mirror of
https://github.com/facebook/react-native.git
synced 2025-11-01 09:14:26 +00:00
Wes Johnson
e612d3a116
Summary:
We noticed that by default when the RootView / ReactView calls runApplication, we're logging at an info level any props ("params") passed to that component. In our case, one of these props was sensitive in nature, causing the value to leak out in logs for our release builds. This is especially problematic on Android where device logs can be accessed by any app which requests that permission.
This is probably more of a concern for brownfield react-native apps, but it seems worthwhile locking this down in non-dev builds.
## Changelog
<!-- Help reviewers and the release process by writing your own changelog entry. For an example, see:
https://github.com/facebook/react-native/wiki/Changelog
-->
[General] [Security] - Avoiding logging root view params outside of dev / debug mode builds
Pull Request resolved: https://github.com/facebook/react-native/pull/31522
Test Plan: * build app in release mode on Android and verified I could not see: `Running "my app" with { sensitive: 'thing' }` in logcat in Android Studio with a tethered device
Reviewed By: yungsters
Differential Revision: D31064902
Pulled By: charlesbdudley
fbshipit-source-id: 8b10a46d92a9ec44243dd74384299087260c7d83
355 lines
10 KiB
JavaScript
355 lines
10 KiB
JavaScript
/**
|
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
|
*
|
|
* This source code is licensed under the MIT license found in the
|
|
* LICENSE file in the root directory of this source tree.
|
|
*
|
|
* @flow
|
|
* @format
|
|
*/
|
|
|
|
const BatchedBridge = require('../BatchedBridge/BatchedBridge');
|
|
const BugReporting = require('../BugReporting/BugReporting');
|
|
const ReactNative = require('../Renderer/shims/ReactNative');
|
|
const SceneTracker = require('../Utilities/SceneTracker');
|
|
|
|
const infoLog = require('../Utilities/infoLog');
|
|
const invariant = require('invariant');
|
|
const renderApplication = require('./renderApplication');
|
|
import type {IPerformanceLogger} from '../Utilities/createPerformanceLogger';
|
|
|
|
import {coerceDisplayMode} from './DisplayMode';
|
|
import createPerformanceLogger from '../Utilities/createPerformanceLogger';
|
|
import NativeHeadlessJsTaskSupport from './NativeHeadlessJsTaskSupport';
|
|
import HeadlessJsTaskError from './HeadlessJsTaskError';
|
|
import type {RootTag} from 'react-native/Libraries/Types/RootTagTypes';
|
|
|
|
type Task = (taskData: any) => Promise<void>;
|
|
export type TaskProvider = () => Task;
|
|
type TaskCanceller = () => void;
|
|
type TaskCancelProvider = () => TaskCanceller;
|
|
|
|
export type ComponentProvider = () => React$ComponentType<any>;
|
|
export type ComponentProviderInstrumentationHook = (
|
|
component: ComponentProvider,
|
|
scopedPerformanceLogger: IPerformanceLogger,
|
|
) => React$ComponentType<any>;
|
|
export type AppConfig = {
|
|
appKey: string,
|
|
component?: ComponentProvider,
|
|
run?: Function,
|
|
section?: boolean,
|
|
...
|
|
};
|
|
export type Runnable = {
|
|
component?: ComponentProvider,
|
|
run: Function,
|
|
...
|
|
};
|
|
export type Runnables = {[appKey: string]: Runnable, ...};
|
|
export type Registry = {
|
|
sections: Array<string>,
|
|
runnables: Runnables,
|
|
...
|
|
};
|
|
export type WrapperComponentProvider = any => React$ComponentType<any>;
|
|
|
|
const runnables: Runnables = {};
|
|
let runCount = 1;
|
|
const sections: Runnables = {};
|
|
const taskProviders: Map<string, TaskProvider> = new Map();
|
|
const taskCancelProviders: Map<string, TaskCancelProvider> = new Map();
|
|
let componentProviderInstrumentationHook: ComponentProviderInstrumentationHook = (
|
|
component: ComponentProvider,
|
|
) => component();
|
|
|
|
let wrapperComponentProvider: ?WrapperComponentProvider;
|
|
let showArchitectureIndicator = false;
|
|
|
|
/**
|
|
* `AppRegistry` is the JavaScript entry point to running all React Native apps.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html
|
|
*/
|
|
const AppRegistry = {
|
|
setWrapperComponentProvider(provider: WrapperComponentProvider) {
|
|
wrapperComponentProvider = provider;
|
|
},
|
|
|
|
enableArchitectureIndicator(enabled: boolean): void {
|
|
showArchitectureIndicator = enabled;
|
|
},
|
|
|
|
registerConfig(config: Array<AppConfig>): void {
|
|
config.forEach(appConfig => {
|
|
if (appConfig.run) {
|
|
AppRegistry.registerRunnable(appConfig.appKey, appConfig.run);
|
|
} else {
|
|
invariant(
|
|
appConfig.component != null,
|
|
'AppRegistry.registerConfig(...): Every config is expected to set ' +
|
|
'either `run` or `component`, but `%s` has neither.',
|
|
appConfig.appKey,
|
|
);
|
|
AppRegistry.registerComponent(
|
|
appConfig.appKey,
|
|
appConfig.component,
|
|
appConfig.section,
|
|
);
|
|
}
|
|
});
|
|
},
|
|
|
|
/**
|
|
* Registers an app's root component.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#registercomponent
|
|
*/
|
|
registerComponent(
|
|
appKey: string,
|
|
componentProvider: ComponentProvider,
|
|
section?: boolean,
|
|
): string {
|
|
let scopedPerformanceLogger = createPerformanceLogger();
|
|
runnables[appKey] = {
|
|
componentProvider,
|
|
run: (appParameters, displayMode) => {
|
|
renderApplication(
|
|
componentProviderInstrumentationHook(
|
|
componentProvider,
|
|
scopedPerformanceLogger,
|
|
),
|
|
appParameters.initialProps,
|
|
appParameters.rootTag,
|
|
wrapperComponentProvider && wrapperComponentProvider(appParameters),
|
|
appParameters.fabric,
|
|
showArchitectureIndicator,
|
|
scopedPerformanceLogger,
|
|
appKey === 'LogBox',
|
|
appKey,
|
|
coerceDisplayMode(displayMode),
|
|
appParameters.concurrentRoot,
|
|
);
|
|
},
|
|
};
|
|
if (section) {
|
|
sections[appKey] = runnables[appKey];
|
|
}
|
|
return appKey;
|
|
},
|
|
|
|
registerRunnable(appKey: string, run: Function): string {
|
|
runnables[appKey] = {run};
|
|
return appKey;
|
|
},
|
|
|
|
registerSection(appKey: string, component: ComponentProvider): void {
|
|
AppRegistry.registerComponent(appKey, component, true);
|
|
},
|
|
|
|
getAppKeys(): Array<string> {
|
|
return Object.keys(runnables);
|
|
},
|
|
|
|
getSectionKeys(): Array<string> {
|
|
return Object.keys(sections);
|
|
},
|
|
|
|
getSections(): Runnables {
|
|
return {
|
|
...sections,
|
|
};
|
|
},
|
|
|
|
getRunnable(appKey: string): ?Runnable {
|
|
return runnables[appKey];
|
|
},
|
|
|
|
getRegistry(): Registry {
|
|
return {
|
|
sections: AppRegistry.getSectionKeys(),
|
|
runnables: {...runnables},
|
|
};
|
|
},
|
|
|
|
setComponentProviderInstrumentationHook(
|
|
hook: ComponentProviderInstrumentationHook,
|
|
) {
|
|
componentProviderInstrumentationHook = hook;
|
|
},
|
|
|
|
/**
|
|
* Loads the JavaScript bundle and runs the app.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#runapplication
|
|
*/
|
|
runApplication(
|
|
appKey: string,
|
|
appParameters: any,
|
|
displayMode?: number,
|
|
): void {
|
|
if (appKey !== 'LogBox') {
|
|
const logParams = __DEV__
|
|
? '" with ' + JSON.stringify(appParameters)
|
|
: '';
|
|
const msg = 'Running "' + appKey + logParams;
|
|
infoLog(msg);
|
|
BugReporting.addSource(
|
|
'AppRegistry.runApplication' + runCount++,
|
|
() => msg,
|
|
);
|
|
}
|
|
invariant(
|
|
runnables[appKey] && runnables[appKey].run,
|
|
`"${appKey}" has not been registered. This can happen if:\n` +
|
|
'* Metro (the local dev server) is run from the wrong folder. ' +
|
|
'Check if Metro is running, stop it and restart it in the current project.\n' +
|
|
"* A module failed to load due to an error and `AppRegistry.registerComponent` wasn't called.",
|
|
);
|
|
|
|
SceneTracker.setActiveScene({name: appKey});
|
|
runnables[appKey].run(appParameters, displayMode);
|
|
},
|
|
|
|
/**
|
|
* Update initial props for a surface that's already rendered
|
|
*/
|
|
setSurfaceProps(
|
|
appKey: string,
|
|
appParameters: any,
|
|
displayMode?: number,
|
|
): void {
|
|
if (appKey !== 'LogBox') {
|
|
const msg =
|
|
'Updating props for Surface "' +
|
|
appKey +
|
|
'" with ' +
|
|
JSON.stringify(appParameters);
|
|
infoLog(msg);
|
|
BugReporting.addSource(
|
|
'AppRegistry.setSurfaceProps' + runCount++,
|
|
() => msg,
|
|
);
|
|
}
|
|
invariant(
|
|
runnables[appKey] && runnables[appKey].run,
|
|
`"${appKey}" has not been registered. This can happen if:\n` +
|
|
'* Metro (the local dev server) is run from the wrong folder. ' +
|
|
'Check if Metro is running, stop it and restart it in the current project.\n' +
|
|
"* A module failed to load due to an error and `AppRegistry.registerComponent` wasn't called.",
|
|
);
|
|
|
|
runnables[appKey].run(appParameters, displayMode);
|
|
},
|
|
|
|
/**
|
|
* Stops an application when a view should be destroyed.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#unmountapplicationcomponentatroottag
|
|
*/
|
|
unmountApplicationComponentAtRootTag(rootTag: RootTag): void {
|
|
// NOTE: RootTag type
|
|
// $FlowFixMe[incompatible-call] RootTag: RootTag is incompatible with number, needs an updated synced version of the ReactNativeTypes.js file
|
|
ReactNative.unmountComponentAtNodeAndRemoveContainer(rootTag);
|
|
},
|
|
|
|
/**
|
|
* Register a headless task. A headless task is a bit of code that runs without a UI.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#registerheadlesstask
|
|
*/
|
|
registerHeadlessTask(taskKey: string, taskProvider: TaskProvider): void {
|
|
// $FlowFixMe[object-this-reference]
|
|
this.registerCancellableHeadlessTask(taskKey, taskProvider, () => () => {
|
|
/* Cancel is no-op */
|
|
});
|
|
},
|
|
|
|
/**
|
|
* Register a cancellable headless task. A headless task is a bit of code that runs without a UI.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#registercancellableheadlesstask
|
|
*/
|
|
registerCancellableHeadlessTask(
|
|
taskKey: string,
|
|
taskProvider: TaskProvider,
|
|
taskCancelProvider: TaskCancelProvider,
|
|
): void {
|
|
if (taskProviders.has(taskKey)) {
|
|
console.warn(
|
|
`registerHeadlessTask or registerCancellableHeadlessTask called multiple times for same key '${taskKey}'`,
|
|
);
|
|
}
|
|
taskProviders.set(taskKey, taskProvider);
|
|
taskCancelProviders.set(taskKey, taskCancelProvider);
|
|
},
|
|
|
|
/**
|
|
* Only called from native code. Starts a headless task.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#startheadlesstask
|
|
*/
|
|
startHeadlessTask(taskId: number, taskKey: string, data: any): void {
|
|
const taskProvider = taskProviders.get(taskKey);
|
|
if (!taskProvider) {
|
|
console.warn(`No task registered for key ${taskKey}`);
|
|
if (NativeHeadlessJsTaskSupport) {
|
|
NativeHeadlessJsTaskSupport.notifyTaskFinished(taskId);
|
|
}
|
|
return;
|
|
}
|
|
taskProvider()(data)
|
|
.then(() => {
|
|
if (NativeHeadlessJsTaskSupport) {
|
|
NativeHeadlessJsTaskSupport.notifyTaskFinished(taskId);
|
|
}
|
|
})
|
|
.catch(reason => {
|
|
console.error(reason);
|
|
|
|
if (
|
|
NativeHeadlessJsTaskSupport &&
|
|
reason instanceof HeadlessJsTaskError
|
|
) {
|
|
NativeHeadlessJsTaskSupport.notifyTaskRetry(taskId).then(
|
|
retryPosted => {
|
|
if (!retryPosted) {
|
|
NativeHeadlessJsTaskSupport.notifyTaskFinished(taskId);
|
|
}
|
|
},
|
|
);
|
|
}
|
|
});
|
|
},
|
|
|
|
/**
|
|
* Only called from native code. Cancels a headless task.
|
|
*
|
|
* See https://reactnative.dev/docs/appregistry.html#cancelheadlesstask
|
|
*/
|
|
cancelHeadlessTask(taskId: number, taskKey: string): void {
|
|
const taskCancelProvider = taskCancelProviders.get(taskKey);
|
|
if (!taskCancelProvider) {
|
|
throw new Error(`No task canceller registered for key '${taskKey}'`);
|
|
}
|
|
taskCancelProvider()();
|
|
},
|
|
};
|
|
|
|
BatchedBridge.registerCallableModule('AppRegistry', AppRegistry);
|
|
|
|
if (__DEV__) {
|
|
const LogBoxInspector = require('../LogBox/LogBoxInspectorContainer').default;
|
|
AppRegistry.registerComponent('LogBox', () => LogBoxInspector);
|
|
} else {
|
|
AppRegistry.registerComponent(
|
|
'LogBox',
|
|
() =>
|
|
function NoOp() {
|
|
return null;
|
|
},
|
|
);
|
|
}
|
|
|
|
module.exports = AppRegistry;
|