fix: Whitelist cli args (#553)

* fix: Whitelist cli args

* Remove cli.wsPort

* Fix psn flag

* Fix mistaken merge

packages/fether-electron/package.json

@@ -44,7 +44,6 @@
     "@parity/electron": "^5.1.0",
     "ansi-styles": "^3.2.1",
     "commander": "^2.15.1",
-    "commander-remaining-args": "^1.2.0",
     "electron-positioner": "^4.1.0",
     "electron-settings": "^3.2.0",
     "fether-react": "^0.4.0",

packages/fether-electron/src/main/app/cli/index.js

@@ -5,7 +5,7 @@
 
 import cli from 'commander';
 
-import { DEFAULT_CHAIN, DEFAULT_WS_PORT } from '../constants';
+import { DEFAULT_CHAIN } from '../constants';
 
 const { productName } = require('../../../../electron-builder.json');
 const { version } = require('../../../../package.json');
@@ -23,7 +23,6 @@ if (process.defaultApp !== true) {
 
 cli
   .version(version)
-  .allowUnknownOption()
   .option(
     '--chain <chain>',
     `The network to connect to, can be one of "foundation", "kovan" or "ropsten". (default: "${DEFAULT_CHAIN}")`,
@@ -33,24 +32,9 @@ cli
     '--no-run-parity',
     `${productName} will not attempt to run the locally installed parity.`
   )
-  .option(
-    '--ws-port <port>',
-    `Specify the port portion of the WebSockets server ${productName} will connect to. (default: ${DEFAULT_WS_PORT})`,
-    DEFAULT_WS_PORT
-  )
-
-  .parse(
-    process.argv
-      // We want to ignore some flags and not pass them down to Parity:
-      // --inspect: `electron-webpack dev` runs Electron with the `--inspect` flag for HMR
-      // -psn_*: https://github.com/paritytech/fether/issues/188
-      // --ws-interface: we don't pass down this flag, because fether only allows 127.0.0.1 as WS interface
-      .filter(
-        arg =>
-          !arg.startsWith('--inspect') &&
-          !arg.startsWith('-psn_') &&
-          !arg.startsWith('--ws-interface')
-      )
-  );
+  // We want to ignore some flags that are sometimes passed to Fether, but not
+  // officially recognized by Fether:
+  // - -psn_*: https://github.com/paritytech/fether/issues/188
+  .parse(process.argv.filter(arg => !arg.startsWith('-psn_')));
 
 export default cli;

packages/fether-electron/src/main/app/messages/index.js

@@ -7,10 +7,9 @@ import { checkClockSync, signerNewToken } from '@parity/electron';
 import settings from 'electron-settings';
 
 import { bundledParityPath } from '../utils/paths';
-import cli from '../cli';
 import Pino from '../utils/pino';
 import setupParityEthereum from '../methods/setupParityEthereum';
-import { TRUSTED_LOOPBACK } from '../constants';
+import { DEFAULT_WS_PORT, TRUSTED_LOOPBACK } from '../constants';
 
 const pino = Pino();
 
@@ -82,7 +81,7 @@ export default async (fetherApp, event, data) => {
         event.sender.send('send-to-renderer', {
           action: 'WS_PORT_RESPONSE',
           from: 'fether:electron',
-          payload: cli.wsPort
+          payload: DEFAULT_WS_PORT
         });
 
         break;

packages/fether-electron/src/main/app/options/config/index.js

@@ -8,7 +8,6 @@ import url from 'url';
 
 import Pino from '../../utils/pino';
 import { staticPath } from '../../utils/paths';
-import cli from '../../cli';
 import {
   DEFAULT_CHAIN,
   DEFAULT_WS_PORT,
@@ -23,27 +22,20 @@ pino.info(
 );
 
 /**
- * Note: If the user provides a custom CLI port to `cli.wsPort` then
- * we 'dynamically' trust it in addition to the `DEFAULT_WS_PORT` in
- * fether-electron/src/main/index.js, which is where we only
- * permit requests from trusted paths.
- *
- * Note: We also disallows users from using Fether
+ * Note: We disallow users from using Fether
  * with a remote node.
  * WARNING: SSH tunnels from an attacker are still possible.
  */
 const DEFAULT_HTTP_PORT = '3000';
-const CUSTOM_WS_PORT = cli.wsPort;
 const TRUSTED_HOSTS = {
   github: ['api.github.com', 'github.com', 'raw.githubusercontent.com'],
   blockscout: ['blockscout.com']
 };
-const TRUSTED_WS_PORTS = [DEFAULT_WS_PORT, CUSTOM_WS_PORT];
+const TRUSTED_WS_PORTS = [DEFAULT_WS_PORT];
 const DEFAULT_HTTP_TRUSTED_LOOPBACK = `http://${TRUSTED_LOOPBACK}:${DEFAULT_HTTP_PORT}`;
 const TRUSTED_URLS = [
   DEFAULT_HTTP_TRUSTED_LOOPBACK,
   `ws://${TRUSTED_LOOPBACK}:${DEFAULT_WS_PORT}`,
-  `ws://${TRUSTED_LOOPBACK}:${CUSTOM_WS_PORT}`,
   'https://parity.io',
   'https://wiki.parity.io/Fether-FAQ',
   'https://github.com/paritytech/fether/issues/new',

packages/fether-electron/src/main/app/parityEthereum/index.js

@@ -4,7 +4,6 @@
 // SPDX-License-Identifier: BSD-3-Clause
 
 import { isParityRunning, runParity } from '@parity/electron';
-import getRemainingArgs from 'commander-remaining-args';
 
 import { bundledParityPath } from '../utils/paths';
 import handleError from '../utils/handleError';
@@ -48,23 +47,14 @@ class ParityEthereum {
   }
 
   isRunning = async () => {
-    return isParityRunning({
-      wsPort: cli.wsPort
-    });
+    return isParityRunning();
   };
 
   // Run the bundled Parity Ethereum binary
   run = async () => {
     return runParity({
       parityPath: bundledParityPath,
-      flags: [
-        ...getRemainingArgs(cli),
-        '--light',
-        '--chain',
-        cli.chain,
-        '--ws-port',
-        cli.wsPort
-      ],
+      flags: ['--light', '--chain', cli.chain],
       onParityError: err =>
         handleError(err, 'An error occured with Parity Ethereum.')
     });

yarn.lock

@@ -4093,11 +4093,6 @@ command-exists@^1.2.8:
   resolved "https://registry.yarnpkg.com/command-exists/-/command-exists-1.2.8.tgz#715acefdd1223b9c9b37110a149c6392c2852291"
   integrity sha512-PM54PkseWbiiD/mMsbvW351/u+dafwTJ0ye2qB60G1aGQP9j3xK2gmMDc+R34L3nDtx4qMCitXT75mkbkGJDLw==
-commander-remaining-args@^1.2.0:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/commander-remaining-args/-/commander-remaining-args-1.2.0.tgz#6fab4cce4a59db1698121f59105364adcb0b4c68"
-  integrity sha512-yH0yRUtHhJ/389HWgQlEMAwqKXMZr/JJH4xqDIzXCisNy2mS6YSAe3WncgjxZvhLJqZPxJn8MivRK+B0lSNXPw==
-
 commander@2.17.x:
   version "2.17.1"
   resolved "https://registry.yarnpkg.com/commander/-/commander-2.17.1.tgz#bd77ab7de6de94205ceacc72f1716d29f20a77bf"