aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/scripts/controllers/blacklist.js50
-rw-r--r--app/scripts/controllers/infura.js16
-rw-r--r--app/scripts/lib/is-phish.js29
-rw-r--r--app/scripts/metamask-controller.js19
-rw-r--r--test/unit/blacklist-controller-test.js41
-rw-r--r--test/unit/phishing-detection-test.js36
6 files changed, 108 insertions, 83 deletions
diff --git a/app/scripts/controllers/blacklist.js b/app/scripts/controllers/blacklist.js
new file mode 100644
index 000000000..11e26d5b2
--- /dev/null
+++ b/app/scripts/controllers/blacklist.js
@@ -0,0 +1,50 @@
+const ObservableStore = require('obs-store')
+const extend = require('xtend')
+const communityBlacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const communityWhitelistedDomains = require('etheraddresslookup/whitelists/domains.json')
+const checkForPhishing = require('../lib/is-phish')
+
+// compute phishing lists
+const PHISHING_BLACKLIST = communityBlacklistedDomains.concat(['metamask.com'])
+const PHISHING_WHITELIST = communityWhitelistedDomains.concat(['metamask.io', 'www.metamask.io'])
+const PHISHING_FUZZYLIST = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
+// every ten minutes
+const POLLING_INTERVAL = 10 * 60 * 1000
+
+class BlacklistController {
+
+ constructor (opts = {}) {
+ const initState = extend({
+ phishing: PHISHING_BLACKLIST,
+ }, opts.initState)
+ this.store = new ObservableStore(initState)
+ // polling references
+ this._phishingUpdateIntervalRef = null
+ }
+
+ //
+ // PUBLIC METHODS
+ //
+
+ checkForPhishing (hostname) {
+ if (!hostname) return false
+ const { blacklist } = this.store.getState()
+ return checkForPhishing({ hostname, blacklist, whitelist: PHISHING_WHITELIST, fuzzylist: PHISHING_FUZZYLIST })
+ }
+
+ async updatePhishingList () {
+ const response = await fetch('https://api.infura.io/v1/blacklist')
+ const phishing = await response.json()
+ this.store.updateState({ phishing })
+ return phishing
+ }
+
+ scheduleUpdates () {
+ if (this._phishingUpdateIntervalRef) return
+ this._phishingUpdateIntervalRef = setInterval(() => {
+ this.updatePhishingList()
+ }, POLLING_INTERVAL)
+ }
+}
+
+module.exports = BlacklistController
diff --git a/app/scripts/controllers/infura.js b/app/scripts/controllers/infura.js
index 97b2ab7e3..10adb1004 100644
--- a/app/scripts/controllers/infura.js
+++ b/app/scripts/controllers/infura.js
@@ -1,16 +1,14 @@
const ObservableStore = require('obs-store')
const extend = require('xtend')
-const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')
// every ten minutes
-const POLLING_INTERVAL = 300000
+const POLLING_INTERVAL = 10 * 60 * 1000
class InfuraController {
constructor (opts = {}) {
const initState = extend({
infuraNetworkStatus: {},
- blacklist: recentBlacklist,
}, opts.initState)
this.store = new ObservableStore(initState)
}
@@ -32,24 +30,12 @@ class InfuraController {
})
}
- updateLocalBlacklist () {
- return fetch('https://api.infura.io/v1/blacklist')
- .then(response => response.json())
- .then((parsedResponse) => {
- this.store.updateState({
- blacklist: parsedResponse,
- })
- return parsedResponse
- })
- }
-
scheduleInfuraNetworkCheck () {
if (this.conversionInterval) {
clearInterval(this.conversionInterval)
}
this.conversionInterval = setInterval(() => {
this.checkInfuraNetworkStatus()
- this.updateLocalBlacklist()
}, POLLING_INTERVAL)
}
}
diff --git a/app/scripts/lib/is-phish.js b/app/scripts/lib/is-phish.js
index 21c68b0d6..ce51c353d 100644
--- a/app/scripts/lib/is-phish.js
+++ b/app/scripts/lib/is-phish.js
@@ -1,38 +1,23 @@
const levenshtein = require('fast-levenshtein')
-const blacklistedMetaMaskDomains = ['metamask.com']
-let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
-const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
-const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
const LEVENSHTEIN_TOLERANCE = 4
-const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-
// credit to @sogoiii and @409H for their help!
// Return a boolean on whether or not a phish is detected.
-function isPhish({ hostname, blacklist }) {
- var strCurrentTab = hostname
+function isPhish({ hostname, blacklist, whitelist, fuzzylist }) {
// check if the domain is part of the whitelist.
- if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
-
- // Allow updating of blacklist:
- if (blacklist) {
- blacklistedDomains = blacklistedDomains.concat(blacklist)
- }
+ if (whitelist && whitelist.includes(hostname)) return false
// check if the domain is part of the blacklist.
- const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+ if (blacklist && blacklist.includes(hostname)) return true
// check for similar values.
- let levenshteinMatched = false
- var levenshteinForm = strCurrentTab.replace(/\./g, '')
- LEVENSHTEIN_CHECKS.forEach((element) => {
- if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
- levenshteinMatched = true
- }
+ const levenshteinForm = hostname.replace(/\./g, '')
+ const levenshteinMatched = fuzzylist.some((element) => {
+ return levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE
})
- return isBlacklisted || levenshteinMatched
+ return levenshteinMatched
}
module.exports = isPhish
diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js
index 28c35a13d..6d6cb85ab 100644
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller')
const ShapeShiftController = require('./controllers/shapeshift')
const AddressBookController = require('./controllers/address-book')
const InfuraController = require('./controllers/infura')
+const BlacklistController = require('./controllers/blacklist')
const MessageManager = require('./lib/message-manager')
const PersonalMessageManager = require('./lib/personal-message-manager')
const TransactionController = require('./controllers/transactions')
@@ -23,7 +24,6 @@ const ConfigManager = require('./lib/config-manager')
const nodeify = require('./lib/nodeify')
const accountImporter = require('./account-import-strategies')
const getBuyEthUrl = require('./lib/buy-eth-url')
-const checkForPhishing = require('./lib/is-phish')
const debounce = require('debounce')
const version = require('../manifest.json').version
@@ -70,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter {
})
this.infuraController.scheduleInfuraNetworkCheck()
+ this.blacklistController = new BlacklistController({
+ initState: initState.BlacklistController,
+ })
+ this.blacklistController.scheduleUpdates()
// rpc provider
this.provider = this.initializeProvider()
@@ -152,6 +156,9 @@ module.exports = class MetamaskController extends EventEmitter {
this.networkController.store.subscribe((state) => {
this.store.updateState({ NetworkController: state })
})
+ this.blacklistController.store.subscribe((state) => {
+ this.store.updateState({ BlacklistController: state })
+ })
this.infuraController.store.subscribe((state) => {
this.store.updateState({ InfuraController: state })
})
@@ -328,7 +335,7 @@ module.exports = class MetamaskController extends EventEmitter {
setupUntrustedCommunication (connectionStream, originDomain) {
// Check if new connection is blacklisted
- if (this.isHostBlacklisted(originDomain)) {
+ if (this.blacklistController.checkForPhishing(originDomain)) {
console.log('MetaMask - sending phishing warning for', originDomain)
this.sendPhishingWarning(connectionStream, originDomain)
return
@@ -349,17 +356,9 @@ module.exports = class MetamaskController extends EventEmitter {
this.setupProviderConnection(mx.createStream('provider'), originDomain)
}
- // Check if a domain is on our blacklist
- isHostBlacklisted (hostname) {
- if (!hostname) return false
- const { blacklist } = this.getState().blacklist
- return checkForPhishing({ blacklist, hostname })
- }
-
sendPhishingWarning (connectionStream, hostname) {
const mx = setupMultiplex(connectionStream)
const phishingStream = mx.createStream('phishing')
- // phishingStream.write(true)
phishingStream.write({ hostname })
}
diff --git a/test/unit/blacklist-controller-test.js b/test/unit/blacklist-controller-test.js
new file mode 100644
index 000000000..a9260466f
--- /dev/null
+++ b/test/unit/blacklist-controller-test.js
@@ -0,0 +1,41 @@
+const assert = require('assert')
+const BlacklistController = require('../../app/scripts/controllers/blacklist')
+
+describe('blacklist controller', function () {
+ let blacklistController
+
+ before(() => {
+ blacklistController = new BlacklistController()
+ })
+
+ describe('checkForPhishing', function () {
+ it('should not flag whitelisted values', function () {
+ const result = blacklistController.checkForPhishing('www.metamask.io')
+ assert.equal(result, false)
+ })
+ it('should flag explicit values', function () {
+ const result = blacklistController.checkForPhishing('metamask.com')
+ assert.equal(result, true)
+ })
+ it('should flag levenshtein values', function () {
+ const result = blacklistController.checkForPhishing('metmask.io')
+ assert.equal(result, true)
+ })
+ it('should not flag not-even-close values', function () {
+ const result = blacklistController.checkForPhishing('example.com')
+ assert.equal(result, false)
+ })
+ it('should not flag the ropsten faucet domains', function () {
+ const result = blacklistController.checkForPhishing('faucet.metamask.io')
+ assert.equal(result, false)
+ })
+ it('should not flag the mascara domain', function () {
+ const result = blacklistController.checkForPhishing('zero.metamask.io')
+ assert.equal(result, false)
+ })
+ it('should not flag the mascara-faucet domain', function () {
+ const result = blacklistController.checkForPhishing('zero-faucet.metamask.io')
+ assert.equal(result, false)
+ })
+ })
+}) \ No newline at end of file
diff --git a/test/unit/phishing-detection-test.js b/test/unit/phishing-detection-test.js
deleted file mode 100644
index affcb16c2..000000000
--- a/test/unit/phishing-detection-test.js
+++ /dev/null
@@ -1,36 +0,0 @@
-const assert = require('assert')
-const isPhish = require('../../app/scripts/lib/is-phish')
-
-describe('phishing detection test', function () {
- describe('#isPhish', function () {
- it('should not flag whitelisted values', function () {
- var result = isPhish({ hostname: 'www.metamask.io' })
- assert.equal(result, false)
- })
- it('should flag explicit values', function () {
- var result = isPhish({ hostname: 'metamask.com' })
- assert.equal(result, true)
- })
- it('should flag levenshtein values', function () {
- var result = isPhish({ hostname: 'metmask.io' })
- assert.equal(result, true)
- })
- it('should not flag not-even-close values', function () {
- var result = isPhish({ hostname: 'example.com' })
- assert.equal(result, false)
- })
- it('should not flag the ropsten faucet domains', function () {
- var result = isPhish({ hostname: 'faucet.metamask.io' })
- assert.equal(result, false)
- })
- it('should not flag the mascara domain', function () {
- var result = isPhish({ hostname: 'zero.metamask.io' })
- assert.equal(result, false)
- })
- it('should not flag the mascara-faucet domain', function () {
- var result = isPhish({ hostname: 'zero-faucet.metamask.io' })
- assert.equal(result, false)
- })
- })
-})
-
generated by cgit (git 2.34.1) at 2024-10-18 06:11:25 +0800