Replace `rc` with `ini` (#15464)

We use the `rc` package to read the `.metamaskrc` configuration file, which is in "ini" format. This package has been replaced by the `ini` package. The `rc` package was not actively maintained, and it has had recent security vulnerabilities. But most importantly, the config object returned by `rc` includes a bunch of extra information that made build script validation [1] difficult to implement. Specifically, it made it challenging to ensure no extra environment variables were present. The `ini` package on the other hand is simple, well maintained, and is simpler to use. This package doesn't add any extra properties to the object it returns, making validation easy. [1]: https://github.com/MetaMask/metamask-extension/issues/15003
2 years ago · 44f8e9e10e
parent 7b42c54728
commit 44f8e9e10e
4 changed files with 34 additions and 36 deletions
--- a/development/build/scripts.js
+++ b/development/build/scripts.js
@ -24,10 +24,22 @@ const Sqrl = require('squirrelly');
 const lavapack = require('@lavamoat/lavapack');
 const lavamoatBrowserify = require('lavamoat-browserify');
 const terser = require('terser');
+const ini = require('ini');

 const bifyModuleGroups = require('bify-module-groups');

-const metamaskrc = require('rc')('metamask', {
+const configPath = path.resolve(__dirname, '..', '..', '.metamaskrc');
+let configContents = '';
+try {
+  configContents = readFileSync(configPath, {
+    encoding: 'utf8',
+  });
+} catch (error) {
+  if (error.code !== 'ENOENT') {
+    throw error;
+  }
+}
+const metamaskrc = {
  INFURA_PROJECT_ID: process.env.INFURA_PROJECT_ID,
  INFURA_BETA_PROJECT_ID: process.env.INFURA_BETA_PROJECT_ID,
  INFURA_FLASK_PROJECT_ID: process.env.INFURA_FLASK_PROJECT_ID,
@ -45,7 +57,8 @@ const metamaskrc = require('rc')('metamask', {
    process.env.SENTRY_DSN_DEV ||
    'https://f59f3dd640d2429d9d0e2445a87ea8e1@sentry.io/273496',
  SIWE_V1: process.env.SIWE_V1,
-});
+  ...ini.parse(configContents),
+};

 const { streamFlatMap } = require('../stream-flat-map');
 const { BuildType } = require('../lib/build-type');
--- a/lavamoat/build-system/policy.json
+++ b/lavamoat/build-system/policy.json
@ -2415,7 +2415,7 @@
      "packages": {
        "eslint-plugin-import>tsconfig-paths>json5": true,
        "eslint-plugin-import>tsconfig-paths>strip-bom": true,
-        "rc>minimist": true
+        "patch-package>minimist": true
      }
    },
    "eslint-plugin-import>tsconfig-paths>json5": {
@ -3613,7 +3613,7 @@
      "packages": {
        "gulp-rtlcss>rtlcss>@choojs/findup": true,
        "gulp-rtlcss>rtlcss>postcss": true,
-        "rc>strip-json-comments": true
+        "mocha>strip-json-comments": true
      }
    },
    "gulp-rtlcss>rtlcss>@choojs/findup": {
@ -5329,6 +5329,11 @@
        "pump>once": true
      }
    },
+    "ini": {
+      "globals": {
+        "process": true
+      }
+    },
    "jsdom>escodegen": {
      "globals": {
        "sourceMap.SourceNode": true
@ -5877,36 +5882,6 @@
        "define": true
      }
    },
-    "rc": {
-      "builtin": {
-        "fs.readFileSync": true,
-        "fs.statSync": true,
-        "path.dirname": true,
-        "path.join": true
-      },
-      "globals": {
-        "process.argv.slice": true,
-        "process.cwd": true,
-        "process.env": true,
-        "process.platform": true
-      },
-      "packages": {
-        "rc>deep-extend": true,
-        "rc>ini": true,
-        "rc>minimist": true,
-        "rc>strip-json-comments": true
-      }
-    },
-    "rc>deep-extend": {
-      "globals": {
-        "Buffer": true
-      }
-    },
-    "rc>ini": {
-      "globals": {
-        "process": true
-      }
-    },
    "readable-stream": {
      "builtin": {
        "events.EventEmitter": true,
@ -6589,7 +6564,12 @@
      },
      "packages": {
        "mocha>which": true,
-        "rc>ini": true
+        "stylelint>global-modules>global-prefix>ini": true
+      }
+    },
+    "stylelint>global-modules>global-prefix>ini": {
+      "globals": {
+        "process": true
      }
    },
    "stylelint>globjoin": {
--- a/package.json
+++ b/package.json
@ -322,6 +322,7 @@
    "gulp-zip": "^5.1.0",
    "history": "^5.0.0",
    "improved-yarn-audit": "^3.0.0",
+    "ini": "^3.0.0",
    "jest": "^26.6.3",
    "jest-canvas-mock": "^2.3.1",
    "jest-it-up": "^2.0.2",
@ -344,7 +345,6 @@
    "proxyquire": "^2.1.3",
    "pumpify": "^2.0.1",
    "randomcolor": "^0.5.4",
-    "rc": "^1.2.8",
    "react-devtools": "^4.11.0",
    "read-installed": "^4.0.3",
    "redux-mock-store": "^1.5.4",
--- a/yarn.lock
+++ b/yarn.lock
@ -14461,6 +14461,11 @@ ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==

+ini@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-3.0.0.tgz#2f6de95006923aa75feed8894f5686165adc08f1"
+  integrity sha512-TxYQaeNW/N8ymDvwAxPyRbhMBtnEwuvaTYpOQkFx1nSeusgezHniEc/l35Vo4iCq/mMiTJbpD7oYxN98hFlfmw==
+
 inline-source-map@~0.6.0:
  version "0.6.2"
  resolved "https://registry.yarnpkg.com/inline-source-map/-/inline-source-map-0.6.2.tgz#f9393471c18a79d1724f863fa38b586370ade2a5"