1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-29 23:58:06 +01:00
metamask-extension/test/e2e/tests/security-provider.spec.js
Jyoti Puri a28256ace4
Change api used for opensea validation (#18383)
* Change api used for opensea validation

* fix build
2023-03-30 17:33:35 -02:30

236 lines
7.2 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const { strict: assert } = require('assert');
const { convertToHexValue, withFixtures } = require('../helpers');
const FixtureBuilder = require('../fixture-builder');
const OPENSEA_URL =
'https://proxy.metafi.codefi.network/opensea/security/v1/validate';
/**
* @param {import('mockttp').Mockttp} mockServer - The mock server.
*/
describe('Transaction security provider', function () {
let windowHandles;
async function mockSecurityProviderDetection(mockServer, scenario) {
switch (scenario) {
case 'notMalicious':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 0,
},
};
});
break;
case 'malicious':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 1,
reason:
'If you sign this request, you may lose all of your assets for good',
reason_header: 'This could be a scam',
},
};
});
break;
case 'notSafe':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 200,
json: {
flagAsDangerous: 2,
reason:
'The security provider didnt detect any known malicious activity, but it still may not be safe to continue.',
reason_header: 'Request may not be safe',
},
};
});
break;
case 'requestNotVerified':
await mockServer.forPost(OPENSEA_URL).thenCallback(() => {
return {
statusCode: 500,
json: {},
};
});
break;
default:
throw new Error(`Unknown scenario: ${scenario}`);
}
}
const ganacheOptions = {
accounts: [
{
secretKey:
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
balance: convertToHexValue(25000000000000000000),
},
],
};
it('Should return malicious response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'malicious'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#personalSign');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'This could be a scam',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
it('Should return not safe response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'notSafe'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#signTypedData');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request may not be safe',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
it('Should return not malicious response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'notMalicious'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#siwe');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request may not be safe',
tag: 'h5',
});
assert.equal(warningHeader, false);
},
);
});
it('Should return request not verified response', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder()
.withPreferencesController({
transactionSecurityCheckEnabled: true,
})
.withPermissionControllerConnectedToTestDapp()
.build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) =>
await mockSecurityProviderDetection(mockServer, 'requestNotVerified'),
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080/');
windowHandles = await driver.getAllWindowHandles();
await driver.clickElement('#signTypedDataV4');
await driver.waitUntilXWindowHandles(3);
await driver.switchToWindowWithTitle(
'MetaMask Notification',
windowHandles,
);
const warningHeader = await driver.isElementPresent({
text: 'Request not verified',
tag: 'h5',
});
assert.equal(warningHeader, true);
},
);
});
});