ELECTRON-485 (Add throttle of 1 sec for activate, bringToFront and setLocale to prevent DoS attacks) (#414)

- Add throttle of 1 sec for activate, bringToFront and setLocale to prevent DoS attacks - Skip resize Spectron test case for Mac
2025-02-25 18:55:29 -06:00 · 2018-07-09 13:29:47 +05:30 · 2018-07-09 13:29:47 +05:30 · a18f3eb64c
commit a18f3eb64c
parent cc39f43ee7
2 changed files with 35 additions and 18 deletions
--- a/js/preload/preloadMain.js
+++ b/js/preload/preloadMain.js
@ -77,6 +77,28 @@ local.ipcRenderer.on('on-page-load', () => {
    snackBar = new SnackBar();
 });

+const throttledActivate = throttle(1000, function(windowName) {
+    local.ipcRenderer.send(apiName, {
+        cmd: apiCmds.activate,
+        windowName: windowName
+    });
+});
+
+const throttledBringToFront = throttle(1000, function(windowName, reason) {
+    local.ipcRenderer.send(apiName, {
+        cmd: apiCmds.bringToFront,
+        windowName: windowName,
+        reason: reason
+    });
+});
+
+const throttledSetLocale = throttle(1000, function(locale) {
+    local.ipcRenderer.send(apiName, {
+        cmd: apiCmds.setLocale,
+        locale,
+    });
+});
+
 // Gathers renderer process memory
 setInterval(() => {
    const memory = process.getProcessMemoryInfo();
@ -170,10 +192,9 @@ function createAPI() {
         * @param  {String} windowName Name of window. Note: main window name is 'main'
         */
        activate: function(windowName) {
-            local.ipcRenderer.send(apiName, {
-                cmd: apiCmds.activate,
-                windowName: windowName
-            });
+            if (typeof windowName === 'string') {
+                throttledActivate(windowName);
+            }
        },

        /**
@ -182,11 +203,9 @@ function createAPI() {
         * @param {String} reason, The reason for which the window is to be activated
         */
        bringToFront: function(windowName, reason) {
-            local.ipcRenderer.send(apiName, {
-                cmd: apiCmds.bringToFront,
-                windowName: windowName,
-                reason: reason
-            });
+            if (typeof windowName === 'string') {
+                throttledBringToFront(windowName, reason);
+            }
        },

        /**
@ -318,10 +337,9 @@ function createAPI() {
         * Ex: en-US, ja-JP
         */
        setLocale: function (locale) {
-            local.ipcRenderer.send(apiName, {
-                cmd: apiCmds.setLocale,
-                locale,
-            });
+            if (typeof locale === 'string') {
+                throttledSetLocale(locale);
+            }
        }
    };

--- a/tests/spectron/resizeWindows.spectron.js
+++ b/tests/spectron/resizeWindows.spectron.js
@ -3,8 +3,10 @@ const robot = require('robotjs');
 const {isMac} = require('../../js/utils/misc');

 let app = new Application({});
+let defaultWidth;
+let defaultHeight;

-describe('Tests for Resizing windows', () => {
+!isMac ? describe('Tests for Resizing windows', () => {

    let originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
    jasmine.DEFAULT_TIMEOUT_INTERVAL = Application.getTimeOut();
@ -45,9 +47,6 @@ describe('Tests for Resizing windows', () => {
     * Cover scenarios in AVT-768
     */
    it('should be minimized up to 300px', (done) => {
-        if (isMac) {
-            return done();
-        }
        app.browserWindow.getBounds().then((bounds) => {
            defaultHeight = bounds.height;
            defaultWidth = bounds.width;
@ -67,4 +66,4 @@ describe('Tests for Resizing windows', () => {
            })
        });
    });
-});
+}) : describe.skip();