From dc7ebe979eaea281c23f47f85b9b49e1edcaac61 Mon Sep 17 00:00:00 2001
From: Mark Stacey <markjstacey@gmail.com>
Date: Wed, 16 Aug 2023 19:45:31 -0230
Subject: [PATCH] Add additional validation for persisted state metadata
 (#20462)

Additional validation has been added for persisted state metadata.
Beforehand we just checked that the state itself wasn't falsy. Now we
ensure that the metadata is an object with a valid version as well.
---
 app/scripts/background.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app/scripts/background.js b/app/scripts/background.js
index c368728d6..f4e46c9f0 100644
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@@ -13,6 +13,7 @@ import debounce from 'debounce-stream';
 import log from 'loglevel';
 import browser from 'webextension-polyfill';
 import { storeAsStream } from '@metamask/obs-store';
+import { isObject } from '@metamask/utils';
 ///: BEGIN:ONLY_INCLUDE_IN(snaps)
 import { ApprovalType } from '@metamask/controller-utils';
 ///: END:ONLY_INCLUDE_IN
@@ -411,6 +412,19 @@ export async function loadStateFromPersistence() {
   versionedData = await migrator.migrateData(versionedData);
   if (!versionedData) {
     throw new Error('MetaMask - migrator returned undefined');
+  } else if (!isObject(versionedData.meta)) {
+    throw new Error(
+      `MetaMask - migrator metadata has invalid type '${typeof versionedData.meta}'`,
+    );
+  } else if (typeof versionedData.meta.version !== 'number') {
+    throw new Error(
+      `MetaMask - migrator metadata version has invalid type '${typeof versionedData
+        .meta.version}'`,
+    );
+  } else if (!isObject(versionedData.data)) {
+    throw new Error(
+      `MetaMask - migrator data has invalid type '${typeof versionedData.data}'`,
+    );
   }
   // this initializes the meta/version data as a class variable to be used for future writes
   localStore.setMetadata(versionedData.meta);