search

doyensec / electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
Apache License 2.0
972 stars 66 forks source link

Better Electron version detection #67

Closed baltpeter closed 4 years ago

baltpeter commented 4 years ago

Note: This PR is based on #66, so that should be merged first.

My go at implementing a better detection for the Electron version. Given the potentially multiple found versions in the sources we check, we go for the oldest one just in case as we cannot know which one is actually used.

This now checks (if available):

As the .load() function of the ASAR loader is now async, one of the tests is currently failing. I'll try to fix that tomorrow. Otherwise this should be pretty much good to go.
Let me know what you think!

baltpeter commented 4 years ago

Alright, the test is now fixed and this should be ready.

phosphore commented 4 years ago

Thanks for handling it. I hope this will improve issues like #61 in the future. I think we can leave out bower.json files since it's EOL.