@metamask/snaps-execution-environments 0.38.0-flask.1 → 0.38.2-flask.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/CHANGELOG.md +21 -1
  2. package/dist/browserify/iframe/bundle.js +5 -5
  3. package/dist/browserify/iframe/index.html +45 -23
  4. package/dist/browserify/node-process/bundle.js +47 -25
  5. package/dist/browserify/node-thread/bundle.js +47 -25
  6. package/dist/browserify/offscreen/bundle.js +4 -4
  7. package/dist/browserify/offscreen/index.html +45 -23
  8. package/dist/browserify/worker-executor/bundle.js +50 -28
  9. package/dist/browserify/worker-pool/bundle.js +4 -4
  10. package/dist/browserify/worker-pool/index.html +45 -23
  11. package/dist/cjs/common/BaseSnapExecutor.js +1 -1
  12. package/dist/cjs/common/BaseSnapExecutor.js.map +1 -1
  13. package/dist/cjs/common/lockdown/lockdown-more.js +1 -1
  14. package/dist/cjs/common/lockdown/lockdown-more.js.map +1 -1
  15. package/dist/cjs/common/lockdown/lockdown.js +1 -1
  16. package/dist/cjs/common/lockdown/lockdown.js.map +1 -1
  17. package/dist/esm/common/BaseSnapExecutor.js +1 -1
  18. package/dist/esm/common/BaseSnapExecutor.js.map +1 -1
  19. package/dist/esm/common/lockdown/lockdown-more.js +1 -1
  20. package/dist/esm/common/lockdown/lockdown-more.js.map +1 -1
  21. package/dist/esm/common/lockdown/lockdown.js +1 -1
  22. package/dist/esm/common/lockdown/lockdown.js.map +1 -1
  23. package/package.json +15 -16
package/dist/browserify/worker-pool/index.html CHANGED
@@ -95,8 +95,7 @@
95
95
  // security options are hard-coded at build time
96
96
  const {
97
97
  scuttleGlobalThis,
98
- scuttleGlobalThisExceptions,
99
- } = {"scuttleGlobalThis":true,"scuttleGlobalThisExceptions":["postMessage","removeEventListener","isSecureContext"]}
98
+ } = {"scuttleGlobalThis":{"enabled":true,"exceptions":["postMessage","removeEventListener","isSecureContext"]}}
100
99
 
101
100
  function getGlobalRef () {
102
101
  if (typeof globalThis !== 'undefined') {
@@ -2525,7 +2524,7 @@ const evadeHtmlCommentTest= (src)=>{
2525
2524
  // /////////////////////////////////////////////////////////////////////////////
2526
2525
  $h‍_once.evadeHtmlCommentTest(evadeHtmlCommentTest);
2527
2526
  const importPattern= new FERAL_REG_EXP(
2528
- '(^|[^.])\\bimport(\\s*(?:\\(|/[/*]))',
2527
+ '(^|[^.]|\\.\\.\\.)\\bimport(\\s*(?:\\(|/[/*]))',
2529
2528
  'g');
2530
2529
 
2531
2530
 
@@ -10963,7 +10962,6 @@ function observeImports(map, importName, importIndex) {
10963
10962
  globalThisRefs,
10964
10963
  // security options
10965
10964
  scuttleGlobalThis,
10966
- scuttleGlobalThisExceptions,
10967
10965
  debugMode,
10968
10966
  runWithPrecompiledModules,
10969
10967
  reportStatsHook,
@@ -10991,7 +10989,6 @@ function observeImports(map, importName, importIndex) {
10991
10989
  getExternalCompartment,
10992
10990
  globalThisRefs,
10993
10991
  scuttleGlobalThis,
10994
- scuttleGlobalThisExceptions,
10995
10992
  debugMode,
10996
10993
  runWithPrecompiledModules,
10997
10994
  reportStatsHook,
@@ -11010,8 +11007,7 @@ function observeImports(map, importName, importIndex) {
11010
11007
  prepareModuleInitializerArgs,
11011
11008
  getExternalCompartment,
11012
11009
  globalThisRefs = ['globalThis'],
11013
- scuttleGlobalThis = false,
11014
- scuttleGlobalThisExceptions = [],
11010
+ scuttleGlobalThis = {},
11015
11011
  debugMode = false,
11016
11012
  runWithPrecompiledModules = false,
11017
11013
  reportStatsHook = () => {},
@@ -11557,6 +11553,7 @@ module.exports = {
11557
11553
  return module.exports
11558
11554
  })()
11559
11555
 
11556
+ const scuttleOpts = generateScuttleOpts(scuttleGlobalThis)
11560
11557
  const moduleCache = new Map()
11561
11558
  const packageCompartmentCache = new Map()
11562
11559
  const globalStore = new Map()
@@ -11565,22 +11562,11 @@ module.exports = {
11565
11562
  const rootPackageCompartment = createRootPackageCompartment(globalRef)
11566
11563
 
11567
11564
  // scuttle globalThis right after we used it to create the root package compartment
11568
- if (scuttleGlobalThis) {
11569
- if (!Array.isArray(scuttleGlobalThisExceptions)) {
11570
- throw new Error(`LavaMoat - scuttleGlobalThisExceptions must be an array, got "${typeof scuttleGlobalThisExceptions}"`)
11565
+ if (scuttleOpts.enabled) {
11566
+ if (!Array.isArray(scuttleOpts.exceptions)) {
11567
+ throw new Error(`LavaMoat - scuttleGlobalThis.exceptions must be an array, got "${typeof scuttleOpts.exceptions}"`)
11571
11568
  }
11572
- // turn scuttleGlobalThisExceptions regexes strings to actual regexes
11573
- for (let i = 0; i < scuttleGlobalThisExceptions.length; i++) {
11574
- const prop = scuttleGlobalThisExceptions[i]
11575
- if (!prop.startsWith('/')) {
11576
- continue
11577
- }
11578
- const parts = prop.split('/')
11579
- const pattern = parts.slice(1, -1).join('/')
11580
- const flags = parts[parts.length - 1]
11581
- scuttleGlobalThisExceptions[i] = new RegExp(pattern, flags)
11582
- }
11583
- performScuttleGlobalThis(globalRef, scuttleGlobalThisExceptions)
11569
+ scuttleOpts.scuttlerFunc(globalRef, realm => performScuttleGlobalThis(realm, scuttleOpts.exceptions))
11584
11570
  }
11585
11571
 
11586
11572
  const kernel = {
@@ -11593,6 +11579,43 @@ module.exports = {
11593
11579
  Object.freeze(kernel)
11594
11580
  return kernel
11595
11581
 
11582
+ // generate final scuttling options (1) by taking default
11583
+ // options into consideration, (2) turning RE strings into
11584
+ // actual REs and (3) without mutating original opts object
11585
+ function generateScuttleOpts(originalOpts) {
11586
+ const defaultOpts = {
11587
+ enabled: true,
11588
+ exceptions: [],
11589
+ scuttlerName: '',
11590
+ }
11591
+ const opts = Object.assign({},
11592
+ originalOpts === true ? { ... defaultOpts } : { ...originalOpts },
11593
+ { scuttlerFunc: (globalRef, scuttle) => scuttle(globalRef) },
11594
+ { exceptions: (originalOpts.exceptions || defaultOpts.exceptions).map(e => toRE(e)) },
11595
+ )
11596
+ if (opts.scuttlerName) {
11597
+ if (!globalRef[opts.scuttlerName]) {
11598
+ throw new Error(
11599
+ `LavaMoat - 'scuttlerName' function "${opts.scuttlerName}" expected on globalRef.` +
11600
+ 'To learn more visit https://github.com/LavaMoat/LavaMoat/pull/462.',
11601
+ )
11602
+ }
11603
+ opts.scuttlerFunc = globalRef[opts.scuttlerName]
11604
+ }
11605
+ return opts
11606
+
11607
+ function toRE(except) {
11608
+ // turn scuttleGlobalThis.exceptions regexes strings to actual regexes
11609
+ if (!except.startsWith('/')) {
11610
+ return except
11611
+ }
11612
+ const parts = except.split('/')
11613
+ const pattern = parts.slice(1, -1).join('/')
11614
+ const flags = parts[parts.length - 1]
11615
+ return new RegExp(pattern, flags)
11616
+ }
11617
+ }
11618
+
11596
11619
  function performScuttleGlobalThis (globalRef, extraPropsToAvoid = new Array()) {
11597
11620
  const props = new Array()
11598
11621
  getPrototypeChain(globalRef)
@@ -11995,7 +12018,6 @@ module.exports = {
11995
12018
  globalRef,
11996
12019
  globalThisRefs,
11997
12020
  scuttleGlobalThis,
11998
- scuttleGlobalThisExceptions,
11999
12021
  debugMode,
12000
12022
  runWithPrecompiledModules,
12001
12023
  reportStatsHook,
package/dist/cjs/common/BaseSnapExecutor.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../node_modules/ses/types.d.ts" />
3
3
  "use strict";
4
4
  Object.defineProperty(exports, "__esModule", {
5
5
  value: true
package/dist/cjs/common/BaseSnapExecutor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/common/BaseSnapExecutor.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../node_modules/ses/index.d.ts\" />\nimport { StreamProvider } from '@metamask/providers';\nimport type { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport type { SnapsGlobalObject } from '@metamask/rpc-methods';\nimport type {\n SnapExports,\n HandlerType,\n SnapExportsParameters,\n} from '@metamask/snaps-utils';\nimport {\n SNAP_EXPORT_NAMES,\n logError,\n SNAP_EXPORTS,\n} from '@metamask/snaps-utils';\nimport type {\n JsonRpcNotification,\n JsonRpcId,\n JsonRpcRequest,\n Json,\n} from '@metamask/utils';\nimport {\n isObject,\n isValidJson,\n assert,\n isJsonRpcRequest,\n hasProperty,\n getSafeJson,\n} from '@metamask/utils';\nimport { errorCodes, ethErrors, serializeError } from 'eth-rpc-errors';\nimport { createIdRemapMiddleware } from 'json-rpc-engine';\nimport type { Duplex } from 'stream';\nimport { validate } from 'superstruct';\n\nimport { log } from '../logging';\nimport EEOpenRPCDocument from '../openrpc.json';\nimport type { CommandMethodsMapping } from './commands';\nimport { getCommandMethodImplementations } from './commands';\nimport { createEndowments } from './endowments';\nimport { addEventListener, removeEventListener } from './globalEvents';\nimport { sortParamKeys } from './sortParams';\nimport {\n assertEthereumOutboundRequest,\n assertSnapOutboundRequest,\n constructError,\n proxyStreamProvider,\n withTeardown,\n} from './utils';\nimport {\n ExecuteSnapRequestArgumentsStruct,\n PingRequestArgumentsStruct,\n SnapRpcRequestArgumentsStruct,\n TerminateRequestArgumentsStruct,\n} from './validation';\n\ntype EvaluationData = {\n stop: () => void;\n};\n\ntype SnapData = {\n exports: SnapExports;\n runningEvaluations: Set<EvaluationData>;\n idleTeardown: () => Promise<void>;\n};\n\nconst fallbackError = {\n code: errorCodes.rpc.internal,\n message: 'Execution Environment Error',\n};\n\nexport type InvokeSnapArgs = Omit<SnapExportsParameters[0], 'chainId'>;\n\nexport type InvokeSnap = (\n target: string,\n handler: HandlerType,\n args: InvokeSnapArgs | undefined,\n) => Promise<Json>;\n\n/**\n * The supported methods in the execution environment. The validator checks the\n * incoming JSON-RPC request, and the `params` property is used for sorting the\n * parameters, if they are an object.\n */\nconst EXECUTION_ENVIRONMENT_METHODS = {\n ping: {\n struct: PingRequestArgumentsStruct,\n params: [],\n },\n executeSnap: {\n struct: ExecuteSnapRequestArgumentsStruct,\n params: ['snapId', 'sourceCode', 'endowments'],\n },\n terminate: {\n struct: TerminateRequestArgumentsStruct,\n params: [],\n },\n snapRpc: {\n struct: SnapRpcRequestArgumentsStruct,\n params: ['target', 'handler', 'origin', 'request'],\n },\n};\n\ntype Methods = typeof EXECUTION_ENVIRONMENT_METHODS;\n\nexport class BaseSnapExecutor {\n private readonly snapData: Map<string, SnapData>;\n\n private readonly commandStream: Duplex;\n\n private readonly rpcStream: Duplex;\n\n private readonly methods: CommandMethodsMapping;\n\n private snapErrorHandler?: (event: ErrorEvent) => void;\n\n private snapPromiseErrorHandler?: (event: PromiseRejectionEvent) => void;\n\n private lastTeardown = 0;\n\n protected constructor(commandStream: Duplex, rpcStream: Duplex) {\n this.snapData = new Map();\n this.commandStream = commandStream;\n this.commandStream.on('data', (data) => {\n this.onCommandRequest(data).catch((error) => {\n // TODO: Decide how to handle errors.\n logError(error);\n });\n });\n this.rpcStream = rpcStream;\n\n this.methods = getCommandMethodImplementations(\n this.startSnap.bind(this),\n async (target, handlerType, args) => {\n const data = this.snapData.get(target);\n // We're capturing the handler in case someone modifies the data object\n // before the call.\n const handler = data?.exports[handlerType];\n const { required } = SNAP_EXPORTS[handlerType];\n\n assert(\n !required || handler !== undefined,\n `No ${handlerType} handler exported for snap \"${target}`,\n );\n\n // Certain handlers are not required. If they are not exported, we\n // return null.\n if (!handler) {\n return null;\n }\n\n // TODO: fix handler args type cast\n let result = await this.executeInSnapContext(target, () =>\n handler(args as any),\n );\n\n // The handler might not return anything, but undefined is not valid JSON.\n if (result === undefined) {\n result = null;\n }\n\n // /!\\ Always return only sanitized JSON to prevent security flaws. /!\\\n try {\n return getSafeJson(result);\n } catch (error) {\n throw new TypeError(\n `Received non-JSON-serializable value: ${error.message.replace(\n /^Assertion failed: /u,\n '',\n )}`,\n );\n }\n },\n this.onTerminate.bind(this),\n );\n }\n\n private errorHandler(error: unknown, data: Record<string, Json>) {\n const constructedError = constructError(error);\n const serializedError = serializeError(constructedError, {\n fallbackError,\n shouldIncludeStack: false,\n });\n\n // We're setting it this way to avoid sentData.stack = undefined\n const sentData: Json = { ...data, stack: constructedError?.stack ?? null };\n\n this.notify({\n method: 'UnhandledError',\n params: {\n error: {\n ...serializedError,\n data: sentData,\n },\n },\n });\n }\n\n private async onCommandRequest(message: JsonRpcRequest) {\n if (!isJsonRpcRequest(message)) {\n throw new Error('Command stream received a non-JSON-RPC request.');\n }\n\n const { id, method, params } = message;\n if (method === 'rpc.discover') {\n this.respond(id, {\n result: EEOpenRPCDocument,\n });\n return;\n }\n\n if (!hasProperty(EXECUTION_ENVIRONMENT_METHODS, method)) {\n this.respond(id, {\n error: ethErrors.rpc\n .methodNotFound({\n data: {\n method,\n },\n })\n .serialize(),\n });\n return;\n }\n\n const methodObject = EXECUTION_ENVIRONMENT_METHODS[method as keyof Methods];\n\n // support params by-name and by-position\n const paramsAsArray = sortParamKeys(methodObject.params, params);\n\n const [error] = validate<any, any>(paramsAsArray, methodObject.struct);\n if (error) {\n this.respond(id, {\n error: ethErrors.rpc\n .invalidParams({\n message: `Invalid parameters for method \"${method}\": ${error.message}.`,\n data: {\n method,\n params: paramsAsArray,\n },\n })\n .serialize(),\n });\n return;\n }\n\n try {\n const result = await (this.methods as any)[method](...paramsAsArray);\n this.respond(id, { result });\n } catch (rpcError) {\n this.respond(id, {\n error: serializeError(rpcError, {\n fallbackError,\n }),\n });\n }\n }\n\n protected notify(requestObject: Omit<JsonRpcNotification, 'jsonrpc'>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error(\n 'JSON-RPC notifications must be JSON serializable objects',\n );\n }\n\n this.commandStream.write({\n ...requestObject,\n jsonrpc: '2.0',\n });\n }\n\n protected respond(id: JsonRpcId, requestObject: Record<string, unknown>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error('JSON-RPC responses must be JSON serializable objects.');\n }\n\n this.commandStream.write({\n ...requestObject,\n id,\n jsonrpc: '2.0',\n });\n }\n\n /**\n * Attempts to evaluate a snap in SES. Generates APIs for the snap. May throw\n * on errors.\n *\n * @param snapId - The id of the snap.\n * @param sourceCode - The source code of the snap, in IIFE format.\n * @param _endowments - An array of the names of the endowments.\n */\n protected async startSnap(\n snapId: string,\n sourceCode: string,\n _endowments?: string[],\n ): Promise<void> {\n log(`Starting snap '${snapId}' in worker.`);\n if (this.snapPromiseErrorHandler) {\n removeEventListener('unhandledrejection', this.snapPromiseErrorHandler);\n }\n\n if (this.snapErrorHandler) {\n removeEventListener('error', this.snapErrorHandler);\n }\n\n this.snapErrorHandler = (error: ErrorEvent) => {\n this.errorHandler(error.error, { snapId });\n };\n\n this.snapPromiseErrorHandler = (error: PromiseRejectionEvent) => {\n this.errorHandler(error instanceof Error ? error : error.reason, {\n snapId,\n });\n };\n\n const provider = new StreamProvider(this.rpcStream, {\n jsonRpcStreamName: 'metamask-provider',\n rpcMiddleware: [createIdRemapMiddleware()],\n });\n\n await provider.initialize();\n\n const snap = this.createSnapGlobal(provider);\n const ethereum = this.createEIP1193Provider(provider);\n // We specifically use any type because the Snap can modify the object any way they want\n const snapModule: any = { exports: {} };\n\n try {\n const { endowments, teardown: endowmentTeardown } = createEndowments(\n snap,\n ethereum,\n snapId,\n _endowments,\n );\n\n // !!! Ensure that this is the only place the data is being set.\n // Other methods access the object value and mutate its properties.\n this.snapData.set(snapId, {\n idleTeardown: endowmentTeardown,\n runningEvaluations: new Set(),\n exports: {},\n });\n\n addEventListener('unhandledRejection', this.snapPromiseErrorHandler);\n addEventListener('error', this.snapErrorHandler);\n\n const compartment = new Compartment({\n ...endowments,\n module: snapModule,\n exports: snapModule.exports,\n });\n // All of those are JavaScript runtime specific and self referential,\n // but we add them for compatibility sake with external libraries.\n //\n // We can't do that in the injected globals object above\n // because SES creates its own globalThis\n compartment.globalThis.self = compartment.globalThis;\n compartment.globalThis.global = compartment.globalThis;\n compartment.globalThis.window = compartment.globalThis;\n\n await this.executeInSnapContext(snapId, () => {\n compartment.evaluate(sourceCode);\n this.registerSnapExports(snapId, snapModule);\n });\n } catch (error) {\n this.removeSnap(snapId);\n throw new Error(\n `Error while running snap '${snapId}': ${(error as Error).message}`,\n );\n }\n }\n\n /**\n * Cancels all running evaluations of all snaps and clears all snap data.\n * NOTE:** Should only be called in response to the `terminate` RPC command.\n */\n protected onTerminate() {\n // `stop()` tears down snap endowments.\n // Teardown will also be run for each snap as soon as there are\n // no more running evaluations for that snap.\n this.snapData.forEach((data) =>\n data.runningEvaluations.forEach((evaluation) => evaluation.stop()),\n );\n this.snapData.clear();\n }\n\n private registerSnapExports(snapId: string, snapModule: any) {\n const data = this.snapData.get(snapId);\n // Somebody deleted the snap before we could register.\n if (!data) {\n return;\n }\n\n data.exports = SNAP_EXPORT_NAMES.reduce((acc, exportName) => {\n const snapExport = snapModule.exports[exportName];\n const { validator } = SNAP_EXPORTS[exportName];\n if (validator(snapExport)) {\n return { ...acc, [exportName]: snapExport };\n }\n return acc;\n }, {});\n }\n\n /**\n * Instantiates a snap API object (i.e. `globalThis.snap`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The snap provider object.\n */\n private createSnapGlobal(provider: StreamProvider): SnapsGlobalObject {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertSnapOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const snapGlobalProxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return typeof prop === 'string' && ['request'].includes(prop);\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n }\n\n return undefined;\n },\n },\n ) as SnapsGlobalObject;\n\n return harden(snapGlobalProxy);\n }\n\n /**\n * Instantiates an EIP-1193 Ethereum provider object (i.e. `globalThis.ethereum`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The EIP-1193 Ethereum provider object.\n */\n private createEIP1193Provider(provider: StreamProvider): StreamProvider {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertEthereumOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n const streamProviderProxy = proxyStreamProvider(provider, request);\n\n return harden(streamProviderProxy);\n }\n\n /**\n * Removes the snap with the given name.\n *\n * @param snapId - The id of the snap to remove.\n */\n private removeSnap(snapId: string): void {\n this.snapData.delete(snapId);\n }\n\n /**\n * Calls the specified executor function in the context of the specified snap.\n * Essentially, this means that the operation performed by the executor is\n * counted as an evaluation of the specified snap. When the count of running\n * evaluations of a snap reaches zero, its endowments are torn down.\n *\n * @param snapId - The id of the snap whose context to execute in.\n * @param executor - The function that will be executed in the snap's context.\n * @returns The executor's return value.\n * @template Result - The return value of the executor.\n */\n private async executeInSnapContext<Result>(\n snapId: string,\n executor: () => Promise<Result> | Result,\n ): Promise<Result> {\n const data = this.snapData.get(snapId);\n if (data === undefined) {\n throw new Error(\n `Tried to execute in context of unknown snap: \"${snapId}\".`,\n );\n }\n\n let stop: () => void;\n const stopPromise = new Promise<never>(\n (_, reject) =>\n (stop = () =>\n reject(\n // TODO(rekmarks): Specify / standardize error code for this case.\n ethErrors.rpc.internal(\n `The snap \"${snapId}\" has been terminated during execution.`,\n ),\n )),\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const evaluationData = { stop: stop! };\n\n try {\n data.runningEvaluations.add(evaluationData);\n // Notice that we have to await this executor.\n // If we didn't, we would decrease the amount of running evaluations\n // before the promise actually resolves\n return await Promise.race([executor(), stopPromise]);\n } finally {\n data.runningEvaluations.delete(evaluationData);\n\n if (data.runningEvaluations.size === 0) {\n this.lastTeardown += 1;\n await data.idleTeardown();\n }\n }\n }\n}\n"],"names":["BaseSnapExecutor","fallbackError","code","errorCodes","rpc","internal","message","EXECUTION_ENVIRONMENT_METHODS","ping","struct","PingRequestArgumentsStruct","params","executeSnap","ExecuteSnapRequestArgumentsStruct","terminate","TerminateRequestArgumentsStruct","snapRpc","SnapRpcRequestArgumentsStruct","errorHandler","error","data","constructedError","constructError","serializedError","serializeError","shouldIncludeStack","sentData","stack","notify","method","onCommandRequest","isJsonRpcRequest","Error","id","respond","result","EEOpenRPCDocument","hasProperty","ethErrors","methodNotFound","serialize","methodObject","paramsAsArray","sortParamKeys","validate","invalidParams","methods","rpcError","requestObject","isValidJson","isObject","commandStream","write","jsonrpc","startSnap","snapId","sourceCode","_endowments","log","snapPromiseErrorHandler","removeEventListener","snapErrorHandler","reason","provider","StreamProvider","rpcStream","jsonRpcStreamName","rpcMiddleware","createIdRemapMiddleware","initialize","snap","createSnapGlobal","ethereum","createEIP1193Provider","snapModule","exports","endowments","teardown","endowmentTeardown","createEndowments","snapData","set","idleTeardown","runningEvaluations","Set","addEventListener","compartment","Compartment","module","globalThis","self","global","window","executeInSnapContext","evaluate","registerSnapExports","removeSnap","onTerminate","forEach","evaluation","stop","clear","get","SNAP_EXPORT_NAMES","reduce","acc","exportName","snapExport","validator","SNAP_EXPORTS","originalRequest","request","bind","args","assertSnapOutboundRequest","sanitizedArgs","getSafeJson","withTeardown","snapGlobalProxy","Proxy","has","_target","prop","includes","undefined","harden","assertEthereumOutboundRequest","streamProviderProxy","proxyStreamProvider","delete","executor","stopPromise","Promise","_","reject","evaluationData","add","race","size","lastTeardown","Map","on","catch","logError","getCommandMethodImplementations","target","handlerType","handler","required","assert","TypeError","replace"],"mappings":"AAAA,qFAAqF;AACrF,gEAAgE;;;;;+BAuGnDA;;;eAAAA;;;2BAtGkB;4BAYxB;uBAcA;8BAC+C;+BACd;6BAEf;yBAEL;oEACU;0BAEkB;4BACf;8BACqB;4BACxB;wBAOvB;4BAMA;;;;;;;;;;;;;;;;;;;AAYP,MAAMC,gBAAgB;IACpBC,MAAMC,wBAAU,CAACC,GAAG,CAACC,QAAQ;IAC7BC,SAAS;AACX;AAUA;;;;CAIC,GACD,MAAMC,gCAAgC;IACpCC,MAAM;QACJC,QAAQC,sCAA0B;QAClCC,QAAQ,EAAE;IACZ;IACAC,aAAa;QACXH,QAAQI,6CAAiC;QACzCF,QAAQ;YAAC;YAAU;YAAc;SAAa;IAChD;IACAG,WAAW;QACTL,QAAQM,2CAA+B;QACvCJ,QAAQ,EAAE;IACZ;IACAK,SAAS;QACPP,QAAQQ,yCAA6B;QACrCN,QAAQ;YAAC;YAAU;YAAW;YAAU;SAAU;IACpD;AACF;AAIO,MAAMX;IAwEHkB,aAAaC,KAAc,EAAEC,IAA0B,EAAE;QAC/D,MAAMC,mBAAmBC,IAAAA,sBAAc,EAACH;QACxC,MAAMI,kBAAkBC,IAAAA,4BAAc,EAACH,kBAAkB;YACvDpB;YACAwB,oBAAoB;QACtB;QAEA,gEAAgE;QAChE,MAAMC,WAAiB;YAAE,GAAGN,IAAI;YAAEO,OAAON,kBAAkBM,SAAS;QAAK;QAEzE,IAAI,CAACC,MAAM,CAAC;YACVC,QAAQ;YACRlB,QAAQ;gBACNQ,OAAO;oBACL,GAAGI,eAAe;oBAClBH,MAAMM;gBACR;YACF;QACF;IACF;IAEA,MAAcI,iBAAiBxB,OAAuB,EAAE;QACtD,IAAI,CAACyB,IAAAA,uBAAgB,EAACzB,UAAU;YAC9B,MAAM,IAAI0B,MAAM;QAClB;QAEA,MAAM,EAAEC,EAAE,EAAEJ,MAAM,EAAElB,MAAM,EAAE,GAAGL;QAC/B,IAAIuB,WAAW,gBAAgB;YAC7B,IAAI,CAACK,OAAO,CAACD,IAAI;gBACfE,QAAQC,oBAAiB;YAC3B;YACA;QACF;QAEA,IAAI,CAACC,IAAAA,kBAAW,EAAC9B,+BAA+BsB,SAAS;YACvD,IAAI,CAACK,OAAO,CAACD,IAAI;gBACfd,OAAOmB,uBAAS,CAAClC,GAAG,CACjBmC,cAAc,CAAC;oBACdnB,MAAM;wBACJS;oBACF;gBACF,GACCW,SAAS;YACd;YACA;QACF;QAEA,MAAMC,eAAelC,6BAA6B,CAACsB,OAAwB;QAE3E,yCAAyC;QACzC,MAAMa,gBAAgBC,IAAAA,yBAAa,EAACF,aAAa9B,MAAM,EAAEA;QAEzD,MAAM,CAACQ,MAAM,GAAGyB,IAAAA,qBAAQ,EAAWF,eAAeD,aAAahC,MAAM;QACrE,IAAIU,OAAO;YACT,IAAI,CAACe,OAAO,CAACD,IAAI;gBACfd,OAAOmB,uBAAS,CAAClC,GAAG,CACjByC,aAAa,CAAC;oBACbvC,SAAS,CAAC,+BAA+B,EAAEuB,OAAO,GAAG,EAAEV,MAAMb,OAAO,CAAC,CAAC,CAAC;oBACvEc,MAAM;wBACJS;wBACAlB,QAAQ+B;oBACV;gBACF,GACCF,SAAS;YACd;YACA;QACF;QAEA,IAAI;YACF,MAAML,SAAS,MAAM,AAAC,IAAI,CAACW,OAAO,AAAQ,CAACjB,OAAO,IAAIa;YACtD,IAAI,CAACR,OAAO,CAACD,IAAI;gBAAEE;YAAO;QAC5B,EAAE,OAAOY,UAAU;YACjB,IAAI,CAACb,OAAO,CAACD,IAAI;gBACfd,OAAOK,IAAAA,4BAAc,EAACuB,UAAU;oBAC9B9C;gBACF;YACF;QACF;IACF;IAEU2B,OAAOoB,aAAmD,EAAE;QACpE,IAAI,CAACC,IAAAA,kBAAW,EAACD,kBAAkB,CAACE,IAAAA,eAAQ,EAACF,gBAAgB;YAC3D,MAAM,IAAIhB,MACR;QAEJ;QAEA,IAAI,CAACmB,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGJ,aAAa;YAChBK,SAAS;QACX;IACF;IAEUnB,QAAQD,EAAa,EAAEe,aAAsC,EAAE;QACvE,IAAI,CAACC,IAAAA,kBAAW,EAACD,kBAAkB,CAACE,IAAAA,eAAQ,EAACF,gBAAgB;YAC3D,MAAM,IAAIhB,MAAM;QAClB;QAEA,IAAI,CAACmB,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGJ,aAAa;YAChBf;YACAoB,SAAS;QACX;IACF;IAEA;;;;;;;GAOC,GACD,MAAgBC,UACdC,MAAc,EACdC,UAAkB,EAClBC,YAAsB,EACP;QACfC,IAAAA,YAAG,EAAC,CAAC,eAAe,EAAEH,OAAO,YAAY,CAAC;QAC1C,IAAI,IAAI,CAACI,uBAAuB,EAAE;YAChCC,IAAAA,iCAAmB,EAAC,sBAAsB,IAAI,CAACD,uBAAuB;QACxE;QAEA,IAAI,IAAI,CAACE,gBAAgB,EAAE;YACzBD,IAAAA,iCAAmB,EAAC,SAAS,IAAI,CAACC,gBAAgB;QACpD;QAEA,IAAI,CAACA,gBAAgB,GAAG,CAAC1C;YACvB,IAAI,CAACD,YAAY,CAACC,MAAMA,KAAK,EAAE;gBAAEoC;YAAO;QAC1C;QAEA,IAAI,CAACI,uBAAuB,GAAG,CAACxC;YAC9B,IAAI,CAACD,YAAY,CAACC,iBAAiBa,QAAQb,QAAQA,MAAM2C,MAAM,EAAE;gBAC/DP;YACF;QACF;QAEA,MAAMQ,WAAW,IAAIC,yBAAc,CAAC,IAAI,CAACC,SAAS,EAAE;YAClDC,mBAAmB;YACnBC,eAAe;gBAACC,IAAAA,sCAAuB;aAAG;QAC5C;QAEA,MAAML,SAASM,UAAU;QAEzB,MAAMC,OAAO,IAAI,CAACC,gBAAgB,CAACR;QACnC,MAAMS,WAAW,IAAI,CAACC,qBAAqB,CAACV;QAC5C,wFAAwF;QACxF,MAAMW,aAAkB;YAAEC,SAAS,CAAC;QAAE;QAEtC,IAAI;YACF,MAAM,EAAEC,UAAU,EAAEC,UAAUC,iBAAiB,EAAE,GAAGC,IAAAA,4BAAgB,EAClET,MACAE,UACAjB,QACAE;YAGF,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAACuB,QAAQ,CAACC,GAAG,CAAC1B,QAAQ;gBACxB2B,cAAcJ;gBACdK,oBAAoB,IAAIC;gBACxBT,SAAS,CAAC;YACZ;YAEAU,IAAAA,8BAAgB,EAAC,sBAAsB,IAAI,CAAC1B,uBAAuB;YACnE0B,IAAAA,8BAAgB,EAAC,SAAS,IAAI,CAACxB,gBAAgB;YAE/C,MAAMyB,cAAc,IAAIC,YAAY;gBAClC,GAAGX,UAAU;gBACbY,QAAQd;gBACRC,SAASD,WAAWC,OAAO;YAC7B;YACA,qEAAqE;YACrE,kEAAkE;YAClE,EAAE;YACF,wDAAwD;YACxD,yCAAyC;YACzCW,YAAYG,UAAU,CAACC,IAAI,GAAGJ,YAAYG,UAAU;YACpDH,YAAYG,UAAU,CAACE,MAAM,GAAGL,YAAYG,UAAU;YACtDH,YAAYG,UAAU,CAACG,MAAM,GAAGN,YAAYG,UAAU;YAEtD,MAAM,IAAI,CAACI,oBAAoB,CAACtC,QAAQ;gBACtC+B,YAAYQ,QAAQ,CAACtC;gBACrB,IAAI,CAACuC,mBAAmB,CAACxC,QAAQmB;YACnC;QACF,EAAE,OAAOvD,OAAO;YACd,IAAI,CAAC6E,UAAU,CAACzC;YAChB,MAAM,IAAIvB,MACR,CAAC,0BAA0B,EAAEuB,OAAO,GAAG,EAAE,AAACpC,MAAgBb,OAAO,CAAC,CAAC;QAEvE;IACF;IAEA;;;GAGC,GACD,AAAU2F,cAAc;QACtB,uCAAuC;QACvC,+DAA+D;QAC/D,6CAA6C;QAC7C,IAAI,CAACjB,QAAQ,CAACkB,OAAO,CAAC,CAAC9E,OACrBA,KAAK+D,kBAAkB,CAACe,OAAO,CAAC,CAACC,aAAeA,WAAWC,IAAI;QAEjE,IAAI,CAACpB,QAAQ,CAACqB,KAAK;IACrB;IAEQN,oBAAoBxC,MAAc,EAAEmB,UAAe,EAAE;QAC3D,MAAMtD,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC/C;QAC/B,sDAAsD;QACtD,IAAI,CAACnC,MAAM;YACT;QACF;QAEAA,KAAKuD,OAAO,GAAG4B,6BAAiB,CAACC,MAAM,CAAC,CAACC,KAAKC;YAC5C,MAAMC,aAAajC,WAAWC,OAAO,CAAC+B,WAAW;YACjD,MAAM,EAAEE,SAAS,EAAE,GAAGC,wBAAY,CAACH,WAAW;YAC9C,IAAIE,UAAUD,aAAa;gBACzB,OAAO;oBAAE,GAAGF,GAAG;oBAAE,CAACC,WAAW,EAAEC;gBAAW;YAC5C;YACA,OAAOF;QACT,GAAG,CAAC;IACN;IAEA;;;;;GAKC,GACD,AAAQlC,iBAAiBR,QAAwB,EAAqB;QACpE,MAAM+C,kBAAkB/C,SAASgD,OAAO,CAACC,IAAI,CAACjD;QAE9C,MAAMgD,UAAU,OAAOE;YACrBC,IAAAA,iCAAyB,EAACD;YAC1B,MAAME,gBAAgBC,IAAAA,kBAAW,EAACH;YAClC,IAAI,CAACrF,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAMwF,IAAAA,oBAAY,EACvBP,gBAAgBK,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACvF,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,qEAAqE;QACrE,sDAAsD;QACtD,MAAMyF,kBAAkB,IAAIC,MAC1B,CAAC,GACD;YACEC,KAAIC,OAAe,EAAEC,IAAqB;gBACxC,OAAO,OAAOA,SAAS,YAAY;oBAAC;iBAAU,CAACC,QAAQ,CAACD;YAC1D;YACApB,KAAImB,OAAO,EAAEC,IAA0B;gBACrC,IAAIA,SAAS,WAAW;oBACtB,OAAOX;gBACT;gBAEA,OAAOa;YACT;QACF;QAGF,OAAOC,OAAOP;IAChB;IAEA;;;;;GAKC,GACD,AAAQ7C,sBAAsBV,QAAwB,EAAkB;QACtE,MAAM+C,kBAAkB/C,SAASgD,OAAO,CAACC,IAAI,CAACjD;QAE9C,MAAMgD,UAAU,OAAOE;YACrBa,IAAAA,qCAA6B,EAACb;YAC9B,MAAME,gBAAgBC,IAAAA,kBAAW,EAACH;YAClC,IAAI,CAACrF,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAMwF,IAAAA,oBAAY,EACvBP,gBAAgBK,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACvF,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,MAAMkG,sBAAsBC,IAAAA,2BAAmB,EAACjE,UAAUgD;QAE1D,OAAOc,OAAOE;IAChB;IAEA;;;;GAIC,GACD,AAAQ/B,WAAWzC,MAAc,EAAQ;QACvC,IAAI,CAACyB,QAAQ,CAACiD,MAAM,CAAC1E;IACvB;IAEA;;;;;;;;;;GAUC,GACD,MAAcsC,qBACZtC,MAAc,EACd2E,QAAwC,EACvB;QACjB,MAAM9G,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC/C;QAC/B,IAAInC,SAASwG,WAAW;YACtB,MAAM,IAAI5F,MACR,CAAC,8CAA8C,EAAEuB,OAAO,EAAE,CAAC;QAE/D;QAEA,IAAI6C;QACJ,MAAM+B,cAAc,IAAIC,QACtB,CAACC,GAAGC,SACDlC,OAAO,IACNkC,OACE,kEAAkE;gBAClEhG,uBAAS,CAAClC,GAAG,CAACC,QAAQ,CACpB,CAAC,UAAU,EAAEkD,OAAO,uCAAuC,CAAC;QAKtE,oEAAoE;QACpE,MAAMgF,iBAAiB;YAAEnC,MAAMA;QAAM;QAErC,IAAI;YACFhF,KAAK+D,kBAAkB,CAACqD,GAAG,CAACD;YAC5B,8CAA8C;YAC9C,oEAAoE;YACpE,uCAAuC;YACvC,OAAO,MAAMH,QAAQK,IAAI,CAAC;gBAACP;gBAAYC;aAAY;QACrD,SAAU;YACR/G,KAAK+D,kBAAkB,CAAC8C,MAAM,CAACM;YAE/B,IAAInH,KAAK+D,kBAAkB,CAACuD,IAAI,KAAK,GAAG;gBACtC,IAAI,CAACC,YAAY,IAAI;gBACrB,MAAMvH,KAAK8D,YAAY;YACzB;QACF;IACF;IA9ZA,YAAsB/B,aAAqB,EAAEc,SAAiB,CAAE;QAdhE,uBAAiBe,YAAjB,KAAA;QAEA,uBAAiB7B,iBAAjB,KAAA;QAEA,uBAAiBc,aAAjB,KAAA;QAEA,uBAAiBnB,WAAjB,KAAA;QAEA,uBAAQe,oBAAR,KAAA;QAEA,uBAAQF,2BAAR,KAAA;QAEA,uBAAQgF,gBAAe;QAGrB,IAAI,CAAC3D,QAAQ,GAAG,IAAI4D;QACpB,IAAI,CAACzF,aAAa,GAAGA;QACrB,IAAI,CAACA,aAAa,CAAC0F,EAAE,CAAC,QAAQ,CAACzH;YAC7B,IAAI,CAACU,gBAAgB,CAACV,MAAM0H,KAAK,CAAC,CAAC3H;gBACjC,qCAAqC;gBACrC4H,IAAAA,oBAAQ,EAAC5H;YACX;QACF;QACA,IAAI,CAAC8C,SAAS,GAAGA;QAEjB,IAAI,CAACnB,OAAO,GAAGkG,IAAAA,yCAA+B,EAC5C,IAAI,CAAC1F,SAAS,CAAC0D,IAAI,CAAC,IAAI,GACxB,OAAOiC,QAAQC,aAAajC;YAC1B,MAAM7F,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC2C;YAC/B,uEAAuE;YACvE,mBAAmB;YACnB,MAAME,UAAU/H,MAAMuD,OAAO,CAACuE,YAAY;YAC1C,MAAM,EAAEE,QAAQ,EAAE,GAAGvC,wBAAY,CAACqC,YAAY;YAE9CG,IAAAA,aAAM,EACJ,CAACD,YAAYD,YAAYvB,WACzB,CAAC,GAAG,EAAEsB,YAAY,4BAA4B,EAAED,OAAO,CAAC;YAG1D,kEAAkE;YAClE,eAAe;YACf,IAAI,CAACE,SAAS;gBACZ,OAAO;YACT;YAEA,mCAAmC;YACnC,IAAIhH,SAAS,MAAM,IAAI,CAAC0D,oBAAoB,CAACoD,QAAQ,IACnDE,QAAQlC;YAGV,0EAA0E;YAC1E,IAAI9E,WAAWyF,WAAW;gBACxBzF,SAAS;YACX;YAEA,uEAAuE;YACvE,IAAI;gBACF,OAAOiF,IAAAA,kBAAW,EAACjF;YACrB,EAAE,OAAOhB,OAAO;gBACd,MAAM,IAAImI,UACR,CAAC,sCAAsC,EAAEnI,MAAMb,OAAO,CAACiJ,OAAO,CAC5D,wBACA,IACA,CAAC;YAEP;QACF,GACA,IAAI,CAACtD,WAAW,CAACe,IAAI,CAAC,IAAI;IAE9B;AAwWF"}
1
+ {"version":3,"sources":["../../../src/common/BaseSnapExecutor.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../node_modules/ses/types.d.ts\" />\nimport { StreamProvider } from '@metamask/providers';\nimport type { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport type { SnapsGlobalObject } from '@metamask/rpc-methods';\nimport type {\n SnapExports,\n HandlerType,\n SnapExportsParameters,\n} from '@metamask/snaps-utils';\nimport {\n SNAP_EXPORT_NAMES,\n logError,\n SNAP_EXPORTS,\n} from '@metamask/snaps-utils';\nimport type {\n JsonRpcNotification,\n JsonRpcId,\n JsonRpcRequest,\n Json,\n} from '@metamask/utils';\nimport {\n isObject,\n isValidJson,\n assert,\n isJsonRpcRequest,\n hasProperty,\n getSafeJson,\n} from '@metamask/utils';\nimport { errorCodes, ethErrors, serializeError } from 'eth-rpc-errors';\nimport { createIdRemapMiddleware } from 'json-rpc-engine';\nimport type { Duplex } from 'stream';\nimport { validate } from 'superstruct';\n\nimport { log } from '../logging';\nimport EEOpenRPCDocument from '../openrpc.json';\nimport type { CommandMethodsMapping } from './commands';\nimport { getCommandMethodImplementations } from './commands';\nimport { createEndowments } from './endowments';\nimport { addEventListener, removeEventListener } from './globalEvents';\nimport { sortParamKeys } from './sortParams';\nimport {\n assertEthereumOutboundRequest,\n assertSnapOutboundRequest,\n constructError,\n proxyStreamProvider,\n withTeardown,\n} from './utils';\nimport {\n ExecuteSnapRequestArgumentsStruct,\n PingRequestArgumentsStruct,\n SnapRpcRequestArgumentsStruct,\n TerminateRequestArgumentsStruct,\n} from './validation';\n\ntype EvaluationData = {\n stop: () => void;\n};\n\ntype SnapData = {\n exports: SnapExports;\n runningEvaluations: Set<EvaluationData>;\n idleTeardown: () => Promise<void>;\n};\n\nconst fallbackError = {\n code: errorCodes.rpc.internal,\n message: 'Execution Environment Error',\n};\n\nexport type InvokeSnapArgs = Omit<SnapExportsParameters[0], 'chainId'>;\n\nexport type InvokeSnap = (\n target: string,\n handler: HandlerType,\n args: InvokeSnapArgs | undefined,\n) => Promise<Json>;\n\n/**\n * The supported methods in the execution environment. The validator checks the\n * incoming JSON-RPC request, and the `params` property is used for sorting the\n * parameters, if they are an object.\n */\nconst EXECUTION_ENVIRONMENT_METHODS = {\n ping: {\n struct: PingRequestArgumentsStruct,\n params: [],\n },\n executeSnap: {\n struct: ExecuteSnapRequestArgumentsStruct,\n params: ['snapId', 'sourceCode', 'endowments'],\n },\n terminate: {\n struct: TerminateRequestArgumentsStruct,\n params: [],\n },\n snapRpc: {\n struct: SnapRpcRequestArgumentsStruct,\n params: ['target', 'handler', 'origin', 'request'],\n },\n};\n\ntype Methods = typeof EXECUTION_ENVIRONMENT_METHODS;\n\nexport class BaseSnapExecutor {\n private readonly snapData: Map<string, SnapData>;\n\n private readonly commandStream: Duplex;\n\n private readonly rpcStream: Duplex;\n\n private readonly methods: CommandMethodsMapping;\n\n private snapErrorHandler?: (event: ErrorEvent) => void;\n\n private snapPromiseErrorHandler?: (event: PromiseRejectionEvent) => void;\n\n private lastTeardown = 0;\n\n protected constructor(commandStream: Duplex, rpcStream: Duplex) {\n this.snapData = new Map();\n this.commandStream = commandStream;\n this.commandStream.on('data', (data) => {\n this.onCommandRequest(data).catch((error) => {\n // TODO: Decide how to handle errors.\n logError(error);\n });\n });\n this.rpcStream = rpcStream;\n\n this.methods = getCommandMethodImplementations(\n this.startSnap.bind(this),\n async (target, handlerType, args) => {\n const data = this.snapData.get(target);\n // We're capturing the handler in case someone modifies the data object\n // before the call.\n const handler = data?.exports[handlerType];\n const { required } = SNAP_EXPORTS[handlerType];\n\n assert(\n !required || handler !== undefined,\n `No ${handlerType} handler exported for snap \"${target}`,\n );\n\n // Certain handlers are not required. If they are not exported, we\n // return null.\n if (!handler) {\n return null;\n }\n\n // TODO: fix handler args type cast\n let result = await this.executeInSnapContext(target, () =>\n handler(args as any),\n );\n\n // The handler might not return anything, but undefined is not valid JSON.\n if (result === undefined) {\n result = null;\n }\n\n // /!\\ Always return only sanitized JSON to prevent security flaws. /!\\\n try {\n return getSafeJson(result);\n } catch (error) {\n throw new TypeError(\n `Received non-JSON-serializable value: ${error.message.replace(\n /^Assertion failed: /u,\n '',\n )}`,\n );\n }\n },\n this.onTerminate.bind(this),\n );\n }\n\n private errorHandler(error: unknown, data: Record<string, Json>) {\n const constructedError = constructError(error);\n const serializedError = serializeError(constructedError, {\n fallbackError,\n shouldIncludeStack: false,\n });\n\n // We're setting it this way to avoid sentData.stack = undefined\n const sentData: Json = { ...data, stack: constructedError?.stack ?? null };\n\n this.notify({\n method: 'UnhandledError',\n params: {\n error: {\n ...serializedError,\n data: sentData,\n },\n },\n });\n }\n\n private async onCommandRequest(message: JsonRpcRequest) {\n if (!isJsonRpcRequest(message)) {\n throw new Error('Command stream received a non-JSON-RPC request.');\n }\n\n const { id, method, params } = message;\n if (method === 'rpc.discover') {\n this.respond(id, {\n result: EEOpenRPCDocument,\n });\n return;\n }\n\n if (!hasProperty(EXECUTION_ENVIRONMENT_METHODS, method)) {\n this.respond(id, {\n error: ethErrors.rpc\n .methodNotFound({\n data: {\n method,\n },\n })\n .serialize(),\n });\n return;\n }\n\n const methodObject = EXECUTION_ENVIRONMENT_METHODS[method as keyof Methods];\n\n // support params by-name and by-position\n const paramsAsArray = sortParamKeys(methodObject.params, params);\n\n const [error] = validate<any, any>(paramsAsArray, methodObject.struct);\n if (error) {\n this.respond(id, {\n error: ethErrors.rpc\n .invalidParams({\n message: `Invalid parameters for method \"${method}\": ${error.message}.`,\n data: {\n method,\n params: paramsAsArray,\n },\n })\n .serialize(),\n });\n return;\n }\n\n try {\n const result = await (this.methods as any)[method](...paramsAsArray);\n this.respond(id, { result });\n } catch (rpcError) {\n this.respond(id, {\n error: serializeError(rpcError, {\n fallbackError,\n }),\n });\n }\n }\n\n protected notify(requestObject: Omit<JsonRpcNotification, 'jsonrpc'>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error(\n 'JSON-RPC notifications must be JSON serializable objects',\n );\n }\n\n this.commandStream.write({\n ...requestObject,\n jsonrpc: '2.0',\n });\n }\n\n protected respond(id: JsonRpcId, requestObject: Record<string, unknown>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error('JSON-RPC responses must be JSON serializable objects.');\n }\n\n this.commandStream.write({\n ...requestObject,\n id,\n jsonrpc: '2.0',\n });\n }\n\n /**\n * Attempts to evaluate a snap in SES. Generates APIs for the snap. May throw\n * on errors.\n *\n * @param snapId - The id of the snap.\n * @param sourceCode - The source code of the snap, in IIFE format.\n * @param _endowments - An array of the names of the endowments.\n */\n protected async startSnap(\n snapId: string,\n sourceCode: string,\n _endowments?: string[],\n ): Promise<void> {\n log(`Starting snap '${snapId}' in worker.`);\n if (this.snapPromiseErrorHandler) {\n removeEventListener('unhandledrejection', this.snapPromiseErrorHandler);\n }\n\n if (this.snapErrorHandler) {\n removeEventListener('error', this.snapErrorHandler);\n }\n\n this.snapErrorHandler = (error: ErrorEvent) => {\n this.errorHandler(error.error, { snapId });\n };\n\n this.snapPromiseErrorHandler = (error: PromiseRejectionEvent) => {\n this.errorHandler(error instanceof Error ? error : error.reason, {\n snapId,\n });\n };\n\n const provider = new StreamProvider(this.rpcStream, {\n jsonRpcStreamName: 'metamask-provider',\n rpcMiddleware: [createIdRemapMiddleware()],\n });\n\n await provider.initialize();\n\n const snap = this.createSnapGlobal(provider);\n const ethereum = this.createEIP1193Provider(provider);\n // We specifically use any type because the Snap can modify the object any way they want\n const snapModule: any = { exports: {} };\n\n try {\n const { endowments, teardown: endowmentTeardown } = createEndowments(\n snap,\n ethereum,\n snapId,\n _endowments,\n );\n\n // !!! Ensure that this is the only place the data is being set.\n // Other methods access the object value and mutate its properties.\n this.snapData.set(snapId, {\n idleTeardown: endowmentTeardown,\n runningEvaluations: new Set(),\n exports: {},\n });\n\n addEventListener('unhandledRejection', this.snapPromiseErrorHandler);\n addEventListener('error', this.snapErrorHandler);\n\n const compartment = new Compartment({\n ...endowments,\n module: snapModule,\n exports: snapModule.exports,\n });\n // All of those are JavaScript runtime specific and self referential,\n // but we add them for compatibility sake with external libraries.\n //\n // We can't do that in the injected globals object above\n // because SES creates its own globalThis\n compartment.globalThis.self = compartment.globalThis;\n compartment.globalThis.global = compartment.globalThis;\n compartment.globalThis.window = compartment.globalThis;\n\n await this.executeInSnapContext(snapId, () => {\n compartment.evaluate(sourceCode);\n this.registerSnapExports(snapId, snapModule);\n });\n } catch (error) {\n this.removeSnap(snapId);\n throw new Error(\n `Error while running snap '${snapId}': ${(error as Error).message}`,\n );\n }\n }\n\n /**\n * Cancels all running evaluations of all snaps and clears all snap data.\n * NOTE:** Should only be called in response to the `terminate` RPC command.\n */\n protected onTerminate() {\n // `stop()` tears down snap endowments.\n // Teardown will also be run for each snap as soon as there are\n // no more running evaluations for that snap.\n this.snapData.forEach((data) =>\n data.runningEvaluations.forEach((evaluation) => evaluation.stop()),\n );\n this.snapData.clear();\n }\n\n private registerSnapExports(snapId: string, snapModule: any) {\n const data = this.snapData.get(snapId);\n // Somebody deleted the snap before we could register.\n if (!data) {\n return;\n }\n\n data.exports = SNAP_EXPORT_NAMES.reduce((acc, exportName) => {\n const snapExport = snapModule.exports[exportName];\n const { validator } = SNAP_EXPORTS[exportName];\n if (validator(snapExport)) {\n return { ...acc, [exportName]: snapExport };\n }\n return acc;\n }, {});\n }\n\n /**\n * Instantiates a snap API object (i.e. `globalThis.snap`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The snap provider object.\n */\n private createSnapGlobal(provider: StreamProvider): SnapsGlobalObject {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertSnapOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const snapGlobalProxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return typeof prop === 'string' && ['request'].includes(prop);\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n }\n\n return undefined;\n },\n },\n ) as SnapsGlobalObject;\n\n return harden(snapGlobalProxy);\n }\n\n /**\n * Instantiates an EIP-1193 Ethereum provider object (i.e. `globalThis.ethereum`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The EIP-1193 Ethereum provider object.\n */\n private createEIP1193Provider(provider: StreamProvider): StreamProvider {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertEthereumOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n const streamProviderProxy = proxyStreamProvider(provider, request);\n\n return harden(streamProviderProxy);\n }\n\n /**\n * Removes the snap with the given name.\n *\n * @param snapId - The id of the snap to remove.\n */\n private removeSnap(snapId: string): void {\n this.snapData.delete(snapId);\n }\n\n /**\n * Calls the specified executor function in the context of the specified snap.\n * Essentially, this means that the operation performed by the executor is\n * counted as an evaluation of the specified snap. When the count of running\n * evaluations of a snap reaches zero, its endowments are torn down.\n *\n * @param snapId - The id of the snap whose context to execute in.\n * @param executor - The function that will be executed in the snap's context.\n * @returns The executor's return value.\n * @template Result - The return value of the executor.\n */\n private async executeInSnapContext<Result>(\n snapId: string,\n executor: () => Promise<Result> | Result,\n ): Promise<Result> {\n const data = this.snapData.get(snapId);\n if (data === undefined) {\n throw new Error(\n `Tried to execute in context of unknown snap: \"${snapId}\".`,\n );\n }\n\n let stop: () => void;\n const stopPromise = new Promise<never>(\n (_, reject) =>\n (stop = () =>\n reject(\n // TODO(rekmarks): Specify / standardize error code for this case.\n ethErrors.rpc.internal(\n `The snap \"${snapId}\" has been terminated during execution.`,\n ),\n )),\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const evaluationData = { stop: stop! };\n\n try {\n data.runningEvaluations.add(evaluationData);\n // Notice that we have to await this executor.\n // If we didn't, we would decrease the amount of running evaluations\n // before the promise actually resolves\n return await Promise.race([executor(), stopPromise]);\n } finally {\n data.runningEvaluations.delete(evaluationData);\n\n if (data.runningEvaluations.size === 0) {\n this.lastTeardown += 1;\n await data.idleTeardown();\n }\n }\n }\n}\n"],"names":["BaseSnapExecutor","fallbackError","code","errorCodes","rpc","internal","message","EXECUTION_ENVIRONMENT_METHODS","ping","struct","PingRequestArgumentsStruct","params","executeSnap","ExecuteSnapRequestArgumentsStruct","terminate","TerminateRequestArgumentsStruct","snapRpc","SnapRpcRequestArgumentsStruct","errorHandler","error","data","constructedError","constructError","serializedError","serializeError","shouldIncludeStack","sentData","stack","notify","method","onCommandRequest","isJsonRpcRequest","Error","id","respond","result","EEOpenRPCDocument","hasProperty","ethErrors","methodNotFound","serialize","methodObject","paramsAsArray","sortParamKeys","validate","invalidParams","methods","rpcError","requestObject","isValidJson","isObject","commandStream","write","jsonrpc","startSnap","snapId","sourceCode","_endowments","log","snapPromiseErrorHandler","removeEventListener","snapErrorHandler","reason","provider","StreamProvider","rpcStream","jsonRpcStreamName","rpcMiddleware","createIdRemapMiddleware","initialize","snap","createSnapGlobal","ethereum","createEIP1193Provider","snapModule","exports","endowments","teardown","endowmentTeardown","createEndowments","snapData","set","idleTeardown","runningEvaluations","Set","addEventListener","compartment","Compartment","module","globalThis","self","global","window","executeInSnapContext","evaluate","registerSnapExports","removeSnap","onTerminate","forEach","evaluation","stop","clear","get","SNAP_EXPORT_NAMES","reduce","acc","exportName","snapExport","validator","SNAP_EXPORTS","originalRequest","request","bind","args","assertSnapOutboundRequest","sanitizedArgs","getSafeJson","withTeardown","snapGlobalProxy","Proxy","has","_target","prop","includes","undefined","harden","assertEthereumOutboundRequest","streamProviderProxy","proxyStreamProvider","delete","executor","stopPromise","Promise","_","reject","evaluationData","add","race","size","lastTeardown","Map","on","catch","logError","getCommandMethodImplementations","target","handlerType","handler","required","assert","TypeError","replace"],"mappings":"AAAA,qFAAqF;AACrF,gEAAgE;;;;;+BAuGnDA;;;eAAAA;;;2BAtGkB;4BAYxB;uBAcA;8BAC+C;+BACd;6BAEf;yBAEL;oEACU;0BAEkB;4BACf;8BACqB;4BACxB;wBAOvB;4BAMA;;;;;;;;;;;;;;;;;;;AAYP,MAAMC,gBAAgB;IACpBC,MAAMC,wBAAU,CAACC,GAAG,CAACC,QAAQ;IAC7BC,SAAS;AACX;AAUA;;;;CAIC,GACD,MAAMC,gCAAgC;IACpCC,MAAM;QACJC,QAAQC,sCAA0B;QAClCC,QAAQ,EAAE;IACZ;IACAC,aAAa;QACXH,QAAQI,6CAAiC;QACzCF,QAAQ;YAAC;YAAU;YAAc;SAAa;IAChD;IACAG,WAAW;QACTL,QAAQM,2CAA+B;QACvCJ,QAAQ,EAAE;IACZ;IACAK,SAAS;QACPP,QAAQQ,yCAA6B;QACrCN,QAAQ;YAAC;YAAU;YAAW;YAAU;SAAU;IACpD;AACF;AAIO,MAAMX;IAwEHkB,aAAaC,KAAc,EAAEC,IAA0B,EAAE;QAC/D,MAAMC,mBAAmBC,IAAAA,sBAAc,EAACH;QACxC,MAAMI,kBAAkBC,IAAAA,4BAAc,EAACH,kBAAkB;YACvDpB;YACAwB,oBAAoB;QACtB;QAEA,gEAAgE;QAChE,MAAMC,WAAiB;YAAE,GAAGN,IAAI;YAAEO,OAAON,kBAAkBM,SAAS;QAAK;QAEzE,IAAI,CAACC,MAAM,CAAC;YACVC,QAAQ;YACRlB,QAAQ;gBACNQ,OAAO;oBACL,GAAGI,eAAe;oBAClBH,MAAMM;gBACR;YACF;QACF;IACF;IAEA,MAAcI,iBAAiBxB,OAAuB,EAAE;QACtD,IAAI,CAACyB,IAAAA,uBAAgB,EAACzB,UAAU;YAC9B,MAAM,IAAI0B,MAAM;QAClB;QAEA,MAAM,EAAEC,EAAE,EAAEJ,MAAM,EAAElB,MAAM,EAAE,GAAGL;QAC/B,IAAIuB,WAAW,gBAAgB;YAC7B,IAAI,CAACK,OAAO,CAACD,IAAI;gBACfE,QAAQC,oBAAiB;YAC3B;YACA;QACF;QAEA,IAAI,CAACC,IAAAA,kBAAW,EAAC9B,+BAA+BsB,SAAS;YACvD,IAAI,CAACK,OAAO,CAACD,IAAI;gBACfd,OAAOmB,uBAAS,CAAClC,GAAG,CACjBmC,cAAc,CAAC;oBACdnB,MAAM;wBACJS;oBACF;gBACF,GACCW,SAAS;YACd;YACA;QACF;QAEA,MAAMC,eAAelC,6BAA6B,CAACsB,OAAwB;QAE3E,yCAAyC;QACzC,MAAMa,gBAAgBC,IAAAA,yBAAa,EAACF,aAAa9B,MAAM,EAAEA;QAEzD,MAAM,CAACQ,MAAM,GAAGyB,IAAAA,qBAAQ,EAAWF,eAAeD,aAAahC,MAAM;QACrE,IAAIU,OAAO;YACT,IAAI,CAACe,OAAO,CAACD,IAAI;gBACfd,OAAOmB,uBAAS,CAAClC,GAAG,CACjByC,aAAa,CAAC;oBACbvC,SAAS,CAAC,+BAA+B,EAAEuB,OAAO,GAAG,EAAEV,MAAMb,OAAO,CAAC,CAAC,CAAC;oBACvEc,MAAM;wBACJS;wBACAlB,QAAQ+B;oBACV;gBACF,GACCF,SAAS;YACd;YACA;QACF;QAEA,IAAI;YACF,MAAML,SAAS,MAAM,AAAC,IAAI,CAACW,OAAO,AAAQ,CAACjB,OAAO,IAAIa;YACtD,IAAI,CAACR,OAAO,CAACD,IAAI;gBAAEE;YAAO;QAC5B,EAAE,OAAOY,UAAU;YACjB,IAAI,CAACb,OAAO,CAACD,IAAI;gBACfd,OAAOK,IAAAA,4BAAc,EAACuB,UAAU;oBAC9B9C;gBACF;YACF;QACF;IACF;IAEU2B,OAAOoB,aAAmD,EAAE;QACpE,IAAI,CAACC,IAAAA,kBAAW,EAACD,kBAAkB,CAACE,IAAAA,eAAQ,EAACF,gBAAgB;YAC3D,MAAM,IAAIhB,MACR;QAEJ;QAEA,IAAI,CAACmB,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGJ,aAAa;YAChBK,SAAS;QACX;IACF;IAEUnB,QAAQD,EAAa,EAAEe,aAAsC,EAAE;QACvE,IAAI,CAACC,IAAAA,kBAAW,EAACD,kBAAkB,CAACE,IAAAA,eAAQ,EAACF,gBAAgB;YAC3D,MAAM,IAAIhB,MAAM;QAClB;QAEA,IAAI,CAACmB,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGJ,aAAa;YAChBf;YACAoB,SAAS;QACX;IACF;IAEA;;;;;;;GAOC,GACD,MAAgBC,UACdC,MAAc,EACdC,UAAkB,EAClBC,YAAsB,EACP;QACfC,IAAAA,YAAG,EAAC,CAAC,eAAe,EAAEH,OAAO,YAAY,CAAC;QAC1C,IAAI,IAAI,CAACI,uBAAuB,EAAE;YAChCC,IAAAA,iCAAmB,EAAC,sBAAsB,IAAI,CAACD,uBAAuB;QACxE;QAEA,IAAI,IAAI,CAACE,gBAAgB,EAAE;YACzBD,IAAAA,iCAAmB,EAAC,SAAS,IAAI,CAACC,gBAAgB;QACpD;QAEA,IAAI,CAACA,gBAAgB,GAAG,CAAC1C;YACvB,IAAI,CAACD,YAAY,CAACC,MAAMA,KAAK,EAAE;gBAAEoC;YAAO;QAC1C;QAEA,IAAI,CAACI,uBAAuB,GAAG,CAACxC;YAC9B,IAAI,CAACD,YAAY,CAACC,iBAAiBa,QAAQb,QAAQA,MAAM2C,MAAM,EAAE;gBAC/DP;YACF;QACF;QAEA,MAAMQ,WAAW,IAAIC,yBAAc,CAAC,IAAI,CAACC,SAAS,EAAE;YAClDC,mBAAmB;YACnBC,eAAe;gBAACC,IAAAA,sCAAuB;aAAG;QAC5C;QAEA,MAAML,SAASM,UAAU;QAEzB,MAAMC,OAAO,IAAI,CAACC,gBAAgB,CAACR;QACnC,MAAMS,WAAW,IAAI,CAACC,qBAAqB,CAACV;QAC5C,wFAAwF;QACxF,MAAMW,aAAkB;YAAEC,SAAS,CAAC;QAAE;QAEtC,IAAI;YACF,MAAM,EAAEC,UAAU,EAAEC,UAAUC,iBAAiB,EAAE,GAAGC,IAAAA,4BAAgB,EAClET,MACAE,UACAjB,QACAE;YAGF,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAACuB,QAAQ,CAACC,GAAG,CAAC1B,QAAQ;gBACxB2B,cAAcJ;gBACdK,oBAAoB,IAAIC;gBACxBT,SAAS,CAAC;YACZ;YAEAU,IAAAA,8BAAgB,EAAC,sBAAsB,IAAI,CAAC1B,uBAAuB;YACnE0B,IAAAA,8BAAgB,EAAC,SAAS,IAAI,CAACxB,gBAAgB;YAE/C,MAAMyB,cAAc,IAAIC,YAAY;gBAClC,GAAGX,UAAU;gBACbY,QAAQd;gBACRC,SAASD,WAAWC,OAAO;YAC7B;YACA,qEAAqE;YACrE,kEAAkE;YAClE,EAAE;YACF,wDAAwD;YACxD,yCAAyC;YACzCW,YAAYG,UAAU,CAACC,IAAI,GAAGJ,YAAYG,UAAU;YACpDH,YAAYG,UAAU,CAACE,MAAM,GAAGL,YAAYG,UAAU;YACtDH,YAAYG,UAAU,CAACG,MAAM,GAAGN,YAAYG,UAAU;YAEtD,MAAM,IAAI,CAACI,oBAAoB,CAACtC,QAAQ;gBACtC+B,YAAYQ,QAAQ,CAACtC;gBACrB,IAAI,CAACuC,mBAAmB,CAACxC,QAAQmB;YACnC;QACF,EAAE,OAAOvD,OAAO;YACd,IAAI,CAAC6E,UAAU,CAACzC;YAChB,MAAM,IAAIvB,MACR,CAAC,0BAA0B,EAAEuB,OAAO,GAAG,EAAE,AAACpC,MAAgBb,OAAO,CAAC,CAAC;QAEvE;IACF;IAEA;;;GAGC,GACD,AAAU2F,cAAc;QACtB,uCAAuC;QACvC,+DAA+D;QAC/D,6CAA6C;QAC7C,IAAI,CAACjB,QAAQ,CAACkB,OAAO,CAAC,CAAC9E,OACrBA,KAAK+D,kBAAkB,CAACe,OAAO,CAAC,CAACC,aAAeA,WAAWC,IAAI;QAEjE,IAAI,CAACpB,QAAQ,CAACqB,KAAK;IACrB;IAEQN,oBAAoBxC,MAAc,EAAEmB,UAAe,EAAE;QAC3D,MAAMtD,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC/C;QAC/B,sDAAsD;QACtD,IAAI,CAACnC,MAAM;YACT;QACF;QAEAA,KAAKuD,OAAO,GAAG4B,6BAAiB,CAACC,MAAM,CAAC,CAACC,KAAKC;YAC5C,MAAMC,aAAajC,WAAWC,OAAO,CAAC+B,WAAW;YACjD,MAAM,EAAEE,SAAS,EAAE,GAAGC,wBAAY,CAACH,WAAW;YAC9C,IAAIE,UAAUD,aAAa;gBACzB,OAAO;oBAAE,GAAGF,GAAG;oBAAE,CAACC,WAAW,EAAEC;gBAAW;YAC5C;YACA,OAAOF;QACT,GAAG,CAAC;IACN;IAEA;;;;;GAKC,GACD,AAAQlC,iBAAiBR,QAAwB,EAAqB;QACpE,MAAM+C,kBAAkB/C,SAASgD,OAAO,CAACC,IAAI,CAACjD;QAE9C,MAAMgD,UAAU,OAAOE;YACrBC,IAAAA,iCAAyB,EAACD;YAC1B,MAAME,gBAAgBC,IAAAA,kBAAW,EAACH;YAClC,IAAI,CAACrF,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAMwF,IAAAA,oBAAY,EACvBP,gBAAgBK,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACvF,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,qEAAqE;QACrE,sDAAsD;QACtD,MAAMyF,kBAAkB,IAAIC,MAC1B,CAAC,GACD;YACEC,KAAIC,OAAe,EAAEC,IAAqB;gBACxC,OAAO,OAAOA,SAAS,YAAY;oBAAC;iBAAU,CAACC,QAAQ,CAACD;YAC1D;YACApB,KAAImB,OAAO,EAAEC,IAA0B;gBACrC,IAAIA,SAAS,WAAW;oBACtB,OAAOX;gBACT;gBAEA,OAAOa;YACT;QACF;QAGF,OAAOC,OAAOP;IAChB;IAEA;;;;;GAKC,GACD,AAAQ7C,sBAAsBV,QAAwB,EAAkB;QACtE,MAAM+C,kBAAkB/C,SAASgD,OAAO,CAACC,IAAI,CAACjD;QAE9C,MAAMgD,UAAU,OAAOE;YACrBa,IAAAA,qCAA6B,EAACb;YAC9B,MAAME,gBAAgBC,IAAAA,kBAAW,EAACH;YAClC,IAAI,CAACrF,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAMwF,IAAAA,oBAAY,EACvBP,gBAAgBK,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACvF,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,MAAMkG,sBAAsBC,IAAAA,2BAAmB,EAACjE,UAAUgD;QAE1D,OAAOc,OAAOE;IAChB;IAEA;;;;GAIC,GACD,AAAQ/B,WAAWzC,MAAc,EAAQ;QACvC,IAAI,CAACyB,QAAQ,CAACiD,MAAM,CAAC1E;IACvB;IAEA;;;;;;;;;;GAUC,GACD,MAAcsC,qBACZtC,MAAc,EACd2E,QAAwC,EACvB;QACjB,MAAM9G,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC/C;QAC/B,IAAInC,SAASwG,WAAW;YACtB,MAAM,IAAI5F,MACR,CAAC,8CAA8C,EAAEuB,OAAO,EAAE,CAAC;QAE/D;QAEA,IAAI6C;QACJ,MAAM+B,cAAc,IAAIC,QACtB,CAACC,GAAGC,SACDlC,OAAO,IACNkC,OACE,kEAAkE;gBAClEhG,uBAAS,CAAClC,GAAG,CAACC,QAAQ,CACpB,CAAC,UAAU,EAAEkD,OAAO,uCAAuC,CAAC;QAKtE,oEAAoE;QACpE,MAAMgF,iBAAiB;YAAEnC,MAAMA;QAAM;QAErC,IAAI;YACFhF,KAAK+D,kBAAkB,CAACqD,GAAG,CAACD;YAC5B,8CAA8C;YAC9C,oEAAoE;YACpE,uCAAuC;YACvC,OAAO,MAAMH,QAAQK,IAAI,CAAC;gBAACP;gBAAYC;aAAY;QACrD,SAAU;YACR/G,KAAK+D,kBAAkB,CAAC8C,MAAM,CAACM;YAE/B,IAAInH,KAAK+D,kBAAkB,CAACuD,IAAI,KAAK,GAAG;gBACtC,IAAI,CAACC,YAAY,IAAI;gBACrB,MAAMvH,KAAK8D,YAAY;YACzB;QACF;IACF;IA9ZA,YAAsB/B,aAAqB,EAAEc,SAAiB,CAAE;QAdhE,uBAAiBe,YAAjB,KAAA;QAEA,uBAAiB7B,iBAAjB,KAAA;QAEA,uBAAiBc,aAAjB,KAAA;QAEA,uBAAiBnB,WAAjB,KAAA;QAEA,uBAAQe,oBAAR,KAAA;QAEA,uBAAQF,2BAAR,KAAA;QAEA,uBAAQgF,gBAAe;QAGrB,IAAI,CAAC3D,QAAQ,GAAG,IAAI4D;QACpB,IAAI,CAACzF,aAAa,GAAGA;QACrB,IAAI,CAACA,aAAa,CAAC0F,EAAE,CAAC,QAAQ,CAACzH;YAC7B,IAAI,CAACU,gBAAgB,CAACV,MAAM0H,KAAK,CAAC,CAAC3H;gBACjC,qCAAqC;gBACrC4H,IAAAA,oBAAQ,EAAC5H;YACX;QACF;QACA,IAAI,CAAC8C,SAAS,GAAGA;QAEjB,IAAI,CAACnB,OAAO,GAAGkG,IAAAA,yCAA+B,EAC5C,IAAI,CAAC1F,SAAS,CAAC0D,IAAI,CAAC,IAAI,GACxB,OAAOiC,QAAQC,aAAajC;YAC1B,MAAM7F,OAAO,IAAI,CAAC4D,QAAQ,CAACsB,GAAG,CAAC2C;YAC/B,uEAAuE;YACvE,mBAAmB;YACnB,MAAME,UAAU/H,MAAMuD,OAAO,CAACuE,YAAY;YAC1C,MAAM,EAAEE,QAAQ,EAAE,GAAGvC,wBAAY,CAACqC,YAAY;YAE9CG,IAAAA,aAAM,EACJ,CAACD,YAAYD,YAAYvB,WACzB,CAAC,GAAG,EAAEsB,YAAY,4BAA4B,EAAED,OAAO,CAAC;YAG1D,kEAAkE;YAClE,eAAe;YACf,IAAI,CAACE,SAAS;gBACZ,OAAO;YACT;YAEA,mCAAmC;YACnC,IAAIhH,SAAS,MAAM,IAAI,CAAC0D,oBAAoB,CAACoD,QAAQ,IACnDE,QAAQlC;YAGV,0EAA0E;YAC1E,IAAI9E,WAAWyF,WAAW;gBACxBzF,SAAS;YACX;YAEA,uEAAuE;YACvE,IAAI;gBACF,OAAOiF,IAAAA,kBAAW,EAACjF;YACrB,EAAE,OAAOhB,OAAO;gBACd,MAAM,IAAImI,UACR,CAAC,sCAAsC,EAAEnI,MAAMb,OAAO,CAACiJ,OAAO,CAC5D,wBACA,IACA,CAAC;YAEP;QACF,GACA,IAAI,CAACtD,WAAW,CAACe,IAAI,CAAC,IAAI;IAE9B;AAwWF"}
package/dist/cjs/common/lockdown/lockdown-more.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../../node_modules/ses/types.d.ts" />
3
3
  "use strict";
4
4
  Object.defineProperty(exports, "__esModule", {
5
5
  value: true
package/dist/cjs/common/lockdown/lockdown-more.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/common/lockdown/lockdown-more.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/index.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * The SES `lockdown` function only hardens the properties enumerated by the\n * universalPropertyNames constant specified in 'ses/src/whitelist'. This\n * function makes all function and object properties on the start compartment\n * global non-configurable and non-writable, unless they are already\n * non-configurable.\n *\n * It is critical that this function runs at the right time during\n * initialization, which should always be immediately after `lockdown` has been\n * called. At the time of writing, the modifications this function makes to the\n * runtime environment appear to be non-breaking, but that could change with\n * the addition of dependencies, or the order of our scripts in our HTML files.\n * Exercise caution.\n *\n * See inline comments for implementation details.\n *\n * We write this function in IIFE format to avoid polluting global scope.\n *\n * @throws If the lockdown failed.\n */\nexport function executeLockdownMore() {\n // Make all \"object\" and \"function\" own properties of globalThis\n // non-configurable and non-writable, when possible.\n // We call a property that is non-configurable and non-writable,\n // \"non-modifiable\".\n try {\n const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);\n\n // These named intrinsics are not automatically hardened by `lockdown`\n const shouldHardenManually = new Set<symbol | string>(['eval', 'Function']);\n\n const globalProperties = new Set([\n // universalPropertyNames is a constant added by lockdown to global scope\n // at the time of writing, it is initialized in 'ses/src/whitelist'.\n // These properties tend to be non-enumerable.\n ...namedIntrinsics,\n\n // TODO: Also include the named platform globals\n // This grabs every enumerable property on globalThis.\n // ...Object.keys(globalThis),\n ]);\n\n globalProperties.forEach((propertyName) => {\n const descriptor = Reflect.getOwnPropertyDescriptor(\n globalThis,\n propertyName,\n );\n\n if (descriptor) {\n if (descriptor.configurable) {\n // If the property on globalThis is configurable, make it\n // non-configurable. If it has no accessor properties, also make it\n // non-writable.\n if (hasAccessor(descriptor)) {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n });\n } else {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n writable: false,\n });\n }\n }\n\n if (shouldHardenManually.has(propertyName)) {\n harden((globalThis as any)[propertyName]);\n }\n }\n });\n } catch (error) {\n logError('Protecting intrinsics failed:', error);\n throw error;\n }\n}\n\n/**\n * Checks whether the given propertyName descriptor has any accessors, i.e. the\n * properties `get` or `set`.\n *\n * We want to make globals non-writable, and we can't set the `writable`\n * property and accessor properties at the same time.\n *\n * @param descriptor - The propertyName descriptor to check.\n * @returns Whether the propertyName descriptor has any accessors.\n */\nfunction hasAccessor(descriptor: any): boolean {\n return 'set' in descriptor || 'get' in descriptor;\n}\n"],"names":["executeLockdownMore","namedIntrinsics","Reflect","ownKeys","Compartment","globalThis","shouldHardenManually","Set","globalProperties","forEach","propertyName","descriptor","getOwnPropertyDescriptor","configurable","hasAccessor","Object","defineProperty","writable","has","harden","error","logError"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;;;;;+BAwBnDA;;;eAAAA;;;4BAtBS;AAsBlB,SAASA;IACd,gEAAgE;IAChE,oDAAoD;IACpD,gEAAgE;IAChE,oBAAoB;IACpB,IAAI;QACF,MAAMC,kBAAkBC,QAAQC,OAAO,CAAC,IAAIC,cAAcC,UAAU;QAEpE,sEAAsE;QACtE,MAAMC,uBAAuB,IAAIC,IAAqB;YAAC;YAAQ;SAAW;QAE1E,MAAMC,mBAAmB,IAAID,IAAI;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,8CAA8C;eAC3CN;SAKJ;QAEDO,iBAAiBC,OAAO,CAAC,CAACC;YACxB,MAAMC,aAAaT,QAAQU,wBAAwB,CACjDP,YACAK;YAGF,IAAIC,YAAY;gBACd,IAAIA,WAAWE,YAAY,EAAE;oBAC3B,yDAAyD;oBACzD,mEAAmE;oBACnE,gBAAgB;oBAChB,IAAIC,YAAYH,aAAa;wBAC3BI,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;wBAChB;oBACF,OAAO;wBACLE,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;4BACdI,UAAU;wBACZ;oBACF;gBACF;gBAEA,IAAIX,qBAAqBY,GAAG,CAACR,eAAe;oBAC1CS,OAAO,AAACd,UAAkB,CAACK,aAAa;gBAC1C;YACF;QACF;IACF,EAAE,OAAOU,OAAO;QACdC,IAAAA,oBAAQ,EAAC,iCAAiCD;QAC1C,MAAMA;IACR;AACF;AAEA;;;;;;;;;CASC,GACD,SAASN,YAAYH,UAAe;IAClC,OAAO,SAASA,cAAc,SAASA;AACzC"}
1
+ {"version":3,"sources":["../../../../src/common/lockdown/lockdown-more.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/types.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * The SES `lockdown` function only hardens the properties enumerated by the\n * universalPropertyNames constant specified in 'ses/src/whitelist'. This\n * function makes all function and object properties on the start compartment\n * global non-configurable and non-writable, unless they are already\n * non-configurable.\n *\n * It is critical that this function runs at the right time during\n * initialization, which should always be immediately after `lockdown` has been\n * called. At the time of writing, the modifications this function makes to the\n * runtime environment appear to be non-breaking, but that could change with\n * the addition of dependencies, or the order of our scripts in our HTML files.\n * Exercise caution.\n *\n * See inline comments for implementation details.\n *\n * We write this function in IIFE format to avoid polluting global scope.\n *\n * @throws If the lockdown failed.\n */\nexport function executeLockdownMore() {\n // Make all \"object\" and \"function\" own properties of globalThis\n // non-configurable and non-writable, when possible.\n // We call a property that is non-configurable and non-writable,\n // \"non-modifiable\".\n try {\n const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);\n\n // These named intrinsics are not automatically hardened by `lockdown`\n const shouldHardenManually = new Set<symbol | string>(['eval', 'Function']);\n\n const globalProperties = new Set([\n // universalPropertyNames is a constant added by lockdown to global scope\n // at the time of writing, it is initialized in 'ses/src/whitelist'.\n // These properties tend to be non-enumerable.\n ...namedIntrinsics,\n\n // TODO: Also include the named platform globals\n // This grabs every enumerable property on globalThis.\n // ...Object.keys(globalThis),\n ]);\n\n globalProperties.forEach((propertyName) => {\n const descriptor = Reflect.getOwnPropertyDescriptor(\n globalThis,\n propertyName,\n );\n\n if (descriptor) {\n if (descriptor.configurable) {\n // If the property on globalThis is configurable, make it\n // non-configurable. If it has no accessor properties, also make it\n // non-writable.\n if (hasAccessor(descriptor)) {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n });\n } else {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n writable: false,\n });\n }\n }\n\n if (shouldHardenManually.has(propertyName)) {\n harden((globalThis as any)[propertyName]);\n }\n }\n });\n } catch (error) {\n logError('Protecting intrinsics failed:', error);\n throw error;\n }\n}\n\n/**\n * Checks whether the given propertyName descriptor has any accessors, i.e. the\n * properties `get` or `set`.\n *\n * We want to make globals non-writable, and we can't set the `writable`\n * property and accessor properties at the same time.\n *\n * @param descriptor - The propertyName descriptor to check.\n * @returns Whether the propertyName descriptor has any accessors.\n */\nfunction hasAccessor(descriptor: any): boolean {\n return 'set' in descriptor || 'get' in descriptor;\n}\n"],"names":["executeLockdownMore","namedIntrinsics","Reflect","ownKeys","Compartment","globalThis","shouldHardenManually","Set","globalProperties","forEach","propertyName","descriptor","getOwnPropertyDescriptor","configurable","hasAccessor","Object","defineProperty","writable","has","harden","error","logError"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;;;;;+BAwBnDA;;;eAAAA;;;4BAtBS;AAsBlB,SAASA;IACd,gEAAgE;IAChE,oDAAoD;IACpD,gEAAgE;IAChE,oBAAoB;IACpB,IAAI;QACF,MAAMC,kBAAkBC,QAAQC,OAAO,CAAC,IAAIC,cAAcC,UAAU;QAEpE,sEAAsE;QACtE,MAAMC,uBAAuB,IAAIC,IAAqB;YAAC;YAAQ;SAAW;QAE1E,MAAMC,mBAAmB,IAAID,IAAI;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,8CAA8C;eAC3CN;SAKJ;QAEDO,iBAAiBC,OAAO,CAAC,CAACC;YACxB,MAAMC,aAAaT,QAAQU,wBAAwB,CACjDP,YACAK;YAGF,IAAIC,YAAY;gBACd,IAAIA,WAAWE,YAAY,EAAE;oBAC3B,yDAAyD;oBACzD,mEAAmE;oBACnE,gBAAgB;oBAChB,IAAIC,YAAYH,aAAa;wBAC3BI,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;wBAChB;oBACF,OAAO;wBACLE,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;4BACdI,UAAU;wBACZ;oBACF;gBACF;gBAEA,IAAIX,qBAAqBY,GAAG,CAACR,eAAe;oBAC1CS,OAAO,AAACd,UAAkB,CAACK,aAAa;gBAC1C;YACF;QACF;IACF,EAAE,OAAOU,OAAO;QACdC,IAAAA,oBAAQ,EAAC,iCAAiCD;QAC1C,MAAMA;IACR;AACF;AAEA;;;;;;;;;CASC,GACD,SAASN,YAAYH,UAAe;IAClC,OAAO,SAASA,cAAc,SAASA;AACzC"}
package/dist/cjs/common/lockdown/lockdown.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../../node_modules/ses/types.d.ts" />
3
3
  "use strict";
4
4
  Object.defineProperty(exports, "__esModule", {
5
5
  value: true
package/dist/cjs/common/lockdown/lockdown.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/common/lockdown/lockdown.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/index.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * Execute SES lockdown in the current context, i.e., the current iframe.\n *\n * @throws If the SES lockdown failed.\n */\nexport function executeLockdown() {\n try {\n lockdown({\n consoleTaming: 'unsafe',\n errorTaming: 'unsafe',\n mathTaming: 'unsafe',\n dateTaming: 'unsafe',\n overrideTaming: 'severe',\n });\n } catch (error) {\n // If the `lockdown` call throws an exception, it should not be able to continue\n logError('Lockdown failed:', error);\n throw error;\n }\n}\n"],"names":["executeLockdown","lockdown","consoleTaming","errorTaming","mathTaming","dateTaming","overrideTaming","error","logError"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;;;;;+BASnDA;;;eAAAA;;;4BAPS;AAOlB,SAASA;IACd,IAAI;QACFC,SAAS;YACPC,eAAe;YACfC,aAAa;YACbC,YAAY;YACZC,YAAY;YACZC,gBAAgB;QAClB;IACF,EAAE,OAAOC,OAAO;QACd,gFAAgF;QAChFC,IAAAA,oBAAQ,EAAC,oBAAoBD;QAC7B,MAAMA;IACR;AACF"}
1
+ {"version":3,"sources":["../../../../src/common/lockdown/lockdown.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/types.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * Execute SES lockdown in the current context, i.e., the current iframe.\n *\n * @throws If the SES lockdown failed.\n */\nexport function executeLockdown() {\n try {\n lockdown({\n consoleTaming: 'unsafe',\n errorTaming: 'unsafe',\n mathTaming: 'unsafe',\n dateTaming: 'unsafe',\n overrideTaming: 'severe',\n });\n } catch (error) {\n // If the `lockdown` call throws an exception, it should not be able to continue\n logError('Lockdown failed:', error);\n throw error;\n }\n}\n"],"names":["executeLockdown","lockdown","consoleTaming","errorTaming","mathTaming","dateTaming","overrideTaming","error","logError"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;;;;;+BASnDA;;;eAAAA;;;4BAPS;AAOlB,SAASA;IACd,IAAI;QACFC,SAAS;YACPC,eAAe;YACfC,aAAa;YACbC,YAAY;YACZC,YAAY;YACZC,gBAAgB;QAClB;IACF,EAAE,OAAOC,OAAO;QACd,gFAAgF;QAChFC,IAAAA,oBAAQ,EAAC,oBAAoBD;QAC7B,MAAMA;IACR;AACF"}
package/dist/esm/common/BaseSnapExecutor.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../node_modules/ses/types.d.ts" />
3
3
  function _define_property(obj, key, value) {
4
4
  if (key in obj) {
5
5
  Object.defineProperty(obj, key, {
package/dist/esm/common/BaseSnapExecutor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/common/BaseSnapExecutor.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../node_modules/ses/index.d.ts\" />\nimport { StreamProvider } from '@metamask/providers';\nimport type { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport type { SnapsGlobalObject } from '@metamask/rpc-methods';\nimport type {\n SnapExports,\n HandlerType,\n SnapExportsParameters,\n} from '@metamask/snaps-utils';\nimport {\n SNAP_EXPORT_NAMES,\n logError,\n SNAP_EXPORTS,\n} from '@metamask/snaps-utils';\nimport type {\n JsonRpcNotification,\n JsonRpcId,\n JsonRpcRequest,\n Json,\n} from '@metamask/utils';\nimport {\n isObject,\n isValidJson,\n assert,\n isJsonRpcRequest,\n hasProperty,\n getSafeJson,\n} from '@metamask/utils';\nimport { errorCodes, ethErrors, serializeError } from 'eth-rpc-errors';\nimport { createIdRemapMiddleware } from 'json-rpc-engine';\nimport type { Duplex } from 'stream';\nimport { validate } from 'superstruct';\n\nimport { log } from '../logging';\nimport EEOpenRPCDocument from '../openrpc.json';\nimport type { CommandMethodsMapping } from './commands';\nimport { getCommandMethodImplementations } from './commands';\nimport { createEndowments } from './endowments';\nimport { addEventListener, removeEventListener } from './globalEvents';\nimport { sortParamKeys } from './sortParams';\nimport {\n assertEthereumOutboundRequest,\n assertSnapOutboundRequest,\n constructError,\n proxyStreamProvider,\n withTeardown,\n} from './utils';\nimport {\n ExecuteSnapRequestArgumentsStruct,\n PingRequestArgumentsStruct,\n SnapRpcRequestArgumentsStruct,\n TerminateRequestArgumentsStruct,\n} from './validation';\n\ntype EvaluationData = {\n stop: () => void;\n};\n\ntype SnapData = {\n exports: SnapExports;\n runningEvaluations: Set<EvaluationData>;\n idleTeardown: () => Promise<void>;\n};\n\nconst fallbackError = {\n code: errorCodes.rpc.internal,\n message: 'Execution Environment Error',\n};\n\nexport type InvokeSnapArgs = Omit<SnapExportsParameters[0], 'chainId'>;\n\nexport type InvokeSnap = (\n target: string,\n handler: HandlerType,\n args: InvokeSnapArgs | undefined,\n) => Promise<Json>;\n\n/**\n * The supported methods in the execution environment. The validator checks the\n * incoming JSON-RPC request, and the `params` property is used for sorting the\n * parameters, if they are an object.\n */\nconst EXECUTION_ENVIRONMENT_METHODS = {\n ping: {\n struct: PingRequestArgumentsStruct,\n params: [],\n },\n executeSnap: {\n struct: ExecuteSnapRequestArgumentsStruct,\n params: ['snapId', 'sourceCode', 'endowments'],\n },\n terminate: {\n struct: TerminateRequestArgumentsStruct,\n params: [],\n },\n snapRpc: {\n struct: SnapRpcRequestArgumentsStruct,\n params: ['target', 'handler', 'origin', 'request'],\n },\n};\n\ntype Methods = typeof EXECUTION_ENVIRONMENT_METHODS;\n\nexport class BaseSnapExecutor {\n private readonly snapData: Map<string, SnapData>;\n\n private readonly commandStream: Duplex;\n\n private readonly rpcStream: Duplex;\n\n private readonly methods: CommandMethodsMapping;\n\n private snapErrorHandler?: (event: ErrorEvent) => void;\n\n private snapPromiseErrorHandler?: (event: PromiseRejectionEvent) => void;\n\n private lastTeardown = 0;\n\n protected constructor(commandStream: Duplex, rpcStream: Duplex) {\n this.snapData = new Map();\n this.commandStream = commandStream;\n this.commandStream.on('data', (data) => {\n this.onCommandRequest(data).catch((error) => {\n // TODO: Decide how to handle errors.\n logError(error);\n });\n });\n this.rpcStream = rpcStream;\n\n this.methods = getCommandMethodImplementations(\n this.startSnap.bind(this),\n async (target, handlerType, args) => {\n const data = this.snapData.get(target);\n // We're capturing the handler in case someone modifies the data object\n // before the call.\n const handler = data?.exports[handlerType];\n const { required } = SNAP_EXPORTS[handlerType];\n\n assert(\n !required || handler !== undefined,\n `No ${handlerType} handler exported for snap \"${target}`,\n );\n\n // Certain handlers are not required. If they are not exported, we\n // return null.\n if (!handler) {\n return null;\n }\n\n // TODO: fix handler args type cast\n let result = await this.executeInSnapContext(target, () =>\n handler(args as any),\n );\n\n // The handler might not return anything, but undefined is not valid JSON.\n if (result === undefined) {\n result = null;\n }\n\n // /!\\ Always return only sanitized JSON to prevent security flaws. /!\\\n try {\n return getSafeJson(result);\n } catch (error) {\n throw new TypeError(\n `Received non-JSON-serializable value: ${error.message.replace(\n /^Assertion failed: /u,\n '',\n )}`,\n );\n }\n },\n this.onTerminate.bind(this),\n );\n }\n\n private errorHandler(error: unknown, data: Record<string, Json>) {\n const constructedError = constructError(error);\n const serializedError = serializeError(constructedError, {\n fallbackError,\n shouldIncludeStack: false,\n });\n\n // We're setting it this way to avoid sentData.stack = undefined\n const sentData: Json = { ...data, stack: constructedError?.stack ?? null };\n\n this.notify({\n method: 'UnhandledError',\n params: {\n error: {\n ...serializedError,\n data: sentData,\n },\n },\n });\n }\n\n private async onCommandRequest(message: JsonRpcRequest) {\n if (!isJsonRpcRequest(message)) {\n throw new Error('Command stream received a non-JSON-RPC request.');\n }\n\n const { id, method, params } = message;\n if (method === 'rpc.discover') {\n this.respond(id, {\n result: EEOpenRPCDocument,\n });\n return;\n }\n\n if (!hasProperty(EXECUTION_ENVIRONMENT_METHODS, method)) {\n this.respond(id, {\n error: ethErrors.rpc\n .methodNotFound({\n data: {\n method,\n },\n })\n .serialize(),\n });\n return;\n }\n\n const methodObject = EXECUTION_ENVIRONMENT_METHODS[method as keyof Methods];\n\n // support params by-name and by-position\n const paramsAsArray = sortParamKeys(methodObject.params, params);\n\n const [error] = validate<any, any>(paramsAsArray, methodObject.struct);\n if (error) {\n this.respond(id, {\n error: ethErrors.rpc\n .invalidParams({\n message: `Invalid parameters for method \"${method}\": ${error.message}.`,\n data: {\n method,\n params: paramsAsArray,\n },\n })\n .serialize(),\n });\n return;\n }\n\n try {\n const result = await (this.methods as any)[method](...paramsAsArray);\n this.respond(id, { result });\n } catch (rpcError) {\n this.respond(id, {\n error: serializeError(rpcError, {\n fallbackError,\n }),\n });\n }\n }\n\n protected notify(requestObject: Omit<JsonRpcNotification, 'jsonrpc'>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error(\n 'JSON-RPC notifications must be JSON serializable objects',\n );\n }\n\n this.commandStream.write({\n ...requestObject,\n jsonrpc: '2.0',\n });\n }\n\n protected respond(id: JsonRpcId, requestObject: Record<string, unknown>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error('JSON-RPC responses must be JSON serializable objects.');\n }\n\n this.commandStream.write({\n ...requestObject,\n id,\n jsonrpc: '2.0',\n });\n }\n\n /**\n * Attempts to evaluate a snap in SES. Generates APIs for the snap. May throw\n * on errors.\n *\n * @param snapId - The id of the snap.\n * @param sourceCode - The source code of the snap, in IIFE format.\n * @param _endowments - An array of the names of the endowments.\n */\n protected async startSnap(\n snapId: string,\n sourceCode: string,\n _endowments?: string[],\n ): Promise<void> {\n log(`Starting snap '${snapId}' in worker.`);\n if (this.snapPromiseErrorHandler) {\n removeEventListener('unhandledrejection', this.snapPromiseErrorHandler);\n }\n\n if (this.snapErrorHandler) {\n removeEventListener('error', this.snapErrorHandler);\n }\n\n this.snapErrorHandler = (error: ErrorEvent) => {\n this.errorHandler(error.error, { snapId });\n };\n\n this.snapPromiseErrorHandler = (error: PromiseRejectionEvent) => {\n this.errorHandler(error instanceof Error ? error : error.reason, {\n snapId,\n });\n };\n\n const provider = new StreamProvider(this.rpcStream, {\n jsonRpcStreamName: 'metamask-provider',\n rpcMiddleware: [createIdRemapMiddleware()],\n });\n\n await provider.initialize();\n\n const snap = this.createSnapGlobal(provider);\n const ethereum = this.createEIP1193Provider(provider);\n // We specifically use any type because the Snap can modify the object any way they want\n const snapModule: any = { exports: {} };\n\n try {\n const { endowments, teardown: endowmentTeardown } = createEndowments(\n snap,\n ethereum,\n snapId,\n _endowments,\n );\n\n // !!! Ensure that this is the only place the data is being set.\n // Other methods access the object value and mutate its properties.\n this.snapData.set(snapId, {\n idleTeardown: endowmentTeardown,\n runningEvaluations: new Set(),\n exports: {},\n });\n\n addEventListener('unhandledRejection', this.snapPromiseErrorHandler);\n addEventListener('error', this.snapErrorHandler);\n\n const compartment = new Compartment({\n ...endowments,\n module: snapModule,\n exports: snapModule.exports,\n });\n // All of those are JavaScript runtime specific and self referential,\n // but we add them for compatibility sake with external libraries.\n //\n // We can't do that in the injected globals object above\n // because SES creates its own globalThis\n compartment.globalThis.self = compartment.globalThis;\n compartment.globalThis.global = compartment.globalThis;\n compartment.globalThis.window = compartment.globalThis;\n\n await this.executeInSnapContext(snapId, () => {\n compartment.evaluate(sourceCode);\n this.registerSnapExports(snapId, snapModule);\n });\n } catch (error) {\n this.removeSnap(snapId);\n throw new Error(\n `Error while running snap '${snapId}': ${(error as Error).message}`,\n );\n }\n }\n\n /**\n * Cancels all running evaluations of all snaps and clears all snap data.\n * NOTE:** Should only be called in response to the `terminate` RPC command.\n */\n protected onTerminate() {\n // `stop()` tears down snap endowments.\n // Teardown will also be run for each snap as soon as there are\n // no more running evaluations for that snap.\n this.snapData.forEach((data) =>\n data.runningEvaluations.forEach((evaluation) => evaluation.stop()),\n );\n this.snapData.clear();\n }\n\n private registerSnapExports(snapId: string, snapModule: any) {\n const data = this.snapData.get(snapId);\n // Somebody deleted the snap before we could register.\n if (!data) {\n return;\n }\n\n data.exports = SNAP_EXPORT_NAMES.reduce((acc, exportName) => {\n const snapExport = snapModule.exports[exportName];\n const { validator } = SNAP_EXPORTS[exportName];\n if (validator(snapExport)) {\n return { ...acc, [exportName]: snapExport };\n }\n return acc;\n }, {});\n }\n\n /**\n * Instantiates a snap API object (i.e. `globalThis.snap`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The snap provider object.\n */\n private createSnapGlobal(provider: StreamProvider): SnapsGlobalObject {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertSnapOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const snapGlobalProxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return typeof prop === 'string' && ['request'].includes(prop);\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n }\n\n return undefined;\n },\n },\n ) as SnapsGlobalObject;\n\n return harden(snapGlobalProxy);\n }\n\n /**\n * Instantiates an EIP-1193 Ethereum provider object (i.e. `globalThis.ethereum`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The EIP-1193 Ethereum provider object.\n */\n private createEIP1193Provider(provider: StreamProvider): StreamProvider {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertEthereumOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n const streamProviderProxy = proxyStreamProvider(provider, request);\n\n return harden(streamProviderProxy);\n }\n\n /**\n * Removes the snap with the given name.\n *\n * @param snapId - The id of the snap to remove.\n */\n private removeSnap(snapId: string): void {\n this.snapData.delete(snapId);\n }\n\n /**\n * Calls the specified executor function in the context of the specified snap.\n * Essentially, this means that the operation performed by the executor is\n * counted as an evaluation of the specified snap. When the count of running\n * evaluations of a snap reaches zero, its endowments are torn down.\n *\n * @param snapId - The id of the snap whose context to execute in.\n * @param executor - The function that will be executed in the snap's context.\n * @returns The executor's return value.\n * @template Result - The return value of the executor.\n */\n private async executeInSnapContext<Result>(\n snapId: string,\n executor: () => Promise<Result> | Result,\n ): Promise<Result> {\n const data = this.snapData.get(snapId);\n if (data === undefined) {\n throw new Error(\n `Tried to execute in context of unknown snap: \"${snapId}\".`,\n );\n }\n\n let stop: () => void;\n const stopPromise = new Promise<never>(\n (_, reject) =>\n (stop = () =>\n reject(\n // TODO(rekmarks): Specify / standardize error code for this case.\n ethErrors.rpc.internal(\n `The snap \"${snapId}\" has been terminated during execution.`,\n ),\n )),\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const evaluationData = { stop: stop! };\n\n try {\n data.runningEvaluations.add(evaluationData);\n // Notice that we have to await this executor.\n // If we didn't, we would decrease the amount of running evaluations\n // before the promise actually resolves\n return await Promise.race([executor(), stopPromise]);\n } finally {\n data.runningEvaluations.delete(evaluationData);\n\n if (data.runningEvaluations.size === 0) {\n this.lastTeardown += 1;\n await data.idleTeardown();\n }\n }\n }\n}\n"],"names":["StreamProvider","SNAP_EXPORT_NAMES","logError","SNAP_EXPORTS","isObject","isValidJson","assert","isJsonRpcRequest","hasProperty","getSafeJson","errorCodes","ethErrors","serializeError","createIdRemapMiddleware","validate","log","EEOpenRPCDocument","getCommandMethodImplementations","createEndowments","addEventListener","removeEventListener","sortParamKeys","assertEthereumOutboundRequest","assertSnapOutboundRequest","constructError","proxyStreamProvider","withTeardown","ExecuteSnapRequestArgumentsStruct","PingRequestArgumentsStruct","SnapRpcRequestArgumentsStruct","TerminateRequestArgumentsStruct","fallbackError","code","rpc","internal","message","EXECUTION_ENVIRONMENT_METHODS","ping","struct","params","executeSnap","terminate","snapRpc","BaseSnapExecutor","errorHandler","error","data","constructedError","serializedError","shouldIncludeStack","sentData","stack","notify","method","onCommandRequest","Error","id","respond","result","methodNotFound","serialize","methodObject","paramsAsArray","invalidParams","methods","rpcError","requestObject","commandStream","write","jsonrpc","startSnap","snapId","sourceCode","_endowments","snapPromiseErrorHandler","snapErrorHandler","reason","provider","rpcStream","jsonRpcStreamName","rpcMiddleware","initialize","snap","createSnapGlobal","ethereum","createEIP1193Provider","snapModule","exports","endowments","teardown","endowmentTeardown","snapData","set","idleTeardown","runningEvaluations","Set","compartment","Compartment","module","globalThis","self","global","window","executeInSnapContext","evaluate","registerSnapExports","removeSnap","onTerminate","forEach","evaluation","stop","clear","get","reduce","acc","exportName","snapExport","validator","originalRequest","request","bind","args","sanitizedArgs","snapGlobalProxy","Proxy","has","_target","prop","includes","undefined","harden","streamProviderProxy","delete","executor","stopPromise","Promise","_","reject","evaluationData","add","race","size","lastTeardown","Map","on","catch","target","handlerType","handler","required","TypeError","replace"],"mappings":"AAAA,qFAAqF;AACrF,gEAAgE;;;;;;;;;;;;;;AAChE,SAASA,cAAc,QAAQ,sBAAsB;AAQrD,SACEC,iBAAiB,EACjBC,QAAQ,EACRC,YAAY,QACP,wBAAwB;AAO/B,SACEC,QAAQ,EACRC,WAAW,EACXC,MAAM,EACNC,gBAAgB,EAChBC,WAAW,EACXC,WAAW,QACN,kBAAkB;AACzB,SAASC,UAAU,EAAEC,SAAS,EAAEC,cAAc,QAAQ,iBAAiB;AACvE,SAASC,uBAAuB,QAAQ,kBAAkB;AAE1D,SAASC,QAAQ,QAAQ,cAAc;AAEvC,SAASC,GAAG,QAAQ,aAAa;AACjC,OAAOC,uBAAuB,kBAAkB;AAEhD,SAASC,+BAA+B,QAAQ,aAAa;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,gBAAgB,EAAEC,mBAAmB,QAAQ,iBAAiB;AACvE,SAASC,aAAa,QAAQ,eAAe;AAC7C,SACEC,6BAA6B,EAC7BC,yBAAyB,EACzBC,cAAc,EACdC,mBAAmB,EACnBC,YAAY,QACP,UAAU;AACjB,SACEC,iCAAiC,EACjCC,0BAA0B,EAC1BC,6BAA6B,EAC7BC,+BAA+B,QAC1B,eAAe;AAYtB,MAAMC,gBAAgB;IACpBC,MAAMtB,WAAWuB,GAAG,CAACC,QAAQ;IAC7BC,SAAS;AACX;AAUA;;;;CAIC,GACD,MAAMC,gCAAgC;IACpCC,MAAM;QACJC,QAAQV;QACRW,QAAQ,EAAE;IACZ;IACAC,aAAa;QACXF,QAAQX;QACRY,QAAQ;YAAC;YAAU;YAAc;SAAa;IAChD;IACAE,WAAW;QACTH,QAAQR;QACRS,QAAQ,EAAE;IACZ;IACAG,SAAS;QACPJ,QAAQT;QACRU,QAAQ;YAAC;YAAU;YAAW;YAAU;SAAU;IACpD;AACF;AAIA,OAAO,MAAMI;IAwEHC,aAAaC,KAAc,EAAEC,IAA0B,EAAE;QAC/D,MAAMC,mBAAmBvB,eAAeqB;QACxC,MAAMG,kBAAkBpC,eAAemC,kBAAkB;YACvDhB;YACAkB,oBAAoB;QACtB;QAEA,gEAAgE;QAChE,MAAMC,WAAiB;YAAE,GAAGJ,IAAI;YAAEK,OAAOJ,kBAAkBI,SAAS;QAAK;QAEzE,IAAI,CAACC,MAAM,CAAC;YACVC,QAAQ;YACRd,QAAQ;gBACNM,OAAO;oBACL,GAAGG,eAAe;oBAClBF,MAAMI;gBACR;YACF;QACF;IACF;IAEA,MAAcI,iBAAiBnB,OAAuB,EAAE;QACtD,IAAI,CAAC5B,iBAAiB4B,UAAU;YAC9B,MAAM,IAAIoB,MAAM;QAClB;QAEA,MAAM,EAAEC,EAAE,EAAEH,MAAM,EAAEd,MAAM,EAAE,GAAGJ;QAC/B,IAAIkB,WAAW,gBAAgB;YAC7B,IAAI,CAACI,OAAO,CAACD,IAAI;gBACfE,QAAQ1C;YACV;YACA;QACF;QAEA,IAAI,CAACR,YAAY4B,+BAA+BiB,SAAS;YACvD,IAAI,CAACI,OAAO,CAACD,IAAI;gBACfX,OAAOlC,UAAUsB,GAAG,CACjB0B,cAAc,CAAC;oBACdb,MAAM;wBACJO;oBACF;gBACF,GACCO,SAAS;YACd;YACA;QACF;QAEA,MAAMC,eAAezB,6BAA6B,CAACiB,OAAwB;QAE3E,yCAAyC;QACzC,MAAMS,gBAAgBzC,cAAcwC,aAAatB,MAAM,EAAEA;QAEzD,MAAM,CAACM,MAAM,GAAG/B,SAAmBgD,eAAeD,aAAavB,MAAM;QACrE,IAAIO,OAAO;YACT,IAAI,CAACY,OAAO,CAACD,IAAI;gBACfX,OAAOlC,UAAUsB,GAAG,CACjB8B,aAAa,CAAC;oBACb5B,SAAS,CAAC,+BAA+B,EAAEkB,OAAO,GAAG,EAAER,MAAMV,OAAO,CAAC,CAAC,CAAC;oBACvEW,MAAM;wBACJO;wBACAd,QAAQuB;oBACV;gBACF,GACCF,SAAS;YACd;YACA;QACF;QAEA,IAAI;YACF,MAAMF,SAAS,MAAM,AAAC,IAAI,CAACM,OAAO,AAAQ,CAACX,OAAO,IAAIS;YACtD,IAAI,CAACL,OAAO,CAACD,IAAI;gBAAEE;YAAO;QAC5B,EAAE,OAAOO,UAAU;YACjB,IAAI,CAACR,OAAO,CAACD,IAAI;gBACfX,OAAOjC,eAAeqD,UAAU;oBAC9BlC;gBACF;YACF;QACF;IACF;IAEUqB,OAAOc,aAAmD,EAAE;QACpE,IAAI,CAAC7D,YAAY6D,kBAAkB,CAAC9D,SAAS8D,gBAAgB;YAC3D,MAAM,IAAIX,MACR;QAEJ;QAEA,IAAI,CAACY,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGF,aAAa;YAChBG,SAAS;QACX;IACF;IAEUZ,QAAQD,EAAa,EAAEU,aAAsC,EAAE;QACvE,IAAI,CAAC7D,YAAY6D,kBAAkB,CAAC9D,SAAS8D,gBAAgB;YAC3D,MAAM,IAAIX,MAAM;QAClB;QAEA,IAAI,CAACY,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGF,aAAa;YAChBV;YACAa,SAAS;QACX;IACF;IAEA;;;;;;;GAOC,GACD,MAAgBC,UACdC,MAAc,EACdC,UAAkB,EAClBC,WAAsB,EACP;QACf1D,IAAI,CAAC,eAAe,EAAEwD,OAAO,YAAY,CAAC;QAC1C,IAAI,IAAI,CAACG,uBAAuB,EAAE;YAChCtD,oBAAoB,sBAAsB,IAAI,CAACsD,uBAAuB;QACxE;QAEA,IAAI,IAAI,CAACC,gBAAgB,EAAE;YACzBvD,oBAAoB,SAAS,IAAI,CAACuD,gBAAgB;QACpD;QAEA,IAAI,CAACA,gBAAgB,GAAG,CAAC9B;YACvB,IAAI,CAACD,YAAY,CAACC,MAAMA,KAAK,EAAE;gBAAE0B;YAAO;QAC1C;QAEA,IAAI,CAACG,uBAAuB,GAAG,CAAC7B;YAC9B,IAAI,CAACD,YAAY,CAACC,iBAAiBU,QAAQV,QAAQA,MAAM+B,MAAM,EAAE;gBAC/DL;YACF;QACF;QAEA,MAAMM,WAAW,IAAI7E,eAAe,IAAI,CAAC8E,SAAS,EAAE;YAClDC,mBAAmB;YACnBC,eAAe;gBAACnE;aAA0B;QAC5C;QAEA,MAAMgE,SAASI,UAAU;QAEzB,MAAMC,OAAO,IAAI,CAACC,gBAAgB,CAACN;QACnC,MAAMO,WAAW,IAAI,CAACC,qBAAqB,CAACR;QAC5C,wFAAwF;QACxF,MAAMS,aAAkB;YAAEC,SAAS,CAAC;QAAE;QAEtC,IAAI;YACF,MAAM,EAAEC,UAAU,EAAEC,UAAUC,iBAAiB,EAAE,GAAGxE,iBAClDgE,MACAE,UACAb,QACAE;YAGF,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAACkB,QAAQ,CAACC,GAAG,CAACrB,QAAQ;gBACxBsB,cAAcH;gBACdI,oBAAoB,IAAIC;gBACxBR,SAAS,CAAC;YACZ;YAEApE,iBAAiB,sBAAsB,IAAI,CAACuD,uBAAuB;YACnEvD,iBAAiB,SAAS,IAAI,CAACwD,gBAAgB;YAE/C,MAAMqB,cAAc,IAAIC,YAAY;gBAClC,GAAGT,UAAU;gBACbU,QAAQZ;gBACRC,SAASD,WAAWC,OAAO;YAC7B;YACA,qEAAqE;YACrE,kEAAkE;YAClE,EAAE;YACF,wDAAwD;YACxD,yCAAyC;YACzCS,YAAYG,UAAU,CAACC,IAAI,GAAGJ,YAAYG,UAAU;YACpDH,YAAYG,UAAU,CAACE,MAAM,GAAGL,YAAYG,UAAU;YACtDH,YAAYG,UAAU,CAACG,MAAM,GAAGN,YAAYG,UAAU;YAEtD,MAAM,IAAI,CAACI,oBAAoB,CAAChC,QAAQ;gBACtCyB,YAAYQ,QAAQ,CAAChC;gBACrB,IAAI,CAACiC,mBAAmB,CAAClC,QAAQe;YACnC;QACF,EAAE,OAAOzC,OAAO;YACd,IAAI,CAAC6D,UAAU,CAACnC;YAChB,MAAM,IAAIhB,MACR,CAAC,0BAA0B,EAAEgB,OAAO,GAAG,EAAE,AAAC1B,MAAgBV,OAAO,CAAC,CAAC;QAEvE;IACF;IAEA;;;GAGC,GACD,AAAUwE,cAAc;QACtB,uCAAuC;QACvC,+DAA+D;QAC/D,6CAA6C;QAC7C,IAAI,CAAChB,QAAQ,CAACiB,OAAO,CAAC,CAAC9D,OACrBA,KAAKgD,kBAAkB,CAACc,OAAO,CAAC,CAACC,aAAeA,WAAWC,IAAI;QAEjE,IAAI,CAACnB,QAAQ,CAACoB,KAAK;IACrB;IAEQN,oBAAoBlC,MAAc,EAAEe,UAAe,EAAE;QAC3D,MAAMxC,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACzC;QAC/B,sDAAsD;QACtD,IAAI,CAACzB,MAAM;YACT;QACF;QAEAA,KAAKyC,OAAO,GAAGtF,kBAAkBgH,MAAM,CAAC,CAACC,KAAKC;YAC5C,MAAMC,aAAa9B,WAAWC,OAAO,CAAC4B,WAAW;YACjD,MAAM,EAAEE,SAAS,EAAE,GAAGlH,YAAY,CAACgH,WAAW;YAC9C,IAAIE,UAAUD,aAAa;gBACzB,OAAO;oBAAE,GAAGF,GAAG;oBAAE,CAACC,WAAW,EAAEC;gBAAW;YAC5C;YACA,OAAOF;QACT,GAAG,CAAC;IACN;IAEA;;;;;GAKC,GACD,AAAQ/B,iBAAiBN,QAAwB,EAAqB;QACpE,MAAMyC,kBAAkBzC,SAAS0C,OAAO,CAACC,IAAI,CAAC3C;QAE9C,MAAM0C,UAAU,OAAOE;YACrBlG,0BAA0BkG;YAC1B,MAAMC,gBAAgBjH,YAAYgH;YAClC,IAAI,CAACrE,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAM3B,aACX4F,gBAAgBI,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACtE,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,qEAAqE;QACrE,sDAAsD;QACtD,MAAMsE,kBAAkB,IAAIC,MAC1B,CAAC,GACD;YACEC,KAAIC,OAAe,EAAEC,IAAqB;gBACxC,OAAO,OAAOA,SAAS,YAAY;oBAAC;iBAAU,CAACC,QAAQ,CAACD;YAC1D;YACAf,KAAIc,OAAO,EAAEC,IAA0B;gBACrC,IAAIA,SAAS,WAAW;oBACtB,OAAOR;gBACT;gBAEA,OAAOU;YACT;QACF;QAGF,OAAOC,OAAOP;IAChB;IAEA;;;;;GAKC,GACD,AAAQtC,sBAAsBR,QAAwB,EAAkB;QACtE,MAAMyC,kBAAkBzC,SAAS0C,OAAO,CAACC,IAAI,CAAC3C;QAE9C,MAAM0C,UAAU,OAAOE;YACrBnG,8BAA8BmG;YAC9B,MAAMC,gBAAgBjH,YAAYgH;YAClC,IAAI,CAACrE,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAM3B,aACX4F,gBAAgBI,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACtE,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,MAAM8E,sBAAsB1G,oBAAoBoD,UAAU0C;QAE1D,OAAOW,OAAOC;IAChB;IAEA;;;;GAIC,GACD,AAAQzB,WAAWnC,MAAc,EAAQ;QACvC,IAAI,CAACoB,QAAQ,CAACyC,MAAM,CAAC7D;IACvB;IAEA;;;;;;;;;;GAUC,GACD,MAAcgC,qBACZhC,MAAc,EACd8D,QAAwC,EACvB;QACjB,MAAMvF,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACzC;QAC/B,IAAIzB,SAASmF,WAAW;YACtB,MAAM,IAAI1E,MACR,CAAC,8CAA8C,EAAEgB,OAAO,EAAE,CAAC;QAE/D;QAEA,IAAIuC;QACJ,MAAMwB,cAAc,IAAIC,QACtB,CAACC,GAAGC,SACD3B,OAAO,IACN2B,OACE,kEAAkE;gBAClE9H,UAAUsB,GAAG,CAACC,QAAQ,CACpB,CAAC,UAAU,EAAEqC,OAAO,uCAAuC,CAAC;QAKtE,oEAAoE;QACpE,MAAMmE,iBAAiB;YAAE5B,MAAMA;QAAM;QAErC,IAAI;YACFhE,KAAKgD,kBAAkB,CAAC6C,GAAG,CAACD;YAC5B,8CAA8C;YAC9C,oEAAoE;YACpE,uCAAuC;YACvC,OAAO,MAAMH,QAAQK,IAAI,CAAC;gBAACP;gBAAYC;aAAY;QACrD,SAAU;YACRxF,KAAKgD,kBAAkB,CAACsC,MAAM,CAACM;YAE/B,IAAI5F,KAAKgD,kBAAkB,CAAC+C,IAAI,KAAK,GAAG;gBACtC,IAAI,CAACC,YAAY,IAAI;gBACrB,MAAMhG,KAAK+C,YAAY;YACzB;QACF;IACF;IA9ZA,YAAsB1B,aAAqB,EAAEW,SAAiB,CAAE;QAdhE,uBAAiBa,YAAjB,KAAA;QAEA,uBAAiBxB,iBAAjB,KAAA;QAEA,uBAAiBW,aAAjB,KAAA;QAEA,uBAAiBd,WAAjB,KAAA;QAEA,uBAAQW,oBAAR,KAAA;QAEA,uBAAQD,2BAAR,KAAA;QAEA,uBAAQoE,gBAAe;QAGrB,IAAI,CAACnD,QAAQ,GAAG,IAAIoD;QACpB,IAAI,CAAC5E,aAAa,GAAGA;QACrB,IAAI,CAACA,aAAa,CAAC6E,EAAE,CAAC,QAAQ,CAAClG;YAC7B,IAAI,CAACQ,gBAAgB,CAACR,MAAMmG,KAAK,CAAC,CAACpG;gBACjC,qCAAqC;gBACrC3C,SAAS2C;YACX;QACF;QACA,IAAI,CAACiC,SAAS,GAAGA;QAEjB,IAAI,CAACd,OAAO,GAAG/C,gCACb,IAAI,CAACqD,SAAS,CAACkD,IAAI,CAAC,IAAI,GACxB,OAAO0B,QAAQC,aAAa1B;YAC1B,MAAM3E,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACkC;YAC/B,uEAAuE;YACvE,mBAAmB;YACnB,MAAME,UAAUtG,MAAMyC,OAAO,CAAC4D,YAAY;YAC1C,MAAM,EAAEE,QAAQ,EAAE,GAAGlJ,YAAY,CAACgJ,YAAY;YAE9C7I,OACE,CAAC+I,YAAYD,YAAYnB,WACzB,CAAC,GAAG,EAAEkB,YAAY,4BAA4B,EAAED,OAAO,CAAC;YAG1D,kEAAkE;YAClE,eAAe;YACf,IAAI,CAACE,SAAS;gBACZ,OAAO;YACT;YAEA,mCAAmC;YACnC,IAAI1F,SAAS,MAAM,IAAI,CAAC6C,oBAAoB,CAAC2C,QAAQ,IACnDE,QAAQ3B;YAGV,0EAA0E;YAC1E,IAAI/D,WAAWuE,WAAW;gBACxBvE,SAAS;YACX;YAEA,uEAAuE;YACvE,IAAI;gBACF,OAAOjD,YAAYiD;YACrB,EAAE,OAAOb,OAAO;gBACd,MAAM,IAAIyG,UACR,CAAC,sCAAsC,EAAEzG,MAAMV,OAAO,CAACoH,OAAO,CAC5D,wBACA,IACA,CAAC;YAEP;QACF,GACA,IAAI,CAAC5C,WAAW,CAACa,IAAI,CAAC,IAAI;IAE9B;AAwWF"}
1
+ {"version":3,"sources":["../../../src/common/BaseSnapExecutor.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../node_modules/ses/types.d.ts\" />\nimport { StreamProvider } from '@metamask/providers';\nimport type { RequestArguments } from '@metamask/providers/dist/BaseProvider';\nimport type { SnapsGlobalObject } from '@metamask/rpc-methods';\nimport type {\n SnapExports,\n HandlerType,\n SnapExportsParameters,\n} from '@metamask/snaps-utils';\nimport {\n SNAP_EXPORT_NAMES,\n logError,\n SNAP_EXPORTS,\n} from '@metamask/snaps-utils';\nimport type {\n JsonRpcNotification,\n JsonRpcId,\n JsonRpcRequest,\n Json,\n} from '@metamask/utils';\nimport {\n isObject,\n isValidJson,\n assert,\n isJsonRpcRequest,\n hasProperty,\n getSafeJson,\n} from '@metamask/utils';\nimport { errorCodes, ethErrors, serializeError } from 'eth-rpc-errors';\nimport { createIdRemapMiddleware } from 'json-rpc-engine';\nimport type { Duplex } from 'stream';\nimport { validate } from 'superstruct';\n\nimport { log } from '../logging';\nimport EEOpenRPCDocument from '../openrpc.json';\nimport type { CommandMethodsMapping } from './commands';\nimport { getCommandMethodImplementations } from './commands';\nimport { createEndowments } from './endowments';\nimport { addEventListener, removeEventListener } from './globalEvents';\nimport { sortParamKeys } from './sortParams';\nimport {\n assertEthereumOutboundRequest,\n assertSnapOutboundRequest,\n constructError,\n proxyStreamProvider,\n withTeardown,\n} from './utils';\nimport {\n ExecuteSnapRequestArgumentsStruct,\n PingRequestArgumentsStruct,\n SnapRpcRequestArgumentsStruct,\n TerminateRequestArgumentsStruct,\n} from './validation';\n\ntype EvaluationData = {\n stop: () => void;\n};\n\ntype SnapData = {\n exports: SnapExports;\n runningEvaluations: Set<EvaluationData>;\n idleTeardown: () => Promise<void>;\n};\n\nconst fallbackError = {\n code: errorCodes.rpc.internal,\n message: 'Execution Environment Error',\n};\n\nexport type InvokeSnapArgs = Omit<SnapExportsParameters[0], 'chainId'>;\n\nexport type InvokeSnap = (\n target: string,\n handler: HandlerType,\n args: InvokeSnapArgs | undefined,\n) => Promise<Json>;\n\n/**\n * The supported methods in the execution environment. The validator checks the\n * incoming JSON-RPC request, and the `params` property is used for sorting the\n * parameters, if they are an object.\n */\nconst EXECUTION_ENVIRONMENT_METHODS = {\n ping: {\n struct: PingRequestArgumentsStruct,\n params: [],\n },\n executeSnap: {\n struct: ExecuteSnapRequestArgumentsStruct,\n params: ['snapId', 'sourceCode', 'endowments'],\n },\n terminate: {\n struct: TerminateRequestArgumentsStruct,\n params: [],\n },\n snapRpc: {\n struct: SnapRpcRequestArgumentsStruct,\n params: ['target', 'handler', 'origin', 'request'],\n },\n};\n\ntype Methods = typeof EXECUTION_ENVIRONMENT_METHODS;\n\nexport class BaseSnapExecutor {\n private readonly snapData: Map<string, SnapData>;\n\n private readonly commandStream: Duplex;\n\n private readonly rpcStream: Duplex;\n\n private readonly methods: CommandMethodsMapping;\n\n private snapErrorHandler?: (event: ErrorEvent) => void;\n\n private snapPromiseErrorHandler?: (event: PromiseRejectionEvent) => void;\n\n private lastTeardown = 0;\n\n protected constructor(commandStream: Duplex, rpcStream: Duplex) {\n this.snapData = new Map();\n this.commandStream = commandStream;\n this.commandStream.on('data', (data) => {\n this.onCommandRequest(data).catch((error) => {\n // TODO: Decide how to handle errors.\n logError(error);\n });\n });\n this.rpcStream = rpcStream;\n\n this.methods = getCommandMethodImplementations(\n this.startSnap.bind(this),\n async (target, handlerType, args) => {\n const data = this.snapData.get(target);\n // We're capturing the handler in case someone modifies the data object\n // before the call.\n const handler = data?.exports[handlerType];\n const { required } = SNAP_EXPORTS[handlerType];\n\n assert(\n !required || handler !== undefined,\n `No ${handlerType} handler exported for snap \"${target}`,\n );\n\n // Certain handlers are not required. If they are not exported, we\n // return null.\n if (!handler) {\n return null;\n }\n\n // TODO: fix handler args type cast\n let result = await this.executeInSnapContext(target, () =>\n handler(args as any),\n );\n\n // The handler might not return anything, but undefined is not valid JSON.\n if (result === undefined) {\n result = null;\n }\n\n // /!\\ Always return only sanitized JSON to prevent security flaws. /!\\\n try {\n return getSafeJson(result);\n } catch (error) {\n throw new TypeError(\n `Received non-JSON-serializable value: ${error.message.replace(\n /^Assertion failed: /u,\n '',\n )}`,\n );\n }\n },\n this.onTerminate.bind(this),\n );\n }\n\n private errorHandler(error: unknown, data: Record<string, Json>) {\n const constructedError = constructError(error);\n const serializedError = serializeError(constructedError, {\n fallbackError,\n shouldIncludeStack: false,\n });\n\n // We're setting it this way to avoid sentData.stack = undefined\n const sentData: Json = { ...data, stack: constructedError?.stack ?? null };\n\n this.notify({\n method: 'UnhandledError',\n params: {\n error: {\n ...serializedError,\n data: sentData,\n },\n },\n });\n }\n\n private async onCommandRequest(message: JsonRpcRequest) {\n if (!isJsonRpcRequest(message)) {\n throw new Error('Command stream received a non-JSON-RPC request.');\n }\n\n const { id, method, params } = message;\n if (method === 'rpc.discover') {\n this.respond(id, {\n result: EEOpenRPCDocument,\n });\n return;\n }\n\n if (!hasProperty(EXECUTION_ENVIRONMENT_METHODS, method)) {\n this.respond(id, {\n error: ethErrors.rpc\n .methodNotFound({\n data: {\n method,\n },\n })\n .serialize(),\n });\n return;\n }\n\n const methodObject = EXECUTION_ENVIRONMENT_METHODS[method as keyof Methods];\n\n // support params by-name and by-position\n const paramsAsArray = sortParamKeys(methodObject.params, params);\n\n const [error] = validate<any, any>(paramsAsArray, methodObject.struct);\n if (error) {\n this.respond(id, {\n error: ethErrors.rpc\n .invalidParams({\n message: `Invalid parameters for method \"${method}\": ${error.message}.`,\n data: {\n method,\n params: paramsAsArray,\n },\n })\n .serialize(),\n });\n return;\n }\n\n try {\n const result = await (this.methods as any)[method](...paramsAsArray);\n this.respond(id, { result });\n } catch (rpcError) {\n this.respond(id, {\n error: serializeError(rpcError, {\n fallbackError,\n }),\n });\n }\n }\n\n protected notify(requestObject: Omit<JsonRpcNotification, 'jsonrpc'>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error(\n 'JSON-RPC notifications must be JSON serializable objects',\n );\n }\n\n this.commandStream.write({\n ...requestObject,\n jsonrpc: '2.0',\n });\n }\n\n protected respond(id: JsonRpcId, requestObject: Record<string, unknown>) {\n if (!isValidJson(requestObject) || !isObject(requestObject)) {\n throw new Error('JSON-RPC responses must be JSON serializable objects.');\n }\n\n this.commandStream.write({\n ...requestObject,\n id,\n jsonrpc: '2.0',\n });\n }\n\n /**\n * Attempts to evaluate a snap in SES. Generates APIs for the snap. May throw\n * on errors.\n *\n * @param snapId - The id of the snap.\n * @param sourceCode - The source code of the snap, in IIFE format.\n * @param _endowments - An array of the names of the endowments.\n */\n protected async startSnap(\n snapId: string,\n sourceCode: string,\n _endowments?: string[],\n ): Promise<void> {\n log(`Starting snap '${snapId}' in worker.`);\n if (this.snapPromiseErrorHandler) {\n removeEventListener('unhandledrejection', this.snapPromiseErrorHandler);\n }\n\n if (this.snapErrorHandler) {\n removeEventListener('error', this.snapErrorHandler);\n }\n\n this.snapErrorHandler = (error: ErrorEvent) => {\n this.errorHandler(error.error, { snapId });\n };\n\n this.snapPromiseErrorHandler = (error: PromiseRejectionEvent) => {\n this.errorHandler(error instanceof Error ? error : error.reason, {\n snapId,\n });\n };\n\n const provider = new StreamProvider(this.rpcStream, {\n jsonRpcStreamName: 'metamask-provider',\n rpcMiddleware: [createIdRemapMiddleware()],\n });\n\n await provider.initialize();\n\n const snap = this.createSnapGlobal(provider);\n const ethereum = this.createEIP1193Provider(provider);\n // We specifically use any type because the Snap can modify the object any way they want\n const snapModule: any = { exports: {} };\n\n try {\n const { endowments, teardown: endowmentTeardown } = createEndowments(\n snap,\n ethereum,\n snapId,\n _endowments,\n );\n\n // !!! Ensure that this is the only place the data is being set.\n // Other methods access the object value and mutate its properties.\n this.snapData.set(snapId, {\n idleTeardown: endowmentTeardown,\n runningEvaluations: new Set(),\n exports: {},\n });\n\n addEventListener('unhandledRejection', this.snapPromiseErrorHandler);\n addEventListener('error', this.snapErrorHandler);\n\n const compartment = new Compartment({\n ...endowments,\n module: snapModule,\n exports: snapModule.exports,\n });\n // All of those are JavaScript runtime specific and self referential,\n // but we add them for compatibility sake with external libraries.\n //\n // We can't do that in the injected globals object above\n // because SES creates its own globalThis\n compartment.globalThis.self = compartment.globalThis;\n compartment.globalThis.global = compartment.globalThis;\n compartment.globalThis.window = compartment.globalThis;\n\n await this.executeInSnapContext(snapId, () => {\n compartment.evaluate(sourceCode);\n this.registerSnapExports(snapId, snapModule);\n });\n } catch (error) {\n this.removeSnap(snapId);\n throw new Error(\n `Error while running snap '${snapId}': ${(error as Error).message}`,\n );\n }\n }\n\n /**\n * Cancels all running evaluations of all snaps and clears all snap data.\n * NOTE:** Should only be called in response to the `terminate` RPC command.\n */\n protected onTerminate() {\n // `stop()` tears down snap endowments.\n // Teardown will also be run for each snap as soon as there are\n // no more running evaluations for that snap.\n this.snapData.forEach((data) =>\n data.runningEvaluations.forEach((evaluation) => evaluation.stop()),\n );\n this.snapData.clear();\n }\n\n private registerSnapExports(snapId: string, snapModule: any) {\n const data = this.snapData.get(snapId);\n // Somebody deleted the snap before we could register.\n if (!data) {\n return;\n }\n\n data.exports = SNAP_EXPORT_NAMES.reduce((acc, exportName) => {\n const snapExport = snapModule.exports[exportName];\n const { validator } = SNAP_EXPORTS[exportName];\n if (validator(snapExport)) {\n return { ...acc, [exportName]: snapExport };\n }\n return acc;\n }, {});\n }\n\n /**\n * Instantiates a snap API object (i.e. `globalThis.snap`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The snap provider object.\n */\n private createSnapGlobal(provider: StreamProvider): SnapsGlobalObject {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertSnapOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n // Proxy target is intentionally set to be an empty object, to ensure\n // that access to the prototype chain is not possible.\n const snapGlobalProxy = new Proxy(\n {},\n {\n has(_target: object, prop: string | symbol) {\n return typeof prop === 'string' && ['request'].includes(prop);\n },\n get(_target, prop: keyof StreamProvider) {\n if (prop === 'request') {\n return request;\n }\n\n return undefined;\n },\n },\n ) as SnapsGlobalObject;\n\n return harden(snapGlobalProxy);\n }\n\n /**\n * Instantiates an EIP-1193 Ethereum provider object (i.e. `globalThis.ethereum`).\n *\n * @param provider - A StreamProvider connected to MetaMask.\n * @returns The EIP-1193 Ethereum provider object.\n */\n private createEIP1193Provider(provider: StreamProvider): StreamProvider {\n const originalRequest = provider.request.bind(provider);\n\n const request = async (args: RequestArguments) => {\n assertEthereumOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n\n const streamProviderProxy = proxyStreamProvider(provider, request);\n\n return harden(streamProviderProxy);\n }\n\n /**\n * Removes the snap with the given name.\n *\n * @param snapId - The id of the snap to remove.\n */\n private removeSnap(snapId: string): void {\n this.snapData.delete(snapId);\n }\n\n /**\n * Calls the specified executor function in the context of the specified snap.\n * Essentially, this means that the operation performed by the executor is\n * counted as an evaluation of the specified snap. When the count of running\n * evaluations of a snap reaches zero, its endowments are torn down.\n *\n * @param snapId - The id of the snap whose context to execute in.\n * @param executor - The function that will be executed in the snap's context.\n * @returns The executor's return value.\n * @template Result - The return value of the executor.\n */\n private async executeInSnapContext<Result>(\n snapId: string,\n executor: () => Promise<Result> | Result,\n ): Promise<Result> {\n const data = this.snapData.get(snapId);\n if (data === undefined) {\n throw new Error(\n `Tried to execute in context of unknown snap: \"${snapId}\".`,\n );\n }\n\n let stop: () => void;\n const stopPromise = new Promise<never>(\n (_, reject) =>\n (stop = () =>\n reject(\n // TODO(rekmarks): Specify / standardize error code for this case.\n ethErrors.rpc.internal(\n `The snap \"${snapId}\" has been terminated during execution.`,\n ),\n )),\n );\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const evaluationData = { stop: stop! };\n\n try {\n data.runningEvaluations.add(evaluationData);\n // Notice that we have to await this executor.\n // If we didn't, we would decrease the amount of running evaluations\n // before the promise actually resolves\n return await Promise.race([executor(), stopPromise]);\n } finally {\n data.runningEvaluations.delete(evaluationData);\n\n if (data.runningEvaluations.size === 0) {\n this.lastTeardown += 1;\n await data.idleTeardown();\n }\n }\n }\n}\n"],"names":["StreamProvider","SNAP_EXPORT_NAMES","logError","SNAP_EXPORTS","isObject","isValidJson","assert","isJsonRpcRequest","hasProperty","getSafeJson","errorCodes","ethErrors","serializeError","createIdRemapMiddleware","validate","log","EEOpenRPCDocument","getCommandMethodImplementations","createEndowments","addEventListener","removeEventListener","sortParamKeys","assertEthereumOutboundRequest","assertSnapOutboundRequest","constructError","proxyStreamProvider","withTeardown","ExecuteSnapRequestArgumentsStruct","PingRequestArgumentsStruct","SnapRpcRequestArgumentsStruct","TerminateRequestArgumentsStruct","fallbackError","code","rpc","internal","message","EXECUTION_ENVIRONMENT_METHODS","ping","struct","params","executeSnap","terminate","snapRpc","BaseSnapExecutor","errorHandler","error","data","constructedError","serializedError","shouldIncludeStack","sentData","stack","notify","method","onCommandRequest","Error","id","respond","result","methodNotFound","serialize","methodObject","paramsAsArray","invalidParams","methods","rpcError","requestObject","commandStream","write","jsonrpc","startSnap","snapId","sourceCode","_endowments","snapPromiseErrorHandler","snapErrorHandler","reason","provider","rpcStream","jsonRpcStreamName","rpcMiddleware","initialize","snap","createSnapGlobal","ethereum","createEIP1193Provider","snapModule","exports","endowments","teardown","endowmentTeardown","snapData","set","idleTeardown","runningEvaluations","Set","compartment","Compartment","module","globalThis","self","global","window","executeInSnapContext","evaluate","registerSnapExports","removeSnap","onTerminate","forEach","evaluation","stop","clear","get","reduce","acc","exportName","snapExport","validator","originalRequest","request","bind","args","sanitizedArgs","snapGlobalProxy","Proxy","has","_target","prop","includes","undefined","harden","streamProviderProxy","delete","executor","stopPromise","Promise","_","reject","evaluationData","add","race","size","lastTeardown","Map","on","catch","target","handlerType","handler","required","TypeError","replace"],"mappings":"AAAA,qFAAqF;AACrF,gEAAgE;;;;;;;;;;;;;;AAChE,SAASA,cAAc,QAAQ,sBAAsB;AAQrD,SACEC,iBAAiB,EACjBC,QAAQ,EACRC,YAAY,QACP,wBAAwB;AAO/B,SACEC,QAAQ,EACRC,WAAW,EACXC,MAAM,EACNC,gBAAgB,EAChBC,WAAW,EACXC,WAAW,QACN,kBAAkB;AACzB,SAASC,UAAU,EAAEC,SAAS,EAAEC,cAAc,QAAQ,iBAAiB;AACvE,SAASC,uBAAuB,QAAQ,kBAAkB;AAE1D,SAASC,QAAQ,QAAQ,cAAc;AAEvC,SAASC,GAAG,QAAQ,aAAa;AACjC,OAAOC,uBAAuB,kBAAkB;AAEhD,SAASC,+BAA+B,QAAQ,aAAa;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,gBAAgB,EAAEC,mBAAmB,QAAQ,iBAAiB;AACvE,SAASC,aAAa,QAAQ,eAAe;AAC7C,SACEC,6BAA6B,EAC7BC,yBAAyB,EACzBC,cAAc,EACdC,mBAAmB,EACnBC,YAAY,QACP,UAAU;AACjB,SACEC,iCAAiC,EACjCC,0BAA0B,EAC1BC,6BAA6B,EAC7BC,+BAA+B,QAC1B,eAAe;AAYtB,MAAMC,gBAAgB;IACpBC,MAAMtB,WAAWuB,GAAG,CAACC,QAAQ;IAC7BC,SAAS;AACX;AAUA;;;;CAIC,GACD,MAAMC,gCAAgC;IACpCC,MAAM;QACJC,QAAQV;QACRW,QAAQ,EAAE;IACZ;IACAC,aAAa;QACXF,QAAQX;QACRY,QAAQ;YAAC;YAAU;YAAc;SAAa;IAChD;IACAE,WAAW;QACTH,QAAQR;QACRS,QAAQ,EAAE;IACZ;IACAG,SAAS;QACPJ,QAAQT;QACRU,QAAQ;YAAC;YAAU;YAAW;YAAU;SAAU;IACpD;AACF;AAIA,OAAO,MAAMI;IAwEHC,aAAaC,KAAc,EAAEC,IAA0B,EAAE;QAC/D,MAAMC,mBAAmBvB,eAAeqB;QACxC,MAAMG,kBAAkBpC,eAAemC,kBAAkB;YACvDhB;YACAkB,oBAAoB;QACtB;QAEA,gEAAgE;QAChE,MAAMC,WAAiB;YAAE,GAAGJ,IAAI;YAAEK,OAAOJ,kBAAkBI,SAAS;QAAK;QAEzE,IAAI,CAACC,MAAM,CAAC;YACVC,QAAQ;YACRd,QAAQ;gBACNM,OAAO;oBACL,GAAGG,eAAe;oBAClBF,MAAMI;gBACR;YACF;QACF;IACF;IAEA,MAAcI,iBAAiBnB,OAAuB,EAAE;QACtD,IAAI,CAAC5B,iBAAiB4B,UAAU;YAC9B,MAAM,IAAIoB,MAAM;QAClB;QAEA,MAAM,EAAEC,EAAE,EAAEH,MAAM,EAAEd,MAAM,EAAE,GAAGJ;QAC/B,IAAIkB,WAAW,gBAAgB;YAC7B,IAAI,CAACI,OAAO,CAACD,IAAI;gBACfE,QAAQ1C;YACV;YACA;QACF;QAEA,IAAI,CAACR,YAAY4B,+BAA+BiB,SAAS;YACvD,IAAI,CAACI,OAAO,CAACD,IAAI;gBACfX,OAAOlC,UAAUsB,GAAG,CACjB0B,cAAc,CAAC;oBACdb,MAAM;wBACJO;oBACF;gBACF,GACCO,SAAS;YACd;YACA;QACF;QAEA,MAAMC,eAAezB,6BAA6B,CAACiB,OAAwB;QAE3E,yCAAyC;QACzC,MAAMS,gBAAgBzC,cAAcwC,aAAatB,MAAM,EAAEA;QAEzD,MAAM,CAACM,MAAM,GAAG/B,SAAmBgD,eAAeD,aAAavB,MAAM;QACrE,IAAIO,OAAO;YACT,IAAI,CAACY,OAAO,CAACD,IAAI;gBACfX,OAAOlC,UAAUsB,GAAG,CACjB8B,aAAa,CAAC;oBACb5B,SAAS,CAAC,+BAA+B,EAAEkB,OAAO,GAAG,EAAER,MAAMV,OAAO,CAAC,CAAC,CAAC;oBACvEW,MAAM;wBACJO;wBACAd,QAAQuB;oBACV;gBACF,GACCF,SAAS;YACd;YACA;QACF;QAEA,IAAI;YACF,MAAMF,SAAS,MAAM,AAAC,IAAI,CAACM,OAAO,AAAQ,CAACX,OAAO,IAAIS;YACtD,IAAI,CAACL,OAAO,CAACD,IAAI;gBAAEE;YAAO;QAC5B,EAAE,OAAOO,UAAU;YACjB,IAAI,CAACR,OAAO,CAACD,IAAI;gBACfX,OAAOjC,eAAeqD,UAAU;oBAC9BlC;gBACF;YACF;QACF;IACF;IAEUqB,OAAOc,aAAmD,EAAE;QACpE,IAAI,CAAC7D,YAAY6D,kBAAkB,CAAC9D,SAAS8D,gBAAgB;YAC3D,MAAM,IAAIX,MACR;QAEJ;QAEA,IAAI,CAACY,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGF,aAAa;YAChBG,SAAS;QACX;IACF;IAEUZ,QAAQD,EAAa,EAAEU,aAAsC,EAAE;QACvE,IAAI,CAAC7D,YAAY6D,kBAAkB,CAAC9D,SAAS8D,gBAAgB;YAC3D,MAAM,IAAIX,MAAM;QAClB;QAEA,IAAI,CAACY,aAAa,CAACC,KAAK,CAAC;YACvB,GAAGF,aAAa;YAChBV;YACAa,SAAS;QACX;IACF;IAEA;;;;;;;GAOC,GACD,MAAgBC,UACdC,MAAc,EACdC,UAAkB,EAClBC,WAAsB,EACP;QACf1D,IAAI,CAAC,eAAe,EAAEwD,OAAO,YAAY,CAAC;QAC1C,IAAI,IAAI,CAACG,uBAAuB,EAAE;YAChCtD,oBAAoB,sBAAsB,IAAI,CAACsD,uBAAuB;QACxE;QAEA,IAAI,IAAI,CAACC,gBAAgB,EAAE;YACzBvD,oBAAoB,SAAS,IAAI,CAACuD,gBAAgB;QACpD;QAEA,IAAI,CAACA,gBAAgB,GAAG,CAAC9B;YACvB,IAAI,CAACD,YAAY,CAACC,MAAMA,KAAK,EAAE;gBAAE0B;YAAO;QAC1C;QAEA,IAAI,CAACG,uBAAuB,GAAG,CAAC7B;YAC9B,IAAI,CAACD,YAAY,CAACC,iBAAiBU,QAAQV,QAAQA,MAAM+B,MAAM,EAAE;gBAC/DL;YACF;QACF;QAEA,MAAMM,WAAW,IAAI7E,eAAe,IAAI,CAAC8E,SAAS,EAAE;YAClDC,mBAAmB;YACnBC,eAAe;gBAACnE;aAA0B;QAC5C;QAEA,MAAMgE,SAASI,UAAU;QAEzB,MAAMC,OAAO,IAAI,CAACC,gBAAgB,CAACN;QACnC,MAAMO,WAAW,IAAI,CAACC,qBAAqB,CAACR;QAC5C,wFAAwF;QACxF,MAAMS,aAAkB;YAAEC,SAAS,CAAC;QAAE;QAEtC,IAAI;YACF,MAAM,EAAEC,UAAU,EAAEC,UAAUC,iBAAiB,EAAE,GAAGxE,iBAClDgE,MACAE,UACAb,QACAE;YAGF,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAACkB,QAAQ,CAACC,GAAG,CAACrB,QAAQ;gBACxBsB,cAAcH;gBACdI,oBAAoB,IAAIC;gBACxBR,SAAS,CAAC;YACZ;YAEApE,iBAAiB,sBAAsB,IAAI,CAACuD,uBAAuB;YACnEvD,iBAAiB,SAAS,IAAI,CAACwD,gBAAgB;YAE/C,MAAMqB,cAAc,IAAIC,YAAY;gBAClC,GAAGT,UAAU;gBACbU,QAAQZ;gBACRC,SAASD,WAAWC,OAAO;YAC7B;YACA,qEAAqE;YACrE,kEAAkE;YAClE,EAAE;YACF,wDAAwD;YACxD,yCAAyC;YACzCS,YAAYG,UAAU,CAACC,IAAI,GAAGJ,YAAYG,UAAU;YACpDH,YAAYG,UAAU,CAACE,MAAM,GAAGL,YAAYG,UAAU;YACtDH,YAAYG,UAAU,CAACG,MAAM,GAAGN,YAAYG,UAAU;YAEtD,MAAM,IAAI,CAACI,oBAAoB,CAAChC,QAAQ;gBACtCyB,YAAYQ,QAAQ,CAAChC;gBACrB,IAAI,CAACiC,mBAAmB,CAAClC,QAAQe;YACnC;QACF,EAAE,OAAOzC,OAAO;YACd,IAAI,CAAC6D,UAAU,CAACnC;YAChB,MAAM,IAAIhB,MACR,CAAC,0BAA0B,EAAEgB,OAAO,GAAG,EAAE,AAAC1B,MAAgBV,OAAO,CAAC,CAAC;QAEvE;IACF;IAEA;;;GAGC,GACD,AAAUwE,cAAc;QACtB,uCAAuC;QACvC,+DAA+D;QAC/D,6CAA6C;QAC7C,IAAI,CAAChB,QAAQ,CAACiB,OAAO,CAAC,CAAC9D,OACrBA,KAAKgD,kBAAkB,CAACc,OAAO,CAAC,CAACC,aAAeA,WAAWC,IAAI;QAEjE,IAAI,CAACnB,QAAQ,CAACoB,KAAK;IACrB;IAEQN,oBAAoBlC,MAAc,EAAEe,UAAe,EAAE;QAC3D,MAAMxC,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACzC;QAC/B,sDAAsD;QACtD,IAAI,CAACzB,MAAM;YACT;QACF;QAEAA,KAAKyC,OAAO,GAAGtF,kBAAkBgH,MAAM,CAAC,CAACC,KAAKC;YAC5C,MAAMC,aAAa9B,WAAWC,OAAO,CAAC4B,WAAW;YACjD,MAAM,EAAEE,SAAS,EAAE,GAAGlH,YAAY,CAACgH,WAAW;YAC9C,IAAIE,UAAUD,aAAa;gBACzB,OAAO;oBAAE,GAAGF,GAAG;oBAAE,CAACC,WAAW,EAAEC;gBAAW;YAC5C;YACA,OAAOF;QACT,GAAG,CAAC;IACN;IAEA;;;;;GAKC,GACD,AAAQ/B,iBAAiBN,QAAwB,EAAqB;QACpE,MAAMyC,kBAAkBzC,SAAS0C,OAAO,CAACC,IAAI,CAAC3C;QAE9C,MAAM0C,UAAU,OAAOE;YACrBlG,0BAA0BkG;YAC1B,MAAMC,gBAAgBjH,YAAYgH;YAClC,IAAI,CAACrE,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAM3B,aACX4F,gBAAgBI,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACtE,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,qEAAqE;QACrE,sDAAsD;QACtD,MAAMsE,kBAAkB,IAAIC,MAC1B,CAAC,GACD;YACEC,KAAIC,OAAe,EAAEC,IAAqB;gBACxC,OAAO,OAAOA,SAAS,YAAY;oBAAC;iBAAU,CAACC,QAAQ,CAACD;YAC1D;YACAf,KAAIc,OAAO,EAAEC,IAA0B;gBACrC,IAAIA,SAAS,WAAW;oBACtB,OAAOR;gBACT;gBAEA,OAAOU;YACT;QACF;QAGF,OAAOC,OAAOP;IAChB;IAEA;;;;;GAKC,GACD,AAAQtC,sBAAsBR,QAAwB,EAAkB;QACtE,MAAMyC,kBAAkBzC,SAAS0C,OAAO,CAACC,IAAI,CAAC3C;QAE9C,MAAM0C,UAAU,OAAOE;YACrBnG,8BAA8BmG;YAC9B,MAAMC,gBAAgBjH,YAAYgH;YAClC,IAAI,CAACrE,MAAM,CAAC;gBAAEC,QAAQ;YAAkB;YACxC,IAAI;gBACF,OAAO,MAAM3B,aACX4F,gBAAgBI,gBAChB,IAAI;YAER,SAAU;gBACR,IAAI,CAACtE,MAAM,CAAC;oBAAEC,QAAQ;gBAAmB;YAC3C;QACF;QAEA,MAAM8E,sBAAsB1G,oBAAoBoD,UAAU0C;QAE1D,OAAOW,OAAOC;IAChB;IAEA;;;;GAIC,GACD,AAAQzB,WAAWnC,MAAc,EAAQ;QACvC,IAAI,CAACoB,QAAQ,CAACyC,MAAM,CAAC7D;IACvB;IAEA;;;;;;;;;;GAUC,GACD,MAAcgC,qBACZhC,MAAc,EACd8D,QAAwC,EACvB;QACjB,MAAMvF,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACzC;QAC/B,IAAIzB,SAASmF,WAAW;YACtB,MAAM,IAAI1E,MACR,CAAC,8CAA8C,EAAEgB,OAAO,EAAE,CAAC;QAE/D;QAEA,IAAIuC;QACJ,MAAMwB,cAAc,IAAIC,QACtB,CAACC,GAAGC,SACD3B,OAAO,IACN2B,OACE,kEAAkE;gBAClE9H,UAAUsB,GAAG,CAACC,QAAQ,CACpB,CAAC,UAAU,EAAEqC,OAAO,uCAAuC,CAAC;QAKtE,oEAAoE;QACpE,MAAMmE,iBAAiB;YAAE5B,MAAMA;QAAM;QAErC,IAAI;YACFhE,KAAKgD,kBAAkB,CAAC6C,GAAG,CAACD;YAC5B,8CAA8C;YAC9C,oEAAoE;YACpE,uCAAuC;YACvC,OAAO,MAAMH,QAAQK,IAAI,CAAC;gBAACP;gBAAYC;aAAY;QACrD,SAAU;YACRxF,KAAKgD,kBAAkB,CAACsC,MAAM,CAACM;YAE/B,IAAI5F,KAAKgD,kBAAkB,CAAC+C,IAAI,KAAK,GAAG;gBACtC,IAAI,CAACC,YAAY,IAAI;gBACrB,MAAMhG,KAAK+C,YAAY;YACzB;QACF;IACF;IA9ZA,YAAsB1B,aAAqB,EAAEW,SAAiB,CAAE;QAdhE,uBAAiBa,YAAjB,KAAA;QAEA,uBAAiBxB,iBAAjB,KAAA;QAEA,uBAAiBW,aAAjB,KAAA;QAEA,uBAAiBd,WAAjB,KAAA;QAEA,uBAAQW,oBAAR,KAAA;QAEA,uBAAQD,2BAAR,KAAA;QAEA,uBAAQoE,gBAAe;QAGrB,IAAI,CAACnD,QAAQ,GAAG,IAAIoD;QACpB,IAAI,CAAC5E,aAAa,GAAGA;QACrB,IAAI,CAACA,aAAa,CAAC6E,EAAE,CAAC,QAAQ,CAAClG;YAC7B,IAAI,CAACQ,gBAAgB,CAACR,MAAMmG,KAAK,CAAC,CAACpG;gBACjC,qCAAqC;gBACrC3C,SAAS2C;YACX;QACF;QACA,IAAI,CAACiC,SAAS,GAAGA;QAEjB,IAAI,CAACd,OAAO,GAAG/C,gCACb,IAAI,CAACqD,SAAS,CAACkD,IAAI,CAAC,IAAI,GACxB,OAAO0B,QAAQC,aAAa1B;YAC1B,MAAM3E,OAAO,IAAI,CAAC6C,QAAQ,CAACqB,GAAG,CAACkC;YAC/B,uEAAuE;YACvE,mBAAmB;YACnB,MAAME,UAAUtG,MAAMyC,OAAO,CAAC4D,YAAY;YAC1C,MAAM,EAAEE,QAAQ,EAAE,GAAGlJ,YAAY,CAACgJ,YAAY;YAE9C7I,OACE,CAAC+I,YAAYD,YAAYnB,WACzB,CAAC,GAAG,EAAEkB,YAAY,4BAA4B,EAAED,OAAO,CAAC;YAG1D,kEAAkE;YAClE,eAAe;YACf,IAAI,CAACE,SAAS;gBACZ,OAAO;YACT;YAEA,mCAAmC;YACnC,IAAI1F,SAAS,MAAM,IAAI,CAAC6C,oBAAoB,CAAC2C,QAAQ,IACnDE,QAAQ3B;YAGV,0EAA0E;YAC1E,IAAI/D,WAAWuE,WAAW;gBACxBvE,SAAS;YACX;YAEA,uEAAuE;YACvE,IAAI;gBACF,OAAOjD,YAAYiD;YACrB,EAAE,OAAOb,OAAO;gBACd,MAAM,IAAIyG,UACR,CAAC,sCAAsC,EAAEzG,MAAMV,OAAO,CAACoH,OAAO,CAC5D,wBACA,IACA,CAAC;YAEP;QACF,GACA,IAAI,CAAC5C,WAAW,CAACa,IAAI,CAAC,IAAI;IAE9B;AAwWF"}
package/dist/esm/common/lockdown/lockdown-more.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../../node_modules/ses/types.d.ts" />
3
3
  import { logError } from '@metamask/snaps-utils';
4
4
  /**
5
5
  * The SES `lockdown` function only hardens the properties enumerated by the
package/dist/esm/common/lockdown/lockdown-more.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/common/lockdown/lockdown-more.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/index.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * The SES `lockdown` function only hardens the properties enumerated by the\n * universalPropertyNames constant specified in 'ses/src/whitelist'. This\n * function makes all function and object properties on the start compartment\n * global non-configurable and non-writable, unless they are already\n * non-configurable.\n *\n * It is critical that this function runs at the right time during\n * initialization, which should always be immediately after `lockdown` has been\n * called. At the time of writing, the modifications this function makes to the\n * runtime environment appear to be non-breaking, but that could change with\n * the addition of dependencies, or the order of our scripts in our HTML files.\n * Exercise caution.\n *\n * See inline comments for implementation details.\n *\n * We write this function in IIFE format to avoid polluting global scope.\n *\n * @throws If the lockdown failed.\n */\nexport function executeLockdownMore() {\n // Make all \"object\" and \"function\" own properties of globalThis\n // non-configurable and non-writable, when possible.\n // We call a property that is non-configurable and non-writable,\n // \"non-modifiable\".\n try {\n const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);\n\n // These named intrinsics are not automatically hardened by `lockdown`\n const shouldHardenManually = new Set<symbol | string>(['eval', 'Function']);\n\n const globalProperties = new Set([\n // universalPropertyNames is a constant added by lockdown to global scope\n // at the time of writing, it is initialized in 'ses/src/whitelist'.\n // These properties tend to be non-enumerable.\n ...namedIntrinsics,\n\n // TODO: Also include the named platform globals\n // This grabs every enumerable property on globalThis.\n // ...Object.keys(globalThis),\n ]);\n\n globalProperties.forEach((propertyName) => {\n const descriptor = Reflect.getOwnPropertyDescriptor(\n globalThis,\n propertyName,\n );\n\n if (descriptor) {\n if (descriptor.configurable) {\n // If the property on globalThis is configurable, make it\n // non-configurable. If it has no accessor properties, also make it\n // non-writable.\n if (hasAccessor(descriptor)) {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n });\n } else {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n writable: false,\n });\n }\n }\n\n if (shouldHardenManually.has(propertyName)) {\n harden((globalThis as any)[propertyName]);\n }\n }\n });\n } catch (error) {\n logError('Protecting intrinsics failed:', error);\n throw error;\n }\n}\n\n/**\n * Checks whether the given propertyName descriptor has any accessors, i.e. the\n * properties `get` or `set`.\n *\n * We want to make globals non-writable, and we can't set the `writable`\n * property and accessor properties at the same time.\n *\n * @param descriptor - The propertyName descriptor to check.\n * @returns Whether the propertyName descriptor has any accessors.\n */\nfunction hasAccessor(descriptor: any): boolean {\n return 'set' in descriptor || 'get' in descriptor;\n}\n"],"names":["logError","executeLockdownMore","namedIntrinsics","Reflect","ownKeys","Compartment","globalThis","shouldHardenManually","Set","globalProperties","forEach","propertyName","descriptor","getOwnPropertyDescriptor","configurable","hasAccessor","Object","defineProperty","writable","has","harden","error"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;AAEnE,SAASA,QAAQ,QAAQ,wBAAwB;AAEjD;;;;;;;;;;;;;;;;;;;CAmBC,GACD,OAAO,SAASC;IACd,gEAAgE;IAChE,oDAAoD;IACpD,gEAAgE;IAChE,oBAAoB;IACpB,IAAI;QACF,MAAMC,kBAAkBC,QAAQC,OAAO,CAAC,IAAIC,cAAcC,UAAU;QAEpE,sEAAsE;QACtE,MAAMC,uBAAuB,IAAIC,IAAqB;YAAC;YAAQ;SAAW;QAE1E,MAAMC,mBAAmB,IAAID,IAAI;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,8CAA8C;eAC3CN;SAKJ;QAEDO,iBAAiBC,OAAO,CAAC,CAACC;YACxB,MAAMC,aAAaT,QAAQU,wBAAwB,CACjDP,YACAK;YAGF,IAAIC,YAAY;gBACd,IAAIA,WAAWE,YAAY,EAAE;oBAC3B,yDAAyD;oBACzD,mEAAmE;oBACnE,gBAAgB;oBAChB,IAAIC,YAAYH,aAAa;wBAC3BI,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;wBAChB;oBACF,OAAO;wBACLE,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;4BACdI,UAAU;wBACZ;oBACF;gBACF;gBAEA,IAAIX,qBAAqBY,GAAG,CAACR,eAAe;oBAC1CS,OAAO,AAACd,UAAkB,CAACK,aAAa;gBAC1C;YACF;QACF;IACF,EAAE,OAAOU,OAAO;QACdrB,SAAS,iCAAiCqB;QAC1C,MAAMA;IACR;AACF;AAEA;;;;;;;;;CASC,GACD,SAASN,YAAYH,UAAe;IAClC,OAAO,SAASA,cAAc,SAASA;AACzC"}
1
+ {"version":3,"sources":["../../../../src/common/lockdown/lockdown-more.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/types.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * The SES `lockdown` function only hardens the properties enumerated by the\n * universalPropertyNames constant specified in 'ses/src/whitelist'. This\n * function makes all function and object properties on the start compartment\n * global non-configurable and non-writable, unless they are already\n * non-configurable.\n *\n * It is critical that this function runs at the right time during\n * initialization, which should always be immediately after `lockdown` has been\n * called. At the time of writing, the modifications this function makes to the\n * runtime environment appear to be non-breaking, but that could change with\n * the addition of dependencies, or the order of our scripts in our HTML files.\n * Exercise caution.\n *\n * See inline comments for implementation details.\n *\n * We write this function in IIFE format to avoid polluting global scope.\n *\n * @throws If the lockdown failed.\n */\nexport function executeLockdownMore() {\n // Make all \"object\" and \"function\" own properties of globalThis\n // non-configurable and non-writable, when possible.\n // We call a property that is non-configurable and non-writable,\n // \"non-modifiable\".\n try {\n const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);\n\n // These named intrinsics are not automatically hardened by `lockdown`\n const shouldHardenManually = new Set<symbol | string>(['eval', 'Function']);\n\n const globalProperties = new Set([\n // universalPropertyNames is a constant added by lockdown to global scope\n // at the time of writing, it is initialized in 'ses/src/whitelist'.\n // These properties tend to be non-enumerable.\n ...namedIntrinsics,\n\n // TODO: Also include the named platform globals\n // This grabs every enumerable property on globalThis.\n // ...Object.keys(globalThis),\n ]);\n\n globalProperties.forEach((propertyName) => {\n const descriptor = Reflect.getOwnPropertyDescriptor(\n globalThis,\n propertyName,\n );\n\n if (descriptor) {\n if (descriptor.configurable) {\n // If the property on globalThis is configurable, make it\n // non-configurable. If it has no accessor properties, also make it\n // non-writable.\n if (hasAccessor(descriptor)) {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n });\n } else {\n Object.defineProperty(globalThis, propertyName, {\n configurable: false,\n writable: false,\n });\n }\n }\n\n if (shouldHardenManually.has(propertyName)) {\n harden((globalThis as any)[propertyName]);\n }\n }\n });\n } catch (error) {\n logError('Protecting intrinsics failed:', error);\n throw error;\n }\n}\n\n/**\n * Checks whether the given propertyName descriptor has any accessors, i.e. the\n * properties `get` or `set`.\n *\n * We want to make globals non-writable, and we can't set the `writable`\n * property and accessor properties at the same time.\n *\n * @param descriptor - The propertyName descriptor to check.\n * @returns Whether the propertyName descriptor has any accessors.\n */\nfunction hasAccessor(descriptor: any): boolean {\n return 'set' in descriptor || 'get' in descriptor;\n}\n"],"names":["logError","executeLockdownMore","namedIntrinsics","Reflect","ownKeys","Compartment","globalThis","shouldHardenManually","Set","globalProperties","forEach","propertyName","descriptor","getOwnPropertyDescriptor","configurable","hasAccessor","Object","defineProperty","writable","has","harden","error"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;AAEnE,SAASA,QAAQ,QAAQ,wBAAwB;AAEjD;;;;;;;;;;;;;;;;;;;CAmBC,GACD,OAAO,SAASC;IACd,gEAAgE;IAChE,oDAAoD;IACpD,gEAAgE;IAChE,oBAAoB;IACpB,IAAI;QACF,MAAMC,kBAAkBC,QAAQC,OAAO,CAAC,IAAIC,cAAcC,UAAU;QAEpE,sEAAsE;QACtE,MAAMC,uBAAuB,IAAIC,IAAqB;YAAC;YAAQ;SAAW;QAE1E,MAAMC,mBAAmB,IAAID,IAAI;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,8CAA8C;eAC3CN;SAKJ;QAEDO,iBAAiBC,OAAO,CAAC,CAACC;YACxB,MAAMC,aAAaT,QAAQU,wBAAwB,CACjDP,YACAK;YAGF,IAAIC,YAAY;gBACd,IAAIA,WAAWE,YAAY,EAAE;oBAC3B,yDAAyD;oBACzD,mEAAmE;oBACnE,gBAAgB;oBAChB,IAAIC,YAAYH,aAAa;wBAC3BI,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;wBAChB;oBACF,OAAO;wBACLE,OAAOC,cAAc,CAACX,YAAYK,cAAc;4BAC9CG,cAAc;4BACdI,UAAU;wBACZ;oBACF;gBACF;gBAEA,IAAIX,qBAAqBY,GAAG,CAACR,eAAe;oBAC1CS,OAAO,AAACd,UAAkB,CAACK,aAAa;gBAC1C;YACF;QACF;IACF,EAAE,OAAOU,OAAO;QACdrB,SAAS,iCAAiCqB;QAC1C,MAAMA;IACR;AACF;AAEA;;;;;;;;;CASC,GACD,SAASN,YAAYH,UAAe;IAClC,OAAO,SAASA,cAAc,SAASA;AACzC"}
package/dist/esm/common/lockdown/lockdown.js CHANGED
@@ -1,5 +1,5 @@
1
1
  // eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment
2
- /// <reference path="../../../../../node_modules/ses/index.d.ts" />
2
+ /// <reference path="../../../../../node_modules/ses/types.d.ts" />
3
3
  import { logError } from '@metamask/snaps-utils';
4
4
  /**
5
5
  * Execute SES lockdown in the current context, i.e., the current iframe.
package/dist/esm/common/lockdown/lockdown.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/common/lockdown/lockdown.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/index.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * Execute SES lockdown in the current context, i.e., the current iframe.\n *\n * @throws If the SES lockdown failed.\n */\nexport function executeLockdown() {\n try {\n lockdown({\n consoleTaming: 'unsafe',\n errorTaming: 'unsafe',\n mathTaming: 'unsafe',\n dateTaming: 'unsafe',\n overrideTaming: 'severe',\n });\n } catch (error) {\n // If the `lockdown` call throws an exception, it should not be able to continue\n logError('Lockdown failed:', error);\n throw error;\n }\n}\n"],"names":["logError","executeLockdown","lockdown","consoleTaming","errorTaming","mathTaming","dateTaming","overrideTaming","error"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;AAEnE,SAASA,QAAQ,QAAQ,wBAAwB;AAEjD;;;;CAIC,GACD,OAAO,SAASC;IACd,IAAI;QACFC,SAAS;YACPC,eAAe;YACfC,aAAa;YACbC,YAAY;YACZC,YAAY;YACZC,gBAAgB;QAClB;IACF,EAAE,OAAOC,OAAO;QACd,gFAAgF;QAChFR,SAAS,oBAAoBQ;QAC7B,MAAMA;IACR;AACF"}
1
+ {"version":3,"sources":["../../../../src/common/lockdown/lockdown.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/triple-slash-reference, spaced-comment\n/// <reference path=\"../../../../../node_modules/ses/types.d.ts\" />\n\nimport { logError } from '@metamask/snaps-utils';\n\n/**\n * Execute SES lockdown in the current context, i.e., the current iframe.\n *\n * @throws If the SES lockdown failed.\n */\nexport function executeLockdown() {\n try {\n lockdown({\n consoleTaming: 'unsafe',\n errorTaming: 'unsafe',\n mathTaming: 'unsafe',\n dateTaming: 'unsafe',\n overrideTaming: 'severe',\n });\n } catch (error) {\n // If the `lockdown` call throws an exception, it should not be able to continue\n logError('Lockdown failed:', error);\n throw error;\n }\n}\n"],"names":["logError","executeLockdown","lockdown","consoleTaming","errorTaming","mathTaming","dateTaming","overrideTaming","error"],"mappings":"AAAA,qFAAqF;AACrF,mEAAmE;AAEnE,SAASA,QAAQ,QAAQ,wBAAwB;AAEjD;;;;CAIC,GACD,OAAO,SAASC;IACd,IAAI;QACFC,SAAS;YACPC,eAAe;YACfC,aAAa;YACbC,YAAY;YACZC,YAAY;YACZC,gBAAgB;QAClB;IACF,EAAE,OAAOC,OAAO;QACd,gFAAgF;QAChFR,SAAS,oBAAoBQ;QAC7B,MAAMA;IACR;AACF"}