mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-11-26 20:39:08 +01:00
1175b4bfa7
This PR makes ~all named intrinsics in all of our JavaScript processes non-modifiable. A named intrinsic is any property specified by the ECMAScript specification that exists on `globalThis` when the JavaScript process starts. We say that a property is non-modifiable if it is non-configurable and non-writable. We make exceptions for properties that meet any of the following criteria: 1. Properties that are non-configurable by the time `lockdown-run.js` is executed are not modified, because they can't be. 2. Properties that have accessor properties (`get` or `set`) are made non-configurable, but their writability cannot be modified, and is therefore left unchanged. It's unclear how many of the named intrinsics this applies to, if any, but it's good defensive programming, regardless.
72 lines
2.0 KiB
JavaScript
72 lines
2.0 KiB
JavaScript
import 'ses/lockdown';
|
|
import '../../app/scripts/lockdown-run';
|
|
import { strict as assert } from 'assert';
|
|
|
|
// These are Agoric inventions, and we don't care about them.
|
|
const ignoreList = new Set([
|
|
'Compartment',
|
|
'HandledPromise',
|
|
'StaticModuleRecord',
|
|
]);
|
|
|
|
describe('non-modifiable intrinsics', function () {
|
|
const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);
|
|
|
|
const globalProperties = new Set(
|
|
[
|
|
// Added to global scope by ses/dist/lockdown.cjs.
|
|
...namedIntrinsics,
|
|
|
|
// TODO: Also include the named platform globals
|
|
// This grabs every enumerable property on globalThis.
|
|
// ...Object.keys(globalThis),
|
|
].filter((propertyName) => !ignoreList.has(propertyName)),
|
|
);
|
|
|
|
globalProperties.forEach((propertyName) => {
|
|
it(`intrinsic globalThis["${propertyName}"]`, function () {
|
|
const descriptor = Reflect.getOwnPropertyDescriptor(
|
|
globalThis,
|
|
propertyName,
|
|
);
|
|
|
|
assert.ok(
|
|
descriptor,
|
|
`globalThis["${propertyName}"] should have a descriptor`,
|
|
);
|
|
|
|
// As long as Object.isFrozen is the true Object.isFrozen, the object
|
|
// it is called with cannot lie about being frozen.
|
|
const value = globalThis[propertyName];
|
|
if (value !== globalThis) {
|
|
assert.equal(
|
|
Object.isFrozen(value),
|
|
true,
|
|
`value of universal property globalThis["${propertyName}"] should be frozen`,
|
|
);
|
|
}
|
|
|
|
// The writability of properties with accessors cannot be modified.
|
|
if ('set' in descriptor || 'get' in descriptor) {
|
|
assert.equal(
|
|
descriptor.configurable,
|
|
false,
|
|
`globalThis["${propertyName}"] should be non-configurable`,
|
|
);
|
|
} else {
|
|
assert.equal(
|
|
descriptor.configurable,
|
|
false,
|
|
`globalThis["${propertyName}"] should be non-configurable`,
|
|
);
|
|
|
|
assert.equal(
|
|
descriptor.writable,
|
|
false,
|
|
`globalThis["${propertyName}"] should be non-writable`,
|
|
);
|
|
}
|
|
});
|
|
});
|
|
});
|