fail * fix cargo manifest newline change * add comment to help unknown error message changes * license headers * add identifier and icons to config * fix clippy error * Create change-pr-9983.md * add tag to changefile * rename changefile
- Loading branch information
Showing
16 changed files
with
241 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
"tauri": patch:enhance | ||
--- | ||
|
||
tracing for ipc invoke key errors, integration tests related | ||
to [recent security advisory](https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7) |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
[package] | ||
name = "invoke-key" | ||
version = "0.1.0" | ||
edition = "2021" | ||
|
||
[build-dependencies] | ||
tauri-build = { path = "../../tauri-build", features = [] } | ||
|
||
[dependencies] | ||
tauri = { path = "../../tauri", features = ["tracing"] } | ||
tracing = "0.1" | ||
|
||
[features] | ||
default = ["custom-protocol"] | ||
custom-protocol = ["tauri/custom-protocol"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
fn main() { | ||
tauri_build::build() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
<script> | ||
window.__TAURI_POST_MESSAGE__({ | ||
cmd: 'error_if_called', | ||
callback: 0, | ||
error: 0 | ||
}) | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")] | ||
|
||
use tauri::{command, generate_context, generate_handler, Builder}; | ||
|
||
mod subscriber; | ||
|
||
#[command] | ||
fn error_if_called() { | ||
std::process::exit(1) | ||
} | ||
|
||
fn main() { | ||
tracing::subscriber::set_global_default(subscriber::InvokeKeyErrorSubscriber) | ||
.expect("unable to set tracing global subscriber"); | ||
|
||
Builder::default() | ||
.invoke_handler(generate_handler![error_if_called]) | ||
.run(generate_context!()) | ||
.expect("error while running tauri application"); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
use std::fmt::Debug; | ||
|
||
use tracing::{ | ||
field::{Field, Visit}, | ||
span::{Attributes, Record}, | ||
Event, Id, Level, Metadata, Subscriber, | ||
}; | ||
|
||
pub struct InvokeKeyErrorSubscriber; | ||
|
||
impl Subscriber for InvokeKeyErrorSubscriber { | ||
fn enabled(&self, metadata: &Metadata<'_>) -> bool { | ||
metadata.is_event() && *metadata.level() == Level::ERROR | ||
} | ||
|
||
fn new_span(&self, _: &Attributes<'_>) -> Id { | ||
// shouldn't be called because we only enable events | ||
unimplemented!() | ||
} | ||
|
||
fn record(&self, _: &Id, _: &Record<'_>) {} | ||
|
||
fn record_follows_from(&self, _: &Id, _: &Id) {} | ||
|
||
fn event(&self, event: &Event<'_>) { | ||
event.record(&mut InvokeKeyExitVisit) | ||
} | ||
|
||
fn enter(&self, _: &Id) {} | ||
|
||
fn exit(&self, _: &Id) {} | ||
} | ||
|
||
struct InvokeKeyExitVisit; | ||
|
||
impl Visit for InvokeKeyExitVisit { | ||
fn record_str(&mut self, field: &Field, value: &str) { | ||
if field.name() == "error" && value == "received ipc message without a __TAURI_INVOKE_KEY__" { | ||
std::process::exit(0) | ||
} | ||
} | ||
|
||
fn record_debug(&mut self, _: &Field, _: &dyn Debug) {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"$schema": "../../../core/tauri-config-schema/schema.json", | ||
"build": { | ||
"distDir": "index.html", | ||
"devPath": "index.html" | ||
}, | ||
"tauri": { | ||
"bundle": { | ||
"identifier": "app.tauri.tests.invoke-key", | ||
"icon": [ | ||
"../../../examples/.icons/32x32.png", | ||
"../../../examples/.icons/128x128.png", | ||
"../../../examples/.icons/[email protected]", | ||
"../../../examples/.icons/icon.icns", | ||
"../../../examples/.icons/icon.ico" | ||
] | ||
}, | ||
"windows": [ | ||
{} | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[package] | ||
name = "uninitialized-ipc" | ||
version = "0.1.0" | ||
edition = "2021" | ||
|
||
[build-dependencies] | ||
tauri-build = { path = "../../tauri-build", features = [] } | ||
|
||
[dependencies] | ||
tauri = { path = "../../tauri", features = [] } | ||
|
||
[features] | ||
default = ["custom-protocol"] | ||
custom-protocol = ["tauri/custom-protocol"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
fn main() { | ||
tauri_build::build() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<script> | ||
window.parent.postMessage(typeof window.ipc?.postMessage, '*') | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<script> | ||
const exit = (code) => window.__TAURI_INVOKE__('exit', { code }) | ||
window.addEventListener('message', ({ data }) => { | ||
console.log(data) | ||
switch (data) { | ||
case 'undefined': | ||
exit(0) | ||
break | ||
case 'function': | ||
exit(1) | ||
break | ||
default: | ||
exit(2) | ||
} | ||
}) | ||
</script> | ||
<iframe src="uninitialized://localhost/"></iframe> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
// Copyright 2019-2023 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")] | ||
|
||
use tauri::{command, generate_context, generate_handler, http::Response, Builder}; | ||
|
||
const IFRAME: &[u8] = include_bytes!("../iframe.html"); | ||
|
||
#[command] | ||
fn exit(code: i32) { | ||
std::process::exit(code) | ||
} | ||
|
||
fn main() { | ||
Builder::default() | ||
.invoke_handler(generate_handler![exit]) | ||
.register_uri_scheme_protocol("uninitialized", |_app, _request| { | ||
Ok(Response::new(IFRAME.into())) | ||
}) | ||
.run(generate_context!()) | ||
.expect("error while running tauri application"); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"$schema": "../../../core/tauri-config-schema/schema.json", | ||
"build": { | ||
"distDir": "index.html", | ||
"devPath": "index.html" | ||
}, | ||
"tauri": { | ||
"bundle": { | ||
"identifier": "app.tauri.tests.uninitialized-ipc", | ||
"icon": [ | ||
"../../../examples/.icons/32x32.png", | ||
"../../../examples/.icons/128x128.png", | ||
"../../../examples/.icons/[email protected]", | ||
"../../../examples/.icons/icon.icns", | ||
"../../../examples/.icons/icon.ico" | ||
] | ||
}, | ||
"windows": [ | ||
{} | ||
] | ||
} | ||
} |