Try to mitigate the unsafe flags on production.

This change is meant to mitigate the use of *unsafe* flags from `--inspect` family by removing them at runtime for production builds. However, this is not meant to replace the *fuses* neither is tested if it is functional, It should work fine as another layer of protection, being "better than nothing", especially for unpatched Electron builds.
SpacingBat3 · Mar 11, 2022 · 3feef79 · 3feef79
1 parent 6e4454c
commit 3feef79
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/sources/code/common/main.ts b/sources/code/common/main.ts
@@ -72,6 +72,7 @@ import colors from '@spacingbat3/kolor';
 import { resolve as resolvePath, relative } from 'path';
 import { major } from "semver";
 import { getUserAgent } from './modules/agent';
+import { getBuildInfo } from '../main/modules/client';
 
 // Set global user agent
 app.userAgentFallback = getUserAgent(process.versions.chrome);
@@ -89,6 +90,17 @@ let overwriteMain: (() => void | unknown) | undefined;
         return '  '+colors.green(parameter)+' '.repeat(spaceBetween)+colors.gray(description)+'\n'
     }
     const cmd = app.commandLine;
+
+    // Mitigations to *unsafe* command-line switches
+    if (getBuildInfo().type !== "devel")
+        for(const cmdSwitch of [
+            "inspect-brk",
+            "inspect-port",
+            "inspect",
+            "inspect-publish-uid"
+        ]) if(cmd.hasSwitch(cmdSwitch))
+            cmd.removeSwitch(cmdSwitch);
+
     if (cmd.hasSwitch('help') || cmd.hasSwitch('h')) {
         console.log(
             "\n " + colors.bold(colors.blue(app.getName())) +