feat: SES lockdown v0.18.8 (iOS JSC)

[leotm]

Description

Problem being solved: prototype pollution/poisoning

SES lockdown (shim v0.18.8) on iOS JSC, baked early into RN core before RN initialisation for the simplest minimal solution
as opposed to previous approach of shim'ing at the beginning of our entry file requiring further complex lib patches

with SES lockdown on Android Hermes (introduced earlier in our RN v0.71.6 upgrade) being followed up separately
currently bundling successfully, but runtime not yet functional

SES lockdown on Android JSC was also passing smoke tests after some work prior to Hermes
so a backup engine worth keeping on ice being followed up separately

Previous patches no longer required: eth-keyring-controller, ethjs-contract (one not two), web3-core-methods, metro-react-native-babel-preset, Sentry config (see previous PR: #3794)

Nb: @babel/plugin-transform-regenerator removed from metro-react-native-babel-preset since initial investigation
Nb: @babel/plugin-transform-runtime config opt regenerator: true previously caused iOS animated node assertion failures
Nb: default @babel/plugin-transform-runtime via metro-react-native-babel-preset causes additional 4 SES warnings

Nb: Current behaviour (not SES)

main, jsc
- import wallet via SRP
  - tap form field: disables cmd+D (app must be closed, no Metro restart)

main, v8
- (fresh) import wallet via SRP
  - if cmd+v paste ok, bot Import btn tappable when filled, but spinner hang (no error/warn), ~20s Metro dc
  - restart, enter pw, tap Unlock btn, spinner hang, still ~20s Metro dc
  - tap Reset Wallet, hang
- import (continued)
  - partial responsiveness
    - tap form field: dev menu disabled (cmd+d, app must be closed)
    - unresponsive: tap Back, tap Show, cannot tap Import, cmd+v disabled
    - responsive: cycle/input fields
    - still ~20s Metro dc

Previous SES warnings when locking down at entry file (not RN InitializeCore)

https://www.diffchecker.com/fjj1iObp

# JSC (26)
Removing intrinsics.Object.setPrototypeOf.default
Removing intrinsics.Object.setPrototypeOf.__esModule
Removing intrinsics.Object.assign.default
Removing intrinsics.Object.assign.__esModule
Removing intrinsics.Reflect.construct.default
Removing intrinsics.Reflect.construct.__esModule
Removing intrinsics.Reflect.decorate
Removing intrinsics.Reflect.metadata
Removing intrinsics.Reflect.defineMetadata
Removing intrinsics.Reflect.hasMetadata
Removing intrinsics.Reflect.hasOwnMetadata
Removing intrinsics.Reflect.getMetadata
Removing intrinsics.Reflect.getOwnMetadata
Removing intrinsics.Reflect.getMetadataKeys
Removing intrinsics.Reflect.getOwnMetadataKeys
Removing intrinsics.Reflect.deleteMetadata
Removing intrinsics.%ArrayPrototype%.toReversed
Removing intrinsics.%ArrayPrototype%.toSorted
Removing intrinsics.%ArrayPrototype%.toSpliced
Removing intrinsics.%ArrayPrototype%.with
Removing intrinsics.%ArrayPrototype%.@@unscopables.toReversed
Removing intrinsics.%ArrayPrototype%.@@unscopables.toSorted
Removing intrinsics.%ArrayPrototype%.@@unscopables.toSpliced
Removing intrinsics.%TypedArrayPrototype%.toReversed
Removing intrinsics.%TypedArrayPrototype%.toSorted
Removing intrinsics.%TypedArrayPrototype%.with

# V8 (33)
Removing intrinsics.Object.assign.default
Removing intrinsics.Object.assign.__esModule
Removing intrinsics.Object.setPrototypeOf.default
Removing intrinsics.Object.setPrototypeOf.__esModule
Removing intrinsics.JSON.rawJSON
Removing intrinsics.JSON.isRawJSON
Removing intrinsics.Reflect.construct.default
Removing intrinsics.Reflect.construct.__esModule
Removing intrinsics.Reflect.decorate
Removing intrinsics.Reflect.metadata
Removing intrinsics.Reflect.defineMetadata
Removing intrinsics.Reflect.hasMetadata
Removing intrinsics.Reflect.hasOwnMetadata
Removing intrinsics.Reflect.getMetadata
Removing intrinsics.Reflect.getOwnMetadata
Removing intrinsics.Reflect.getMetadataKeys
Removing intrinsics.Reflect.getOwnMetadataKeys
Removing intrinsics.Reflect.deleteMetadata
Removing intrinsics.%ArrayPrototype%.toReversed
Removing intrinsics.%ArrayPrototype%.toSorted
Removing intrinsics.%ArrayPrototype%.toSpliced
Removing intrinsics.%ArrayPrototype%.with
Removing intrinsics.%ArrayPrototype%.@@unscopables.toReversed
Removing intrinsics.%ArrayPrototype%.@@unscopables.toSorted
Removing intrinsics.%ArrayPrototype%.@@unscopables.toSpliced
Removing intrinsics.%ArrayBufferPrototype%.transferToFixedLength
Removing intrinsics.%ArrayBufferPrototype%.detached
Removing intrinsics.%StringPrototype%.isWellFormed
Removing intrinsics.%StringPrototype%.toWellFormed
Removing intrinsics.%RegExpPrototype%.unicodeSets
Removing intrinsics.%TypedArrayPrototype%.toReversed
Removing intrinsics.%TypedArrayPrototype%.toSorted
Removing intrinsics.%TypedArrayPrototype%.with

Notes on patch creation

• --exclude 'nothing' to include package.json changes, then trim patch
• react-native requires trimming majority of patch after initial diffs
• upon failure on symlinks, git clean -fdx and re-create

Related issues

Worthy read for everyone on adding/upgrading libraries

• Cannot assign to read-only property (Property override mistake) endojs/endo#1855

Fixes

• ☂️ React Native Compatibility Tracker LavaMoat/docs#1 various issues
  • [WIP] SES lockdown() - LavaMoat Compatibility #3794
• ☂️ React Native Compatibility Tracker 2.0 LavaMoat/docs#12 various issues

Manual testing steps

App functions normally

Screenshots/Recordings

Before

Previously failing iOS (JSC) E2E tests have now been fixed

• Proof of Concept Insights - (Apparent) Race condition on disconnecting animated nodes LavaMoat/docs#9
  • https://github.com/MetaMask/metamask-mobile/assets/1881059/3cac630f-6ec8-4975-a273-8a115a4e8fe9
  • https://github.com/MetaMask/metamask-mobile/assets/1881059/67221672-d1a3-4346-a783-5f93b53dbbe9
  • https://github.com/MetaMask/metamask-mobile/assets/1881059/baa6e512-e307-4f0f-ae2f-77bfb4a29baf
  • https://github.com/MetaMask/metamask-mobile/assets/1881059/c21ffb0b-c9df-4223-ba73-5383dc8627f5

And more screenshots in related issues linked above

After

App functioning normally

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I’ve properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No dependency changes detected in pull request

[leotm]

@SocketSecurity ignore [email protected]

Unmaintained (via devDep)

[email protected] /Users/leo/Documents/GitHub/metamask-mobile
├─┬ @storybook/[email protected]
│ └─┬ @storybook/[email protected]
│   └── [email protected]
└─┬ @storybook/[email protected]
  └─┬ @storybook/[email protected]
    └── [email protected]

[github-actions]

E2E test started on Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/2643987a-2d33-44ce-88f1-db28cf311e11
You can also kick off another Bitrise E2E smoke test by removing and re-applying the (Run Smoke E2E) label

• ios_e2e_test ✅
• android_e2e_test ✅

[tommasini]

Just curious, I don't understand here why we needed to point to the src

[leotm]

good question ^ these couple ethjs contract/query libs we use (transitively via ethjs) to init our engine service
both optimise their bundles with few Babel runtime helpers (notably regenerator and asyncToGenerator)
both currently incompatible with SES, so using their source code instead is less problematic

[leotm]

so captured the details mentioned here
both in a code comment and issue

[Gudahtt]

Have you considered patching babel-runtime and regenerator-runtime instead? They're used in quite a few packages (including some that we'll be introducing soon to the codebase, like our ethjs-* forks of packages like this one). It may be easier to fix the problem at the source. The extension already has patches for them to make them SES compatible.

[tommasini]

Thanks for the answers Leo! LGTM!

[leotm]

branch updated to re-run smoke tests before merge, but all CI broken on yarn audit, fixed in

• fix: bump axios #7758

after fix merged ^ re-update branch, re-run smoke tests, then merge squash

edit: merged

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[github-actions]

E2E test started on Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/156c9199-a45a-41b6-a518-6f6232b927d0
You can also kick off another Bitrise E2E smoke test by removing and re-applying the (Run Smoke E2E) label

[leotm]

E2E test started on Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/156c9199-a45a-41b6-a518-6f6232b927d0 You can also kick off another Bitrise E2E smoke test by removing and re-applying the (Run Smoke E2E) label

✅ ios_e2e_test
✅ android_e2e_test