Update src/containers/tw-security-manager.jsx

src/containers/tw-security-manager.jsx

@@ -5,6 +5,7 @@ import log from '../lib/log';
 import bindAll from 'lodash.bindall';
 import SecurityManagerModal from '../components/tw-security-manager-modal/security-manager-modal.jsx';
 import SecurityModals from '../lib/tw-security-manager-constants';
+import { isDefinitelyExecutable } from '../lib/pm-security-manager-download-util.js';
 
 /**
  * Set of extension URLs that the user has manually trusted to load unsandboxed.
@@ -31,7 +32,7 @@ const isTrustedExtensionOrigin = url => (
     url.startsWith('https://pen-group.github.io/') || // Pen-Group / ObviousAlexC
 
     // For development.
-    true ||
+    url.startsWith('http://localhost:8000') ||
     url.startsWith('http://localhost:6000') || // Launcher Home
     url.startsWith('http://localhost:6001') || // Launcher Extensions
     url.startsWith('http://localhost:5173') || // Local Home or Extensions
@@ -65,7 +66,7 @@ const embedOriginsTrustedByUser = new Set();
 const isAlwaysTrustedForFetching = parsed => (
     // If we would trust loading an extension from here, we can trust loading resources too.
     isTrustedExtension(parsed.href) ||
-    true ||
+
     // Any TurboWarp service such as trampoline
     parsed.origin === 'https://turbowarp.org' ||
     parsed.origin.endsWith('.turbowarp.org') ||
@@ -77,11 +78,16 @@ const isAlwaysTrustedForFetching = parsed => (
 
     // GitHub
     parsed.origin === 'https://raw.githubusercontent.com' ||
+    parsed.origin === 'https://gist.githubusercontent.com' ||
     parsed.origin === 'https://api.github.com' ||
 
-    // GitLab
+    // GitLab API
+    // GitLab Pages allows redirects, so not included here.
     parsed.origin === 'https://gitlab.com' ||
 
+    // Sourcehut Pages
+    parsed.origin.endsWith('.srht.site') ||
+
     // Itch
     parsed.origin.endsWith('.itch.io') ||
 
@@ -95,36 +101,69 @@ const isAlwaysTrustedForFetching = parsed => (
     parsed.origin === 'https://scratchdb.lefty.one'
 );
 
+const FETCHABLE_PROTOCOLS = [
+    'http:',
+    'https:',
+    'data:',
+    'blob:',
+    'ws:',
+    'wss:'
+];
+
+const VISITABLE_PROTOCOLS = [
+    // The important one we want to exclude is javascript:
+    'http:',
+    'https:',
+    'data:',
+    'blob:',
+    'mailto:',
+    'steam:',
+    'calculator:'
+];
+
 /**
  * @param {string} url Original URL string
+ * @param {string[]} protocols List of allowed protocols
  * @returns {URL|null} A URL object if it is valid and of a known protocol, otherwise null.
  */
-const parseURL = url => {
+const parseURL = (url, protocols) => {
     let parsed;
     try {
         parsed = new URL(url);
     } catch (e) {
         return null;
     }
-    const protocols = ['http:', 'https:', 'ws:', 'wss:', 'data:', 'blob:'];
     if (!protocols.includes(parsed.protocol)) {
         return null;
     }
     return parsed;
 };
 
-let allowedAudio = false;
-let allowedVideo = false;
-let allowedReadClipboard = false;
-let allowedNotify = false;
-let allowedGeolocation = false;
-const notAllowedToAskUnsandbox = Object.create(null);
-let loadingExtensionsRemember = false;
-let rememberedExtensionInfo = {
-    unsandboxed: false,
-    loaded: false
+let allowedAudio = true;
+let allowedVideo = true;
+let allowedReadClipboard = true;
+let allowedNotify = true;
+let allowedGeolocation = true;
+let allowedScreenshotCamera = true;
+
+let rememberFetchSitesDecision = true;
+let rememberFetchSitesAllAllowed = true;
+let rememberEmbedSitesDecision = true;
+let rememberEmbedSitesAllAllowed = true;
+let rememberDownloadDecision = true;
+let rememberDownloadAllAllowed = true;
+let rememberLoadingExtensions = true;
+let rememberLoadingExtensionsInfo = {
+    unsandboxed: true,
+    loaded: true
 };
 
+/**
+ * A list of developer defined names that are not allowed to ask for unsandboxing.
+ * @type {Set<string>}
+ */
+const notAllowedToAskUnsandbox = new Set();
+
 const SECURITY_MANAGER_METHODS = [
     'getSandboxMode',
     'canLoadExtensionFromProject',
@@ -137,7 +176,9 @@ const SECURITY_MANAGER_METHODS = [
     'canNotify',
     'canGeolocate',
     'canEmbed',
-    'canUnsandbox'
+    'canUnsandbox',
+    'canScreenshotCamera',
+    'canDownload'
 ];
 
 class TWSecurityManagerComponent extends React.Component {
@@ -160,16 +201,23 @@ class TWSecurityManagerComponent extends React.Component {
     }
 
     projectWillChange() {
-        loadingExtensionsRemember = false;
-        rememberedExtensionInfo = {
-            unsandboxed: false,
-            loaded: false
+        rememberFetchSitesDecision = true;
+        rememberFetchSitesAllAllowed = true;
+        rememberEmbedSitesDecision = true;
+        rememberEmbedSitesAllAllowed = true;
+        rememberDownloadDecision = true;
+        rememberDownloadAllAllowed = true;
+        rememberLoadingExtensions = true;
+        rememberLoadingExtensionsInfo = {
+            unsandboxed: true,
+            loaded: true
         };
     }
     componentDidMount() {
-        const securityManager = this.props.vm.extensionManager.securityManager;
+        const vmSecurityManager = this.props.vm.extensionManager.securityManager;
+        const propsSecurityManager = this.props.securityManager;
         for (const method of SECURITY_MANAGER_METHODS) {
-            securityManager[method] = this[method];
+            vmSecurityManager[method] = propsSecurityManager[method] || this[method];
         }
         this.props.vm.runtime.on('RUNTIME_DISPOSED', this.projectWillChange);
     }
@@ -277,19 +325,19 @@ class TWSecurityManagerComponent extends React.Component {
             log.info(`Loading extension ${url} automatically`);
             return true;
         }
-        if (loadingExtensionsRemember) {
-            // TODO: find some way to identify these, custom extensions have too long of URLs
-            if (!rememberedExtensionInfo.loaded) {
-                console.warn('An extension was not loaded');
+        const { showModal, releaseLock } = await this.acquireModalLock();
+        if (rememberLoadingExtensions) {
+            releaseLock();
+            if (!rememberLoadingExtensionsInfo.loaded) {
+                log.info('An unseen extension was automatically not loaded');
                 return false;
             }
-            if (rememberedExtensionInfo.unsandboxed) {
-                console.log('An extension was loaded unsandboxed');
+            if (rememberLoadingExtensionsInfo.unsandboxed) {
+                log.warn('An unseen extension was automatically loaded unsandboxed');
                 manuallyTrustExtension(url);
             }
             return true;
         }
-        const { showModal } = await this.acquireModalLock();
 
         // we allow all urls to be unsandboxed.
         // its very likely that people would load any file unsandboxed anyways, theres no safety in blocking it for urls only.
@@ -305,8 +353,8 @@ class TWSecurityManagerComponent extends React.Component {
             manuallyTrustExtension(url);
         }
         if (this.state.data.remember) {
-            loadingExtensionsRemember = true;
-            rememberedExtensionInfo = {
+            rememberLoadingExtensions = true;
+            rememberLoadingExtensionsInfo = {
                 unsandboxed: this.state.data.unsandboxed,
                 loaded: allowed
             };
@@ -319,7 +367,7 @@ class TWSecurityManagerComponent extends React.Component {
      * @returns {Promise<boolean>} True if the resource is allowed to be fetched
      */
     async canFetch(url) {
-        const parsed = parseURL(url);
+        const parsed = parseURL(url, FETCHABLE_PROTOCOLS);
         if (!parsed) {
             return false;
         }
@@ -327,16 +375,33 @@ class TWSecurityManagerComponent extends React.Component {
             return true;
         }
         const { showModal, releaseLock } = await this.acquireModalLock();
-        if (fetchOriginsTrustedByUser.has(origin)) {
+        const origin = (parsed.protocol === 'http:' || parsed.protocol === 'https:') ? parsed.origin : null;
+        if (rememberFetchSitesDecision) {
+            releaseLock();
+            if (rememberFetchSitesAllAllowed) {
+                log.warn(url, "was automatically fetched without prompt");
+            } else {
+                log.info(url, "was automatically denied without prompt");
+            }
+            return rememberFetchSitesAllAllowed;
+        }
+        if (origin && fetchOriginsTrustedByUser.has(origin)) {
             releaseLock();
             return true;
         }
         const allowed = await showModal(SecurityModals.Fetch, {
-            url
+            url,
+            remember: false,
+            onChangeRemember: this.handleChangeRemember.bind(this),
         });
         if (allowed) {
             fetchOriginsTrustedByUser.add(origin);
         }
+        if (this.state.data.remember) {
+            rememberFetchSitesDecision = true;
+            rememberFetchSitesAllAllowed = allowed;
+            log.info("Remembering to allow all sites?", rememberFetchSitesAllAllowed);
+        }
         return allowed;
     }
 
@@ -345,7 +410,7 @@ class TWSecurityManagerComponent extends React.Component {
      * @returns {Promise<boolean>} True if the website can be opened
      */
     async canOpenWindow(url) {
-        const parsed = parseURL(url);
+        const parsed = parseURL(url, VISITABLE_PROTOCOLS);
         if (!parsed) {
             return false;
         }
@@ -360,7 +425,7 @@ class TWSecurityManagerComponent extends React.Component {
      * @returns {Promise<boolean>} True if the website can be redirected to
      */
     async canRedirect(url) {
-        const parsed = parseURL(url);
+        const parsed = parseURL(url, VISITABLE_PROTOCOLS);
         if (!parsed) {
             return false;
         }
@@ -425,16 +490,26 @@ class TWSecurityManagerComponent extends React.Component {
         return allowedGeolocation;
     }
 
+    /**
+     * @returns {Promise<boolean>} True if screenshotting the camera is allowed.
+     */
+    async canScreenshotCamera() {
+        if (!allowedScreenshotCamera) {
+            const { showModal } = await this.acquireModalLock();
+            allowedScreenshotCamera = await showModal(SecurityModals.ScreenshotCamera);
+        }
+        return allowedScreenshotCamera;
+    }
 
     /**
-     * @returns {Promise<boolean>} True if geolocation is allowed.
+     * @returns {Promise<boolean>} True if unsandboxing the provided extension name is allowed.
      */
     async canUnsandbox(name) {
-        if (notAllowedToAskUnsandbox[name]) return false;
+        if (notAllowedToAskUnsandbox.has(name)) return false;
         const { showModal } = await this.acquireModalLock();
         const allowedUnsandbox = await showModal(SecurityModals.Unsandbox, { name: name || "" });
         if (!allowedUnsandbox) {
-            notAllowedToAskUnsandbox[name] = true;
+            notAllowedToAskUnsandbox.add(name);
         }
         return allowedUnsandbox;
     }
@@ -444,20 +519,77 @@ class TWSecurityManagerComponent extends React.Component {
      * @returns {Promise<boolean>} True if embed is allowed.
      */
     async canEmbed(url) {
-        const parsed = parseURL(url);
+        const parsed = parseURL(url, FETCHABLE_PROTOCOLS);
         if (!parsed) {
             return false;
         }
         const origin = (parsed.protocol === 'http:' || parsed.protocol === 'https:') ? parsed.origin : null;
         const { showModal, releaseLock } = await this.acquireModalLock();
+        if (rememberEmbedSitesDecision) {
+            releaseLock();
+            if (rememberEmbedSitesAllAllowed) {
+                log.warn(url, "was automatically embedded without prompt");
+            } else {
+                log.info(url, "was automatically embed denied without prompt");
+            }
+            return rememberEmbedSitesAllAllowed;
+        }
         if (origin && embedOriginsTrustedByUser.has(origin)) {
             releaseLock();
             return true;
         }
-        const allowed = await showModal(SecurityModals.Embed, { url });
+        const allowed = await showModal(SecurityModals.Embed, {
+            url,
+            remember: false,
+            onChangeRemember: this.handleChangeRemember.bind(this),
+        });
         if (origin && allowed) {
             embedOriginsTrustedByUser.add(origin);
         }
+        if (this.state.data.remember) {
+            rememberEmbedSitesDecision = true;
+            rememberEmbedSitesAllAllowed = allowed;
+            log.info("Remembering to allow embedding all sites?", rememberEmbedSitesAllAllowed);
+        }
+        return allowed;
+    }
+
+    /**
+     * @param {string} url URL to download
+     * @param {string} name Name to download as
+     * @returns {Promise<boolean>} True if allowed
+     */
+    async canDownload(url, name) {
+        const parsed = parseURL(url, FETCHABLE_PROTOCOLS);
+        if (!parsed) {
+            return false;
+        }
+        // pm: We only prompt the user for known executables.
+        // See src/lib/pm-security-manager-download-util.js for details.
+        if (!isDefinitelyExecutable(name)) {
+            return true;
+        }
+        const { showModal, releaseLock } = await this.acquireModalLock();
+        if (rememberDownloadDecision) {
+            releaseLock();
+            if (rememberDownloadAllAllowed) {
+                log.warn(url, "was automatically downloaded without prompt");
+            } else {
+                log.info(url, "was automatically download denied without prompt");
+            }
+            return rememberDownloadAllAllowed;
+        }
+        const allowed = await showModal(SecurityModals.Download, {
+            url,
+            name,
+            remember: false,
+            onChangeRemember: this.handleChangeRemember.bind(this),
+        });
+        if (this.state.data.remember) {
+            rememberDownloadDecision = true;
+            rememberDownloadAllAllowed = allowed;
+            log.info("Remembering to allow downloading all files?", rememberDownloadAllAllowed);
+        }
         return allowed;
     }
 
@@ -488,7 +620,12 @@ TWSecurityManagerComponent.propTypes = {
                 }, {})
             ).isRequired
         }).isRequired
-    }).isRequired
+    }).isRequired,
+    securityManager: PropTypes.shape(Object.fromEntries(SECURITY_MANAGER_METHODS.map(i => [i, PropTypes.func])))
+};
+
+TWSecurityManagerComponent.defaultProps = {
+    securityManager: {}
 };
 
 const mapStateToProps = state => ({
@@ -507,4 +644,4 @@ export {
     manuallyTrustExtension,
     isTrustedExtension,
     isTrustedExtensionOrigin
-};
+};