aboutsummaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorfrankiebee <frankie.diamond@gmail.com>2017-08-05 02:45:22 +0800
committerfrankiebee <frankie.diamond@gmail.com>2017-08-05 02:45:22 +0800
commit89a4fef1e4043323c89bf8aea8600a16353c4d1b (patch)
tree2305525899aa31dd80c3d6bfcfadb6de4cfda783 /app
parentfa3df576bcf879904b303c4ed1015d27db64642d (diff)
parentc4cb371ce8ddad10d575b4ddb6cb85fe4689ca59 (diff)
downloadtangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.gz
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.bz2
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.lz
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.xz
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.zst
tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.zip
Merge branch 'master' into transactionControllerRefractor
Diffstat (limited to 'app')
-rw-r--r--app/manifest.json11
-rw-r--r--app/scripts/background.js34
-rw-r--r--app/scripts/blacklister.js14
-rw-r--r--app/scripts/contentscript.js22
-rw-r--r--app/scripts/controllers/blacklist.js58
-rw-r--r--app/scripts/controllers/infura.js16
-rw-r--r--app/scripts/controllers/transactions.js3
-rw-r--r--app/scripts/lib/inpage-provider.js3
-rw-r--r--app/scripts/lib/is-phish.js38
-rw-r--r--app/scripts/lib/nodeify.js3
-rw-r--r--app/scripts/lib/obj-multiplex.js16
-rw-r--r--app/scripts/metamask-controller.js25
12 files changed, 118 insertions, 125 deletions
diff --git a/app/manifest.json b/app/manifest.json
index 591a07d0d..6c02120c1 100644
--- a/app/manifest.json
+++ b/app/manifest.json
@@ -1,7 +1,7 @@
{
"name": "MetaMask",
"short_name": "Metamask",
- "version": "3.9.2",
+ "version": "3.9.3",
"manifest_version": 2,
"author": "https://metamask.io",
"description": "Ethereum Browser Extension",
@@ -52,15 +52,6 @@
],
"run_at": "document_start",
"all_frames": true
- },
- {
- "run_at": "document_start",
- "matches": [
- "http://*/*",
- "https://*/*"
- ],
- "js": ["scripts/blacklister.js"],
- "all_frames": true
}
],
"permissions": [
diff --git a/app/scripts/background.js b/app/scripts/background.js
index f995c390e..f077ca7a8 100644
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@@ -11,7 +11,6 @@ const NotificationManager = require('./lib/notification-manager.js')
const MetamaskController = require('./metamask-controller')
const extension = require('extensionizer')
const firstTimeState = require('./first-time-state')
-const isPhish = require('./lib/is-phish')
const STORAGE_KEY = 'metamask-config'
const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG'
@@ -91,16 +90,12 @@ function setupController (initState) {
extension.runtime.onConnect.addListener(connectRemote)
function connectRemote (remotePort) {
- if (remotePort.name === 'blacklister') {
- return checkBlacklist(remotePort)
- }
-
- var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
- var portStream = new PortStream(remotePort)
+ const isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
+ const portStream = new PortStream(remotePort)
if (isMetaMaskInternalProcess) {
// communication with popup
popupIsOpen = popupIsOpen || (remotePort.name === 'popup')
- controller.setupTrustedCommunication(portStream, 'MetaMask', remotePort.name)
+ controller.setupTrustedCommunication(portStream, 'MetaMask')
// record popup as closed
if (remotePort.name === 'popup') {
endOfStream(portStream, () => {
@@ -109,7 +104,7 @@ function setupController (initState) {
}
} else {
// communication with page
- var originDomain = urlUtil.parse(remotePort.sender.url).hostname
+ const originDomain = urlUtil.parse(remotePort.sender.url).hostname
controller.setupUntrustedCommunication(portStream, originDomain)
}
}
@@ -140,27 +135,6 @@ function setupController (initState) {
return Promise.resolve()
}
-// Listen for new pages and return if blacklisted:
-function checkBlacklist (port) {
- const handler = handleNewPageLoad.bind(null, port)
- port.onMessage.addListener(handler)
- setTimeout(() => {
- port.onMessage.removeListener(handler)
- }, 30000)
-}
-
-function handleNewPageLoad (port, message) {
- const { pageLoaded } = message
- if (!pageLoaded || !global.metamaskController) return
-
- const state = global.metamaskController.getState()
- const updatedBlacklist = state.blacklist
-
- if (isPhish({ updatedBlacklist, hostname: pageLoaded })) {
- port.postMessage({ 'blacklist': pageLoaded })
- }
-}
-
//
// Etc...
//
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
deleted file mode 100644
index 37751b595..000000000
--- a/app/scripts/blacklister.js
+++ /dev/null
@@ -1,14 +0,0 @@
-const extension = require('extensionizer')
-
-var port = extension.runtime.connect({name: 'blacklister'})
-port.postMessage({ 'pageLoaded': window.location.hostname })
-port.onMessage.addListener(redirectIfBlacklisted)
-
-function redirectIfBlacklisted (response) {
- const { blacklist } = response
- const host = window.location.hostname
- if (blacklist && blacklist === host) {
- window.location.href = 'https://metamask.io/phishing.html'
- }
-}
-
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index 291b922e8..6fde0edcd 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -37,28 +37,33 @@ function setupInjection () {
function setupStreams () {
// setup communication to page and plugin
- var pageStream = new LocalMessageDuplexStream({
+ const pageStream = new LocalMessageDuplexStream({
name: 'contentscript',
target: 'inpage',
})
pageStream.on('error', console.error)
- var pluginPort = extension.runtime.connect({name: 'contentscript'})
- var pluginStream = new PortStream(pluginPort)
+ const pluginPort = extension.runtime.connect({ name: 'contentscript' })
+ const pluginStream = new PortStream(pluginPort)
pluginStream.on('error', console.error)
// forward communication plugin->inpage
pageStream.pipe(pluginStream).pipe(pageStream)
// setup local multistream channels
- var mx = ObjectMultiplex()
+ const mx = ObjectMultiplex()
mx.on('error', console.error)
mx.pipe(pageStream).pipe(mx)
+ mx.pipe(pluginStream).pipe(mx)
// connect ping stream
- var pongStream = new PongStream({ objectMode: true })
+ const pongStream = new PongStream({ objectMode: true })
pongStream.pipe(mx.createStream('pingpong')).pipe(pongStream)
- // ignore unused channels (handled by background)
+ // connect phishing warning stream
+ const phishingStream = mx.createStream('phishing')
+ phishingStream.once('data', redirectToPhishingWarning)
+
+ // ignore unused channels (handled by background, inpage)
mx.ignoreStream('provider')
mx.ignoreStream('publicConfig')
}
@@ -88,3 +93,8 @@ function suffixCheck () {
}
return true
}
+
+function redirectToPhishingWarning () {
+ console.log('MetaMask - redirecting to phishing warning')
+ window.location.href = 'https://metamask.io/phishing.html'
+}
diff --git a/app/scripts/controllers/blacklist.js b/app/scripts/controllers/blacklist.js
new file mode 100644
index 000000000..7e01fa386
--- /dev/null
+++ b/app/scripts/controllers/blacklist.js
@@ -0,0 +1,58 @@
+const ObservableStore = require('obs-store')
+const extend = require('xtend')
+const PhishingDetector = require('eth-phishing-detect/src/detector')
+
+// compute phishing lists
+const PHISHING_DETECTION_CONFIG = require('eth-phishing-detect/src/config.json')
+// every ten minutes
+const POLLING_INTERVAL = 10 * 60 * 1000
+
+class BlacklistController {
+
+ constructor (opts = {}) {
+ const initState = extend({
+ phishing: PHISHING_DETECTION_CONFIG,
+ }, opts.initState)
+ this.store = new ObservableStore(initState)
+ // phishing detector
+ this._phishingDetector = null
+ this._setupPhishingDetector(initState.phishing)
+ // polling references
+ this._phishingUpdateIntervalRef = null
+ }
+
+ //
+ // PUBLIC METHODS
+ //
+
+ checkForPhishing (hostname) {
+ if (!hostname) return false
+ const { result } = this._phishingDetector.check(hostname)
+ return result
+ }
+
+ async updatePhishingList () {
+ const response = await fetch('https://api.infura.io/v2/blacklist')
+ const phishing = await response.json()
+ this.store.updateState({ phishing })
+ this._setupPhishingDetector(phishing)
+ return phishing
+ }
+
+ scheduleUpdates () {
+ if (this._phishingUpdateIntervalRef) return
+ this._phishingUpdateIntervalRef = setInterval(() => {
+ this.updatePhishingList()
+ }, POLLING_INTERVAL)
+ }
+
+ //
+ // PRIVATE METHODS
+ //
+
+ _setupPhishingDetector (config) {
+ this._phishingDetector = new PhishingDetector(config)
+ }
+}
+
+module.exports = BlacklistController
diff --git a/app/scripts/controllers/infura.js b/app/scripts/controllers/infura.js
index 97b2ab7e3..10adb1004 100644
--- a/app/scripts/controllers/infura.js
+++ b/app/scripts/controllers/infura.js
@@ -1,16 +1,14 @@
const ObservableStore = require('obs-store')
const extend = require('xtend')
-const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')
// every ten minutes
-const POLLING_INTERVAL = 300000
+const POLLING_INTERVAL = 10 * 60 * 1000
class InfuraController {
constructor (opts = {}) {
const initState = extend({
infuraNetworkStatus: {},
- blacklist: recentBlacklist,
}, opts.initState)
this.store = new ObservableStore(initState)
}
@@ -32,24 +30,12 @@ class InfuraController {
})
}
- updateLocalBlacklist () {
- return fetch('https://api.infura.io/v1/blacklist')
- .then(response => response.json())
- .then((parsedResponse) => {
- this.store.updateState({
- blacklist: parsedResponse,
- })
- return parsedResponse
- })
- }
-
scheduleInfuraNetworkCheck () {
if (this.conversionInterval) {
clearInterval(this.conversionInterval)
}
this.conversionInterval = setInterval(() => {
this.checkInfuraNetworkStatus()
- this.updateLocalBlacklist()
}, POLLING_INTERVAL)
}
}
diff --git a/app/scripts/controllers/transactions.js b/app/scripts/controllers/transactions.js
index a652c3278..498cac9af 100644
--- a/app/scripts/controllers/transactions.js
+++ b/app/scripts/controllers/transactions.js
@@ -6,7 +6,6 @@ const ethUtil = require('ethereumjs-util')
const EthQuery = require('ethjs-query')
const TxProviderUtil = require('../lib/tx-utils')
const PendingTransactionUtils = require('../lib/pending-tx-watchers')
-const getStack = require('../lib/util').getStack
const createId = require('../lib/random-id')
const NonceTracker = require('../lib/nonce-tracker')
@@ -125,8 +124,6 @@ module.exports = class TransactionController extends EventEmitter {
const txMetaForHistory = clone(txMeta)
// dont include previous history in this snapshot
delete txMetaForHistory.history
- // add stack to help understand why tx was updated
- txMetaForHistory.stack = getStack()
// add snapshot to tx history
if (!txMeta.history) txMeta.history = []
txMeta.history.push(txMetaForHistory)
diff --git a/app/scripts/lib/inpage-provider.js b/app/scripts/lib/inpage-provider.js
index 8b8623974..fd032a673 100644
--- a/app/scripts/lib/inpage-provider.js
+++ b/app/scripts/lib/inpage-provider.js
@@ -26,6 +26,9 @@ function MetamaskInpageProvider (connectionStream) {
(err) => logStreamDisconnectWarning('MetaMask PublicConfigStore', err)
)
+ // ignore phishing warning message (handled elsewhere)
+ multiStream.ignoreStream('phishing')
+
// connect to async provider
const asyncProvider = self.asyncProvider = new StreamProvider()
pipe(
diff --git a/app/scripts/lib/is-phish.js b/app/scripts/lib/is-phish.js
deleted file mode 100644
index 68c09e4ac..000000000
--- a/app/scripts/lib/is-phish.js
+++ /dev/null
@@ -1,38 +0,0 @@
-const levenshtein = require('fast-levenshtein')
-const blacklistedMetaMaskDomains = ['metamask.com']
-let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
-const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
-const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
-const LEVENSHTEIN_TOLERANCE = 4
-const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-
-
-// credit to @sogoiii and @409H for their help!
-// Return a boolean on whether or not a phish is detected.
-function isPhish({ hostname, updatedBlacklist = null }) {
- var strCurrentTab = hostname
-
- // check if the domain is part of the whitelist.
- if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
-
- // Allow updating of blacklist:
- if (updatedBlacklist) {
- blacklistedDomains = blacklistedDomains.concat(updatedBlacklist)
- }
-
- // check if the domain is part of the blacklist.
- const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
-
- // check for similar values.
- let levenshteinMatched = false
- var levenshteinForm = strCurrentTab.replace(/\./g, '')
- LEVENSHTEIN_CHECKS.forEach((element) => {
- if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
- levenshteinMatched = true
- }
- })
-
- return isBlacklisted || levenshteinMatched
-}
-
-module.exports = isPhish
diff --git a/app/scripts/lib/nodeify.js b/app/scripts/lib/nodeify.js
index 299bfe624..832d6c6d3 100644
--- a/app/scripts/lib/nodeify.js
+++ b/app/scripts/lib/nodeify.js
@@ -1,9 +1,10 @@
const promiseToCallback = require('promise-to-callback')
-module.exports = function(fn, context) {
+module.exports = function nodeify (fn, context) {
return function(){
const args = [].slice.call(arguments)
const callback = args.pop()
+ if (typeof callback !== 'function') throw new Error('callback is not a function')
promiseToCallback(fn.apply(context, args))(callback)
}
}
diff --git a/app/scripts/lib/obj-multiplex.js b/app/scripts/lib/obj-multiplex.js
index bd114c394..0034febe0 100644
--- a/app/scripts/lib/obj-multiplex.js
+++ b/app/scripts/lib/obj-multiplex.js
@@ -5,12 +5,16 @@ module.exports = ObjectMultiplex
function ObjectMultiplex (opts) {
opts = opts || {}
// create multiplexer
- var mx = through.obj(function (chunk, enc, cb) {
- var name = chunk.name
- var data = chunk.data
- var substream = mx.streams[name]
+ const mx = through.obj(function (chunk, enc, cb) {
+ const name = chunk.name
+ const data = chunk.data
+ if (!name) {
+ console.warn(`ObjectMultiplex - Malformed chunk without name "${chunk}"`)
+ return cb()
+ }
+ const substream = mx.streams[name]
if (!substream) {
- console.warn(`orphaned data for stream "${name}"`)
+ console.warn(`ObjectMultiplex - orphaned data for stream "${name}"`)
} else {
if (substream.push) substream.push(data)
}
@@ -19,7 +23,7 @@ function ObjectMultiplex (opts) {
mx.streams = {}
// create substreams
mx.createStream = function (name) {
- var substream = mx.streams[name] = through.obj(function (chunk, enc, cb) {
+ const substream = mx.streams[name] = through.obj(function (chunk, enc, cb) {
mx.push({
name: name,
data: chunk,
diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js
index 794ca1a9b..a007d6fc5 100644
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller')
const ShapeShiftController = require('./controllers/shapeshift')
const AddressBookController = require('./controllers/address-book')
const InfuraController = require('./controllers/infura')
+const BlacklistController = require('./controllers/blacklist')
const MessageManager = require('./lib/message-manager')
const PersonalMessageManager = require('./lib/personal-message-manager')
const TransactionController = require('./controllers/transactions')
@@ -69,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter {
})
this.infuraController.scheduleInfuraNetworkCheck()
+ this.blacklistController = new BlacklistController({
+ initState: initState.BlacklistController,
+ })
+ this.blacklistController.scheduleUpdates()
// rpc provider
this.provider = this.initializeProvider()
@@ -152,6 +157,9 @@ module.exports = class MetamaskController extends EventEmitter {
this.networkController.store.subscribe((state) => {
this.store.updateState({ NetworkController: state })
})
+ this.blacklistController.store.subscribe((state) => {
+ this.store.updateState({ BlacklistController: state })
+ })
this.infuraController.store.subscribe((state) => {
this.store.updateState({ InfuraController: state })
})
@@ -327,8 +335,15 @@ module.exports = class MetamaskController extends EventEmitter {
}
setupUntrustedCommunication (connectionStream, originDomain) {
+ // Check if new connection is blacklisted
+ if (this.blacklistController.checkForPhishing(originDomain)) {
+ console.log('MetaMask - sending phishing warning for', originDomain)
+ this.sendPhishingWarning(connectionStream, originDomain)
+ return
+ }
+
// setup multiplexing
- var mx = setupMultiplex(connectionStream)
+ const mx = setupMultiplex(connectionStream)
// connect features
this.setupProviderConnection(mx.createStream('provider'), originDomain)
this.setupPublicConfig(mx.createStream('publicConfig'))
@@ -336,12 +351,18 @@ module.exports = class MetamaskController extends EventEmitter {
setupTrustedCommunication (connectionStream, originDomain) {
// setup multiplexing
- var mx = setupMultiplex(connectionStream)
+ const mx = setupMultiplex(connectionStream)
// connect features
this.setupControllerConnection(mx.createStream('controller'))
this.setupProviderConnection(mx.createStream('provider'), originDomain)
}
+ sendPhishingWarning (connectionStream, hostname) {
+ const mx = setupMultiplex(connectionStream)
+ const phishingStream = mx.createStream('phishing')
+ phishingStream.write({ hostname })
+ }
+
setupControllerConnection (outStream) {
const api = this.getApi()
const dnode = Dnode(api)