feat: introduce secure API for template verification #693

diervo · 2018-10-01T02:39:57Z

Details

Adding a mechanism to prevent templates to be created in user land.
The compiler will produce this new code:

import { registerTemplate } from "lwc";
function tmpl($api, $cmp, $slotset, $ctx) {...}
export default registerTemplate(tmpl);

The engine will have the references saved so it can know when anything is not coming from the compiler. Note that the named import registerTemplate must not be available for consumption in user-land.

Does this PR introduce a breaking change?

No, this is a new API.

pmdartus · 2018-10-01T13:43:29Z

packages/lwc-engine/src/framework/__tests__/secure.spec.ts

+    afterEach(() => (secure.enabled = false));
+
+    it('forbidden access to template', () => {
+        function html($api) {


Can you add a comment to explain that you are not using the inline template compiler on purpose. I am in the process of removing all those handcrafting templates.

pmdartus · 2018-10-01T13:44:12Z

packages/lwc-engine/src/framework/secure.ts

+    verifyTemplate
+};
+
+function registerTemplate(tmpl) {


Add missing Template type.

pmdartus · 2018-10-01T13:44:19Z

packages/lwc-engine/src/framework/secure.ts

+    }
+}
+
+function verifyTemplate(tmpl) {


Add missing Template type.

pmdartus · 2018-10-01T13:46:18Z

packages/lwc-template-compiler/src/codegen/formatters/module.ts

+    SECURE_IMPORT_NAME, SECURE_REGISTER_TEMPLATE_METHOD_NAME,
+    LWC_MODULE_NAME
+} from '../../shared/constants';
+import { FunctionDeclaration, ExportDefaultDeclaration } from 'babel-types';


Use t.FunctionDeclaration imported line 1 instead of importing the types using named imports.

pmdartus · 2018-10-01T13:47:33Z

packages/lwc-template-compiler/src/codegen/index.ts

@@ -1,3 +1,4 @@
+import { ResolvedConfig } from '../config';


Move relative imports below module imports.

pmdartus · 2018-10-01T13:49:04Z

packages/lwc-template-compiler/src/codegen/formatters/module.ts

    const metadata = generateTemplateMetadata(state);
+    let templateBody: Array<FunctionDeclaration | ExportDefaultDeclaration> = [t.exportDefaultDeclaration(templateFn)];


Performance wise, a if/else statement is better than overriding the default value with a single if block.

pmdartus · 2018-10-01T13:50:17Z

packages/lwc-template-compiler/src/__tests__/index.spec.ts

@@ -17,6 +17,31 @@ function functionMatchCode(fn, code) {
    );
 }

+
+describe('option secure', () => {
+    it.only('validate secure transformation', () => {


Remove only

pmdartus · 2018-10-01T13:51:12Z

packages/lwc-template-compiler/src/__tests__/index.spec.ts

+describe('option secure', () => {
+    it.only('validate secure transformation', () => {
+        const { code } = compiler(`<template><x-test></x-test></template>`, { secure: true });
+        functionMatchCode(code, `


Use a fixture for this.

pmdartus · 2018-10-01T13:53:20Z

packages/lwc-engine/src/framework/invoker.ts

@@ -93,7 +95,7 @@ export function invokeComponentRenderMethod(vm: VM): VNodes {
    try {
        const html = callHook(component, render);
        if (isFunction(html)) {
-            result = evaluateTemplate(vm, html);
+            result = evaluateTemplate(vm, secure.verifyTemplate(html));


The validation should be moved inside the evaluateTemplate method. The invokeComponentRenderMethod is invoked for each render, we should only validate the template is the template is different than the previous render.

salesforce-best-lwc-internal · 2018-10-01T16:12:44Z

Benchmark results

Base commit: db3d1c5 | Target commit: ce999b0

salesforce-best-lwc-internal · 2018-10-01T16:21:45Z

Benchmark results

Base commit: db3d1c5 | Target commit: ce999b0

lwc-engine-benchmark

table-append-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table/append/1k	duration	155.20 (±4.70 ms)	155.15 (±6.05 ms)	-0.1ms (0.0%) 👌

table-clear-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table/clear/1k	duration	12.00 (±0.75 ms)	12.80 (±0.80 ms)	+0.8ms (6.7%) 👎

table-create-10k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table/create/10k	duration	926.70 (±8.10 ms)	919.45 (±6.50 ms)	-7.3ms (0.8%) 👍

table-create-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table/create/1k	duration	111.45 (±2.50 ms)	109.65 (±2.60 ms)	-1.8ms (1.6%) 👍

table-update-10th-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table/update-10th/1k	duration	98.70 (±5.10 ms)	96.80 (±4.95 ms)	-1.9ms (1.9%) 👍

tablecmp-append-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-component/append/1k	duration	238.20 (±7.00 ms)	237.35 (±7.00 ms)	-0.8ms (0.4%) 👌

tablecmp-clear-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-component/clear/1k	duration	18.80 (±1.95 ms)	19.70 (±1.95 ms)	+0.9ms (4.8%) 👌

tablecmp-create-10k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-component/create/10k	duration	1696.90 (±11.55 ms)	1667.80 (±9.85 ms)	-29.1ms (1.7%) 👍

tablecmp-create-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-component/create/1k	duration	184.40 (±5.85 ms)	183.55 (±5.30 ms)	-0.8ms (0.5%) 👌

tablecmp-update-10th-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-component/update-10th/1k	duration	83.40 (±7.35 ms)	83.30 (±6.60 ms)	-0.1ms (0.1%) 👌

wc-append-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-wc/append/1k	duration	275.55 (±17.60 ms)	273.80 (±14.30 ms)	-1.7ms (0.6%) 👌

wc-clear-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-wc/clear/1k	duration	31.70 (±2.30 ms)	28.80 (±2.90 ms)	-2.9ms (9.1%) 👍

wc-create-10k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-wc/create/10k	duration	2158.35 (±15.95 ms)	2142.75 (±10.20 ms)	-15.6ms (0.7%) 👍

wc-create-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-wc/create/1k	duration	219.00 (±4.65 ms)	223.45 (±5.55 ms)	+4.4ms (2.0%) 👌

wc-update-10th-1k	metric	base(`db3d1c5`)	target(`ce999b0`)	trend
benchmark-table-wc/update-10th/1k	duration	85.40 (±5.55 ms)	85.70 (±6.90 ms)	+0.3ms (0.4%) 👌

apapko

see comment regarding setting secure option as true by default
pls add a test to options.spec.ts to ensure 'secure' option is correctly normalized to default value.

apapko · 2018-10-01T16:55:58Z

packages/lwc-compiler/src/compiler/options.ts

@@ -16,7 +16,8 @@ const DEFAULT_OUTPUT_CONFIG = {
        NODE_ENV: "development"
    },
    minify: false,
-    compat: false
+    compat: false,
+    secure: false


I propose making secure value true by default. In my opinion its better to be restrictive and allow open source consumers to opt-out if they like. Additionally, having secure true by default will minimize bugs in aura because it has multiple entry points into compiler invocation which can be more error prone - for example forgetting to pass in 'secure' or creating new compiler entry point without secure will result in inconsistent behavior. I feel like aura should have no control of this flag at all as secure should be enforced for internal dev at all time. Thoughts?

we don't need an option, it should always be the case.

apapko · 2018-10-01T17:05:12Z

packages/lwc-engine/src/framework/__tests__/secure.spec.ts

+
+    it('forbidden access to template', () => {
+        // We can't use the inline template compiler here
+        // since precesily we are trying to test that handcrafted


typo: precisely instead of precesily

apapko · 2018-10-01T17:10:57Z

packages/lwc-engine/src/framework/secure.ts

+    return tmpl;
+}
+
+export const secure = SECURE_OBJECT;


should we expose a mechanism to de-register the template?

apapko · 2018-10-01T17:13:58Z

packages/lwc-engine/src/framework/template.ts

@@ -97,6 +98,10 @@ export function evaluateTemplate(vm: VM, html: Template): Array<VNode|null> {
            // template, because they could have similar IDs, and snabbdom just rely on the IDs.
            resetShadowRoot(vm);
        }
+
+        // Check that the template is built by the compiler
+        secure.verifyTemplate(html);


what do you think of renaming verifyTemplate to something like assertTemplateRegistered? When i see verify i think of a boolean return instead a throw. Just a food for thought to improve readability

apapko · 2018-10-01T17:15:20Z

packages/lwc-template-compiler/src/codegen/formatters/module.ts

+
+import {
+    TEMPLATE_FUNCTION_NAME,
+    SECURE_IMPORT_NAME, SECURE_REGISTER_TEMPLATE_METHOD_NAME,


pls move SECURE_REGISTER_TEMPLATE_METHOD_NAME to a new line

apapko · 2018-10-01T17:21:46Z

packages/lwc-template-compiler/src/codegen/formatters/module.ts

@@ -16,18 +23,47 @@ function moduleNameToImport(name: string): t.ImportDeclaration {
    );
 }

+function generateSecureImport(): t.ImportDeclaration {
+    return t.importDeclaration(
+        [t.importSpecifier(t.identifier(SECURE_IMPORT_NAME), t.identifier(SECURE_IMPORT_NAME))],


are both importSpecifier parameters intentionally the same?

caridy

I will like to restrict and simplify this a little bit more.

compiler should use import { template } from "lwc/secure";
validate does not need to be exposed (the engine can validate itself, locker has no saying on this).
enabled is not needed, it should always be enabled.

The reason for 1, is that you don't have to restrict import *, or the typescript definition, or any other future option for modules. It should come from its own, restricted module specifier that can only be use by the transformation, and can't be, ever, use by userland code, not even high privilege code that import those things.

In the future, I want to move api.ts to be exposed via import { api } from "lwc/secure", so the same rules applies.

Reason for 2 is that we want to protect ourself, even on the open source, to prevent people from using manual creation of vnodes, since any future change my break them (look at VUE 3 as an example of this problem).

Reason for 3 is pretty much the same reason for 2.

diervo · 2018-10-01T19:58:07Z

@caridy You are missing some context:

The compiler has only one option secure: true and the idea is to add a bunch of security extra guards there like the commit from @byao for filtering svgs. I do not want 7 options on the compiler for security. It should be just one.
Enforcing this at compile time, will be breaking every single test we have without opting out in the engine. Fixing this will require to have some magic on the jest resolver.
I'm not very keen on adding a new dependency lwc/secure as a dependency.

Idealistically I would be ok making this non-optional, but the secure object intent was to be able to allow customization for all of this other security features that must be able to be configurable at runtime by the application owner.

caridy · 2018-10-01T22:11:39Z

packages/lwc-engine/src/framework/secure.ts

+import { Template } from "../framework/template";
+
+const DEFAULT_SECURE_ENABLEMENT = false;
+const VERIFIED_TEMPLATES = new Set();


call this verifiedTemplateSet

caridy · 2018-10-01T22:13:52Z

packages/lwc-engine/src/framework/secure.ts

+    verifyTemplate
+};
+
+function registerTemplate(tmpl: Template) {


this logic should probably belong into template.ts

caridy · 2018-10-01T22:14:10Z

packages/lwc-engine/src/framework/template.ts

@@ -97,6 +98,10 @@ export function evaluateTemplate(vm: VM, html: Template): Array<VNode|null> {
            // template, because they could have similar IDs, and snabbdom just rely on the IDs.
            resetShadowRoot(vm);
        }
+
+        // Check that the template is built by the compiler
+        secure.verifyTemplate(html);


this should probably be a local function that does the validation against a local set.

kevinv11n · 2018-10-02T02:36:31Z

compiler should use import { template } from "lwc/secure";

Yes, we need to restrict access on a per module basis, not on a per export basis. cc @pmdartus

salesforce-best-lwc-internal · 2018-10-04T22:39:54Z

Benchmark results

Base commit: 2a3ce0f | Target commit: 6c5ed73

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	151.90 (±7.65 ms)	-4.2ms (2.7%) 👍

table-clear-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	12.30 (±0.55 ms)	-0.2ms (1.6%) 👌

table-create-10k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	874.75 (±6.15 ms)	-0.9ms (0.1%) 👌

table-create-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	109.70 (±2.10 ms)	+0.3ms (0.3%) 👌

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	84.20 (±2.50 ms)	-1.0ms (1.2%) 👍

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	228.70 (±8.75 ms)	+5.9ms (2.7%) 👎

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	18.30 (±2.20 ms)	-2.3ms (11.2%) 👍

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1597.95 (±12.25 ms)	-14.3ms (0.9%) 👍

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	180.50 (±5.60 ms)	-7.4ms (4.0%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	82.55 (±6.30 ms)	-1.3ms (1.6%) 👌

wc-append-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	271.10 (±14.05 ms)	-1.1ms (0.4%) 👌

wc-clear-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	27.85 (±1.80 ms)	-1.9ms (6.5%) 👍

wc-create-10k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2050.40 (±12.40 ms)	-16.7ms (0.8%) 👍

wc-create-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	224.25 (±4.75 ms)	+1.6ms (0.7%) 👌

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`6c5ed73`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	85.10 (±6.10 ms)	-0.4ms (0.5%) 👌

salesforce-best-lwc-internal · 2018-10-05T00:48:01Z

Benchmark results

Base commit: 2a3ce0f | Target commit: 8a2934b

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	153.65 (±5.90 ms)	-2.4ms (1.5%) 👍

table-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	12.25 (±0.65 ms)	-0.3ms (2.0%) 👌

table-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	884.30 (±6.70 ms)	+8.7ms (1.0%) 👎

table-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	108.55 (±2.25 ms)	-0.9ms (0.8%) 👌

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	96.80 (±1.30 ms)	+11.6ms (13.6%) 👎

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	225.05 (±7.80 ms)	+2.3ms (1.0%) 👌

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	19.70 (±2.35 ms)	-0.9ms (4.4%) 👌

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1543.65 (±9.10 ms)	-68.5ms (4.3%) 👍

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	183.40 (±4.95 ms)	-4.5ms (2.4%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	82.90 (±6.30 ms)	-0.9ms (1.1%) 👌

wc-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	265.50 (±15.55 ms)	-6.7ms (2.5%) 👍

wc-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	27.55 (±2.40 ms)	-2.3ms (7.6%) 👍

wc-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2043.40 (±12.55 ms)	-23.7ms (1.1%) 👍

wc-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	218.90 (±4.50 ms)	-3.8ms (1.7%) 👍

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	82.10 (±6.95 ms)	-3.4ms (4.0%) 👌

salesforce-best-lwc-internal · 2018-10-05T01:28:18Z

Benchmark results

Base commit: 2a3ce0f | Target commit: 8a2934b

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	152.45 (±5.35 ms)	-3.6ms (2.3%) 👍

table-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	11.75 (±0.70 ms)	-0.8ms (6.0%) 👍

table-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	880.05 (±5.60 ms)	+4.4ms (0.5%) 👌

table-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	109.20 (±2.45 ms)	-0.2ms (0.2%) 👌

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	97.35 (±2.80 ms)	+12.1ms (14.3%) 👎

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	226.00 (±9.80 ms)	+3.3ms (1.5%) 👌

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	19.15 (±1.85 ms)	-1.5ms (7.0%) 👍

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1587.40 (±11.10 ms)	-24.8ms (1.5%) 👍

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	182.05 (±4.15 ms)	-5.9ms (3.1%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	80.25 (±5.90 ms)	-3.6ms (4.3%) 👍

wc-append-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	265.45 (±15.30 ms)	-6.8ms (2.5%) 👌

wc-clear-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	27.65 (±1.80 ms)	-2.1ms (7.2%) 👍

wc-create-10k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2057.25 (±10.80 ms)	-9.9ms (0.5%) 👍

wc-create-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	221.60 (±4.60 ms)	-1.0ms (0.5%) 👌

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`8a2934b`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	83.30 (±7.10 ms)	-2.2ms (2.6%) 👌

salesforce-best-lwc-internal · 2018-10-05T01:38:14Z

Benchmark results

Base commit: 2a3ce0f | Target commit: af49f07

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	153.80 (±5.20 ms)	-2.3ms (1.4%) 👍

table-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	12.10 (±0.70 ms)	-0.4ms (3.2%) 👌

table-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	873.45 (±7.80 ms)	-2.1ms (0.2%) 👌

table-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	109.60 (±3.85 ms)	+0.2ms (0.2%) 👌

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	85.50 (±2.00 ms)	+0.3ms (0.4%) 👌

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	215.60 (±14.40 ms)	-7.2ms (3.2%) 👌

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	17.90 (±2.10 ms)	-2.7ms (13.1%) 👍

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1616.80 (±9.30 ms)	+4.6ms (0.3%) 👌

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	181.95 (±5.30 ms)	-6.0ms (3.2%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	81.80 (±5.95 ms)	-2.0ms (2.4%) 👌

wc-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	267.55 (±16.20 ms)	-4.7ms (1.7%) 👌

wc-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	28.95 (±2.15 ms)	-0.8ms (2.9%) 👌

wc-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2064.80 (±12.35 ms)	-2.3ms (0.1%) 👌

wc-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	222.35 (±6.85 ms)	-0.3ms (0.1%) 👌

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	82.75 (±6.05 ms)	-2.8ms (3.2%) 👌

salesforce-best-lwc-internal · 2018-10-05T01:40:29Z

Benchmark results

Base commit: 2a3ce0f | Target commit: af49f07

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	151.35 (±6.65 ms)	-4.7ms (3.0%) 👌

table-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	11.95 (±0.85 ms)	-0.6ms (4.4%) 👍

table-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	866.20 (±5.30 ms)	-9.4ms (1.1%) 👍

table-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	111.20 (±2.45 ms)	+1.8ms (1.6%) 👎

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	85.40 (±1.95 ms)	+0.2ms (0.2%) 👌

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	227.10 (±7.30 ms)	+4.3ms (2.0%) 👎

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	19.75 (±2.05 ms)	-0.9ms (4.1%) 👌

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1563.35 (±9.55 ms)	-48.8ms (3.0%) 👍

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	181.55 (±6.35 ms)	-6.4ms (3.4%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	80.60 (±3.80 ms)	-3.3ms (3.9%) 👌

wc-append-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	267.40 (±17.25 ms)	-4.8ms (1.8%) 👌

wc-clear-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	29.60 (±2.60 ms)	-0.2ms (0.7%) 👌

wc-create-10k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2070.35 (±12.20 ms)	+3.2ms (0.2%) 👌

wc-create-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	218.90 (±4.50 ms)	-3.8ms (1.7%) 👍

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`af49f07`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	84.55 (±4.60 ms)	-0.9ms (1.1%) 👌

caridy · 2018-10-05T02:17:07Z

packages/lwc-engine/src/framework/secure-template.ts

+
+export function verifyTemplate(tmpl: Template): Template {
+    if (!VERIFIED_TEMPLATE_SET.has(tmpl)) {
+        throw new TypeError('Unknown template');


this should probably throw a ReferenceError instead. It should also provide more details about what component is at fault, otherwise you don't know much, this is because the render() method is called, and the result is the analyzed, so, throwing here will not have that render method in the error stack, which will make it very hard to know what's going on.

Probably in dev-mode we should have some nice logError with the proper component stack.

caridy · 2018-10-05T02:18:41Z

packages/lwc-engine/src/framework/secure-template.ts

+
+const VERIFIED_TEMPLATE_SET = new Set();
+
+export function verifyTemplate(tmpl: Template): Template {


the signature of this method is weird, it is a verification, but it returns the same template. Maybe calling this: isRegisteredTemplate(tmpl: Template): boolean

caridy · 2018-10-05T02:19:08Z

packages/lwc-jest-transformer/src/test/modules/example/fooInner/__tests__/fooInner.test.js

@@ -8,7 +8,8 @@ jest.mock('globalLib', () => {
 });

 describe('example-foo-inner', () => {
-    it('default snapshot', () => {
+    it.only('default snapshot', () => {
+        debugger;


caridy · 2018-10-05T02:19:13Z

packages/lwc-jest-transformer/src/test/modules/example/fooInner/__tests__/fooInner.test.js

@@ -8,7 +8,8 @@ jest.mock('globalLib', () => {
 });

 describe('example-foo-inner', () => {
-    it('default snapshot', () => {
+    it.only('default snapshot', () => {


remove .only

caridy · 2018-10-05T02:19:49Z

packages/lwc-engine/src/framework/secure-template.ts

@@ -0,0 +1,16 @@
+import { Template } from "./template";


why does this need to be separate from template.ts? it looks to me that it belongs there, so we don't have to export the verification api, it is all internal to that template.ts

caridy

few minor things... functionality wise, I think we are good. The biggest issue right now is the error usefulness.

diervo · 2018-10-05T04:04:06Z

@caridy I will open an issue for the error stack-trace because not sure if that would change regardless with @jye-sf changes.

Would rather merge this now to avoid more conflicts.

salesforce-best-lwc-internal · 2018-10-05T04:08:52Z

Benchmark results

Base commit: 2a3ce0f | Target commit: 05f3d70

lwc-engine-benchmark

table-append-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table/append/1k	duration	156.05 (±5.40 ms)	152.90 (±5.50 ms)	-3.2ms (2.0%) 👍

table-clear-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table/clear/1k	duration	12.50 (±0.70 ms)	11.85 (±0.75 ms)	-0.6ms (5.2%) 👍

table-create-10k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table/create/10k	duration	875.60 (±7.20 ms)	875.45 (±6.05 ms)	-0.1ms (0.0%) 👌

table-create-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table/create/1k	duration	109.40 (±2.15 ms)	108.65 (±1.65 ms)	-0.8ms (0.7%) 👌

table-update-10th-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table/update-10th/1k	duration	85.20 (±1.60 ms)	85.80 (±2.75 ms)	+0.6ms (0.7%) 👌

tablecmp-append-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-component/append/1k	duration	222.75 (±12.40 ms)	229.05 (±7.50 ms)	+6.3ms (2.8%) 👎

tablecmp-clear-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-component/clear/1k	duration	20.60 (±2.10 ms)	19.05 (±2.35 ms)	-1.6ms (7.5%) 👍

tablecmp-create-10k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-component/create/10k	duration	1612.20 (±10.10 ms)	1623.10 (±13.60 ms)	+10.9ms (0.7%) 👎

tablecmp-create-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-component/create/1k	duration	187.95 (±3.90 ms)	182.40 (±6.40 ms)	-5.6ms (3.0%) 👍

tablecmp-update-10th-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-component/update-10th/1k	duration	83.85 (±7.05 ms)	83.15 (±5.60 ms)	-0.7ms (0.8%) 👌

wc-append-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-wc/append/1k	duration	272.20 (±15.40 ms)	264.40 (±17.80 ms)	-7.8ms (2.9%) 👌

wc-clear-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-wc/clear/1k	duration	29.80 (±2.30 ms)	27.35 (±1.75 ms)	-2.4ms (8.2%) 👍

wc-create-10k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-wc/create/10k	duration	2067.10 (±12.50 ms)	2037.40 (±11.35 ms)	-29.7ms (1.4%) 👍

wc-create-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-wc/create/1k	duration	222.65 (±5.55 ms)	218.50 (±5.55 ms)	-4.2ms (1.9%) 👍

wc-update-10th-1k	metric	base(`2a3ce0f`)	target(`05f3d70`)	trend
benchmark-table-wc/update-10th/1k	duration	85.50 (±6.80 ms)	82.50 (±5.70 ms)	-3.0ms (3.5%) 👌

…#718) ## Details Follow up PR after PR #693 ## Does this PR introduce a breaking change? * No

diervo changed the title ~~feat: Introduce secure API~~ feat: introduce secure API Oct 1, 2018

diervo changed the title ~~feat: introduce secure API~~ feat: introduce secure API for template verification Oct 1, 2018

diervo requested review from caridy, apapko, pmdartus and jfparadis and removed request for apapko October 1, 2018 02:44

diervo force-pushed the dval/secure branch from a569346 to 9de1570 Compare October 1, 2018 02:49

pmdartus requested changes Oct 1, 2018

View reviewed changes

pmdartus approved these changes Oct 1, 2018

View reviewed changes

apapko reviewed Oct 1, 2018

View reviewed changes

caridy suggested changes Oct 1, 2018

View reviewed changes

caridy reviewed Oct 1, 2018

View reviewed changes

Diego Ferreiro Val added 8 commits October 4, 2018 11:32

wip: secure dance

0cd9d8b

wip: secure option for template

8dd3cdf

wip: adding compiler option

1fa7f14

wip: fix test

ec16c72

wip: engine secure dance

2ba524c

wip: make it throw

ac17307

fix: addressing review changes

67f44ba

wip: address concerns

d2847cc

diervo force-pushed the dval/secure branch from ce999b0 to d2847cc Compare October 4, 2018 18:48

fix: refactor secure template

6c5ed73

fix: remove secure option

8a2934b

fix: minor spacing

af49f07

caridy reviewed Oct 5, 2018

View reviewed changes

caridy suggested changes Oct 5, 2018

View reviewed changes

fix: minor rename and removeing debugging breadcrumbs

05f3d70

diervo mentioned this pull request Oct 5, 2018

Better error location and stacktrace when template registration fails #710

Closed

diervo merged commit 3b4a63e into master Oct 5, 2018

diervo deleted the dval/secure branch October 5, 2018 04:09

caridy mentioned this pull request Oct 7, 2018

fix(engine): fixes issue #710 - add better error for invalid template #718

Merged

diervo pushed a commit that referenced this pull request Oct 8, 2018

fix(engine): fixes issue #710 - add better error for invalid template (…

7c6009f

…#718) ## Details Follow up PR after PR #693 ## Does this PR introduce a breaking change? * No

		const metadata = generateTemplateMetadata(state);
		let templateBody: Array<FunctionDeclaration \| ExportDefaultDeclaration> = [t.exportDefaultDeclaration(templateFn)];


		const VERIFIED_TEMPLATE_SET = new Set();

		export function verifyTemplate(tmpl: Template): Template {

feat: introduce secure API for template verification #693

feat: introduce secure API for template verification #693

Conversation

diervo commented Oct 1, 2018 • edited Loading

Details

Does this PR introduce a breaking change?

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

salesforce-best-lwc-internal bot commented Oct 1, 2018

Benchmark results

salesforce-best-lwc-internal bot commented Oct 1, 2018

Benchmark results

lwc-engine-benchmark

apapko left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

caridy left a comment

Choose a reason for hiding this comment

diervo commented Oct 1, 2018 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

kevinv11n commented Oct 2, 2018

salesforce-best-lwc-internal bot commented Oct 4, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Oct 5, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Oct 5, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Oct 5, 2018

Benchmark results

lwc-engine-benchmark

salesforce-best-lwc-internal bot commented Oct 5, 2018

Benchmark results

lwc-engine-benchmark

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

caridy Oct 5, 2018 • edited Loading

Choose a reason for hiding this comment

caridy left a comment

Choose a reason for hiding this comment

diervo commented Oct 5, 2018

salesforce-best-lwc-internal bot commented Oct 5, 2018

Benchmark results

lwc-engine-benchmark

diervo commented Oct 1, 2018 •

edited

Loading

diervo commented Oct 1, 2018 •

edited

Loading

caridy Oct 5, 2018 •

edited

Loading