1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00

Test for transaction security provider (#18000)

* Removed a feature flag

* Add test for transaction security provider

* add rest of the test cases for transaction security provider

* change code

---------

Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net>
This commit is contained in:
dzfjz 2023-03-08 18:48:57 +01:00 committed by GitHub
parent efaaf4fab2
commit 3a3e34a8c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 236 additions and 0 deletions

View File

@ -234,6 +234,7 @@ function defaultFixture() {
useTokenDetection: false,
useCurrencyRateCheck: true,
useMultiAccountBalanceChecker: true,
transactionSecurityCheckEnabled: true,
openSeaTransactionSecurityProviderPopoverHasBeenShown: true,
},
SmartTransactionsController: {
@ -347,6 +348,7 @@ function onboardingFixture() {
useTokenDetection: false,
useCurrencyRateCheck: true,
useMultiAccountBalanceChecker: true,
transactionSecurityCheckEnabled: true,
openSeaTransactionSecurityProviderPopoverHasBeenShown: true,
},
SmartTransactionsController: {

View File

@ -0,0 +1,234 @@
const { strict: assert } = require('assert');
const { convertToHexValue, withFixtures } = require('../helpers');
const FixtureBuilder = require('../fixture-builder');
const OPENSEA_URL =
'https://eos9d7dmfj.execute-api.us-east-1.amazonaws.com/metamask/validate';
/**
* @param {import('mockttp').Mockttp} mockServer - The mock server.
*/
describe('Transaction security provider', function () {
let windowHandles;
async function mockSecurityProviderDetection(mockServer, scenario) {
switch (scenario) {
case 'notMalicious':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 0,
},
};
});
break;
case 'malicious':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 1,
reason:
'If you sign this request, you may lose all of your assets for good',
reason_header: 'This could be a scam',
},
};
});
break;
case 'notSafe':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 2,
reason:
'The security provider didnt detect any known malicious activity, but it still may not be safe to continue.',
reason_header: 'Request may not be safe',
},
};
});
break;
case 'requestNotVerified':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 500,
json: {},
};
});
break;
default:
throw new Error(`Unknown scenario: ${scenario}`);
}
}
const ganacheOptions = {
accounts: [
{
secretKey:
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
balance: convertToHexValue(25000000000000000000),
},
],
};
it('Should return malicious response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'malicious'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#personalSign');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'This could be a scam',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
it('Should return not safe response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'notSafe'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#signTypedData');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request may not be safe',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
it('Should return not malicious response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'notMalicious'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#siwe');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request may not be safe',
tag: 'h5',
});
assert.equal(warningHeader, false);
},
);
});
it('Should return request not verified response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'requestNotVerified'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#signTypedDataV4');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request not verified',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
});