From 990dc33fc6a9c359ed7b2cb54bee3ceecf1ff90a Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Mon, 31 Jul 2023 22:26:40 -0230 Subject: [PATCH] Remove fallback phishing warning configuration (#20327) * Remove fallback phishing warning configuration The package `@metamask/phishing-controller` has been updated from v4 v6. The only breaking changes are a minimum Node.js version bump, and the removal of the fallback phishing configuration. The fallback phishing configuration was resulting in MetaMask being incorrectly flagged as malware, and the stale config was causing problems for sites that had been blocked in the past but have since been unblocked. This should substantially reduce the bundle size as well. * Update LavaMoat policies * Update test state to include example blocked site --------- Co-authored-by: MetaMask Bot --- app/scripts/metamask-controller.test.js | 22 ++++++++++++++++++--- lavamoat/browserify/beta/policy.json | 26 ++----------------------- lavamoat/browserify/desktop/policy.json | 26 ++----------------------- lavamoat/browserify/flask/policy.json | 26 ++----------------------- lavamoat/browserify/main/policy.json | 26 ++----------------------- lavamoat/browserify/mmi/policy.json | 26 ++----------------------- package.json | 2 +- yarn.lock | 16 +++++++-------- 8 files changed, 38 insertions(+), 132 deletions(-) diff --git a/app/scripts/metamask-controller.test.js b/app/scripts/metamask-controller.test.js index b29fce443..02d7b1f50 100644 --- a/app/scripts/metamask-controller.test.js +++ b/app/scripts/metamask-controller.test.js @@ -177,6 +177,18 @@ const firstTimeState = { }, }, }, + PhishingController: { + phishingLists: [ + { + allowlist: [], + blocklist: ['test.metamask-phishing.io'], + fuzzylist: [], + tolerance: 0, + version: 0, + name: 'MetaMask', + }, + ], + }, }; const noop = () => undefined; @@ -205,7 +217,7 @@ describe('MetaMaskController', function () { eth_phishing_detect_config: { fuzzylist: [], allowlist: [], - blocklist: ['127.0.0.1'], + blocklist: ['test.metamask-phishing.io'], name: ListNames.MetaMask, }, phishfort_hotlist: { @@ -218,7 +230,11 @@ describe('MetaMaskController', function () { .reply( 200, JSON.stringify([ - { url: '127.0.0.1', targetList: 'blocklist', timestamp: 0 }, + { + url: 'test.metamask-phishing.io', + targetList: 'blocklist', + timestamp: 0, + }, ]), ); @@ -963,7 +979,7 @@ describe('MetaMaskController', function () { it('sets up phishing stream for untrusted communication', async function () { const phishingMessageSender = { - url: 'http://myethereumwalletntw.com', + url: 'http://test.metamask-phishing.io', tab: {}, }; diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index afb8f0b99..e1d6a9326 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -1772,34 +1772,12 @@ "fetch": true }, "packages": { - "@metamask/phishing-controller>@metamask/base-controller": true, - "@metamask/phishing-controller>@metamask/controller-utils": true, + "@metamask/base-controller": true, + "@metamask/controller-utils": true, "@metamask/phishing-warning>eth-phishing-detect": true, "punycode": true } }, - "@metamask/phishing-controller>@metamask/base-controller": { - "packages": { - "immer": true - } - }, - "@metamask/phishing-controller>@metamask/controller-utils": { - "globals": { - "URL": true, - "console.error": true, - "fetch": true, - "setTimeout": true - }, - "packages": { - "@metamask/controller-utils>@spruceid/siwe-parser": true, - "@metamask/utils": true, - "browserify>buffer": true, - "eslint>fast-deep-equal": true, - "eth-ens-namehash": true, - "ethereumjs-util": true, - "ethjs>ethjs-unit": true - } - }, "@metamask/phishing-warning>eth-phishing-detect": { "packages": { "eslint>optionator>fast-levenshtein": true diff --git a/lavamoat/browserify/desktop/policy.json b/lavamoat/browserify/desktop/policy.json index a6805b21f..4f3e3f3f4 100644 --- a/lavamoat/browserify/desktop/policy.json +++ b/lavamoat/browserify/desktop/policy.json @@ -1930,34 +1930,12 @@ "fetch": true }, "packages": { - "@metamask/phishing-controller>@metamask/base-controller": true, - "@metamask/phishing-controller>@metamask/controller-utils": true, + "@metamask/base-controller": true, + "@metamask/controller-utils": true, "@metamask/phishing-warning>eth-phishing-detect": true, "punycode": true } }, - "@metamask/phishing-controller>@metamask/base-controller": { - "packages": { - "immer": true - } - }, - "@metamask/phishing-controller>@metamask/controller-utils": { - "globals": { - "URL": true, - "console.error": true, - "fetch": true, - "setTimeout": true - }, - "packages": { - "@metamask/controller-utils>@spruceid/siwe-parser": true, - "@metamask/utils": true, - "browserify>buffer": true, - "eslint>fast-deep-equal": true, - "eth-ens-namehash": true, - "ethereumjs-util": true, - "ethjs>ethjs-unit": true - } - }, "@metamask/phishing-warning>eth-phishing-detect": { "packages": { "eslint>optionator>fast-levenshtein": true diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index a6805b21f..4f3e3f3f4 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -1930,34 +1930,12 @@ "fetch": true }, "packages": { - "@metamask/phishing-controller>@metamask/base-controller": true, - "@metamask/phishing-controller>@metamask/controller-utils": true, + "@metamask/base-controller": true, + "@metamask/controller-utils": true, "@metamask/phishing-warning>eth-phishing-detect": true, "punycode": true } }, - "@metamask/phishing-controller>@metamask/base-controller": { - "packages": { - "immer": true - } - }, - "@metamask/phishing-controller>@metamask/controller-utils": { - "globals": { - "URL": true, - "console.error": true, - "fetch": true, - "setTimeout": true - }, - "packages": { - "@metamask/controller-utils>@spruceid/siwe-parser": true, - "@metamask/utils": true, - "browserify>buffer": true, - "eslint>fast-deep-equal": true, - "eth-ens-namehash": true, - "ethereumjs-util": true, - "ethjs>ethjs-unit": true - } - }, "@metamask/phishing-warning>eth-phishing-detect": { "packages": { "eslint>optionator>fast-levenshtein": true diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index afb8f0b99..e1d6a9326 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -1772,34 +1772,12 @@ "fetch": true }, "packages": { - "@metamask/phishing-controller>@metamask/base-controller": true, - "@metamask/phishing-controller>@metamask/controller-utils": true, + "@metamask/base-controller": true, + "@metamask/controller-utils": true, "@metamask/phishing-warning>eth-phishing-detect": true, "punycode": true } }, - "@metamask/phishing-controller>@metamask/base-controller": { - "packages": { - "immer": true - } - }, - "@metamask/phishing-controller>@metamask/controller-utils": { - "globals": { - "URL": true, - "console.error": true, - "fetch": true, - "setTimeout": true - }, - "packages": { - "@metamask/controller-utils>@spruceid/siwe-parser": true, - "@metamask/utils": true, - "browserify>buffer": true, - "eslint>fast-deep-equal": true, - "eth-ens-namehash": true, - "ethereumjs-util": true, - "ethjs>ethjs-unit": true - } - }, "@metamask/phishing-warning>eth-phishing-detect": { "packages": { "eslint>optionator>fast-levenshtein": true diff --git a/lavamoat/browserify/mmi/policy.json b/lavamoat/browserify/mmi/policy.json index 63c7e9bb2..18882ff84 100644 --- a/lavamoat/browserify/mmi/policy.json +++ b/lavamoat/browserify/mmi/policy.json @@ -2000,34 +2000,12 @@ "fetch": true }, "packages": { - "@metamask/phishing-controller>@metamask/base-controller": true, - "@metamask/phishing-controller>@metamask/controller-utils": true, + "@metamask/base-controller": true, + "@metamask/controller-utils": true, "@metamask/phishing-warning>eth-phishing-detect": true, "punycode": true } }, - "@metamask/phishing-controller>@metamask/base-controller": { - "packages": { - "immer": true - } - }, - "@metamask/phishing-controller>@metamask/controller-utils": { - "globals": { - "URL": true, - "console.error": true, - "fetch": true, - "setTimeout": true - }, - "packages": { - "@metamask/controller-utils>@spruceid/siwe-parser": true, - "@metamask/utils": true, - "browserify>buffer": true, - "eslint>fast-deep-equal": true, - "eth-ens-namehash": true, - "ethereumjs-util": true, - "ethjs>ethjs-unit": true - } - }, "@metamask/phishing-warning>eth-phishing-detect": { "packages": { "eslint>optionator>fast-levenshtein": true diff --git a/package.json b/package.json index 0cc86e215..fcf15f085 100644 --- a/package.json +++ b/package.json @@ -256,7 +256,7 @@ "@metamask/notification-controller": "^3.0.0", "@metamask/obs-store": "^8.1.0", "@metamask/permission-controller": "^4.0.0", - "@metamask/phishing-controller": "^4.0.0", + "@metamask/phishing-controller": "^6.0.0", "@metamask/post-message-stream": "^6.0.0", "@metamask/ppom-validator": "^0.1.2", "@metamask/providers": "^11.1.0", diff --git a/yarn.lock b/yarn.lock index 2d7aa26eb..4a6f2c55a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3909,7 +3909,7 @@ __metadata: languageName: node linkType: hard -"@metamask/controller-utils@npm:^3.0.0, @metamask/controller-utils@npm:^3.1.0, @metamask/controller-utils@npm:^3.4.0": +"@metamask/controller-utils@npm:^3.0.0, @metamask/controller-utils@npm:^3.4.0": version: 3.4.0 resolution: "@metamask/controller-utils@npm:3.4.0" dependencies: @@ -4494,16 +4494,16 @@ __metadata: languageName: node linkType: hard -"@metamask/phishing-controller@npm:^4.0.0": - version: 4.0.0 - resolution: "@metamask/phishing-controller@npm:4.0.0" +"@metamask/phishing-controller@npm:^6.0.0": + version: 6.0.0 + resolution: "@metamask/phishing-controller@npm:6.0.0" dependencies: - "@metamask/base-controller": ^2.0.0 - "@metamask/controller-utils": ^3.1.0 + "@metamask/base-controller": ^3.2.0 + "@metamask/controller-utils": ^4.3.0 "@types/punycode": ^2.1.0 eth-phishing-detect: ^1.2.0 punycode: ^2.1.1 - checksum: 15de581f7bec21d75531167275c68d7bbeae7fdaad02268749ba0a71c4d3ccb53718d963d6583e90c337407f65b7fcc9a89eb76c6f731802c2668a8425d5df89 + checksum: 13a85865cef1515f6d0ee1cd02da37e5e6b98c493676e3a80195294725b717aa17651a0c24d2e841f790bbd22ae16911cc16bab7846da8266f4ee03007a17f4e languageName: node linkType: hard @@ -24273,7 +24273,7 @@ __metadata: "@metamask/notification-controller": ^3.0.0 "@metamask/obs-store": ^8.1.0 "@metamask/permission-controller": ^4.0.0 - "@metamask/phishing-controller": ^4.0.0 + "@metamask/phishing-controller": ^6.0.0 "@metamask/phishing-warning": ^2.1.0 "@metamask/post-message-stream": ^6.0.0 "@metamask/ppom-validator": ^0.1.2