Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: unnecessary, unsafe base-controller patch (#8808)
## **Description** Removes a recently introduced base-controller patch that assigns the default argument `string` to the `AllowedAction` and `AllowedEvent` generic parameters of the class `RestrictedControllerMessenger`. This patch was created in 81e2d18 as part of an intended fix for the breaking changes introduced by `@metamask/base-controller` v4.0.0. The fix was accomplished by a later commit [`d3a1dc7` (#8607)](d3a1dc7), but the now-redundant patch was never removed. This patch is too dangerous to keep as is, because it negates the allowlist security we have in place for our controller-messengers. This potentially enables any messenger to access any external action or event without restrictions. The CI run shows that removing this patch does not break anything. This is because it's not actually affecting the code in any way (for now). TL;DR The patch is not only safe to remove -- it's unsafe not to remove. ## **Related issues** - Fixes issue introduced here #8607 - Patch was introduced as an intended fix for MetaMask/core#3648. However, this issue is only relevant to the `ControllerMessenger.getRestrictedMessenger` method, and not to the `RestrictedControllerMessenger` class that is altered in the patch. ## **Manual testing steps** ## **Screenshots/Recordings** ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've clearly explained what problem this PR is solving and how it is solved. - [x] I've linked related issues - [ ] I've included manual testing steps - [x] I've included screenshots/recordings if applicable - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. - [x] I’ve properly set the pull request status: - [x] In case it's not yet "ready for review", I've set it to "draft". - [x] In case it's "ready for review", I've changed it from "draft" to "non-draft". ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
- Loading branch information