@metamask/snaps-execution-environments 6.9.0 → 6.9.1

package/dist/common/utils.cjs

@@ -70,7 +70,6 @@ exports.BLOCKED_RPC_METHODS = Object.freeze([
     'wallet_revokePermissions',
     // We disallow all of these confirmations for now, since the screens are not ready for Snaps.
     'eth_sendTransaction',
-    'eth_sign',
     'eth_signTypedData',
     'eth_signTypedData_v1',
     'eth_signTypedData_v3',

package/dist/common/utils.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"utils.cjs","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":";;;AACA,qDAAiD;AACjD,2CAOyB;AAEzB,4CAAiC;AAEjC,4EAA4E;AAC5E,yDAAyD;AACzD,MAAM,sBAAsB,GAAG,QAAU,CAAC;AAE1C;;;;;;;;;GASG;AACI,KAAK,UAAU,YAAY,CAChC,eAA8B,EAC9B,WAAqC;IAErC,MAAM,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC;IAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,eAAe;aACZ,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACd,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,IAAA,aAAG,EACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;YAChB,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,IAAA,aAAG,EACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AA1BD,oCA0BC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,EAAE,EACF;QACE,GAAG,CAAC,OAAe,EAAE,IAAqB;YACxC,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,GAAG,CAAC,OAAO,EAAE,IAA0B;YACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CACF,CAAC;IAEF,OAAO,KAAuB,CAAC;AACjC,CAAC;AApBD,kDAoBC;AAED,+DAA+D;AAClD,QAAA,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/C,2BAA2B;IAC3B,0BAA0B;IAC1B,6FAA6F;IAC7F,qBAAqB;IACrB,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,aAAa;IACb,4BAA4B;IAC5B,yBAAyB;IACzB,4BAA4B;IAC5B,mBAAmB;IACnB,2BAA2B;IAC3B,mBAAmB;CACpB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,IAAsB;IAC9D,4EAA4E;IAC5E,IAAA,cAAM,EACJ,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;QACtD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACxD,oFAAoF,EACpF,sBAAS,CAAC,kBAAkB,CAC7B,CAAC;IACF,IAAA,cAAM,EACJ,CAAC,2BAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,oBAAY,EACV,IAAI,EACJ,kBAAU,EACV,2CAA2C,EAC3C,sBAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAtBD,8DAsBC;AAED;;;;GAIG;AACH,SAAgB,6BAA6B,CAAC,IAAsB;IAClE,qDAAqD;IACrD,IAAA,cAAM,EACJ,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACvD,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,cAAM,EACJ,CAAC,2BAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,oBAAY,EACV,IAAI,EACJ,kBAAU,EACV,2CAA2C,EAC3C,sBAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAxBD,sEAwBC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,KAAc;IACrD,6EAA6E;IAC7E,8EAA8E;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/C,OAAO,IAAA,mBAAW,EAAC,IAAI,CAAqB,CAAC;AAC/C,CAAC;AALD,4DAKC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,QAAiC;IAC/D,IAAI,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,qEAAqE;QACrE,MAAM,IAAI,GAAG,IAAA,mBAAW,EAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,GAAG,sBAAsB,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAZD,0CAYC","sourcesContent":["import type { StreamProvider, RequestArguments } from '@metamask/providers';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport {\n  assert,\n  assertStruct,\n  getJsonSize,\n  getSafeJson,\n  isObject,\n  JsonStruct,\n} from '@metamask/utils';\n\nimport { log } from '../logging';\n\n// 64 MB - we chose this number because it is the size limit for postMessage\n// between the extension and the dapp enforced by Chrome.\nconst MAX_RESPONSE_JSON_SIZE = 64_000_000;\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<Type>(\n  originalPromise: Promise<Type>,\n  teardownRef: { lastTeardown: number },\n): Promise<Type> {\n  const myTeardown = teardownRef.lastTeardown;\n  return new Promise<Type>((resolve, reject) => {\n    originalPromise\n      .then((value) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          resolve(value);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      })\n      .catch((reason) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          reject(reason);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      });\n  });\n}\n\n/**\n * Returns a Proxy that only allows access to a `request` function.\n * This is useful for replacing StreamProvider with an attenuated version.\n *\n * @param request - Custom attenuated request function.\n * @returns Proxy that mimics a StreamProvider instance.\n */\nexport function proxyStreamProvider(request: unknown): StreamProvider {\n  // Proxy target is intentionally set to be an empty object, to ensure\n  // that access to the prototype chain is not possible.\n  const proxy = new Proxy(\n    {},\n    {\n      has(_target: object, prop: string | symbol) {\n        return typeof prop === 'string' && ['request'].includes(prop);\n      },\n      get(_target, prop: keyof StreamProvider) {\n        if (prop === 'request') {\n          return request;\n        }\n\n        return undefined;\n      },\n    },\n  );\n\n  return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n  'wallet_requestPermissions',\n  'wallet_revokePermissions',\n  // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n  'eth_sendTransaction',\n  'eth_sign',\n  'eth_signTypedData',\n  'eth_signTypedData_v1',\n  'eth_signTypedData_v3',\n  'eth_signTypedData_v4',\n  'eth_decrypt',\n  'eth_getEncryptionPublicKey',\n  'wallet_addEthereumChain',\n  'wallet_switchEthereumChain',\n  'wallet_watchAsset',\n  'wallet_registerOnboarding',\n  'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n    rpcErrors.methodNotSupported,\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n  // Disallow snaps methods for separation of concerns.\n  assert(\n    !String.prototype.startsWith.call(args.method, 'snap_'),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Gets a sanitized value to be used for passing to the underlying MetaMask provider.\n *\n * @param value - An unsanitized value from a snap.\n * @returns A sanitized value ready to be passed to a MetaMask provider.\n */\nexport function sanitizeRequestArguments(value: unknown): RequestArguments {\n  // Before passing to getSafeJson we run the value through JSON serialization.\n  // This lets request arguments contain undefined which is normally disallowed.\n  const json = JSON.parse(JSON.stringify(value));\n  return getSafeJson(json) as RequestArguments;\n}\n\n/**\n * Check if the input is a valid response.\n *\n * @param response - The response.\n * @returns True if the response is valid, otherwise false.\n */\nexport function isValidResponse(response: Record<string, unknown>) {\n  if (!isObject(response)) {\n    return false;\n  }\n\n  try {\n    // If the JSON is invalid this will throw and we should return false.\n    const size = getJsonSize(response);\n    return size < MAX_RESPONSE_JSON_SIZE;\n  } catch {\n    return false;\n  }\n}\n"]}
+{"version":3,"file":"utils.cjs","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":";;;AACA,qDAAiD;AACjD,2CAOyB;AAEzB,4CAAiC;AAEjC,4EAA4E;AAC5E,yDAAyD;AACzD,MAAM,sBAAsB,GAAG,QAAU,CAAC;AAE1C;;;;;;;;;GASG;AACI,KAAK,UAAU,YAAY,CAChC,eAA8B,EAC9B,WAAqC;IAErC,MAAM,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC;IAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,eAAe;aACZ,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACd,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,IAAA,aAAG,EACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;YAChB,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,IAAA,aAAG,EACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AA1BD,oCA0BC;AAED;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,OAAgB;IAClD,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,EAAE,EACF;QACE,GAAG,CAAC,OAAe,EAAE,IAAqB;YACxC,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,GAAG,CAAC,OAAO,EAAE,IAA0B;YACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CACF,CAAC;IAEF,OAAO,KAAuB,CAAC;AACjC,CAAC;AApBD,kDAoBC;AAED,+DAA+D;AAClD,QAAA,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/C,2BAA2B;IAC3B,0BAA0B;IAC1B,6FAA6F;IAC7F,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,aAAa;IACb,4BAA4B;IAC5B,yBAAyB;IACzB,4BAA4B;IAC5B,mBAAmB;IACnB,2BAA2B;IAC3B,mBAAmB;CACpB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,IAAsB;IAC9D,4EAA4E;IAC5E,IAAA,cAAM,EACJ,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;QACtD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACxD,oFAAoF,EACpF,sBAAS,CAAC,kBAAkB,CAC7B,CAAC;IACF,IAAA,cAAM,EACJ,CAAC,2BAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,oBAAY,EACV,IAAI,EACJ,kBAAU,EACV,2CAA2C,EAC3C,sBAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAtBD,8DAsBC;AAED;;;;GAIG;AACH,SAAgB,6BAA6B,CAAC,IAAsB;IAClE,qDAAqD;IACrD,IAAA,cAAM,EACJ,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACvD,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,cAAM,EACJ,CAAC,2BAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,sBAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,IAAA,oBAAY,EACV,IAAI,EACJ,kBAAU,EACV,2CAA2C,EAC3C,sBAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAxBD,sEAwBC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,KAAc;IACrD,6EAA6E;IAC7E,8EAA8E;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/C,OAAO,IAAA,mBAAW,EAAC,IAAI,CAAqB,CAAC;AAC/C,CAAC;AALD,4DAKC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,QAAiC;IAC/D,IAAI,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,qEAAqE;QACrE,MAAM,IAAI,GAAG,IAAA,mBAAW,EAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,GAAG,sBAAsB,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAZD,0CAYC","sourcesContent":["import type { StreamProvider, RequestArguments } from '@metamask/providers';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport {\n  assert,\n  assertStruct,\n  getJsonSize,\n  getSafeJson,\n  isObject,\n  JsonStruct,\n} from '@metamask/utils';\n\nimport { log } from '../logging';\n\n// 64 MB - we chose this number because it is the size limit for postMessage\n// between the extension and the dapp enforced by Chrome.\nconst MAX_RESPONSE_JSON_SIZE = 64_000_000;\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<Type>(\n  originalPromise: Promise<Type>,\n  teardownRef: { lastTeardown: number },\n): Promise<Type> {\n  const myTeardown = teardownRef.lastTeardown;\n  return new Promise<Type>((resolve, reject) => {\n    originalPromise\n      .then((value) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          resolve(value);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      })\n      .catch((reason) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          reject(reason);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      });\n  });\n}\n\n/**\n * Returns a Proxy that only allows access to a `request` function.\n * This is useful for replacing StreamProvider with an attenuated version.\n *\n * @param request - Custom attenuated request function.\n * @returns Proxy that mimics a StreamProvider instance.\n */\nexport function proxyStreamProvider(request: unknown): StreamProvider {\n  // Proxy target is intentionally set to be an empty object, to ensure\n  // that access to the prototype chain is not possible.\n  const proxy = new Proxy(\n    {},\n    {\n      has(_target: object, prop: string | symbol) {\n        return typeof prop === 'string' && ['request'].includes(prop);\n      },\n      get(_target, prop: keyof StreamProvider) {\n        if (prop === 'request') {\n          return request;\n        }\n\n        return undefined;\n      },\n    },\n  );\n\n  return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n  'wallet_requestPermissions',\n  'wallet_revokePermissions',\n  // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n  'eth_sendTransaction',\n  'eth_signTypedData',\n  'eth_signTypedData_v1',\n  'eth_signTypedData_v3',\n  'eth_signTypedData_v4',\n  'eth_decrypt',\n  'eth_getEncryptionPublicKey',\n  'wallet_addEthereumChain',\n  'wallet_switchEthereumChain',\n  'wallet_watchAsset',\n  'wallet_registerOnboarding',\n  'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n    rpcErrors.methodNotSupported,\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n  // Disallow snaps methods for separation of concerns.\n  assert(\n    !String.prototype.startsWith.call(args.method, 'snap_'),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Gets a sanitized value to be used for passing to the underlying MetaMask provider.\n *\n * @param value - An unsanitized value from a snap.\n * @returns A sanitized value ready to be passed to a MetaMask provider.\n */\nexport function sanitizeRequestArguments(value: unknown): RequestArguments {\n  // Before passing to getSafeJson we run the value through JSON serialization.\n  // This lets request arguments contain undefined which is normally disallowed.\n  const json = JSON.parse(JSON.stringify(value));\n  return getSafeJson(json) as RequestArguments;\n}\n\n/**\n * Check if the input is a valid response.\n *\n * @param response - The response.\n * @returns True if the response is valid, otherwise false.\n */\nexport function isValidResponse(response: Record<string, unknown>) {\n  if (!isObject(response)) {\n    return false;\n  }\n\n  try {\n    // If the JSON is invalid this will throw and we should return false.\n    const size = getJsonSize(response);\n    return size < MAX_RESPONSE_JSON_SIZE;\n  } catch {\n    return false;\n  }\n}\n"]}

package/dist/common/utils.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.cts","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,4BAA4B;AAiB5E;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,IAAI,EACrC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,EAC9B,WAAW,EAAE;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,GACpC,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAoBpE;AAGD,eAAO,MAAM,mBAAmB,mBAiB9B,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,QAsB/D;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,gBAAgB,QAwBnE;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAKzE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,WAYhE"}
+{"version":3,"file":"utils.d.cts","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,4BAA4B;AAiB5E;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,IAAI,EACrC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,EAC9B,WAAW,EAAE;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,GACpC,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAoBpE;AAGD,eAAO,MAAM,mBAAmB,mBAgB9B,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,QAsB/D;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,gBAAgB,QAwBnE;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAKzE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,WAYhE"}

package/dist/common/utils.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.mts","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,4BAA4B;AAiB5E;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,IAAI,EACrC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,EAC9B,WAAW,EAAE;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,GACpC,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAoBpE;AAGD,eAAO,MAAM,mBAAmB,mBAiB9B,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,QAsB/D;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,gBAAgB,QAwBnE;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAKzE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,WAYhE"}
+{"version":3,"file":"utils.d.mts","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,4BAA4B;AAiB5E;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,IAAI,EACrC,eAAe,EAAE,OAAO,CAAC,IAAI,CAAC,EAC9B,WAAW,EAAE;IAAE,YAAY,EAAE,MAAM,CAAA;CAAE,GACpC,OAAO,CAAC,IAAI,CAAC,CAuBf;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAoBpE;AAGD,eAAO,MAAM,mBAAmB,mBAgB9B,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,QAsB/D;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,gBAAgB,QAwBnE;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAKzE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,WAYhE"}

package/dist/common/utils.mjs

@@ -65,7 +65,6 @@ export const BLOCKED_RPC_METHODS = Object.freeze([
     'wallet_revokePermissions',
     // We disallow all of these confirmations for now, since the screens are not ready for Snaps.
     'eth_sendTransaction',
-    'eth_sign',
     'eth_signTypedData',
     'eth_signTypedData_v1',
     'eth_signTypedData_v3',

package/dist/common/utils.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"utils.mjs","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,6BAA6B;AACjD,OAAO,EACL,MAAM,EACN,YAAY,EACZ,WAAW,EACX,WAAW,EACX,QAAQ,EACR,UAAU,EACX,wBAAwB;AAEzB,OAAO,EAAE,GAAG,EAAE,uBAAmB;AAEjC,4EAA4E;AAC5E,yDAAyD;AACzD,MAAM,sBAAsB,GAAG,QAAU,CAAC;AAE1C;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,eAA8B,EAC9B,WAAqC;IAErC,MAAM,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC;IAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,eAAe;aACZ,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACd,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,GAAG,CACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;YAChB,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,GAAG,CACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,EAAE,EACF;QACE,GAAG,CAAC,OAAe,EAAE,IAAqB;YACxC,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,GAAG,CAAC,OAAO,EAAE,IAA0B;YACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CACF,CAAC;IAEF,OAAO,KAAuB,CAAC;AACjC,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/C,2BAA2B;IAC3B,0BAA0B;IAC1B,6FAA6F;IAC7F,qBAAqB;IACrB,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,aAAa;IACb,4BAA4B;IAC5B,yBAAyB;IACzB,4BAA4B;IAC5B,mBAAmB;IACnB,2BAA2B;IAC3B,mBAAmB;CACpB,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAsB;IAC9D,4EAA4E;IAC5E,MAAM,CACJ,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;QACtD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACxD,oFAAoF,EACpF,SAAS,CAAC,kBAAkB,CAC7B,CAAC;IACF,MAAM,CACJ,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,YAAY,CACV,IAAI,EACJ,UAAU,EACV,2CAA2C,EAC3C,SAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAAC,IAAsB;IAClE,qDAAqD;IACrD,MAAM,CACJ,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACvD,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,MAAM,CACJ,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,YAAY,CACV,IAAI,EACJ,UAAU,EACV,2CAA2C,EAC3C,SAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,KAAc;IACrD,6EAA6E;IAC7E,8EAA8E;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/C,OAAO,WAAW,CAAC,IAAI,CAAqB,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,QAAiC;IAC/D,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,qEAAqE;QACrE,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,GAAG,sBAAsB,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import type { StreamProvider, RequestArguments } from '@metamask/providers';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport {\n  assert,\n  assertStruct,\n  getJsonSize,\n  getSafeJson,\n  isObject,\n  JsonStruct,\n} from '@metamask/utils';\n\nimport { log } from '../logging';\n\n// 64 MB - we chose this number because it is the size limit for postMessage\n// between the extension and the dapp enforced by Chrome.\nconst MAX_RESPONSE_JSON_SIZE = 64_000_000;\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<Type>(\n  originalPromise: Promise<Type>,\n  teardownRef: { lastTeardown: number },\n): Promise<Type> {\n  const myTeardown = teardownRef.lastTeardown;\n  return new Promise<Type>((resolve, reject) => {\n    originalPromise\n      .then((value) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          resolve(value);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      })\n      .catch((reason) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          reject(reason);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      });\n  });\n}\n\n/**\n * Returns a Proxy that only allows access to a `request` function.\n * This is useful for replacing StreamProvider with an attenuated version.\n *\n * @param request - Custom attenuated request function.\n * @returns Proxy that mimics a StreamProvider instance.\n */\nexport function proxyStreamProvider(request: unknown): StreamProvider {\n  // Proxy target is intentionally set to be an empty object, to ensure\n  // that access to the prototype chain is not possible.\n  const proxy = new Proxy(\n    {},\n    {\n      has(_target: object, prop: string | symbol) {\n        return typeof prop === 'string' && ['request'].includes(prop);\n      },\n      get(_target, prop: keyof StreamProvider) {\n        if (prop === 'request') {\n          return request;\n        }\n\n        return undefined;\n      },\n    },\n  );\n\n  return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n  'wallet_requestPermissions',\n  'wallet_revokePermissions',\n  // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n  'eth_sendTransaction',\n  'eth_sign',\n  'eth_signTypedData',\n  'eth_signTypedData_v1',\n  'eth_signTypedData_v3',\n  'eth_signTypedData_v4',\n  'eth_decrypt',\n  'eth_getEncryptionPublicKey',\n  'wallet_addEthereumChain',\n  'wallet_switchEthereumChain',\n  'wallet_watchAsset',\n  'wallet_registerOnboarding',\n  'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n    rpcErrors.methodNotSupported,\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n  // Disallow snaps methods for separation of concerns.\n  assert(\n    !String.prototype.startsWith.call(args.method, 'snap_'),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Gets a sanitized value to be used for passing to the underlying MetaMask provider.\n *\n * @param value - An unsanitized value from a snap.\n * @returns A sanitized value ready to be passed to a MetaMask provider.\n */\nexport function sanitizeRequestArguments(value: unknown): RequestArguments {\n  // Before passing to getSafeJson we run the value through JSON serialization.\n  // This lets request arguments contain undefined which is normally disallowed.\n  const json = JSON.parse(JSON.stringify(value));\n  return getSafeJson(json) as RequestArguments;\n}\n\n/**\n * Check if the input is a valid response.\n *\n * @param response - The response.\n * @returns True if the response is valid, otherwise false.\n */\nexport function isValidResponse(response: Record<string, unknown>) {\n  if (!isObject(response)) {\n    return false;\n  }\n\n  try {\n    // If the JSON is invalid this will throw and we should return false.\n    const size = getJsonSize(response);\n    return size < MAX_RESPONSE_JSON_SIZE;\n  } catch {\n    return false;\n  }\n}\n"]}
+{"version":3,"file":"utils.mjs","sourceRoot":"","sources":["../../src/common/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,6BAA6B;AACjD,OAAO,EACL,MAAM,EACN,YAAY,EACZ,WAAW,EACX,WAAW,EACX,QAAQ,EACR,UAAU,EACX,wBAAwB;AAEzB,OAAO,EAAE,GAAG,EAAE,uBAAmB;AAEjC,4EAA4E;AAC5E,yDAAyD;AACzD,MAAM,sBAAsB,GAAG,QAAU,CAAC;AAE1C;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,eAA8B,EAC9B,WAAqC;IAErC,MAAM,UAAU,GAAG,WAAW,CAAC,YAAY,CAAC;IAC5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,eAAe;aACZ,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACd,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,GAAG,CACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;YAChB,IAAI,WAAW,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,CAAC;YACjB,CAAC;iBAAM,CAAC;gBACN,GAAG,CACD,+EAA+E,CAChF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAI,KAAK,CACrB,EAAE,EACF;QACE,GAAG,CAAC,OAAe,EAAE,IAAqB;YACxC,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,GAAG,CAAC,OAAO,EAAE,IAA0B;YACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CACF,CAAC;IAEF,OAAO,KAAuB,CAAC;AACjC,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/C,2BAA2B;IAC3B,0BAA0B;IAC1B,6FAA6F;IAC7F,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,sBAAsB;IACtB,aAAa;IACb,4BAA4B;IAC5B,yBAAyB;IACzB,4BAA4B;IAC5B,mBAAmB;IACnB,2BAA2B;IAC3B,mBAAmB;CACpB,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAsB;IAC9D,4EAA4E;IAC5E,MAAM,CACJ,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;QACtD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACxD,oFAAoF,EACpF,SAAS,CAAC,kBAAkB,CAC7B,CAAC;IACF,MAAM,CACJ,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,YAAY,CACV,IAAI,EACJ,UAAU,EACV,2CAA2C,EAC3C,SAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAAC,IAAsB;IAClE,qDAAqD;IACrD,MAAM,CACJ,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EACvD,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,MAAM,CACJ,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAC1C,SAAS,CAAC,cAAc,CAAC;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;KACF,CAAC,CACH,CAAC;IACF,YAAY,CACV,IAAI,EACJ,UAAU,EACV,2CAA2C,EAC3C,SAAS,CAAC,aAAa,CACxB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,KAAc;IACrD,6EAA6E;IAC7E,8EAA8E;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/C,OAAO,WAAW,CAAC,IAAI,CAAqB,CAAC;AAC/C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,QAAiC;IAC/D,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,qEAAqE;QACrE,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,GAAG,sBAAsB,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import type { StreamProvider, RequestArguments } from '@metamask/providers';\nimport { rpcErrors } from '@metamask/rpc-errors';\nimport {\n  assert,\n  assertStruct,\n  getJsonSize,\n  getSafeJson,\n  isObject,\n  JsonStruct,\n} from '@metamask/utils';\n\nimport { log } from '../logging';\n\n// 64 MB - we chose this number because it is the size limit for postMessage\n// between the extension and the dapp enforced by Chrome.\nconst MAX_RESPONSE_JSON_SIZE = 64_000_000;\n\n/**\n * Make proxy for Promise and handle the teardown process properly.\n * If the teardown is called in the meanwhile, Promise result will not be\n * exposed to the snap anymore and warning will be logged to the console.\n *\n * @param originalPromise - Original promise.\n * @param teardownRef - Reference containing teardown count.\n * @param teardownRef.lastTeardown - Number of the last teardown.\n * @returns New proxy promise.\n */\nexport async function withTeardown<Type>(\n  originalPromise: Promise<Type>,\n  teardownRef: { lastTeardown: number },\n): Promise<Type> {\n  const myTeardown = teardownRef.lastTeardown;\n  return new Promise<Type>((resolve, reject) => {\n    originalPromise\n      .then((value) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          resolve(value);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      })\n      .catch((reason) => {\n        if (teardownRef.lastTeardown === myTeardown) {\n          reject(reason);\n        } else {\n          log(\n            'Late promise received after Snap finished execution. Promise will be dropped.',\n          );\n        }\n      });\n  });\n}\n\n/**\n * Returns a Proxy that only allows access to a `request` function.\n * This is useful for replacing StreamProvider with an attenuated version.\n *\n * @param request - Custom attenuated request function.\n * @returns Proxy that mimics a StreamProvider instance.\n */\nexport function proxyStreamProvider(request: unknown): StreamProvider {\n  // Proxy target is intentionally set to be an empty object, to ensure\n  // that access to the prototype chain is not possible.\n  const proxy = new Proxy(\n    {},\n    {\n      has(_target: object, prop: string | symbol) {\n        return typeof prop === 'string' && ['request'].includes(prop);\n      },\n      get(_target, prop: keyof StreamProvider) {\n        if (prop === 'request') {\n          return request;\n        }\n\n        return undefined;\n      },\n    },\n  );\n\n  return proxy as StreamProvider;\n}\n\n// We're blocking these RPC methods for v1, will revisit later.\nexport const BLOCKED_RPC_METHODS = Object.freeze([\n  'wallet_requestPermissions',\n  'wallet_revokePermissions',\n  // We disallow all of these confirmations for now, since the screens are not ready for Snaps.\n  'eth_sendTransaction',\n  'eth_signTypedData',\n  'eth_signTypedData_v1',\n  'eth_signTypedData_v3',\n  'eth_signTypedData_v4',\n  'eth_decrypt',\n  'eth_getEncryptionPublicKey',\n  'wallet_addEthereumChain',\n  'wallet_switchEthereumChain',\n  'wallet_watchAsset',\n  'wallet_registerOnboarding',\n  'wallet_scanQRCode',\n]);\n\n/**\n * Asserts the validity of request arguments for a snap outbound request using the `snap.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertSnapOutboundRequest(args: RequestArguments) {\n  // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n  assert(\n    String.prototype.startsWith.call(args.method, 'wallet_') ||\n      String.prototype.startsWith.call(args.method, 'snap_'),\n    'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n    rpcErrors.methodNotSupported,\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Asserts the validity of request arguments for an ethereum outbound request using the `ethereum.request` API.\n *\n * @param args - The arguments to validate.\n */\nexport function assertEthereumOutboundRequest(args: RequestArguments) {\n  // Disallow snaps methods for separation of concerns.\n  assert(\n    !String.prototype.startsWith.call(args.method, 'snap_'),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assert(\n    !BLOCKED_RPC_METHODS.includes(args.method),\n    rpcErrors.methodNotFound({\n      data: {\n        method: args.method,\n      },\n    }),\n  );\n  assertStruct(\n    args,\n    JsonStruct,\n    'Provided value is not JSON-RPC compatible',\n    rpcErrors.invalidParams,\n  );\n}\n\n/**\n * Gets a sanitized value to be used for passing to the underlying MetaMask provider.\n *\n * @param value - An unsanitized value from a snap.\n * @returns A sanitized value ready to be passed to a MetaMask provider.\n */\nexport function sanitizeRequestArguments(value: unknown): RequestArguments {\n  // Before passing to getSafeJson we run the value through JSON serialization.\n  // This lets request arguments contain undefined which is normally disallowed.\n  const json = JSON.parse(JSON.stringify(value));\n  return getSafeJson(json) as RequestArguments;\n}\n\n/**\n * Check if the input is a valid response.\n *\n * @param response - The response.\n * @returns True if the response is valid, otherwise false.\n */\nexport function isValidResponse(response: Record<string, unknown>) {\n  if (!isObject(response)) {\n    return false;\n  }\n\n  try {\n    // If the JSON is invalid this will throw and we should return false.\n    const size = getJsonSize(response);\n    return size < MAX_RESPONSE_JSON_SIZE;\n  } catch {\n    return false;\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/snaps-execution-environments",
-  "version": "6.9.0",
+  "version": "6.9.1",
   "description": "Snap sandbox environments for executing SES javascript",
   "keywords": [
     "MetaMask",
@@ -69,8 +69,8 @@
     "@metamask/post-message-stream": "^8.1.1",
     "@metamask/providers": "^17.1.2",
     "@metamask/rpc-errors": "^6.3.1",
-    "@metamask/snaps-sdk": "^6.7.0",
-    "@metamask/snaps-utils": "^8.3.0",
+    "@metamask/snaps-sdk": "^6.8.0",
+    "@metamask/snaps-utils": "^8.4.0",
     "@metamask/superstruct": "^3.1.0",
     "@metamask/utils": "^9.2.1",
     "nanoid": "^3.1.31",