The elevated privilege level required to perform operations should be dropped immediately after the operation is performed.
1var { BrowserWindow } = require("electron")
2
3function leastPrivilegeViolationNoncompliant() {
4 var win = new BrowserWindow({
5 width: 800,
6 height: 600,
7 webPreferences: {
8 // Noncompliant: 'nodeIntegration' and 'allowRunningInsecureContent' properties are enabled.
9 nodeIntegration: true,
10 allowRunningInsecureContent: true
11 }
12 })
13}
1var { BrowserWindow } = require("electron")
2
3function leastPrivilegeViolationCompliant() {
4 var win = new BrowserWindow({
5 width: 800,
6 height: 600,
7 webPreferences: {
8 // Compliant: 'nodeIntegration' and 'allowRunningInsecureContent' properties are disabled.
9 nodeIntegration: false,
10 allowRunningInsecureContent: false,
11 }
12 })
13}