1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 01:39:44 +01:00

Merge branch 'master' into i1805-LiveBlacklistUpdating

This commit is contained in:
Dan Finlay 2017-07-26 16:46:59 -07:00
commit 6675241fa9
5 changed files with 67 additions and 2 deletions

View File

@ -8,6 +8,7 @@
- Fix bugs that could sometimes result in failed transactions after switching networks.
- Include stack traces in txMeta's to better understand the life cycle of transactions
- Enhance blacklister functionality to include levenshtein logic. (credit to @sogoiii and @409H for their help!)
## 3.9.1 2017-7-19

View File

@ -11,6 +11,7 @@ const NotificationManager = require('./lib/notification-manager.js')
const MetamaskController = require('./metamask-controller')
const extension = require('extensionizer')
const firstTimeState = require('./first-time-state')
const isPhish = require('./lib/is-phish')
const STORAGE_KEY = 'metamask-config'
const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG'
@ -153,9 +154,9 @@ function handleNewPageLoad (port, message) {
if (!pageLoaded || !global.metamaskController) return
const state = global.metamaskController.getState()
const { blacklist } = state
const updatedBlacklist = state.blacklist
if (blacklist && blacklist.includes(pageLoaded)) {
if (isPhish({ updatedBlacklist, hostname: pageLoaded })) {
port.postMessage({ 'blacklist': pageLoaded })
}
}

View File

@ -0,0 +1,38 @@
const levenshtein = require('fast-levenshtein')
const blacklistedMetaMaskDomains = ['metamask.com']
let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
const LEVENSHTEIN_TOLERANCE = 4
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
// credit to @sogoiii and @409H for their help!
// Return a boolean on whether or not a phish is detected.
function isPhish({ hostname, updatedBlacklist = null }) {
var strCurrentTab = hostname
// check if the domain is part of the whitelist.
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
// Allow updating of blacklist:
if (updatedBlacklist) {
blacklistedDomains = blacklistedDomains.concat(updatedBlacklist)
}
// check if the domain is part of the blacklist.
const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
// check for similar values.
let levenshteinMatched = false
var levenshteinForm = strCurrentTab.replace(/\./g, '')
LEVENSHTEIN_CHECKS.forEach((element) => {
if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
levenshteinMatched = true
}
})
return isBlacklisted || levenshteinMatched
}
module.exports = isPhish

View File

@ -80,6 +80,7 @@
"express": "^4.14.0",
"extension-link-enabler": "^1.0.0",
"extensionizer": "^1.0.0",
"fast-levenshtein": "^2.0.6",
"gulp-eslint": "^2.0.0",
"hat": "0.0.3",
"idb-global": "^1.0.0",

View File

@ -0,0 +1,24 @@
const assert = require('assert')
const isPhish = require('../../app/scripts/lib/is-phish')
describe('blacklister', function () {
describe('#isPhish', function () {
it('should not flag whitelisted values', function () {
var result = isPhish({ hostname: 'www.metamask.io' })
assert(!result)
})
it('should flag explicit values', function () {
var result = isPhish({ hostname: 'metamask.com' })
assert(result)
})
it('should flag levenshtein values', function () {
var result = isPhish({ hostname: 'metmask.com' })
assert(result)
})
it('should not flag not-even-close values', function () {
var result = isPhish({ hostname: 'example.com' })
assert(!result)
})
})
})