mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 09:52:26 +01:00
Replace blacklist/whitelist with blocklist/safelist (#8765)
* blacklist -> blocklist; whitelist -> safelist * blocklisted -> blocked Co-authored-by: Erik Marks <rekmarks@protonmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com>
This commit is contained in:
commit
2873053d45
@ -319,7 +319,7 @@ function setupController (initState, initLangCode) {
|
||||
[ENVIRONMENT_TYPE_FULLSCREEN]: true,
|
||||
}
|
||||
|
||||
const metamaskBlacklistedPorts = [
|
||||
const metamaskBlockedPorts = [
|
||||
'trezor-connect',
|
||||
]
|
||||
|
||||
@ -343,7 +343,7 @@ function setupController (initState, initLangCode) {
|
||||
const processName = remotePort.name
|
||||
const isMetaMaskInternalProcess = metamaskInternalProcessHash[processName]
|
||||
|
||||
if (metamaskBlacklistedPorts.includes(remotePort.name)) {
|
||||
if (metamaskBlockedPorts.includes(remotePort.name)) {
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -127,7 +127,7 @@ function logStreamDisconnectWarning (remoteLabel, err) {
|
||||
*/
|
||||
function shouldInjectProvider () {
|
||||
return doctypeCheck() && suffixCheck() &&
|
||||
documentElementCheck() && !blacklistedDomainCheck()
|
||||
documentElementCheck() && !blockedDomainCheck()
|
||||
}
|
||||
|
||||
/**
|
||||
@ -181,12 +181,12 @@ function documentElementCheck () {
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the current domain is blacklisted
|
||||
* Checks if the current domain is blocked
|
||||
*
|
||||
* @returns {boolean} {@code true} - if the current domain is blacklisted
|
||||
* @returns {boolean} {@code true} - if the current domain is blocked
|
||||
*/
|
||||
function blacklistedDomainCheck () {
|
||||
const blacklistedDomains = [
|
||||
function blockedDomainCheck () {
|
||||
const blockedDomains = [
|
||||
'uscourts.gov',
|
||||
'dropbox.com',
|
||||
'webbyawards.com',
|
||||
@ -200,9 +200,9 @@ function blacklistedDomainCheck () {
|
||||
]
|
||||
const currentUrl = window.location.href
|
||||
let currentRegex
|
||||
for (let i = 0; i < blacklistedDomains.length; i++) {
|
||||
const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')
|
||||
currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
|
||||
for (let i = 0; i < blockedDomains.length; i++) {
|
||||
const blockedDomain = blockedDomains[i].replace('.', '\\.')
|
||||
currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blockedDomain}).)*$`)
|
||||
if (!currentRegex.test(currentUrl)) {
|
||||
return true
|
||||
}
|
||||
|
@ -25,7 +25,7 @@ import NonceTracker from 'nonce-tracker'
|
||||
import * as txUtils from './lib/util'
|
||||
import cleanErrorStack from '../../lib/cleanErrorStack'
|
||||
import log from 'loglevel'
|
||||
import { throwIfAccountIsBlacklisted } from './lib/recipient-blacklist-checker'
|
||||
import { throwIfAccountIsBlocked } from './lib/recipient-blocklist-checker'
|
||||
|
||||
import {
|
||||
TRANSACTION_TYPE_CANCEL,
|
||||
@ -241,7 +241,7 @@ export default class TransactionController extends EventEmitter {
|
||||
this.emit('newUnapprovedTx', txMeta)
|
||||
|
||||
try {
|
||||
throwIfAccountIsBlacklisted(txMeta.metamaskNetworkId, normalizedTxParams.to)
|
||||
throwIfAccountIsBlocked(txMeta.metamaskNetworkId, normalizedTxParams.to)
|
||||
txMeta = await this.addTxGasDefaults(txMeta, getCodeResponse)
|
||||
} catch (error) {
|
||||
log.warn(error)
|
||||
|
@ -1,19 +0,0 @@
|
||||
import blacklist from './recipient-blacklist'
|
||||
|
||||
/**
|
||||
* Checks if a specified account on a specified network is blacklisted
|
||||
* @param {number} networkId
|
||||
* @param {string} account
|
||||
* @throws {Error} if the account is blacklisted on mainnet
|
||||
*/
|
||||
export function throwIfAccountIsBlacklisted (networkId, account) {
|
||||
const mainnetId = 1
|
||||
if (networkId !== mainnetId) {
|
||||
return
|
||||
}
|
||||
|
||||
const accountToCheck = account.toLowerCase()
|
||||
if (blacklist.includes(accountToCheck)) {
|
||||
throw new Error('Recipient is a public account')
|
||||
}
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
import blocklist from './recipient-blocklist'
|
||||
|
||||
/**
|
||||
* Checks if a specified account on a specified network is blocked
|
||||
* @param {number} networkId
|
||||
* @param {string} account
|
||||
* @throws {Error} if the account is blocked on mainnet
|
||||
*/
|
||||
export function throwIfAccountIsBlocked (networkId, account) {
|
||||
const mainnetId = 1
|
||||
if (networkId !== mainnetId) {
|
||||
return
|
||||
}
|
||||
|
||||
const accountToCheck = account.toLowerCase()
|
||||
if (blocklist.includes(accountToCheck)) {
|
||||
throw new Error('Recipient is a public account')
|
||||
}
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
const blacklist = [
|
||||
const blocklist = [
|
||||
// IDEX phisher
|
||||
'0x9bcb0A9d99d815Bb87ee3191b1399b1Bcc46dc77',
|
||||
// Ganache default seed phrases
|
||||
@ -14,4 +14,4 @@ const blacklist = [
|
||||
'0x5aeda56215b167893e80b4fe645ba6d5bab767de',
|
||||
]
|
||||
|
||||
export default blacklist
|
||||
export default blocklist
|
@ -457,6 +457,9 @@ export default class MetamaskController extends EventEmitter {
|
||||
markPasswordForgotten: this.markPasswordForgotten.bind(this),
|
||||
unMarkPasswordForgotten: this.unMarkPasswordForgotten.bind(this),
|
||||
buyEth: this.buyEth.bind(this),
|
||||
safelistPhishingDomain: this.safelistPhishingDomain.bind(this),
|
||||
getRequestAccountTabIds: (cb) => cb(null, this.getRequestAccountTabIds()),
|
||||
getOpenMetamaskTabsIds: (cb) => cb(null, this.getOpenMetamaskTabsIds()),
|
||||
|
||||
// primary HD keyring management
|
||||
addNewAccount: nodeify(this.addNewAccount, this),
|
||||
@ -494,9 +497,6 @@ export default class MetamaskController extends EventEmitter {
|
||||
completeOnboarding: nodeify(preferencesController.completeOnboarding, preferencesController),
|
||||
addKnownMethodData: nodeify(preferencesController.addKnownMethodData, preferencesController),
|
||||
|
||||
// BlacklistController
|
||||
whitelistPhishingDomain: this.whitelistPhishingDomain.bind(this),
|
||||
|
||||
// AddressController
|
||||
setAddressBook: nodeify(this.addressBookController.set, this.addressBookController),
|
||||
removeFromAddressBook: this.addressBookController.delete.bind(this.addressBookController),
|
||||
@ -572,9 +572,6 @@ export default class MetamaskController extends EventEmitter {
|
||||
addPermittedAccount: nodeify(permissionsController.addPermittedAccount, permissionsController),
|
||||
removePermittedAccount: nodeify(permissionsController.removePermittedAccount, permissionsController),
|
||||
requestAccountsPermission: nodeify(permissionsController.requestAccountsPermission, permissionsController),
|
||||
|
||||
getRequestAccountTabIds: (cb) => cb(null, this.getRequestAccountTabIds()),
|
||||
getOpenMetamaskTabsIds: (cb) => cb(null, this.getOpenMetamaskTabsIds()),
|
||||
}
|
||||
}
|
||||
|
||||
@ -1446,7 +1443,7 @@ export default class MetamaskController extends EventEmitter {
|
||||
setupUntrustedCommunication (connectionStream, sender) {
|
||||
const { usePhishDetect } = this.preferencesController.store.getState()
|
||||
const hostname = (new URL(sender.url)).hostname
|
||||
// Check if new connection is blacklisted if phishing detection is on
|
||||
// Check if new connection is blocked if phishing detection is on
|
||||
if (usePhishDetect && this.phishingController.test(hostname)) {
|
||||
log.debug('MetaMask - sending phishing warning for', hostname)
|
||||
this.sendPhishingWarning(connectionStream, hostname)
|
||||
@ -2043,10 +2040,10 @@ export default class MetamaskController extends EventEmitter {
|
||||
*/
|
||||
|
||||
/**
|
||||
* Adds a domain to the PhishingController whitelist
|
||||
* @param {string} hostname - the domain to whitelist
|
||||
* Adds a domain to the PhishingController safelist
|
||||
* @param {string} hostname - the domain to safelist
|
||||
*/
|
||||
whitelistPhishingDomain (hostname) {
|
||||
safelistPhishingDomain (hostname) {
|
||||
return this.phishingController.bypass(hostname)
|
||||
}
|
||||
|
||||
|
@ -27,7 +27,7 @@ function start () {
|
||||
|
||||
const continueLink = document.getElementById('unsafe-continue')
|
||||
continueLink.addEventListener('click', () => {
|
||||
metaMaskController.whitelistPhishingDomain(suspect.hostname)
|
||||
metaMaskController.safelistPhishingDomain(suspect.hostname)
|
||||
window.location.href = suspect.href
|
||||
})
|
||||
})
|
||||
|
@ -1,9 +1,9 @@
|
||||
import { strict as assert } from 'assert'
|
||||
import { throwIfAccountIsBlacklisted } from '../../../../../app/scripts/controllers/transactions/lib/recipient-blacklist-checker'
|
||||
import { throwIfAccountIsBlocked } from '../../../../../app/scripts/controllers/transactions/lib/recipient-blocklist-checker'
|
||||
import { ROPSTEN_NETWORK_ID, RINKEBY_NETWORK_ID, KOVAN_NETWORK_ID, GOERLI_NETWORK_ID } from '../../../../../app/scripts/controllers/network/enums'
|
||||
|
||||
describe('Recipient Blacklist Checker', function () {
|
||||
describe('#throwIfAccountIsBlacklisted', function () {
|
||||
describe('Recipient Blocklist Checker', function () {
|
||||
describe('#throwIfAccountIsBlocked', function () {
|
||||
// Accounts from Ganache's original default seed phrase
|
||||
const publicAccounts = [
|
||||
'0x627306090abab3a6e1400e9345bc60c78a8bef57',
|
||||
@ -22,7 +22,7 @@ describe('Recipient Blacklist Checker', function () {
|
||||
const networks = [ROPSTEN_NETWORK_ID, RINKEBY_NETWORK_ID, KOVAN_NETWORK_ID, GOERLI_NETWORK_ID]
|
||||
for (const networkId of networks) {
|
||||
for (const account of publicAccounts) {
|
||||
assert.doesNotThrow(() => throwIfAccountIsBlacklisted(networkId, account))
|
||||
assert.doesNotThrow(() => throwIfAccountIsBlocked(networkId, account))
|
||||
}
|
||||
}
|
||||
})
|
||||
@ -30,7 +30,7 @@ describe('Recipient Blacklist Checker', function () {
|
||||
it('fails on mainnet', function () {
|
||||
for (const account of publicAccounts) {
|
||||
assert.throws(
|
||||
() => throwIfAccountIsBlacklisted(1, account),
|
||||
() => throwIfAccountIsBlocked(1, account),
|
||||
{ message: 'Recipient is a public account' },
|
||||
)
|
||||
}
|
||||
@ -38,14 +38,14 @@ describe('Recipient Blacklist Checker', function () {
|
||||
|
||||
it('fails for public account - uppercase', function () {
|
||||
assert.throws(
|
||||
() => throwIfAccountIsBlacklisted(1, '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'),
|
||||
() => throwIfAccountIsBlocked(1, '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'),
|
||||
{ message: 'Recipient is a public account' },
|
||||
)
|
||||
})
|
||||
|
||||
it('fails for public account - lowercase', function () {
|
||||
assert.throws(
|
||||
() => throwIfAccountIsBlacklisted(1, '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'),
|
||||
() => throwIfAccountIsBlocked(1, '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'),
|
||||
{ message: 'Recipient is a public account' },
|
||||
)
|
||||
})
|
Loading…
Reference in New Issue
Block a user