Merge pull request #1422 from crypto-com/dev

Internal Release v1.4.9

Author: crypto-matto

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 *Unreleased*
 
 *Released*
+## [v1.4.9] - 2024-03-07
+### Additions
+- Security enhancement on DApp Browser
+- Governance Proposal UX enhancement
 ## [v1.4.8] - 2024-01-25
 ### Additions
 - Security enhancement & package dependencies bump

package.json

@@ -1,6 +1,6 @@
 {
   "name": "chain-desktop-wallet",
-  "version": "1.4.8",
+  "version": "1.4.9",
   "description": "Crypto.com DeFi Desktop Wallet App",
   "repository": "github:crypto-com/chain-desktop-wallet",
   "author": "Crypto.com <contact@crypto.com>",
@@ -9,7 +9,7 @@
   "main": "build/electron/main.js",
   "private": true,
   "scripts": {
-    "run-audit": "yarn audit-ci --high -a 1094574 1094894",
+    "run-audit": "yarn audit-ci --high -a 1094574 1096494 1096640",
     "start": "node scripts/start.js",
     "build": "cross-env NODE_OPTIONS=--max_old_space_size=8192 && yarn clean-builds && node scripts/build.js",
     "test": "node scripts/test.js --watchAll=false",

src/language/en-US.json

@@ -592,6 +592,7 @@
   "staking.modal6.note.part5": "in order to broadcast this transaction successfully",
   "governance.title": "Governance",
   "governance.description": "You may see all proposals and cast your votes here.",
+  "governance.warning": "This proposal contains external links that may lead to suspicious websites. Please open with caution.",
   "governance.votingHistoryBtn": "View Voting History",
   "governance.tab1": "All",
   "governance.tab2": "Voting",

src/language/ko-KR.json

@@ -589,6 +589,7 @@
   "staking.modal6.note.part5": "이 거래를 성공적으로 발송하기 위해서",
   "governance.title": "거버넌스",
   "governance.description": "여기에서 모든 제안을 보고 투표할 수 있습니다.",
+  "governance.warning": "이 제안서에는 의심스러운 웹사이트로 이동할 수 있는 외부 링크가 포함되어 있습니다. 주의해서 열어주세요.",
   "governance.votingHistoryBtn": "투표 기록 보기",
   "governance.tab1": "모두",
   "governance.tab2": "투표",

src/language/zh-CN.json

@@ -592,6 +592,7 @@
   "staking.modal6.note.part5": "以完成此交易",
   "governance.title": "治理",
   "governance.description": "你可以在这里看到所有提案并行使你的投票权。",
+  "governance.warning": "此提案包含可能导向可疑网站的外部连结。请谨慎开启。",
   "governance.votingHistoryBtn": "查看投票历史",
   "governance.tab1": "所有",
   "governance.tab2": "投票中",

src/language/zh-HK.json

@@ -592,6 +592,7 @@
   "staking.modal6.note.part5": "以完成此交易",
   "governance.title": "治理",
   "governance.description": "你可以在這裡看到所有提案並行使你的投票權。",
+  "governance.warning": "此提案包含可能導向可疑網站的外部連結。請謹慎開啟。",
   "governance.votingHistoryBtn": "查看投票歷史",
   "governance.tab1": "所有",
   "governance.tab2": "投票中",

src/pages/dapp/browser/DappBrowser.tsx

@@ -120,6 +120,12 @@ const DappBrowser = forwardRef<DappBrowserRef, DappBrowserProps>((props: DappBro
     errorCallback: Function;
   }>();
 
+  useEffect(() => {
+    if (isDOMReady && cronosAsset) {
+      webviewRef.current?.send('getAddress', [cronosAsset.address!]);
+    }
+  }, [cronosAsset, isDOMReady]);
+
   const onRequestAddress = useRefCallback((onSuccess: (address: string) => void) => {
     onSuccess(cronosAsset?.address!);
   });
@@ -425,7 +431,7 @@ const DappBrowser = forwardRef<DappBrowserRef, DappBrowserProps>((props: DappBro
         preload={ProviderPreloadScriptPath}
         ref={webviewRef}
         allowpopups={'true' as any}
-        webpreferences="contextIsolation=false, nodeIntegration=false, javascript=yes, allowpopup=yes"
+        webpreferences="contextIsolation=true, sandbox=true, nodeIntegration=false, javascript=yes, allowpopup=yes"
         useragent={window.navigator.userAgent.replace(
           'chain-desktop-wallet',
           'Desktop Wallet Build',

src/pages/dapp/browser/preload.js

@@ -1,8 +1,7 @@
 // !! if you change the location of this file, remember to change `extraResources` in package.json as well !!
 /* eslint-disable max-classes-per-file */
 /* eslint-disable */
-const { Buffer } = require('buffer');
-const { ipcRenderer } = require('electron');
+const { ipcRenderer, contextBridge } = require('electron');
 const EventEmitter = require('events');
 
 class RPCServer {
@@ -568,4 +567,107 @@ const providerConfig = {
   rpcUrl: 'https://evm.cronos.org',
   isDebug: true,
 };
-window.ethereum = new window.desktopWallet.Provider(providerConfig);
+
+const provider = new Web3Provider(providerConfig);
+
+ipcRenderer.on('getAddress', (event, args) => {
+  const address = args[0];
+
+  contextBridge.exposeInMainWorld('ethereum', {
+    address,
+    ready: true,
+    isDesktopWallet: true,
+    setConfig: (config, emitChanges) => {
+      provider.setConfig(config, emitChanges);
+    },
+    request: payload => {
+      return provider.request(payload);
+    },
+    setAddress: address => {
+      provider.setAddress(address);
+    },
+    sendResponse: (id, result) => {
+      provider.sendResponse(id, result);
+    },
+    sendError: (id, error) => {
+      provider.sendError(id, error);
+    },
+    eth_accounts: () => {
+      return provider.eth_accounts();
+    },
+    eth_coinbase: () => {
+      return provider.eth_coinbase();
+    },
+    net_version: () => {
+      return provider.net_version();
+    },
+    eth_chainId: () => {
+      return provider.eth_chainId();
+    },
+    eth_sign: payload => {
+      return provider.eth_sign(payload);
+    },
+    personal_sign: payload => {
+      return provider.personal_sign(payload);
+    },
+    personal_ecRecover: payload => {
+      return provider.personal_ecRecover(payload);
+    },
+    eth_signTypedData: (payload, useV4) => {
+      return provider.eth_signTypedData(payload, useV4);
+    },
+    eth_sendTransaction: payload => {
+      return provider.eth_sendTransaction(payload);
+    },
+    eth_requestAccounts: payload => {
+      return provider.eth_requestAccounts(payload);
+    },
+    wallet_watchAsset: payload => {
+      return provider.wallet_watchAsset(payload);
+    },
+    wallet_addEthereumChain: payload => {
+      return provider.wallet_addEthereumChain(payload);
+    },
+    wallet_switchEthereumChain: payload => {
+      return provider.wallet_switchEthereumChain(payload);
+    },
+    isConnected: () => {
+      return provider.isConnected();
+    },
+    enable: () => {
+      return provider.enable();
+    },
+    send: payload => {
+      return provider.send(payload);
+    },
+    sendAsync: (payload, callback) => {
+      return provider.sendAsync(payload, callback);
+    },
+    addEventListener: (event, callback) => {
+      provider.addListener(event, callback);
+    },
+    on: (event, callback) => {
+      provider.on(event, callback);
+    },
+    once: (event, callback) => {
+      provider.once(event, callback);
+    },
+    removeListener: (event, callback) => {
+      provider.removeListener(event, callback);
+    },
+    removeAllListeners: event => {
+      provider.removeAllListeners(event);
+    },
+    emit: (event, ...args) => {
+      provider.emit(event, ...args);
+    },
+  })
+  contextBridge.exposeInMainWorld('desktopWallet', {
+    Provider: Web3Provider,
+    postMessage: arg => {
+      ipcRenderer.sendToHost('dapp', arg);
+    },
+  })
+  
+})
+

src/pages/governance/components/ProposalView.tsx

@@ -4,7 +4,7 @@ import Big from 'big.js';
 import '../governance.less';
 import 'antd/dist/antd.css';
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
-import { Layout, Radio, Button, Card, Progress, Form, InputNumber, Spin } from 'antd';
+import { Layout, Radio, Button, Card, Progress, Form, InputNumber, Spin, Alert } from 'antd';
 import { LoadingOutlined } from '@ant-design/icons';
 import { useRecoilValue, useRecoilState } from 'recoil';
 import { useTranslation } from 'react-i18next';
@@ -307,11 +307,22 @@ export const ProposalView = (props: any) => {
                 {allProps?.proposal?.proposal_id}
               </div>
             </div>
-
+            {allProps.proposal?.content?.description.includes('http') ? 
+              <div className="warning">
+                <Alert
+                  type="warning"
+                  message={t('governance.warning')}
+                  showIcon
+                />
+              </div>
+              : <></>}
             <div className="description">
-              {allProps.proposal?.content?.description ? allProps.proposal?.content.description.split('\\n').map((p, i) => (
-                <p key={i}>{p}</p>
-              )) : <p key={0}>(No description)</p>}
+              {allProps.proposal?.content?.description ? 
+                allProps.proposal?.content.description.split(/\n|\\n/).map((p, i) => (
+                  <p key={i}>{p}</p>
+                )) 
+                : <p key={0}>(No description)</p>
+              }
             </div>
             <div className="item">
               {allProps.proposal?.status === ProposalStatuses.PROPOSAL_STATUS_VOTING_PERIOD ? (

src/pages/governance/governance.less

@@ -7,6 +7,9 @@
       margin-bottom: 20px;
       color: @font-color;
     }
+    .warning{
+      margin-bottom: 20px;
+    }
     .amount {
       .ant-form-item {
         margin: 0;

yarn.lock

@@ -5547,9 +5547,9 @@ asap@~2.0.6:
   integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=
 
 asar@^3.1.0:
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/asar/-/asar-3.1.0.tgz#70b0509449fe3daccc63beb4d3c7d2e24d3c6473"
-  integrity sha512-vyxPxP5arcAqN4F/ebHd/HhwnAiZtwhglvdmc7BR2f0ywbVNTOpSeyhLDbGXtE/y58hv1oC75TaNIXutnsOZsQ==
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/asar/-/asar-3.2.0.tgz#e6edb5edd6f627ebef04db62f771c61bea9c1221"
+  integrity sha512-COdw2ZQvKdFGFxXwX3oYh2/sOsJWJegrdJCGxnN4MZ7IULgRBp9P6665aqj9z1v9VwP4oP1hRBojRDQ//IGgAg==
   dependencies:
     chromium-pickle-js "^0.2.0"
     commander "^5.0.0"
@@ -6374,13 +6374,13 @@ buffer-crc32@~0.2.3:
 
 buffer-equal@1.0.0:
   version "1.0.0"
-  resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz"
-  integrity sha1-WWFrSYME1Var1GaWayLu2j7KX74=
+  resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-1.0.0.tgz#59616b498304d556abd466966b22eeda3eca5fbe"
+  integrity sha512-tcBWO2Dl4e7Asr9hTGcpVrCe+F7DubpmqWCTbj4FHLmjqO2hIaC383acQubWtRJhdceqs5uBHs6Es+Sk//RKiQ==
 
 buffer-fill@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/buffer-fill/-/buffer-fill-1.0.0.tgz#f8f78b76789888ef39f205cd637f68e702122b2c"
-  integrity sha1-+PeLdniYiO858gXNY39o5wISKyw=
+  integrity sha512-T7zexNBwiiaCOGDg9xNX9PBmjrubblRkENuptryuI64URkXDFum9il/JGL8Lm8wYfAXpredVXXZz7eMHilimiQ==
 
 buffer-from@^1.0.0:
   version "1.1.2"
@@ -7036,8 +7036,8 @@ colorette@^1.2.1, colorette@^1.2.2:
 
 colors@1.0.3:
   version "1.0.3"
-  resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz"
-  integrity sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs=
+  resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b"
+  integrity sha512-pFGrxThWcWQ2MsAz6RtgeWe4NK2kUE1WfsrvvlctdII745EW9I0yflqhe7++M5LEc7bV2c/9/5zc8sFcpL0Drw==
 
 combined-stream@^1.0.6, combined-stream@^1.0.8, combined-stream@~1.0.6:
   version "1.0.8"
@@ -7068,8 +7068,8 @@ command-line-usage@^6.1.0:
 
 commander@2.9.0:
   version "2.9.0"
-  resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz"
-  integrity sha1-nJkJQXbhIkDLItbFFGCYQA/g99Q=
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.9.0.tgz#9c99094176e12240cb22d6c5146098400fe0f7d4"
+  integrity sha512-bmkUukX8wAOjHdN26xj5c4ctEV22TQ7dQYhSmuckKhToXrkUn0iIaolHdIxYYqD55nhpSPA9zPQ1yP57GdXP2A==
   dependencies:
     graceful-readlink ">= 1.0.0"
 
@@ -8335,7 +8335,7 @@ diffie-hellman@^5.0.0:
 
 dir-compare@^2.4.0:
   version "2.4.0"
-  resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz"
+  resolved "https://registry.yarnpkg.com/dir-compare/-/dir-compare-2.4.0.tgz#785c41dc5f645b34343a4eafc50b79bac7f11631"
   integrity sha512-l9hmu8x/rjVC9Z2zmGzkhOEowZvW7pmYws5CWHutg8u1JgvsKWMx7Q/UODeu4djLZ4FgW5besw5yvMQnBHzuCA==
   dependencies:
     buffer-equal "1.0.0"
@@ -8731,7 +8731,7 @@ emoji-regex@^8.0.0:
 
 emoji-regex@^9.0.0:
   version "9.2.2"
-  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz"
+  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72"
   integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==
 
 emojis-list@^3.0.0:
@@ -10669,8 +10669,8 @@ graceful-fs@^4.2.9:
 
 "graceful-readlink@>= 1.0.0":
   version "1.0.1"
-  resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz"
-  integrity sha1-TK+tdrxi8C+gObL5Tpo906ORpyU=
+  resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz#4cafad76bc62f02fa039b2f94e9a3dd3a391a725"
+  integrity sha512-8tLu60LgxF6XpdbK8OW3FA+IfTNBn1ZHGHKF4KQbEeSkajYw5PlYJcKluntgegDPTg8UkHjpet1T82vk6TQ68w==
 
 growl@1.10.5:
   version "1.10.5"