m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-21 17:37:01 +01:00
Code

Integrate Snow with LavaMoat scuttling protection (#17969)

Browse Source
This commit is contained in:
weizman 2023-06-23 18:25:24 +03:00 committed by GitHub
parent b86326b4bf
commit 365c1e32d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 126 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/scripts/use-snow.js
View File

@ -1,8 +1,21 @@
/*
NOTICE:
This Snow + LavaMoat scuttling integration is currently being used
with an experimental API (https://github.com/LavaMoat/LavaMoat/pull/462).
Changing this code must be done cautiously to avoid breaking the app!
*/
// eslint-disable-next-line import/unambiguous
(function () {
const log = console.log.bind(console);
const msg = 'SNOW INTERCEPTED NEW WINDOW CREATION IN METAMASK APP: ';
window.top.SNOW((win) => {
log(msg, win, win?.frameElement);
const msg =
'Snow detected a new realm creation attempt in MetaMask. Performing scuttling on new realm.';
Object.defineProperty(window.top, 'SCUTTLER', {
value: (realm, scuttle) => {
window.top.SNOW((win) => {
log(msg, win);
scuttle(win);
}, realm);
},
});
})();

7
development/build/index.js
View File

@ -147,8 +147,11 @@ async function defineAndRunBuildTasks() {
// build lavamoat runtime file
await lavapack.buildRuntime({
scuttleGlobalThis: applyLavaMoat && shouldScuttle,
scuttleGlobalThisExceptions,
scuttleGlobalThis: {
enabled: applyLavaMoat && shouldScuttle,
scuttlerName: 'SCUTTLER',
exceptions: scuttleGlobalThisExceptions,
},
});
}

100
lavamoat/build-system/policy.json
View File

@ -168,9 +168,13 @@
},
"@babel/eslint-parser": {
"builtin": {
"path": true
"module": true,
"path": true,
"worker_threads": true
},
"globals": {
"__dirname": true,
"process.cwd": true,
"process.versions": true
},
"packages": {
@ -1045,17 +1049,18 @@
"globals": {
"__dirname": true,
"__filename.slice": true,
"console.warn": true,
"process.cwd": true,
"setTimeout": true
},
"packages": {
"@lavamoat/lavapack>combine-source-map": true,
"@lavamoat/lavapack>lavamoat-core": true,
"@lavamoat/lavapack>convert-source-map": true,
"@lavamoat/lavapack>readable-stream": true,
"@lavamoat/lavapack>umd": true,
"browserify>JSONStream": true,
"lavamoat>json-stable-stringify": true,
"nyc>convert-source-map": true,
"lavamoat>lavamoat-core": true,
"through2": true
}
},
@ -1082,26 +1087,12 @@
"@lavamoat/lavapack>combine-source-map>inline-source-map>source-map": true
}
},
"@lavamoat/lavapack>lavamoat-core": {
"builtin": {
"events": true,
"fs.existsSync": true,
"fs.readFileSync": true,
"fs.writeFileSync": true,
"path.extname": true,
"path.join": true
},
"@lavamoat/lavapack>convert-source-map": {
"globals": {
"__dirname": true,
"console.error": true,
"console.warn": true,
"define": true
},
"packages": {
"lavamoat>json-stable-stringify": true,
"lavamoat>lavamoat-core>merge-deep": true,
"lavamoat>lavamoat-tofu": true,
"nyc>process-on-spawn>fromentries": true
"Buffer": true,
"atob": true,
"btoa": true,
"value": true
}
},
"@lavamoat/lavapack>readable-stream": {
@ -2858,12 +2849,12 @@
"eslint-plugin-react>estraverse": true,
"eslint-plugin-react>jsx-ast-utils": true,
"eslint-plugin-react>object.entries": true,
"eslint-plugin-react>object.fromentries": true,
"eslint-plugin-react>object.hasown": true,
"eslint-plugin-react>object.values": true,
"eslint-plugin-react>resolve": true,
"eslint-plugin-react>semver": true,
"eslint>minimatch": true,
"lavamoat>object.fromentries": true,
"prop-types": true,
"string.prototype.matchall": true
}
@ -2923,6 +2914,13 @@
"string.prototype.matchall>es-abstract": true
}
},
"eslint-plugin-react>object.fromentries": {
"packages": {
"globalthis>define-properties": true,
"string.prototype.matchall>call-bind": true,
"string.prototype.matchall>es-abstract": true
}
},
"eslint-plugin-react>object.hasown": {
"packages": {
"string.prototype.matchall>es-abstract": true
@ -2984,6 +2982,9 @@
"util": true
},
"globals": {
"__filename": true,
"process.cwd": true,
"process.emitWarning": true,
"process.platform": true
},
"packages": {
@ -6141,8 +6142,8 @@
"setTimeout": true
},
"packages": {
"@lavamoat/lavapack": true,
"duplexify": true,
"lavamoat-browserify>@lavamoat/lavapack": true,
"lavamoat-browserify>browser-resolve": true,
"lavamoat-browserify>concat-stream": true,
"lavamoat-browserify>readable-stream": true,
@ -6152,37 +6153,6 @@
"lavamoat>lavamoat-core": true
}
},
"lavamoat-browserify>@lavamoat/lavapack": {
"builtin": {
"assert": true,
"buffer.Buffer.from": true,
"fs.promises.readFile": true,
"fs.promises.writeFile": true,
"fs.readFileSync": true,
"path.join": true,
"path.relative": true
},
"globals": {
"__dirname": true,
"process.cwd": true,
"setTimeout": true
},
"packages": {
"@lavamoat/lavapack>combine-source-map": true,
"@lavamoat/lavapack>umd": true,
"browserify>JSONStream": true,
"lavamoat-browserify>@lavamoat/lavapack>through2": true,
"lavamoat-browserify>readable-stream": true,
"lavamoat>json-stable-stringify": true,
"lavamoat>lavamoat-core": true,
"nyc>convert-source-map": true
}
},
"lavamoat-browserify>@lavamoat/lavapack>through2": {
"packages": {
"lavamoat-browserify>readable-stream": true
}
},
"lavamoat-browserify>browser-resolve": {
"builtin": {
"fs.readFile": true,
@ -6319,8 +6289,7 @@
"packages": {
"lavamoat>json-stable-stringify": true,
"lavamoat>lavamoat-core>merge-deep": true,
"lavamoat>lavamoat-tofu": true,
"nyc>process-on-spawn>fromentries": true
"lavamoat>lavamoat-tofu": true
}
},
"lavamoat>lavamoat-core>merge-deep": {
@ -6396,13 +6365,6 @@
"depcheck>@babel/traverse": true
}
},
"lavamoat>object.fromentries": {
"packages": {
"globalthis>define-properties": true,
"string.prototype.matchall>call-bind": true,
"string.prototype.matchall>es-abstract": true
}
},
"lodash": {
"globals": {
"define": true
@ -8623,6 +8585,12 @@
"jsdom>request>is-typedarray": true
}
},
"superstruct": {
"globals": {
"console.warn": true,
"define": true
}
},
"terser": {
"globals": {
"Buffer": true,
@ -8981,6 +8949,7 @@
},
"globals": {
"Error": true,
"__dirname": true,
"console": true,
"process": true
},
@ -8995,6 +8964,9 @@
}
},
"yargs>cliui": {
"globals": {
"process": true
},
"packages": {
"eslint>strip-ansi": true,
"yargs>cliui>wrap-ansi": true,

6
package.json
View File

@ -371,7 +371,7 @@
"@babel/register": "^7.5.5",
"@ethersproject/bignumber": "^5.7.0",
"@lavamoat/allow-scripts": "^2.0.3",
"@lavamoat/lavapack": "^5.0.0",
"@lavamoat/lavapack": "^5.2.0",
"@metamask/auto-changelog": "^2.1.0",
"@metamask/eslint-config": "^9.0.0",
"@metamask/eslint-config-jest": "^9.0.0",
@ -494,8 +494,8 @@
"jsdom": "^11.2.0",
"junit-report-merger": "^4.0.0",
"koa": "^2.7.0",
"lavamoat": "^6.3.0",
"lavamoat-browserify": "^15.5.0",
"lavamoat": "^7.1.0",
"lavamoat-browserify": "^15.7.0",
"lavamoat-viz": "^6.0.9",
"lockfile-lint": "^4.9.6",
"loose-envify": "^1.4.0",

141
yarn.lock
View File

@ -80,7 +80,7 @@ __metadata:
languageName: node
linkType: hard
"@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.10.4, @babel/code-frame@npm:^7.12.13, @babel/code-frame@npm:^7.16.7, @babel/code-frame@npm:^7.18.6, @babel/code-frame@npm:^7.21.4":
"@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.12.13, @babel/code-frame@npm:^7.16.7, @babel/code-frame@npm:^7.18.6, @babel/code-frame@npm:^7.21.4":
version: 7.21.4
resolution: "@babel/code-frame@npm:7.21.4"
dependencies:
@ -445,7 +445,7 @@ __metadata:
languageName: node
linkType: hard
"@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.18.6":
"@babel/highlight@npm:^7.18.6":
version: 7.18.6
resolution: "@babel/highlight@npm:7.18.6"
dependencies:
@ -3532,35 +3532,19 @@ __metadata:
languageName: node
linkType: hard
"@lavamoat/lavapack@npm:^3.3.0":
version: 3.3.0
resolution: "@lavamoat/lavapack@npm:3.3.0"
"@lavamoat/lavapack@npm:^5.2.0":
version: 5.2.0
resolution: "@lavamoat/lavapack@npm:5.2.0"
dependencies:
JSONStream: ^1.3.5
combine-source-map: ^0.8.0
convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.4.0
convert-source-map: ^2.0.0
json-stable-stringify: ^1.0.2
lavamoat-core: ^14.2.0
readable-stream: ^3.6.0
through2: ^4.0.2
umd: ^3.0.3
checksum: 77f6588d38d53f0feba1856de409829969dc3592b9b4d1e722fd395a1eabae6a8983648e2929ef9243fd6ead6919683cb87e65433325601bafabcf8b46dc83be
languageName: node
linkType: hard
"@lavamoat/lavapack@npm:^5.0.0":
version: 5.0.0
resolution: "@lavamoat/lavapack@npm:5.0.0"
dependencies:
JSONStream: ^1.3.5
combine-source-map: ^0.8.0
convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1
lavamoat-core: ^14.0.0
readable-stream: ^3.6.0
through2: ^4.0.2
umd: ^3.0.3
checksum: 93b60ced99a23a87f83bf354f6996029757ea76d6b92e8b4b874ef50224515feda47dadd62cdda88c53e703111ddf36a8ef8f19c682e85ad4218f709a4081dbd
checksum: c98bcc310de38b4ad2ce2aeafb69ba293a1083f6683a9f120aef2e187501620f5241361da2966fa07bcb57d004037b0ccf556325364f44c1c021c949fb87e45d
languageName: node
linkType: hard
@ -12858,6 +12842,13 @@ __metadata:
languageName: node
linkType: hard
"convert-source-map@npm:^1.9.0":
version: 1.9.0
resolution: "convert-source-map@npm:1.9.0"
checksum: dc55a1f28ddd0e9485ef13565f8f756b342f9a46c4ae18b843fe3c30c675d058d6a4823eff86d472f187b176f0adf51ea7b69ea38be34be4a63cbbf91b0593c8
languageName: node
linkType: hard
"convert-source-map@npm:^2.0.0":
version: 2.0.0
resolution: "convert-source-map@npm:2.0.0"
@ -22988,24 +22979,23 @@ __metadata:
languageName: node
linkType: hard
"lavamoat-browserify@npm:^15.5.0":
version: 15.5.0
resolution: "lavamoat-browserify@npm:15.5.0"
"lavamoat-browserify@npm:^15.7.0":
version: 15.7.0
resolution: "lavamoat-browserify@npm:15.7.0"
dependencies:
"@babel/code-frame": ^7.16.7
"@lavamoat/aa": ^3.1.0
"@lavamoat/lavapack": ^3.3.0
"@lavamoat/lavapack": ^5.2.0
browser-resolve: ^2.0.0
concat-stream: ^2.0.0
convert-source-map: ^1.8.0
convert-source-map: ^1.9.0
duplexify: ^4.1.1
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.4.0
lavamoat-core: ^14.2.0
pify: ^4.0.1
readable-stream: ^3.6.0
source-map: ^0.7.3
source-map: ^0.7.4
through2: ^3.0.0
checksum: b9d4ccbe6dd09aa63145f89f99f0b3ac269930a5e419cc836659f8c6a7e26b78d2dd3722e44055e6436d2334b044c348895f512d134ee8b5dc4ee87adc890b6f
checksum: 7832820c688439c699d4b99ef6860ff4cab67003e20fad4194e847873bfe3f2d3a4caea3229e61bd0e9e35ca384e2aa5f39ce1370a43b1bdd9c9bca8c226d080
languageName: node
linkType: hard
@ -23022,27 +23012,14 @@ __metadata:
languageName: node
linkType: hard
"lavamoat-core@npm:^12.3.0, lavamoat-core@npm:^12.4.0":
version: 12.4.0
resolution: "lavamoat-core@npm:12.4.0"
"lavamoat-core@npm:^14.2.0":
version: 14.2.0
resolution: "lavamoat-core@npm:14.2.0"
dependencies:
fromentries: ^1.2.0
json-stable-stringify: ^1.0.1
json-stable-stringify: ^1.0.2
lavamoat-tofu: ^6.0.2
merge-deep: ^3.0.2
checksum: 432a8968035370feb51e50f35306e7f85015e3b56440dbd41b6d3eec7f4bc82c3d1f16c6a627549df2665499c49bcb6e55fa697bccc6839bac1de12804019c1d
languageName: node
linkType: hard
"lavamoat-core@npm:^14.0.0":
version: 14.0.0
resolution: "lavamoat-core@npm:14.0.0"
dependencies:
fromentries: ^1.2.0
json-stable-stringify: ^1.0.1
lavamoat-tofu: ^6.0.2
merge-deep: ^3.0.2
checksum: 16c2402aceba339ab25b830d476e95078edc1c978ef2623497ecb07f6b5eb8241541f67755a06cf3562680c1834b69d7e86ca421848b670378ad4fb0d62923ad
merge-deep: ^3.0.3
checksum: 2f254c85a466561393a9ad0b8bcd8ff93b7b195d2f820f89be452348559f3fa689260887dcf4af3d605bc7ddb8fef2637ca7d5bfe1b7f565050aca172b9733d6
languageName: node
linkType: hard
@ -23072,26 +23049,25 @@ __metadata:
languageName: node
linkType: hard
"lavamoat@npm:^6.3.0":
version: 6.4.0
resolution: "lavamoat@npm:6.4.0"
"lavamoat@npm:^7.1.0":
version: 7.1.0
resolution: "lavamoat@npm:7.1.0"
dependencies:
"@babel/code-frame": ^7.10.4
"@babel/highlight": ^7.10.4
"@babel/code-frame": ^7.21.4
"@babel/highlight": ^7.18.6
"@lavamoat/aa": ^3.1.0
bindings: ^1.5.0
htmlescape: ^1.1.1
json-stable-stringify: ^1.0.1
lavamoat-core: ^12.3.0
json-stable-stringify: ^1.0.2
lavamoat-core: ^14.2.0
lavamoat-tofu: ^6.0.2
node-gyp-build: ^4.2.3
object.fromentries: ^2.0.2
resolve: ^1.17.0
yargs: ^16.0.0
node-gyp-build: ^4.6.0
resolve: ^1.22.3
yargs: ^17.7.2
bin:
lavamoat: src/cli.js
lavamoat-run-command: src/run-command.js
checksum: 5a058b0b62fa4d6baa477775dc03433c0064e7ab0f14f4a540aa033154c3484cd9b59ec66e2968e387087c24531b09cbd6a70a3a11f4b52e3b4519cd3672c54c
checksum: 57414b6d434eaf07ad2875ebb5a79453da7d9c377ed19e604a73f66772bf61a40abfb747bc7e0bc5a4808b0debf3a228dc9069eb87dc772b4d615b11d4e91d34
languageName: node
linkType: hard
@ -24309,7 +24285,7 @@ __metadata:
languageName: node
linkType: hard
"merge-deep@npm:^3.0.2":
"merge-deep@npm:^3.0.2, merge-deep@npm:^3.0.3":
version: 3.0.3
resolution: "merge-deep@npm:3.0.3"
dependencies:
@ -24411,7 +24387,7 @@ __metadata:
"@keystonehq/bc-ur-registry-eth": ^0.19.1
"@keystonehq/metamask-airgapped-keyring": ^0.13.1
"@lavamoat/allow-scripts": ^2.0.3
"@lavamoat/lavapack": ^5.0.0
"@lavamoat/lavapack": ^5.2.0
"@lavamoat/snow": ^1.5.0
"@material-ui/core": ^4.11.0
"@metamask-institutional/custody-controller": 0.2.6
@ -24638,8 +24614,8 @@ __metadata:
junit-report-merger: ^4.0.0
koa: ^2.7.0
labeled-stream-splicer: ^2.0.2
lavamoat: ^6.3.0
lavamoat-browserify: ^15.5.0
lavamoat: ^7.1.0
lavamoat-browserify: ^15.7.0
lavamoat-viz: ^6.0.9
localforage: ^1.9.0
lockfile-lint: ^4.9.6
@ -26111,14 +26087,14 @@ __metadata:
languageName: node
linkType: hard
"node-gyp-build@npm:^4.2.0, node-gyp-build@npm:^4.2.2, node-gyp-build@npm:^4.2.3, node-gyp-build@npm:^4.3.0":
version: 4.5.0
resolution: "node-gyp-build@npm:4.5.0"
"node-gyp-build@npm:^4.2.0, node-gyp-build@npm:^4.2.2, node-gyp-build@npm:^4.3.0, node-gyp-build@npm:^4.6.0":
version: 4.6.0
resolution: "node-gyp-build@npm:4.6.0"
bin:
node-gyp-build: bin.js
node-gyp-build-optional: optional.js
node-gyp-build-test: build-test.js
checksum: d888bae0fb88335f69af1b57a2294a931c5042f36e413d8d364c992c9ebfa0b96ffe773179a5a2c8f04b73856e8634e09cce108dbb9804396d3cc8c5455ff2db
checksum: 25d78c5ef1f8c24291f4a370c47ba52fcea14f39272041a90a7894cd50d766f7c8cb8fb06c0f42bf6f69b204b49d9be3c8fc344aac09714d5bdb95965499eb15
languageName: node
linkType: hard
@ -26631,7 +26607,7 @@ __metadata:
languageName: node
linkType: hard
"object.fromentries@npm:^2.0.2, object.fromentries@npm:^2.0.5":
"object.fromentries@npm:^2.0.5":
version: 2.0.6
resolution: "object.fromentries@npm:2.0.6"
dependencies:
@ -35874,7 +35850,7 @@ __metadata:
languageName: node
linkType: hard
"yargs@npm:17.7.1, yargs@npm:^17.0.1, yargs@npm:^17.3.1":
"yargs@npm:17.7.1":
version: 17.7.1
resolution: "yargs@npm:17.7.1"
dependencies:
@ -35908,6 +35884,21 @@ __metadata:
languageName: node
linkType: hard
"yargs@npm:^17.0.1, yargs@npm:^17.3.1, yargs@npm:^17.7.2":
version: 17.7.2
resolution: "yargs@npm:17.7.2"
dependencies:
cliui: ^8.0.1
escalade: ^3.1.1
get-caller-file: ^2.0.5
require-directory: ^2.1.1
string-width: ^4.2.3
y18n: ^5.0.5
yargs-parser: ^21.1.1
checksum: 73b572e863aa4a8cbef323dd911d79d193b772defd5a51aab0aca2d446655216f5002c42c5306033968193bdbf892a7a4c110b0d77954a7fdf563e653967b56a
languageName: node
linkType: hard
"yargs@npm:^4.7.1":
version: 4.8.1
resolution: "yargs@npm:4.8.1"