Some security measures

KaffinPX · Jun 24, 2024 · 35775c8 · 35775c8
1 parent 59ba188
commit 35775c8
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 2 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -3,6 +3,19 @@ name: Tests
 on: [ push, pull_request ]
 
 jobs:
+  Test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: 1.0.31
+      - name: Install Dependencies
+        run: bun install
+      - name: Check Dependencies
+        run: bun run ./tests/security
   build:
     name: Build
     runs-on: ubuntu-latest

diff --git a/bun.lockb b/bun.lockb
diff --git a/package.json b/package.json
@@ -12,6 +12,7 @@
   "license": "GPL-3",
   "devDependencies": {
     "@crxjs/vite-plugin": "^2.0.0-beta.23",
+    "@types/bun": "^1.1.5",
     "@types/chrome": "^0.0.254",
     "@types/node": "^20.10.5",
     "@types/react": "^18.0.28",

diff --git a/src/contexts/Kaspa.tsx b/src/contexts/Kaspa.tsx
@@ -16,7 +16,7 @@ export interface IKaspa {
 export const defaultState: IKaspa = {
   status: Status.Uninitialized,
   connected: false,
-  addresses: [ [], [] ],
+  addresses: [[], []],
   balance: 0,
   utxos: [],
   connectedURL: "" 

diff --git a/tests/security.ts b/tests/security.ts
@@ -0,0 +1,20 @@
+import { readdir } from "node:fs/promises"
+
+const files = await readdir('./node_modules', { recursive: true })
+let findings: string[] = []
+
+for (const directory of files) {
+  const file = Bun.file('./node_modules/' + directory)
+
+  if (file.type.startsWith('text/javascript')) {
+    const content = await file.text().catch(err => { 
+      if (err.code === 'EISDIR') return
+      else throw err
+    })
+
+
+    if (content && (content.includes('fetch') || content.includes('XMLHttpRequest') || content.includes('WebSocket'))) findings.push(directory)
+  }
+}
+
+console.log(findings.join('\n'))
diff --git a/vite.config.ts b/vite.config.ts
@@ -33,7 +33,7 @@ const manifest: ManifestV3Export = {
     }
   },
   content_security_policy: {
-    extension_pages: "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'"
+    extension_pages: "script-src 'self'; object-src 'self'"
   },
   default_locale: "en"
 }