1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-26 20:39:08 +01:00
metamask-extension/app/scripts/runLockdown.js

20 lines
651 B
JavaScript
Raw Normal View History

Add SES lockdown to extension webapp (#9729) * Freezeglobals: remove Promise freezing, add lockdown * background & UI: temp disable sentry * add loose-envify, dedupe symbol-observable * use loose envify * add symbol-observable patch * run freezeGlobals after sentry init * use require instead of import * add lockdown to contentscript * add error code in message * try increasing node env heap size to 2048 * change back circe CI option * make freezeGlobals an exported function * make freezeGlobals an exported function * use freezeIntrinsics * pass down env to child process * fix unknown module * fix tests * change back to 2048 * fix import error * attempt to fix memory error * fix lint * fix lint * fix mem gain * use lockdown in phishing detect * fix lint * move sentry init into freezeIntrinsics to run lockdown before other imports * lint fix * custom lockdown modules per context * lint fix * fix global test * remove run in child process * remove lavamoat-core, use ses, require lockdown directly * revert childprocess * patch package postinstall * revert back child process * add postinstall to ci * revert node max space size to 1024 * put back loose-envify * Disable sentry to see if e2e tetss pass * use runLockdown, add as script in manifest * remove global and require from runlockdown * add more memory to tests * upgrade resource class for prep-build & prep-build-test * fix lint * lint fix * upgrade remote-redux-devtools * skillfully re-add sentry * lintfix * fix lint * put back beep * remove envify, add loose-envify and patch-package in dev deps * Replace patch with Yarn resolution (#9923) Instead of patching `symbol-observable`, this ensures that all versions of `symbol-observable` are resolved to the given range, even if it contradicts the requested range. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 04:26:43 +01:00
// Freezes all intrinsics
try {
// eslint-disable-next-line no-undef,import/unambiguous
lockdown({
consoleTaming: 'unsafe',
errorTaming: 'unsafe',
mathTaming: 'unsafe',
dateTaming: 'unsafe',
})
} catch (error) {
// If the `lockdown` call throws an exception, it interferes with the
// contentscript injection on some versions of Firefox. The error is
// caught and logged here so that the contentscript still gets injected.
// This affects Firefox v56 and Waterfox Classic
console.error('Lockdown failed:', error)
if (window.sentry && window.sentry.captureException) {
window.sentry.captureException(error)
}
}