You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As noted by the comment, type validation is required here. It's very much okay to track this in a separate issue without further modifications to the current PR, but I want to stress how important it is for the Snap to validate every last piece of data it receives from RPC. It's very easy to introduce security holes if we don't.
Upstream Metamask Snaps sources seem to rely on superstruct quite heavily, and they actually provide some helpers here. Our validation logic may look something like this:
import{Bytes}from'@metamask/utils';import{Bip32PathStruct}from'@metamask/snaps-utils/*';import{Infer,boolean,enums,object,optional,type}from'superstruct';exportconstSupportedCurveEnums=enums(['ed25519','sec256k1']);/** * The supported curves for deriving a BIP-32 account. */exporttypeSupportedCurve=Infer<typeofSupportedCurveEnums>;/** * `type` is used instead of `object` to allow unknown properties. */exportconstGetBip32PublicKeyParamsStruct=type({/** * The BIP-32 path to the account. */path: Bip32PathStruct,/** * The curve used to derive the account. */curve: SupportedCurveEnums,/** * Whether to return the public key in compressed form. */compressed: optional(boolean()),});/** * The parameters for calling the `getPublicKey` JSON-RPC method. * * Unknown properties are ignored and passed to `snap_getBip32PublicKey`. */exporttypeGetBip32PublicKeyParams=Infer<typeofGetBip32PublicKeyParamsStruct>;exportconstSignMessageParamsStruct=object({/** * The BIP-32 path to the account. */message: Bytes,/** * The curve used to derive the account. */curve: SupportedCurveEnums,/** * The BIP-32 path to the account. */path: Bip32PathStruct,});/** * The parameters for calling the `signMessage` JSON-RPC method. */exporttypeSignMessageParams=Infer<typeofSignMessageParamsStruct>;
Upstream Metamask Snaps sources seem to rely on
superstruct
quite heavily, and they actually provide some helpers here. Our validation logic may look something like this:Originally posted by @neysofu in #1 (comment)
The text was updated successfully, but these errors were encountered: