Fix for harmful switches that can be enabled via command line

[xyloflake]

The executables, when accessed via command line can be used to set harmful switches. This fix makes sure specified command line switches don't allow the app to open.

[staniel359]

@xyloflake Please rebase this branch onto main.

[xyloflake]

@staniel359 it's not ready, plus I don't get what you mean.

[xyloflake]

@staniel359 gotchu

[xyloflake]

@gamersi not ready yet

[xyloflake]

Hey @gamersi @staniel359 ready for merging, just need a verification from @gamersi that it works.

How to check?

1. @gamersi clone the repo (make sure you're cloning this branch) as instructed in the dev manual
2. yarn package:all
3. Install and try fix

[xyloflake]

Sorry guys, need some time to figure something out.

[gamersi]

Sorry guys, need some time to figure something out.

Should i still test it or wait

[xyloflake]

Please test it @gamersi

[gamersi]

Please test it @gamersi yeah its currently building

[xyloflake]

Sure!

[xyloflake]

Theoretically, there should be some error

[gamersi]

Sure!

It doesnt work. it breaks at electron builder

[xyloflake]

What does it show?

[xyloflake]

Mine doesn't create a problem at building

[gamersi]

Sure!

It doesnt work. it breaks at electron builder

oh, i just read through the log, its a permission error, let me restart as admin (im in windows currenlty)

[gamersi]

building works, let me test the harmful switches rq

[xyloflake]

Hmm it should give an electron error (theoretically)

[gamersi]

oh wait i forgot the env, stashed the test changes and didnt readd it

[gamersi]

no i have the .env and stillg et the invalid json error, weird

[xyloflake]

Can you provide a screenshot?

[gamersi]

[xyloflake]

Did you add VITE_APP before ANONYMOUS_TOKEN?

[gamersi]

Did you add VITE_APP before ANONYMOUS_TOKEN?

yes

[xyloflake]

Also, this was caused by node_env, follow the SO link @staniel359 sent

[gamersi]

Also, this was caused by node_env, follow the SO link @staniel359 sent

but the node env thing was for development builds

[xyloflake]

Have you tried it tho?

[gamersi]

Have you tried it tho?

with it set i get a different error:

[xyloflake]

What is that lol

[gamersi]

What is that lol

it says that something in not a direcotry

[xyloflake]

Electron store problem, doesn't happen with me tho

[gamersi]

i am currently rebuilding it with the axios dev url updated

[xyloflake]

I have to go sleep tho, I'll see tomorrow.

[gamersi]

ill try the installer

[gamersi]

good night

[xyloflake]

Did it build?

[gamersi]

yes it did build this error only comes when i start it

[gamersi]

when the installer is finished it also gives the JSON error

[xyloflake]

Can you build the OG branch @gamersi ?

[gamersi]

Can you build the OG branch @gamersi ?

No, main does not work either

[xyloflake]

Can you build the OG branch @gamersi ?

No, main does not work either

Maybe a problem with the stuff @staniel359 pushed

[xyloflake]

@gamersi I built it with the updated stuff, it builds fine. Installs fine. Runs fine. Wth?

@staniel359 can you try building it?

[staniel359]

@xyloflake Please rebase this branch onto main. (You merged it, I asked for rebase). Also please squash all your commits into a single one.

[xyloflake]

@staniel359 will not be squashing commits, as discussed on discord and telegram. Ready to merge after updating harmful switches list, confirmed by @gamersi that it works.

Need updating the harmful switches

[xyloflake]

@staniel359 @gamersi ready for review.

Added all harmful switches as of now.

[xyloflake]

@staniel359 @gamersi FINALLY successfully rebased to main (thank god). Please review.

[staniel359]

@xyloflake Also please don't forget to run yarn lint.

[xyloflake]

@gamersi need you to test the build with HTTPToolkit and check if the fix works or not. Theoretically speaking, it should.

I dived into the source code and found out they're using the proxy-server flag, which we've listed.

I've added one more flag that they were using.

[xyloflake]

I'm very proud to announce that the fix applies to every other interceptor out there specifically targeting muffon. I've tested the packaged app with HTTPToolkit.

@gamersi @staniel359 Please review, I'll not be visiting github (probably) for a few months/days.

[xyloflake]

@gamersi @staniel359 please note that this is a temporary fix, I'll soon be implementing the patch directly into mutrino