From ac2e6a25aa491c1ef5167a552c19fc2085cd427f Mon Sep 17 00:00:00 2001
From: Mike Maietta <mmaietta@users.noreply.github.com>
Date: Fri, 5 Jul 2024 09:06:33 -0700
Subject: [PATCH] fix: verify LiteralPath of update file during windows
 signature verification (#8295)

---
 .changeset/nervous-carrots-begin.md                |  5 +++++
 .../src/windowsExecutableCodeSignatureVerifier.ts  | 14 +++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/nervous-carrots-begin.md

diff --git a/.changeset/nervous-carrots-begin.md b/.changeset/nervous-carrots-begin.md
new file mode 100644
index 00000000000..c96020eabc7
--- /dev/null
+++ b/.changeset/nervous-carrots-begin.md
@@ -0,0 +1,5 @@
+---
+"electron-updater": patch
+---
+
+fix: verify LiteralPath of update file during windows signature verification
diff --git a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
index ab52ef6e809..121f2db5e7d 100644
--- a/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
+++ b/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts
@@ -2,6 +2,7 @@ import { parseDn } from "builder-util-runtime"
 import { execFile, execFileSync } from "child_process"
 import * as os from "os"
 import { Logger } from "./main"
+import * as path from "path"
 
 // $certificateInfo = (Get-AuthenticodeSignature 'xxx\yyy.exe'
 // | where {$_.Status.Equals([System.Management.Automation.SignatureStatus]::Valid) -and $_.SignerCertificate.Subject.Contains("CN=siemens.com")})
@@ -48,6 +49,18 @@ export function verifySignature(publisherNames: Array<string>, unescapedTempUpda
           }
           const data = parseOut(stdout)
           if (data.Status === 0) {
+            try {
+              const normlaizedUpdateFilePath = path.normalize(data.Path)
+              const normalizedTempUpdateFile = path.normalize(unescapedTempUpdateFile)
+              logger.info(`LiteralPath: ${normlaizedUpdateFilePath}. Update Path: ${normalizedTempUpdateFile}`)
+              if (normlaizedUpdateFilePath !== normalizedTempUpdateFile) {
+                handleError(logger, new Error(`LiteralPath of ${normlaizedUpdateFilePath} is different than ${normalizedTempUpdateFile}`), stderr, reject)
+                resolve(null)
+                return
+              }
+            } catch (error: any) {
+              logger.warn(`Unable to verify LiteralPath of update asset due to missing data.Path. Skipping this step of validation. Message: ${error.message ?? error.stack}`)
+            }
             const subject = parseDn(data.SignerCertificate.Subject)
             let match = false
             for (const name of publisherNames) {
@@ -96,7 +109,6 @@ function parseOut(out: string): any {
     // duplicates data.SignerCertificate (contains RawData)
     delete signerCertificate.SubjectName
   }
-  delete data.Path
   return data
 }