-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: SES lockdown v1.0.0 (Android Hermes) #8161
feat: SES lockdown v1.0.0 (Android Hermes) #8161
Conversation
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
3569ff3
to
d8c6ce4
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## feature/ses-1.0.0-lockdown-hermes #8161 +/- ##
====================================================================
Coverage ? 39.46%
====================================================================
Files ? 1227
Lines ? 29796
Branches ? 2833
====================================================================
Hits ? 11759
Misses ? 17345
Partials ? 692 ☔ View full report in Codecov by Sentry. |
d5356d7
to
85c5041
Compare
85c5041
to
d54ac80
Compare
@@ -7663,7 +7663,7 @@ function tameErrorConstructor( | |||
})() | |||
, | |||
// === functors[38] === | |||
({ imports: $h_imports, liveVar: $h_live, onceVar: $h_once, importMeta: $h____meta, }) => (function () { let ReferenceError,TypeError,Map,Set,arrayJoin,arrayMap,arrayPush,create,freeze,mapGet,mapHas,mapSet,setAdd,promiseCatch,promiseThen,values,weakmapGet,assert;$h_imports([["./commons.js", [["ReferenceError", [$h_a => (ReferenceError = $h_a)]],["TypeError", [$h_a => (TypeError = $h_a)]],["Map", [$h_a => (Map = $h_a)]],["Set", [$h_a => (Set = $h_a)]],["arrayJoin", [$h_a => (arrayJoin = $h_a)]],["arrayMap", [$h_a => (arrayMap = $h_a)]],["arrayPush", [$h_a => (arrayPush = $h_a)]],["create", [$h_a => (create = $h_a)]],["freeze", [$h_a => (freeze = $h_a)]],["mapGet", [$h_a => (mapGet = $h_a)]],["mapHas", [$h_a => (mapHas = $h_a)]],["mapSet", [$h_a => (mapSet = $h_a)]],["setAdd", [$h_a => (setAdd = $h_a)]],["promiseCatch", [$h_a => (promiseCatch = $h_a)]],["promiseThen", [$h_a => (promiseThen = $h_a)]],["values", [$h_a => (values = $h_a)]],["weakmapGet", [$h_a => (weakmapGet = $h_a)]]]],["./error/assert.js", [["assert", [$h_a => (assert = $h_a)]]]]]); | |||
({ imports: $h_imports, liveVar: $h_live, onceVar: $h_once, importMeta: $h____meta, }) => (function () { let ReferenceError,TypeError,Map,Set,arrayJoin,arrayMap,arrayPush,create,freeze,mapGet,mapHas,mapSet,setAdd,promiseThen,values,weakmapGet,assert;$h_imports([["./commons.js", [["ReferenceError", [$h_a => (ReferenceError = $h_a)]],["TypeError", [$h_a => (TypeError = $h_a)]],["Map", [$h_a => (Map = $h_a)]],["Set", [$h_a => (Set = $h_a)]],["arrayJoin", [$h_a => (arrayJoin = $h_a)]],["arrayMap", [$h_a => (arrayMap = $h_a)]],["arrayPush", [$h_a => (arrayPush = $h_a)]],["create", [$h_a => (create = $h_a)]],["freeze", [$h_a => (freeze = $h_a)]],["mapGet", [$h_a => (mapGet = $h_a)]],["mapHas", [$h_a => (mapHas = $h_a)]],["mapSet", [$h_a => (mapSet = $h_a)]],["setAdd", [$h_a => (setAdd = $h_a)]],["promiseThen", [$h_a => (promiseThen = $h_a)]],["values", [$h_a => (values = $h_a)]],["weakmapGet", [$h_a => (weakmapGet = $h_a)]]]],["./error/assert.js", [["assert", [$h_a => (assert = $h_a)]]]]]); | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only promiseCatch
removed in refactor
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
closing as async/await to Promises refactors not needed move following changes into #8009 (now on latest [email protected]) |
Description
packages/ses/src/module-load.js
promiseCatch
load
from async await to Promises or generator fnfile:///Users/<user>/Documents/GitHub/endo/packages/ses/
for varying moduleSpecifiers depending on refactorError running main: Error: Cannot bundle: cannot follow module import ./src/lockdown-shim.js in compartment file:///.../endo/packages/ses/
ses compartment cannot be skipped, or moduleSpecifier laterundefined
Error running main: Error: Cannot bundle: cannot follow module import ./index.js in compartment file:///.../endo/packages/ses/
cannot be skipped, or empty lockdown bundlefunctors
andcells
packages/ses/src/get-anonymous-intrinsics.js
Runtime
// assertDirectEvalAvailable(); // SES TypeError
// addIntrinsics(tameRegExpConstructor(regExpTaming)); // SES TypeError
// addIntrinsics(tameSymbolConstructor()); // Metro exception
// addIntrinsics(getAnonymousIntrinsics()); // SES TypeError
// completePrototypes(); // SES TypeError
// whitelistIntrinsics(intrinsics, markVirtualizedNativeFunction); // SES TypeError
// hardenIntrinsics(); // no error, app hangs loading, under investigation
Related issues
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist