feat: add support for validating asar archives on macOS (#30900)

* feat: add support for validating asar archives on macOS

* chore: fix lint

* chore: update as per feedback

* feat: switch implementation to asar integrity hash checks

* feat: make ranged requests work with the asar file validator DataSourceFilter

* chore: fix lint

* chore: fix missing log include on non-darwin

* fix: do not pull block size out of missing optional

* fix: match ValidateOrDie symbol on non-darwin

* chore: fix up asar specs by repacking archives

* fix: maintain integrity chain, do not load file integrity if header integrity was not loaded

* debug test

* Update node-spec.ts

* fix: initialize header_validated_

* chore: update PR per feedback

* chore: update per feedback

* build: use final asar module

* Update fuses.json5

* chore: fix compile errors

Co-authored-by: Samuel Attard <[email protected]>
Co-authored-by: Samuel Attard <[email protected]>
Co-authored-by: Samuel Attard <[email protected]>

BUILD.gn

@@ -1006,6 +1006,12 @@ if (is_mac) {
     outputs = [ "{{bundle_resources_dir}}/{{source_file_part}}" ]
   }
 
+  asar_hashed_info_plist("electron_app_plist") {
+    keys = [ "DEFAULT_APP_ASAR_HEADER_SHA" ]
+    hash_targets = [ ":default_app_asar_header_hash" ]
+    plist_file = "shell/browser/resources/mac/Info.plist"
+  }
+
   mac_app_bundle("electron_app") {
     output_name = electron_product_name
     sources = filenames.app_sources
@@ -1013,6 +1019,7 @@ if (is_mac) {
     include_dirs = [ "." ]
     deps = [
       ":electron_app_framework_bundle_data",
+      ":electron_app_plist",
       ":electron_app_resources",
       ":electron_fuses",
       "//base",
@@ -1021,7 +1028,7 @@ if (is_mac) {
     if (is_mas_build) {
       deps += [ ":electron_login_helper_app" ]
     }
-    info_plist = "shell/browser/resources/mac/Info.plist"
+    info_plist_target = ":electron_app_plist"
     extra_substitutions = [
       "ELECTRON_BUNDLE_ID=$electron_mac_bundle_id",
       "ELECTRON_VERSION=$electron_version",

build/asar.gni

@@ -57,4 +57,42 @@ template("asar") {
              rebase_path(outputs[0]),
            ]
   }
+
+  node_action(target_name + "_header_hash") {
+    invoker_out = invoker.outputs
+
+    deps = [ ":" + invoker.target_name ]
+    sources = invoker.outputs
+
+    script = "//electron/script/gn-asar-hash.js"
+    outputs = [ "$target_gen_dir/asar_hashes/$target_name.hash" ]
+
+    args = [
+      rebase_path(invoker_out[0]),
+      rebase_path(outputs[0]),
+    ]
+  }
+}
+
+template("asar_hashed_info_plist") {
+  node_action(target_name) {
+    assert(defined(invoker.plist_file),
+           "Need plist_file to add hashed assets to")
+    assert(defined(invoker.keys), "Need keys to replace with asset hash")
+    assert(defined(invoker.hash_targets), "Need hash_targets to read hash from")
+
+    deps = invoker.hash_targets
+
+    script = "//electron/script/gn-plist-but-with-hashes.js"
+    inputs = [ invoker.plist_file ]
+    outputs = [ "$target_gen_dir/hashed_plists/$target_name.plist" ]
+    hash_files = []
+    foreach(hash_target, invoker.hash_targets) {
+      hash_files += get_target_outputs(hash_target)
+    }
+    args = [
+             rebase_path(invoker.plist_file),
+             rebase_path(outputs[0]),
+           ] + invoker.keys + rebase_path(hash_files)
+  }
 }

build/fuses/fuses.json5

@@ -5,5 +5,7 @@
   "run_as_node": "1",
   "cookie_encryption": "0",
   "node_options": "1",
-  "node_cli_inspect": "1"
+  "node_cli_inspect": "1",
+  "embedded_asar_integrity_validation": "0",
+  "only_load_app_from_asar": "0"
 }

filenames.gni

@@ -195,6 +195,7 @@ filenames = {
     "shell/browser/ui/tray_icon_cocoa.mm",
     "shell/common/api/electron_api_clipboard_mac.mm",
     "shell/common/api/electron_api_native_image_mac.mm",
+    "shell/common/asar/archive_mac.mm",
     "shell/common/application_info_mac.mm",
     "shell/common/language_util_mac.mm",
     "shell/common/mac/main_application_bundle.h",
@@ -408,6 +409,8 @@ filenames = {
     "shell/browser/native_window.cc",
     "shell/browser/native_window.h",
     "shell/browser/native_window_observer.h",
+    "shell/browser/net/asar/asar_file_validator.cc",
+    "shell/browser/net/asar/asar_file_validator.h",
     "shell/browser/net/asar/asar_url_loader.cc",
     "shell/browser/net/asar/asar_url_loader.h",
     "shell/browser/net/asar/asar_url_loader_factory.cc",

lib/asar/fs-wrapper.ts

@@ -1,6 +1,7 @@
 import { Buffer } from 'buffer';
 import * as path from 'path';
 import * as util from 'util';
+import type * as Crypto from 'crypto';
 
 const asar = process._linkedBinding('electron_common_asar');
 
@@ -194,6 +195,20 @@ const overrideAPI = function (module: Record<string, any>, name: string, pathArg
   }
 };
 
+let crypto: typeof Crypto;
+function validateBufferIntegrity (buffer: Buffer, integrity: NodeJS.AsarFileInfo['integrity']) {
+  if (!integrity) return;
+
+  // Delay load crypto to improve app boot performance
+  // when integrity protection is not enabled
+  crypto = crypto || require('crypto');
+  const actual = crypto.createHash(integrity.algorithm).update(buffer).digest('hex');
+  if (actual !== integrity.hash) {
+    console.error(`ASAR Integrity Violation: got a hash mismatch (${actual} vs ${integrity.hash})`);
+    process.exit(1);
+  }
+}
+
 const makePromiseFunction = function (orig: Function, pathArgumentIndex: number) {
   return function (this: any, ...args: any[]) {
     const pathArgument = args[pathArgumentIndex];
@@ -531,7 +546,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
       }
 
       const buffer = Buffer.alloc(info.size);
-      const fd = archive.getFd();
+      const fd = archive.getFdAndValidateIntegrityLater();
       if (!(fd >= 0)) {
         const error = createError(AsarError.NOT_FOUND, { asarPath, filePath });
         nextTick(callback, [error]);
@@ -540,6 +555,7 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
 
       logASARAccess(asarPath, filePath, info.offset);
       fs.read(fd, buffer, 0, info.size, info.offset, (error: Error) => {
+        validateBufferIntegrity(buffer, info.integrity);
         callback(error, encoding ? buffer.toString(encoding) : buffer);
       });
     }
@@ -595,11 +611,12 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
 
     const { encoding } = options;
     const buffer = Buffer.alloc(info.size);
-    const fd = archive.getFd();
+    const fd = archive.getFdAndValidateIntegrityLater();
     if (!(fd >= 0)) throw createError(AsarError.NOT_FOUND, { asarPath, filePath });
 
     logASARAccess(asarPath, filePath, info.offset);
     fs.readSync(fd, buffer, 0, info.size, info.offset);
+    validateBufferIntegrity(buffer, info.integrity);
     return (encoding) ? buffer.toString(encoding) : buffer;
   };
 
@@ -713,11 +730,12 @@ export const wrapFsWithAsar = (fs: Record<string, any>) => {
     }
 
     const buffer = Buffer.alloc(info.size);
-    const fd = archive.getFd();
+    const fd = archive.getFdAndValidateIntegrityLater();
     if (!(fd >= 0)) return [];
 
     logASARAccess(asarPath, filePath, info.offset);
     fs.readSync(fd, buffer, 0, info.size, info.offset);
+    validateBufferIntegrity(buffer, info.integrity);
     const str = buffer.toString('utf8');
     return [str, str.length > 0];
   };

lib/browser/init.ts

@@ -81,9 +81,10 @@ require('@electron/internal/browser/guest-view-manager');
 require('@electron/internal/browser/guest-window-proxy');
 
 // Now we try to load app's package.json.
+const v8Util = process._linkedBinding('electron_common_v8_util');
 let packagePath = null;
 let packageJson = null;
-const searchPaths = ['app', 'app.asar', 'default_app.asar'];
+const searchPaths: string[] = v8Util.getHiddenValue(global, 'appSearchPaths');
 
 if (process.resourcesPath) {
   for (packagePath of searchPaths) {

package.json

@@ -30,7 +30,7 @@
     "@types/webpack-env": "^1.15.2",
     "@typescript-eslint/eslint-plugin": "^4.4.1",
     "@typescript-eslint/parser": "^4.4.1",
-    "asar": "^3.0.3",
+    "asar": "^3.1.0",
     "aws-sdk": "^2.727.1",
     "check-for-leaks": "^1.2.1",
     "colors": "^1.4.0",

script/gn-asar-hash.js

@@ -0,0 +1,9 @@
+const asar = require('asar');
+const crypto = require('crypto');
+const fs = require('fs');
+
+const archive = process.argv[2];
+const hashFile = process.argv[3];
+
+const { headerString } = asar.getRawHeader(archive);
+fs.writeFileSync(hashFile, crypto.createHash('SHA256').update(headerString).digest('hex'));

script/gn-plist-but-with-hashes.js

@@ -0,0 +1,16 @@
+const fs = require('fs');
+
+const [,, plistPath, outputPath, ...keySet] = process.argv;
+
+const keyPairs = {};
+for (let i = 0; i * 2 < keySet.length; i++) {
+  keyPairs[keySet[i]] = fs.readFileSync(keySet[(keySet.length / 2) + i], 'utf8');
+}
+
+let plistContents = fs.readFileSync(plistPath, 'utf8');
+
+for (const key of Object.keys(keyPairs)) {
+  plistContents = plistContents.replace(`$\{${key}}`, keyPairs[key]);
+}
+
+fs.writeFileSync(outputPath, plistContents);

shell/browser/net/asar/asar_file_validator.cc

@@ -0,0 +1,152 @@
+// Copyright (c) 2021 Slack Technologies, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "shell/browser/net/asar/asar_file_validator.h"
+
+#include <algorithm>
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "base/logging.h"
+#include "base/notreached.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
+#include "crypto/sha2.h"
+
+namespace asar {
+
+AsarFileValidator::AsarFileValidator(IntegrityPayload integrity,
+                                     base::File file)
+    : file_(std::move(file)), integrity_(std::move(integrity)) {
+  current_block_ = 0;
+  max_block_ = integrity_.blocks.size() - 1;
+}
+
+AsarFileValidator::~AsarFileValidator() = default;
+
+void AsarFileValidator::OnRead(base::span<char> buffer,
+                               mojo::FileDataSource::ReadResult* result) {
+  DCHECK(!done_reading_);
+
+  uint64_t buffer_size = result->bytes_read;
+
+  // Compute how many bytes we should hash, and add them to the current hash.
+  uint32_t block_size = integrity_.block_size;
+  uint64_t bytes_added = 0;
+  while (bytes_added < buffer_size) {
+    if (current_block_ > max_block_) {
+      LOG(FATAL)
+          << "Unexpected number of blocks while validating ASAR file stream";
+      return;
+    }
+
+    // Create a hash if we don't have one yet
+    if (!current_hash_) {
+      current_hash_byte_count_ = 0;
+      switch (integrity_.algorithm) {
+        case HashAlgorithm::SHA256:
+          current_hash_ =
+              crypto::SecureHash::Create(crypto::SecureHash::SHA256);
+          break;
+        case HashAlgorithm::NONE:
+          CHECK(false);
+          break;
+      }
+    }
+
+    // Compute how many bytes we should hash, and add them to the current hash.
+    // We need to either add just enough bytes to fill up a block (block_size -
+    // current_bytes) or use every remaining byte (buffer_size - bytes_added)
+    int bytes_to_hash = std::min(block_size - current_hash_byte_count_,
+                                 buffer_size - bytes_added);
+    DCHECK_GT(bytes_to_hash, 0);
+    current_hash_->Update(buffer.data() + bytes_added, bytes_to_hash);
+    bytes_added += bytes_to_hash;
+    current_hash_byte_count_ += bytes_to_hash;
+    total_hash_byte_count_ += bytes_to_hash;
+
+    if (current_hash_byte_count_ == block_size && !FinishBlock()) {
+      LOG(FATAL) << "Failed to validate block while streaming ASAR file: "
+                 << current_block_;
+      return;
+    }
+  }
+}
+
+bool AsarFileValidator::FinishBlock() {
+  if (current_hash_byte_count_ == 0) {
+    if (!done_reading_ || current_block_ > max_block_) {
+      return true;
+    }
+  }
+
+  if (!current_hash_) {
+    // This happens when we fail to read the resource. Compute empty content's
+    // hash in this case.
+    current_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256);
+  }
+
+  uint8_t actual[crypto::kSHA256Length];
+
+  // If the file reader is done we need to make sure we've either read up to the
+  // end of the file (the check below) or up to the end of a block_size byte
+  // boundary. If the below check fails we compute the next block boundary, how
+  // many bytes are needed to get there and then we manually read those bytes
+  // from our own file handle ensuring the data producer is unaware but we can
+  // validate the hash still.
+  if (done_reading_ &&
+      total_hash_byte_count_ - extra_read_ != read_max_ - read_start_) {
+    uint64_t bytes_needed = std::min(
+        integrity_.block_size - current_hash_byte_count_,
+        read_max_ - read_start_ - total_hash_byte_count_ + extra_read_);
+    uint64_t offset = read_start_ + total_hash_byte_count_ - extra_read_;
+    std::vector<uint8_t> abandoned_buffer(bytes_needed);
+    if (!file_.ReadAndCheck(offset, abandoned_buffer)) {
+      LOG(FATAL) << "Failed to read required portion of streamed ASAR archive";
+      return false;
+    }
+
+    current_hash_->Update(&abandoned_buffer.front(), bytes_needed);
+  }
+
+  current_hash_->Finish(actual, sizeof(actual));
+  current_hash_.reset();
+  current_hash_byte_count_ = 0;
+
+  const std::string expected_hash = integrity_.blocks[current_block_];
+  const std::string actual_hex_hash =
+      base::ToLowerASCII(base::HexEncode(actual, sizeof(actual)));
+
+  if (expected_hash != actual_hex_hash) {
+    return false;
+  }
+
+  current_block_++;
+
+  return true;
+}
+
+void AsarFileValidator::OnDone() {
+  DCHECK(!done_reading_);
+  done_reading_ = true;
+  if (!FinishBlock()) {
+    LOG(FATAL) << "Failed to validate block while ending ASAR file stream: "
+               << current_block_;
+  }
+}
+
+void AsarFileValidator::SetRange(uint64_t read_start,
+                                 uint64_t extra_read,
+                                 uint64_t read_max) {
+  read_start_ = read_start;
+  extra_read_ = extra_read;
+  read_max_ = read_max;
+}
+
+void AsarFileValidator::SetCurrentBlock(int current_block) {
+  current_block_ = current_block;
+}
+
+}  // namespace asar

shell/browser/net/asar/asar_file_validator.h

@@ -0,0 +1,61 @@
+// Copyright (c) 2021 Slack Technologies, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef SHELL_BROWSER_NET_ASAR_ASAR_FILE_VALIDATOR_H_
+#define SHELL_BROWSER_NET_ASAR_ASAR_FILE_VALIDATOR_H_
+
+#include <algorithm>
+#include <memory>
+
+#include "crypto/secure_hash.h"
+#include "mojo/public/cpp/system/file_data_source.h"
+#include "mojo/public/cpp/system/filtered_data_source.h"
+#include "shell/common/asar/archive.h"
+#include "third_party/abseil-cpp/absl/types/optional.h"
+
+namespace asar {
+
+class AsarFileValidator : public mojo::FilteredDataSource::Filter {
+ public:
+  AsarFileValidator(IntegrityPayload integrity, base::File file);
+  ~AsarFileValidator() override;
+
+  void OnRead(base::span<char> buffer,
+              mojo::FileDataSource::ReadResult* result) override;
+
+  void OnDone() override;
+
+  void SetRange(uint64_t read_start, uint64_t extra_read, uint64_t read_max);
+  void SetCurrentBlock(int current_block);
+
+ protected:
+  bool FinishBlock();
+
+ private:
+  base::File file_;
+  IntegrityPayload integrity_;
+
+  // The offset in the file_ that the underlying file reader is starting at
+  uint64_t read_start_ = 0;
+  // The number of bytes this DataSourceFilter will have seen that aren't used
+  // by the DataProducer.  These extra bytes are exclusively for hash validation
+  // but we need to know how many we've used so we know when we're done.
+  uint64_t extra_read_ = 0;
+  // The maximum offset in the file_ that we should read to, used to determine
+  // which bytes we're missing or if we need to read up to a block boundary in
+  // OnDone
+  uint64_t read_max_ = 0;
+  bool done_reading_ = false;
+  int current_block_;
+  int max_block_;
+  uint64_t current_hash_byte_count_ = 0;
+  uint64_t total_hash_byte_count_ = 0;
+  std::unique_ptr<crypto::SecureHash> current_hash_;
+
+  DISALLOW_COPY_AND_ASSIGN(AsarFileValidator);
+};
+
+}  // namespace asar
+
+#endif  // SHELL_BROWSER_NET_ASAR_ASAR_FILE_VALIDATOR_H_

shell/browser/net/asar/asar_url_loader.cc

@@ -4,6 +4,7 @@
 
 #include "shell/browser/net/asar/asar_url_loader.h"
 
+#include <algorithm>
 #include <memory>
 #include <string>
 #include <utility>
@@ -13,6 +14,7 @@
 #include "base/task/post_task.h"
 #include "base/task/thread_pool.h"
 #include "content/public/browser/file_url_loader.h"
+#include "electron/fuses.h"
 #include "mojo/public/cpp/bindings/receiver.h"
 #include "mojo/public/cpp/bindings/remote.h"
 #include "mojo/public/cpp/system/data_pipe_producer.h"
@@ -23,6 +25,7 @@
 #include "net/http/http_byte_range.h"
 #include "net/http/http_util.h"
 #include "services/network/public/mojom/url_response_head.mojom.h"
+#include "shell/browser/net/asar/asar_file_validator.h"
 #include "shell/common/asar/archive.h"
 #include "shell/common/asar/asar_util.h"
 
@@ -127,6 +130,7 @@ class AsarURLLoader : public network::mojom::URLLoader {
       OnClientComplete(net::ERR_FILE_NOT_FOUND);
       return;
     }
+    bool is_verifying_file = info.integrity.has_value();
 
     // For unpacked path, read like normal file.
     base::FilePath real_path;
@@ -149,12 +153,26 @@ class AsarURLLoader : public network::mojom::URLLoader {
     base::File file(info.unpacked ? real_path : archive->path(),
                     base::File::FLAG_OPEN | base::File::FLAG_READ);
     auto file_data_source =
-        std::make_unique<mojo::FileDataSource>(std::move(file));
-    mojo::DataPipeProducer::DataSource* data_source = file_data_source.get();
+        std::make_unique<mojo::FileDataSource>(file.Duplicate());
+    std::unique_ptr<mojo::DataPipeProducer::DataSource> readable_data_source;
+    mojo::FileDataSource* file_data_source_raw = file_data_source.get();
+    AsarFileValidator* file_validator_raw = nullptr;
+    uint32_t block_size = 0;
+    if (info.integrity.has_value()) {
+      block_size = info.integrity.value().block_size;
+      auto asar_validator = std::make_unique<AsarFileValidator>(
+          std::move(info.integrity.value()), std::move(file));
+      file_validator_raw = asar_validator.get();
+      readable_data_source.reset(new mojo::FilteredDataSource(
+          std::move(file_data_source), std::move(asar_validator)));
+    } else {
+      readable_data_source = std::move(file_data_source);
+    }
 
-    std::vector<char> initial_read_buffer(net::kMaxBytesToSniff);
-    auto read_result =
-        data_source->Read(info.offset, base::span<char>(initial_read_buffer));
+    std::vector<char> initial_read_buffer(
+        std::min(static_cast<uint32_t>(net::kMaxBytesToSniff), info.size));
+    auto read_result = readable_data_source.get()->Read(
+        info.offset, base::span<char>(initial_read_buffer));
     if (read_result.result != MOJO_RESULT_OK) {
       OnClientComplete(ConvertMojoResultToNetError(read_result.result));
       return;
@@ -183,6 +201,7 @@ class AsarURLLoader : public network::mojom::URLLoader {
     }
 
     uint64_t first_byte_to_send = 0;
+    uint64_t total_bytes_dropped_from_head = initial_read_buffer.size();
     uint64_t total_bytes_to_send = info.size;
 
     if (byte_range.IsValid()) {
@@ -214,6 +233,24 @@ class AsarURLLoader : public network::mojom::URLLoader {
       // Discount the bytes we just sent from the total range.
       first_byte_to_send = read_result.bytes_read;
       total_bytes_to_send -= write_size;
+    } else if (is_verifying_file &&
+               first_byte_to_send >= static_cast<uint64_t>(block_size)) {
+      // If validation is active and the range of bytes the request wants starts
+      // beyond the first block we need to read the next 4MB-1KB to validate
+      // that block. Then we can skip ahead to the target block in the SetRange
+      // call below If we hit this case it is assumed that none of the data read
+      // will be needed by the producer
+      uint64_t bytes_to_drop = block_size - net::kMaxBytesToSniff;
+      total_bytes_dropped_from_head += bytes_to_drop;
+      std::vector<char> abandoned_buffer(bytes_to_drop);
+      auto abandon_read_result =
+          readable_data_source.get()->Read(info.offset + net::kMaxBytesToSniff,
+                                           base::span<char>(abandoned_buffer));
+      if (abandon_read_result.result != MOJO_RESULT_OK) {
+        OnClientComplete(
+            ConvertMojoResultToNetError(abandon_read_result.result));
+        return;
+      }
     }
 
     if (!net::GetMimeTypeFromFile(path, &head->mime_type)) {
@@ -234,23 +271,67 @@ class AsarURLLoader : public network::mojom::URLLoader {
 
     if (total_bytes_to_send == 0) {
       // There's definitely no more data, so we're already done.
+      // We provide the range data to the file validator so that
+      // it can validate the tiny amount of data we did send
+      if (file_validator_raw)
+        file_validator_raw->SetRange(info.offset + first_byte_to_send,
+                                     total_bytes_dropped_from_head,
+                                     info.offset + info.size);
       OnFileWritten(MOJO_RESULT_OK);
       return;
     }
 
+    if (is_verifying_file) {
+      int start_block = first_byte_to_send / block_size;
+
+      // If we're starting from the first block, we might not be starting from
+      // where we sniffed. We might be a few KB into a file so we need to read
+      // the data in the middle so it gets hashed.
+      //
+      // If we're starting from a later block we might be starting half-way
+      // through the block regardless of what was sniffed.  We need to read the
+      // data from the start of our initial block up to the start of our actual
+      // read point so it gets hashed.
+      uint64_t bytes_to_drop =
+          start_block == 0 ? first_byte_to_send - net::kMaxBytesToSniff
+                           : first_byte_to_send - (start_block * block_size);
+      if (file_validator_raw)
+        file_validator_raw->SetCurrentBlock(start_block);
+
+      if (bytes_to_drop > 0) {
+        uint64_t dropped_bytes_offset =
+            info.offset + (start_block * block_size);
+        if (start_block == 0)
+          dropped_bytes_offset += net::kMaxBytesToSniff;
+        total_bytes_dropped_from_head += bytes_to_drop;
+        std::vector<char> abandoned_buffer(bytes_to_drop);
+        auto abandon_read_result = readable_data_source.get()->Read(
+            dropped_bytes_offset, base::span<char>(abandoned_buffer));
+        if (abandon_read_result.result != MOJO_RESULT_OK) {
+          OnClientComplete(
+              ConvertMojoResultToNetError(abandon_read_result.result));
+          return;
+        }
+      }
+    }
+
     // In case of a range request, seek to the appropriate position before
     // sending the remaining bytes asynchronously. Under normal conditions
     // (i.e., no range request) this Seek is effectively a no-op.
     //
     // Note that in Electron we also need to add file offset.
-    file_data_source->SetRange(
+    file_data_source_raw->SetRange(
         first_byte_to_send + info.offset,
         first_byte_to_send + info.offset + total_bytes_to_send);
+    if (file_validator_raw)
+      file_validator_raw->SetRange(info.offset + first_byte_to_send,
+                                   total_bytes_dropped_from_head,
+                                   info.offset + info.size);
 
     data_producer_ =
         std::make_unique<mojo::DataPipeProducer>(std::move(producer_handle));
     data_producer_->Write(
-        std::move(file_data_source),
+        std::move(readable_data_source),
         base::BindOnce(&AsarURLLoader::OnFileWritten, base::Unretained(this)));
   }
 

shell/browser/resources/mac/Info.plist

@@ -49,5 +49,15 @@
     <string>This app needs access to Bluetooth</string>
     <key>NSBluetoothPeripheralUsageDescription</key>
     <string>This app needs access to Bluetooth</string>
+    <key>ElectronAsarIntegrity</key>
+    <dict>
+      <key>Resources/default_app.asar</key>
+      <dict>
+        <key>algorithm</key>
+        <string>SHA256</string>
+        <key>hash</key>
+        <string>${DEFAULT_APP_ASAR_HEADER_SHA}</string>
+      </dict>
+    </dict>
   </dict>
 </plist>

shell/common/api/electron_api_asar.cc

@@ -32,13 +32,12 @@ class Archive : public gin::Wrappable<Archive> {
   gin::ObjectTemplateBuilder GetObjectTemplateBuilder(
       v8::Isolate* isolate) override {
     return gin::ObjectTemplateBuilder(isolate)
-        .SetProperty("path", &Archive::GetPath)
         .SetMethod("getFileInfo", &Archive::GetFileInfo)
         .SetMethod("stat", &Archive::Stat)
         .SetMethod("readdir", &Archive::Readdir)
         .SetMethod("realpath", &Archive::Realpath)
         .SetMethod("copyFileOut", &Archive::CopyFileOut)
-        .SetMethod("getFd", &Archive::GetFD);
+        .SetMethod("getFdAndValidateIntegrityLater", &Archive::GetFD);
   }
 
   const char* GetTypeName() override { return "Archive"; }
@@ -47,9 +46,6 @@ class Archive : public gin::Wrappable<Archive> {
   Archive(v8::Isolate* isolate, std::unique_ptr<asar::Archive> archive)
       : archive_(std::move(archive)) {}
 
-  // Returns the path of the file.
-  base::FilePath GetPath() { return archive_->path(); }
-
   // Reads the offset and size of file.
   v8::Local<v8::Value> GetFileInfo(v8::Isolate* isolate,
                                    const base::FilePath& path) {
@@ -60,6 +56,20 @@ class Archive : public gin::Wrappable<Archive> {
     dict.Set("size", info.size);
     dict.Set("unpacked", info.unpacked);
     dict.Set("offset", info.offset);
+    if (info.integrity.has_value()) {
+      gin_helper::Dictionary integrity(isolate, v8::Object::New(isolate));
+      asar::HashAlgorithm algorithm = info.integrity.value().algorithm;
+      switch (algorithm) {
+        case asar::HashAlgorithm::SHA256:
+          integrity.Set("algorithm", "SHA256");
+          break;
+        case asar::HashAlgorithm::NONE:
+          CHECK(false);
+          break;
+      }
+      integrity.Set("hash", info.integrity.value().hash);
+      dict.Set("integrity", integrity);
+    }
     return dict.GetHandle();
   }
 
@@ -108,7 +118,7 @@ class Archive : public gin::Wrappable<Archive> {
   int GetFD() const {
     if (!archive_)
       return -1;
-    return archive_->GetFD();
+    return archive_->GetUnsafeFD();
   }
 
  private:

shell/common/asar/archive.cc

@@ -18,6 +18,8 @@
 #include "base/task/post_task.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/values.h"
+#include "electron/fuses.h"
+#include "shell/common/asar/asar_util.h"
 #include "shell/common/asar/scoped_temporary_file.h"
 
 #if defined(OS_WIN)
@@ -95,6 +97,7 @@ bool GetNodeFromPath(std::string path,
 
 bool FillFileInfoWithNode(Archive::FileInfo* info,
                           uint32_t header_size,
+                          bool load_integrity,
                           const base::DictionaryValue* node) {
   int size;
   if (!node->GetInteger("size", &size))
@@ -113,11 +116,56 @@ bool FillFileInfoWithNode(Archive::FileInfo* info,
 
   node->GetBoolean("executable", &info->executable);
 
+#if defined(OS_MAC)
+  if (load_integrity &&
+      electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled()) {
+    const base::DictionaryValue* integrity;
+    if (node->GetDictionary("integrity", &integrity)) {
+      IntegrityPayload integrity_payload;
+      std::string algorithm;
+      const base::ListValue* blocks;
+      int block_size;
+      if (integrity->GetString("algorithm", &algorithm) &&
+          integrity->GetString("hash", &integrity_payload.hash) &&
+          integrity->GetInteger("blockSize", &block_size) &&
+          integrity->GetList("blocks", &blocks) && block_size > 0) {
+        integrity_payload.block_size = static_cast<uint32_t>(block_size);
+        for (size_t i = 0; i < blocks->GetSize(); i++) {
+          std::string block;
+          if (!blocks->GetString(i, &block)) {
+            LOG(FATAL)
+                << "Invalid block integrity value for file in ASAR archive";
+          }
+          integrity_payload.blocks.push_back(block);
+        }
+        if (algorithm == "SHA256") {
+          integrity_payload.algorithm = HashAlgorithm::SHA256;
+          info->integrity = std::move(integrity_payload);
+        }
+      }
+    }
+
+    if (!info->integrity.has_value()) {
+      LOG(FATAL) << "Failed to read integrity for file in ASAR archive";
+      return false;
+    }
+  }
+#endif
+
   return true;
 }
 
 }  // namespace
 
+IntegrityPayload::IntegrityPayload()
+    : algorithm(HashAlgorithm::NONE), block_size(0) {}
+IntegrityPayload::~IntegrityPayload() = default;
+IntegrityPayload::IntegrityPayload(const IntegrityPayload& other) = default;
+
+Archive::FileInfo::FileInfo()
+    : unpacked(false), executable(false), size(0), offset(0) {}
+Archive::FileInfo::~FileInfo() = default;
+
 Archive::Archive(const base::FilePath& path)
     : initialized_(false), path_(path), file_(base::File::FILE_OK) {
   base::ThreadRestrictions::ScopedAllowIO allow_io;
@@ -191,6 +239,32 @@ bool Archive::Init() {
     return false;
   }
 
+#if defined(OS_MAC)
+  // Validate header signature if required and possible
+  if (electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled() &&
+      RelativePath().has_value()) {
+    absl::optional<IntegrityPayload> integrity = HeaderIntegrity();
+    if (!integrity.has_value()) {
+      LOG(FATAL) << "Failed to get integrity for validatable asar archive: "
+                 << RelativePath().value();
+      return false;
+    }
+
+    // Currently we only support the sha256 algorithm, we can add support for
+    // more below ensure we read them in preference order from most secure to
+    // least
+    if (integrity.value().algorithm != HashAlgorithm::NONE) {
+      ValidateIntegrityOrDie(header.c_str(), header.length(),
+                             integrity.value());
+    } else {
+      LOG(FATAL) << "No eligible hash for validatable asar archive: "
+                 << RelativePath().value();
+    }
+
+    header_validated_ = true;
+  }
+#endif
+
   absl::optional<base::Value> value = base::JSONReader::Read(header);
   if (!value || !value->is_dict()) {
     LOG(ERROR) << "Failed to parse header";
@@ -203,6 +277,16 @@ bool Archive::Init() {
   return true;
 }
 
+#if !defined(OS_MAC)
+absl::optional<IntegrityPayload> Archive::HeaderIntegrity() const {
+  return absl::nullopt;
+}
+
+absl::optional<base::FilePath> Archive::RelativePath() const {
+  return absl::nullopt;
+}
+#endif
+
 bool Archive::GetFileInfo(const base::FilePath& path, FileInfo* info) const {
   if (!header_)
     return false;
@@ -215,7 +299,7 @@ bool Archive::GetFileInfo(const base::FilePath& path, FileInfo* info) const {
   if (node->GetString("link", &link))
     return GetFileInfo(base::FilePath::FromUTF8Unsafe(link), info);
 
-  return FillFileInfoWithNode(info, header_size_, node);
+  return FillFileInfoWithNode(info, header_size_, header_validated_, node);
 }
 
 bool Archive::Stat(const base::FilePath& path, Stats* stats) const {
@@ -238,7 +322,7 @@ bool Archive::Stat(const base::FilePath& path, Stats* stats) const {
     return true;
   }
 
-  return FillFileInfoWithNode(stats, header_size_, node);
+  return FillFileInfoWithNode(stats, header_size_, header_validated_, node);
 }
 
 bool Archive::Readdir(const base::FilePath& path,
@@ -304,7 +388,8 @@ bool Archive::CopyFileOut(const base::FilePath& path, base::FilePath* out) {
 
   auto temp_file = std::make_unique<ScopedTemporaryFile>();
   base::FilePath::StringType ext = path.Extension();
-  if (!temp_file->InitFromFile(&file_, ext, info.offset, info.size))
+  if (!temp_file->InitFromFile(&file_, ext, info.offset, info.size,
+                               info.integrity))
     return false;
 
 #if defined(OS_POSIX)
@@ -319,7 +404,7 @@ bool Archive::CopyFileOut(const base::FilePath& path, base::FilePath* out) {
   return true;
 }
 
-int Archive::GetFD() const {
+int Archive::GetUnsafeFD() const {
   return fd_;
 }
 

shell/common/asar/archive.h

@@ -6,12 +6,14 @@
 #define SHELL_COMMON_ASAR_ARCHIVE_H_
 
 #include <memory>
+#include <string>
 #include <unordered_map>
 #include <vector>
 
 #include "base/files/file.h"
 #include "base/files/file_path.h"
 #include "base/synchronization/lock.h"
+#include "third_party/abseil-cpp/absl/types/optional.h"
 
 namespace base {
 class DictionaryValue;
@@ -21,16 +23,33 @@ namespace asar {
 
 class ScopedTemporaryFile;
 
+enum HashAlgorithm {
+  SHA256,
+  NONE,
+};
+
+struct IntegrityPayload {
+  IntegrityPayload();
+  ~IntegrityPayload();
+  IntegrityPayload(const IntegrityPayload& other);
+  HashAlgorithm algorithm;
+  std::string hash;
+  uint32_t block_size;
+  std::vector<std::string> blocks;
+};
+
 // This class represents an asar package, and provides methods to read
 // information from it. It is thread-safe after |Init| has been called.
 class Archive {
  public:
   struct FileInfo {
-    FileInfo() : unpacked(false), executable(false), size(0), offset(0) {}
+    FileInfo();
+    ~FileInfo();
     bool unpacked;
     bool executable;
     uint32_t size;
     uint64_t offset;
+    absl::optional<IntegrityPayload> integrity;
   };
 
   struct Stats : public FileInfo {
@@ -46,6 +65,9 @@ class Archive {
   // Read and parse the header.
   bool Init();
 
+  absl::optional<IntegrityPayload> HeaderIntegrity() const;
+  absl::optional<base::FilePath> RelativePath() const;
+
   // Get the info of a file.
   bool GetFileInfo(const base::FilePath& path, FileInfo* info) const;
 
@@ -64,12 +86,16 @@ class Archive {
   bool CopyFileOut(const base::FilePath& path, base::FilePath* out);
 
   // Returns the file's fd.
-  int GetFD() const;
+  // Using this fd will not validate the integrity of any files
+  // you read out of the ASAR manually.  Callers are responsible
+  // for integrity validation after this fd is handed over.
+  int GetUnsafeFD() const;
 
   base::FilePath path() const { return path_; }
 
  private:
   bool initialized_;
+  bool header_validated_ = false;
   const base::FilePath path_;
   base::File file_;
   int fd_ = -1;

shell/common/asar/archive_mac.mm

@@ -0,0 +1,65 @@
+// Copyright (c) 2021 Slack Technologies, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "shell/common/asar/archive.h"
+
+#include <CommonCrypto/CommonDigest.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <Foundation/Foundation.h>
+
+#include <iomanip>
+#include <string>
+
+#include "base/logging.h"
+#include "base/mac/bundle_locations.h"
+#include "base/mac/foundation_util.h"
+#include "base/mac/scoped_cftyperef.h"
+#include "base/strings/sys_string_conversions.h"
+#include "shell/common/asar/asar_util.h"
+
+namespace asar {
+
+absl::optional<base::FilePath> Archive::RelativePath() const {
+  base::FilePath bundle_path = base::mac::MainBundlePath().Append("Contents");
+
+  base::FilePath relative_path;
+  if (!bundle_path.AppendRelativePath(path_, &relative_path))
+    return absl::nullopt;
+
+  return relative_path;
+}
+
+absl::optional<IntegrityPayload> Archive::HeaderIntegrity() const {
+  absl::optional<base::FilePath> relative_path = RelativePath();
+  // Callers should have already asserted this
+  CHECK(relative_path.has_value());
+
+  NSDictionary* integrity = [[NSBundle mainBundle]
+      objectForInfoDictionaryKey:@"ElectronAsarIntegrity"];
+
+  // Integrity not provided
+  if (!integrity)
+    return absl::nullopt;
+
+  NSString* ns_relative_path =
+      base::mac::FilePathToNSString(relative_path.value());
+
+  NSDictionary* integrity_payload = [integrity objectForKey:ns_relative_path];
+
+  if (!integrity_payload)
+    return absl::nullopt;
+
+  NSString* algorithm = [integrity_payload objectForKey:@"algorithm"];
+  NSString* hash = [integrity_payload objectForKey:@"hash"];
+  if (algorithm && hash && [algorithm isEqualToString:@"SHA256"]) {
+    IntegrityPayload header_integrity;
+    header_integrity.algorithm = HashAlgorithm::SHA256;
+    header_integrity.hash = base::SysNSStringToUTF8(hash);
+    return header_integrity;
+  }
+
+  return absl::nullopt;
+}
+
+}  // namespace asar

shell/common/asar/asar_util.cc

@@ -11,11 +11,16 @@
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/lazy_instance.h"
+#include "base/logging.h"
 #include "base/no_destructor.h"
 #include "base/stl_util.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 #include "base/synchronization/lock.h"
 #include "base/threading/thread_local.h"
 #include "base/threading/thread_restrictions.h"
+#include "crypto/secure_hash.h"
+#include "crypto/sha2.h"
 #include "shell/common/asar/archive.h"
 
 namespace asar {
@@ -130,9 +135,38 @@ bool ReadFileToString(const base::FilePath& path, std::string* contents) {
     return false;
 
   contents->resize(info.size);
-  return static_cast<int>(info.size) ==
-         src.Read(info.offset, const_cast<char*>(contents->data()),
-                  contents->size());
+  if (static_cast<int>(info.size) !=
+      src.Read(info.offset, const_cast<char*>(contents->data()),
+               contents->size())) {
+    return false;
+  }
+
+  if (info.integrity.has_value()) {
+    ValidateIntegrityOrDie(contents->data(), contents->size(),
+                           info.integrity.value());
+  }
+
+  return true;
+}
+
+void ValidateIntegrityOrDie(const char* data,
+                            size_t size,
+                            const IntegrityPayload& integrity) {
+  if (integrity.algorithm == HashAlgorithm::SHA256) {
+    uint8_t hash[crypto::kSHA256Length];
+    auto hasher = crypto::SecureHash::Create(crypto::SecureHash::SHA256);
+    hasher->Update(data, size);
+    hasher->Finish(hash, sizeof(hash));
+    const std::string hex_hash =
+        base::ToLowerASCII(base::HexEncode(hash, sizeof(hash)));
+
+    if (integrity.hash != hex_hash) {
+      LOG(FATAL) << "Integrity check failed for asar archive ("
+                 << integrity.hash << " vs " << hex_hash << ")";
+    }
+  } else {
+    LOG(FATAL) << "Unsupported hashing algorithm in ValidateIntegrityOrDie";
+  }
 }
 
 }  // namespace asar

shell/common/asar/asar_util.h

@@ -15,6 +15,7 @@ class FilePath;
 namespace asar {
 
 class Archive;
+struct IntegrityPayload;
 
 // Gets or creates and caches a new Archive from the path.
 std::shared_ptr<Archive> GetOrCreateAsarArchive(const base::FilePath& path);
@@ -31,6 +32,10 @@ bool GetAsarArchivePath(const base::FilePath& full_path,
 // Same with base::ReadFileToString but supports asar Archive.
 bool ReadFileToString(const base::FilePath& path, std::string* contents);
 
+void ValidateIntegrityOrDie(const char* data,
+                            size_t size,
+                            const IntegrityPayload& integrity);
+
 }  // namespace asar
 
 #endif  // SHELL_COMMON_ASAR_ASAR_UTIL_H_

shell/common/asar/scoped_temporary_file.cc

@@ -7,7 +7,9 @@
 #include <vector>
 
 #include "base/files/file_util.h"
+#include "base/logging.h"
 #include "base/threading/thread_restrictions.h"
+#include "shell/common/asar/asar_util.h"
 
 namespace asar {
 
@@ -48,21 +50,28 @@ bool ScopedTemporaryFile::Init(const base::FilePath::StringType& ext) {
   return true;
 }
 
-bool ScopedTemporaryFile::InitFromFile(base::File* src,
-                                       const base::FilePath::StringType& ext,
-                                       uint64_t offset,
-                                       uint64_t size) {
+bool ScopedTemporaryFile::InitFromFile(
+    base::File* src,
+    const base::FilePath::StringType& ext,
+    uint64_t offset,
+    uint64_t size,
+    const absl::optional<IntegrityPayload>& integrity) {
   if (!src->IsValid())
     return false;
 
   if (!Init(ext))
     return false;
 
+  base::ThreadRestrictions::ScopedAllowIO allow_io;
   std::vector<char> buf(size);
   int len = src->Read(offset, buf.data(), buf.size());
   if (len != static_cast<int>(size))
     return false;
 
+  if (integrity.has_value()) {
+    ValidateIntegrityOrDie(buf.data(), buf.size(), integrity.value());
+  }
+
   base::File dest(path_, base::File::FLAG_OPEN | base::File::FLAG_WRITE);
   if (!dest.IsValid())
     return false;

shell/common/asar/scoped_temporary_file.h

@@ -6,6 +6,8 @@
 #define SHELL_COMMON_ASAR_SCOPED_TEMPORARY_FILE_H_
 
 #include "base/files/file_path.h"
+#include "shell/common/asar/archive.h"
+#include "third_party/abseil-cpp/absl/types/optional.h"
 
 namespace base {
 class File;
@@ -31,7 +33,8 @@ class ScopedTemporaryFile {
   bool InitFromFile(base::File* src,
                     const base::FilePath::StringType& ext,
                     uint64_t offset,
-                    uint64_t size);
+                    uint64_t size,
+                    const absl::optional<IntegrityPayload>& integrity);
 
   base::FilePath path() const { return path_; }
 

shell/common/node_bindings.cc

@@ -433,13 +433,29 @@ node::Environment* NodeBindings::CreateEnvironment(
       break;
   }
 
-  gin_helper::Dictionary global(context->GetIsolate(), context->Global());
+  v8::Isolate* isolate = context->GetIsolate();
+  gin_helper::Dictionary global(isolate, context->Global());
   // Do not set DOM globals for renderer process.
   // We must set this before the node bootstrapper which is run inside
   // CreateEnvironment
   if (browser_env_ != BrowserEnvironment::kBrowser)
     global.Set("_noBrowserGlobals", true);
 
+  if (browser_env_ == BrowserEnvironment::kBrowser) {
+    const std::vector<std::string> search_paths = {"app.asar", "app",
+                                                   "default_app.asar"};
+    const std::vector<std::string> app_asar_search_paths = {"app.asar"};
+    context->Global()->SetPrivate(
+        context,
+        v8::Private::ForApi(
+            isolate,
+            gin::ConvertToV8(isolate, "appSearchPaths").As<v8::String>()),
+        gin::ConvertToV8(isolate,
+                         electron::fuses::IsOnlyLoadAppFromAsarEnabled()
+                             ? app_asar_search_paths
+                             : search_paths));
+  }
+
   std::vector<std::string> exec_args;
   base::FilePath resources_path = GetResourcesPath();
   std::string init_script = "electron/js2c/" + process_type + "_init";

spec-main/node-spec.ts

@@ -350,7 +350,7 @@ describe('node feature', () => {
   });
 
   it('Can find a module using a package.json main field', () => {
-    const result = childProcess.spawnSync(process.execPath, [path.resolve(fixtures, 'api', 'electron-main-module', 'app.asar')]);
+    const result = childProcess.spawnSync(process.execPath, [path.resolve(fixtures, 'api', 'electron-main-module', 'app.asar')], { stdio: 'inherit' });
     expect(result.status).to.equal(0);
   });
 

spec/asar-spec.js

@@ -1564,7 +1564,7 @@ describe('asar package', function () {
         forked.on('message', function (stats) {
           try {
             expect(stats.isFile).to.be.true();
-            expect(stats.size).to.equal(778);
+            expect(stats.size).to.equal(3458);
             done();
           } catch (e) {
             done(e);
@@ -1588,7 +1588,7 @@ describe('asar package', function () {
           try {
             const stats = JSON.parse(output);
             expect(stats.isFile).to.be.true();
-            expect(stats.size).to.equal(778);
+            expect(stats.size).to.equal(3458);
             done();
           } catch (e) {
             done(e);

spec/fixtures/test.asar/repack.js

@@ -0,0 +1,22 @@
+// Use this script to regenerate these fixture files
+// using a new version of the asar package
+
+const asar = require('asar');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const archives = [];
+for (const child of fs.readdirSync(__dirname)) {
+  if (child.endsWith('.asar')) {
+    archives.push(path.resolve(__dirname, child));
+  }
+}
+
+for (const archive of archives) {
+  const tmp = fs.mkdtempSync(path.resolve(os.tmpdir(), 'asar-spec-'));
+  asar.extractAll(archive, tmp);
+  asar.createPackageWithOptions(tmp, archive, {
+    unpack: fs.existsSync(archive + '.unpacked') ? '*' : undefined
+  });
+}

typings/internal-ambient.d.ts

@@ -64,6 +64,10 @@ declare namespace NodeJS {
     size: number;
     unpacked: boolean;
     offset: number;
+    integrity?: {
+      algorithm: 'SHA256';
+      hash: string;
+    }
   };
 
   type AsarFileStat = {
@@ -75,13 +79,12 @@ declare namespace NodeJS {
   }
 
   interface AsarArchive {
-    readonly path: string;
     getFileInfo(path: string): AsarFileInfo | false;
     stat(path: string): AsarFileStat | false;
     readdir(path: string): string[] | false;
     realpath(path: string): string | false;
     copyFileOut(path: string): string | false;
-    getFd(): number | -1;
+    getFdAndValidateIntegrityLater(): number | -1;
   }
 
   interface AsarBinding {

yarn.lock

@@ -1013,10 +1013,10 @@ arrify@^1.0.0:
   resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d"
   integrity sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=
 
-asar@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/asar/-/asar-3.0.3.tgz#1fef03c2d6d2de0cbad138788e4f7ae03b129c7b"
-  integrity sha512-k7zd+KoR+n8pl71PvgElcoKHrVNiSXtw7odKbyNpmgKe7EGRF9Pnu3uLOukD37EvavKwVFxOUpqXTIZC5B5Pmw==
+asar@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/asar/-/asar-3.1.0.tgz#70b0509449fe3daccc63beb4d3c7d2e24d3c6473"
+  integrity sha512-vyxPxP5arcAqN4F/ebHd/HhwnAiZtwhglvdmc7BR2f0ywbVNTOpSeyhLDbGXtE/y58hv1oC75TaNIXutnsOZsQ==
   dependencies:
     chromium-pickle-js "^0.2.0"
     commander "^5.0.0"