Fix Sentry in LavaMoat contexts (#15672)

Our Sentry setup relies upon application state, but it wasn't able to access it in LavaMoat builds because it's running in a separate Compartment. A patch has been introduced to the LavaMoat runtime to allow the root Compartment to mutate the `rootGlobals` object, which is accessible from outside the compartment as well. This lets us expose application state to our Sentry integration.
2 years ago · d55507615c
parent 22552a0152
commit d55507615c
4 changed files with 25 additions and 3 deletions
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@ -786,7 +786,10 @@ browser.runtime.onInstalled.addListener(({ reason }) => {
 });

 function setupSentryGetStateGlobal(store) {
-  global.getSentryState = function () {
+  if (!global.rootGlobals) {
+    global.rootGlobals = {};
+  }
+  global.rootGlobals.getSentryState = function () {
    const fullState = store.getState();
    const debugState = maskObject({ metamask: fullState }, SENTRY_STATE);
    return {
--- a/app/scripts/sentry-install.js
+++ b/app/scripts/sentry-install.js
@ -3,5 +3,5 @@ import setupSentry from './lib/setupSentry';
 // setup sentry error reporting
 global.sentry = setupSentry({
  release: process.env.METAMASK_VERSION,
-  getState: () => global.getSentryState?.() || {},
+  getState: () => global.rootGlobals?.getSentryState?.() || {},
 });
--- a/patches/@lavamoat+lavapack+3.1.0.patch
+++ b/patches/@lavamoat+lavapack+3.1.0.patch
@ -13,3 +13,19 @@ index eb41a0a..3f891ea 100644
       // deps,
       // source: sourceMeta.code
     }
+diff --git a/node_modules/@lavamoat/lavapack/src/runtime.js b/node_modules/@lavamoat/lavapack/src/runtime.js
+index 58f76f3..53df0e7 100644
+--- a/node_modules/@lavamoat/lavapack/src/runtime.js
+++ b/node_modules/@lavamoat/lavapack/src/runtime.js
+@@ -11160,6 +11160,11 @@ function makePrepareRealmGlobalFromConfig ({ createFunctionWrapper }) {
+         rootPackageCompartment.globalThis[ref] = rootPackageCompartment.globalThis
+       }
+ 
+      // Allow root compartment to expose things to the initial execution environment of the realm.
+      // This is intended to support passing data to shims run before lockdown.
+      globalThis.rootGlobals = {}
+      rootPackageCompartment.globalThis.rootGlobals = globalThis.rootGlobals
+
+       // save the compartment for use by other modules in the package
+       packageCompartmentCache.set(rootPackageName, rootPackageCompartment)
+ 
--- a/ui/index.js
+++ b/ui/index.js
@ -191,7 +191,10 @@ function setupDebuggingHelpers(store) {
    });
    return state;
  };
-  window.getSentryState = function () {
+  if (!window.rootGlobals) {
+    window.rootGlobals = {};
+  }
+  window.rootGlobals.getSentryState = function () {
    const fullState = store.getState();
    const debugState = maskObject(fullState, SENTRY_STATE);
    return {