Skip to content

Cmd click open finder #3807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DOsinga merged 3 commits into from
Aug 6, 2025
Merged

Cmd click open finder #3807

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
451faa6
Cmd click open finder
Aug 2, 2025
9efc167
Simplify
Aug 2, 2025
371dd45
Merge branch 'main' into cmd-click-open-finder
michaelneale Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion ui/desktop/src/components/bottom_menu/DirSwitcher.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,26 @@ export const DirSwitcher: React.FC<DirSwitcherProps> = ({ className = '' }) => {
window.electron.directoryChooser(true);
};

const handleDirectoryClick = async (event: React.MouseEvent) => {
const isCmdOrCtrlClick = event.metaKey || event.ctrlKey;

if (isCmdOrCtrlClick) {
event.preventDefault();
event.stopPropagation();
const workingDir = window.appConfig.get('GOOSE_WORKING_DIR') as string;
await window.electron.openDirectoryInExplorer(workingDir);
} else {
await handleDirectoryChange();
}
};

return (
<TooltipProvider>
<Tooltip open={isTooltipOpen} onOpenChange={setIsTooltipOpen}>
<TooltipTrigger asChild>
<button
className={`z-[100] hover:cursor-pointer text-text-default/70 hover:text-text-default text-xs flex items-center transition-colors pl-1 [&>svg]:size-4 ${className}`}
onClick={handleDirectoryChange}
onClick={handleDirectoryClick}
>
<FolderDot className="mr-1" size={16} />
<div className="max-w-[200px] truncate [direction:rtl]">
Expand Down
9 changes: 9 additions & 0 deletions ui/desktop/src/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2212,6 +2212,15 @@ app.whenReady().then(async () => {
ipcMain.on('get-app-version', (event) => {
event.returnValue = app.getVersion();
});

ipcMain.handle('open-directory-in-explorer', async (_event, path: string) => {
Copy link
Collaborator

@zanesq zanesq Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is exposed as an IPC the path can be compromised to show any directory on the machine. Maybe we should add an allowlist (or blocklist) so only appropriate files are opened? This and anywhere else that we open directories or list files through an IPC.

Copy link
Collaborator

@michaelneale michaelneale Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is possible in electron to have ipc only available to the renderer so if so, that isn't an issue (checking)

Copy link
Collaborator

@michaelneale michaelneale Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep seems ok: Electron's ipcMain and ipcRenderer communicate through Chromium's internal IPC system

## Security Analysis of Electron IPC Setup

### ✅ **Secure Configuration Found:**

1. **Context Isolation is Enabled** (`contextIsolation: true`)
   - This is the most critical security feature that prevents the renderer process from accessing Node.js APIs or Electron internals directly
   - The renderer can only access what's explicitly exposed through the context bridge

2. **Node Integration is Disabled** (`nodeIntegration: false`)
   - Prevents the renderer from having direct access to Node.js APIs
   - This is a crucial security measure to prevent arbitrary code execution

3. **Web Security is Enabled** (`webSecurity: true`)
   - Enforces same-origin policy and other web security features
   - Prevents loading of insecure content

4. **Preload Script with Context Bridge**
   - All IPC communication is channeled through a preload script (`preload.ts`)
   - Uses `contextBridge.exposeInMainWorld()` to expose only specific, controlled APIs
   - The exposed APIs are well-defined with type safety

5. **Controlled API Surface**
   - Only specific methods are exposed to the renderer through two APIs:
     - `window.electron`: Contains all IPC methods for file operations, settings, etc.
     - `window.appConfig`: Contains configuration data
   - Each exposed method is explicitly defined and typed

Copy link
Collaborator

@zanesq zanesq Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, I'll add some tests to ensure this never changes down the road also 👍

Copy link
Collaborator

@michaelneale michaelneale Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zanesq oh yeah that would be stellar - as I am sure would be an easy mistake to make

Copy link
Collaborator Author

@DOsinga DOsinga Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is exposed as an IPC the path can be compromised to show any directory on the machine

can you help me understand the line of attack here? even if an outside attacker would break into goose (at which point they have full control over the host machine anyway), if they would this trigger this end point, all it would do is start the finder in a particular directory. only the end user would be able to see that, no? not the attacker?

I'd love to understand security considerations with the electron app better as aI see some checks that I don't quite understand.

try {
return !!(await shell.openPath(path));
} catch (error) {
console.error('Error opening directory in explorer:', error);
return false;
}
});
});

async function getAllowList(): Promise<string[]> {
Expand Down
3 changes: 3 additions & 0 deletions ui/desktop/src/preload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ type ElectronAPI = {
closeWindow: () => void;
hasAcceptedRecipeBefore: (recipeConfig: Recipe) => Promise<boolean>;
recordRecipeHash: (recipeConfig: Recipe) => Promise<boolean>;
openDirectoryInExplorer: (directoryPath: string) => Promise<boolean>;
};

type AppConfigAPI = {
Expand Down Expand Up @@ -240,6 +241,8 @@ const electronAPI: ElectronAPI = {
ipcRenderer.invoke('has-accepted-recipe-before', recipeConfig),
recordRecipeHash: (recipeConfig: Recipe) =>
ipcRenderer.invoke('record-recipe-hash', recipeConfig),
openDirectoryInExplorer: (directoryPath: string) =>
ipcRenderer.invoke('open-directory-in-explorer', directoryPath),
};

const appConfigAPI: AppConfigAPI = {
Expand Down
Loading