search

endojs / endo

Endo is a distributed secure JavaScript sandbox, based on SES
Apache License 2.0
831 stars 72 forks source link

mustMatch support for TypedPattern #2611

Open dckc opened 1 month ago

dckc commented 1 month ago

What is the Problem Being Solved?

after a typeof x === 'string' test, the type of x is refined to string. But we don't get the same benefit from mustMatch(x, M.string()).

Description of the Design

migrate from @agoric/internal. In particular, in @agoric/internal's typeCheck.test.js:

const Mstring = /** @type {TypedPattern<string>} */ (M.string());
const unknownString = /** @type {unknown} */ ('');

test('mustMatch', t => {
  // @ts-expect-error unknown type
  unknownString.length;
  mustMatch(unknownString, Mstring);
  unknownString.length;
  t.pass();
});

Security Considerations

TypedPattern<T> can make claims that are stronger than the pattern actually enforces.

Scaling Considerations

none

Test Plan

port tests from agoric-sdk

Compatibility / Upgrade Considerations

none that I can think of

cc @turadg @erights

turadg commented 1 month ago

Thanks for filing. Here's the TODO line in agoric-sdk: https://github.com/Agoric/agoric-sdk/blob/1cb791553d0d27df9953304e556652c216988909/packages/store/src/index.js#L63-L67

Of course meanwhile it's fine to import mustMatch from @agoric/internal or @agoric/store.