Skip to content
This repository has been archived by the owner on Oct 23, 2023. It is now read-only.

Dappeteer integration tests for test-snaps #121

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Dappeteer integration tests for test-snaps #121

wants to merge 16 commits into from

Conversation

irubido
Copy link

@irubido irubido commented Jan 11, 2023
edited
Loading

dappeteer mm flask version 10.23.0

changes made to test-snaps to make them work on flask 10.23.0, after version 4.2.0

  • removed "endowment:rpc": { "dapps": true }, from manifests
  • reverted to wallet global instead of snap for wallet.request

test work locally, some issues with github actions,
probably resource problem as it logs "The operation was canceled." at some point

missing test for newly added snaps, could add them in future

@socket-security
Copy link

socket-security bot commented Jan 11, 2023
edited
Loading

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore minimatch@3.0.4
  • @SocketSecurity ignore playwright@1.34.3
  • @SocketSecurity ignore @lavamoat/preinstall-always-fail@1.0.0
  • @SocketSecurity ignore @chainsafe/dappeteer@5.2.0
  • @SocketSecurity ignore node-stream-zip@1.15.0
  • @SocketSecurity ignore playwright-core@1.34.3
  • @SocketSecurity ignore @metamask/snaps-utils@0.26.2
  • @SocketSecurity ignore @metamask/providers@9.1.0
  • @SocketSecurity ignore ses@0.17.0
  • @SocketSecurity ignore json-rpc-middleware-stream@3.0.0
  • @SocketSecurity ignore serve-handler@5.0.8
⚠️ CVE

Contains a high severity Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Package CVE Source
minimatch@3.0.4 (added) GHSA-f8q6-p94x-37v3 minimatch ReDoS vulnerability (HIGH) packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
playwright@1.34.3 (added) install package.json, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
@lavamoat/preinstall-always-fail@1.0.0 (added) preinstall package.json
🦀 Bin script shell injection

This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack

Packages should not export bin scripts which conflict with well known shell commands

Package Bin script Source
@chainsafe/dappeteer@5.2.0 (added) mmd packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
⚠️ Filesystem access

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

Package Module Location Source
@chainsafe/dappeteer@5.2.0 (added) fs dist/playwright/browser.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/puppeteer/browser.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/setup/launch.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/setup/utils/getTemporaryUserDataDir.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/setup/utils/metaMaskDownloader.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/setup/utils/patch/disableScuttleGlobalThis.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
@chainsafe/dappeteer@5.2.0 (added) fs dist/snap/install.js packages/bip32/package.json, packages/bip44/package.json, packages/error/package.json, packages/getEntropy/package.json, packages/manageState/package.json, packages/notification/package.json
node-stream-zip@1.15.0 (added) fs node_stream_zip.js packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/cli/driver.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/cli/program.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/android.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/artifact.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/browserContext.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/clientHelper.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/elementHandle.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/fetch.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/frame.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/network.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/client/page.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/common/debugLogger.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/android/android.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/artifact.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/browserContext.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/browserType.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/chromium/chromium.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/chromium/crApp.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/chromium/crDevTools.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/chromium/crProtocolHelper.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/dispatchers/artifactDispatcher.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/dispatchers/browserContextDispatcher.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via @chainsafe/dappeteer@5.2.0, packages/error/package.json via @chainsafe/dappeteer@5.2.0, packages/getEntropy/package.json via @chainsafe/dappeteer@5.2.0, packages/manageState/package.json via @chainsafe/dappeteer@5.2.0, packages/notification/package.json via @chainsafe/dappeteer@5.2.0
playwright-core@1.34.3 (added) fs lib/server/dispatchers/localUtilsDispatcher.js package.json via playwright@1.34.3, packages/bip32/package.json via @chainsafe/dappeteer@5.2.0, packages/bip44/package.json via [@chainsafe/dappeteer@5.2.0](https://socket.dev/npm/p

@irubido
Copy link
Author

irubido commented Jan 12, 2023

@bowensanders
Hi,
Is there a way test-snaps can work on mm-flask v10.23.0. without removing endowment:rpc permission in manifests, and reverting to wallet global. I'm not sure did I miss something, but I couldn't make them work on mm-flask v10.23.0.

@bowensanders
Copy link
Contributor

@irubido It seems like you're trying to make test-snaps work with an older version of flask, which is impossible because of breaking changes that have been made.

irubido and others added 10 commits January 17, 2023 15:58
@irubido
dappetter v4.1.1, cache metaam
7c12838
@irubido
lint fix
f69e92a
@irubido
dappeteer 5
ce89d7d
@irubido
pull changes, revert
88793c8
@irubido
bip32 dappeteer5 error
ab84412
@BeroBurny
Merge remote-tracking branch 'base/main' into irubido/bips-integratio…
1d088bc 
…n_v4.5

# Conflicts:
#	package.json
#	packages/bip32/snap.manifest.json
#	packages/bip44/snap.manifest.json
#	packages/confirm/src/index.ts
#	packages/cronjob/snap.manifest.json
#	packages/dialog/snap.manifest.json
#	packages/getEntropy/jest.config.js
#	packages/getEntropy/test/integration/index.spec.ts
#	packages/insights/snap.manifest.json
#	yarn.lock
@BeroBurny
update dappeteer to 5.2.0
32b605c
@BeroBurny
fix error snap
9484cec
@BeroBurny
update tests
0ddfc6b
@BeroBurny
workflow improvments
f05d20a
@irubido irubido marked this pull request as ready for review June 6, 2023 13:04
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@FrederikBolding FrederikBolding FrederikBolding left review comments

@BeroBurny BeroBurny BeroBurny left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@irubido @bowensanders @FrederikBolding @BeroBurny