m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Code

Use URL origin instead of hostname for permission domains (#8717)

Browse Source 
* use URL.origin instead of hostname for tabs and permissions
This commit is contained in:
Erik Marks 2020-06-01 16:24:27 -07:00 committed by GitHub
parent 8afb295e1d
commit 616a446832
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 27 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/scripts/background.js
View File

@ -384,7 +384,7 @@ function setupController (initState, initLangCode) {
if (remotePort.sender && remotePort.sender.tab && remotePort.sender.url) { if (remotePort.sender && remotePort.sender.tab && remotePort.sender.url) {
const tabId = remotePort.sender.tab.id const tabId = remotePort.sender.tab.id
const url = new URL(remotePort.sender.url) const url = new URL(remotePort.sender.url)
const origin = url.hostname const { origin } = url
remotePort.onMessage.addListener((msg) => { remotePort.onMessage.addListener((msg) => {
if (msg.data && msg.data.method === 'eth_requestAccounts') { if (msg.data && msg.data.method === 'eth_requestAccounts') {

6
app/scripts/metamask-controller.js
View File

@ -1487,7 +1487,7 @@ export default class MetamaskController extends EventEmitter {
* @private * @private
* @param {*} connectionStream - The duplex stream to the per-page script, * @param {*} connectionStream - The duplex stream to the per-page script,
* for sending the reload attempt to. * for sending the reload attempt to.
* @param {string} hostname - The URL that triggered the suspicion. * @param {string} hostname - The hostname that triggered the suspicion.
*/ */
sendPhishingWarning (connectionStream, hostname) { sendPhishingWarning (connectionStream, hostname) {
const mux = setupMultiplex(connectionStream) const mux = setupMultiplex(connectionStream)
@ -1538,7 +1538,7 @@ export default class MetamaskController extends EventEmitter {
setupProviderConnection (outStream, sender, isInternal) { setupProviderConnection (outStream, sender, isInternal) {
const origin = isInternal const origin = isInternal
? 'metamask' ? 'metamask'
: (new URL(sender.url)).hostname : (new URL(sender.url)).origin
let extensionId let extensionId
if (sender.id !== extension.runtime.id) { if (sender.id !== extension.runtime.id) {
extensionId = sender.id extensionId = sender.id
@ -1577,7 +1577,7 @@ export default class MetamaskController extends EventEmitter {
/** /**
* A method for creating a provider that is safely restricted for the requesting domain. * A method for creating a provider that is safely restricted for the requesting domain.
* @param {Object} options - Provider engine options * @param {Object} options - Provider engine options
* @param {string} options.origin - The hostname of the sender * @param {string} options.origin - The origin of the sender
* @param {string} options.location - The full URL of the sender * @param {string} options.location - The full URL of the sender
* @param {extensionId} [options.extensionId] - The extension ID of the sender, if the sender is an external extension * @param {extensionId} [options.extensionId] - The extension ID of the sender, if the sender is an external extension
* @param {tabId} [options.tabId] - The tab ID of the sender - if the sender is within a tab * @param {tabId} [options.tabId] - The tab ID of the sender - if the sender is within a tab

8
app/scripts/ui.js
View File

@ -21,7 +21,6 @@ import { EventEmitter } from 'events'
import Dnode from 'dnode' import Dnode from 'dnode'
import Eth from 'ethjs' import Eth from 'ethjs'
import EthQuery from 'eth-query' import EthQuery from 'eth-query'
import urlUtil from 'url'
import launchMetaMaskUi from '../../ui' import launchMetaMaskUi from '../../ui'
import StreamProvider from 'web3-stream-provider' import StreamProvider from 'web3-stream-provider'
import { setupMultiplex } from './lib/stream-utils.js' import { setupMultiplex } from './lib/stream-utils.js'
@ -95,10 +94,9 @@ async function queryCurrentActiveTab (windowType) {
extension.tabs.query({ active: true, currentWindow: true }, (tabs) => { extension.tabs.query({ active: true, currentWindow: true }, (tabs) => {
const [activeTab] = tabs const [activeTab] = tabs
const { title, url } = activeTab const { title, url } = activeTab
const { hostname: origin, protocol } = url ? urlUtil.parse(url) : {} const { origin, protocol } = url ? new URL(url) : {}
resolve({
title, origin, protocol, url, resolve({ title, origin, protocol, url })
})
}) })
}) })
} }

2
test/e2e/signature-request.spec.js
View File

@ -107,7 +107,7 @@ describe('MetaMask', function () {
const address = content[1] const address = content[1]
assert.equal(await title.getText(), 'Signature Request') assert.equal(await title.getText(), 'Signature Request')
assert.equal(await name.getText(), 'Ether Mail') assert.equal(await name.getText(), 'Ether Mail')
assert.equal(await origin.getText(), '127.0.0.1') assert.equal(await origin.getText(), 'http://127.0.0.1:8080')
assert.equal(await address.getText(), publicAddress.slice(0, 8) + '...' + publicAddress.slice(publicAddress.length - 8)) assert.equal(await address.getText(), publicAddress.slice(0, 8) + '...' + publicAddress.slice(publicAddress.length - 8))
}) })

4
test/unit/app/controllers/metamask-controller-test.js
View File

@ -824,7 +824,7 @@ describe('MetaMaskController', function () {
'mock tx params', 'mock tx params',
{ {
...message, ...message,
origin: 'mycrypto.com', origin: 'http://mycrypto.com',
tabId: 456, tabId: 456,
}, },
] ]
@ -865,7 +865,7 @@ describe('MetaMaskController', function () {
'mock tx params', 'mock tx params',
{ {
...message, ...message,
origin: 'mycrypto.com', origin: 'http://mycrypto.com',
}, },
] ]
) )

34
ui/app/selectors/tests/permissions.test.js
View File

@ -17,7 +17,7 @@ describe('selectors', function () {
'icon': 'https://peepeth.com/favicon-32x32.png', 'icon': 'https://peepeth.com/favicon-32x32.png',
'name': 'Peepeth', 'name': 'Peepeth',
}, },
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'icon': 'https://remix.ethereum.org/icon.png', 'icon': 'https://remix.ethereum.org/icon.png',
'name': 'Remix - Ethereum IDE', 'name': 'Remix - Ethereum IDE',
}, },
@ -45,7 +45,7 @@ describe('selectors', function () {
}, },
], ],
}, },
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'permissions': [ 'permissions': [
{ {
'@context': [ '@context': [
@ -62,7 +62,7 @@ describe('selectors', function () {
], ],
'date': 1585685128948, 'date': 1585685128948,
'id': '6b9615cc-64e4-4317-afab-3c4f8ee0244a', 'id': '6b9615cc-64e4-4317-afab-3c4f8ee0244a',
'invoker': 'remix.ethereum.org', 'invoker': 'https://remix.ethereum.org',
'parentCapability': 'eth_accounts', 'parentCapability': 'eth_accounts',
}, },
], ],
@ -80,7 +80,7 @@ describe('selectors', function () {
extensionId, extensionId,
name: 'Remix - Ethereum IDE', name: 'Remix - Ethereum IDE',
icon: 'https://remix.ethereum.org/icon.png', icon: 'https://remix.ethereum.org/icon.png',
key: 'remix.ethereum.org', key: 'https://remix.ethereum.org',
}]) }])
}) })
@ -93,7 +93,7 @@ describe('selectors', function () {
'icon': 'https://peepeth.com/favicon-32x32.png', 'icon': 'https://peepeth.com/favicon-32x32.png',
'name': 'Peepeth', 'name': 'Peepeth',
}, },
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'icon': 'https://remix.ethereum.org/icon.png', 'icon': 'https://remix.ethereum.org/icon.png',
'name': 'Remix - Ethereum IDE', 'name': 'Remix - Ethereum IDE',
}, },
@ -121,7 +121,7 @@ describe('selectors', function () {
}, },
], ],
}, },
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'permissions': [ 'permissions': [
{ {
'@context': [ '@context': [
@ -139,7 +139,7 @@ describe('selectors', function () {
], ],
'date': 1585685128948, 'date': 1585685128948,
'id': '6b9615cc-64e4-4317-afab-3c4f8ee0244a', 'id': '6b9615cc-64e4-4317-afab-3c4f8ee0244a',
'invoker': 'remix.ethereum.org', 'invoker': 'https://remix.ethereum.org',
'parentCapability': 'eth_accounts', 'parentCapability': 'eth_accounts',
}, },
], ],
@ -152,7 +152,7 @@ describe('selectors', function () {
extensionId, extensionId,
name: 'Remix - Ethereum IDE', name: 'Remix - Ethereum IDE',
icon: 'https://remix.ethereum.org/icon.png', icon: 'https://remix.ethereum.org/icon.png',
key: 'remix.ethereum.org', key: 'https://remix.ethereum.org',
}]) }])
}) })
}) })
@ -161,7 +161,7 @@ describe('selectors', function () {
const mockState = { const mockState = {
activeTab: { activeTab: {
'title': 'Eth Sign Tests', 'title': 'Eth Sign Tests',
'origin': 'remix.ethereum.org', 'origin': 'https://remix.ethereum.org',
'protocol': 'https:', 'protocol': 'https:',
'url': 'https://remix.ethereum.org/', 'url': 'https://remix.ethereum.org/',
}, },
@ -185,7 +185,7 @@ describe('selectors', function () {
}, },
cachedBalances: {}, cachedBalances: {},
domains: { domains: {
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'permissions': [ 'permissions': [
{ {
'@context': [ '@context': [
@ -206,7 +206,7 @@ describe('selectors', function () {
], ],
'date': 1586359844177, 'date': 1586359844177,
'id': '3aa65a8b-3bcb-4944-941b-1baa5fe0ed8b', 'id': '3aa65a8b-3bcb-4944-941b-1baa5fe0ed8b',
'invoker': 'remix.ethereum.org', 'invoker': 'https://remix.ethereum.org',
'parentCapability': 'eth_accounts', 'parentCapability': 'eth_accounts',
}, },
], ],
@ -269,7 +269,7 @@ describe('selectors', function () {
], ],
}], }],
permissionsHistory: { permissionsHistory: {
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'eth_accounts': { 'eth_accounts': {
'accounts': { 'accounts': {
'0x7250739de134d33ec7ab1ee592711e15098c9d2d': 1586359844192, '0x7250739de134d33ec7ab1ee592711e15098c9d2d': 1586359844192,
@ -323,7 +323,7 @@ describe('selectors', function () {
const mockState = { const mockState = {
activeTab: { activeTab: {
'title': 'Eth Sign Tests', 'title': 'Eth Sign Tests',
'origin': 'remix.ethereum.org', 'origin': 'https://remix.ethereum.org',
'protocol': 'https:', 'protocol': 'https:',
'url': 'https://remix.ethereum.org/', 'url': 'https://remix.ethereum.org/',
}, },
@ -343,7 +343,7 @@ describe('selectors', function () {
}, },
}, },
domains: { domains: {
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'permissions': [ 'permissions': [
{ {
'@context': [ '@context': [
@ -361,7 +361,7 @@ describe('selectors', function () {
], ],
'date': 1586359844177, 'date': 1586359844177,
'id': '3aa65a8b-3bcb-4944-941b-1baa5fe0ed8b', 'id': '3aa65a8b-3bcb-4944-941b-1baa5fe0ed8b',
'invoker': 'remix.ethereum.org', 'invoker': 'https://remix.ethereum.org',
'parentCapability': 'eth_accounts', 'parentCapability': 'eth_accounts',
}, },
], ],
@ -412,13 +412,13 @@ describe('selectors', function () {
}, },
}, },
domainMetadata: { domainMetadata: {
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'icon': 'https://remix.ethereum.org/icon.png', 'icon': 'https://remix.ethereum.org/icon.png',
'name': 'Remix - Ethereum IDE', 'name': 'Remix - Ethereum IDE',
}, },
}, },
permissionsHistory: { permissionsHistory: {
'remix.ethereum.org': { 'https://remix.ethereum.org': {
'eth_accounts': { 'eth_accounts': {
'accounts': { 'accounts': {
'0x7250739de134d33ec7ab1ee592711e15098c9d2d': 1586359844192, '0x7250739de134d33ec7ab1ee592711e15098c9d2d': 1586359844192,