mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 01:39:44 +01:00
blacklist controller - breakout from metamask and infura controllers
This commit is contained in:
parent
ecaa235b5e
commit
8c6f01b910
50
app/scripts/controllers/blacklist.js
Normal file
50
app/scripts/controllers/blacklist.js
Normal file
@ -0,0 +1,50 @@
|
||||
const ObservableStore = require('obs-store')
|
||||
const extend = require('xtend')
|
||||
const communityBlacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
|
||||
const communityWhitelistedDomains = require('etheraddresslookup/whitelists/domains.json')
|
||||
const checkForPhishing = require('../lib/is-phish')
|
||||
|
||||
// compute phishing lists
|
||||
const PHISHING_BLACKLIST = communityBlacklistedDomains.concat(['metamask.com'])
|
||||
const PHISHING_WHITELIST = communityWhitelistedDomains.concat(['metamask.io', 'www.metamask.io'])
|
||||
const PHISHING_FUZZYLIST = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
|
||||
// every ten minutes
|
||||
const POLLING_INTERVAL = 10 * 60 * 1000
|
||||
|
||||
class BlacklistController {
|
||||
|
||||
constructor (opts = {}) {
|
||||
const initState = extend({
|
||||
phishing: PHISHING_BLACKLIST,
|
||||
}, opts.initState)
|
||||
this.store = new ObservableStore(initState)
|
||||
// polling references
|
||||
this._phishingUpdateIntervalRef = null
|
||||
}
|
||||
|
||||
//
|
||||
// PUBLIC METHODS
|
||||
//
|
||||
|
||||
checkForPhishing (hostname) {
|
||||
if (!hostname) return false
|
||||
const { blacklist } = this.store.getState()
|
||||
return checkForPhishing({ hostname, blacklist, whitelist: PHISHING_WHITELIST, fuzzylist: PHISHING_FUZZYLIST })
|
||||
}
|
||||
|
||||
async updatePhishingList () {
|
||||
const response = await fetch('https://api.infura.io/v1/blacklist')
|
||||
const phishing = await response.json()
|
||||
this.store.updateState({ phishing })
|
||||
return phishing
|
||||
}
|
||||
|
||||
scheduleUpdates () {
|
||||
if (this._phishingUpdateIntervalRef) return
|
||||
this._phishingUpdateIntervalRef = setInterval(() => {
|
||||
this.updatePhishingList()
|
||||
}, POLLING_INTERVAL)
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = BlacklistController
|
@ -1,16 +1,14 @@
|
||||
const ObservableStore = require('obs-store')
|
||||
const extend = require('xtend')
|
||||
const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')
|
||||
|
||||
// every ten minutes
|
||||
const POLLING_INTERVAL = 300000
|
||||
const POLLING_INTERVAL = 10 * 60 * 1000
|
||||
|
||||
class InfuraController {
|
||||
|
||||
constructor (opts = {}) {
|
||||
const initState = extend({
|
||||
infuraNetworkStatus: {},
|
||||
blacklist: recentBlacklist,
|
||||
}, opts.initState)
|
||||
this.store = new ObservableStore(initState)
|
||||
}
|
||||
@ -32,24 +30,12 @@ class InfuraController {
|
||||
})
|
||||
}
|
||||
|
||||
updateLocalBlacklist () {
|
||||
return fetch('https://api.infura.io/v1/blacklist')
|
||||
.then(response => response.json())
|
||||
.then((parsedResponse) => {
|
||||
this.store.updateState({
|
||||
blacklist: parsedResponse,
|
||||
})
|
||||
return parsedResponse
|
||||
})
|
||||
}
|
||||
|
||||
scheduleInfuraNetworkCheck () {
|
||||
if (this.conversionInterval) {
|
||||
clearInterval(this.conversionInterval)
|
||||
}
|
||||
this.conversionInterval = setInterval(() => {
|
||||
this.checkInfuraNetworkStatus()
|
||||
this.updateLocalBlacklist()
|
||||
}, POLLING_INTERVAL)
|
||||
}
|
||||
}
|
||||
|
@ -1,38 +1,23 @@
|
||||
const levenshtein = require('fast-levenshtein')
|
||||
const blacklistedMetaMaskDomains = ['metamask.com']
|
||||
let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
|
||||
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
|
||||
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
|
||||
const LEVENSHTEIN_TOLERANCE = 4
|
||||
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
|
||||
|
||||
|
||||
// credit to @sogoiii and @409H for their help!
|
||||
// Return a boolean on whether or not a phish is detected.
|
||||
function isPhish({ hostname, blacklist }) {
|
||||
var strCurrentTab = hostname
|
||||
function isPhish({ hostname, blacklist, whitelist, fuzzylist }) {
|
||||
|
||||
// check if the domain is part of the whitelist.
|
||||
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
|
||||
|
||||
// Allow updating of blacklist:
|
||||
if (blacklist) {
|
||||
blacklistedDomains = blacklistedDomains.concat(blacklist)
|
||||
}
|
||||
if (whitelist && whitelist.includes(hostname)) return false
|
||||
|
||||
// check if the domain is part of the blacklist.
|
||||
const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
|
||||
if (blacklist && blacklist.includes(hostname)) return true
|
||||
|
||||
// check for similar values.
|
||||
let levenshteinMatched = false
|
||||
var levenshteinForm = strCurrentTab.replace(/\./g, '')
|
||||
LEVENSHTEIN_CHECKS.forEach((element) => {
|
||||
if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
|
||||
levenshteinMatched = true
|
||||
}
|
||||
const levenshteinForm = hostname.replace(/\./g, '')
|
||||
const levenshteinMatched = fuzzylist.some((element) => {
|
||||
return levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE
|
||||
})
|
||||
|
||||
return isBlacklisted || levenshteinMatched
|
||||
return levenshteinMatched
|
||||
}
|
||||
|
||||
module.exports = isPhish
|
||||
|
@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller')
|
||||
const ShapeShiftController = require('./controllers/shapeshift')
|
||||
const AddressBookController = require('./controllers/address-book')
|
||||
const InfuraController = require('./controllers/infura')
|
||||
const BlacklistController = require('./controllers/blacklist')
|
||||
const MessageManager = require('./lib/message-manager')
|
||||
const PersonalMessageManager = require('./lib/personal-message-manager')
|
||||
const TransactionController = require('./controllers/transactions')
|
||||
@ -23,7 +24,6 @@ const ConfigManager = require('./lib/config-manager')
|
||||
const nodeify = require('./lib/nodeify')
|
||||
const accountImporter = require('./account-import-strategies')
|
||||
const getBuyEthUrl = require('./lib/buy-eth-url')
|
||||
const checkForPhishing = require('./lib/is-phish')
|
||||
const debounce = require('debounce')
|
||||
|
||||
const version = require('../manifest.json').version
|
||||
@ -70,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter {
|
||||
})
|
||||
this.infuraController.scheduleInfuraNetworkCheck()
|
||||
|
||||
this.blacklistController = new BlacklistController({
|
||||
initState: initState.BlacklistController,
|
||||
})
|
||||
this.blacklistController.scheduleUpdates()
|
||||
|
||||
// rpc provider
|
||||
this.provider = this.initializeProvider()
|
||||
@ -152,6 +156,9 @@ module.exports = class MetamaskController extends EventEmitter {
|
||||
this.networkController.store.subscribe((state) => {
|
||||
this.store.updateState({ NetworkController: state })
|
||||
})
|
||||
this.blacklistController.store.subscribe((state) => {
|
||||
this.store.updateState({ BlacklistController: state })
|
||||
})
|
||||
this.infuraController.store.subscribe((state) => {
|
||||
this.store.updateState({ InfuraController: state })
|
||||
})
|
||||
@ -328,7 +335,7 @@ module.exports = class MetamaskController extends EventEmitter {
|
||||
|
||||
setupUntrustedCommunication (connectionStream, originDomain) {
|
||||
// Check if new connection is blacklisted
|
||||
if (this.isHostBlacklisted(originDomain)) {
|
||||
if (this.blacklistController.checkForPhishing(originDomain)) {
|
||||
console.log('MetaMask - sending phishing warning for', originDomain)
|
||||
this.sendPhishingWarning(connectionStream, originDomain)
|
||||
return
|
||||
@ -349,17 +356,9 @@ module.exports = class MetamaskController extends EventEmitter {
|
||||
this.setupProviderConnection(mx.createStream('provider'), originDomain)
|
||||
}
|
||||
|
||||
// Check if a domain is on our blacklist
|
||||
isHostBlacklisted (hostname) {
|
||||
if (!hostname) return false
|
||||
const { blacklist } = this.getState().blacklist
|
||||
return checkForPhishing({ blacklist, hostname })
|
||||
}
|
||||
|
||||
sendPhishingWarning (connectionStream, hostname) {
|
||||
const mx = setupMultiplex(connectionStream)
|
||||
const phishingStream = mx.createStream('phishing')
|
||||
// phishingStream.write(true)
|
||||
phishingStream.write({ hostname })
|
||||
}
|
||||
|
||||
|
41
test/unit/blacklist-controller-test.js
Normal file
41
test/unit/blacklist-controller-test.js
Normal file
@ -0,0 +1,41 @@
|
||||
const assert = require('assert')
|
||||
const BlacklistController = require('../../app/scripts/controllers/blacklist')
|
||||
|
||||
describe('blacklist controller', function () {
|
||||
let blacklistController
|
||||
|
||||
before(() => {
|
||||
blacklistController = new BlacklistController()
|
||||
})
|
||||
|
||||
describe('checkForPhishing', function () {
|
||||
it('should not flag whitelisted values', function () {
|
||||
const result = blacklistController.checkForPhishing('www.metamask.io')
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should flag explicit values', function () {
|
||||
const result = blacklistController.checkForPhishing('metamask.com')
|
||||
assert.equal(result, true)
|
||||
})
|
||||
it('should flag levenshtein values', function () {
|
||||
const result = blacklistController.checkForPhishing('metmask.io')
|
||||
assert.equal(result, true)
|
||||
})
|
||||
it('should not flag not-even-close values', function () {
|
||||
const result = blacklistController.checkForPhishing('example.com')
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the ropsten faucet domains', function () {
|
||||
const result = blacklistController.checkForPhishing('faucet.metamask.io')
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the mascara domain', function () {
|
||||
const result = blacklistController.checkForPhishing('zero.metamask.io')
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the mascara-faucet domain', function () {
|
||||
const result = blacklistController.checkForPhishing('zero-faucet.metamask.io')
|
||||
assert.equal(result, false)
|
||||
})
|
||||
})
|
||||
})
|
@ -1,36 +0,0 @@
|
||||
const assert = require('assert')
|
||||
const isPhish = require('../../app/scripts/lib/is-phish')
|
||||
|
||||
describe('phishing detection test', function () {
|
||||
describe('#isPhish', function () {
|
||||
it('should not flag whitelisted values', function () {
|
||||
var result = isPhish({ hostname: 'www.metamask.io' })
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should flag explicit values', function () {
|
||||
var result = isPhish({ hostname: 'metamask.com' })
|
||||
assert.equal(result, true)
|
||||
})
|
||||
it('should flag levenshtein values', function () {
|
||||
var result = isPhish({ hostname: 'metmask.io' })
|
||||
assert.equal(result, true)
|
||||
})
|
||||
it('should not flag not-even-close values', function () {
|
||||
var result = isPhish({ hostname: 'example.com' })
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the ropsten faucet domains', function () {
|
||||
var result = isPhish({ hostname: 'faucet.metamask.io' })
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the mascara domain', function () {
|
||||
var result = isPhish({ hostname: 'zero.metamask.io' })
|
||||
assert.equal(result, false)
|
||||
})
|
||||
it('should not flag the mascara-faucet domain', function () {
|
||||
var result = isPhish({ hostname: 'zero-faucet.metamask.io' })
|
||||
assert.equal(result, false)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user