We are scanning all 3rd party app code for various things they shouldn’t use directly. There are two scans, one is text-based, another is AST based. (Pretty much denies creating actors and running functions that are named setCertifiedData, cyclesAdd, and so on.) It scans all libraries an app imports including the base libraries.
One of the problems is, there are two base libraries that provide allowed functionality but trigger the security checks. These are “Principal.mo” and “Random.mo”. So we’ve whitelisted their hashes from the last 23 Motoko base releases.
Unless there is a way for Motoko code to jailbreak that I don’t know of, I suppose this should work?
Text checks:
AST checks:
Developers get notified when they use prohibited code
These apps get assembled based on a json config. The generated actor code with all apps looks like this:
(anti-injection & collision checks are done by the generator)
(Devs get working type checks going on while developing, even with multiple apps.)
Neutron.json config:
Apps look like this:
Additionally, apps get bundled like this (It’s not a good idea to include the huge .mops folders inside the frontend) All these apps share the same modules if their hashes match. (This reduced the wasm size by 5kb, I am assuming either we have a bug, or Motoko is not doing that kind of optimization when libraries import the same file (same imports included) from different folders)
When a user tries to install an app they see a dialog with the permissions it requires:
or
