Build fails because of 7zip corporate security policy, can it be bypassed?
See original GitHub issue- Electron-Builder Version: 22.13.1
- Node Version: 14.18.3
- Electron Version: 16.0.7
- Electron Type (current, beta, nightly): current
- Target: Windows
Hello, my build fails because 7zip is banned in our organization because of security concerns, and one of the steps seems to be trying to execute 7za.exe to extract an archive (electron-builder\Cache\winCodeSign
).
Is there a way to bypass this step or perform it without 7zip?
Issue Analytics
- State:
- Created 2 years ago
- Comments:5
Top Results From Across the Web
Security-Risk: Avoid 7-Zip - BornCity
Unfortunately, there is a dark side of 7-Zip, because the tool is potentially a huge security risk. Here are some hints about what...
Read more >Are 7-Zip password-protected split archives safe against ...
First of all, that multi-encryption scheme is ridiculous. The algorithm used by 7-Zip is AES-256 which is considered secure.
Read more >Frequently Asked Questions (FAQ) - 7-Zip
Yes, 7-Zip is free software. You can use it on any computer. You don't need to register or pay for 7-Zip. How can...
Read more >Multiple 7-Zip Vulnerabilities Discovered by Talos
Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since ...
Read more >Massive Qlocker ransomware attack uses 7zip to encrypt ...
Update 4/22/21: A bug was discovered last night that allowed victims to recover their 7zip password for free but was fixed soon after...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@mmaietta unfortunately I cannot test this scenario anymore. I resorted to building the app outside the corporate environment, on my personal laptop. Whatever npm modules were private to the organization, I copied over my local node_modules folder so they wouldn’t have to be downloaded, and it worked.
@mmaietta thank you for your answer. It’s a pity that we need to download a binary executable for this, I would have expected at least a fallback option to do it with some zip npm module (even if it’s going to be slower). I assume 7zip will be a no-go for lots of corporate environments: https://www.groovypost.com/news/serious-security-exploits-found-in-7-zip-update-available/