Socket
Socket
Sign inDemoInstall

@metamask/ppom-validator

Package Overview
Dependencies
Maintainers
12
Versions
36
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@metamask/ppom-validator - npm Package Compare versions

Comparing version 0.14.0 to 0.15.0

7

CHANGELOG.md

@@ -9,2 +9,6 @@ # Changelog

## [0.15.0]
### Changed
- Cleanup and refactor method to get all files for a network ([#107](https://github.com/MetaMask/ppom-validator/pull/107))
## [0.14.0]

@@ -99,3 +103,4 @@ ### Changed

[Unreleased]: https://github.com/MetaMask/ppom-validator/compare/v0.14.0...HEAD
[Unreleased]: https://github.com/MetaMask/ppom-validator/compare/v0.15.0...HEAD
[0.15.0]: https://github.com/MetaMask/ppom-validator/compare/v0.14.0...v0.15.0
[0.14.0]: https://github.com/MetaMask/ppom-validator/compare/v0.13.0...v0.14.0

@@ -102,0 +107,0 @@ [0.13.0]: https://github.com/MetaMask/ppom-validator/compare/v0.12.0...v0.13.0

194

dist/ppom-controller.js

@@ -13,3 +13,3 @@ "use strict";

};
var _PPOMController_instances, _PPOMController_ppom, _PPOMController_ppomInitError, _PPOMController_provider, _PPOMController_storage, _PPOMController_refreshDataInterval, _PPOMController_fileScheduleInterval, _PPOMController_ppomMutex, _PPOMController_ppomProvider, _PPOMController_cdnBaseUrl, _PPOMController_providerRequestLimit, _PPOMController_providerRequests, _PPOMController_chainId, _PPOMController_dataUpdateDuration, _PPOMController_fileFetchScheduleDuration, _PPOMController_securityAlertsEnabled, _PPOMController_providerRequestsCount, _PPOMController_blockaidPublicKey, _PPOMController_ppomInitialised, _PPOMController_ppomInitialisationCallback, _PPOMController_initialisePPOM, _PPOMController_networkIsSupported, _PPOMController_clearDataFetchIntervals, _PPOMController_resetToInactiveState, _PPOMController_onNetworkChange, _PPOMController_onPreferenceChange, _PPOMController_registerMessageHandlers, _PPOMController_resetPPOM, _PPOMController_reinitPPOM, _PPOMController_reinitPPOMForNetworkIfRequired, _PPOMController_isDataRequiredForCurrentChain, _PPOMController_updatePPOM, _PPOMController_updateVersionInfo, _PPOMController_checkFilePresentInStorage, _PPOMController_checkFilePath, _PPOMController_getFile, _PPOMController_setChainIdDataFetched, _PPOMController_getNewFilesForChain, _PPOMController_getListOfFilesToBeFetched, _PPOMController_deleteOldChainIds, _PPOMController_getNewFilesForAllChains, _PPOMController_getAPIResponse, _PPOMController_checkIfVersionInfoETagChanged, _PPOMController_fetchVersionInfo, _PPOMController_fetchBlob, _PPOMController_jsonRpcRequest, _PPOMController_getPPOM, _PPOMController_onDataUpdateDuration, _PPOMController_checkScheduleFileDownloadForAllChains;
var _PPOMController_instances, _PPOMController_ppom, _PPOMController_ppomInitError, _PPOMController_provider, _PPOMController_storage, _PPOMController_refreshDataInterval, _PPOMController_fileScheduleInterval, _PPOMController_ppomMutex, _PPOMController_ppomProvider, _PPOMController_cdnBaseUrl, _PPOMController_providerRequestLimit, _PPOMController_providerRequests, _PPOMController_chainId, _PPOMController_dataUpdateDuration, _PPOMController_fileFetchScheduleDuration, _PPOMController_securityAlertsEnabled, _PPOMController_providerRequestsCount, _PPOMController_blockaidPublicKey, _PPOMController_ppomInitialised, _PPOMController_ppomInitialisationCallback, _PPOMController_initialisePPOM, _PPOMController_networkIsSupported, _PPOMController_clearDataFetchIntervals, _PPOMController_resetToInactiveState, _PPOMController_onNetworkChange, _PPOMController_onPreferenceChange, _PPOMController_registerMessageHandlers, _PPOMController_resetPPOM, _PPOMController_reinitPPOM, _PPOMController_isDataRequiredForCurrentChain, _PPOMController_updatePPOM, _PPOMController_updateVersionInfo, _PPOMController_checkFilePresentInStorage, _PPOMController_checkFilePath, _PPOMController_getAllFiles, _PPOMController_getFile, _PPOMController_setChainIdDataFetched, _PPOMController_reinitPPOMForChainIfRequired, _PPOMController_getListOfFilesToBeFetched, _PPOMController_deleteOldChainIds, _PPOMController_getNewFilesForAllChains, _PPOMController_getAPIResponse, _PPOMController_checkIfVersionInfoETagChanged, _PPOMController_fetchVersionInfo, _PPOMController_fetchBlob, _PPOMController_jsonRpcRequest, _PPOMController_getPPOM, _PPOMController_onDataUpdateDuration, _PPOMController_checkScheduleFileDownloadForAllChains;
Object.defineProperty(exports, "__esModule", { value: true });

@@ -181,15 +181,10 @@ exports.PPOMController = exports.NETWORK_CACHE_DURATION = exports.REFRESH_TIME_INTERVAL = void 0;

if (securityAlertsEnabled) {
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_updateVersionInfo).call(this)
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOMForChainIfRequired).call(this, ETHEREUM_CHAIN_ID)
.then(async () => {
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getNewFilesForChain).call(this, ETHEREUM_CHAIN_ID);
// start scheduled task to fetch data files
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")?.call(this, 'SUCCESS');
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_checkScheduleFileDownloadForAllChains).call(this);
})
.catch((error) => {
console.error(`Error in initialising: ${error.message}`);
})
.finally(() => {
if (__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")) {
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f").call(this);
}
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")?.call(this, 'FAILURE');
console.error(`Error in initialising ppom: ${error.message}`);
});

@@ -222,8 +217,3 @@ }

}
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOMForNetworkIfRequired).call(this);
if (__classPrivateFieldGet(this, _PPOMController_ppomInitError, "f")) {
const errorText = __classPrivateFieldGet(this, _PPOMController_ppomInitError, "f");
__classPrivateFieldSet(this, _PPOMController_ppomInitError, undefined, "f");
throw Error(errorText);
}
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOMForChainIfRequired).call(this, __classPrivateFieldGet(this, _PPOMController_chainId, "f"));
__classPrivateFieldSet(this, _PPOMController_providerRequests, 0, "f");

@@ -271,3 +261,5 @@ __classPrivateFieldSet(this, _PPOMController_providerRequestsCount, {}, "f");

}, _PPOMController_resetToInactiveState = function _PPOMController_resetToInactiveState() {
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_resetPPOM).call(this);
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_resetPPOM).call(this).catch((error) => {
console.error(`Error in resetting ppom: ${error.message}`);
});
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_clearDataFetchIntervals).call(this);

@@ -318,14 +310,10 @@ this.update((draftState) => {

if (blockaidEnabled) {
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_updateVersionInfo).call(this)
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOMForChainIfRequired).call(this, ETHEREUM_CHAIN_ID)
.then(async () => {
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")?.call(this, 'SUCCESS');
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_checkScheduleFileDownloadForAllChains).call(this);
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getNewFilesForChain).call(this, ETHEREUM_CHAIN_ID);
})
.catch((error) => {
console.error(`Error in initialising: ${error.message}`);
})
.finally(() => {
if (__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")) {
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f").call(this);
}
__classPrivateFieldGet(this, _PPOMController_ppomInitialisationCallback, "f")?.call(this, 'FAILURE');
console.error(`Error in initialising ppom: ${error.message}`);
});

@@ -339,6 +327,12 @@ }

this.messagingSystem.registerActionHandler(`${controllerName}:updatePPOM`, this.updatePPOM.bind(this));
}, _PPOMController_resetPPOM = function _PPOMController_resetPPOM() {
}, _PPOMController_resetPPOM =
/*
* The function resets PPOM.
*/
async function _PPOMController_resetPPOM() {
if (__classPrivateFieldGet(this, _PPOMController_ppom, "f")) {
__classPrivateFieldGet(this, _PPOMController_ppom, "f").free();
__classPrivateFieldSet(this, _PPOMController_ppom, undefined, "f");
await __classPrivateFieldGet(this, _PPOMController_ppomMutex, "f").use(async () => {
__classPrivateFieldGet(this, _PPOMController_ppom, "f").free();
__classPrivateFieldSet(this, _PPOMController_ppom, undefined, "f");
});
}

@@ -349,16 +343,5 @@ }, _PPOMController_reinitPPOM =

*/
async function _PPOMController_reinitPPOM(chainId, files) {
__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_resetPPOM).call(this);
__classPrivateFieldSet(this, _PPOMController_ppom, await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getPPOM).call(this, chainId, files), "f");
}, _PPOMController_reinitPPOMForNetworkIfRequired =
/**
* Conditionally update the ppom configuration.
*
* The function will check if files are required to be downloaded and
* if needed will re-initialise PPOM passing new network files to it.
*/
async function _PPOMController_reinitPPOMForNetworkIfRequired() {
if (__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_isDataRequiredForCurrentChain).call(this) || __classPrivateFieldGet(this, _PPOMController_ppom, "f") === undefined) {
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getNewFilesForChain).call(this, __classPrivateFieldGet(this, _PPOMController_chainId, "f"));
}
async function _PPOMController_reinitPPOM(chainId) {
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_resetPPOM).call(this);
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getPPOM).call(this, chainId);
}, _PPOMController_isDataRequiredForCurrentChain = function _PPOMController_isDataRequiredForCurrentChain() {

@@ -401,2 +384,17 @@ const { chainStatus } = this.state;

}
}, _PPOMController_getAllFiles = async function _PPOMController_getAllFiles(versionInfo) {
const files = await Promise.all(versionInfo.map(async (file) => {
let data;
try {
data = await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getFile).call(this, file);
}
catch (exp) {
console.error(`Error in getting file ${file.filePath}: ${exp.message}`);
}
if (data) {
return [file.name, new Uint8Array(data)];
}
return undefined;
}));
return files?.filter((data) => data?.[1] !== undefined);
}, _PPOMController_getFile =

@@ -422,6 +420,11 @@ /*

await (0, util_1.validateSignature)(fileData, fileVersionInfo.hashSignature, __classPrivateFieldGet(this, _PPOMController_blockaidPublicKey, "f"), fileVersionInfo.filePath);
await __classPrivateFieldGet(this, _PPOMController_storage, "f").writeFile({
data: fileData,
...fileVersionInfo,
});
try {
await __classPrivateFieldGet(this, _PPOMController_storage, "f").writeFile({
data: fileData,
...fileVersionInfo,
});
}
catch (error) {
console.error(`Error in writing file: ${error.message}`);
}
return fileData;

@@ -449,23 +452,11 @@ }, _PPOMController_setChainIdDataFetched =

}
}, _PPOMController_getNewFilesForChain =
}, _PPOMController_reinitPPOMForChainIfRequired =
/*
* Fetches new files for current network and save them to storage.
* The function is invoked if user if attempting transaction for current network,
* for which data is not previously fetched.
* The function will initialise PPOM for the network if required.
*/
async function _PPOMController_getNewFilesForChain(chainId) {
const versionInfoForCurrentChain = this.state.versionInfo.filter(({ chainId: id }) => id === chainId);
let files = await Promise.all(versionInfoForCurrentChain.map(async (fileVersionInfo) => {
let data;
try {
data = await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getFile).call(this, fileVersionInfo);
}
catch (exp) {
console.error(`Error in getting file ${fileVersionInfo.filePath}: ${exp.message}`);
}
return [fileVersionInfo.name, data ? new Uint8Array(data) : undefined];
}));
files = files.filter((data) => data?.[1] !== undefined);
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_setChainIdDataFetched).call(this, chainId);
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOM).call(this, chainId, files);
async function _PPOMController_reinitPPOMForChainIfRequired(chainId) {
if (__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_isDataRequiredForCurrentChain).call(this) || __classPrivateFieldGet(this, _PPOMController_ppom, "f") === undefined) {
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_reinitPPOM).call(this, chainId);
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_setChainIdDataFetched).call(this, chainId);
}
}, _PPOMController_getListOfFilesToBeFetched =

@@ -669,53 +660,28 @@ /*

*/
async function _PPOMController_getPPOM(chainId, newFiles) {
try {
let files;
__classPrivateFieldSet(this, _PPOMController_ppomInitError, undefined, "f");
// For some reason ppom initialisation in contrructor fails for react native
// thus it is added here to prevent validation from failing.
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_initialisePPOM).call(this);
const { chainStatus } = this.state;
const versionInfo = chainStatus[chainId]?.versionInfo ??
this.state.versionInfo.filter(({ chainId: id }) => id === chainId);
if (!versionInfo?.length) {
__classPrivateFieldSet(this, _PPOMController_ppomInitError, `Aborting validation as no files are found for the network with chainId: ${chainId}`, "f");
return undefined;
}
if (newFiles?.length) {
files = newFiles;
}
else {
// Get all the files for the chainId
files = await Promise.all(versionInfo.map(async (file) => {
let data;
try {
data = await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getFile).call(this, file);
}
catch (exp) {
console.error(`Error in getting file ${file.filePath}: ${exp.message}`);
}
if (data) {
return [file.name, new Uint8Array(data)];
}
return undefined;
}));
}
files = files?.filter((data) => data?.[1] !== undefined);
// The following code throw error if no data files are found for the chainId.
// This check has been put in place after suggestion of security team.
// If we want to disable ppom validation on all instances of Metamask,
// this can be achieved by returning empty data from version file.
if (files?.length !== versionInfo?.length) {
__classPrivateFieldSet(this, _PPOMController_ppomInitError, `Aborting validation as not all files could not be downloaded for the network with chainId: ${chainId}`, "f");
return undefined;
}
return await __classPrivateFieldGet(this, _PPOMController_ppomMutex, "f").use(async () => {
const { PPOM } = __classPrivateFieldGet(this, _PPOMController_ppomProvider, "f");
return PPOM.new(__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_jsonRpcRequest).bind(this), files);
});
async function _PPOMController_getPPOM(chainId) {
// For some reason ppom initialisation in contrructor fails for react native
// thus it is added here to prevent validation from failing.
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_initialisePPOM).call(this);
const { chainStatus } = this.state;
let versionInfo = chainStatus[chainId]?.versionInfo;
if (!versionInfo?.length) {
await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_updateVersionInfo).call(this);
versionInfo = this.state.versionInfo.filter(({ chainId: id }) => id === chainId);
}
catch (error) {
__classPrivateFieldSet(this, _PPOMController_ppomInitError, error?.message, "f");
return undefined;
if (versionInfo?.length === undefined || versionInfo?.length === 0) {
throw new Error(`Aborting initialising PPOM as no files are found for the network with chainId: ${chainId}`);
}
// Get all the files for the chainId
const files = await __classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_getAllFiles).call(this, versionInfo);
// The following code throw error if no data files are found for the chainId.
// This check has been put in place after suggestion of security team.
// If we want to disable ppom validation on all instances of Metamask,
// this can be achieved by returning empty data from version file.
if (files?.length !== versionInfo?.length) {
throw new Error(`Aborting initialising PPOM as not all files could not be downloaded for the network with chainId: ${chainId}`);
}
return await __classPrivateFieldGet(this, _PPOMController_ppomMutex, "f").use(async () => {
const { PPOM } = __classPrivateFieldGet(this, _PPOMController_ppomProvider, "f");
__classPrivateFieldSet(this, _PPOMController_ppom, PPOM.new(__classPrivateFieldGet(this, _PPOMController_instances, "m", _PPOMController_jsonRpcRequest).bind(this), files), "f");
});
}, _PPOMController_onDataUpdateDuration = function _PPOMController_onDataUpdateDuration() {

@@ -722,0 +688,0 @@ this.updatePPOM().catch((exp) => {

2

package.json
{
"name": "@metamask/ppom-validator",
"version": "0.14.0",
"version": "0.15.0",
"description": "This module has code to integrate Blockaid PPOM with MetaMask",

@@ -5,0 +5,0 @@ "homepage": "https://github.com/MetaMask/ppom-validator#readme",

dist/ppom-controller.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc