Merge pull request #419 from permaweb/twilson63/chore-container-secur…

…ity-409

Twilson63/chore container security 409

dev-cli/container/src/emcc-lua

@@ -164,7 +164,7 @@ def main():
 
     # Finally, compile to wasm
     debug_print('Start to compile as WASM')
-    cmd = ['emcc', '-Os', '-s', 'WASM=1', '-s', 'MODULARIZE', '--pre-js', '/opt/pre.js']
+    cmd = ['emcc', '-Os', '-s', 'ALLOW_MEMORY_GROWTH=1', '-s', 'INITIAL_MEMORY=6291456', '-s', 'MAXIMUM_MEMORY=524288000', '-s', 'WASM=1', '-s', 'MODULARIZE', '-s', 'FILESYSTEM=0', '-s', 'DETERMINISTIC=1', '-s', 'NODERAWFS=0', '--pre-js', '/opt/pre.js']
     cmd.extend(definition.get_extra_args())
     cmd.extend(['-I', quote('/lua-{}/src'.format(os.environ.get('LUA_VERSION')))])
     cmd.extend(['/tmp/compile.c', quote('/lua-{}/src/liblua.a'.format(os.environ.get('LUA_VERSION')))])
@@ -175,6 +175,11 @@ def main():
     debug_print('Compile command is {}'.format(' '.join(cmd)))
     shell_exec(*cmd)
 
+    # add metering library
+    meter_cmd = ['node', '/opt/node/apply-metering.cjs']
+    shell_exec(*meter_cmd)
+    shell_exec(*['rm', '/src/process.js'])
+
 if __name__ == '__main__':
     main()
 

dev-cli/container/src/main.lua

@@ -2,24 +2,25 @@
 local args = {...}
 local lua_bundle = args[1]
 
+math.random = function()
+    return 0.5 -- Replace with any value you want
+end
 -- Inline loader
 -- In WASM Lua, all Lua scripted will be compiled as byte string and set to lua_bundle table.
 -- Then, this loader will resolve by module name and evaluate it.
 local function _inline_loader(name)
-  local mod = lua_bundle[name] or lua_bundle[name .. '.init']
-  if not mod then
-    return ("module %s not found"):format(name)
-  end
-  if type(mod) == 'string' then
-    local chunk, err = load(mod, name)
-    if chunk then
-      return chunk
-    else
-      error(("error loading module %s: %s"):format(name, err), 0)
+    local mod = lua_bundle[name] or lua_bundle[name .. '.init']
+    if not mod then return ("module %s not found"):format(name) end
+    if type(mod) == 'string' then
+        local chunk, err = load(mod, name)
+        if chunk then
+            return chunk
+        else
+            error(("error loading module %s: %s"):format(name, err), 0)
+        end
+    elseif type(mod) == 'function' then
+        return mod
     end
-  elseif type(mod) == 'function' then
-    return mod
-  end
 end
 
 table.insert(package.loaders or package.searchers, 2, _inline_loader)
@@ -59,4 +60,4 @@ main()
 --   -- Call exported function
 --   local arguments = {select(1, ...)}
 --   return fn(table.unpack(arguments))
--- end
+-- end

dev-cli/container/src/node/apply-metering.cjs

@@ -0,0 +1,6 @@
+// this step will need to be invoked after the wasm file is compiled and it will load it and add
+// the metering functions to the wasm and replace it.
+const fs = require('fs')
+const metering = require('wasm-metering')
+const wasm = fs.readFileSync('/src/process.wasm')
+fs.writeFileSync('/src/process.wasm', metering.meterWASM(wasm))

dev-cli/container/src/node/package.json

@@ -20,7 +20,8 @@
     "arweave": "^1.14.4",
     "mime-types": "^2.1.35",
     "url-join": "^5.0.0",
-    "warp-arbundles": "^1.0.4"
+    "warp-arbundles": "^1.0.4",
+    "wasm-metering": "^0.2.1"
   },
   "engines": {
     "node": ">=18"

dev-cli/src/versions.js

@@ -1,5 +1,5 @@
 /* eslint-disable */
 export const VERSION = {
-  "CLI": "0.0.45",
-  "IMAGE": "0.0.25"
-}
+  "CLI": "0.0.48",
+  "IMAGE": "0.0.28"
+}

loader/README.md

@@ -8,6 +8,7 @@ that given an `ao-process` message, will produce a `result`.
 - [Usage](#usage)
   - [Using a File](#using-a-file)
   - [Using `fetch`](#using-fetch)
+  - [Result Object](#result-object)
 
 <!-- tocstop -->
 
@@ -22,20 +23,25 @@ import AoLoader from "@permaweb/ao-loader";
 /* ao READ-ONLY Env Variables */
 const env = {
   Process: {
-    id: "2",
+    Id: "2",
+    Tags: [
+      { name: "Authority", value: "XXXXXX" },
+    ],
   },
 };
 
 // Create the handle function that executes the Wasm
-const handle = await AoLoader(wasmBinary);
+const handle = await AoLoader(wasmBinary, [limit = 9000000000]);
 
 // To spawn a process, pass null as the buffer
 const result = await handle(null, {
   Owner: "OWNER_ADDRESS",
+  Target: "XXXXX",
+  From: "YYYYYY",
   Tags: [
-    { name: "function", value: "balance" },
-    { name: "target", value: "vh-NTHVvlKZqRxc8LyyTNok65yQ55a_PJ1zWLb9G2JI" },
+    { name: "Action", value: "Ping" },
   ],
+  Data: "ping",
 }, env);
 ```
 
@@ -48,8 +54,8 @@ const buffer = await LoadFromCache();
 const result = await handle(buffer, {
   Owner: "OWNER_ADDRESS",
   Tags: [
-    { name: "function", value: "balance" },
-    { name: "target", value: "vh-NTHVvlKZqRxc8LyyTNok65yQ55a_PJ1zWLb9G2JI" },
+    { name: "Action", value: "Balance" },
+    { name: "Target", value: "vh-NTHVvlKZqRxc8LyyTNok65yQ55a_PJ1zWLb9G2JI" },
   ],
 }, env);
 
@@ -71,7 +77,7 @@ import AoLoader from "@permaweb/ao-loader";
 import fs from "fs";
 
 async function main() {
-  const wasmBinary = fs.readFileSync("contract.wasm");
+  const wasmBinary = fs.readFileSync("process.wasm");
   const handle = AoLoader(wasmBinary);
   const result = await handle(...);
 }
@@ -93,3 +99,24 @@ async function main() {
   const result = await handle(...)
 }
 ```
+
+### Result Object
+
+The `Result` Object returns a Successful Result:
+
+```
+{
+  Output,
+  Messages,
+  Spawns,
+  GasUsed
+}
+```
+
+Or an unSuccessful Result:
+
+```
+{
+  Error
+}
+```

loader/package.json

@@ -13,9 +13,10 @@
     "build": "npm run build:types && npm run build:src",
     "build:src": "node esbuild.js",
     "build:types": "tsc src/index.cjs --declaration --allowJs --emitDeclarationOnly --outDir dist",
-    "test": "node --test",
-    "test:integration": "npm run build:src && MODULE_PATH='../dist/index.cjs' node --test"
+    "test": "npm run build && node --test",
+    "test:integration": "npm run build && MODULE_PATH='../dist/index.cjs' node --test"
   },
+  "dependencies": {},
   "devDependencies": {
     "esbuild": "^0.19.5",
     "typescript": "^5.2.2"