From 4a345d6d09d0af1fd8f189a26ce94a0e2fe97fcd Mon Sep 17 00:00:00 2001
From: Astra <dr1ft.ast@gmail.com>
Date: Mon, 14 May 2018 06:44:15 -0400
Subject: [PATCH] eval isolation, pass bsprops to crispr

---
 crxpwn.js | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/crxpwn.js b/crxpwn.js
index 0bfcb0b..de430d8 100644
--- a/crxpwn.js
+++ b/crxpwn.js
@@ -10,10 +10,20 @@
     
     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+    DO NOT EDIT THIS FILE! Your bootstrap may overwrite changes to it, and you will lose your work!
+    EndPwn3 users: You can prevent this by creating a file in the same directory named DONOTUPDATE
+
     https://github.com/endpwn/
 
 */
 
+function evaluate(str, exportsR) {
+    var exports = {};
+    var ret = eval(str);
+    if (exportsR) Object.assign(exportsR, exports);
+    return ret;
+}
+
 (() => {
 
     function __crxprint(str) {
@@ -28,20 +38,20 @@
     var fs = electron.require('original-fs');
 
     // get the data path (where epapi.js should be)
-    var ___data = electron.app.getPath('userData').replace(/\\\\/g, "/") + '/';
+    var data = electron.app.getPath('userData').replace(/\\\\/g, "/") + '/';
 
     // shakily reimplemented of require() intended for loading plugins and EPAPI itself
-    function __krequire(path) {
-        return eval('(()=>{var exports={};' + fs.readFileSync(___data + path, 'utf8').toString() + ';return exports})()');
+    function krequire(p) {
+        var exports = {};
+        evaluate(fs.readFileSync(data + p + (p.endsWith('.js') ? '' : '.js'), 'utf8').toString(), exports);
+        return exports;
     }
 
     // load CRISPR and EPAPI
-    var crispr = __krequire('crispr.js');
-    var epapi = __krequire('epapi.js');
+    var crispr = krequire('crispr.js');
+    var epapi = krequire('epapi.js');
 
-    // call their entrypoints
-    crispr.go();
-    electron.getCurrentWindow().webContents.on('dom-ready', () => epapi.go({
+    var properties = {
         name: 'EndPwn3',
         version: {
             major: 3,
@@ -53,6 +63,10 @@
         },
         method: 'crxpwn',
         brand: true
-    }));
+    };
+
+    // call their entrypoints
+    crispr.go(properties);
+    electron.getCurrentWindow().webContents.on('dom-ready', () => epapi.go(properties));
 
 })();
\ No newline at end of file