Add new validation and limit for storage (#621)

* Add new validation and limit for storage Return isObject check Update utils version Return old message Refactor and change size limit * Update byte size number
MetaMask · Jul 19, 2022 · 4a81176 · 4a81176
1 parent bb0c266
commit 4a81176
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 4 deletions.
diff --git a/packages/rpc-methods/package.json b/packages/rpc-methods/package.json
@@ -28,7 +28,7 @@
     "@metamask/snap-controllers": "^0.18.1",
     "@metamask/snap-utils": "^0.18.1",
     "@metamask/types": "^1.1.0",
-    "@metamask/utils": "^2.0.0",
+    "@metamask/utils": "^2.1.0",
     "eth-rpc-errors": "^4.0.2"
   },
   "devDependencies": {

diff --git a/packages/rpc-methods/src/restricted/manageState.ts b/packages/rpc-methods/src/restricted/manageState.ts
@@ -4,7 +4,12 @@ import {
   RestrictedMethodOptions,
   ValidPermissionSpecification,
 } from '@metamask/controllers';
-import { isObject, isValidJson, Json, NonEmptyArray } from '@metamask/utils';
+import {
+  Json,
+  NonEmptyArray,
+  isObject,
+  validateJsonAndGetSize,
+} from '@metamask/utils';
 import { ethErrors } from 'eth-rpc-errors';
 
 const methodName = 'snap_manageState';
@@ -87,6 +92,8 @@ export enum ManageStateOperation {
   updateState = 'update',
 }
 
+export const STORAGE_SIZE_LIMIT = 104857600; // In bytes (100MB)
+
 /**
  * Builds the method implementation for `snap_manageState`.
  *
@@ -131,14 +138,26 @@ function getManageStateImplementation({
                 typeof newState === 'undefined' ? 'undefined' : newState,
             },
           });
-        } else if (!isValidJson(newState)) {
+        }
+        // eslint-disable-next-line no-case-declarations
+        const [isValid, plainTextSizeInBytes] =
+          validateJsonAndGetSize(newState);
+        if (!isValid) {
           throw ethErrors.rpc.invalidParams({
             message: `Invalid ${method} "updateState" parameter: The new state must be JSON serializable.`,
             data: {
               receivedNewState:
                 typeof newState === 'undefined' ? 'undefined' : newState,
             },
           });
+        } else if (plainTextSizeInBytes > STORAGE_SIZE_LIMIT) {
+          throw ethErrors.rpc.invalidParams({
+            message: `Invalid ${method} "updateState" parameter: The new state must not exceed ${STORAGE_SIZE_LIMIT} bytes in size.`,
+            data: {
+              receivedNewState:
+                typeof newState === 'undefined' ? 'undefined' : newState,
+            },
+          });
         }
 
         await updateSnapState(origin, newState);

diff --git a/yarn.lock b/yarn.lock
@@ -4875,7 +4875,7 @@ __metadata:
     "@metamask/snap-controllers": ^0.18.1
     "@metamask/snap-utils": ^0.18.1
     "@metamask/types": ^1.1.0
-    "@metamask/utils": ^2.0.0
+    "@metamask/utils": ^2.1.0
     "@types/node": ^14.14.25
     eslint: ^7.30.0
     eslint-config-prettier: ^8.3.0
@@ -5180,6 +5180,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@metamask/utils@npm:^2.1.0":
+  version: 2.1.0
+  resolution: "@metamask/utils@npm:2.1.0"
+  dependencies:
+    fast-deep-equal: ^3.1.3
+  checksum: 50970fe28cbf98fbc34fb4f69d9bc90f5db94929c69ab532f57b48f42163ea77fb080ab31854efd984361c3e29e67831a78d94d1211ac3bcc6b9557769c73127
+  languageName: node
+  linkType: hard
+
 "@ngraveio/bc-ur@npm:^1.1.5":
   version: 1.1.6
   resolution: "@ngraveio/bc-ur@npm:1.1.6"