aboutsummaryrefslogtreecommitdiffstats
path: root/app/scripts
diff options
context:
space:
mode:
authorDan Finlay <dan@danfinlay.com>2017-07-27 07:46:59 +0800
committerDan Finlay <dan@danfinlay.com>2017-07-27 07:46:59 +0800
commit6675241fa9a69d286df2b18a2ad35baa69da116b (patch)
tree25f6fc5361b3d7fc21badeb363ed46fefb92baf4 /app/scripts
parent8b1726cc550d4a5b142a2a525ce6b94713dc04e0 (diff)
parente3b5bb2052d59afbf9c2761af883de719261062e (diff)
downloadtangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar.gz
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar.bz2
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar.lz
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar.xz
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.tar.zst
tangerine-wallet-browser-6675241fa9a69d286df2b18a2ad35baa69da116b.zip
Merge branch 'master' into i1805-LiveBlacklistUpdating
Diffstat (limited to 'app/scripts')
-rw-r--r--app/scripts/background.js5
-rw-r--r--app/scripts/lib/is-phish.js38
2 files changed, 41 insertions, 2 deletions
diff --git a/app/scripts/background.js b/app/scripts/background.js
index 01bb39186..bc0fbdc37 100644
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@@ -11,6 +11,7 @@ const NotificationManager = require('./lib/notification-manager.js')
const MetamaskController = require('./metamask-controller')
const extension = require('extensionizer')
const firstTimeState = require('./first-time-state')
+const isPhish = require('./lib/is-phish')
const STORAGE_KEY = 'metamask-config'
const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG'
@@ -153,9 +154,9 @@ function handleNewPageLoad (port, message) {
if (!pageLoaded || !global.metamaskController) return
const state = global.metamaskController.getState()
- const { blacklist } = state
+ const updatedBlacklist = state.blacklist
- if (blacklist && blacklist.includes(pageLoaded)) {
+ if (isPhish({ updatedBlacklist, hostname: pageLoaded })) {
port.postMessage({ 'blacklist': pageLoaded })
}
}
diff --git a/app/scripts/lib/is-phish.js b/app/scripts/lib/is-phish.js
new file mode 100644
index 000000000..68c09e4ac
--- /dev/null
+++ b/app/scripts/lib/is-phish.js
@@ -0,0 +1,38 @@
+const levenshtein = require('fast-levenshtein')
+const blacklistedMetaMaskDomains = ['metamask.com']
+let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
+const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
+const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
+const LEVENSHTEIN_TOLERANCE = 4
+const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
+
+
+// credit to @sogoiii and @409H for their help!
+// Return a boolean on whether or not a phish is detected.
+function isPhish({ hostname, updatedBlacklist = null }) {
+ var strCurrentTab = hostname
+
+ // check if the domain is part of the whitelist.
+ if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
+
+ // Allow updating of blacklist:
+ if (updatedBlacklist) {
+ blacklistedDomains = blacklistedDomains.concat(updatedBlacklist)
+ }
+
+ // check if the domain is part of the blacklist.
+ const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+
+ // check for similar values.
+ let levenshteinMatched = false
+ var levenshteinForm = strCurrentTab.replace(/\./g, '')
+ LEVENSHTEIN_CHECKS.forEach((element) => {
+ if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
+ levenshteinMatched = true
+ }
+ })
+
+ return isBlacklisted || levenshteinMatched
+}
+
+module.exports = isPhish