fix: unnecessary, unsafe base-controller patch

[MajorLift]

Description

Removes a recently introduced base-controller patch that assigns the default argument string to the AllowedAction and AllowedEvent generic parameters of the class RestrictedControllerMessenger.

This patch was created in 81e2d18 as part of an intended fix for the breaking changes introduced by @metamask/base-controller v4.0.0. The fix was accomplished by a later commit d3a1dc7 (#8607), but the now-redundant patch was never removed.

This patch is too dangerous to keep as is, because it negates the allowlist security we have in place for our controller-messengers. This potentially enables any messenger to access any external action or event without restrictions.

The CI run shows that removing this patch does not break anything. This is because it's not actually affecting the code in any way (for now).

TL;DR The patch is not only safe to remove -- it's unsafe not to remove.

Related issues

• Fixes issue introduced here feat: bump mobile snaps packages to bring new snaps architecture #8607
• Patch was introduced as an intended fix for [base-controller] getRestricted infers the wrong types when it has no allowed actions/events core#3648. However, this issue is only relevant to the ControllerMessenger.getRestrictedMessenger method, and not to the RestrictedControllerMessenger class that is altered in the patch.

Manual testing steps

Screenshots/Recordings

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I’ve properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 41.60%. Comparing base (e0698b6) to head (ddc1b8e).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8808   +/-   ##
=======================================
  Coverage   41.60%   41.60%           
=======================================
  Files        1269     1269           
  Lines       30859    30859           
  Branches     3082     3082           
=======================================
  Hits        12840    12840           
  Misses      17243    17243           
  Partials      776      776           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: e0d94c3
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/43ebea31-849c-44a8-a2ca-92862ddd15cf

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[mcmire]

Looks good!

[tommasini]

Ow I thought this patch was created because the TS linter was failing. LGTM!

[tommasini]

LGTM