mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-12-23 09:52:26 +01:00
2ccc1977bf
The PhishingController has been updated to v2. This release should dramatically reduce network traffic and double the update speed of the phishing list. This was accomplished by combining both of our phishing configurations into one list (the "stalelist"), then creating a separate list of the changes just the past few days (the "hotlist"). Now users will download a smaller list more frequently (every 30 minutes rather than every hour), whereas the full list is only updated every 4 days. The combined configuration means that we no longer know which list was responsible for each block. The phishing warning page has been updated to dynamically look this information up, to ensure users are still directed to the correct place to dispute a block. This update to the phishing warning page also includes the recent redesign.
293 lines
9.3 KiB
JavaScript
293 lines
9.3 KiB
JavaScript
const { strict: assert } = require('assert');
|
|
const { convertToHexValue, withFixtures } = require('../helpers');
|
|
const FixtureBuilder = require('../fixture-builder');
|
|
|
|
const STALELIST_URL =
|
|
'https://static.metafi.codefi.network/api/v1/lists/stalelist.json';
|
|
|
|
const emptyHtmlPage = `<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>title</title>
|
|
</head>
|
|
<body>
|
|
Empty page
|
|
</body>
|
|
</html>`;
|
|
|
|
/**
|
|
* Setup fetch mocks for the phishing detection feature.
|
|
*
|
|
* The mock configuration will show that "127.0.0.1" is blocked. The dynamic lookup on the warning
|
|
* page can be customized, so that we can test both the MetaMask and PhishFort block cases.
|
|
*
|
|
* @param {import('mockttp').Mockttp} mockServer - The mock server.
|
|
* @param {object} metamaskPhishingConfigResponse - The response for the dynamic phishing
|
|
* configuration lookup performed by the warning page.
|
|
*/
|
|
async function setupPhishingDetectionMocks(
|
|
mockServer,
|
|
metamaskPhishingConfigResponse,
|
|
) {
|
|
await mockServer.forGet(STALELIST_URL).thenCallback(() => {
|
|
return {
|
|
statusCode: 200,
|
|
json: {
|
|
version: 2,
|
|
tolerance: 2,
|
|
fuzzylist: [],
|
|
allowlist: [],
|
|
blocklist: ['127.0.0.1'],
|
|
lastUpdated: 0,
|
|
},
|
|
};
|
|
});
|
|
|
|
await mockServer
|
|
.forGet('https://github.com/MetaMask/eth-phishing-detect/issues/new')
|
|
.thenCallback(() => {
|
|
return {
|
|
statusCode: 200,
|
|
body: emptyHtmlPage,
|
|
};
|
|
});
|
|
await mockServer
|
|
.forGet('https://github.com/phishfort/phishfort-lists/issues/new')
|
|
.thenCallback(() => {
|
|
return {
|
|
statusCode: 200,
|
|
body: emptyHtmlPage,
|
|
};
|
|
});
|
|
|
|
await mockServer
|
|
.forGet(
|
|
'https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/master/src/config.json',
|
|
)
|
|
.thenCallback(() => metamaskPhishingConfigResponse);
|
|
}
|
|
|
|
describe('Phishing Detection', function () {
|
|
function mockPhishingDetection(mockServer) {
|
|
setupPhishingDetectionMocks(mockServer, {
|
|
statusCode: 200,
|
|
json: {
|
|
version: 2,
|
|
tolerance: 2,
|
|
fuzzylist: [],
|
|
whitelist: [],
|
|
blacklist: ['127.0.0.1'],
|
|
lastUpdated: 0,
|
|
},
|
|
});
|
|
}
|
|
|
|
const ganacheOptions = {
|
|
accounts: [
|
|
{
|
|
secretKey:
|
|
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
|
|
balance: convertToHexValue(25000000000000000000),
|
|
},
|
|
],
|
|
};
|
|
|
|
it('should display the MetaMask Phishing Detection page and take the user to the blocked page if they continue', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: mockPhishingDetection,
|
|
dapp: true,
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage('http://127.0.0.1:8080');
|
|
await driver.clickElement({
|
|
text: 'continue to the site.',
|
|
});
|
|
const header = await driver.findElement('h1');
|
|
assert.equal(await header.getText(), 'E2E Test Dapp');
|
|
},
|
|
);
|
|
});
|
|
|
|
it('should display the MetaMask Phishing Detection page in an iframe and take the user to the blocked page if they continue', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: mockPhishingDetection,
|
|
dapp: true,
|
|
dappPaths: ['mock-page-with-iframe'],
|
|
dappOptions: {
|
|
numberOfDapps: 2,
|
|
},
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage('http://localhost:8080/');
|
|
|
|
const iframe = await driver.findElement('iframe');
|
|
|
|
await driver.switchToFrame(iframe);
|
|
await driver.clickElement({
|
|
text: 'Open this warning in a new tab',
|
|
});
|
|
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
|
|
await driver.clickElement({
|
|
text: 'continue to the site.',
|
|
});
|
|
const header = await driver.findElement('h1');
|
|
assert.equal(await header.getText(), 'E2E Test Dapp');
|
|
},
|
|
);
|
|
});
|
|
|
|
it('should display the MetaMask Phishing Detection page in an iframe but should NOT take the user to the blocked page if it is not an accessible resource', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: mockPhishingDetection,
|
|
dapp: true,
|
|
dappPaths: ['mock-page-with-disallowed-iframe'],
|
|
dappOptions: {
|
|
numberOfDapps: 2,
|
|
},
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage(
|
|
`http://localhost:8080?extensionUrl=${driver.extensionUrl}`,
|
|
);
|
|
|
|
const iframe = await driver.findElement('iframe');
|
|
|
|
await driver.switchToFrame(iframe);
|
|
await driver.clickElement({
|
|
text: 'Open this warning in a new tab',
|
|
});
|
|
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
|
|
await driver.clickElement({
|
|
text: 'continue to the site.',
|
|
});
|
|
|
|
// Ensure we're not on the wallet home page
|
|
await driver.assertElementNotPresent('[data-testid="wallet-balance"]');
|
|
},
|
|
);
|
|
});
|
|
|
|
it('should navigate the user to eth-phishing-detect to dispute a block if the phishing warning page fails to identify the source', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: (mockServer) => {
|
|
setupPhishingDetectionMocks(mockServer, { statusCode: 500 });
|
|
},
|
|
dapp: true,
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage('http://127.0.0.1:8080');
|
|
|
|
await driver.clickElement({ text: 'report a detection problem.' });
|
|
|
|
// wait for page to load before checking URL.
|
|
await driver.findElement({ text: 'Empty page' });
|
|
assert.equal(
|
|
await driver.getCurrentUrl(),
|
|
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
|
|
);
|
|
},
|
|
);
|
|
});
|
|
|
|
it('should navigate the user to eth-phishing-detect to dispute a block from MetaMask', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: mockPhishingDetection,
|
|
dapp: true,
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage('http://127.0.0.1:8080');
|
|
|
|
await driver.clickElement({ text: 'report a detection problem.' });
|
|
|
|
// wait for page to load before checking URL.
|
|
await driver.findElement({ text: 'Empty page' });
|
|
assert.equal(
|
|
await driver.getCurrentUrl(),
|
|
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
|
|
);
|
|
},
|
|
);
|
|
});
|
|
|
|
it('should navigate the user to PhishFort to dispute a block from MetaMask', async function () {
|
|
await withFixtures(
|
|
{
|
|
fixtures: new FixtureBuilder().build(),
|
|
ganacheOptions,
|
|
title: this.test.title,
|
|
testSpecificMock: (mockServer) => {
|
|
setupPhishingDetectionMocks(mockServer, {
|
|
statusCode: 200,
|
|
json: {
|
|
version: 2,
|
|
tolerance: 2,
|
|
fuzzylist: [],
|
|
whitelist: [],
|
|
blacklist: [],
|
|
lastUpdated: 0,
|
|
},
|
|
});
|
|
},
|
|
dapp: true,
|
|
failOnConsoleError: false,
|
|
},
|
|
async ({ driver }) => {
|
|
await driver.navigate();
|
|
await driver.fill('#password', 'correct horse battery staple');
|
|
await driver.press('#password', driver.Key.ENTER);
|
|
await driver.openNewPage('http://127.0.0.1:8080');
|
|
|
|
await driver.clickElement({ text: 'report a detection problem.' });
|
|
|
|
// wait for page to load before checking URL.
|
|
await driver.findElement({ text: 'Empty page' });
|
|
assert.equal(
|
|
await driver.getCurrentUrl(),
|
|
`https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
|
|
);
|
|
},
|
|
);
|
|
});
|
|
});
|