1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
metamask-extension/test/e2e/tests/phishing-controller/phishing-detection.spec.js
Nicholas Ellul b76875ac69
Update @metamask/phishing-controller to v4.0.0 (#18840)
* Update phishing controller to v4.0.0

* Move phishing e2e test utilities into its own helper.js

* Update phishing detection e2e test

* Update MetaMask Controller test mocks

* Update mv3 phishing tests

* Fix test for 500 error on warning page

* Allow for directories in test folder

* Update migration number

* Linting fixes

* Remove fail on console error

* Separate mocks from helpers

* Have migration delete PhishingController state entirely

* Remove phishing detection directory

* Only delete the listState in migration

* Bump migration version
2023-07-31 10:18:48 -02:30

316 lines
11 KiB
JavaScript

const { strict: assert } = require('assert');
const { convertToHexValue, withFixtures, openDapp } = require('../../helpers');
const FixtureBuilder = require('../../fixture-builder');
const {
METAMASK_HOTLIST_DIFF_URL,
METAMASK_STALELIST_URL,
BlockProvider,
} = require('./helpers');
const {
setupPhishingDetectionMocks,
mockConfigLookupOnWarningPage,
} = require('./mocks');
describe('Phishing Detection', function () {
const ganacheOptions = {
accounts: [
{
secretKey:
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
balance: convertToHexValue(25000000000000000000),
},
],
};
describe('Phishing Detection Mock', function () {
it('should be updated to use v1 of the API', function () {
// Update the fixture in phishing-controller/mocks.js if this test fails
assert.equal(
METAMASK_STALELIST_URL,
'https://phishing-detection.metafi.codefi.network/v1/stalelist',
);
assert.equal(
METAMASK_HOTLIST_DIFF_URL,
'https://phishing-detection.metafi.codefi.network/v1/diffsSince',
);
});
});
it('should display the MetaMask Phishing Detection page and take the user to the blocked page if they continue', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: ['127.0.0.1'],
});
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await openDapp(driver);
await driver.clickElement({
text: 'continue to the site.',
});
const header = await driver.findElement('h1');
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe and take the user to the blocked page if they continue', async function () {
const DAPP_WITH_IFRAMED_PAGE_ON_BLOCKLIST = 'http://localhost:8080/';
const IFRAMED_HOSTNAME = '127.0.0.1';
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: [IFRAMED_HOSTNAME],
});
},
dapp: true,
dappPaths: ['mock-page-with-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(DAPP_WITH_IFRAMED_PAGE_ON_BLOCKLIST);
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
await driver.clickElement({
text: 'continue to the site.',
});
const header = await driver.findElement('h1');
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe but should NOT take the user to the blocked page if it is not an accessible resource', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: ['127.0.0.1'],
});
},
dapp: true,
dappPaths: ['mock-page-with-disallowed-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(
`http://localhost:8080?extensionUrl=${driver.extensionUrl}`,
);
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
await driver.clickElement({
text: 'continue to the site.',
});
// Ensure we're not on the wallet home page
await driver.assertElementNotPresent('[data-testid="wallet-balance"]');
},
);
});
it('should navigate the user to eth-phishing-detect to dispute a block if the phishing warning page fails to identify the source', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: (mockServer) => {
setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: ['127.0.0.1'],
});
mockConfigLookupOnWarningPage(mockServer, { statusCode: 500 });
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await openDapp(driver);
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({
text: `Empty page by ${BlockProvider.MetaMask}`,
});
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
);
},
);
});
it('should navigate the user to eth-phishing-detect to dispute a block from MetaMask', async function () {
// Must be site on actual eth-phishing-detect blocklist
const phishingSite = new URL('https://test.metamask-phishing.io');
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: [phishingSite.hostname],
});
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(phishingSite.href);
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({
text: `Empty page by ${BlockProvider.MetaMask}`,
});
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20${encodeURIComponent(
phishingSite.hostname,
)}&body=${encodeURIComponent(phishingSite.href)}`,
);
},
);
});
it('should navigate the user to PhishFort to dispute a Phishfort Block', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.PhishFort,
blocklist: ['127.0.0.1'],
});
},
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080');
await driver.clickElement({ text: 'report a detection problem.' });
// wait for page to load before checking URL.
await driver.findElement({
text: `Empty page by ${BlockProvider.PhishFort}`,
});
assert.equal(
await driver.getCurrentUrl(),
`https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F`,
);
},
);
});
it('should open a new extension expanded view when clicking back to safety button', async function () {
await withFixtures(
{
fixtures: new FixtureBuilder().build(),
ganacheOptions,
title: this.test.title,
testSpecificMock: async (mockServer) => {
return setupPhishingDetectionMocks(mockServer, {
blockProvider: BlockProvider.MetaMask,
blocklist: ['127.0.0.1'],
});
},
dapp: true,
dappPaths: ['mock-page-with-disallowed-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(
`http://localhost:8080?extensionUrl=${driver.extensionUrl}`,
);
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
await driver.clickElement({
text: 'Back to safety',
});
// Ensure we're redirected to wallet home page
const homePage = await driver.findElement('.home__main-view');
const homePageDisplayed = await homePage.isDisplayed();
assert.equal(homePageDisplayed, true);
},
);
});
});