From 66f6d5a4e06c6938ae22bd2cb4696f6ade900df2 Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevin.serrano@consensys.net>
Date: Wed, 26 Jul 2017 15:25:30 -0700
Subject: Add levenshtein logic to blacklister.

---
 app/scripts/blacklister.js | 40 ++++++++++++++++++++++++++++++++--------
 1 file changed, 32 insertions(+), 8 deletions(-)

(limited to 'app')

diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
index a45265a75..f4b95a31f 100644
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@@ -1,13 +1,37 @@
-const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const levenshtein = require('fast-levenshtein')
+const blacklistedMetaMaskDomains = ['metamask.com']
+const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
+const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
+const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
+const LEVENSHTEIN_TOLERANCE = 4
+const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
 
-function detectBlacklistedDomain() {
-  var strCurrentTab = window.location.hostname
-  if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
-    window.location.href = 'https://metamask.io/phishing.html'
-  }
+function isPhish(hostname) {
+  var strCurrentTab = hostname
+
+  // check if the domain is part of the whitelist.
+  if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
+
+  // check if the domain is part of the blacklist.
+  var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+
+  // check for similar values.
+  var levenshteinMatched = false
+  var levenshteinForm = strCurrentTab.replace(/\./g, '')
+  LEVENSHTEIN_CHECKS.forEach((element) => {
+    if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
+      levenshteinMatched = true
+    }
+  })
+
+  return isBlacklisted || levenshteinMatched
 }
 
-window.addEventListener('load', function() {
-  detectBlacklistedDomain()
+window.addEventListener('load', function () {
+  var hostnameToCheck = window.location.hostname
+  if (isPhish(hostnameToCheck)) {
+    window.location.href = 'https://metamask.io/phishing.html'
+  }
 })
 
+module.exports = isPhish
-- 
cgit 


From aa282b4e3a55d090f27e37cacf850aa5298cfe27 Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevin.serrano@consensys.net>
Date: Wed, 26 Jul 2017 15:31:16 -0700
Subject: Give credit where it is due

---
 app/scripts/blacklister.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app')

diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
index f4b95a31f..9337599cc 100644
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@@ -6,6 +6,9 @@ const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json')
 const LEVENSHTEIN_TOLERANCE = 4
 const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
 
+
+// credit to @sogoiii and @409H for their help!
+// Return a boolean on whether or not a phish is detected.
 function isPhish(hostname) {
   var strCurrentTab = hostname
 
@@ -30,6 +33,7 @@ function isPhish(hostname) {
 window.addEventListener('load', function () {
   var hostnameToCheck = window.location.hostname
   if (isPhish(hostnameToCheck)) {
+    // redirect to our phishing warning page.
     window.location.href = 'https://metamask.io/phishing.html'
   }
 })
-- 
cgit