diff options
author | Kevin Serrano <kevin.serrano@consensys.net> | 2017-07-27 06:25:30 +0800 |
---|---|---|
committer | Kevin Serrano <kevin.serrano@consensys.net> | 2017-07-27 06:25:30 +0800 |
commit | 66f6d5a4e06c6938ae22bd2cb4696f6ade900df2 (patch) | |
tree | 9d3f85d4c44d217dbbbae6649a013f885b42b5a2 | |
parent | 6a9d40c558564763ee06deb4861238b1b06e1f00 (diff) | |
download | tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar.gz tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar.bz2 tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar.lz tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar.xz tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.tar.zst tangerine-wallet-browser-66f6d5a4e06c6938ae22bd2cb4696f6ade900df2.zip |
Add levenshtein logic to blacklister.
-rw-r--r-- | app/scripts/blacklister.js | 40 | ||||
-rw-r--r-- | package.json | 1 |
2 files changed, 33 insertions, 8 deletions
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js index a45265a75..f4b95a31f 100644 --- a/app/scripts/blacklister.js +++ b/app/scripts/blacklister.js @@ -1,13 +1,37 @@ -const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const levenshtein = require('fast-levenshtein')
+const blacklistedMetaMaskDomains = ['metamask.com']
+const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
+const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
+const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
+const LEVENSHTEIN_TOLERANCE = 4
+const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-function detectBlacklistedDomain() {
- var strCurrentTab = window.location.hostname
- if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
- window.location.href = 'https://metamask.io/phishing.html'
- }
+function isPhish(hostname) {
+ var strCurrentTab = hostname
+
+ // check if the domain is part of the whitelist.
+ if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
+
+ // check if the domain is part of the blacklist.
+ var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+
+ // check for similar values.
+ var levenshteinMatched = false
+ var levenshteinForm = strCurrentTab.replace(/\./g, '')
+ LEVENSHTEIN_CHECKS.forEach((element) => {
+ if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
+ levenshteinMatched = true
+ }
+ })
+
+ return isBlacklisted || levenshteinMatched
}
-window.addEventListener('load', function() {
- detectBlacklistedDomain()
+window.addEventListener('load', function () {
+ var hostnameToCheck = window.location.hostname
+ if (isPhish(hostnameToCheck)) {
+ window.location.href = 'https://metamask.io/phishing.html'
+ }
})
+module.exports = isPhish
diff --git a/package.json b/package.json index dcd25cda6..10afc8228 100644 --- a/package.json +++ b/package.json @@ -80,6 +80,7 @@ "express": "^4.14.0", "extension-link-enabler": "^1.0.0", "extensionizer": "^1.0.0", + "fast-levenshtein": "^2.0.6", "gulp-eslint": "^2.0.0", "hat": "0.0.3", "idb-global": "^1.0.0", |