@metamask/snaps-controllers 3.1.0 → 3.2.0

package/CHANGELOG.md

@@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.2.0]
+### Added
+- Add support for links in custom UI and notifications ([#1814](https://github.com/MetaMask/snaps/pull/1814))
+
+### Fixed
+- Fix an issue where snaps throwing a `SnapError` would be allowed to run for longer than expected ([#1897](https://github.com/MetaMask/snaps/pull/1897))
+
+## [3.1.1]
+### Fixed
+- Fix a few issues with allowlist version resolving ([#1888](https://github.com/MetaMask/snaps/pull/1888))
+
 ## [3.1.0]
 ### Added
 - Add static file API ([#1836](https://github.com/MetaMask/snaps/pull/1836))
@@ -90,7 +101,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.2.0...HEAD
+[3.2.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.1...@metamask/snaps-controllers@3.2.0
+[3.1.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.1.0...@metamask/snaps-controllers@3.1.1
 [3.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@3.0.0...@metamask/snaps-controllers@3.1.0
 [3.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@2.0.2...@metamask/snaps-controllers@3.0.0
 [2.0.2]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@2.0.1...@metamask/snaps-controllers@2.0.2

package/dist/cjs/snaps/SnapController.js

@@ -29,6 +29,7 @@ const _basecontroller = require("@metamask/base-controller");
 const _permissioncontroller = require("@metamask/permission-controller");
 const _rpcerrors = require("@metamask/rpc-errors");
 const _snapsrpcmethods = require("@metamask/snaps-rpc-methods");
+const _snapsui = require("@metamask/snaps-ui");
 const _snapsutils = require("@metamask/snaps-utils");
 const _utils = require("@metamask/utils");
 const _fsm = require("@xstate/fsm");
@@ -192,7 +193,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The id of the Snap whose message handler to get.
    * @returns The RPC handler for the given snap.
-   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
+   */ _getRpcRequestHandler = /*#__PURE__*/ new WeakSet(), _assertSnapRpcRequestResult = /*#__PURE__*/ new WeakSet(), _executeWithTimeout = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestStart = /*#__PURE__*/ new WeakSet(), _recordSnapRpcRequestFinish = /*#__PURE__*/ new WeakSet(), /**
    * Retrieves the rollback snapshot of a snap.
    *
    * @param snapId - The snap id.
@@ -597,16 +598,15 @@ class SnapController extends _basecontroller.BaseControllerV2 {
         try {
             for (const [snapId, { version: rawVersion }] of Object.entries(requestedSnaps)){
                 (0, _snapsutils.assertIsValidSnapId)(snapId);
-                const [error, resolvedVersion] = (0, _snapsutils.resolveVersionRange)(rawVersion);
+                const [error, version] = (0, _snapsutils.resolveVersionRange)(rawVersion);
                 if (error) {
                     throw _rpcerrors.rpcErrors.invalidParams(`The "version" field must be a valid SemVer version range if specified. Received: "${rawVersion}".`);
                 }
-                // If we are running in allowlist mode, try to match the version with an allowlist version.
-                const version = _class_private_field_get(this, _featureFlags).requireAllowlist ? await _class_private_method_get(this, _resolveAllowlistVersion, resolveAllowlistVersion).call(this, snapId, resolvedVersion) : resolvedVersion;
                 const location = _class_private_field_get(this, _detectSnapLocation).call(this, snapId, {
                     versionRange: version,
                     fetch: _class_private_field_get(this, _fetchFunction),
-                    allowLocal: _class_private_field_get(this, _featureFlags).allowLocalSnaps
+                    allowLocal: _class_private_field_get(this, _featureFlags).allowLocalSnaps,
+                    resolveVersion: async (range)=>_class_private_field_get(this, _featureFlags).requireAllowlist ? await _class_private_method_get(this, _resolveAllowlistVersion, resolveAllowlistVersion).call(this, snapId, range) : range
                 });
                 // Existing snaps may need to be updated, unless they should be re-installed (e.g. local snaps)
                 // Everything else is treated as an install
@@ -1022,6 +1022,12 @@ class SnapController extends _basecontroller.BaseControllerV2 {
         _class_private_method_init(this, _validateSnapPermissions);
         _class_private_method_init(this, _getRpcRequestHandler);
         /**
+   * Asserts that the returned result of a Snap RPC call is the expected shape.
+   *
+   * @param handlerType - The handler type of the RPC Request.
+   * @param result - The result of the RPC request.
+   */ _class_private_method_init(this, _assertSnapRpcRequestResult);
+        /**
    * Awaits the specified promise and rejects if the promise doesn't resolve
    * before the timeout.
    *
@@ -1562,7 +1568,7 @@ function getRpcRequestHandler(snapId) {
         // This will either get the result or reject due to the timeout.
         try {
             const result = await _class_private_method_get(this, _executeWithTimeout, executeWithTimeout).call(this, handleRpcRequestPromise, timer);
-            _class_private_method_get(this, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish).call(this, snapId, request.id);
+            await _class_private_method_get(this, _assertSnapRpcRequestResult, assertSnapRpcRequestResult).call(this, handlerType, result);
             return result;
         } catch (error) {
             const [jsonRpcError, handled] = (0, _snapsutils.unwrapError)(error);
@@ -1570,11 +1576,24 @@ function getRpcRequestHandler(snapId) {
                 await this.stopSnap(snapId, _snapsutils.SnapStatusEvents.Crash);
             }
             throw jsonRpcError;
+        } finally{
+            _class_private_method_get(this, _recordSnapRpcRequestFinish, recordSnapRpcRequestFinish).call(this, snapId, request.id);
         }
     };
     runtime.rpcHandler = rpcHandler;
     return rpcHandler;
 }
+async function assertSnapRpcRequestResult(handlerType, result) {
+    switch(handlerType){
+        case _snapsutils.HandlerType.OnTransaction:
+            (0, _utils.assertStruct)(result, _snapsutils.OnTransactionResponseStruct);
+            await this.messagingSystem.call('PhishingController:maybeUpdateState');
+            await (0, _snapsui.assertUILinksAreSafe)(result.content, (url)=>this.messagingSystem.call('PhishingController:testOrigin', url).result);
+            break;
+        default:
+            break;
+    }
+}
 async function executeWithTimeout(promise, timer) {
     const result = await (0, _utils1.withTimeout)(promise, timer ?? this.maxRequestTime);
     if (result === _utils1.hasTimedOut) {