bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-11 22:03:36 +00:00
Code Issues Releases Wiki Activity

[PM-27641] Enable signature validation (#17150)

Browse Source 
Enables the currently disabled signature validation. This is a blocker for release.
This commit is contained in:
Oscar Hinton
2025-10-31 16:13:41 +01:00
committed by GitHub
parent 6024e1d05f
commit 443b85a356
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs
View File

@@ -38,7 +38,7 @@ mod windows_binary {
Pipes::GetNamedPipeServerProcessId, Pipes::GetNamedPipeServerProcessId,
Threading::{ Threading::{
OpenProcess, OpenProcessToken, QueryFullProcessImageNameW, PROCESS_NAME_WIN32, OpenProcess, OpenProcessToken, QueryFullProcessImageNameW, PROCESS_NAME_WIN32,
PROCESS_QUERY_INFORMATION, PROCESS_VM_READ, PROCESS_QUERY_LIMITED_INFORMATION,
}, },
}, },
UI::Shell::IsUserAnAdmin, UI::Shell::IsUserAnAdmin,
@@ -65,7 +65,7 @@ mod windows_binary {
const LOG_FILENAME: &str = "c:\\path\\to\\log.txt"; // This is an example filename, replace it with you own const LOG_FILENAME: &str = "c:\\path\\to\\log.txt"; // This is an example filename, replace it with you own
// This should be enabled for production // This should be enabled for production
const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = false; const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = true;
const EXPECTED_SERVER_SIGNATURE_SHA256_THUMBPRINT: &str = const EXPECTED_SERVER_SIGNATURE_SHA256_THUMBPRINT: &str =
"9f6680c4720dbf66d1cb8ed6e328f58e42523badc60d138c7a04e63af14ea40d"; "9f6680c4720dbf66d1cb8ed6e328f58e42523badc60d138c7a04e63af14ea40d";
@@ -138,8 +138,7 @@ mod windows_binary {
dbg_log!("Resolving process executable path for PID {}", pid); dbg_log!("Resolving process executable path for PID {}", pid);
// Open the process handle // Open the process handle
let hprocess = let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?;
unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?;
dbg_log!("Opened process handle for PID {}", pid); dbg_log!("Opened process handle for PID {}", pid);
// Close when no longer needed // Close when no longer needed
@@ -332,8 +331,7 @@ mod windows_binary {
} }
fn get_process_handle(pid: u32) -> Result<HANDLE> { fn get_process_handle(pid: u32) -> Result<HANDLE> {
let hprocess = let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?;
unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?;
Ok(hprocess) Ok(hprocess)
} }