m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-29 07:16:36 +01:00
Code
7086494b72
metamask-extension/test/e2e/tests/phishing-detection.spec.js

293 lines
9.3 KiB
JavaScript
Raw Normal View History

E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
const { strict: assert } = require('assert');
const { convertToHexValue, withFixtures } = require('../helpers');
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2022-10-28 10:42:12 +02:00
const FixtureBuilder = require('../fixture-builder');
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
const STALELIST_URL =
'https://static.metafi.codefi.network/api/v1/lists/stalelist.json';
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
const emptyHtmlPage = `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>title</title>
</head>
<body>
Empty page
</body>
</html>`;
/**
* Setup fetch mocks for the phishing detection feature.
*
* The mock configuration will show that "127.0.0.1" is blocked. The dynamic lookup on the warning
* page can be customized, so that we can test both the MetaMask and PhishFort block cases.
*
* @param {import('mockttp').Mockttp} mockServer - The mock server.
* @param {object} metamaskPhishingConfigResponse - The response for the dynamic phishing
* configuration lookup performed by the warning page.
*/
async function setupPhishingDetectionMocks(
mockServer,
metamaskPhishingConfigResponse,
) {
await mockServer.forGet(STALELIST_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
version: 2,
tolerance: 2,
fuzzylist: [],
allowlist: [],
blocklist: ['127.0.0.1'],
lastUpdated: 0,
},
};
});
await mockServer
.forGet('https://github.com/MetaMask/eth-phishing-detect/issues/new')
.thenCallback(() => {
return {
statusCode: 200,
body: emptyHtmlPage,
};
});
await mockServer
.forGet('https://github.com/phishfort/phishfort-lists/issues/new')
.thenCallback(() => {
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
return {
statusCode: 200,
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
body: emptyHtmlPage,
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
};
});
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
await mockServer
.forGet(
'https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/master/src/config.json',
)
.thenCallback(() => metamaskPhishingConfigResponse);
}
describe('Phishing Detection', function () {
function mockPhishingDetection(mockServer) {
setupPhishingDetectionMocks(mockServer, {
statusCode: 200,
json: {
version: 2,
tolerance: 2,
fuzzylist: [],
whitelist: [],
blacklist: ['127.0.0.1'],
lastUpdated: 0,
},
});
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
}
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
const ganacheOptions = {
accounts: [
{
secretKey:
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
balance: convertToHexValue(25000000000000000000),
},
],
};
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
it('should display the MetaMask Phishing Detection page and take the user to the blocked page if they continue', async function () {
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2022-10-28 10:42:12 +02:00
fixtures: new FixtureBuilder().build(),
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
dapp: true,
failOnConsoleError: false,
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
await driver.openNewPage('http://127.0.0.1:8080');
await driver.clickElement({
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
text: 'continue to the site.',
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
});
const header = await driver.findElement('h1');
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe and take the user to the blocked page if they continue', async function () {
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2022-10-28 10:42:12 +02:00
fixtures: new FixtureBuilder().build(),
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
dapp: true,
dappPaths: ['mock-page-with-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
await driver.navigate();
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://localhost:8080/');
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
Fix e2e tests The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`. The iframe case was updated with a new design, which required test changes. The third test that was meant to ensure the phishing page can't redirect to an extension page has been updated to navigate directly to the phishing warning page and setting the URL manually via query parameters, as that was the only way to test that redirect.
2022-05-16 22:55:48 +02:00
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
await driver.clickElement({
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
text: 'continue to the site.',
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
});
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
const header = await driver.findElement('h1');
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe but should NOT take the user to the blocked page if it is not an accessible resource', async function () {
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2022-10-28 10:42:12 +02:00
fixtures: new FixtureBuilder().build(),
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
2022-05-06 00:28:48 +02:00
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
dapp: true,
dappPaths: ['mock-page-with-disallowed-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(
`http://localhost:8080?extensionUrl=${driver.extensionUrl}`,
);
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
Fix e2e tests The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`. The iframe case was updated with a new design, which required test changes. The third test that was meant to ensure the phishing page can't redirect to an extension page has been updated to navigate directly to the phishing warning page and setting the URL manually via query parameters, as that was the only way to test that redirect.
2022-05-16 22:55:48 +02:00
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
await driver.clickElement({
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
text: 'continue to the site.',
Fix e2e tests The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`. The iframe case was updated with a new design, which required test changes. The third test that was meant to ensure the phishing page can't redirect to an extension page has been updated to navigate directly to the phishing warning page and setting the URL manually via query parameters, as that was the only way to test that redirect.
2022-05-16 22:55:48 +02:00
});
// Ensure we're not on the wallet home page
await driver.assertElementNotPresent('[data-testid="wallet-balance"]');
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
},
);
});
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
it('should navigate the user to eth-phishing-detect to dispute a block if the phishing warning page fails to identify the source', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: (mockServer) => {
setupPhishingDetectionMocks(mockServer, { statusCode: 500 });
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080');
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({ text: 'Empty page' });
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
);
},
);
});
it('should navigate the user to eth-phishing-detect to dispute a block from MetaMask', async function () {
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2022-10-28 10:42:12 +02:00
fixtures: new FixtureBuilder().build(),
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
ganacheOptions,
title: this.test.title,
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
testSpecificMock: mockPhishingDetection,
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080');
Update the PhishingController to v2 and update phishing warning page (#17835) The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
2023-02-24 16:09:00 +01:00
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({ text: 'Empty page' });
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
);
},
);
});
it('should navigate the user to PhishFort to dispute a block from MetaMask', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: (mockServer) => {
setupPhishingDetectionMocks(mockServer, {
statusCode: 200,
json: {
version: 2,
tolerance: 2,
fuzzylist: [],
whitelist: [],
blacklist: [],
lastUpdated: 0,
},
});
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080');
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({ text: 'Empty page' });
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2022-07-18 16:43:30 +02:00
);
},
);
});
E2e phishing detection (#13704) * phishing detection test * remove unused arg
2022-02-22 17:48:12 +01:00
});
Copy Permalink