Merge branch 'master' into transactionControllerRefractor

2024-10-22 19:26:13 +02:00 · 2017-08-04 14:45:22 -04:00 · 2017-08-04 14:45:22 -04:00 · 89a4fef1e4
commit 89a4fef1e4
parent fa3df576bc c4cb371ce8
20 changed files with 188 additions and 160 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,9 @@

 ## Current Master

+## 3.9.3 2017-8-03
+
+- Add support for EGO uport token
 - Continuously update blacklist for known phishing sites in background.
 - Automatically detect suspicious URLs too similar to common phishing targets, and blacklist them.

--- a/app/manifest.json
+++ b/app/manifest.json
@ -1,7 +1,7 @@
 {
  "name": "MetaMask",
  "short_name": "Metamask",
-  "version": "3.9.2",
+  "version": "3.9.3",
  "manifest_version": 2,
  "author": "https://metamask.io",
  "description": "Ethereum Browser Extension",
@ -52,15 +52,6 @@
      ],
      "run_at": "document_start",
      "all_frames": true
-    },
-    {
-      "run_at": "document_start",
-      "matches": [
-        "http://*/*",
-        "https://*/*"
-      ],
-      "js": ["scripts/blacklister.js"],
-      "all_frames": true
    }
  ],
  "permissions": [
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@ -11,7 +11,6 @@ const NotificationManager = require('./lib/notification-manager.js')
 const MetamaskController = require('./metamask-controller')
 const extension = require('extensionizer')
 const firstTimeState = require('./first-time-state')
-const isPhish = require('./lib/is-phish')

 const STORAGE_KEY = 'metamask-config'
 const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG'
@ -91,16 +90,12 @@ function setupController (initState) {

  extension.runtime.onConnect.addListener(connectRemote)
  function connectRemote (remotePort) {
-    if (remotePort.name === 'blacklister') {
-      return checkBlacklist(remotePort)
-    }
-
-    var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
-    var portStream = new PortStream(remotePort)
+    const isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
+    const portStream = new PortStream(remotePort)
    if (isMetaMaskInternalProcess) {
      // communication with popup
      popupIsOpen = popupIsOpen || (remotePort.name === 'popup')
-      controller.setupTrustedCommunication(portStream, 'MetaMask', remotePort.name)
+      controller.setupTrustedCommunication(portStream, 'MetaMask')
      // record popup as closed
      if (remotePort.name === 'popup') {
        endOfStream(portStream, () => {
@ -109,7 +104,7 @@ function setupController (initState) {
      }
    } else {
      // communication with page
-      var originDomain = urlUtil.parse(remotePort.sender.url).hostname
+      const originDomain = urlUtil.parse(remotePort.sender.url).hostname
      controller.setupUntrustedCommunication(portStream, originDomain)
    }
  }
@ -140,27 +135,6 @@ function setupController (initState) {
  return Promise.resolve()
 }

-// Listen for new pages and return if blacklisted:
-function checkBlacklist (port) {
-  const handler = handleNewPageLoad.bind(null, port)
-  port.onMessage.addListener(handler)
-  setTimeout(() => {
-    port.onMessage.removeListener(handler)
-  }, 30000)
-}
-
-function handleNewPageLoad (port, message) {
-  const { pageLoaded } = message
-  if (!pageLoaded || !global.metamaskController) return
-
-  const state = global.metamaskController.getState()
-  const updatedBlacklist = state.blacklist
-
-  if (isPhish({ updatedBlacklist, hostname: pageLoaded })) {
-    port.postMessage({ 'blacklist': pageLoaded })
-  }
-}
-
 //
 // Etc...
 //
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@ -1,14 +0,0 @@
-const extension = require('extensionizer')
-
-var port = extension.runtime.connect({name: 'blacklister'})
-port.postMessage({ 'pageLoaded': window.location.hostname })
-port.onMessage.addListener(redirectIfBlacklisted)
-
-function redirectIfBlacklisted (response) {
-  const { blacklist } = response
-  const host = window.location.hostname
-  if (blacklist && blacklist === host) {
-    window.location.href = 'https://metamask.io/phishing.html'
-  }
-}
-
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@ -37,28 +37,33 @@ function setupInjection () {

 function setupStreams () {
  // setup communication to page and plugin
-  var pageStream = new LocalMessageDuplexStream({
+  const pageStream = new LocalMessageDuplexStream({
    name: 'contentscript',
    target: 'inpage',
  })
  pageStream.on('error', console.error)
-  var pluginPort = extension.runtime.connect({name: 'contentscript'})
-  var pluginStream = new PortStream(pluginPort)
+  const pluginPort = extension.runtime.connect({ name: 'contentscript' })
+  const pluginStream = new PortStream(pluginPort)
  pluginStream.on('error', console.error)

  // forward communication plugin->inpage
  pageStream.pipe(pluginStream).pipe(pageStream)

  // setup local multistream channels
-  var mx = ObjectMultiplex()
+  const mx = ObjectMultiplex()
  mx.on('error', console.error)
  mx.pipe(pageStream).pipe(mx)
+  mx.pipe(pluginStream).pipe(mx)

  // connect ping stream
-  var pongStream = new PongStream({ objectMode: true })
+  const pongStream = new PongStream({ objectMode: true })
  pongStream.pipe(mx.createStream('pingpong')).pipe(pongStream)

-  // ignore unused channels (handled by background)
+  // connect phishing warning stream
+  const phishingStream = mx.createStream('phishing')
+  phishingStream.once('data', redirectToPhishingWarning)
+
+  // ignore unused channels (handled by background, inpage)
  mx.ignoreStream('provider')
  mx.ignoreStream('publicConfig')
 }
@ -88,3 +93,8 @@ function suffixCheck () {
  }
  return true
 }
+
+function redirectToPhishingWarning () {
+  console.log('MetaMask - redirecting to phishing warning')
+  window.location.href = 'https://metamask.io/phishing.html'
+}
--- a/app/scripts/controllers/blacklist.js
+++ b/app/scripts/controllers/blacklist.js
@ -0,0 +1,58 @@
+const ObservableStore = require('obs-store')
+const extend = require('xtend')
+const PhishingDetector = require('eth-phishing-detect/src/detector')
+
+// compute phishing lists
+const PHISHING_DETECTION_CONFIG = require('eth-phishing-detect/src/config.json')
+// every ten minutes
+const POLLING_INTERVAL = 10 * 60 * 1000
+
+class BlacklistController {
+
+  constructor (opts = {}) {
+    const initState = extend({
+      phishing: PHISHING_DETECTION_CONFIG,
+    }, opts.initState)
+    this.store = new ObservableStore(initState)
+    // phishing detector
+    this._phishingDetector = null
+    this._setupPhishingDetector(initState.phishing)
+    // polling references
+    this._phishingUpdateIntervalRef = null
+  }
+
+  //
+  // PUBLIC METHODS
+  //
+
+  checkForPhishing (hostname) {
+    if (!hostname) return false
+    const { result } = this._phishingDetector.check(hostname)
+    return result
+  }
+
+  async updatePhishingList () {
+    const response = await fetch('https://api.infura.io/v2/blacklist')
+    const phishing = await response.json()
+    this.store.updateState({ phishing })
+    this._setupPhishingDetector(phishing)
+    return phishing
+  }
+
+  scheduleUpdates () {
+    if (this._phishingUpdateIntervalRef) return
+    this._phishingUpdateIntervalRef = setInterval(() => {
+      this.updatePhishingList()
+    }, POLLING_INTERVAL)
+  }
+
+  //
+  // PRIVATE METHODS
+  //
+
+  _setupPhishingDetector (config) {
+    this._phishingDetector = new PhishingDetector(config)
+  }
+}
+
+module.exports = BlacklistController
--- a/app/scripts/controllers/infura.js
+++ b/app/scripts/controllers/infura.js
@ -1,16 +1,14 @@
 const ObservableStore = require('obs-store')
 const extend = require('xtend')
-const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')

 // every ten minutes
-const POLLING_INTERVAL = 300000
+const POLLING_INTERVAL = 10 * 60 * 1000

 class InfuraController {

  constructor (opts = {}) {
    const initState = extend({
      infuraNetworkStatus: {},
-      blacklist: recentBlacklist,
    }, opts.initState)
    this.store = new ObservableStore(initState)
  }
@ -32,24 +30,12 @@ class InfuraController {
      })
  }

-  updateLocalBlacklist () {
-    return fetch('https://api.infura.io/v1/blacklist')
-      .then(response => response.json())
-      .then((parsedResponse) => {
-        this.store.updateState({
-          blacklist: parsedResponse,
-        })
-        return parsedResponse
-      })
-  }
-
  scheduleInfuraNetworkCheck () {
    if (this.conversionInterval) {
      clearInterval(this.conversionInterval)
    }
    this.conversionInterval = setInterval(() => {
      this.checkInfuraNetworkStatus()
-      this.updateLocalBlacklist()
    }, POLLING_INTERVAL)
  }
 }
--- a/app/scripts/controllers/transactions.js
+++ b/app/scripts/controllers/transactions.js
@ -6,7 +6,6 @@ const ethUtil = require('ethereumjs-util')
 const EthQuery = require('ethjs-query')
 const TxProviderUtil = require('../lib/tx-utils')
 const PendingTransactionUtils = require('../lib/pending-tx-watchers')
-const getStack = require('../lib/util').getStack
 const createId = require('../lib/random-id')
 const NonceTracker = require('../lib/nonce-tracker')

@ -125,8 +124,6 @@ module.exports = class TransactionController extends EventEmitter {
    const txMetaForHistory = clone(txMeta)
    // dont include previous history in this snapshot
    delete txMetaForHistory.history
-    // add stack to help understand why tx was updated
-    txMetaForHistory.stack = getStack()
    // add snapshot to tx history
    if (!txMeta.history) txMeta.history = []
    txMeta.history.push(txMetaForHistory)
--- a/app/scripts/lib/inpage-provider.js
+++ b/app/scripts/lib/inpage-provider.js
@ -26,6 +26,9 @@ function MetamaskInpageProvider (connectionStream) {
    (err) => logStreamDisconnectWarning('MetaMask PublicConfigStore', err)
  )

+  // ignore phishing warning message (handled elsewhere)
+  multiStream.ignoreStream('phishing') 
+
  // connect to async provider
  const asyncProvider = self.asyncProvider = new StreamProvider()
  pipe(
--- a/app/scripts/lib/is-phish.js
+++ b/app/scripts/lib/is-phish.js
@ -1,38 +0,0 @@
-const levenshtein = require('fast-levenshtein')
-const blacklistedMetaMaskDomains = ['metamask.com']
-let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
-const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
-const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
-const LEVENSHTEIN_TOLERANCE = 4
-const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-
-
-// credit to @sogoiii and @409H for their help!
-// Return a boolean on whether or not a phish is detected.
-function isPhish({ hostname, updatedBlacklist = null }) {
-  var strCurrentTab = hostname
-
-  // check if the domain is part of the whitelist.
-  if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
-
-  // Allow updating of blacklist:
-  if (updatedBlacklist) {
-    blacklistedDomains = blacklistedDomains.concat(updatedBlacklist)
-  }
-
-  // check if the domain is part of the blacklist.
-  const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
-
-  // check for similar values.
-  let levenshteinMatched = false
-  var levenshteinForm = strCurrentTab.replace(/\./g, '')
-  LEVENSHTEIN_CHECKS.forEach((element) => {
-    if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
-      levenshteinMatched = true
-    }
-  })
-
-  return isBlacklisted || levenshteinMatched
-}
-
-module.exports = isPhish
--- a/app/scripts/lib/nodeify.js
+++ b/app/scripts/lib/nodeify.js
@ -1,9 +1,10 @@
 const promiseToCallback = require('promise-to-callback')

-module.exports = function(fn, context) {
+module.exports = function nodeify (fn, context) {
  return function(){
    const args = [].slice.call(arguments)
    const callback = args.pop()
+    if (typeof callback !== 'function') throw new Error('callback is not a function')
    promiseToCallback(fn.apply(context, args))(callback)
  }
 }
--- a/app/scripts/lib/obj-multiplex.js
+++ b/app/scripts/lib/obj-multiplex.js
@ -5,12 +5,16 @@ module.exports = ObjectMultiplex
 function ObjectMultiplex (opts) {
  opts = opts || {}
  // create multiplexer
-  var mx = through.obj(function (chunk, enc, cb) {
-    var name = chunk.name
-    var data = chunk.data
-    var substream = mx.streams[name]
+  const mx = through.obj(function (chunk, enc, cb) {
+    const name = chunk.name
+    const data = chunk.data
+    if (!name) {
+      console.warn(`ObjectMultiplex - Malformed chunk without name "${chunk}"`)
+      return cb()
+    }
+    const substream = mx.streams[name]
    if (!substream) {
-      console.warn(`orphaned data for stream "${name}"`)
+      console.warn(`ObjectMultiplex - orphaned data for stream "${name}"`)
    } else {
      if (substream.push) substream.push(data)
    }
@ -19,7 +23,7 @@ function ObjectMultiplex (opts) {
  mx.streams = {}
  // create substreams
  mx.createStream = function (name) {
-    var substream = mx.streams[name] = through.obj(function (chunk, enc, cb) {
+    const substream = mx.streams[name] = through.obj(function (chunk, enc, cb) {
      mx.push({
        name: name,
        data: chunk,
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller')
 const ShapeShiftController = require('./controllers/shapeshift')
 const AddressBookController = require('./controllers/address-book')
 const InfuraController = require('./controllers/infura')
+const BlacklistController = require('./controllers/blacklist')
 const MessageManager = require('./lib/message-manager')
 const PersonalMessageManager = require('./lib/personal-message-manager')
 const TransactionController = require('./controllers/transactions')
@ -69,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter {
    })
    this.infuraController.scheduleInfuraNetworkCheck()

+    this.blacklistController = new BlacklistController({
+      initState: initState.BlacklistController,
+    })
+    this.blacklistController.scheduleUpdates()

    // rpc provider
    this.provider = this.initializeProvider()
@ -152,6 +157,9 @@ module.exports = class MetamaskController extends EventEmitter {
    this.networkController.store.subscribe((state) => {
      this.store.updateState({ NetworkController: state })
    })
+    this.blacklistController.store.subscribe((state) => {
+      this.store.updateState({ BlacklistController: state })
+    })
    this.infuraController.store.subscribe((state) => {
      this.store.updateState({ InfuraController: state })
    })
@ -327,8 +335,15 @@ module.exports = class MetamaskController extends EventEmitter {
  }

  setupUntrustedCommunication (connectionStream, originDomain) {
+    // Check if new connection is blacklisted
+    if (this.blacklistController.checkForPhishing(originDomain)) {
+      console.log('MetaMask - sending phishing warning for', originDomain)
+      this.sendPhishingWarning(connectionStream, originDomain)
+      return
+    }
+
    // setup multiplexing
-    var mx = setupMultiplex(connectionStream)
+    const mx = setupMultiplex(connectionStream)
    // connect features
    this.setupProviderConnection(mx.createStream('provider'), originDomain)
    this.setupPublicConfig(mx.createStream('publicConfig'))
@ -336,12 +351,18 @@ module.exports = class MetamaskController extends EventEmitter {

  setupTrustedCommunication (connectionStream, originDomain) {
    // setup multiplexing
-    var mx = setupMultiplex(connectionStream)
+    const mx = setupMultiplex(connectionStream)
    // connect features
    this.setupControllerConnection(mx.createStream('controller'))
    this.setupProviderConnection(mx.createStream('provider'), originDomain)
  }

+  sendPhishingWarning (connectionStream, hostname) {
+    const mx = setupMultiplex(connectionStream)
+    const phishingStream = mx.createStream('phishing')
+    phishingStream.write({ hostname })
+  }
+
  setupControllerConnection (outStream) {
    const api = this.getApi()
    const dnode = Dnode(api)
--- a/gulpfile.js
+++ b/gulpfile.js
@ -172,7 +172,6 @@ gulp.task('default', ['lint'], function () {
 const jsFiles = [
  'inpage',
  'contentscript',
-  'blacklister',
  'background',
  'popup',
 ]
--- a/package.json
+++ b/package.json
@ -7,7 +7,7 @@
    "start": "npm run dev",
    "dev": "gulp dev --debug",
    "disc": "gulp disc --debug",
-    "clear": "rm -rf node_modules/eth-contract-metadata && rm -rf node_modules/etheraddresslookup",
+    "clear": "rm -rf node_modules/eth-contract-metadata && rm -rf node_modules/eth-phishing-detect",
    "dist": "npm run clear && npm install && gulp dist",
    "test": "npm run lint && npm run test-unit && npm run test-integration",
    "test-unit": "METAMASK_ENV=test mocha --require test/helper.js --recursive \"test/unit/**/*.js\"",
@ -69,11 +69,11 @@
    "eth-bin-to-ops": "^1.0.1",
    "eth-contract-metadata": "^1.1.4",
    "eth-hd-keyring": "^1.1.1",
+    "eth-phishing-detect": "^1.1.0",
    "eth-query": "^2.1.2",
    "eth-sig-util": "^1.2.2",
    "eth-simple-keyring": "^1.1.1",
    "eth-token-tracker": "^1.1.2",
-    "etheraddresslookup": "github:409H/EtherAddressLookup",
    "ethereumjs-tx": "^1.3.0",
    "ethereumjs-util": "ethereumjs/ethereumjs-util#ac5d0908536b447083ea422b435da27f26615de9",
    "ethereumjs-wallet": "^0.6.0",
@ -128,7 +128,7 @@
    "sw-stream": "^2.0.0",
    "textarea-caret": "^3.0.1",
    "three.js": "^0.73.2",
-    "through2": "^2.0.1",
+    "through2": "^2.0.3",
    "valid-url": "^1.0.9",
    "vreme": "^3.0.2",
    "web3": "0.19.1",
--- a/test/unit/actions/tx_test.js
+++ b/test/unit/actions/tx_test.js
@ -45,13 +45,15 @@ describe('tx confirmation screen', function () {
      before(function (done) {
        actions._setBackgroundConnection({
          approveTransaction (txId, cb) { cb('An error!') },
-          cancelTransaction (txId) { /* noop */ },
+          cancelTransaction (txId, cb) { cb() },
          clearSeedWordCache (cb) { cb() },
        })

-        const action = actions.cancelTx({value: firstTxId})
-        result = reducers(initialState, action)
-        done()
+        actions.cancelTx({value: firstTxId})((action) => {
+          result = reducers(initialState, action)
+          done()
+        })
+        
      })

      it('should transition to the account detail view', function () {
--- a/test/unit/blacklist-controller-test.js
+++ b/test/unit/blacklist-controller-test.js
@ -0,0 +1,41 @@
+const assert = require('assert')
+const BlacklistController = require('../../app/scripts/controllers/blacklist')
+
+describe('blacklist controller', function () {
+  let blacklistController
+
+  before(() => {
+    blacklistController = new BlacklistController()
+  })
+
+  describe('checkForPhishing', function () {
+    it('should not flag whitelisted values', function () {
+      const result = blacklistController.checkForPhishing('www.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should flag explicit values', function () {
+      const result = blacklistController.checkForPhishing('metamask.com')
+      assert.equal(result, true)
+    })
+    it('should flag levenshtein values', function () {
+      const result = blacklistController.checkForPhishing('metmask.io')
+      assert.equal(result, true)
+    })
+    it('should not flag not-even-close values', function () {
+      const result = blacklistController.checkForPhishing('example.com')
+      assert.equal(result, false)
+    })
+    it('should not flag the ropsten faucet domains', function () {
+      const result = blacklistController.checkForPhishing('faucet.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should not flag the mascara domain', function () {
+      const result = blacklistController.checkForPhishing('zero.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should not flag the mascara-faucet domain', function () {
+      const result = blacklistController.checkForPhishing('zero-faucet.metamask.io')
+      assert.equal(result, false)
+    })
+  })
+})
--- a/test/unit/blacklister-test.js
+++ b/test/unit/blacklister-test.js
@ -1,24 +0,0 @@
-const assert = require('assert')
-const isPhish = require('../../app/scripts/lib/is-phish')
-
-describe('blacklister', function () {
-  describe('#isPhish', function () {
-    it('should not flag whitelisted values', function () {
-      var result = isPhish({ hostname: 'www.metamask.io' })
-      assert(!result)
-    })
-    it('should flag explicit values', function () {
-      var result = isPhish({ hostname: 'metamask.com' })
-      assert(result)
-    })
-    it('should flag levenshtein values', function () {
-      var result = isPhish({ hostname: 'metmask.com' })
-      assert(result)
-    })
-    it('should not flag not-even-close values', function () {
-      var result = isPhish({ hostname: 'example.com' })
-      assert(!result)
-    })
-  })
-})
-
--- a/test/unit/nodeify-test.js
+++ b/test/unit/nodeify-test.js
@ -17,4 +17,15 @@ describe('nodeify', function () {
      done()
    })
  })
+
+  it('should throw if the last argument is not a function', function (done) {
+    const nodified = nodeify(obj.promiseFunc, obj)
+    try {
+      nodified('baz')
+      done(new Error('should have thrown if the last argument is not a function'))
+    } catch (err) {
+      assert.equal(err.message, 'callback is not a function')
+      done()
+    }
+  })
 })
--- a/ui/app/actions.js
+++ b/ui/app/actions.js
@ -462,9 +462,12 @@ function cancelPersonalMsg (msgData) {
 }

 function cancelTx (txData) {
-  log.debug(`background.cancelTransaction`)
-  background.cancelTransaction(txData.id)
-  return actions.completedTx(txData.id)
+  return (dispatch) => {
+    log.debug(`background.cancelTransaction`)
+    background.cancelTransaction(txData.id, () => {
+      dispatch(actions.completedTx(txData.id))
+    })
+  }
 }

 //