m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Code
5f6a61bec5
metamask-extension/app/scripts/controllers/permissions/permission-log.js
MetaMask Bot 31d5c1cf22
Version v10.18.4 RC (#15643) 
* Version v10.18.4

* Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201)

* set more appropriate default for ticker symbol when wallet_addEthereumChain is called

* throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user

* Fix Provider Tracking Metrics (#15082)

* fix filetype audit (#15334)

* Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300)

* remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down

* add migration

* remove nock of on chain registry call in getMethodDataAsync test

* remove audit exclusion (#15346)

* Updates `eth-lattice-keyring` to v0.10.0 (#15261)

This is mainly associated with an update in GridPlus SDK and enables
better strategies for fetching calldata decoder data.
`eth-lattice-keyring` changes:
GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0
`gridplus-sdk` changes (which includes a codebase rewrite):
GridPlus/gridplus-sdk@v1.2.3...v2.2.2

* Fix 'block link explorer on custom networks' (#13870)

* Created a logic for the 'Add a block explorer URL'

Removed unused message

Message logic rollback

Modified history push operation

WIP: Pushing before rebasing

Applied requested changes

Removed unintenionally added code

* Lint fix

* Metrics fixed

* Stop injecting provider on docs.google.com (#15459)

* Fix setting of gasPrice when on non-eip 1559 networks (#15628)

* Fix setting of gasPrice when on non-eip 1559 networks

* Fix unit tests

* Fix logic

* Update ui/ducks/send/send.test.js

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

* [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490)

* [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561)

* remove exclusions for mismatched object jsdoc type casing (#15351)

* Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304)

* Fix state creation in setupSentryGetStateGlobal (#15635)

* filter breadcrumbs for improved clarity while debugging sentry errors (#15639)

* Update v10.18.4 changelog (#15645)

* Auto generated changelog

* Update 10.18.4 changelog

* Run lavamoat:auto

* Call metrics event for wallet type selection at the right time (#15591)

* Fix Sentry in LavaMoat contexts (#15672)

Our Sentry setup relies upon application state, but it wasn't able to
access it in LavaMoat builds because it's running in a separate
Compartment.

A patch has been introduced to the LavaMoat runtime to allow the root
Compartment to mutate the `rootGlobals` object, which is accessible
from outside the compartment as well. This lets us expose application
state to our Sentry integration.

* Fix Sentry deduplication of events that were never sent (#15677)

The Sentry `Dedupe` integration has been filtering out our events, even
when they were never sent due to our `beforeSend` handler. It was
wrongly identifying them as duplicates because it has no knowledge of
`beforeSend` or whether they were actually sent or not.

To resolve this, the filtering we were doing in `beforeSend` has been
moved to a Sentry integration. This integration is installed ahead of
the `Dedupe` integration, so `Dedupe` should never find out about any
events that we filter out, and thus will never consider them as sent
when they were not.

* Replace `lavamoat-runtime.js` patch (#15682)

A patch made in #15672 was found to be unnecessary. Instead of setting
a `rootGlobals` object upon construction of the root compartment, we
are now creating a `sentryHooks` object in the initial top-level
compartment. I hadn't realized at the time that the root compartment
would inherit all properties of the initial compartment `globalThis`.

This accomplishes the same goals as #15672 except without needing a
patch.

* Update v10.18.4 changelog

* Fix lint issues

* Update yarn.lock

* Update `depcheck` to latest version (#15690)

`depcheck` has been updated to the latest version. This version pins
`@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that
result in `depcheck` failing to parse TypeScript files correctly.

We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was
being used already. That resolution is no longer needed so it has been
removed. This should resove the issue the dev team has been seeing
lately where `yarn` and `yarn-deduplicate` disagree about the state the
lockfile should be in.

* Update yarn.lock

* Update LavaMoat policy

* deduplicate

* Update LavaMoat build policy

Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Co-authored-by: Alex Donesky <adonesky@gmail.com>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
Co-authored-by: Alex Miller <asmiller1989@gmail.com>
Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: seaona <54408225+seaona@users.noreply.github.com>
Co-authored-by: seaona <mariona@gmx.es>
Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
2022-08-24 19:57:47 +01:00

375 lines
11 KiB
JavaScript
Raw Blame History

import { ObservableStore } from '@metamask/obs-store';
import { CaveatTypes } from '../../../../shared/constants/permissions';
import {
LOG_IGNORE_METHODS,
LOG_LIMIT,
LOG_METHOD_TYPES,
WALLET_PREFIX,
} from './enums';
/**
* Controller with middleware for logging requests and responses to restricted
* and permissions-related methods.
*/
export class PermissionLogController {
/**
* @param {{ restrictedMethods: Set<string>, initState: Record<string, unknown> }} options - Options bag.
*/
constructor({ restrictedMethods, initState }) {
this.restrictedMethods = restrictedMethods;
this.store = new ObservableStore({
permissionHistory: {},
permissionActivityLog: [],
...initState,
});
}
/**
* Get the restricted method activity log.
*
* @returns {Array<object>} The activity log.
*/
getActivityLog() {
return this.store.getState().permissionActivityLog;
}
/**
* Update the restricted method activity log.
*
* @param {Array<object>} logs - The new activity log array.
*/
updateActivityLog(logs) {
this.store.updateState({ permissionActivityLog: logs });
}
/**
* Get the permission history log.
*
* @returns {object} The permissions history log.
*/
getHistory() {
return this.store.getState().permissionHistory;
}
/**
* Update the permission history log.
*
* @param {object} history - The new permissions history log object.
*/
updateHistory(history) {
this.store.updateState({ permissionHistory: history });
}
/**
* Updates the exposed account history for the given origin.
* Sets the 'last seen' time to Date.now() for the given accounts.
* Does **not** update the 'lastApproved' time for the permission itself.
* Returns if the accounts array is empty.
*
* @param {string} origin - The origin that the accounts are exposed to.
* @param {Array<string>} accounts - The accounts.
*/
updateAccountsHistory(origin, accounts) {
if (accounts.length === 0) {
return;
}
const accountToTimeMap = getAccountToTimeMap(accounts, Date.now());
this.commitNewHistory(origin, {
eth_accounts: {
accounts: accountToTimeMap,
},
});
}
/**
* Create a permissions log middleware. Records permissions activity and history:
*
* Activity: requests and responses for restricted and most wallet_ methods.
*
* History: for each origin, the last time a permission was granted, including
* which accounts were exposed, if any.
*
* @returns {JsonRpcEngineMiddleware} The permissions log middleware.
*/
createMiddleware() {
return (req, res, next, _end) => {
let activityEntry, requestedMethods;
const { origin, method } = req;
const isInternal = method.startsWith(WALLET_PREFIX);
// we only log certain methods
if (
!LOG_IGNORE_METHODS.includes(method) &&
(isInternal || this.restrictedMethods.has(method))
) {
activityEntry = this.logRequest(req, isInternal);
if (method === `${WALLET_PREFIX}requestPermissions`) {
// get the corresponding methods from the requested permissions so
// that we can record permissions history
requestedMethods = this.getRequestedMethods(req);
}
} else if (method === 'eth_requestAccounts') {
// eth_requestAccounts is a special case; we need to extract the accounts
// from it
activityEntry = this.logRequest(req, isInternal);
requestedMethods = ['eth_accounts'];
} else {
// no-op
next();
return;
}
// call next with a return handler for capturing the response
next((cb) => {
const time = Date.now();
this.logResponse(activityEntry, res, time);
if (requestedMethods && !res.error && res.result) {
// any permissions or accounts changes will be recorded on the response,
// so we only log permissions history here
this.logPermissionsHistory(
requestedMethods,
origin,
res.result,
time,
method === 'eth_requestAccounts',
);
}
cb();
});
};
}
/**
* Creates and commits an activity log entry, without response data.
*
* @param {object} request - The request object.
* @param {boolean} isInternal - Whether the request is internal.
*/
logRequest(request, isInternal) {
const activityEntry = {
id: request.id,
method: request.method,
methodType: isInternal
? LOG_METHOD_TYPES.internal
: LOG_METHOD_TYPES.restricted,
origin: request.origin,
requestTime: Date.now(),
responseTime: null,
success: null,
};
this.commitNewActivity(activityEntry);
return activityEntry;
}
/**
* Adds response data to an existing activity log entry.
* Entry assumed already committed (i.e., in the log).
*
* @param {object} entry - The entry to add a response to.
* @param {object} response - The response object.
* @param {number} time - Output from Date.now()
*/
logResponse(entry, response, time) {
if (!entry || !response) {
return;
}
// The JSON-RPC 2.0 specification defines "success" by the presence of
// either the "result" or "error" property. The specification forbids
// both properties from being present simultaneously, and our JSON-RPC
// stack is spec-compliant at the time of writing.
entry.success = Object.hasOwnProperty.call(response, 'result');
entry.responseTime = time;
}
/**
* Commit a new entry to the activity log.
* Removes the oldest entry from the log if it exceeds the log limit.
*
* @param {object} entry - The activity log entry.
*/
commitNewActivity(entry) {
const logs = this.getActivityLog();
// add new entry to end of log
logs.push(entry);
// remove oldest log if exceeding size limit
if (logs.length > LOG_LIMIT) {
logs.shift();
}
this.updateActivityLog(logs);
}
/**
* Create new permissions history log entries, if any, and commit them.
*
* @param {Array<string>} requestedMethods - The method names corresponding to the requested permissions.
* @param {string} origin - The origin of the permissions request.
* @param {Array<IOcapLdCapability} result - The permissions request response.result.
* @param {string} time - The time of the request, i.e. Date.now().
* @param {boolean} isEthRequestAccounts - Whether the permissions request was 'eth_requestAccounts'.
*/
logPermissionsHistory(
requestedMethods,
origin,
result,
time,
isEthRequestAccounts,
) {
let accounts, newEntries;
if (isEthRequestAccounts) {
accounts = result;
const accountToTimeMap = getAccountToTimeMap(accounts, time);
newEntries = {
eth_accounts: {
accounts: accountToTimeMap,
lastApproved: time,
},
};
} else {
// Records new "lastApproved" times for the granted permissions, if any.
// Special handling for eth_accounts, in order to record the time the
// accounts were last seen or approved by the origin.
newEntries = result
.map((perm) => {
if (perm.parentCapability === 'eth_accounts') {
accounts = this.getAccountsFromPermission(perm);
}
return perm.parentCapability;
})
.reduce((acc, method) => {
// all approved permissions will be included in the response,
// not just the newly requested ones
if (requestedMethods.includes(method)) {
if (method === 'eth_accounts') {
const accountToTimeMap = getAccountToTimeMap(accounts, time);
acc[method] = {
lastApproved: time,
accounts: accountToTimeMap,
};
} else {
acc[method] = { lastApproved: time };
}
}
return acc;
}, {});
}
if (Object.keys(newEntries).length > 0) {
this.commitNewHistory(origin, newEntries);
}
}
/**
* Commit new entries to the permissions history log.
* Merges the history for the given origin, overwriting existing entries
* with the same key (permission name).
*
* @param {string} origin - The requesting origin.
* @param {object} newEntries - The new entries to commit.
*/
commitNewHistory(origin, newEntries) {
// a simple merge updates most permissions
const history = this.getHistory();
const newOriginHistory = {
...history[origin],
...newEntries,
};
// eth_accounts requires special handling, because of information
// we store about the accounts
const existingEthAccountsEntry =
history[origin] && history[origin].eth_accounts;
const newEthAccountsEntry = newEntries.eth_accounts;
if (existingEthAccountsEntry && newEthAccountsEntry) {
// we may intend to update just the accounts, not the permission
// itself
const lastApproved =
newEthAccountsEntry.lastApproved ||
existingEthAccountsEntry.lastApproved;
// merge old and new eth_accounts history entries
newOriginHistory.eth_accounts = {
lastApproved,
accounts: {
...existingEthAccountsEntry.accounts,
...newEthAccountsEntry.accounts,
},
};
}
history[origin] = newOriginHistory;
this.updateHistory(history);
}
/**
* Get all requested methods from a permissions request.
*
* @param {object} request - The request object.
* @returns {Array<string>} The names of the requested permissions.
*/
getRequestedMethods(request) {
if (
!request.params ||
!request.params[0] ||
typeof request.params[0] !== 'object' ||
Array.isArray(request.params[0])
) {
return null;
}
return Object.keys(request.params[0]);
}
/**
* Get the permitted accounts from an eth_accounts permissions object.
* Returns an empty array if the permission is not eth_accounts.
*
* @param {object} perm - The permissions object.
* @returns {Array<string>} The permitted accounts.
*/
getAccountsFromPermission(perm) {
if (perm.parentCapability !== 'eth_accounts' || !perm.caveats) {
return [];
}
const accounts = new Set();
for (const caveat of perm.caveats) {
if (
caveat.type === CaveatTypes.restrictReturnedAccounts &&
Array.isArray(caveat.value)
) {
for (const value of caveat.value) {
accounts.add(value);
}
}
}
return [...accounts];
}
}
// helper functions
/**
* Get a map from account addresses to the given time.
*
* @param {Array<string>} accounts - An array of addresses.
* @param {number} time - A time, e.g. Date.now().
* @returns {object} A string:number map of addresses to time.
*/
function getAccountToTimeMap(accounts, time) {
return accounts.reduce((acc, account) => ({ ...acc, [account]: time }), {});
}
View Git Blame Copy Permalink