1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
metamask-extension/app/scripts/lockdown-run.js

115 lines
4.1 KiB
JavaScript
Raw Normal View History

Add SES lockdown to extension webapp (#9729) * Freezeglobals: remove Promise freezing, add lockdown * background & UI: temp disable sentry * add loose-envify, dedupe symbol-observable * use loose envify * add symbol-observable patch * run freezeGlobals after sentry init * use require instead of import * add lockdown to contentscript * add error code in message * try increasing node env heap size to 2048 * change back circe CI option * make freezeGlobals an exported function * make freezeGlobals an exported function * use freezeIntrinsics * pass down env to child process * fix unknown module * fix tests * change back to 2048 * fix import error * attempt to fix memory error * fix lint * fix lint * fix mem gain * use lockdown in phishing detect * fix lint * move sentry init into freezeIntrinsics to run lockdown before other imports * lint fix * custom lockdown modules per context * lint fix * fix global test * remove run in child process * remove lavamoat-core, use ses, require lockdown directly * revert childprocess * patch package postinstall * revert back child process * add postinstall to ci * revert node max space size to 1024 * put back loose-envify * Disable sentry to see if e2e tetss pass * use runLockdown, add as script in manifest * remove global and require from runlockdown * add more memory to tests * upgrade resource class for prep-build & prep-build-test * fix lint * lint fix * upgrade remote-redux-devtools * skillfully re-add sentry * lintfix * fix lint * put back beep * remove envify, add loose-envify and patch-package in dev deps * Replace patch with Yarn resolution (#9923) Instead of patching `symbol-observable`, this ensures that all versions of `symbol-observable` are resolved to the given range, even if it contradicts the requested range. Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 04:26:43 +01:00
// Freezes all intrinsics
try {
// eslint-disable-next-line no-undef,import/unambiguous
lockdown({
consoleTaming: 'unsafe',
errorTaming: 'unsafe',
mathTaming: 'unsafe',
dateTaming: 'unsafe',
overrideTaming: 'severe',
});
} catch (error) {
// If the `lockdown` call throws an exception, it interferes with the
// contentscript injection on some versions of Firefox. The error is
// caught and logged here so that the contentscript still gets injected.
// This affects Firefox v56 and Waterfox Classic.
console.error('Lockdown failed:', error);
Build - refactor for bundle factoring and swappable runtime (#11080) * wip * build - breakout sentry-install bundle * deps - move new build sys deps to published versions * chore: lint fix * clean - remove unused file * clean - remove unsused package script * lavamoat - update build system policy * build - render html to all platforms * development - improve sourcemap debugger output * deps - update lavapack * lint - fix * deps - update lavapack for bugfix * deps - update lavapack for bugfix * deps - bump lavapack for line ending normalization * sourcemap explorer - disable boundary validation * ci - reset normal ci flow * build - re-enable minification on prod * build - remove noisy log about html dest * build - update terser and remove gulp wrapper for sourcemap fix * Revert "sourcemap explorer - disable boundary validation" This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162. * build - reenable react-devtools in dev mode * wip * build - breakout sentry-install bundle * deps - move new build sys deps to published versions * chore: lint fix * clean - remove unused file * clean - remove unsused package script * lavamoat - update build system policy * build - render html to all platforms * development - improve sourcemap debugger output * deps - update lavapack * lint - fix * deps - update lavapack for bugfix * deps - update lavapack for bugfix * deps - bump lavapack for line ending normalization * sourcemap explorer - disable boundary validation * ci - reset normal ci flow * build - re-enable minification on prod * build - remove noisy log about html dest * build - update terser and remove gulp wrapper for sourcemap fix * Revert "sourcemap explorer - disable boundary validation" This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162. * build - reenable react-devtools in dev mode * Updating lockfile * lint fix * build/dev - patch watchifys incompatible binary stats output * ui - add comment about conditional import * build - improve comment * Update development/stream-flat-map.js Co-authored-by: Brad Decker <git@braddecker.dev> * Outputting all bundle file links (metamaskbot) Co-authored-by: ryanml <ryanlanese@gmail.com> Co-authored-by: Brad Decker <git@braddecker.dev>
2021-07-15 19:59:34 +02:00
if (globalThis.sentry && globalThis.sentry.captureException) {
globalThis.sentry.captureException(
new Error(`Lockdown failed: ${error.message}`),
);
}
}
// Make all "object" and "function" own properties of globalThis
// non-configurable and non-writable, when possible.
// We call the a property that is non-configurable and non-writable,
// "non-modifiable".
try {
/**
* `lockdown` only hardens the properties enumerated by the
* universalPropertyNames constant specified in 'ses/src/whitelist'. This
* function makes all function and object properties on the start compartment
* global non-configurable and non-writable, unless they are already
* non-configurable.
*
* It is critical that this function runs at the right time during
* initialization, which should always be immediately after `lockdown` has been
* called. At the time of writing, the modifications this function makes to the
* runtime environment appear to be non-breaking, but that could change with
* the addition of dependencies, or the order of our scripts in our HTML files.
* Exercise caution.
*
* See inline comments for implementation details.
*
* We write this function in IIFE format to avoid polluting global scope.
*/
(function protectIntrinsics() {
const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);
// These named intrinsics are not automatically hardened by `lockdown`
const shouldHardenManually = new Set(['eval', 'Function']);
const globalProperties = new Set([
// universalPropertyNames is a constant added by lockdown to global scope
// at the time of writing, it is initialized in 'ses/src/whitelist'.
// These properties tend to be non-enumerable.
...namedIntrinsics,
// TODO: Also include the named platform globals
// This grabs every enumerable property on globalThis.
// ...Object.keys(globalThis),
]);
globalProperties.forEach((propertyName) => {
const descriptor = Reflect.getOwnPropertyDescriptor(
globalThis,
propertyName,
);
if (descriptor) {
if (descriptor.configurable) {
// If the property on globalThis is configurable, make it
// non-configurable. If it has no accessor properties, also make it
// non-writable.
if (hasAccessor(descriptor)) {
Object.defineProperty(globalThis, propertyName, {
configurable: false,
});
} else {
Object.defineProperty(globalThis, propertyName, {
configurable: false,
writable: false,
});
}
}
if (shouldHardenManually.has(propertyName)) {
harden(globalThis[propertyName]);
}
}
});
/**
* Checks whether the given propertyName descriptor has any accessors, i.e. the
* properties `get` or `set`.
*
* We want to make globals non-writable, and we can't set the `writable`
* property and accessor properties at the same time.
*
* @param {Object} descriptor - The propertyName descriptor to check.
* @returns {boolean} Whether the propertyName descriptor has any accessors.
*/
function hasAccessor(descriptor) {
return 'set' in descriptor || 'get' in descriptor;
}
})();
} catch (error) {
console.error('Protecting intrinsics failed:', error);
if (globalThis.sentry && globalThis.sentry.captureException) {
globalThis.sentry.captureException(
new Error(`Protecting intrinsics failed: ${error.message}`),
);
}
}