Feature/memory security improvement 5.27.2 #1827

piyalbasu · 2025-01-30T20:17:10Z

Re roll of PR #1820 to remove 5.28.0 features

What

Uses built-in crypto library to hash the user's password before storing in Redux
Uses built-in crypto lib to then use that hashed password to encrypt sensitive data in a temporary storage object in browser.storage
Any place where we used privateKeySelector or mnemonicPhraseSelector in popupMessageListener is now replaced with a call to getEncryptedTemporaryData to get the equivalent data

Caveat

As discussed, I had to remove the "no password" flow for creating a new Stellar address :(

socket-security · 2025-01-30T20:17:39Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@jest/console@29.7.0 🔁 npm/@jest/console@28.1.3	None	`0`	19 kB	simenb
npm/@jest/core@29.7.0 🔁 npm/@jest/core@28.1.3	Transitive: environment	`+1`	172 kB	simenb
npm/@jest/expect-utils@29.7.0 🔁 npm/@jest/expect-utils@28.1.3	None	`0`	28.3 kB	simenb
npm/@jest/expect@29.7.0 🔁 npm/@jest/expect@28.1.3	None	`0`	5.23 kB	simenb
npm/@jest/globals@29.7.0 🔁 npm/@jest/globals@28.1.3	None	`0`	5.26 kB	simenb
npm/@jest/reporters@29.7.0 🔁 npm/@jest/reporters@28.1.3	None	`+1`	187 kB	simenb
npm/@jest/source-map@29.6.3 🔁 npm/@jest/source-map@28.1.2	None	`+1`	11.4 kB	simenb
npm/@jest/test-result@29.7.0 🔁 npm/@jest/test-result@28.1.3	None	`0`	15.8 kB	simenb
npm/@jest/test-sequencer@29.7.0 🔁 npm/@jest/test-sequencer@28.1.3	None	`0`	13.6 kB	simenb
npm/create-jest@29.7.0	None	`0`	15.9 kB	simenb
npm/decimal.js@10.5.0 🔁 npm/decimal.js@10.4.3	None	`0`	284 kB	mikemcl
npm/dedent@1.5.3	None	`0`	23.9 kB	joshuakgoldberg
npm/emittery@0.13.1 🔁 npm/emittery@0.10.2	None	`0`	46.5 kB	sindresorhus
npm/expect@29.7.0 🔁 npm/expect@28.1.3	None	`0`	146 kB	simenb
npm/jest-changed-files@29.7.0 🔁 npm/jest-changed-files@28.1.3	None	`+1`	26 kB	simenb
npm/jest-circus@29.7.0 🔁 npm/jest-circus@28.1.3	unsafe	`0`	72 kB	simenb
npm/jest-cli@29.7.0 🔁 npm/jest-cli@28.1.3	None	`0`	33.8 kB	simenb
npm/jest-config@29.7.0 🔁 npm/jest-config@28.1.3	None	`+1`	118 kB	simenb
npm/jest-docblock@29.7.0 🔁 npm/jest-docblock@28.1.1	None	`0`	8.99 kB	simenb
npm/jest-each@29.7.0 🔁 npm/jest-each@28.1.3	None	`0`	33.7 kB	simenb
npm/jest-environment-jsdom@29.7.0 🔁 npm/jest-environment-jsdom@28.1.3	Transitive: environment, eval, filesystem, network, shell, unsafe	`+23`	6.16 MB	simenb
npm/jest-leak-detector@29.7.0 🔁 npm/jest-leak-detector@28.1.3	None	`0`	5.59 kB	simenb
npm/jest-resolve-dependencies@29.7.0 🔁 npm/jest-resolve-dependencies@28.1.3	None	`0`	8.92 kB	simenb
npm/jest-resolve@29.7.0 🔁 npm/jest-resolve@28.1.3	None	`0`	65.7 kB	simenb
npm/jest-runner@29.7.0 🔁 npm/jest-runner@28.1.3	Transitive: filesystem, unsafe	`+1`	112 kB	simenb
npm/jest-runtime@29.7.0 🔁 npm/jest-runtime@28.1.3	None	`+1`	93.1 kB	simenb
npm/jest-snapshot@29.7.0 🔁 npm/jest-snapshot@28.1.3	None	`+3`	236 kB	simenb
npm/jest-watcher@29.7.0 🔁 npm/jest-watcher@28.1.3	None	`0`	23.4 kB	simenb
npm/jest@29.7.0 🔁 npm/jest@28.1.3	None	`+1`	65.4 kB	simenb
npm/nwsapi@2.2.16 🔁 npm/nwsapi@2.2.13	None	`0`	85.8 kB	diego
npm/pure-rand@6.1.0	None	`0`	84 kB	ndubien
npm/resolve.exports@2.0.3 🔁 npm/resolve.exports@1.1.1	None	`0`	24.1 kB	lukeed

🚮 Removed packages: npm/@types/prettier@2.7.3, npm/supports-hyperlinks@2.3.0, npm/terminal-link@2.1.1

View full report↗︎

* Feature/memory security improvement 5.27.2 (#1827) * add temporary store extra data * add tests for switching accounts * reset session length * upgrade jest and add unit tests * rm unused selectors * fix sendpayment test * rm npm package and add unit tests * add better error handling and Sentry capture * rm console.log * make sure to login before adding new stellar address * add a test for imported S key payment * Fix/import acct when timed out (#1832) * make sure to login to all accounts before importing by private key if session has timed out * update comment * login before showing mnemonic phrase (#1834) * login before showing mnemonic phrase * add more Sentry error capture

piyalbasu added 10 commits January 30, 2025 15:12

add temporary store extra data

82b9b8c

add tests for switching accounts

849efab

reset session length

2f18218

upgrade jest and add unit tests

158e8f1

rm unused selectors

c7befeb

fix sendpayment test

65e3156

rm npm package and add unit tests

5db5882

add better error handling and Sentry capture

c2e4f90

rm console.log

97f5dbb

make sure to login before adding new stellar address

cb9d65c

piyalbasu mentioned this pull request Jan 30, 2025

Feature/memory security improvement 3 #1820

Closed

aristidesstaffieri approved these changes Jan 30, 2025

View reviewed changes

add a test for imported S key payment

f993a02

piyalbasu merged commit 81a2034 into release/5.27.2 Jan 30, 2025
3 checks passed

piyalbasu deleted the feature/memory-security-improvement-5.27.2 branch January 30, 2025 22:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/memory security improvement 5.27.2 #1827

Feature/memory security improvement 5.27.2 #1827

piyalbasu commented Jan 30, 2025

socket-security bot commented Jan 30, 2025 •

edited

Loading

Feature/memory security improvement 5.27.2 #1827

Feature/memory security improvement 5.27.2 #1827

Conversation

piyalbasu commented Jan 30, 2025

socket-security bot commented Jan 30, 2025 • edited Loading

socket-security bot commented Jan 30, 2025 •

edited

Loading