Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update checks based on latest webPreferences defaults #58

Open
ikkisoft opened this issue Jan 26, 2020 · 2 comments
Open

Update checks based on latest webPreferences defaults #58

ikkisoft opened this issue Jan 26, 2020 · 2 comments
Labels
enhancement help wanted

Comments

@ikkisoft
Copy link
Contributor

We're now on Electron 7.x as stable. Since we built our checks - many webPreferences default configs have changed.

E.g. Since v5, nodeIntegration is disabled by default. Our current nodeIntegration checks will trigger a false positive if there's no explicit setting since we still assume that the default is on. I believe the same problem apply to many other checks.
baltpeter added a commit to baltpeter/electronegativity that referenced this issue May 23, 2020
@baltpeter
Fixes doyensec#58: Update checks based on latest webPreferences defaults
a0e8f31 
I went through https://www.electronjs.org/docs/breaking-changes and
looked for all "Default changed" changes.

These now respect the Electron version if known.
@baltpeter baltpeter mentioned this issue May 23, 2020
Merged
@phosphore
Copy link
Contributor

This is an important feature that we're still missing.
A few days ago @baltpeter tried to address this in #66, but since we are expecting a constant increase in complexity between different electron versions in the future, I would like Electronegativity to approach this in the most flexible and maintainable way.

This is my design proposal:

  1. Build a JSON-based "defaults.json" file, containing the default webPreferences options for each version of Electron, possibly using a semantic versioning grammar. This file will be shipped with Electronegativity. The file could be generated programmatically by coding a script to instrument every Electron version (included in the releases.json file) and dump the webPreferences object. From then on we could just run the script whenever a new Electron version is released.
  2. Since it is not always possible for the targeted project to include a neat package.json file containing the Electron version, Electronegativity should attempt to obtain the framework version from any package.lock/yarn.lock file. Alternatively, users should be able to set the exact Electron version used by the targeted application via command line arguments (e.g. --electron-version=8.1.2?).
  3. Using (1) and (2) we will be able to provide each check with a defaults argument to use, containing the default webPreferences options for the Electron version used by the application.

This will help us eliminate many version-dependent decisions from every check.

@phosphore phosphore mentioned this issue May 25, 2020
Closed
phosphore added a commit that referenced this issue Jul 3, 2020
@phosphore
Merge pull request #66 from baltpeter/webpref-updates
81ae713 
Consider Electron version and update checks according to new defaults (#23, #58)
@phosphore
Copy link
Contributor

phosphore commented Jul 3, 2020
edited
Loading

Thanks to @baltpeter (#66, #67) Electronegativity is getting smarter! 🎉 Things we still need to do before pushing a new version:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phosphore @ikkisoft