fix: don't expose desktopCapturer in sandboxed renderers if the feature is disabled (#14345)

lib/sandboxed_renderer/api/exports/electron.js

@@ -1,48 +1,17 @@
-Object.defineProperties(exports, {
-  ipcRenderer: {
-    enumerable: true,
-    get: function () {
-      return require('../ipc-renderer')
-    }
-  },
-  remote: {
-    enumerable: true,
-    get: function () {
-      return require('../../../renderer/api/remote')
-    }
-  },
-  webFrame: {
-    enumerable: true,
-    get: function () {
-      return require('../../../renderer/api/web-frame')
-    }
-  },
-  crashReporter: {
-    enumerable: true,
-    get: function () {
-      return require('../../../common/api/crash-reporter')
-    }
-  },
-  CallbacksRegistry: {
-    get: function () {
-      return require('../../../common/api/callbacks-registry')
-    }
-  },
-  isPromise: {
-    get: function () {
-      return require('../../../common/api/is-promise')
-    }
-  },
-  // XXX(alexeykuzmin): It won't be available if the Desktop Capturer
-  // was disabled during build time.
-  desktopCapturer: {
-    get: function () {
-      return require('../../../renderer/api/desktop-capturer')
-    }
-  },
-  nativeImage: {
-    get: function () {
-      return require('../../../common/api/native-image')
-    }
+const moduleList = require('../module-list')
+
+for (const {
+        name,
+        load,
+        enabled = true,
+        private: isPrivate = false
+    } of moduleList) {
+  if (!enabled) {
+    continue
   }
-})
+
+  Object.defineProperty(exports, name, {
+    enumerable: !isPrivate,
+    get: load
+  })
+}

lib/sandboxed_renderer/api/module-list.js

@@ -0,0 +1,39 @@
+const features = process.atomBinding('features')
+
+module.exports = [
+  {
+    name: 'CallbacksRegistry',
+    load: () => require('../../common/api/callbacks-registry'),
+    private: true
+  },
+  {
+    name: 'crashReporter',
+    load: () => require('../../common/api/crash-reporter')
+  },
+  {
+    name: 'desktopCapturer',
+    load: () => require('../../renderer/api/desktop-capturer'),
+    enabled: features.isDesktopCapturerEnabled()
+  },
+  {
+    name: 'ipcRenderer',
+    load: () => require('./ipc-renderer')
+  },
+  {
+    name: 'isPromise',
+    load: () => require('../../common/api/is-promise'),
+    private: true
+  },
+  {
+    name: 'nativeImage',
+    load: () => require('../../common/api/native-image')
+  },
+  {
+    name: 'remote',
+    load: () => require('../../renderer/api/remote')
+  },
+  {
+    name: 'webFrame',
+    load: () => require('../../renderer/api/web-frame')
+  }
+]

lib/sandboxed_renderer/init.js

@@ -1,10 +1,12 @@
 /* eslint no-eval: "off" */
 /* global binding, Buffer */
 const events = require('events')
-const electron = require('electron')
 
 process.atomBinding = require('../common/atom-binding-setup')(binding.get, 'renderer')
 
+// The electron module depends on process.atomBinding
+const electron = require('electron')
+
 const v8Util = process.atomBinding('v8_util')
 // Expose browserify Buffer as a hidden value. This is used by C++ code to
 // deserialize Buffer instances sent from browser process.