From d8e6a2e3280a3ae29a095bd3dd2a0a952d763080 Mon Sep 17 00:00:00 2001 From: Frederik Bolding Date: Wed, 18 Jan 2023 14:28:21 +0100 Subject: [PATCH 01/16] snaps-monorepo@1.28.0 --- package.json | 1 - yarn.lock | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/package.json b/package.json index 5b254f74268c..8ef887d728e2 100644 --- a/package.json +++ b/package.json @@ -244,7 +244,6 @@ "@metamask/providers": "^10.2.1", "@metamask/rate-limit-controller": "^1.0.0", "@metamask/rpc-methods": "^0.28.0", - "@metamask/scure-bip39": "^2.0.3", "@metamask/slip44": "^2.1.0", "@metamask/smart-transactions-controller": "^3.1.0", "@metamask/snaps-controllers": "^0.28.0", diff --git a/yarn.lock b/yarn.lock index 88477703f27f..915f1e028451 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4130,16 +4130,6 @@ __metadata: languageName: node linkType: hard -"@metamask/scure-bip39@npm:^2.0.3, @metamask/scure-bip39@npm:^2.1.0": - version: 2.1.0 - resolution: "@metamask/scure-bip39@npm:2.1.0" - dependencies: - "@noble/hashes": ~1.1.1 - "@scure/base": ~1.1.0 - checksum: 13e07f03077472e9b230f702cbba7848ecac752028396647ccdeedd7bc280ceb50ee15203e25603f05c4c6ca5d4dc7277825f7004beb113e1a415adc91f059f9 - languageName: node - linkType: hard - "@metamask/slip44@npm:^2.1.0": version: 2.1.0 resolution: "@metamask/slip44@npm:2.1.0" @@ -24133,8 +24123,7 @@ __metadata: "@metamask/post-message-stream": ^6.0.0 "@metamask/providers": ^10.2.1 "@metamask/rate-limit-controller": ^1.0.0 - "@metamask/rpc-methods": ^0.28.0 - "@metamask/scure-bip39": ^2.0.3 + "@metamask/rpc-methods": ^0.27.1 "@metamask/slip44": ^2.1.0 "@metamask/smart-transactions-controller": ^3.1.0 "@metamask/snaps-controllers": ^0.28.0 From 3a9b1901b6d57b8edb73d70033c558c59a2b6307 Mon Sep 17 00:00:00 2001 From: Frederik Bolding Date: Wed, 18 Jan 2023 14:29:42 +0100 Subject: [PATCH 02/16] Update LavaMoat policies --- lavamoat/browserify/beta/policy.json | 47 +++++++++++++++++++++++++ lavamoat/browserify/flask/policy.json | 49 ++++++++++++++++++++++++++- lavamoat/browserify/main/policy.json | 47 +++++++++++++++++++++++++ 3 files changed, 142 insertions(+), 1 deletion(-) diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index 991880f99780..af28ec11d206 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -1311,6 +1311,41 @@ "browserify>buffer": true } }, + "@metamask/rpc-methods>@metamask/key-tree": { + "packages": { + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true, + "@metamask/utils": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { + "globals": { + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, "@metamask/rpc-methods>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2537,6 +2572,18 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, + "eth-block-tracker>@metamask/utils": { + "globals": { + "TextDecoder": true, + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-ui>superstruct": true, + "browserify>buffer": true, + "nock>debug": true, + "semver": true + } + }, "eth-ens-namehash": { "globals": { "name": "write" diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index 9ae2a3e7f8b6..effddebd8871 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -1315,7 +1315,7 @@ }, "packages": { "@metamask/post-message-stream>readable-stream": true, - "@metamask/utils": true + "eth-block-tracker>@metamask/utils": true } }, "@metamask/post-message-stream>readable-stream": { @@ -1403,6 +1403,41 @@ "browserify>buffer": true } }, + "@metamask/rpc-methods>@metamask/key-tree": { + "packages": { + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true, + "@metamask/utils": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { + "globals": { + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, "@metamask/rpc-methods>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2861,6 +2896,18 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, + "eth-block-tracker>@metamask/utils": { + "globals": { + "TextDecoder": true, + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-ui>superstruct": true, + "browserify>buffer": true, + "nock>debug": true, + "semver": true + } + }, "eth-ens-namehash": { "globals": { "name": "write" diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index 991880f99780..af28ec11d206 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -1311,6 +1311,41 @@ "browserify>buffer": true } }, + "@metamask/rpc-methods>@metamask/key-tree": { + "packages": { + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true, + "@metamask/utils": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { + "globals": { + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-utils>@noble/hashes": true, + "@metamask/snaps-utils>@scure/base": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, + "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": { + "globals": { + "crypto": true + }, + "packages": { + "browserify>browser-resolve": true + } + }, "@metamask/rpc-methods>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2537,6 +2572,18 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, + "eth-block-tracker>@metamask/utils": { + "globals": { + "TextDecoder": true, + "TextEncoder": true + }, + "packages": { + "@metamask/snaps-ui>superstruct": true, + "browserify>buffer": true, + "nock>debug": true, + "semver": true + } + }, "eth-ens-namehash": { "globals": { "name": "write" From 4492ae7553c3100c0b706a7ae29ba355d7d45c3d Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Fri, 20 Jan 2023 16:38:14 +0100 Subject: [PATCH 03/16] pass `excludedPermissions` to `SnapController` --- .../permissions/flask/snap-permissions.js | 9 +++--- app/scripts/metamask-controller.js | 6 ++++ shared/constants/permissions.ts | 29 +++++++++++++++++-- 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/app/scripts/controllers/permissions/flask/snap-permissions.js b/app/scripts/controllers/permissions/flask/snap-permissions.js index f8465ee1b07c..a9981afd0818 100644 --- a/app/scripts/controllers/permissions/flask/snap-permissions.js +++ b/app/scripts/controllers/permissions/flask/snap-permissions.js @@ -12,16 +12,17 @@ import { * @returns {Record>} All endowment permission * specifications. */ -export const buildSnapEndowmentSpecifications = () => - Object.values(endowmentPermissionBuilders).reduce( +export const buildSnapEndowmentSpecifications = () => { + return Object.values(endowmentPermissionBuilders).reduce( (allSpecifications, { targetKey, specificationBuilder }) => { - if (!ExcludedSnapEndowments.has(targetKey)) { + if (!Object.keys(ExcludedSnapEndowments).includes(targetKey)) { allSpecifications[targetKey] = specificationBuilder(); } return allSpecifications; }, {}, ); +}; /** * @param {Record} hooks - The hooks for the Snap @@ -30,7 +31,7 @@ export const buildSnapEndowmentSpecifications = () => export function buildSnapRestrictedMethodSpecifications(hooks) { return Object.values(restrictedMethodPermissionBuilders).reduce( (specifications, { targetKey, specificationBuilder, methodHooks }) => { - if (!ExcludedSnapPermissions.has(targetKey)) { + if (!Object.keys(ExcludedSnapPermissions).includes(targetKey)) { specifications[targetKey] = specificationBuilder({ methodHooks: selectHooks(hooks, methodHooks), }); diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 6947f6eae17e..1f1d9265252b 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -85,6 +85,8 @@ import { RestrictedMethods, ///: BEGIN:ONLY_INCLUDE_IN(flask) EndowmentPermissions, + ExcludedSnapPermissions, + ExcludedSnapEndowments, ///: END:ONLY_INCLUDE_IN } from '../../shared/constants/permissions'; import { UI_NOTIFICATIONS } from '../../shared/notifications'; @@ -780,6 +782,10 @@ export default class MetamaskController extends EventEmitter { this.snapController = new SnapController({ environmentEndowmentPermissions: Object.values(EndowmentPermissions), + excludedPermissions: { + ...ExcludedSnapPermissions, + ...ExcludedSnapEndowments, + }, closeAllConnections: this.removeAllConnections.bind(this), state: initState.SnapController, messenger: snapControllerMessenger, diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index 0b98b3b578ab..e837d1f1d2c5 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -18,6 +18,8 @@ export const RestrictedMethods = Object.freeze({ } as const); ///: BEGIN:ONLY_INCLUDE_IN(flask) +const isMain = process.env.METAMASK_BUILD_TYPE === 'main'; + export const PermissionNamespaces = Object.freeze({ wallet_snap_: 'wallet_snap_*', } as const); @@ -32,6 +34,29 @@ export const EndowmentPermissions = Object.freeze({ } as const); // Methods / permissions in external packages that we are temporarily excluding. -export const ExcludedSnapPermissions = new Set([]); -export const ExcludedSnapEndowments = new Set(['endowment:keyring']); +export const ExcludedFlaskSnapPermissions = { + eth_accounts: + 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', +}; +export const ExcludedStableSnapPermissions = { + eth_accounts: + 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', +}; +export const ExcludedStableSnapEndowments = { + 'endowment:keyring': 'This endowment is not available', + 'endowment:long-running': + 'endowment:long-running is deprecated. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/945. ', +}; + +export const ExcludedFlaskSnapEndowments = { + 'endowment:keyring': 'This endowment is not available', +}; + +export const ExcludedSnapPermissions = isMain + ? ExcludedStableSnapPermissions + : ExcludedFlaskSnapPermissions; + +export const ExcludedSnapEndowments = isMain + ? ExcludedStableSnapEndowments + : ExcludedFlaskSnapEndowments; ///: END:ONLY_INCLUDE_IN From 685b2e1b6fe8216b61b14a47b1edb46713bb0fd7 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Fri, 20 Jan 2023 16:42:35 +0100 Subject: [PATCH 04/16] update useless changes --- .../controllers/permissions/flask/snap-permissions.js | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/app/scripts/controllers/permissions/flask/snap-permissions.js b/app/scripts/controllers/permissions/flask/snap-permissions.js index a9981afd0818..92d4bc52a2c5 100644 --- a/app/scripts/controllers/permissions/flask/snap-permissions.js +++ b/app/scripts/controllers/permissions/flask/snap-permissions.js @@ -12,8 +12,8 @@ import { * @returns {Record>} All endowment permission * specifications. */ -export const buildSnapEndowmentSpecifications = () => { - return Object.values(endowmentPermissionBuilders).reduce( +export const buildSnapEndowmentSpecifications = () => + Object.values(endowmentPermissionBuilders).reduce( (allSpecifications, { targetKey, specificationBuilder }) => { if (!Object.keys(ExcludedSnapEndowments).includes(targetKey)) { allSpecifications[targetKey] = specificationBuilder(); @@ -22,14 +22,13 @@ export const buildSnapEndowmentSpecifications = () => { }, {}, ); -}; /** * @param {Record} hooks - The hooks for the Snap * restricted method implementations. */ -export function buildSnapRestrictedMethodSpecifications(hooks) { - return Object.values(restrictedMethodPermissionBuilders).reduce( +export const buildSnapRestrictedMethodSpecifications = (hooks) => + Object.values(restrictedMethodPermissionBuilders).reduce( (specifications, { targetKey, specificationBuilder, methodHooks }) => { if (!Object.keys(ExcludedSnapPermissions).includes(targetKey)) { specifications[targetKey] = specificationBuilder({ @@ -40,4 +39,3 @@ export function buildSnapRestrictedMethodSpecifications(hooks) { }, {}, ); -} From b05340c47249032be70d56cbc37c8376b2d95586 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 23 Jan 2023 12:55:36 +0100 Subject: [PATCH 05/16] update yarn.lock --- yarn.lock | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/yarn.lock b/yarn.lock index 915f1e028451..a833f1a87e4a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4130,6 +4130,16 @@ __metadata: languageName: node linkType: hard +"@metamask/scure-bip39@npm:^2.0.3, @metamask/scure-bip39@npm:^2.1.0": + version: 2.1.0 + resolution: "@metamask/scure-bip39@npm:2.1.0" + dependencies: + "@noble/hashes": ~1.1.1 + "@scure/base": ~1.1.0 + checksum: 13e07f03077472e9b230f702cbba7848ecac752028396647ccdeedd7bc280ceb50ee15203e25603f05c4c6ca5d4dc7277825f7004beb113e1a415adc91f059f9 + languageName: node + linkType: hard + "@metamask/slip44@npm:^2.1.0": version: 2.1.0 resolution: "@metamask/slip44@npm:2.1.0" @@ -24123,7 +24133,7 @@ __metadata: "@metamask/post-message-stream": ^6.0.0 "@metamask/providers": ^10.2.1 "@metamask/rate-limit-controller": ^1.0.0 - "@metamask/rpc-methods": ^0.27.1 + "@metamask/rpc-methods": ^0.28.0 "@metamask/slip44": ^2.1.0 "@metamask/smart-transactions-controller": ^3.1.0 "@metamask/snaps-controllers": ^0.28.0 From ab266ac2a3bb6054301dc11a6de1259330d33295 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 23 Jan 2023 13:01:04 +0100 Subject: [PATCH 06/16] fix rebase --- package.json | 1 + yarn.lock | 1 + 2 files changed, 2 insertions(+) diff --git a/package.json b/package.json index 8ef887d728e2..5b254f74268c 100644 --- a/package.json +++ b/package.json @@ -244,6 +244,7 @@ "@metamask/providers": "^10.2.1", "@metamask/rate-limit-controller": "^1.0.0", "@metamask/rpc-methods": "^0.28.0", + "@metamask/scure-bip39": "^2.0.3", "@metamask/slip44": "^2.1.0", "@metamask/smart-transactions-controller": "^3.1.0", "@metamask/snaps-controllers": "^0.28.0", diff --git a/yarn.lock b/yarn.lock index a833f1a87e4a..88477703f27f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -24134,6 +24134,7 @@ __metadata: "@metamask/providers": ^10.2.1 "@metamask/rate-limit-controller": ^1.0.0 "@metamask/rpc-methods": ^0.28.0 + "@metamask/scure-bip39": ^2.0.3 "@metamask/slip44": ^2.1.0 "@metamask/smart-transactions-controller": ^3.1.0 "@metamask/snaps-controllers": ^0.28.0 From 08e147dfe65ff7df4bce00a96518c84f3fc16691 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 23 Jan 2023 13:22:46 +0100 Subject: [PATCH 07/16] fix lavamoat after rebase --- lavamoat/browserify/beta/policy.json | 23 +---------------------- lavamoat/browserify/flask/policy.json | 25 ++----------------------- lavamoat/browserify/main/policy.json | 23 +---------------------- 3 files changed, 4 insertions(+), 67 deletions(-) diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index af28ec11d206..7bbbef348563 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -1313,23 +1313,14 @@ }, "@metamask/rpc-methods>@metamask/key-tree": { "packages": { - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/scure-bip39": true, "@metamask/snaps-utils>@noble/hashes": true, "@metamask/snaps-utils>@scure/base": true, "@metamask/utils": true } }, - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { - "globals": { - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-utils>@noble/hashes": true, - "@metamask/snaps-utils>@scure/base": true - } - }, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { "globals": { "crypto": true @@ -2572,18 +2563,6 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, - "eth-block-tracker>@metamask/utils": { - "globals": { - "TextDecoder": true, - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-ui>superstruct": true, - "browserify>buffer": true, - "nock>debug": true, - "semver": true - } - }, "eth-ens-namehash": { "globals": { "name": "write" diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index effddebd8871..8656164214f8 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -1315,7 +1315,7 @@ }, "packages": { "@metamask/post-message-stream>readable-stream": true, - "eth-block-tracker>@metamask/utils": true + "@metamask/utils": true } }, "@metamask/post-message-stream>readable-stream": { @@ -1405,23 +1405,14 @@ }, "@metamask/rpc-methods>@metamask/key-tree": { "packages": { - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/scure-bip39": true, "@metamask/snaps-utils>@noble/hashes": true, "@metamask/snaps-utils>@scure/base": true, "@metamask/utils": true } }, - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { - "globals": { - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-utils>@noble/hashes": true, - "@metamask/snaps-utils>@scure/base": true - } - }, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { "globals": { "crypto": true @@ -2896,18 +2887,6 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, - "eth-block-tracker>@metamask/utils": { - "globals": { - "TextDecoder": true, - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-ui>superstruct": true, - "browserify>buffer": true, - "nock>debug": true, - "semver": true - } - }, "eth-ens-namehash": { "globals": { "name": "write" diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index af28ec11d206..7bbbef348563 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -1313,23 +1313,14 @@ }, "@metamask/rpc-methods>@metamask/key-tree": { "packages": { - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": true, "@metamask/rpc-methods>@metamask/key-tree>@noble/secp256k1": true, + "@metamask/scure-bip39": true, "@metamask/snaps-utils>@noble/hashes": true, "@metamask/snaps-utils>@scure/base": true, "@metamask/utils": true } }, - "@metamask/rpc-methods>@metamask/key-tree>@metamask/scure-bip39": { - "globals": { - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-utils>@noble/hashes": true, - "@metamask/snaps-utils>@scure/base": true - } - }, "@metamask/rpc-methods>@metamask/key-tree>@noble/ed25519": { "globals": { "crypto": true @@ -2572,18 +2563,6 @@ "json-rpc-engine>@metamask/safe-event-emitter": true } }, - "eth-block-tracker>@metamask/utils": { - "globals": { - "TextDecoder": true, - "TextEncoder": true - }, - "packages": { - "@metamask/snaps-ui>superstruct": true, - "browserify>buffer": true, - "nock>debug": true, - "semver": true - } - }, "eth-ens-namehash": { "globals": { "name": "write" From 9ff79ef3fa79aafaf151232dc39e4db105c5194a Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Mon, 23 Jan 2023 16:24:32 +0100 Subject: [PATCH 08/16] fix tests --- shared/constants/permissions.test.js | 8 ++++++-- shared/constants/permissions.ts | 14 +++++++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/shared/constants/permissions.test.js b/shared/constants/permissions.test.js index e12b6ab93721..aa4f9f489934 100644 --- a/shared/constants/permissions.test.js +++ b/shared/constants/permissions.test.js @@ -11,7 +11,10 @@ describe('EndowmentPermissions', () => { it('has the expected permission keys', () => { expect(Object.keys(EndowmentPermissions).sort()).toStrictEqual( Object.keys(endowmentPermissionBuilders) - .filter((targetKey) => !ExcludedSnapEndowments.has(targetKey)) + .filter( + (targetKey) => + !Object.keys(ExcludedSnapEndowments).includes(targetKey), + ) .sort(), ); }); @@ -23,7 +26,8 @@ describe('RestrictedMethods', () => { [ 'eth_accounts', ...Object.keys(restrictedMethodPermissionBuilders).filter( - (targetKey) => !ExcludedSnapPermissions.has(targetKey), + (targetKey) => + !Object.keys(ExcludedSnapPermissions).includes(targetKey), ), ].sort(), ); diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index e837d1f1d2c5..36c63e3372e7 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -24,7 +24,15 @@ export const PermissionNamespaces = Object.freeze({ wallet_snap_: 'wallet_snap_*', } as const); -export const EndowmentPermissions = Object.freeze({ +export const StableEndowmentPermissions = Object.freeze({ + 'endowment:network-access': 'endowment:network-access', + 'endowment:transaction-insight': 'endowment:transaction-insight', + 'endowment:cronjob': 'endowment:cronjob', + 'endowment:ethereum-provider': 'endowment:ethereum-provider', + 'endowment:rpc': 'endowment:rpc', +} as const); + +export const FlaskEndowmentPermissions = Object.freeze({ 'endowment:network-access': 'endowment:network-access', 'endowment:long-running': 'endowment:long-running', 'endowment:transaction-insight': 'endowment:transaction-insight', @@ -52,6 +60,10 @@ export const ExcludedFlaskSnapEndowments = { 'endowment:keyring': 'This endowment is not available', }; +export const EndowmentPermissions = isMain + ? StableEndowmentPermissions + : FlaskEndowmentPermissions; + export const ExcludedSnapPermissions = isMain ? ExcludedStableSnapPermissions : ExcludedFlaskSnapPermissions; From dd0912c06ae17bef94b65aa7f999048b069d74c3 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Tue, 24 Jan 2023 16:51:57 +0100 Subject: [PATCH 09/16] address requested changes --- app/scripts/metamask-controller.js | 7 +++---- shared/constants/flask/environment.js | 2 ++ shared/constants/flask/index.js | 1 + shared/constants/permissions.ts | 23 +++++++++++------------ 4 files changed, 17 insertions(+), 16 deletions(-) create mode 100644 shared/constants/flask/environment.js create mode 100644 shared/constants/flask/index.js diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 1f1d9265252b..8b0f63c68830 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -112,6 +112,9 @@ import { STATIC_MAINNET_TOKEN_LIST } from '../../shared/constants/tokens'; import { getTokenValueParam } from '../../shared/lib/metamask-controller-utils'; import { isManifestV3 } from '../../shared/modules/mv3.utils'; import { hexToDecimal } from '../../shared/modules/conversion.utils'; +///: BEGIN:ONLY_INCLUDE_IN(flask) +import { isMain, isFlask } from '../../shared/constants/flask'; +///: END:ONLY_INCLUDE_IN import { onMessageReceived, checkForMultipleVersionsRunning, @@ -168,7 +171,6 @@ import { ///: BEGIN:ONLY_INCLUDE_IN(flask) buildSnapEndowmentSpecifications, buildSnapRestrictedMethodSpecifications, - ///: END:ONLY_INCLUDE_IN } from './controllers/permissions'; import createRPCMethodTrackingMiddleware from './lib/createRPCMethodTrackingMiddleware'; import { securityProviderCheck } from './lib/security-provider-helpers'; @@ -777,9 +779,6 @@ export default class MetamaskController extends EventEmitter { ], }); - const isMain = process.env.METAMASK_BUILD_TYPE === 'main'; - const isFlask = process.env.METAMASK_BUILD_TYPE === 'flask'; - this.snapController = new SnapController({ environmentEndowmentPermissions: Object.values(EndowmentPermissions), excludedPermissions: { diff --git a/shared/constants/flask/environment.js b/shared/constants/flask/environment.js new file mode 100644 index 000000000000..ffc551ccdce1 --- /dev/null +++ b/shared/constants/flask/environment.js @@ -0,0 +1,2 @@ +export const isMain = process.env.METAMASK_BUILD_TYPE === 'main'; +export const isFlask = process.env.METAMASK_BUILD_TYPE === 'flask'; diff --git a/shared/constants/flask/index.js b/shared/constants/flask/index.js new file mode 100644 index 000000000000..5d04aebd171e --- /dev/null +++ b/shared/constants/flask/index.js @@ -0,0 +1 @@ +export * from './environment'; diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index 36c63e3372e7..b0e12e7e8c89 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -1,3 +1,7 @@ +///: BEGIN:ONLY_INCLUDE_IN(flask) +import { isMain } from './flask'; +///: END:ONLY_INCLUDE_IN + export const CaveatTypes = Object.freeze({ restrictReturnedAccounts: 'restrictReturnedAccounts' as const, }); @@ -18,13 +22,12 @@ export const RestrictedMethods = Object.freeze({ } as const); ///: BEGIN:ONLY_INCLUDE_IN(flask) -const isMain = process.env.METAMASK_BUILD_TYPE === 'main'; export const PermissionNamespaces = Object.freeze({ wallet_snap_: 'wallet_snap_*', } as const); -export const StableEndowmentPermissions = Object.freeze({ +const StableEndowmentPermissions = Object.freeze({ 'endowment:network-access': 'endowment:network-access', 'endowment:transaction-insight': 'endowment:transaction-insight', 'endowment:cronjob': 'endowment:cronjob', @@ -32,31 +35,27 @@ export const StableEndowmentPermissions = Object.freeze({ 'endowment:rpc': 'endowment:rpc', } as const); -export const FlaskEndowmentPermissions = Object.freeze({ - 'endowment:network-access': 'endowment:network-access', +const FlaskEndowmentPermissions = Object.freeze({ + ...StableEndowmentPermissions, 'endowment:long-running': 'endowment:long-running', - 'endowment:transaction-insight': 'endowment:transaction-insight', - 'endowment:cronjob': 'endowment:cronjob', - 'endowment:ethereum-provider': 'endowment:ethereum-provider', - 'endowment:rpc': 'endowment:rpc', } as const); // Methods / permissions in external packages that we are temporarily excluding. -export const ExcludedFlaskSnapPermissions = { +const ExcludedFlaskSnapPermissions = { eth_accounts: 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', }; -export const ExcludedStableSnapPermissions = { +const ExcludedStableSnapPermissions = { eth_accounts: 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', }; -export const ExcludedStableSnapEndowments = { +const ExcludedStableSnapEndowments = { 'endowment:keyring': 'This endowment is not available', 'endowment:long-running': 'endowment:long-running is deprecated. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/945. ', }; -export const ExcludedFlaskSnapEndowments = { +const ExcludedFlaskSnapEndowments = { 'endowment:keyring': 'This endowment is not available', }; From 77d336dd3988fb232490a808cfcd4e34c7f02f02 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Tue, 24 Jan 2023 17:01:56 +0100 Subject: [PATCH 10/16] fix code fencing --- app/scripts/metamask-controller.js | 1 + 1 file changed, 1 insertion(+) diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 8b0f63c68830..382d7067de05 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -171,6 +171,7 @@ import { ///: BEGIN:ONLY_INCLUDE_IN(flask) buildSnapEndowmentSpecifications, buildSnapRestrictedMethodSpecifications, + ///: END:ONLY_INCLUDE_IN } from './controllers/permissions'; import createRPCMethodTrackingMiddleware from './lib/createRPCMethodTrackingMiddleware'; import { securityProviderCheck } from './lib/security-provider-helpers'; From f75d72b3ff148d0ac8c99753357a9c35ce39e317 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Wed, 25 Jan 2023 16:33:03 +0100 Subject: [PATCH 11/16] move environment file --- app/scripts/metamask-controller.js | 2 +- shared/constants/{flask => }/environment.js | 0 shared/constants/flask/index.js | 1 - shared/constants/permissions.ts | 2 +- 4 files changed, 2 insertions(+), 3 deletions(-) rename shared/constants/{flask => }/environment.js (100%) delete mode 100644 shared/constants/flask/index.js diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 382d7067de05..a7eafe5a4bd4 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -113,7 +113,7 @@ import { getTokenValueParam } from '../../shared/lib/metamask-controller-utils'; import { isManifestV3 } from '../../shared/modules/mv3.utils'; import { hexToDecimal } from '../../shared/modules/conversion.utils'; ///: BEGIN:ONLY_INCLUDE_IN(flask) -import { isMain, isFlask } from '../../shared/constants/flask'; +import { isMain, isFlask } from '../../shared/constants/environment'; ///: END:ONLY_INCLUDE_IN import { onMessageReceived, diff --git a/shared/constants/flask/environment.js b/shared/constants/environment.js similarity index 100% rename from shared/constants/flask/environment.js rename to shared/constants/environment.js diff --git a/shared/constants/flask/index.js b/shared/constants/flask/index.js deleted file mode 100644 index 5d04aebd171e..000000000000 --- a/shared/constants/flask/index.js +++ /dev/null @@ -1 +0,0 @@ -export * from './environment'; diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index b0e12e7e8c89..1895260890e1 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -1,5 +1,5 @@ ///: BEGIN:ONLY_INCLUDE_IN(flask) -import { isMain } from './flask'; +import { isMain } from './environment'; ///: END:ONLY_INCLUDE_IN export const CaveatTypes = Object.freeze({ From 7a6fc5d24e2370d125033328d7a6848e1d7e3875 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Wed, 1 Feb 2023 17:25:16 +0100 Subject: [PATCH 12/16] Freeze objects and update messages --- shared/constants/permissions.ts | 40 +++++++++++++++++---------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index 1895260890e1..e55fcf7aa4a0 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -41,33 +41,35 @@ const FlaskEndowmentPermissions = Object.freeze({ } as const); // Methods / permissions in external packages that we are temporarily excluding. -const ExcludedFlaskSnapPermissions = { +const ExcludedFlaskSnapPermissions = Object.freeze({ eth_accounts: 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', -}; -const ExcludedStableSnapPermissions = { +}); +const ExcludedStableSnapPermissions = Object.freeze({ eth_accounts: 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', -}; -const ExcludedStableSnapEndowments = { - 'endowment:keyring': 'This endowment is not available', +}); +const ExcludedStableSnapEndowments = Object.freeze({ + 'endowment:keyring': + 'This endowment is still in development therefore not available.', 'endowment:long-running': 'endowment:long-running is deprecated. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/945. ', -}; +}); -const ExcludedFlaskSnapEndowments = { - 'endowment:keyring': 'This endowment is not available', -}; +const ExcludedFlaskSnapEndowments = Object.freeze({ + 'endowment:keyring': + 'This endowment is still in development therefore not available.', +}); -export const EndowmentPermissions = isMain - ? StableEndowmentPermissions - : FlaskEndowmentPermissions; +export const EndowmentPermissions = Object.freeze( + isMain ? StableEndowmentPermissions : FlaskEndowmentPermissions, +); -export const ExcludedSnapPermissions = isMain - ? ExcludedStableSnapPermissions - : ExcludedFlaskSnapPermissions; +export const ExcludedSnapPermissions = Object.freeze( + isMain ? ExcludedStableSnapPermissions : ExcludedFlaskSnapPermissions, +); -export const ExcludedSnapEndowments = isMain - ? ExcludedStableSnapEndowments - : ExcludedFlaskSnapEndowments; +export const ExcludedSnapEndowments = Object.freeze( + isMain ? ExcludedStableSnapEndowments : ExcludedFlaskSnapEndowments, +); ///: END:ONLY_INCLUDE_IN From 4f90b7aa85d1030de22e304a870c0ebd9b2dfeca Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Wed, 1 Feb 2023 17:35:11 +0100 Subject: [PATCH 13/16] remove useless freeze --- shared/constants/permissions.ts | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index e55fcf7aa4a0..e4fd7fa74f33 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -61,15 +61,16 @@ const ExcludedFlaskSnapEndowments = Object.freeze({ 'This endowment is still in development therefore not available.', }); -export const EndowmentPermissions = Object.freeze( - isMain ? StableEndowmentPermissions : FlaskEndowmentPermissions, -); +export const EndowmentPermissions = isMain + ? StableEndowmentPermissions + : FlaskEndowmentPermissions; -export const ExcludedSnapPermissions = Object.freeze( - isMain ? ExcludedStableSnapPermissions : ExcludedFlaskSnapPermissions, -); +export const ExcludedSnapPermissions = isMain + ? ExcludedStableSnapPermissions + : ExcludedFlaskSnapPermissions; + +export const ExcludedSnapEndowments = isMain + ? ExcludedStableSnapEndowments + : ExcludedFlaskSnapEndowments; -export const ExcludedSnapEndowments = Object.freeze( - isMain ? ExcludedStableSnapEndowments : ExcludedFlaskSnapEndowments, -); ///: END:ONLY_INCLUDE_IN From 011ccae7765877d9d4c0750c5a37bb0e946d3b70 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Tue, 7 Feb 2023 15:41:15 +0100 Subject: [PATCH 14/16] use code fencing --- shared/constants/permissions.ts | 42 ++++++--------------------------- 1 file changed, 7 insertions(+), 35 deletions(-) diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index e4fd7fa74f33..6b016ed862e8 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -1,7 +1,3 @@ -///: BEGIN:ONLY_INCLUDE_IN(flask) -import { isMain } from './environment'; -///: END:ONLY_INCLUDE_IN - export const CaveatTypes = Object.freeze({ restrictReturnedAccounts: 'restrictReturnedAccounts' as const, }); @@ -22,55 +18,31 @@ export const RestrictedMethods = Object.freeze({ } as const); ///: BEGIN:ONLY_INCLUDE_IN(flask) - +/** + * Exclude permissions by code fencing them to avoid any potential usage of excluded permissions at runtime. See: https://github.com/MetaMask/metamask-extension/pull/17321#pullrequestreview-1287014285 + * TODO: Disable endowment:long-running and eth_account in stable. + */ export const PermissionNamespaces = Object.freeze({ wallet_snap_: 'wallet_snap_*', } as const); -const StableEndowmentPermissions = Object.freeze({ +export const EndowmentPermissions = Object.freeze({ 'endowment:network-access': 'endowment:network-access', 'endowment:transaction-insight': 'endowment:transaction-insight', 'endowment:cronjob': 'endowment:cronjob', 'endowment:ethereum-provider': 'endowment:ethereum-provider', 'endowment:rpc': 'endowment:rpc', -} as const); - -const FlaskEndowmentPermissions = Object.freeze({ - ...StableEndowmentPermissions, 'endowment:long-running': 'endowment:long-running', } as const); // Methods / permissions in external packages that we are temporarily excluding. -const ExcludedFlaskSnapPermissions = Object.freeze({ - eth_accounts: - 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', -}); -const ExcludedStableSnapPermissions = Object.freeze({ +export const ExcludedSnapPermissions = Object.freeze({ eth_accounts: 'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.', }); -const ExcludedStableSnapEndowments = Object.freeze({ - 'endowment:keyring': - 'This endowment is still in development therefore not available.', - 'endowment:long-running': - 'endowment:long-running is deprecated. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/945. ', -}); -const ExcludedFlaskSnapEndowments = Object.freeze({ +export const ExcludedSnapEndowments = Object.freeze({ 'endowment:keyring': 'This endowment is still in development therefore not available.', }); - -export const EndowmentPermissions = isMain - ? StableEndowmentPermissions - : FlaskEndowmentPermissions; - -export const ExcludedSnapPermissions = isMain - ? ExcludedStableSnapPermissions - : ExcludedFlaskSnapPermissions; - -export const ExcludedSnapEndowments = isMain - ? ExcludedStableSnapEndowments - : ExcludedFlaskSnapEndowments; - ///: END:ONLY_INCLUDE_IN From ae1e91477112da4cdd272993025af04bf6ad7c08 Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Tue, 7 Feb 2023 16:30:39 +0100 Subject: [PATCH 15/16] add ref to issues --- shared/constants/permissions.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/constants/permissions.ts b/shared/constants/permissions.ts index 6b016ed862e8..fd57e4f5e4da 100644 --- a/shared/constants/permissions.ts +++ b/shared/constants/permissions.ts @@ -19,7 +19,8 @@ export const RestrictedMethods = Object.freeze({ ///: BEGIN:ONLY_INCLUDE_IN(flask) /** - * Exclude permissions by code fencing them to avoid any potential usage of excluded permissions at runtime. See: https://github.com/MetaMask/metamask-extension/pull/17321#pullrequestreview-1287014285 + * Exclude permissions by code fencing them to avoid any potential usage of excluded permissions at runtime. See: https://github.com/MetaMask/metamask-extension/pull/17321#pullrequestreview-1287014285. + * This is a fix for https://github.com/MetaMask/snaps-monorepo/issues/1103 and https://github.com/MetaMask/snaps-monorepo/issues/990. * TODO: Disable endowment:long-running and eth_account in stable. */ export const PermissionNamespaces = Object.freeze({ From 0de6123caae5d7b8a2011707097dcc063b6e581c Mon Sep 17 00:00:00 2001 From: Guillaume Roux Date: Wed, 8 Feb 2023 15:24:54 +0100 Subject: [PATCH 16/16] re-trigger CI