Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ability in importBundle to take a live object #2719

Closed
turadg opened this issue Feb 12, 2025 · 0 comments · Fixed by #2735
Closed

ability in importBundle to take a live object #2719

turadg opened this issue Feb 12, 2025 · 0 comments · Fixed by #2735
Assignees
@kriskowal
Labels
devex developer experience enhancement New feature or request

Comments

@turadg
Copy link
Member

turadg commented Feb 12, 2025

What is the Problem Being Solved?

Code coverage tools can't currently track coverage on files bundled by Endo. (see Agoric/agoric-sdk#1817)

Description of the Design

A pass-through style bundle that passes a live object. It should not be possible to obtain such a bundle from a JSON.parse or Endo fromCapData.

A new case in https://github.com/endojs/endo/blob/master/packages/import-bundle/src/index.js#L83-L110

Then downstream projects can make these pass-through bundles to get code coverage (e.g. Agoric/agoric-sdk#10558)

Security Considerations

Scaling Considerations

Test Plan

Compatibility Considerations

Upgrade Considerations
@turadg turadg added the enhancement New feature or request label Feb 12, 2025
@turadg turadg added the devex developer experience label Feb 12, 2025
kriskowal added a commit that referenced this issue Mar 6, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
058918b
@kriskowal kriskowal mentioned this issue Mar 6, 2025
Merged
kriskowal added a commit that referenced this issue Mar 7, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
c18ed26
@dckc dckc mentioned this issue Mar 10, 2025
Open
kriskowal added a commit that referenced this issue Mar 10, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
6b9805d
kriskowal added a commit that referenced this issue Mar 10, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
bf80971
kriskowal added a commit that referenced this issue Mar 11, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
05577a0
kriskowal added a commit that referenced this issue Mar 11, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719
17ec018
kriskowal added a commit that referenced this issue Mar 11, 2025
@kriskowal
feat(import-bundle): Test bundle format #2719 (#2735)
a7954e9 
Closes: #2719

## Description

This change introduces a new bundle format to simplify tests for
subsystems that take a bundle that they will ultimately use
`importBundle` to extract a mock module exports namespace.
The new bundle format takes care to render impossible any accidental or
malicious use of a test h
To that end, the format captures the mock exports namespace on a
symbol-named property of then bundle, so it will be elided or rejected
when serialized.
And, to compensate for the cryptic protocol, this change provides a tiny
utility function for making test bundles from mock exports.

### Security Considerations

Existing bundle importers expect only to be able to confine execution of
local, serialized bundles.
This change takes some care to maintain the expectation by limiting
exposure to live objects in a way that’s only reachable by test code.
If an adversary were able to present a test bundle, it’s not clear that
this would constitute any escalation in privilege, given that an
attacker would need to arrange for a live object by some other
escalator.

### Scaling Considerations

This change introduces a very small amount of new code to the Agoric
kernel and, out of an abundance of caution, is not reached in the common
case of importing the endoZipBase64 bundle format.

### Documentation Considerations

The change includes relevant documentation in NEWS.md and README.md for
the import-bundle package. This is a new platform API and may be
relevant in the context of tutorials for testing applications on Agoric
and other Endo platforms.

### Testing Considerations

Includes unit tests exercising the new behavior and invariants.

### Compatibility Considerations

New features, no breaking changes.

### Upgrade Considerations

None.
@turadg turadg mentioned this issue Mar 11, 2025
Merged
boneskull added a commit that referenced this issue Mar 14, 2025
@boneskull
Merge branch 'master' into kriskowal-export-subpath
8dfd216 
* master: (152 commits)
  fix(ses): lockdown options should be kebob-case (#2739)
  feat(import-bundle): Test bundle format #2719
  chore: Update yarn.lock
  refactor(ses): Compensate Hermes transform for Babel upgrade
  feat(bundle-source)!: Replace getExport and nestedEvaluate implementations with endoScript implementation
  refactor(evasive-transform): Relieve dependence on Rollup
  chore(evasive-transform): Update golden masters
  refactor(evasive-transform): Add sourceMap option, remove unmapLoc
  chore(evasive-transform): Update sourcemap test snapshot
  chore: yarn up @babel/generator
  refactor: Migrate from @agoric/babel-generator back to @babel/generator
  chore: Upgrade Babel
  fix: Update version management scripts
  refactor(module-source): More compact boilerplate
  refactor(module-source): Converge file naming convention
  feat(evasive-transform): Preserve format with Babel
  feat(module-source): Preserve format with Babel integration
  test(module-source): Add format preservation test
  chore(ses): add explicit devDependencies on Babel packages
  refactor(ses): compartmentImport without function.bind
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kriskowal kriskowal

Labels
devex developer experience enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(import-bundle): Test bundle format #2719 endojs/endo
2 participants
@turadg @kriskowal