m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 09:57:02 +01:00
Code

Revert "Integrate new LavaMoat scuttling protection feature (#16994)" (#17043)

Browse Source
This commit is contained in:
weizman 2022-12-22 17:26:53 +02:00 committed by GitHub
parent b0959e221b
commit 3cf5ef642f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 64 additions and 605 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/runtime.js b/src/runtime.js
index 97c9ddb9b76a2fe31cf9b202cb491f15232232ff..26f65a2b2a3578638402fa887156fdad18eee368 100644
--- a/src/runtime.js
+++ b/src/runtime.js
@@ -8266,7 +8266,7 @@ function tameFunctionConstructors() {
FERAL_FUNCTION.prototype.constructor('return 1');
}catch( ignore) {
// Throws, no need to patch.
- return harden({});
+ return {};
}
const newIntrinsics= {};

43
.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch
View File

@ -1,43 +0,0 @@
diff --git a/index.js b/index.js
index e5be989387006f32a3ea450482a02b387970bcab..2dfa272e6e33dc01ec3b643553884bb29254011a 100644
--- a/index.js
+++ b/index.js
@@ -1,7 +1,5 @@
'use strict';
-var domain = require('domain');
-
var eos = require('end-of-stream');
var p = require('process-nextick-args');
var once = require('once');
@@ -30,13 +28,7 @@ function tryCatch(fn, args) {
function asyncDone(fn, cb) {
cb = once(cb);
- var d = domain.create();
- d.once('error', onError);
- var domainBoundFn = d.bind(fn);
-
function done() {
- d.removeListener('error', onError);
- d.exit();
return tryCatch(cb, arguments);
}
@@ -52,7 +44,7 @@ function asyncDone(fn, cb) {
}
function asyncRunner() {
- var result = domainBoundFn(done);
+ var result = fn(done);
function onNext(state) {
onNext.state = state;
@@ -64,7 +56,6 @@ function asyncDone(fn, cb) {
if (result && typeof result.on === 'function') {
// Assume node stream
- d.add(result);
eos(exhaust(result), eosConfig, done);
return;
}

13
.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch
View File

@ -1,13 +0,0 @@
diff --git a/lib/lockdown.umd.js b/lib/lockdown.umd.js
index 2f32ec5014adc6006ad5148a759fbf48d46bb40c..6df14835df7ca594a775c7da639de7b657e229d7 100644
--- a/lib/lockdown.umd.js
+++ b/lib/lockdown.umd.js
@@ -8154,7 +8154,7 @@ function tameFunctionConstructors() {
FERAL_FUNCTION.prototype.constructor('return 1');
}catch( ignore) {
// Throws, no need to patch.
- return harden({});
+ return {};
}
const newIntrinsics= {};

16
app/scripts/lockdown-more.js
View File

@ -8,7 +8,7 @@ try {
* universalPropertyNames constant specified in 'ses/src/whitelist'. This * universalPropertyNames constant specified in 'ses/src/whitelist'. This
* function makes all function and object properties on the start compartment * function makes all function and object properties on the start compartment
* global non-configurable and non-writable, unless they are already * global non-configurable and non-writable, unless they are already
* non-configurable, or they were scuttled by LavaMoat runtime (LavaMoat#360). * non-configurable.
* *
* It is critical that this function runs at the right time during * It is critical that this function runs at the right time during
* initialization, which should always be immediately after `lockdown` has been * initialization, which should always be immediately after `lockdown` has been
@ -22,9 +22,6 @@ try {
* We write this function in IIFE format to avoid polluting global scope. * We write this function in IIFE format to avoid polluting global scope.
*/ */
(function protectIntrinsics() { (function protectIntrinsics() {
const lmre = // regex expression for LavaMoat scuttling error message
/LavaMoat - property "[A-Za-z0-9]*" of globalThis is inaccessible under scuttling mode/u;
const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis); const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);
// These named intrinsics are not automatically hardened by `lockdown` // These named intrinsics are not automatically hardened by `lockdown`
@ -65,18 +62,7 @@ try {
} }
if (shouldHardenManually.has(propertyName)) { if (shouldHardenManually.has(propertyName)) {
try {
harden(globalThis[propertyName]); harden(globalThis[propertyName]);
} catch (err) {
if (!lmre.test(err.message)) {
throw err;
}
console.warn(
`Property ${propertyName} will not be hardened`,
`because it is scuttled by LavaMoat protection.`,
`Visit https://github.com/LavaMoat/LavaMoat/pull/360 to learn more.`,
);
}
} }
} }
}); });

48
development/build/index.js Normal file → Executable file
View File

@ -9,7 +9,6 @@ const livereload = require('gulp-livereload');
const yargs = require('yargs/yargs'); const yargs = require('yargs/yargs');
const { hideBin } = require('yargs/helpers'); const { hideBin } = require('yargs/helpers');
const { sync: globby } = require('globby'); const { sync: globby } = require('globby');
const lavapack = require('@lavamoat/lavapack');
const { getVersion } = require('../lib/get-version'); const { getVersion } = require('../lib/get-version');
const { BuildType } = require('../lib/build-type'); const { BuildType } = require('../lib/build-type');
const { TASKS, ENVIRONMENT } = require('./constants'); const { TASKS, ENVIRONMENT } = require('./constants');
@ -73,53 +72,6 @@ async function defineAndRunBuildTasks() {
version, version,
} = await parseArgv(); } = await parseArgv();
// build lavamoat runtime file
await lavapack.buildRuntime({
scuttleGlobalThis: true,
scuttleGlobalThisExceptions: [
// globals used by different mm deps outside of lm compartment
'toString',
'getComputedStyle',
'addEventListener',
'removeEventListener',
'ShadowRoot',
'HTMLElement',
'Element',
'pageXOffset',
'pageYOffset',
'visualViewport',
'Reflect',
'Set',
'Object',
'navigator',
'harden',
'console',
// globals chrome driver needs to function (test env)
/cdc_[a-zA-Z0-9]+_[a-zA-Z]+/iu,
'performance',
'parseFloat',
'innerWidth',
'innerHeight',
'Symbol',
'Math',
'DOMRect',
'Number',
'Array',
'crypto',
'Function',
'Uint8Array',
'String',
'Promise',
// globals sentry needs to function
'__SENTRY__',
'appState',
'extra',
'stateHooks',
'sentryHooks',
'sentry',
],
});
const browserPlatforms = ['firefox', 'chrome']; const browserPlatforms = ['firefox', 'chrome'];
const browserVersionMap = getBrowserVersionMap(browserPlatforms, version); const browserVersionMap = getBrowserVersionMap(browserPlatforms, version);

61
development/build/scripts.js
View File

@ -38,7 +38,6 @@ const {
isTestBuild, isTestBuild,
getEnvironment, getEnvironment,
logError, logError,
wrapAgainstScuttling,
} = require('./utils'); } = require('./utils');
const { const {
@ -51,42 +50,6 @@ const {
createRemoveFencedCodeTransform, createRemoveFencedCodeTransform,
} = require('./transforms/remove-fenced-code'); } = require('./transforms/remove-fenced-code');
// map dist files to bag of needed native APIs against LM scuttling
const scuttlingBagConfig = {
'sentry-install.js': {
// globals sentry need to function
window: '',
navigator: '',
location: '',
Uint16Array: '',
fetch: '',
String: '',
Math: '',
Object: '',
Symbol: '',
Function: '',
Array: '',
Boolean: '',
Number: '',
Request: '',
Date: '',
document: '',
JSON: '',
encodeURIComponent: '',
crypto: '',
// {clear/set}Timeout are "this sensitive"
clearTimeout: 'window',
setTimeout: 'window',
// sentry special props
__SENTRY__: '',
sentryHooks: '',
sentry: '',
appState: '',
extra: '',
stateHooks: '',
},
};
/** /**
* Get the appropriate Infura project ID. * Get the appropriate Infura project ID.
* *
@ -650,7 +613,6 @@ function createFactoredBuild({
if (policyOnly) { if (policyOnly) {
return; return;
} }
const commonSet = sizeGroupMap.get('common'); const commonSet = sizeGroupMap.get('common');
// create entry points for each file // create entry points for each file
for (const [groupLabel, groupSet] of sizeGroupMap.entries()) { for (const [groupLabel, groupSet] of sizeGroupMap.entries()) {
@ -903,9 +865,6 @@ function setupBundlerDefaults(
setupMinification(buildConfiguration); setupMinification(buildConfiguration);
} }
// Setup wrapping of code against scuttling (before sourcemaps generation)
setupScuttlingWrapping(buildConfiguration);
// Setup source maps // Setup source maps
setupSourcemaps(buildConfiguration, { buildTarget }); setupSourcemaps(buildConfiguration, { buildTarget });
} }
@ -961,24 +920,6 @@ function setupMinification(buildConfiguration) {
}); });
} }
function setupScuttlingWrapping(buildConfiguration) {
const { events } = buildConfiguration;
events.on('configurePipeline', ({ pipeline }) => {
pipeline.get('scuttle').push(
through.obj(
callbackify(async (file, _enc) => {
const bag = scuttlingBagConfig[file.relative];
if (bag) {
const wrapped = wrapAgainstScuttling(file.contents.toString(), bag);
file.contents = Buffer.from(wrapped, 'utf8');
}
return file;
}),
),
);
});
}
function setupSourcemaps(buildConfiguration, { buildTarget }) { function setupSourcemaps(buildConfiguration, { buildTarget }) {
const { events } = buildConfiguration; const { events } = buildConfiguration;
events.on('configurePipeline', ({ pipeline }) => { events.on('configurePipeline', ({ pipeline }) => {
@ -1024,8 +965,6 @@ async function createBundle(buildConfiguration, { reloadOnChange }) {
[], [],
'vinyl', 'vinyl',
[], [],
'scuttle',
[],
'sourcemaps:init', 'sourcemaps:init',
[], [],
'minify', 'minify',

61
development/build/utils.js
View File

@ -118,66 +118,6 @@ function logError(error) {
console.error(error.stack || error); console.error(error.stack || error);
} }
function wrapAgainstScuttling(content, bag = {}) {
return `
{
function setupProxy(global) {
// bag of properties to allow vetted shim to access,
// mapped to their correct this value if needed
const bag = ${JSON.stringify(bag)};
// setup vetted shim bag of properties
for (const prop in bag) {
const that = bag[prop];
let api = global[prop];
if (that) api = api.bind(global[that]);
bag[prop] = api;
}
// setup proxy for the vetted shim to go through
const proxy = new Proxy(bag, {
get: function get(target, prop) {
return bag[prop] || Reflect.get(target, prop);
},
set: function set(target, prop, value) {
if (bag.hasOwnProperty(prop) || prop.startsWith('on')) {
return bag[prop] = global[prop] = value;
}
},
});
// make sure bind() and apply() are applied with
// proxy target rather than proxy receiver
(function(target, receiver) {
'use strict'; // to work with ses lockdown
function wrap(obj, prop, target, receiver) {
const real = obj[prop];
obj[prop] = function(that) {
if (that === receiver) that = target;
const args = [].slice.call(arguments, 1);
return real.call(this, that, ...args);
};
}
wrap(Function.prototype, 'bind', target, receiver);
wrap(Function.prototype, 'apply', target, receiver);
} (global, proxy));
return proxy;
}
const proxy = setupProxy(globalThis);
with (proxy) {
with ({window: proxy, self: proxy, globalThis: proxy}) {
${content}
}
}
};
`;
}
/** /**
* Get the path of a file or folder inside the node_modules folder * Get the path of a file or folder inside the node_modules folder
* *
@ -206,6 +146,5 @@ module.exports = {
isDevBuild, isDevBuild,
isTestBuild, isTestBuild,
logError, logError,
wrapAgainstScuttling,
getPathInsideNodeModules, getPathInsideNodeModules,
}; };

262
lavamoat/build-system/policy.json
View File

@ -957,76 +957,10 @@
"gulp>gulp-cli>isobject": true "gulp>gulp-cli>isobject": true
} }
}, },
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog": {
"builtin": {
"events.EventEmitter": true,
"util": true
},
"globals": {
"process.nextTick": true,
"process.stderr": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>are-we-there-yet": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge": true,
"@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
"nyc>yargs>set-blocking": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>are-we-there-yet": {
"builtin": {
"events.EventEmitter": true,
"util.inherits": true
},
"packages": {
"koa>delegates": true,
"readable-stream": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge": {
"builtin": {
"util.format": true
},
"globals": {
"clearInterval": true,
"process": true,
"setImmediate": true,
"setInterval": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>aproba": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": true,
"@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
"@storybook/react>@storybook/node-logger>npmlog>gauge>has-unicode": true,
"@storybook/react>@storybook/node-logger>npmlog>gauge>wide-align": true,
"nyc>signal-exit": true,
"react>object-assign": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width": {
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width>is-fullwidth-code-point": true,
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": true,
"gulp>gulp-cli>yargs>string-width>code-point-at": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width>is-fullwidth-code-point": {
"packages": {
"gulp>gulp-cli>yargs>string-width>is-fullwidth-code-point>number-is-nan": true
}
},
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": {
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi>ansi-regex": true
}
},
"@lavamoat/lavapack": { "@lavamoat/lavapack": {
"builtin": { "builtin": {
"assert": true, "assert": true,
"buffer.Buffer.from": true, "buffer.Buffer.from": true,
"fs.promises.readFile": true,
"fs.promises.writeFile": true,
"fs.readFileSync": true, "fs.readFileSync": true,
"path.join": true, "path.join": true,
"path.relative": true "path.relative": true
@ -1114,31 +1048,6 @@
"string.prototype.matchall>side-channel": true "string.prototype.matchall>side-channel": true
} }
}, },
"@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": {
"builtin": {
"os.homedir": true
},
"globals": {
"process.env": true,
"process.getuid": true,
"process.platform": true
}
},
"@storybook/react>@storybook/node-logger>npmlog>gauge>has-unicode": {
"builtin": {
"os.type": true
},
"globals": {
"process.env.LANG": true,
"process.env.LC_ALL": true,
"process.env.LC_CTYPE": true
}
},
"@storybook/react>@storybook/node-logger>npmlog>gauge>wide-align": {
"packages": {
"yargs>string-width": true
}
},
"@storybook/react>acorn-walk": { "@storybook/react>acorn-walk": {
"globals": { "globals": {
"define": true "define": true
@ -1890,7 +1799,6 @@
}, },
"packages": { "packages": {
"chokidar>braces": true, "chokidar>braces": true,
"chokidar>fsevents": true,
"chokidar>glob-parent": true, "chokidar>glob-parent": true,
"chokidar>is-binary-path": true, "chokidar>is-binary-path": true,
"chokidar>normalize-path": true, "chokidar>normalize-path": true,
@ -1917,13 +1825,6 @@
"chokidar>braces>fill-range>to-regex-range>is-number": true "chokidar>braces>fill-range>to-regex-range>is-number": true
} }
}, },
"chokidar>fsevents": {
"globals": {
"console.assert": true,
"process.platform": true
},
"native": true
},
"chokidar>glob-parent": { "chokidar>glob-parent": {
"builtin": { "builtin": {
"os.platform": true, "os.platform": true,
@ -4275,7 +4176,6 @@
"gulp-watch>chokidar>anymatch": true, "gulp-watch>chokidar>anymatch": true,
"gulp-watch>chokidar>async-each": true, "gulp-watch>chokidar>async-each": true,
"gulp-watch>chokidar>braces": true, "gulp-watch>chokidar>braces": true,
"gulp-watch>chokidar>fsevents": true,
"gulp-watch>chokidar>is-binary-path": true, "gulp-watch>chokidar>is-binary-path": true,
"gulp-watch>chokidar>readdirp": true, "gulp-watch>chokidar>readdirp": true,
"gulp-watch>chokidar>upath": true, "gulp-watch>chokidar>upath": true,
@ -4648,142 +4548,6 @@
"enzyme>rst-selector-parser>nearley>randexp>ret": true "enzyme>rst-selector-parser>nearley>randexp>ret": true
} }
}, },
"gulp-watch>chokidar>fsevents": {
"builtin": {
"events.EventEmitter": true,
"fs.stat": true,
"path.join": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.assert": true,
"process.nextTick": true,
"process.platform": true,
"setImmediate": true
},
"packages": {
"gulp-watch>chokidar>fsevents>node-pre-gyp": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp": {
"builtin": {
"events.EventEmitter": true,
"fs.existsSync": true,
"fs.readFileSync": true,
"fs.renameSync": true,
"path.dirname": true,
"path.existsSync": true,
"path.join": true,
"path.resolve": true,
"url.parse": true,
"url.resolve": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.log": true,
"process.arch": true,
"process.cwd": true,
"process.env": true,
"process.platform": true,
"process.version.substr": true,
"process.versions": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>detect-libc": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>semver": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>detect-libc": {
"builtin": {
"child_process.spawnSync": true,
"fs.readdirSync": true,
"os.platform": true
},
"globals": {
"process.env": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt": {
"builtin": {
"path": true,
"stream.Stream": true,
"url": true
},
"globals": {
"console": true,
"process.argv": true,
"process.env.DEBUG_NOPT": true,
"process.env.NOPT_DEBUG": true,
"process.platform": true
},
"packages": {
"@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>nopt>abbrev": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv": {
"builtin": {
"child_process.exec": true,
"path": true
},
"globals": {
"process.env.COMPUTERNAME": true,
"process.env.ComSpec": true,
"process.env.EDITOR": true,
"process.env.HOSTNAME": true,
"process.env.PATH": true,
"process.env.PROMPT": true,
"process.env.PS1": true,
"process.env.Path": true,
"process.env.SHELL": true,
"process.env.USER": true,
"process.env.USERDOMAIN": true,
"process.env.USERNAME": true,
"process.env.VISUAL": true,
"process.env.path": true,
"process.nextTick": true,
"process.platform": true
},
"packages": {
"@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": true,
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": {
"globals": {
"process.env.SystemRoot": true,
"process.env.TEMP": true,
"process.env.TMP": true,
"process.env.TMPDIR": true,
"process.env.windir": true,
"process.platform": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf": {
"builtin": {
"assert": true,
"fs": true,
"path.join": true
},
"globals": {
"process.platform": true,
"setTimeout": true
},
"packages": {
"nyc>glob": true
}
},
"gulp-watch>chokidar>fsevents>node-pre-gyp>semver": {
"globals": {
"console": true,
"process": true
}
},
"gulp-watch>chokidar>is-binary-path": { "gulp-watch>chokidar>is-binary-path": {
"builtin": { "builtin": {
"path.extname": true "path.extname": true
@ -5360,7 +5124,6 @@
"gulp-watch>path-is-absolute": true, "gulp-watch>path-is-absolute": true,
"gulp>glob-watcher>anymatch": true, "gulp>glob-watcher>anymatch": true,
"gulp>glob-watcher>chokidar>braces": true, "gulp>glob-watcher>chokidar>braces": true,
"gulp>glob-watcher>chokidar>fsevents": true,
"gulp>glob-watcher>chokidar>glob-parent": true, "gulp>glob-watcher>chokidar>glob-parent": true,
"gulp>glob-watcher>chokidar>is-binary-path": true, "gulp>glob-watcher>chokidar>is-binary-path": true,
"gulp>glob-watcher>chokidar>readdirp": true, "gulp>glob-watcher>chokidar>readdirp": true,
@ -5419,24 +5182,6 @@
"stylelint>@stylelint/postcss-markdown>remark>remark-parse>repeat-string": true "stylelint>@stylelint/postcss-markdown>remark>remark-parse>repeat-string": true
} }
}, },
"gulp>glob-watcher>chokidar>fsevents": {
"builtin": {
"events.EventEmitter": true,
"fs.stat": true,
"path.join": true,
"util.inherits": true
},
"globals": {
"__dirname": true,
"console.assert": true,
"process.nextTick": true,
"process.platform": true,
"setImmediate": true
},
"packages": {
"gulp-watch>chokidar>fsevents>node-pre-gyp": true
}
},
"gulp>glob-watcher>chokidar>glob-parent": { "gulp>glob-watcher>chokidar>glob-parent": {
"builtin": { "builtin": {
"os.platform": true, "os.platform": true,
@ -6193,7 +5938,6 @@
"events": true, "events": true,
"fs.existsSync": true, "fs.existsSync": true,
"fs.readFileSync": true, "fs.readFileSync": true,
"fs.writeFileSync": true,
"path.extname": true, "path.extname": true,
"path.join": true "path.join": true
}, },
@ -6511,12 +6255,6 @@
"process": true "process": true
} }
}, },
"nyc>yargs>set-blocking": {
"globals": {
"process.stderr": true,
"process.stdout": true
}
},
"prettier": { "prettier": {
"builtin": { "builtin": {
"assert": true, "assert": true,

15
package.json
View File

@ -185,14 +185,7 @@
"luxon@^3.0.1": "patch:luxon@npm%3A3.1.0#./.yarn/patches/luxon-npm-3.1.0-16e2508500.patch", "luxon@^3.0.1": "patch:luxon@npm%3A3.1.0#./.yarn/patches/luxon-npm-3.1.0-16e2508500.patch",
"improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch", "improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch",
"lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch", "lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch",
"symbol-observable": "^2.0.3", "symbol-observable": "^2.0.3"
"async-done@~1.3.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"async-done@^1.2.0": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"async-done@^1.2.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch",
"lavamoat-core@^10.0.1": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"lavamoat-core@^12.4.0": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"lavamoat-core@^12.3.0": "patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch",
"@lavamoat/lavapack@^3.3.0": "patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch"
}, },
"dependencies": { "dependencies": {
"@babel/runtime": "^7.5.5", "@babel/runtime": "^7.5.5",
@ -350,7 +343,7 @@
"@babel/register": "^7.5.5", "@babel/register": "^7.5.5",
"@ethersproject/bignumber": "^5.7.0", "@ethersproject/bignumber": "^5.7.0",
"@lavamoat/allow-scripts": "^2.0.3", "@lavamoat/allow-scripts": "^2.0.3",
"@lavamoat/lavapack": "^3.3.0", "@lavamoat/lavapack": "^3.1.0",
"@metamask/auto-changelog": "^2.1.0", "@metamask/auto-changelog": "^2.1.0",
"@metamask/eslint-config": "^9.0.0", "@metamask/eslint-config": "^9.0.0",
"@metamask/eslint-config-jest": "^9.0.0", "@metamask/eslint-config-jest": "^9.0.0",
@ -460,8 +453,8 @@
"jest-it-up": "^2.0.2", "jest-it-up": "^2.0.2",
"jsdom": "^11.2.0", "jsdom": "^11.2.0",
"koa": "^2.7.0", "koa": "^2.7.0",
"lavamoat": "^6.3.0", "lavamoat": "^6.2.0",
"lavamoat-browserify": "^15.5.0", "lavamoat-browserify": "^15.2.0",
"lavamoat-viz": "^6.0.9", "lavamoat-viz": "^6.0.9",
"lockfile-lint": "^4.9.6", "lockfile-lint": "^4.9.6",
"loose-envify": "^1.4.0", "loose-envify": "^1.4.0",

19
test/helpers/protect-intrinsics-helpers.js
View File

@ -28,10 +28,7 @@ function getGlobalProperties() {
// TODO: Also include the named platform globals // TODO: Also include the named platform globals
// This grabs every enumerable property on globalThis. // This grabs every enumerable property on globalThis.
// ...Object.keys(globalThis), // ...Object.keys(globalThis),
].filter( ].filter((propertyName) => !ignoreList.has(propertyName)),
(propertyName) =>
typeof propertyName === 'string' && !ignoreList.has(propertyName),
),
); );
} }
@ -52,7 +49,6 @@ function testIntrinsic(propertyName) {
// As long as Object.isFrozen is the true Object.isFrozen, the object // As long as Object.isFrozen is the true Object.isFrozen, the object
// it is called with cannot lie about being frozen. // it is called with cannot lie about being frozen.
try {
const value = globalThis[propertyName]; const value = globalThis[propertyName];
if (value !== globalThis) { if (value !== globalThis) {
assert.equal( assert.equal(
@ -61,19 +57,6 @@ function testIntrinsic(propertyName) {
`value of universal property globalThis["${propertyName}"] should be frozen`, `value of universal property globalThis["${propertyName}"] should be frozen`,
); );
} }
} catch (err) {
const lmre = // regex expression for LavaMoat scuttling error message
/LavaMoat - property "[A-Za-z0-9]*" of globalThis is inaccessible under scuttling mode/u;
if (!lmre.test(err.message)) {
throw err;
}
console.warn(
`Property ${propertyName} is not hardened`,
`because it is scuttled by LavaMoat protection.`,
`Visit https://github.com/LavaMoat/LavaMoat/pull/360 to learn more.`,
);
}
// The writability of properties with accessors cannot be modified. // The writability of properties with accessors cannot be modified.
if ('set' in descriptor || 'get' in descriptor) { if ('set' in descriptor || 'get' in descriptor) {

104
yarn.lock
View File

@ -3054,35 +3054,35 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"@lavamoat/lavapack@npm:3.3.0": "@lavamoat/lavapack@npm:3.1.0":
version: 3.3.0 version: 3.1.0
resolution: "@lavamoat/lavapack@npm:3.3.0" resolution: "@lavamoat/lavapack@npm:3.1.0"
dependencies: dependencies:
JSONStream: ^1.3.5 JSONStream: ^1.3.5
combine-source-map: ^0.8.0 combine-source-map: ^0.8.0
convert-source-map: ^1.7.0 convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-core: ^12.4.0 lavamoat-core: ^12.2.0
readable-stream: ^3.6.0 readable-stream: ^3.6.0
through2: ^4.0.2 through2: ^4.0.2
umd: ^3.0.3 umd: ^3.0.3
checksum: 77f6588d38d53f0feba1856de409829969dc3592b9b4d1e722fd395a1eabae6a8983648e2929ef9243fd6ead6919683cb87e65433325601bafabcf8b46dc83be checksum: 01d87fe76194591e3542171c6f7eccd0efadcbe27213af5d251480a5ca3cc95a77724de103995ee7c96a4b7e7a269c8dfe446a0a3028f8cf4952d7168817fa4a
languageName: node languageName: node
linkType: hard linkType: hard
"@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch::locator=metamask-crx%40workspace%3A.": "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::locator=metamask-crx%40workspace%3A.":
version: 3.3.0 version: 3.1.0
resolution: "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.3.0#./.yarn/patches/@lavamoat-lavapack-npm-3.3.0-5a61b5374d.patch::version=3.3.0&hash=d6b8b1&locator=metamask-crx%40workspace%3A." resolution: "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::version=3.1.0&hash=8c39c8&locator=metamask-crx%40workspace%3A."
dependencies: dependencies:
JSONStream: ^1.3.5 JSONStream: ^1.3.5
combine-source-map: ^0.8.0 combine-source-map: ^0.8.0
convert-source-map: ^1.7.0 convert-source-map: ^1.7.0
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-core: ^12.4.0 lavamoat-core: ^12.2.0
readable-stream: ^3.6.0 readable-stream: ^3.6.0
through2: ^4.0.2 through2: ^4.0.2
umd: ^3.0.3 umd: ^3.0.3
checksum: 4e928e9de74757d7889f8f4712c793206e5a0d9551b7f564d9da95fa45e85df23bcd8dcc1e44feb3ec07d0ffda6a2956971aaca24a0afce46f4a4b0730e57549 checksum: cef044f3dfba68455ed1b17b80d58fa3fcbd42e5d576c0ed0fad126f27e15592ae69c213b4537626a053c8a2f5a0f6bcf80bbb3e7e7ab6722ea6743d4e54820c
languageName: node languageName: node
linkType: hard linkType: hard
@ -8888,7 +8888,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"async-done@npm:1.3.2": "async-done@npm:^1.2.0, async-done@npm:^1.2.2, async-done@npm:~1.3.2":
version: 1.3.2 version: 1.3.2
resolution: "async-done@npm:1.3.2" resolution: "async-done@npm:1.3.2"
dependencies: dependencies:
@ -8900,18 +8900,6 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::locator=metamask-crx%40workspace%3A.":
version: 1.3.2
resolution: "async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::version=1.3.2&hash=f92ff4&locator=metamask-crx%40workspace%3A."
dependencies:
end-of-stream: ^1.1.0
once: ^1.3.2
process-nextick-args: ^2.0.0
stream-exhaust: ^1.0.1
checksum: cf43b3e1e8530a09144d6614f5b7f3429921cf338a1d36c07854cc381241cc22e001fcbf6a845a65bf76726653951ae12bba3ec221278508345629e47d880329
languageName: node
linkType: hard
"async-each@npm:^1.0.1": "async-each@npm:^1.0.1":
version: 1.0.1 version: 1.0.1
resolution: "async-each@npm:1.0.1" resolution: "async-each@npm:1.0.1"
@ -21480,52 +21468,63 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"lavamoat-browserify@npm:^15.5.0": "lavamoat-browserify@npm:^15.2.0":
version: 15.5.0 version: 15.2.0
resolution: "lavamoat-browserify@npm:15.5.0" resolution: "lavamoat-browserify@npm:15.2.0"
dependencies: dependencies:
"@babel/code-frame": ^7.16.7 "@babel/code-frame": ^7.16.7
"@lavamoat/aa": ^3.1.0 "@lavamoat/aa": ^3.1.0
"@lavamoat/lavapack": ^3.3.0 "@lavamoat/lavapack": ^3.1.0
browser-resolve: ^2.0.0 browser-resolve: ^2.0.0
concat-stream: ^2.0.0 concat-stream: ^2.0.0
convert-source-map: ^1.8.0 convert-source-map: ^1.8.0
duplexify: ^4.1.1 duplexify: ^4.1.1
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-core: ^12.4.0 lavamoat-core: ^12.2.0
pify: ^4.0.1 pify: ^4.0.1
readable-stream: ^3.6.0 readable-stream: ^3.6.0
source-map: ^0.7.3 source-map: ^0.7.3
through2: ^3.0.0 through2: ^3.0.0
checksum: b9d4ccbe6dd09aa63145f89f99f0b3ac269930a5e419cc836659f8c6a7e26b78d2dd3722e44055e6436d2334b044c348895f512d134ee8b5dc4ee87adc890b6f checksum: 510e09ac05ac2b3492815b6ce9060255cd6d8cc372073c437dfc634818b729fd0cf87a00f70c96deeb15496d090c611248101d13c117a4454247464d9f0f1a91
languageName: node languageName: node
linkType: hard linkType: hard
"lavamoat-core@npm:12.4.0": "lavamoat-core@npm:^10.0.1":
version: 12.4.0 version: 10.0.1
resolution: "lavamoat-core@npm:12.4.0" resolution: "lavamoat-core@npm:10.0.1"
dependencies: dependencies:
fromentries: ^1.2.0 fromentries: ^1.2.0
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-tofu: ^6.0.2 lavamoat-tofu: ^5.1.3
merge-deep: ^3.0.2 merge-deep: ^3.0.2
checksum: 432a8968035370feb51e50f35306e7f85015e3b56440dbd41b6d3eec7f4bc82c3d1f16c6a627549df2665499c49bcb6e55fa697bccc6839bac1de12804019c1d resolve: ^1.15.1
checksum: 6d64663da2661ac550095e762ed71be2e99a58fa33bc7c9ae35a1cf7476d3cea8e08986dbb04c7decf9169e71b39c9377eaf8c8005a687e0a5675443aa124a40
languageName: node languageName: node
linkType: hard linkType: hard
"lavamoat-core@patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch::locator=metamask-crx%40workspace%3A.": "lavamoat-core@npm:^12.2.0":
version: 12.4.0 version: 12.2.0
resolution: "lavamoat-core@patch:lavamoat-core@npm%3A12.4.0#./.yarn/patches/lavamoat-core-npm-12.4.0-cecca1a9b5.patch::version=12.4.0&hash=4d4cee&locator=metamask-crx%40workspace%3A." resolution: "lavamoat-core@npm:12.2.0"
dependencies: dependencies:
fromentries: ^1.2.0 fromentries: ^1.2.0
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-tofu: ^6.0.2 lavamoat-tofu: ^6.0.1
merge-deep: ^3.0.2 merge-deep: ^3.0.2
checksum: 2636c565bb26e06bec9f3bebb3664bd6878520fd880b51140f956480ff1a389c2ee3cfc19d7c2c4340f29d3d275bb407b6de10c76806a147381efcc3bbf403b7 checksum: 8aff8ba92fad737b1194aefa25f3e8a51055963c0d68a4c4eef6cf2f36155690c8ddc30d881e23c466d3084a420c5ddab3d82eedc5630eecfc714849ca2c0c75
languageName: node languageName: node
linkType: hard linkType: hard
"lavamoat-tofu@npm:^6.0.2": "lavamoat-tofu@npm:^5.1.3":
version: 5.1.3
resolution: "lavamoat-tofu@npm:5.1.3"
dependencies:
"@babel/parser": ^7.10.1
"@babel/traverse": ^7.10.1
checksum: d8a04fb8db04a5a731ad02974f9e6d8771fb8679525745e3edf9e35b369aa4bc0c3df14fb49e9380594f24e5603fd8e06645675212611b4982977de1b9aab60b
languageName: node
linkType: hard
"lavamoat-tofu@npm:^6.0.1":
version: 6.0.2 version: 6.0.2
resolution: "lavamoat-tofu@npm:6.0.2" resolution: "lavamoat-tofu@npm:6.0.2"
dependencies: dependencies:
@ -21551,9 +21550,9 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"lavamoat@npm:^6.3.0": "lavamoat@npm:^6.2.0":
version: 6.4.0 version: 6.2.0
resolution: "lavamoat@npm:6.4.0" resolution: "lavamoat@npm:6.2.0"
dependencies: dependencies:
"@babel/code-frame": ^7.10.4 "@babel/code-frame": ^7.10.4
"@babel/highlight": ^7.10.4 "@babel/highlight": ^7.10.4
@ -21561,16 +21560,15 @@ __metadata:
bindings: ^1.5.0 bindings: ^1.5.0
htmlescape: ^1.1.1 htmlescape: ^1.1.1
json-stable-stringify: ^1.0.1 json-stable-stringify: ^1.0.1
lavamoat-core: ^12.3.0 lavamoat-core: ^12.2.0
lavamoat-tofu: ^6.0.2 lavamoat-tofu: ^6.0.1
node-gyp-build: ^4.2.3 node-gyp-build: ^4.2.3
object.fromentries: ^2.0.2 object.fromentries: ^2.0.2
resolve: ^1.17.0 resolve: ^1.17.0
yargs: ^16.0.0 yargs: ^16.0.0
bin: bin:
lavamoat: src/cli.js lavamoat: src/index.js
lavamoat-run-command: src/run-command.js checksum: 4824d5459647dfe8352ce913295fa6d01343e6715bf3da8dc27956bf5876ed466572d9d50b66401a8a7896168f969f3667b33721bb4e276441ee3bedf2192bca
checksum: 5a058b0b62fa4d6baa477775dc03433c0064e7ab0f14f4a540aa033154c3484cd9b59ec66e2968e387087c24531b09cbd6a70a3a11f4b52e3b4519cd3672c54c
languageName: node languageName: node
linkType: hard linkType: hard
@ -22853,7 +22851,7 @@ __metadata:
"@keystonehq/bc-ur-registry-eth": ^0.12.1 "@keystonehq/bc-ur-registry-eth": ^0.12.1
"@keystonehq/metamask-airgapped-keyring": ^0.6.1 "@keystonehq/metamask-airgapped-keyring": ^0.6.1
"@lavamoat/allow-scripts": ^2.0.3 "@lavamoat/allow-scripts": ^2.0.3
"@lavamoat/lavapack": ^3.3.0 "@lavamoat/lavapack": ^3.1.0
"@lavamoat/snow": ^1.3.0 "@lavamoat/snow": ^1.3.0
"@material-ui/core": ^4.11.0 "@material-ui/core": ^4.11.0
"@metamask/address-book-controller": ^1.0.0 "@metamask/address-book-controller": ^1.0.0
@ -23050,8 +23048,8 @@ __metadata:
jsonschema: ^1.2.4 jsonschema: ^1.2.4
koa: ^2.7.0 koa: ^2.7.0
labeled-stream-splicer: ^2.0.2 labeled-stream-splicer: ^2.0.2
lavamoat: ^6.3.0 lavamoat: ^6.2.0
lavamoat-browserify: ^15.5.0 lavamoat-browserify: ^15.2.0
lavamoat-viz: ^6.0.9 lavamoat-viz: ^6.0.9
localforage: ^1.9.0 localforage: ^1.9.0
lockfile-lint: ^4.9.6 lockfile-lint: ^4.9.6
@ -28587,7 +28585,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"resolve@npm:^1.1.4, resolve@npm:^1.1.5, resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.10.1, resolve@npm:^1.11.1, resolve@npm:^1.12.0, resolve@npm:^1.14.2, resolve@npm:^1.17.0, resolve@npm:^1.18.1, resolve@npm:^1.19.0, resolve@npm:^1.20.0, resolve@npm:^1.21.0, resolve@npm:^1.22.0, resolve@npm:^1.3.2, resolve@npm:^1.4.0": "resolve@npm:^1.1.4, resolve@npm:^1.1.5, resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.10.1, resolve@npm:^1.11.1, resolve@npm:^1.12.0, resolve@npm:^1.14.2, resolve@npm:^1.15.1, resolve@npm:^1.17.0, resolve@npm:^1.18.1, resolve@npm:^1.19.0, resolve@npm:^1.20.0, resolve@npm:^1.21.0, resolve@npm:^1.22.0, resolve@npm:^1.3.2, resolve@npm:^1.4.0":
version: 1.22.1 version: 1.22.1
resolution: "resolve@npm:1.22.1" resolution: "resolve@npm:1.22.1"
dependencies: dependencies:
@ -28620,7 +28618,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"resolve@patch:resolve@^1.1.4#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.5#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.6#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.7#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.11.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.12.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.14.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.17.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.18.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.19.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.20.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.21.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.22.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.3.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.4.0#~builtin<compat/resolve>": "resolve@patch:resolve@^1.1.4#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.5#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.6#~builtin<compat/resolve>, resolve@patch:resolve@^1.1.7#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.11.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.12.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.14.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.15.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.17.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.18.1#~builtin<compat/resolve>, resolve@patch:resolve@^1.19.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.20.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.21.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.22.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.3.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.4.0#~builtin<compat/resolve>":
version: 1.22.1 version: 1.22.1
resolution: "resolve@patch:resolve@npm%3A1.22.1#~builtin<compat/resolve>::version=1.22.1&hash=07638b" resolution: "resolve@patch:resolve@npm%3A1.22.1#~builtin<compat/resolve>::version=1.22.1&hash=07638b"
dependencies: dependencies: