Skip to content

Features Wishlist

Anthony Trummer edited this page Jan 6, 2022 · 8 revisions

Features Wishlist

Proposals of new features and/or ideas on Electronegativity:

  • Find a way to detect Electron's version from a packaged application missing the package.json file. This would be an atomic check like the already existing ElectronVersionJSONCheck.js, working with AvailableSecurityFixesGlobalCheck.js to detect available security patches;

  • Implement eslint-scope to make variable scoping working with TypeScript sources (see this comment on #40);

  • Introduce a global check to detect HTTPResourcesJS/HTML + nodeIntegration / sandbox; added in 71acdd84

  • Introduce a global check to check if sandbox is enabled along with nodeIntegration; never the case, sandbox disables nodeIntegration in every version of Electron

  • Introduce a flag to print only the relative path of the files' findings (e.g. --code-review); Added in v1.3.0 as -r

  • Get a beautifier option for obfuscated sources

  • Have a different table display settings like npm audit. This would allow us to show the description of the finding and also fix every table formatting issue!

  • Improve the CERTIFICATE_ERROR_EVENT_JS_CHECK confidence/severity by also checking the callback true/false

  • Review setImmediate to limit the number of DANGEROUS_FUNCTIONS_JS_CHECK

  • Compare Electron version with flags not explicitly set.

  • Split nodeIntegrationJSCheck in 3 distinct checks: nodeIntegration, nodeIntegrationInWorker, nodeIntegrationInSubFrames.

  • Design a method to group webPreferences properties by BrowserWindows

  • Design a SecureSettingsGlobalCheck used to warn the auditor if the application does not use all the available webpreferences security settings in a secure way.

  • Everything else labeled as "Enhancement" on the Github issues list;

Clone this wiki locally