Skip to content

Commit

Permalink
Merge pull request Agoric#8738 from Agoric/mhofman/explicit-harden
Browse files Browse the repository at this point in the history
Explicitly harden some shared prototypes
  • Loading branch information
mergify[bot] authored Jan 16, 2024
2 parents 627b56b + aeaa62b commit 6e90d96
Show file tree
Hide file tree
Showing 23 changed files with 59 additions and 1 deletion.
2 changes: 2 additions & 0 deletions packages/SwingSet/src/kernel/state/kernelKeeper.js
Original file line number Diff line number Diff line change
Expand Up @@ -548,6 +548,7 @@ export default function makeKernelKeeper(kernelStorage, kernelSlog) {
}
}
}
harden(enumerateNonDurableObjectExports);

/**
* Allocate a new koid.
Expand Down Expand Up @@ -936,6 +937,7 @@ export default function makeKernelKeeper(kernelStorage, kernelSlog) {
}
}
}
harden(enumeratePromisesByDecider);

function addSubscriberToPromise(kernelSlot, vatID) {
insistKernelType('promise', kernelSlot);
Expand Down
3 changes: 3 additions & 0 deletions packages/SwingSet/src/kernel/state/storageHelper.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ export function* enumeratePrefixedKeys(kvStore, prefix, exclusiveEnd) {
yield key;
}
}
harden(enumeratePrefixedKeys);

/**
* @param {KVStore} kvStore
Expand All @@ -45,6 +46,7 @@ function* enumerateNumericPrefixedKeys(kvStore, prefix) {
}
}
}
harden(enumerateNumericPrefixedKeys);

/**
* @param {KVStore} kvStore
Expand All @@ -55,6 +57,7 @@ export function* getPrefixedValues(kvStore, prefix) {
yield kvStore.get(key) || Fail`enumerate ensures get`;
}
}
harden(getPrefixedValues);

/**
* @param {KVStore} kvStore
Expand Down
1 change: 1 addition & 0 deletions packages/SwingSet/src/kernel/state/vatKeeper.js
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,7 @@ export function makeVatKeeper(
deliveryNum += 1;
}
}
harden(getTranscript);

/**
* Append an entry to the vat's transcript.
Expand Down
15 changes: 15 additions & 0 deletions packages/casting/src/follower-cosmjs.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,15 @@ import { MAKE_DEFAULT_DECODER, MAKE_DEFAULT_UNSERIALIZER } from './defaults.js';
import { makeCastingSpec } from './casting-spec.js';
import { makeLeader as defaultMakeLeader } from './leader-netconfig.js';

// A lot of cosmjs classes end up hardened through instances shared by this
// package so preemptively harden them all.
// However we cannot directly harden a module namespace object (exotic behavior
// for bindings) so spread the namespace instead
harden({
tendermint34: { ...tendermint34 },
stargateStar: { ...stargateStar },
});

const { QueryClient } = stargateStar;
const { Tendermint34Client } = tendermint34;
const { details: X, quote: q, Fail } = assert;
Expand Down Expand Up @@ -357,6 +366,7 @@ export const makeCosmjsFollower = (
);
}
}
harden(allValuesFromCell);

/**
* @param {import('./types.js').StreamCell<T>} streamCell
Expand All @@ -372,6 +382,7 @@ export const makeCosmjsFollower = (
);
}
}
harden(reverseValuesFromCell);

/**
* @param {import('./types.js').StreamCell<T>} streamCell
Expand All @@ -389,6 +400,7 @@ export const makeCosmjsFollower = (
);
}
}
harden(lastValueFromCell);

/**
* @yields {ValueFollowerElement<T>}
Expand Down Expand Up @@ -434,6 +446,7 @@ export const makeCosmjsFollower = (
lastValue = latest.value;
}
}
harden(getLatestIterable);

/**
* @param {number} [cursorBlockHeight]
Expand Down Expand Up @@ -552,6 +565,7 @@ export const makeCosmjsFollower = (
cursorData = currentData;
}
}
harden(getEachIterableAtHeight);

/**
* @param {number} [cursorBlockHeight]
Expand All @@ -575,6 +589,7 @@ export const makeCosmjsFollower = (
cursorBlockHeight = cursorStreamCell.blockHeight - 1;
}
}
harden(getReverseIterableAtHeight);

/** @type {ValueFollower<T>} */
return Far('chain follower', {
Expand Down
1 change: 1 addition & 0 deletions packages/casting/src/iterable.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ export const mapAsyncIterable = (iterable, transform) => {
yield transform(value);
}
}
harden(transformGenerator);
return transformGenerator();
};

Expand Down
2 changes: 2 additions & 0 deletions packages/internal/test/test-utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ const consumeStreamInto = async (stream, output, maxItems) => {
const generateStream = async function* generateStream(items) {
yield* items;
};
harden(generateStream);

test('synchronizedTee - consumeAll - 1 reader', async t => {
const sourceData = [1, 2, 3];
Expand Down Expand Up @@ -251,6 +252,7 @@ test('synchronizedTee - consume synchronized', async t => {
}
}
}
harden(generate);
const source = generate();
const [reader1, reader2] = synchronizedTee(source, 2);
await Promise.all([
Expand Down
4 changes: 4 additions & 0 deletions packages/swing-store/src/bundleStore.js
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ export function makeBundleStore(db, ensureTxn, noteExport = () => {}) {
const rawBundle = row.bundle || Fail`bundle ${q(bundleID)} pruned`;
yield* Readable.from(Buffer.from(rawBundle));
}
harden(exportBundle);

const sqlGetBundleIDs = db.prepare(`
SELECT bundleID
Expand All @@ -286,12 +287,14 @@ export function makeBundleStore(db, ensureTxn, noteExport = () => {}) {
yield [bundleArtifactName(bundleID), bundleID];
}
}
harden(getExportRecords);

async function* getArtifactNames() {
for (const bundleID of sqlGetBundleIDs.iterate()) {
yield bundleArtifactName(bundleID);
}
}
harden(getArtifactNames);

function computeSha512(bytes) {
const hash = createHash('sha512');
Expand Down Expand Up @@ -364,6 +367,7 @@ export function makeBundleStore(db, ensureTxn, noteExport = () => {}) {
function* getBundleIDs() {
yield* sqlListBundleIDs.iterate();
}
harden(getBundleIDs);

return harden({
importBundleRecord,
Expand Down
2 changes: 2 additions & 0 deletions packages/swing-store/src/exporter.js
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,7 @@ export function makeSwingStoreExporter(dirPath, options = {}) {
yield* transcriptStore.getExportRecords(true);
yield* bundleStore.getExportRecords();
}
harden(getExportData);

/**
* @returns {AsyncIterableIterator<string>}
Expand All @@ -174,6 +175,7 @@ export function makeSwingStoreExporter(dirPath, options = {}) {
yield* transcriptStore.getArtifactNames(artifactMode);
yield* bundleStore.getArtifactNames();
}
harden(getArtifactNames);

/**
* @param {string} name
Expand Down
5 changes: 5 additions & 0 deletions packages/swing-store/src/snapStore.js
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ export function makeSnapStore(
const snapshotReader = gzReader.pipe(unzipper);
yield* snapshotReader;
}
harden(exporter);
return exporter();
}

Expand Down Expand Up @@ -344,6 +345,7 @@ export function makeSnapStore(
Fail`actual hash ${q(hash)} !== expected ${q(snapshotID)}`;
}
}
harden(loadSnapshot);

const sqlDeleteVatSnapshots = db.prepare(`
DELETE FROM snapshots
Expand Down Expand Up @@ -481,6 +483,7 @@ export function makeSnapStore(
}
}
}
harden(getExportRecords);

async function* getArtifactNames(artifactMode) {
for (const rec of sqlGetAvailableSnapshots.iterate(1)) {
Expand All @@ -492,6 +495,7 @@ export function makeSnapStore(
}
}
}
harden(getArtifactNames);

const sqlAddSnapshotRecord = db.prepare(`
INSERT INTO snapshots (vatID, snapPos, hash, inUse)
Expand Down Expand Up @@ -640,6 +644,7 @@ export function makeSnapStore(
function* listAllSnapshots() {
yield* sqlListAllSnapshots.iterate();
}
harden(listAllSnapshots);

const sqlDumpCurrentSnapshots = db.prepare(`
SELECT vatID, snapPos, hash, compressedSnapshot, inUse
Expand Down
6 changes: 6 additions & 0 deletions packages/swing-store/src/transcriptStore.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ import { createSHA256 } from './hasher.js';
function* empty() {
// Yield nothing
}
harden(empty);

/**
* @param {number} position
Expand Down Expand Up @@ -158,6 +159,7 @@ export function makeTranscriptStore(
}
}
}
harden(readFullVatTranscript);

function spanArtifactName(rec) {
return `transcript.${rec.vatID}.${rec.startPos}.${rec.endPos}`;
Expand Down Expand Up @@ -393,6 +395,7 @@ export function makeTranscriptStore(
}
}
}
harden(getExportRecords);

const sqlCountSpanItems = db.prepare(`
SELECT COUNT(*) FROM transcriptItems
Expand Down Expand Up @@ -447,6 +450,7 @@ export function makeTranscriptStore(
}
}
}
harden(getArtifactNames);

const sqlGetSpanEndPos = db.prepare(`
SELECT endPos
Expand Down Expand Up @@ -501,6 +505,7 @@ export function makeTranscriptStore(
expectedCount,
)})`;
}
harden(reader);

if (startPos === endPos) {
return empty();
Expand Down Expand Up @@ -541,6 +546,7 @@ export function makeTranscriptStore(
yield Buffer.from(`${entry}\n`);
}
}
harden(exportSpan);

const sqlAddItem = db.prepare(`
INSERT INTO transcriptItems (vatID, item, position, incarnation)
Expand Down
1 change: 1 addition & 0 deletions packages/swing-store/test/test-deletion.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import { initSwingStore } from '../src/swingStore.js';
async function* getSnapshotStream() {
yield Buffer.from('abc');
}
harden(getSnapshotStream);

test('delete snapshots with export callback', async t => {
const exportLog = [];
Expand Down
1 change: 1 addition & 0 deletions packages/swing-store/test/test-exportImport.js
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ async function fakeAVatSnapshot(vat, ks) {
async function* getSnapshotStream() {
yield Buffer.from(`snapshot of vat ${vat.vatID} as of ${vat.endPos}`);
}
harden(getSnapshotStream);
await ks.snapStore.saveSnapshot(vat.vatID, vat.endPos, getSnapshotStream());
ks.transcriptStore.addItem(vat.vatID, 'save-snapshot');
vat.endPos += 1;
Expand Down
1 change: 1 addition & 0 deletions packages/swing-store/test/test-snapstore.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ function ensureTxn() {}
async function* getSnapshotStream(payload) {
yield Buffer.from(payload);
}
harden(getSnapshotStream);

test('compress to cache file; closes snapshot stream', async t => {
const db = sqlite3(':memory:');
Expand Down
1 change: 1 addition & 0 deletions packages/swing-store/test/test-state.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ function* iterate(kvStore, start, end) {
prev = next;
}
}
harden(iterate);

function makeExportLog() {
const exportLog = [];
Expand Down
1 change: 1 addition & 0 deletions packages/swing-store/test/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ export const tmpDir = prefix =>
export async function* getSnapshotStream(contents) {
yield Buffer.from(contents);
}
harden(getSnapshotStream);

export function makeB0ID(bundle) {
return `b0-${createSHA256(JSON.stringify(bundle)).finish()}`;
Expand Down
5 changes: 4 additions & 1 deletion packages/swingset-liveslots/src/collectionManager.js
Original file line number Diff line number Diff line change
Expand Up @@ -518,7 +518,7 @@ export function makeCollectionManager(
yield [yieldKeys ? key : undefined, yieldValues ? value : undefined];
}
}

harden(iter);
return iter();
}

Expand All @@ -528,6 +528,7 @@ export function makeCollectionManager(
yield entry[0];
}
}
harden(iter);
return iter();
}

Expand Down Expand Up @@ -592,6 +593,7 @@ export function makeCollectionManager(
yield entry[1];
}
}
harden(iter);
return iter();
}

Expand All @@ -601,6 +603,7 @@ export function makeCollectionManager(
yield entry;
}
}
harden(iter);
return iter();
}

Expand Down
2 changes: 2 additions & 0 deletions packages/swingset-liveslots/src/vatstore-iterators.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ export function* enumerateKeysStartEnd(syscall, start, end, checkF) {
dbKey = syscall.vatstoreGetNextKey(dbKey);
}
}
harden(enumerateKeysStartEnd);

// return an iterator of all existing keys that start with 'prefix'
// (excluding the prefix itself)
Expand All @@ -32,6 +33,7 @@ export function* enumerateKeysWithPrefix(syscall, prefix) {
yield key;
}
}
harden(enumerateKeysWithPrefix);

export function prefixedKeysExist(syscall, prefix) {
const nextKey = syscall.vatstoreGetNextKey(prefix);
Expand Down
1 change: 1 addition & 0 deletions packages/swingset-liveslots/test/gc-helpers.js
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ export function* enumerateKeysWithPrefix(fakestore, prefix) {
}
}
}
harden(enumerateKeysWithPrefix);

export function recognizersOf(v, baseref) {
// the | is followed by the collectionID that can recognize baseref
Expand Down
1 change: 1 addition & 0 deletions packages/vats/src/vat-bank.js
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ async function* concatAsyncIterables(iterables) {
yield* asyncIterable;
}
}
harden(concatAsyncIterables);

/**
* TODO: This should be absorbed and zone-ified into the existing publish kit.
Expand Down
1 change: 1 addition & 0 deletions packages/wallet/api/src/wallet.js
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ export function buildRootObject(vatPowers) {
yield state;
}
}
harden(makeApprovedNotifier);

/** @type {WalletBridge} */
const bridge = Far('bridge', {
Expand Down
2 changes: 2 additions & 0 deletions packages/xsnap/api.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ export class ErrorSignal extends Error {
this.code = signal;
}
}
harden(ErrorSignal);

export class ErrorCode extends Error {
/**
Expand All @@ -55,3 +56,4 @@ export class ErrorCode extends Error {
this.code = code;
}
}
harden(ErrorCode);
Loading

0 comments on commit 6e90d96

Please sign in to comment.