@metamask/snaps-execution-environments 10.4.0 → 11.0.0

package/CHANGELOG.md

@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [11.0.0]
+
+### Changed
+
+- **BREAKING:** Pass executor parameters by object ([#3803](https://github.com/MetaMask/snaps/pull/3803))
+
+## [10.4.1]
+
+### Fixed
+
+- Inspect `wallet_invokeMethod` requests before sending ([#3819](https://github.com/MetaMask/snaps/pull/3819))
+- Block `metamask_sendDomainMetadata` ([#3818](https://github.com/MetaMask/snaps/pull/3818))
+
 ## [10.4.0]
 
 ### Added
@@ -591,7 +604,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.4.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@11.0.0...HEAD
+[11.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.4.1...@metamask/snaps-execution-environments@11.0.0
+[10.4.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.4.0...@metamask/snaps-execution-environments@10.4.1
 [10.4.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.3.0...@metamask/snaps-execution-environments@10.4.0
 [10.3.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.2.3...@metamask/snaps-execution-environments@10.3.0
 [10.2.3]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-execution-environments@10.2.2...@metamask/snaps-execution-environments@10.2.3

package/dist/common/BaseSnapExecutor.cjs

@@ -18,7 +18,6 @@ const commands_1 = require("./commands.cjs");
 const endowments_1 = require("./endowments/index.cjs");
 const globalEvents_1 = require("./globalEvents.cjs");
 const SnapProvider_1 = require("./SnapProvider.cjs");
-const sortParams_1 = require("./sortParams.cjs");
 const utils_2 = require("./utils.cjs");
 const validation_1 = require("./validation.cjs");
 const logging_1 = require("../logging.cjs");
@@ -31,109 +30,31 @@ const unhandledError = rpc_errors_1.rpcErrors
     message: 'Unhandled Snap Error',
 })
     .serialize();
-/**
- * The supported methods in the execution environment. The validator checks the
- * incoming JSON-RPC request, and the `params` property is used for sorting the
- * parameters, if they are an object.
- */
-const EXECUTION_ENVIRONMENT_METHODS = {
-    ping: {
-        struct: validation_1.PingRequestArgumentsStruct,
-        params: [],
-    },
-    executeSnap: {
-        struct: validation_1.ExecuteSnapRequestArgumentsStruct,
-        params: ['snapId', 'sourceCode', 'endowments'],
-    },
-    terminate: {
-        struct: validation_1.TerminateRequestArgumentsStruct,
-        params: [],
-    },
-    snapRpc: {
-        struct: validation_1.SnapRpcRequestArgumentsStruct,
-        params: ['target', 'handler', 'origin', 'request'],
-    },
-};
 class BaseSnapExecutor {
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    snapData;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    commandStream;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    rpcStream;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    methods;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    snapErrorHandler;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    snapPromiseErrorHandler;
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    lastTeardown = 0;
+    #snapData;
+    #commandStream;
+    #rpcStream;
+    #snapErrorHandler;
+    #snapPromiseErrorHandler;
+    #teardownRef = { lastTeardown: 0 };
     constructor(commandStream, rpcStream) {
-        this.snapData = new Map();
-        this.commandStream = commandStream;
-        this.commandStream.on('data', (data) => {
-            this.onCommandRequest(data).catch((error) => {
-                // TODO: Decide how to handle errors.
+        this.#snapData = new Map();
+        this.#commandStream = commandStream;
+        this.#commandStream.on('data', (data) => {
+            /* istanbul ignore next 2 */
+            this.#onCommandRequest(data).catch((error) => {
                 (0, snaps_utils_1.logError)(error);
             });
         });
-        this.rpcStream = rpcStream;
-        this.methods = (0, commands_1.getCommandMethodImplementations)(this.startSnap.bind(this), async (target, handlerType, args) => {
-            const data = this.snapData.get(target);
-            // We're capturing the handler in case someone modifies the data object
-            // before the call.
-            const handler = data?.exports[handlerType];
-            const { required } = snaps_utils_1.SNAP_EXPORTS[handlerType];
-            (0, utils_1.assert)(!required || handler !== undefined, `No ${handlerType} handler exported for snap "${target}".`, rpc_errors_1.rpcErrors.methodNotSupported);
-            // Certain handlers are not required. If they are not exported, we
-            // return null.
-            if (!handler) {
-                return null;
-            }
-            const result = await this.executeInSnapContext(target, async () => 
-            // TODO: fix handler args type cast
-            handler(args));
-            // The handler might not return anything, but undefined is not valid JSON.
-            if (result === undefined || result === null) {
-                return null;
-            }
-            // /!\ Always return only sanitized JSON to prevent security flaws. /!\
-            try {
-                return (0, utils_1.getSafeJson)(result);
-            }
-            catch (error) {
-                throw rpc_errors_1.rpcErrors.internal(`Received non-JSON-serializable value: ${error.message.replace(/^Assertion failed: /u, '')}`);
-            }
-        }, this.onTerminate.bind(this));
+        this.#rpcStream = rpcStream;
     }
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    errorHandler(error, data) {
+    #errorHandler(error, data) {
         const serializedError = (0, rpc_errors_1.serializeError)(error, {
             fallbackError: unhandledError,
             shouldIncludeStack: false,
             shouldPreserveMessage: false,
         });
         const errorData = (0, snaps_sdk_1.getErrorData)(serializedError);
-        // TODO: Either fix this lint violation or explain why it's necessary to
-        //  ignore.
-        // eslint-disable-next-line promise/no-promise-in-callback
         this.#notify({
             method: 'UnhandledError',
             params: {
@@ -149,19 +70,14 @@ class BaseSnapExecutor {
             (0, snaps_utils_1.logError)(notifyError);
         });
     }
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    async onCommandRequest(message) {
+    async #onCommandRequest(message) {
         if (!(0, utils_1.isJsonRpcRequest)(message)) {
             if ((0, utils_1.hasProperty)(message, 'id') &&
                 (0, superstruct_1.is)(message.id, utils_1.JsonRpcIdStruct)) {
                 // Instead of throwing, we directly respond with an error.
                 // We can only do this if the message ID is still valid.
-                await this.#write({
+                await this.#respond(message.id, {
                     error: (0, rpc_errors_1.serializeError)(rpc_errors_1.rpcErrors.internal('JSON-RPC requests must be JSON serializable objects.')),
-                    id: message.id,
-                    jsonrpc: '2.0',
                 });
             }
             else {
@@ -170,38 +86,8 @@ class BaseSnapExecutor {
             return;
         }
         const { id, method, params } = message;
-        if (!(0, utils_1.hasProperty)(EXECUTION_ENVIRONMENT_METHODS, method)) {
-            await this.#respond(id, {
-                error: rpc_errors_1.rpcErrors
-                    .methodNotFound({
-                    data: {
-                        method,
-                    },
-                })
-                    .serialize(),
-            });
-            return;
-        }
-        const methodObject = EXECUTION_ENVIRONMENT_METHODS[method];
-        // support params by-name and by-position
-        const paramsAsArray = (0, sortParams_1.sortParamKeys)(methodObject.params, params);
-        const [error] = (0, superstruct_1.validate)(paramsAsArray, methodObject.struct);
-        if (error) {
-            await this.#respond(id, {
-                error: rpc_errors_1.rpcErrors
-                    .invalidParams({
-                    message: `Invalid parameters for method "${method}": ${error.message}.`,
-                    data: {
-                        method,
-                        params: paramsAsArray,
-                    },
-                })
-                    .serialize(),
-            });
-            return;
-        }
         try {
-            const result = await this.methods[method](...paramsAsArray);
+            const result = await this.#handleCommand(method, params);
             await this.#respond(id, { result });
         }
         catch (rpcError) {
@@ -213,12 +99,83 @@ class BaseSnapExecutor {
             });
         }
     }
+    /**
+     * Handle an incoming JSON-RPC command request.
+     *
+     * @param method - The JSON-RPC method name.
+     * @param params - The optional JSON-RPC parameters.
+     * @returns The response based on the JSON-RPC method invoked.
+     * @throws If the passed method is not available.
+     */
+    async #handleCommand(method, params) {
+        switch (method) {
+            case 'ping':
+                return 'OK';
+            case 'terminate': {
+                this.#handleTerminate();
+                return 'OK';
+            }
+            case 'executeSnap': {
+                (0, commands_1.assertCommandParams)(method, params, validation_1.ExecuteSnapRequestArgumentsStruct);
+                await this.#startSnap(params);
+                return 'OK';
+            }
+            case 'snapRpc': {
+                (0, commands_1.assertCommandParams)(method, params, validation_1.SnapRpcRequestArgumentsStruct);
+                return await this.#invokeSnap(params);
+            }
+            default:
+                throw rpc_errors_1.rpcErrors.methodNotFound({
+                    data: {
+                        method,
+                    },
+                });
+        }
+    }
+    /**
+     * Invoke an exported handler on a running Snap.
+     *
+     * @param options - An options bag.
+     * @param options.snapId - The Snap ID.
+     * @param options.handler - The handler to invoke.
+     * @param options.origin - The origin invoking the handler.
+     * @param options.request - The JSON-RPC request to invoke the handler with.
+     * @returns The result of invoking the handler on the Snap.
+     */
+    async #invokeSnap({ snapId, handler: handlerType, origin, request, }) {
+        const args = (0, commands_1.getHandlerArguments)(origin, handlerType, request);
+        const data = this.#snapData.get(snapId);
+        // We're capturing the handler in case someone modifies the data object
+        // before the call.
+        const handler = data?.exports[handlerType];
+        const { required } = snaps_utils_1.SNAP_EXPORTS[handlerType];
+        (0, utils_1.assert)(!required || handler !== undefined, `No ${handlerType} handler exported for Snap "${snapId}".`, rpc_errors_1.rpcErrors.methodNotSupported);
+        // Certain handlers are not required. If they are not exported, we
+        // return null.
+        if (!handler) {
+            return null;
+        }
+        const result = await this.#executeInSnapContext(snapId, async () => 
+        // TODO: fix handler args type cast
+        handler(args));
+        // The handler might not return anything, but undefined is not valid JSON.
+        if (result === undefined || result === null) {
+            return null;
+        }
+        // /!\ Always return only sanitized JSON to prevent security flaws. /!\
+        try {
+            return (0, utils_1.getSafeJson)(result);
+        }
+        catch (error) {
+            throw rpc_errors_1.rpcErrors.internal(`Received non-JSON-serializable value: ${error.message.replace(/^Assertion failed: /u, '')}`);
+        }
+    }
     // Awaitable function that writes back to the command stream
     // To prevent snap execution from blocking writing we wrap in a promise
     // and await it before continuing execution
     async #write(chunk) {
         return new Promise((resolve, reject) => {
-            this.commandStream.write(chunk, (error) => {
+            this.#commandStream.write(chunk, (error) => {
                 if (error) {
                     reject(error);
                     return;
@@ -257,28 +214,29 @@ class BaseSnapExecutor {
      * Attempts to evaluate a snap in SES. Generates APIs for the snap. May throw
      * on errors.
      *
-     * @param snapId - The id of the snap.
-     * @param sourceCode - The source code of the snap, in IIFE format.
-     * @param _endowments - An array of the names of the endowments.
+     * @param params - The parameters.
+     * @param params.snapId - The id of the snap.
+     * @param params.sourceCode - The source code of the snap, in IIFE format.
+     * @param params.endowments - An array of the names of the endowments.
      */
-    async startSnap(snapId, sourceCode, _endowments) {
+    async #startSnap({ snapId, sourceCode, endowments: endowmentKeys, }) {
         (0, logging_1.log)(`Starting snap '${snapId}' in worker.`);
-        if (this.snapPromiseErrorHandler) {
-            (0, globalEvents_1.removeEventListener)('unhandledrejection', this.snapPromiseErrorHandler);
+        if (this.#snapPromiseErrorHandler) {
+            (0, globalEvents_1.removeEventListener)('unhandledrejection', this.#snapPromiseErrorHandler);
         }
-        if (this.snapErrorHandler) {
-            (0, globalEvents_1.removeEventListener)('error', this.snapErrorHandler);
+        if (this.#snapErrorHandler) {
+            (0, globalEvents_1.removeEventListener)('error', this.#snapErrorHandler);
         }
-        this.snapErrorHandler = (error) => {
-            this.errorHandler(error.error, { snapId });
+        this.#snapErrorHandler = (error) => {
+            this.#errorHandler(error.error, { snapId });
         };
-        this.snapPromiseErrorHandler = (error) => {
-            this.errorHandler(error instanceof Error ? error : error.reason, {
+        this.#snapPromiseErrorHandler = (error) => {
+            this.#errorHandler(error instanceof Error ? error : error.reason, {
                 snapId,
             });
         };
         const multiplex = new object_multiplex_1.default();
-        (0, readable_stream_1.pipeline)(this.rpcStream, multiplex, this.rpcStream, (error) => {
+        (0, readable_stream_1.pipeline)(this.#rpcStream, multiplex, this.#rpcStream, (error) => {
             if (error && !error.message?.match('Premature close')) {
                 (0, snaps_utils_1.logError)(`Provider stream failure.`, error);
             }
@@ -291,8 +249,8 @@ class BaseSnapExecutor {
             rpcMiddleware: [(0, json_rpc_engine_1.createIdRemapMiddleware)()],
         });
         multichainProvider.initializeSync();
-        const snap = this.createSnapGlobal(provider, multichainProvider);
-        const ethereum = this.createEIP1193Provider(provider);
+        const snap = this.#createSnapGlobal(provider, multichainProvider);
+        const ethereum = this.#createEIP1193Provider(provider);
         // We specifically use any type because the Snap can modify the object any way they want
         const snapModule = { exports: {} };
         try {
@@ -300,18 +258,18 @@ class BaseSnapExecutor {
                 snap,
                 ethereum,
                 snapId,
-                endowments: _endowments,
+                endowments: endowmentKeys,
                 notify: this.#notify.bind(this),
             });
             // !!! Ensure that this is the only place the data is being set.
             // Other methods access the object value and mutate its properties.
-            this.snapData.set(snapId, {
+            this.#snapData.set(snapId, {
                 idleTeardown: endowmentTeardown,
                 runningEvaluations: new Set(),
                 exports: {},
             });
-            (0, globalEvents_1.addEventListener)('unhandledRejection', this.snapPromiseErrorHandler);
-            (0, globalEvents_1.addEventListener)('error', this.snapErrorHandler);
+            (0, globalEvents_1.addEventListener)('unhandledRejection', this.#snapPromiseErrorHandler);
+            (0, globalEvents_1.addEventListener)('error', this.#snapErrorHandler);
             const compartment = new Compartment({
                 ...endowments,
                 module: snapModule,
@@ -325,13 +283,13 @@ class BaseSnapExecutor {
             compartment.globalThis.self = compartment.globalThis;
             compartment.globalThis.global = compartment.globalThis;
             compartment.globalThis.window = compartment.globalThis;
-            await this.executeInSnapContext(snapId, async () => {
+            await this.#executeInSnapContext(snapId, async () => {
                 compartment.evaluate(sourceCode);
-                await this.registerSnapExports(snapId, snapModule);
+                await this.#registerSnapExports(snapId, snapModule);
             });
         }
         catch (error) {
-            this.removeSnap(snapId);
+            this.#removeSnap(snapId);
             const [cause] = (0, snaps_utils_1.unwrapError)(error);
             throw rpc_errors_1.rpcErrors.internal({
                 message: `Error while running snap '${snapId}': ${cause.message}`,
@@ -345,18 +303,15 @@ class BaseSnapExecutor {
      * Cancels all running evaluations of all snaps and clears all snap data.
      * NOTE:** Should only be called in response to the `terminate` RPC command.
      */
-    onTerminate() {
+    #handleTerminate() {
         // `stop()` tears down snap endowments.
         // Teardown will also be run for each snap as soon as there are
         // no more running evaluations for that snap.
-        this.snapData.forEach((data) => data.runningEvaluations.forEach((evaluation) => evaluation.stop()));
-        this.snapData.clear();
+        this.#snapData.forEach((data) => data.runningEvaluations.forEach((evaluation) => evaluation.stop()));
+        this.#snapData.clear();
     }
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    async registerSnapExports(snapId, snapModule) {
-        const data = this.snapData.get(snapId);
+    async #registerSnapExports(snapId, snapModule) {
+        const data = this.#snapData.get(snapId);
         // Somebody deleted the snap before we could register.
         if (!data) {
             return;
@@ -381,10 +336,7 @@ class BaseSnapExecutor {
      * @param multichainProvider - A StreamProvider connected to the CAIP-27 client stream.
      * @returns The snap provider object.
      */
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    createSnapGlobal(provider, multichainProvider) {
+    #createSnapGlobal(provider, multichainProvider) {
         const originalRequest = provider.request.bind(provider);
         const originalMultichainRequest = multichainProvider.request.bind(multichainProvider);
         const request = async (args) => {
@@ -392,9 +344,10 @@ class BaseSnapExecutor {
             const sanitizedArgs = (0, utils_2.sanitizeRequestArguments)(args);
             (0, utils_2.assertSnapOutboundRequest)(sanitizedArgs);
             if ((0, utils_2.isMultichainRequest)(sanitizedArgs)) {
-                return await (0, utils_2.withTeardown)(originalMultichainRequest(sanitizedArgs), this);
+                (0, utils_2.assertMultichainOutboundRequest)(sanitizedArgs);
+                return await (0, utils_2.withTeardown)(originalMultichainRequest(sanitizedArgs), this.#teardownRef);
             }
-            return await (0, utils_2.withTeardown)(originalRequest(sanitizedArgs), this);
+            return await (0, utils_2.withTeardown)(originalRequest(sanitizedArgs), this.#teardownRef);
         };
         const snapsProvider = { request };
         return harden(snapsProvider);
@@ -405,16 +358,13 @@ class BaseSnapExecutor {
      * @param provider - A StreamProvider connected to MetaMask.
      * @returns The EIP-1193 Ethereum provider object.
      */
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    createEIP1193Provider(provider) {
+    #createEIP1193Provider(provider) {
         const originalRequest = provider.request.bind(provider);
         const request = async (args) => {
             // As part of the sanitization, we validate that the args are valid JSON.
             const sanitizedArgs = (0, utils_2.sanitizeRequestArguments)(args);
             (0, utils_2.assertEthereumOutboundRequest)(sanitizedArgs);
-            return await (0, utils_2.withTeardown)(originalRequest(sanitizedArgs), this);
+            return await (0, utils_2.withTeardown)(originalRequest(sanitizedArgs), this.#teardownRef);
         };
         const ethereumProvider = { request };
         return harden(ethereumProvider);
@@ -424,11 +374,8 @@ class BaseSnapExecutor {
      *
      * @param snapId - The id of the snap to remove.
      */
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    removeSnap(snapId) {
-        this.snapData.delete(snapId);
+    #removeSnap(snapId) {
+        this.#snapData.delete(snapId);
     }
     /**
      * Calls the specified executor function in the context of the specified snap.
@@ -441,20 +388,14 @@ class BaseSnapExecutor {
      * @returns The executor's return value.
      * @template Result - The return value of the executor.
      */
-    // TODO: Either fix this lint violation or explain why it's necessary to
-    //  ignore.
-    // eslint-disable-next-line no-restricted-syntax
-    async executeInSnapContext(snapId, executor) {
-        const data = this.snapData.get(snapId);
+    async #executeInSnapContext(snapId, executor) {
+        const data = this.#snapData.get(snapId);
         if (data === undefined) {
             throw rpc_errors_1.rpcErrors.internal(`Tried to execute in context of unknown snap: "${snapId}".`);
         }
-        let stop;
-        const stopPromise = new Promise((_resolve, reject) => (stop = () => reject(
-        // TODO(rekmarks): Specify / standardize error code for this case.
-        rpc_errors_1.rpcErrors.internal(`The snap "${snapId}" has been terminated during execution.`))));
-        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-        const evaluationData = { stop: stop };
+        const { promise: stopPromise, reject } = (0, utils_1.createDeferredPromise)();
+        const stop = () => reject(rpc_errors_1.rpcErrors.internal(`The Snap "${snapId}" has been terminated during execution.`));
+        const evaluationData = { stop };
         try {
             data.runningEvaluations.add(evaluationData);
             // Notice that we have to await this executor.
@@ -468,7 +409,7 @@ class BaseSnapExecutor {
         finally {
             data.runningEvaluations.delete(evaluationData);
             if (data.runningEvaluations.size === 0) {
-                this.lastTeardown += 1;
+                this.#teardownRef.lastTeardown += 1;
                 await data.idleTeardown();
             }
         }