metamask-extension/app/scripts/lib/ppom/ppom-middleware.ts

import { PPOM } from '@blockaid/ppom';
import { PPOMController } from '@metamask/ppom-validator';

import {
  BlockaidReason,
  BlockaidResultType,
} from '../../../../shared/constants/security-provider';
import PreferencesController from '../../controllers/preferences';

const { sentry } = global as any;

const ConfirmationMethods = Object.freeze([
  'eth_sendRawTransaction',
  'eth_sendTransaction',
  'eth_sign',
  'eth_signTypedData',
  'eth_signTypedData_v1',
  'eth_signTypedData_v3',
  'eth_signTypedData_v4',
  'personal_sign',
]);

/**
 * Middleware function that handles JSON RPC requests.
 * This function will be called for every JSON RPC request.
 * It will call the PPOM to check if the request is malicious or benign.
 * If the request is benign, it will be forwarded to the next middleware.
 * If the request is malicious or warning, it will trigger the PPOM alert dialog,
 * after the user has confirmed or rejected the request,
 * the request will be forwarded to the next middleware, together with the PPOM response.
 *
 * @param ppomController - Instance of PPOMController.
 * @param preferencesController - Instance of PreferenceController.
 * @returns PPOMMiddleware function.
 */
export function createPPOMMiddleware(
  ppomController: PPOMController,
  preferencesController: PreferencesController,
) {
  return async (req: any, _res: any, next: () => void) => {
    try {
      const securityAlertsEnabled =
        preferencesController.store.getState()?.securityAlertsEnabled;
      if (securityAlertsEnabled && ConfirmationMethods.includes(req.method)) {
        // eslint-disable-next-line require-atomic-updates
        req.securityAlertResponse = await ppomController.usePPOM(
          async (ppom: PPOM) => {
            return ppom.validateJsonRpc(req);
          },
        );
      }
    } catch (error: any) {
      sentry?.captureException(error);
      console.error('Error validating JSON RPC using PPOM: ', error);
      req.securityAlertResponse = {
        result_type: BlockaidResultType.Failed,
        reason: BlockaidReason.failed,
        description: 'Validating the confirmation failed by throwing error.',
      };
    } finally {
      next();
    }
  };
}
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`import { PPOM } from '@blockaid/ppom';`
			`import { PPOMController } from '@metamask/ppom-validator';`

Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`import {`
			`BlockaidReason,`
			`BlockaidResultType,`
			`} from '../../../../shared/constants/security-provider';`
Fix import that was resulting in a `depcheck` error (#20383) An import was introduced in #20125 that was broken. It was importing from `app/` instead of using a relative import. This was causing the CI "depcheck" job to fail. The import has been updated to use a relative path. 2023-08-03 16:56:05 +02:00			`import PreferencesController from '../../controllers/preferences';`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00
			`const { sentry } = global as any;`

Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`const ConfirmationMethods = Object.freeze([`
			`'eth_sendRawTransaction',`
			`'eth_sendTransaction',`
			`'eth_sign',`
			`'eth_signTypedData',`
			`'eth_signTypedData_v1',`
			`'eth_signTypedData_v3',`
			`'eth_signTypedData_v4',`
			`'personal_sign',`
			`]);`

			`/**`
			`* Middleware function that handles JSON RPC requests.`
			`* This function will be called for every JSON RPC request.`
			`* It will call the PPOM to check if the request is malicious or benign.`
			`* If the request is benign, it will be forwarded to the next middleware.`
			`* If the request is malicious or warning, it will trigger the PPOM alert dialog,`
			`* after the user has confirmed or rejected the request,`
			`* the request will be forwarded to the next middleware, together with the PPOM response.`
			`*`
			`* @param ppomController - Instance of PPOMController.`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`* @param preferencesController - Instance of PreferenceController.`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`* @returns PPOMMiddleware function.`
			`*/`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`export function createPPOMMiddleware(`
			`ppomController: PPOMController,`
			`preferencesController: PreferencesController,`
			`) {`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`return async (req: any, _res: any, next: () => void) => {`
			`try {`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`const securityAlertsEnabled =`
			`preferencesController.store.getState()?.securityAlertsEnabled;`
			`if (securityAlertsEnabled && ConfirmationMethods.includes(req.method)) {`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`// eslint-disable-next-line require-atomic-updates`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`req.securityAlertResponse = await ppomController.usePPOM(`
			`async (ppom: PPOM) => {`
			`return ppom.validateJsonRpc(req);`
			`},`
			`);`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`}`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`} catch (error: any) {`
			`sentry?.captureException(error);`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`console.error('Error validating JSON RPC using PPOM: ', error);`
Confirmation page alerts (#20125) 2023-08-03 12:54:54 +02:00			`req.securityAlertResponse = {`
			`result_type: BlockaidResultType.Failed,`
			`reason: BlockaidReason.failed,`
			`description: 'Validating the confirmation failed by throwing error.',`
			`};`
Updating extension for ppom-validator updates (#20000) 2023-07-26 01:58:33 +02:00			`} finally {`
			`next();`
			`}`
			`};`
			`}`