chore: convert chrome_policy_check to TypeScript (#33625)

Author: AtofStryker

packages/server/lib/modes/run.ts

@@ -19,7 +19,7 @@ import * as env from '../util/env'
 import trash from '../util/trash'
 import { id as randomId } from '../util/random'
 import * as system from '../util/system'
-import chromePolicyCheck from '../util/chrome_policy_check'
+import { run as runChromePolicyCheck } from '../util/chrome_policy_check'
 import type { SpecWithRelativeRoot, SpecFile, TestingType, OpenProjectLaunchOpts, FoundBrowser, BrowserVideoController, VideoRecording, ProcessOptions, ProtocolManagerShape, AutomationCommands } from '@packages/types'
 import type { Cfg, ProjectBase } from '../project-base'
 import type { Browser } from '../browsers/types'
@@ -1136,7 +1136,7 @@ async function ready (options: ReadyOptions) {
   }
 
   if (browser.family === 'chromium') {
-    chromePolicyCheck.run(onWarning)
+    runChromePolicyCheck(onWarning)
   }
 
   async function runAllSpecs ({ beforeSpecRun, afterSpecRun, runUrl, parallel }: { beforeSpecRun?: BeforeSpecRun, afterSpecRun?: AfterSpecRun, runUrl?: string, parallel?: boolean }) {

packages/server/lib/util/chrome_policy_check.js

@@ -0,0 +1,104 @@
+import _ from 'lodash'
+
+import Debug from 'debug'
+import * as errors from '../errors'
+import os from 'os'
+import { enumerateValues, HKEY } from 'registry-js'
+import type { RegistryValue } from 'registry-js'
+
+const debug = Debug('cypress:server:chrome_policy_check')
+// https://chromeenterprise.google/policies/#Proxy
+// https://chromeenterprise.google/policies/#ProxySettings
+const BAD_PROXY_POLICY_NAMES = [
+  'ProxySettings',
+  'ProxyMode',
+  'ProxyServerMode',
+  'ProxyServer',
+  'ProxyPacUrl',
+  'ProxyBypassList',
+]
+
+// https://chromeenterprise.google/policies/#Extensions
+const BAD_EXTENSION_POLICY_NAMES = [
+  'ExtensionInstallBlacklist',
+  'ExtensionInstallWhitelist',
+  'ExtensionInstallForcelist',
+  'ExtensionInstallSources',
+  'ExtensionAllowedTypes',
+  'ExtensionAllowInsecureUpdates',
+  'ExtensionSettings',
+  'UninstallBlacklistedExtensions',
+]
+
+const POLICY_KEYS: string[] = [
+  'Software\\Policies\\Google\\Chrome',
+  'Software\\Policies\\Google\\Chromium',
+]
+
+const POLICY_HKEYS: HKEY[] = [
+  HKEY.HKEY_LOCAL_MACHINE,
+  HKEY.HKEY_CURRENT_USER,
+]
+
+type RegistryValueWithPath = RegistryValue & { fullPath: string }
+
+function warnIfPolicyMatches (policyNames: string[], allPolicies: RegistryValueWithPath[], warningName: Parameters<typeof errors.get>[0], cb: (err: Error) => void) {
+  const matchedPolicyPaths = policyNames
+  .map((policyName) => _.find(allPolicies, { name: policyName })?.fullPath)
+  .filter((path): path is string => Boolean(path))
+
+  if (!matchedPolicyPaths.length) {
+    return
+  }
+
+  cb(errors.get(warningName, matchedPolicyPaths))
+}
+
+export function getRunner ({ enumerateValues }: { enumerateValues: (hkey: HKEY, key: string) => ReadonlyArray<RegistryValue> }) {
+  function getAllPolicies (): RegistryValueWithPath[] {
+    return _.flattenDeep(
+      POLICY_KEYS.map((key) => {
+        return POLICY_HKEYS.map((hkey) => {
+          return enumerateValues(hkey, key)
+          .map((value): RegistryValueWithPath => ({
+            ...value,
+            fullPath: `${hkey}\\${key}\\${value.name}`,
+          }))
+        })
+      }),
+    )
+  }
+
+  return function run (cb: (err: Error) => void) {
+    try {
+      debug('running chrome policy check')
+
+      const policies = getAllPolicies()
+      const badPolicyNames = _.concat(BAD_PROXY_POLICY_NAMES, BAD_EXTENSION_POLICY_NAMES)
+
+      debug('received policies %o', { policies, badPolicyNames })
+
+      warnIfPolicyMatches(badPolicyNames, policies, 'BAD_POLICY_WARNING', cb)
+    } catch (err) {
+      debug('error running policy check %o', { err })
+    }
+  }
+}
+
+export function run (cb: (err: Error) => void): void {
+  if (os.platform() !== 'win32') {
+    return _.noop(cb)
+  }
+
+  /**
+   * Only check on Windows. While it is possible for macOS/Linux to have preferences set that
+   * override Cypress's settings, it's never been reported as an issue and would require more
+   * native extensions to support checking.
+   * https://github.com/cypress-io/cypress/issues/4391
+   */
+  const runner = getRunner({
+    enumerateValues,
+  })
+
+  return runner(cb)
+}

packages/server/lib/util/chrome_policy_check.ts

@@ -1,15 +1,14 @@
-const stripAnsi = require('strip-ansi')
+import _ from 'lodash'
+import { stripIndent } from 'common-tags'
+import stripAnsi from 'strip-ansi'
+import { getRunner } from '../../../lib/util/chrome_policy_check'
 
-require('../../spec_helper')
-
-const _ = require('lodash')
-const { stripIndent } = require('common-tags')
-const chromePolicyCheck = require(`../../../lib/util/chrome_policy_check`)
+import '../../spec_helper'
 
 describe('lib/util/chrome_policy_check', () => {
-  context('.getRunner returns a function', () => {
+  describe('.getRunner returns a function', () => {
     it('calls callback with an error if policies are found', () => {
-      const run = chromePolicyCheck.getRunner({
+      const run = getRunner({
         enumerateValues (hkey, key) {
         // mock a registry with a couple of policies
           return _.get({
@@ -46,7 +45,7 @@ For more information, see https://on.cypress.io/bad-browser-policy\
     })
 
     it('does not call callback if no policies are found', () => {
-      const run = chromePolicyCheck.getRunner({
+      const run = getRunner({
         enumerateValues: _.constant([]),
       })
 
@@ -58,7 +57,7 @@ For more information, see https://on.cypress.io/bad-browser-policy\
     })
 
     it('fails silently if enumerateValues throws', () => {
-      const run = chromePolicyCheck.getRunner({
+      const run = getRunner({
         enumerateValues () {
           throw new Error('blah')
         },