m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Code

Add levenshtein logic to blacklister.

Browse Source
This commit is contained in:
Kevin Serrano 2017-07-26 15:25:30 -07:00
parent 6a9d40c558
commit 66f6d5a4e0
No known key found for this signature in database
GPG Key ID: BF999DEFC7371BA1
2 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
app/scripts/blacklister.js
View File

@ -1,13 +1,37 @@
const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
const levenshtein = require('fast-levenshtein')
const blacklistedMetaMaskDomains = ['metamask.com']
const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
const LEVENSHTEIN_TOLERANCE = 4
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
function detectBlacklistedDomain() {
var strCurrentTab = window.location.hostname
if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
window.location.href = 'https://metamask.io/phishing.html'
}
function isPhish(hostname) {
var strCurrentTab = hostname
// check if the domain is part of the whitelist.
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
// check if the domain is part of the blacklist.
var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
// check for similar values.
var levenshteinMatched = false
var levenshteinForm = strCurrentTab.replace(/\./g, '')
LEVENSHTEIN_CHECKS.forEach((element) => {
if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
levenshteinMatched = true
}
})
return isBlacklisted || levenshteinMatched
}
window.addEventListener('load', function() {
detectBlacklistedDomain()
window.addEventListener('load', function () {
var hostnameToCheck = window.location.hostname
if (isPhish(hostnameToCheck)) {
window.location.href = 'https://metamask.io/phishing.html'
}
})
module.exports = isPhish

1
package.json
View File

@ -80,6 +80,7 @@
"express": "^4.14.0",
"extension-link-enabler": "^1.0.0",
"extensionizer": "^1.0.0",
"fast-levenshtein": "^2.0.6",
"gulp-eslint": "^2.0.0",
"hat": "0.0.3",
"idb-global": "^1.0.0",