fix: Add scuttle exception for fetch because it is used by chromium image util code when creating notifications

[danjm]

Description

MV3 bug that we needto fix: #24518

In particular, we've got:

LavaMoat - property "fetch" of globalThis is inaccessible under scuttling mode.
at get (chrome-extension://lbnhnppncgilfagdfbanifbfolodkdaf/scripts/runtime-lavamoat.js:13190:11)
  at loadImageDataForServiceWorker (extensions::imageUtil:24:22)
  at loadImageData (extensions::imageUtil:111:5)
  at Object.loadAllImages (extensions::imageUtil:134:5)
  at replaceNotificationOptionURLs (extensions::notifications:89:13)
  at extensions::notifications:116:5
  at chrome-extension://lbnhnppncgilfagdfbanifbfolodkdaf/common-6.js:3:431145
  at new Promise (<anonymous>)
  at Proxy.<anonymous> (chrome-extension://lbnhnppncgilfagdfbanifbfolodkdaf/common-6.js:3:430825)
  at Object.apply (chrome-extension://lbnhnppncgilfagdfbanifbfolodkdaf/common-6.js:3:430244)
  at Object._showNotification (chrome-extension://lbnhnppncgilfagdfbanifbfolodkdaf/common-2.js:1:455026)

The problematic code is in not in our codebase but in chromium, here: https://github.com/chromium/chromium/blob/main/extensions/renderer/resources/image_util.js#L23-L25

You can see that function is named loadImageDataForServiceWorker and it is only used in mv3.

This breaks the browser notification feature.

As can be seen from the commit history and the comments in this PR, we attemtped some solutions that would allow us to provide a modified and tamed fetch to be used for this image fetching. However, there are unknown problems - related to how sentry uses fetch and how sentry is initialized - that interfere with the solutions we attempted. So for now, as discussed with @weizman, the latest commit on the PR just adds a scuttling exception for fetch (and for Offscreen Canvas, which is also needed for the browser notification feature).

We will return to the root problem later, and aim to remove these scuttling exceptions.

Related issues

Fixes: #24518

Manual testing steps

1. yarn dist:mv3
2. install, onboard
3. send a transaction
4. verify that a browser notification is shown once the transaction is confirmed

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbot]

Builds ready [91cb685]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • content-script: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (954 ± 525 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	63	149	93	25	12
		domContentLoaded	9	33	14	7	3
		load	51	2538	954	1094	525
		domInteractive	9	33	14	7	3

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[weizman]

Looks great,

Some important comments.

Also, a more general (yet very important) comment:

We must cache the APIs we're using as part of this feature in order to not trust they aren't being modified later on. SES assures that in practice, but it's still a more secure approach in case we extend this to use APIs that aren't strictly SES protected intrinsics.

So cache and use the test property of RegExp and Error and fetch and Object.hasOwn and so on.

I can help with that part 👍

[weizman]

What's this for?

[danjm]

uh, nothing... dead code from some earlier iteration

[danjm]

removed with 1dd34f9af5

[weizman]

I'd move this function to the upper scope (same as tamedFetch)

[danjm]

done in 1dd34f9af5

[weizman]

Unscuttled -> tamed

[danjm]

Will do. Can you explain that suggestion a bit? I am still building up my understanding of how scuttiling works, and I suspect your suggestion here is meaningful and I could learn something by hearing your thoughts on this suggestion

[weizman]

Yes of course, gladly.
"Unscuttled" is correct, because it is in fact going to be exempt from the scuttling process.
But it's not accurate enough, because "Unscuttled" really reminds something that is being completely over looked, which isn't the case here.
fetch is going to be "Unscuttled" only because we promise to tame it - that is the only legitimate excuse for excepting it from being scuttled.
That is why I think referring to it as tamed rather than unscuttled is important here - so it's clear that we mutated it in order to justify it from not being scuttled.

[danjm]

done in 5467de13d6

[weizman]

We must use defineProperty and set configurable and writable to false. This will instruct the scuttling process to skip fetch, which would allow you to remove the exception from development/build/index.js

[danjm]

done in 1dd34f9af5

[weizman]

What's the importance of the chromeExtensionId below really? I think we can allow fetching images from the chrome-extension scheme for all types of browser extension entities we create

[danjm]

addressed in b769e71328

[weizman]

remove this line once #24631 (comment) is fixed

[weizman]

ACTUALLY - applying the idea behind this PR to the Image exception as well could be very beneficial, as Image is also a very strong capability (just a thought)

[metamaskbot]

Builds ready [e48f02d]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • content-script: 0
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (729 ± 490 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	57	144	86	23	11
		domContentLoaded	9	22	12	4	2
		load	46	2458	729	1021	490
		domInteractive	9	22	12	4	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[danjm]

An issue for further investigation into the root cause of the problem this PR addresses is here #24759

[metamaskbot]

Missing release label release-11.16.6 on PR. Adding release label release-11.16.6 on PR and removing other release labels(release-11.18.0), as PR was cherry-picked in branch 11.16.6.