From 66bd1729807a3c1323a97fe7f43879f42532496a Mon Sep 17 00:00:00 2001 From: kumavis Date: Thu, 28 Apr 2022 08:45:46 -1000 Subject: [PATCH] Lavamoat - protect all UI contexts (#14537) * lavamoat - apply lavamoat protections to popup and notification * build - enable lavamoat for home * lavamoat - add missing ui overrides for react family * deps/patches - patch zxcvbn for ses compat --- development/build/scripts.js | 6 +++--- lavamoat/browserify/beta/policy-override.json | 16 ++++++++++++++++ lavamoat/browserify/flask/policy-override.json | 16 ++++++++++++++++ lavamoat/browserify/main/policy-override.json | 16 ++++++++++++++++ patches/zxcvbn+4.4.2.patch | 13 +++++++++++++ 5 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 patches/zxcvbn+4.4.2.patch diff --git a/development/build/scripts.js b/development/build/scripts.js index f942c4c1b..f6dc542c4 100644 --- a/development/build/scripts.js +++ b/development/build/scripts.js @@ -473,21 +473,21 @@ function createFactoredBuild({ groupSet, commonSet, browserPlatforms, - useLavamoat: false, + useLavamoat: true, }); renderHtmlFile({ htmlName: 'notification', groupSet, commonSet, browserPlatforms, - useLavamoat: false, + useLavamoat: true, }); renderHtmlFile({ htmlName: 'home', groupSet, commonSet, browserPlatforms, - useLavamoat: false, + useLavamoat: true, }); break; } diff --git a/lavamoat/browserify/beta/policy-override.json b/lavamoat/browserify/beta/policy-override.json index a3d850f83..c07ab4ac6 100644 --- a/lavamoat/browserify/beta/policy-override.json +++ b/lavamoat/browserify/beta/policy-override.json @@ -55,6 +55,22 @@ "globals": { "localStorage": true } + }, + "react-dom": { + "globals": { + "HTMLIFrameElement": true + } + }, + "react-devtools": { + "packages": { + "react-devtools-core": true + } + }, + "react-devtools-core": { + "globals": { + "setTimeout": true, + "WebSocket": true + } } } } diff --git a/lavamoat/browserify/flask/policy-override.json b/lavamoat/browserify/flask/policy-override.json index 71fd98f61..cee2cc80e 100644 --- a/lavamoat/browserify/flask/policy-override.json +++ b/lavamoat/browserify/flask/policy-override.json @@ -50,6 +50,22 @@ "globals": { "localStorage": true } + }, + "react-dom": { + "globals": { + "HTMLIFrameElement": true + } + }, + "react-devtools": { + "packages": { + "react-devtools-core": true + } + }, + "react-devtools-core": { + "globals": { + "setTimeout": true, + "WebSocket": true + } } } } diff --git a/lavamoat/browserify/main/policy-override.json b/lavamoat/browserify/main/policy-override.json index a3d850f83..c07ab4ac6 100644 --- a/lavamoat/browserify/main/policy-override.json +++ b/lavamoat/browserify/main/policy-override.json @@ -55,6 +55,22 @@ "globals": { "localStorage": true } + }, + "react-dom": { + "globals": { + "HTMLIFrameElement": true + } + }, + "react-devtools": { + "packages": { + "react-devtools-core": true + } + }, + "react-devtools-core": { + "globals": { + "setTimeout": true, + "WebSocket": true + } } } } diff --git a/patches/zxcvbn+4.4.2.patch b/patches/zxcvbn+4.4.2.patch new file mode 100644 index 000000000..9975da28d --- /dev/null +++ b/patches/zxcvbn+4.4.2.patch @@ -0,0 +1,13 @@ +diff --git a/node_modules/zxcvbn/lib/matching.js b/node_modules/zxcvbn/lib/matching.js +index 3940bad..748da8b 100644 +--- a/node_modules/zxcvbn/lib/matching.js ++++ b/node_modules/zxcvbn/lib/matching.js +@@ -13,7 +13,7 @@ build_ranked_dict = function(ordered_list) { + i = 1; + for (o = 0, len1 = ordered_list.length; o < len1; o++) { + word = ordered_list[o]; +- result[word] = i; ++ Reflect.defineProperty(result, word, { value: i, configurable: true, enumerable: true, writable: true }); + i += 1; + } + return result;