@metamask/snaps-execution-environments 0.35.2-flask.1 → 0.36.1-flask.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -1
- package/dist/browserify/iframe/bundle.js +4 -4
- package/dist/browserify/node-process/bundle.js +2 -2
- package/dist/browserify/node-thread/bundle.js +2 -2
- package/dist/browserify/worker-executor/bundle.js +4 -4
- package/dist/cjs/common/utils.js +20 -3
- package/dist/cjs/common/utils.js.map +1 -1
- package/dist/esm/common/utils.js +18 -3
- package/dist/esm/common/utils.js.map +1 -1
- package/dist/types/common/utils.d.ts +1 -0
- package/package.json +4 -4
package/dist/cjs/common/utils.js
CHANGED
|
@@ -18,6 +18,9 @@ _export(exports, {
|
|
|
18
18
|
proxyStreamProvider: function() {
|
|
19
19
|
return proxyStreamProvider;
|
|
20
20
|
},
|
|
21
|
+
BLOCKED_RPC_METHODS: function() {
|
|
22
|
+
return BLOCKED_RPC_METHODS;
|
|
23
|
+
},
|
|
21
24
|
assertSnapOutboundRequest: function() {
|
|
22
25
|
return assertSnapOutboundRequest;
|
|
23
26
|
},
|
|
@@ -82,11 +85,25 @@ function proxyStreamProvider(provider, request) {
|
|
|
82
85
|
});
|
|
83
86
|
return proxy;
|
|
84
87
|
}
|
|
85
|
-
// We're blocking these RPC methods for v1, will revisit later.
|
|
86
88
|
const BLOCKED_RPC_METHODS = Object.freeze([
|
|
87
|
-
'eth_requestAccounts',
|
|
88
89
|
'wallet_requestSnaps',
|
|
89
|
-
'wallet_requestPermissions'
|
|
90
|
+
'wallet_requestPermissions',
|
|
91
|
+
// We disallow all of these confirmations for now, since the screens are not ready for Snaps.
|
|
92
|
+
'eth_sendRawTransaction',
|
|
93
|
+
'eth_sendTransaction',
|
|
94
|
+
'personal_sign',
|
|
95
|
+
'eth_sign',
|
|
96
|
+
'eth_signTypedData',
|
|
97
|
+
'eth_signTypedData_v1',
|
|
98
|
+
'eth_signTypedData_v3',
|
|
99
|
+
'eth_signTypedData_v4',
|
|
100
|
+
'eth_decrypt',
|
|
101
|
+
'eth_getEncryptionPublicKey',
|
|
102
|
+
'wallet_addEthereumChain',
|
|
103
|
+
'wallet_switchEthereumChain',
|
|
104
|
+
'wallet_watchAsset',
|
|
105
|
+
'wallet_registerOnboarding',
|
|
106
|
+
'wallet_scanQRCode'
|
|
90
107
|
]);
|
|
91
108
|
function assertSnapOutboundRequest(args) {
|
|
92
109
|
// Disallow any non `wallet_` or `snap_` methods for separation of concerns.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/common/utils.ts"],"sourcesContent":["import { StreamProvider } from '@metamask/providers';\nimport { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport { assert, assertStruct, JsonStruct } from '@metamask/utils';\nimport { ethErrors } from 'eth-rpc-errors';\n\nimport { log } from '../logging';\n\n/**\n * Takes an error that was thrown, determines if it is\n * an error object. If it is then it will return that. Otherwise,\n * an error object is created with the original error message.\n *\n * @param originalError - The error that was originally thrown.\n * @returns An error object.\n */\nexport function constructError(originalError: unknown) {\n let _originalError: Error | undefined;\n if (originalError instanceof Error) {\n _originalError = originalError;\n } else if (typeof originalError === 'string') {\n _originalError = new Error(originalError);\n // The stack is useless in this case.\n delete _originalError.stack;\n }\n return _originalError;\n}\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<T>(\n originalPromise: Promise<T>,\n teardownRef: { lastTeardown: number },\n): Promise<T> {\n const myTeardown = teardownRef.lastTeardown;\n return new Promise<T>((resolve, reject) => {\n originalPromise\n .then((value) => {\n if (teardownRef.lastTeardown === myTeardown) {\n resolve(value);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n })\n .catch((reason) => {\n if (teardownRef.lastTeardown === myTeardown) {\n reject(reason);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n });\n });\n}\n\n/**\n * Returns a Proxy that narrows down (attenuates) the fields available on\n * the StreamProvider and replaces the request implementation.\n *\n * @param provider - Instance of a StreamProvider to be limited.\n * @param request - Custom attenuated request object.\n * @returns Proxy to the StreamProvider instance.\n */\nexport function proxyStreamProvider(\n provider: StreamProvider,\n request: unknown,\n): StreamProvider {\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const proxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return (\n typeof prop === 'string' &&\n ['request', 'on', 'removeListener'].includes(prop)\n );\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n } else if (['on', 'removeListener'].includes(prop)) {\n return provider[prop];\n }\n\n return undefined;\n },\n },\n );\n\n return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\
|
|
1
|
+
{"version":3,"sources":["../../../src/common/utils.ts"],"sourcesContent":["import { StreamProvider } from '@metamask/providers';\nimport { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport { assert, assertStruct, JsonStruct } from '@metamask/utils';\nimport { ethErrors } from 'eth-rpc-errors';\n\nimport { log } from '../logging';\n\n/**\n * Takes an error that was thrown, determines if it is\n * an error object. If it is then it will return that. Otherwise,\n * an error object is created with the original error message.\n *\n * @param originalError - The error that was originally thrown.\n * @returns An error object.\n */\nexport function constructError(originalError: unknown) {\n let _originalError: Error | undefined;\n if (originalError instanceof Error) {\n _originalError = originalError;\n } else if (typeof originalError === 'string') {\n _originalError = new Error(originalError);\n // The stack is useless in this case.\n delete _originalError.stack;\n }\n return _originalError;\n}\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<T>(\n originalPromise: Promise<T>,\n teardownRef: { lastTeardown: number },\n): Promise<T> {\n const myTeardown = teardownRef.lastTeardown;\n return new Promise<T>((resolve, reject) => {\n originalPromise\n .then((value) => {\n if (teardownRef.lastTeardown === myTeardown) {\n resolve(value);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n })\n .catch((reason) => {\n if (teardownRef.lastTeardown === myTeardown) {\n reject(reason);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n });\n });\n}\n\n/**\n * Returns a Proxy that narrows down (attenuates) the fields available on\n * the StreamProvider and replaces the request implementation.\n *\n * @param provider - Instance of a StreamProvider to be limited.\n * @param request - Custom attenuated request object.\n * @returns Proxy to the StreamProvider instance.\n */\nexport function proxyStreamProvider(\n provider: StreamProvider,\n request: unknown,\n): StreamProvider {\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const proxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return (\n typeof prop === 'string' &&\n ['request', 'on', 'removeListener'].includes(prop)\n );\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n } else if (['on', 'removeListener'].includes(prop)) {\n return provider[prop];\n }\n\n return undefined;\n },\n },\n );\n\n return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n 'wallet_requestSnaps',\n 'wallet_requestPermissions',\n // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n 'eth_sendRawTransaction',\n 'eth_sendTransaction',\n 'personal_sign',\n 'eth_sign',\n 'eth_signTypedData',\n 'eth_signTypedData_v1',\n 'eth_signTypedData_v3',\n 'eth_signTypedData_v4',\n 'eth_decrypt',\n 'eth_getEncryptionPublicKey',\n 'wallet_addEthereumChain',\n 'wallet_switchEthereumChain',\n 'wallet_watchAsset',\n 'wallet_registerOnboarding',\n 'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n assert(\n String.prototype.startsWith.call(args.method, 'wallet_') ||\n String.prototype.startsWith.call(args.method, 'snap_'),\n 'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n );\n assert(\n !BLOCKED_RPC_METHODS.includes(args.method),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n // Disallow snaps methods for separation of concerns.\n assert(\n !String.prototype.startsWith.call(args.method, 'snap_'),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assert(\n !BLOCKED_RPC_METHODS.includes(args.method),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n"],"names":["constructError","withTeardown","proxyStreamProvider","BLOCKED_RPC_METHODS","assertSnapOutboundRequest","assertEthereumOutboundRequest","originalError","_originalError","Error","stack","originalPromise","teardownRef","myTeardown","lastTeardown","Promise","resolve","reject","then","value","log","catch","reason","provider","request","proxy","Proxy","has","_target","prop","includes","get","undefined","Object","freeze","args","assert","String","prototype","startsWith","call","method","ethErrors","rpc","methodNotFound","data","assertStruct","JsonStruct"],"mappings":";;;;;;;;;;;IAegBA,cAAc;eAAdA;;IAsBMC,YAAY;eAAZA;;IAoCNC,mBAAmB;eAAnBA;;IA+BHC,mBAAmB;eAAnBA;;IA0BGC,yBAAyB;eAAzBA;;IAuBAC,6BAA6B;eAA7BA;;;uBAvJiC;8BACvB;yBAEN;AAUb,SAASL,eAAeM,aAAsB;IACnD,IAAIC;IACJ,IAAID,yBAAyBE,OAAO;QAClCD,iBAAiBD;IACnB,OAAO,IAAI,OAAOA,kBAAkB,UAAU;QAC5CC,iBAAiB,IAAIC,MAAMF;QAC3B,qCAAqC;QACrC,OAAOC,eAAeE,KAAK;IAC7B;IACA,OAAOF;AACT;AAYO,eAAeN,aACpBS,eAA2B,EAC3BC,WAAqC;IAErC,MAAMC,aAAaD,YAAYE,YAAY;IAC3C,OAAO,IAAIC,QAAW,CAACC,SAASC;QAC9BN,gBACGO,IAAI,CAAC,CAACC;YACL,IAAIP,YAAYE,YAAY,KAAKD,YAAY;gBAC3CG,QAAQG;YACV,OAAO;gBACLC,IAAAA,YAAG,EACD;YAEJ;QACF,GACCC,KAAK,CAAC,CAACC;YACN,IAAIV,YAAYE,YAAY,KAAKD,YAAY;gBAC3CI,OAAOK;YACT,OAAO;gBACLF,IAAAA,YAAG,EACD;YAEJ;QACF;IACJ;AACF;AAUO,SAASjB,oBACdoB,QAAwB,EACxBC,OAAgB;IAEhB,qEAAqE;IACrE,sDAAsD;IACtD,MAAMC,QAAQ,IAAIC,MAChB,CAAC,GACD;QACEC,KAAIC,OAAe,EAAEC,IAAqB;YACxC,OACE,OAAOA,SAAS,YAChB;gBAAC;gBAAW;gBAAM;aAAiB,CAACC,QAAQ,CAACD;QAEjD;QACAE,KAAIH,OAAO,EAAEC,IAA0B;YACrC,IAAIA,SAAS,WAAW;gBACtB,OAAOL;YACT,OAAO,IAAI;gBAAC;gBAAM;aAAiB,CAACM,QAAQ,CAACD,OAAO;gBAClD,OAAON,QAAQ,CAACM,KAAK;YACvB;YAEA,OAAOG;QACT;IACF;IAGF,OAAOP;AACT;AAGO,MAAMrB,sBAAsB6B,OAAOC,MAAM,CAAC;IAC/C;IACA;IACA,6FAA6F;IAC7F;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;CACD;AAOM,SAAS7B,0BAA0B8B,IAAsB;IAC9D,4EAA4E;IAC5EC,IAAAA,aAAM,EACJC,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACL,KAAKM,MAAM,EAAE,cAC5CJ,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACL,KAAKM,MAAM,EAAE,UAChD;IAEFL,IAAAA,aAAM,EACJ,CAAChC,oBAAoB0B,QAAQ,CAACK,KAAKM,MAAM,GACzCC,uBAAS,CAACC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJJ,QAAQN,KAAKM,MAAM;QACrB;IACF;IAEFK,IAAAA,mBAAY,EAACX,MAAMY,iBAAU,EAAE;AACjC;AAOO,SAASzC,8BAA8B6B,IAAsB;IAClE,qDAAqD;IACrDC,IAAAA,aAAM,EACJ,CAACC,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACL,KAAKM,MAAM,EAAE,UAC/CC,uBAAS,CAACC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJJ,QAAQN,KAAKM,MAAM;QACrB;IACF;IAEFL,IAAAA,aAAM,EACJ,CAAChC,oBAAoB0B,QAAQ,CAACK,KAAKM,MAAM,GACzCC,uBAAS,CAACC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJJ,QAAQN,KAAKM,MAAM;QACrB;IACF;IAEFK,IAAAA,mBAAY,EAACX,MAAMY,iBAAU,EAAE;AACjC"}
|
package/dist/esm/common/utils.js
CHANGED
|
@@ -79,10 +79,25 @@ import { log } from '../logging';
|
|
|
79
79
|
return proxy;
|
|
80
80
|
}
|
|
81
81
|
// We're blocking these RPC methods for v1, will revisit later.
|
|
82
|
-
const BLOCKED_RPC_METHODS = Object.freeze([
|
|
83
|
-
'eth_requestAccounts',
|
|
82
|
+
export const BLOCKED_RPC_METHODS = Object.freeze([
|
|
84
83
|
'wallet_requestSnaps',
|
|
85
|
-
'wallet_requestPermissions'
|
|
84
|
+
'wallet_requestPermissions',
|
|
85
|
+
// We disallow all of these confirmations for now, since the screens are not ready for Snaps.
|
|
86
|
+
'eth_sendRawTransaction',
|
|
87
|
+
'eth_sendTransaction',
|
|
88
|
+
'personal_sign',
|
|
89
|
+
'eth_sign',
|
|
90
|
+
'eth_signTypedData',
|
|
91
|
+
'eth_signTypedData_v1',
|
|
92
|
+
'eth_signTypedData_v3',
|
|
93
|
+
'eth_signTypedData_v4',
|
|
94
|
+
'eth_decrypt',
|
|
95
|
+
'eth_getEncryptionPublicKey',
|
|
96
|
+
'wallet_addEthereumChain',
|
|
97
|
+
'wallet_switchEthereumChain',
|
|
98
|
+
'wallet_watchAsset',
|
|
99
|
+
'wallet_registerOnboarding',
|
|
100
|
+
'wallet_scanQRCode'
|
|
86
101
|
]);
|
|
87
102
|
/**
|
|
88
103
|
* Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/common/utils.ts"],"sourcesContent":["import { StreamProvider } from '@metamask/providers';\nimport { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport { assert, assertStruct, JsonStruct } from '@metamask/utils';\nimport { ethErrors } from 'eth-rpc-errors';\n\nimport { log } from '../logging';\n\n/**\n * Takes an error that was thrown, determines if it is\n * an error object. If it is then it will return that. Otherwise,\n * an error object is created with the original error message.\n *\n * @param originalError - The error that was originally thrown.\n * @returns An error object.\n */\nexport function constructError(originalError: unknown) {\n let _originalError: Error | undefined;\n if (originalError instanceof Error) {\n _originalError = originalError;\n } else if (typeof originalError === 'string') {\n _originalError = new Error(originalError);\n // The stack is useless in this case.\n delete _originalError.stack;\n }\n return _originalError;\n}\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<T>(\n originalPromise: Promise<T>,\n teardownRef: { lastTeardown: number },\n): Promise<T> {\n const myTeardown = teardownRef.lastTeardown;\n return new Promise<T>((resolve, reject) => {\n originalPromise\n .then((value) => {\n if (teardownRef.lastTeardown === myTeardown) {\n resolve(value);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n })\n .catch((reason) => {\n if (teardownRef.lastTeardown === myTeardown) {\n reject(reason);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n });\n });\n}\n\n/**\n * Returns a Proxy that narrows down (attenuates) the fields available on\n * the StreamProvider and replaces the request implementation.\n *\n * @param provider - Instance of a StreamProvider to be limited.\n * @param request - Custom attenuated request object.\n * @returns Proxy to the StreamProvider instance.\n */\nexport function proxyStreamProvider(\n provider: StreamProvider,\n request: unknown,\n): StreamProvider {\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const proxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return (\n typeof prop === 'string' &&\n ['request', 'on', 'removeListener'].includes(prop)\n );\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n } else if (['on', 'removeListener'].includes(prop)) {\n return provider[prop];\n }\n\n return undefined;\n },\n },\n );\n\n return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\
|
|
1
|
+
{"version":3,"sources":["../../../src/common/utils.ts"],"sourcesContent":["import { StreamProvider } from '@metamask/providers';\nimport { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport { assert, assertStruct, JsonStruct } from '@metamask/utils';\nimport { ethErrors } from 'eth-rpc-errors';\n\nimport { log } from '../logging';\n\n/**\n * Takes an error that was thrown, determines if it is\n * an error object. If it is then it will return that. Otherwise,\n * an error object is created with the original error message.\n *\n * @param originalError - The error that was originally thrown.\n * @returns An error object.\n */\nexport function constructError(originalError: unknown) {\n let _originalError: Error | undefined;\n if (originalError instanceof Error) {\n _originalError = originalError;\n } else if (typeof originalError === 'string') {\n _originalError = new Error(originalError);\n // The stack is useless in this case.\n delete _originalError.stack;\n }\n return _originalError;\n}\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<T>(\n originalPromise: Promise<T>,\n teardownRef: { lastTeardown: number },\n): Promise<T> {\n const myTeardown = teardownRef.lastTeardown;\n return new Promise<T>((resolve, reject) => {\n originalPromise\n .then((value) => {\n if (teardownRef.lastTeardown === myTeardown) {\n resolve(value);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n })\n .catch((reason) => {\n if (teardownRef.lastTeardown === myTeardown) {\n reject(reason);\n } else {\n log(\n 'Late promise received after Snap finished execution. Promise will be dropped.',\n );\n }\n });\n });\n}\n\n/**\n * Returns a Proxy that narrows down (attenuates) the fields available on\n * the StreamProvider and replaces the request implementation.\n *\n * @param provider - Instance of a StreamProvider to be limited.\n * @param request - Custom attenuated request object.\n * @returns Proxy to the StreamProvider instance.\n */\nexport function proxyStreamProvider(\n provider: StreamProvider,\n request: unknown,\n): StreamProvider {\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const proxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return (\n typeof prop === 'string' &&\n ['request', 'on', 'removeListener'].includes(prop)\n );\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n } else if (['on', 'removeListener'].includes(prop)) {\n return provider[prop];\n }\n\n return undefined;\n },\n },\n );\n\n return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n 'wallet_requestSnaps',\n 'wallet_requestPermissions',\n // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n 'eth_sendRawTransaction',\n 'eth_sendTransaction',\n 'personal_sign',\n 'eth_sign',\n 'eth_signTypedData',\n 'eth_signTypedData_v1',\n 'eth_signTypedData_v3',\n 'eth_signTypedData_v4',\n 'eth_decrypt',\n 'eth_getEncryptionPublicKey',\n 'wallet_addEthereumChain',\n 'wallet_switchEthereumChain',\n 'wallet_watchAsset',\n 'wallet_registerOnboarding',\n 'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n assert(\n String.prototype.startsWith.call(args.method, 'wallet_') ||\n String.prototype.startsWith.call(args.method, 'snap_'),\n 'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n );\n assert(\n !BLOCKED_RPC_METHODS.includes(args.method),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n // Disallow snaps methods for separation of concerns.\n assert(\n !String.prototype.startsWith.call(args.method, 'snap_'),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assert(\n !BLOCKED_RPC_METHODS.includes(args.method),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n"],"names":["assert","assertStruct","JsonStruct","ethErrors","log","constructError","originalError","_originalError","Error","stack","withTeardown","originalPromise","teardownRef","myTeardown","lastTeardown","Promise","resolve","reject","then","value","catch","reason","proxyStreamProvider","provider","request","proxy","Proxy","has","_target","prop","includes","get","undefined","BLOCKED_RPC_METHODS","Object","freeze","assertSnapOutboundRequest","args","String","prototype","startsWith","call","method","rpc","methodNotFound","data","assertEthereumOutboundRequest"],"mappings":"AAEA,SAASA,MAAM,EAAEC,YAAY,EAAEC,UAAU,QAAQ,kBAAkB;AACnE,SAASC,SAAS,QAAQ,iBAAiB;AAE3C,SAASC,GAAG,QAAQ,aAAa;AAEjC;;;;;;;CAOC,GACD,OAAO,SAASC,eAAeC,aAAsB;IACnD,IAAIC;IACJ,IAAID,yBAAyBE,OAAO;QAClCD,iBAAiBD;IACnB,OAAO,IAAI,OAAOA,kBAAkB,UAAU;QAC5CC,iBAAiB,IAAIC,MAAMF;QAC3B,qCAAqC;QACrC,OAAOC,eAAeE,KAAK;IAC7B;IACA,OAAOF;AACT;AAEA;;;;;;;;;CASC,GACD,OAAO,eAAeG,aACpBC,eAA2B,EAC3BC,WAAqC;IAErC,MAAMC,aAAaD,YAAYE,YAAY;IAC3C,OAAO,IAAIC,QAAW,CAACC,SAASC;QAC9BN,gBACGO,IAAI,CAAC,CAACC;YACL,IAAIP,YAAYE,YAAY,KAAKD,YAAY;gBAC3CG,QAAQG;YACV,OAAO;gBACLf,IACE;YAEJ;QACF,GACCgB,KAAK,CAAC,CAACC;YACN,IAAIT,YAAYE,YAAY,KAAKD,YAAY;gBAC3CI,OAAOI;YACT,OAAO;gBACLjB,IACE;YAEJ;QACF;IACJ;AACF;AAEA;;;;;;;CAOC,GACD,OAAO,SAASkB,oBACdC,QAAwB,EACxBC,OAAgB;IAEhB,qEAAqE;IACrE,sDAAsD;IACtD,MAAMC,QAAQ,IAAIC,MAChB,CAAC,GACD;QACEC,KAAIC,OAAe,EAAEC,IAAqB;YACxC,OACE,OAAOA,SAAS,YAChB;gBAAC;gBAAW;gBAAM;aAAiB,CAACC,QAAQ,CAACD;QAEjD;QACAE,KAAIH,OAAO,EAAEC,IAA0B;YACrC,IAAIA,SAAS,WAAW;gBACtB,OAAOL;YACT,OAAO,IAAI;gBAAC;gBAAM;aAAiB,CAACM,QAAQ,CAACD,OAAO;gBAClD,OAAON,QAAQ,CAACM,KAAK;YACvB;YAEA,OAAOG;QACT;IACF;IAGF,OAAOP;AACT;AAEA,+DAA+D;AAC/D,OAAO,MAAMQ,sBAAsBC,OAAOC,MAAM,CAAC;IAC/C;IACA;IACA,6FAA6F;IAC7F;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;CACD,EAAE;AAEH;;;;CAIC,GACD,OAAO,SAASC,0BAA0BC,IAAsB;IAC9D,4EAA4E;IAC5ErC,OACEsC,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACJ,KAAKK,MAAM,EAAE,cAC5CJ,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACJ,KAAKK,MAAM,EAAE,UAChD;IAEF1C,OACE,CAACiC,oBAAoBH,QAAQ,CAACO,KAAKK,MAAM,GACzCvC,UAAUwC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJH,QAAQL,KAAKK,MAAM;QACrB;IACF;IAEFzC,aAAaoC,MAAMnC,YAAY;AACjC;AAEA;;;;CAIC,GACD,OAAO,SAAS4C,8BAA8BT,IAAsB;IAClE,qDAAqD;IACrDrC,OACE,CAACsC,OAAOC,SAAS,CAACC,UAAU,CAACC,IAAI,CAACJ,KAAKK,MAAM,EAAE,UAC/CvC,UAAUwC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJH,QAAQL,KAAKK,MAAM;QACrB;IACF;IAEF1C,OACE,CAACiC,oBAAoBH,QAAQ,CAACO,KAAKK,MAAM,GACzCvC,UAAUwC,GAAG,CAACC,cAAc,CAAC;QAC3BC,MAAM;YACJH,QAAQL,KAAKK,MAAM;QACrB;IACF;IAEFzC,aAAaoC,MAAMnC,YAAY;AACjC"}
|
|
@@ -31,6 +31,7 @@ export declare function withTeardown<T>(originalPromise: Promise<T>, teardownRef
|
|
|
31
31
|
* @returns Proxy to the StreamProvider instance.
|
|
32
32
|
*/
|
|
33
33
|
export declare function proxyStreamProvider(provider: StreamProvider, request: unknown): StreamProvider;
|
|
34
|
+
export declare const BLOCKED_RPC_METHODS: readonly string[];
|
|
34
35
|
/**
|
|
35
36
|
* Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.
|
|
36
37
|
*
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@metamask/snaps-execution-environments",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.36.1-flask.1",
|
|
4
4
|
"description": "Snap sandbox environments for executing SES javascript",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -27,7 +27,7 @@
|
|
|
27
27
|
"lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write",
|
|
28
28
|
"lint:changelog": "yarn auto-changelog validate",
|
|
29
29
|
"lint": "yarn lint:eslint && yarn lint:misc --check && yarn lint:changelog",
|
|
30
|
-
"clean": "rimraf '*.tsbuildinfo' 'dist
|
|
30
|
+
"clean": "rimraf '*.tsbuildinfo' 'dist' 'src/__GENERATED__/' 'coverage/*' '__test__/*'",
|
|
31
31
|
"build": "yarn build:source && yarn build:types",
|
|
32
32
|
"build:source": "yarn build:esm && yarn build:cjs",
|
|
33
33
|
"build:types": "tsc --project tsconfig.build.json",
|
|
@@ -47,8 +47,8 @@
|
|
|
47
47
|
"@metamask/object-multiplex": "^1.2.0",
|
|
48
48
|
"@metamask/post-message-stream": "^6.1.2",
|
|
49
49
|
"@metamask/providers": "^11.0.0",
|
|
50
|
-
"@metamask/rpc-methods": "^0.
|
|
51
|
-
"@metamask/snaps-utils": "^0.
|
|
50
|
+
"@metamask/rpc-methods": "^0.36.1-flask.1",
|
|
51
|
+
"@metamask/snaps-utils": "^0.36.1-flask.1",
|
|
52
52
|
"@metamask/utils": "^6.0.1",
|
|
53
53
|
"eth-rpc-errors": "^4.0.3",
|
|
54
54
|
"json-rpc-engine": "^6.1.0",
|