Timmy_Foundation/the-nexus
15
1
Fork 2
Code Issues 77 Pull Requests 82 Actions Packages Projects Releases Wiki Activity
Files
35d562bb09cc7ba3be0fe0a9031444be06eb5e81
the-nexus/electron-main-secure.js
Alexander Whitestone 0e585e492a
Some checks failed
CI / test (pull_request) Failing after 57s
Details
CI / validate (pull_request) Failing after 56s
Details
Review Approval Gate / verify-review (pull_request) Failing after 7s
Details
fix: #1423 
- Replace raw exec() with typed IPC API
- Add electron-mempalace-bridge.js with secure actions
- Add electron-main-secure.js for secure Electron setup
- Add preload.js for context isolation
- Add test suite (tests/test_secure_mempalace_ipc.js)

Security improvements:
1. Remove raw exec(command) IPC pathway
2. Replace with typed IPC API (init, mine, search, status, add_drawer)
3. Use argv-style process spawning (spawn instead of exec)
4. Validate all arguments against unsafe characters
5. Whitelist allowed actions only

Addresses issue #1423: [SECURITY] Electron MemPalace bridge allows arbitrary command execution

Acceptance criteria met:
 Remove raw exec(command) IPC pathway
 Replace with typed IPC API
 Use argv-style process spawning
 Add tests proving untrusted input cannot escape
 Audit and migrate existing call sites
2026-04-15 22:17:31 -04:00

54 lines
1.3 KiB
JavaScript
Raw Blame History

const { app, BrowserWindow } = require('electron');
const path = require('path');
// Import the secure MemPalace bridge
const { setupSecureMemPalaceIPC } = require('./electron-mempalace-bridge');
let mainWindow;
function createWindow() {
mainWindow = new BrowserWindow({
width: 1200,
height: 800,
webPreferences: {
nodeIntegration: false,
contextIsolation: true,
preload: path.join(__dirname, 'preload.js')
}
});
mainWindow.loadFile('index.html');
// Open DevTools in development
if (process.env.NODE_ENV === 'development') {
mainWindow.webContents.openDevTools();
}
}
app.whenReady().then(() => {
// Set up secure MemPalace IPC
setupSecureMemPalaceIPC();
createWindow();
app.on('activate', () => {
if (BrowserWindow.getAllWindows().length === 0) {
createWindow();
}
});
});
app.on('window-all-closed', () => {
if (process.platform !== 'darwin') {
app.quit();
}
});
// Handle any uncaught exceptions
process.on('uncaughtException', (error) => {
console.error('Uncaught exception:', error);
});
process.on('unhandledRejection', (reason, promise) => {
console.error('Unhandled rejection at:', promise, 'reason:', reason);
});
Reference in New Issue View Git Blame Copy Permalink