diff options
author | frankiebee <frankie.diamond@gmail.com> | 2017-08-05 02:45:22 +0800 |
---|---|---|
committer | frankiebee <frankie.diamond@gmail.com> | 2017-08-05 02:45:22 +0800 |
commit | 89a4fef1e4043323c89bf8aea8600a16353c4d1b (patch) | |
tree | 2305525899aa31dd80c3d6bfcfadb6de4cfda783 /app | |
parent | fa3df576bcf879904b303c4ed1015d27db64642d (diff) | |
parent | c4cb371ce8ddad10d575b4ddb6cb85fe4689ca59 (diff) | |
download | tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.gz tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.bz2 tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.lz tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.xz tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.tar.zst tangerine-wallet-browser-89a4fef1e4043323c89bf8aea8600a16353c4d1b.zip |
Merge branch 'master' into transactionControllerRefractor
Diffstat (limited to 'app')
-rw-r--r-- | app/manifest.json | 11 | ||||
-rw-r--r-- | app/scripts/background.js | 34 | ||||
-rw-r--r-- | app/scripts/blacklister.js | 14 | ||||
-rw-r--r-- | app/scripts/contentscript.js | 22 | ||||
-rw-r--r-- | app/scripts/controllers/blacklist.js | 58 | ||||
-rw-r--r-- | app/scripts/controllers/infura.js | 16 | ||||
-rw-r--r-- | app/scripts/controllers/transactions.js | 3 | ||||
-rw-r--r-- | app/scripts/lib/inpage-provider.js | 3 | ||||
-rw-r--r-- | app/scripts/lib/is-phish.js | 38 | ||||
-rw-r--r-- | app/scripts/lib/nodeify.js | 3 | ||||
-rw-r--r-- | app/scripts/lib/obj-multiplex.js | 16 | ||||
-rw-r--r-- | app/scripts/metamask-controller.js | 25 |
12 files changed, 118 insertions, 125 deletions
diff --git a/app/manifest.json b/app/manifest.json index 591a07d0d..6c02120c1 100644 --- a/app/manifest.json +++ b/app/manifest.json @@ -1,7 +1,7 @@ { "name": "MetaMask", "short_name": "Metamask", - "version": "3.9.2", + "version": "3.9.3", "manifest_version": 2, "author": "https://metamask.io", "description": "Ethereum Browser Extension", @@ -52,15 +52,6 @@ ], "run_at": "document_start", "all_frames": true - }, - { - "run_at": "document_start", - "matches": [ - "http://*/*", - "https://*/*" - ], - "js": ["scripts/blacklister.js"], - "all_frames": true } ], "permissions": [ diff --git a/app/scripts/background.js b/app/scripts/background.js index f995c390e..f077ca7a8 100644 --- a/app/scripts/background.js +++ b/app/scripts/background.js @@ -11,7 +11,6 @@ const NotificationManager = require('./lib/notification-manager.js') const MetamaskController = require('./metamask-controller') const extension = require('extensionizer') const firstTimeState = require('./first-time-state') -const isPhish = require('./lib/is-phish') const STORAGE_KEY = 'metamask-config' const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG' @@ -91,16 +90,12 @@ function setupController (initState) { extension.runtime.onConnect.addListener(connectRemote) function connectRemote (remotePort) { - if (remotePort.name === 'blacklister') { - return checkBlacklist(remotePort) - } - - var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification' - var portStream = new PortStream(remotePort) + const isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification' + const portStream = new PortStream(remotePort) if (isMetaMaskInternalProcess) { // communication with popup popupIsOpen = popupIsOpen || (remotePort.name === 'popup') - controller.setupTrustedCommunication(portStream, 'MetaMask', remotePort.name) + controller.setupTrustedCommunication(portStream, 'MetaMask') // record popup as closed if (remotePort.name === 'popup') { endOfStream(portStream, () => { @@ -109,7 +104,7 @@ function setupController (initState) { } } else { // communication with page - var originDomain = urlUtil.parse(remotePort.sender.url).hostname + const originDomain = urlUtil.parse(remotePort.sender.url).hostname controller.setupUntrustedCommunication(portStream, originDomain) } } @@ -140,27 +135,6 @@ function setupController (initState) { return Promise.resolve() } -// Listen for new pages and return if blacklisted: -function checkBlacklist (port) { - const handler = handleNewPageLoad.bind(null, port) - port.onMessage.addListener(handler) - setTimeout(() => { - port.onMessage.removeListener(handler) - }, 30000) -} - -function handleNewPageLoad (port, message) { - const { pageLoaded } = message - if (!pageLoaded || !global.metamaskController) return - - const state = global.metamaskController.getState() - const updatedBlacklist = state.blacklist - - if (isPhish({ updatedBlacklist, hostname: pageLoaded })) { - port.postMessage({ 'blacklist': pageLoaded }) - } -} - // // Etc... // diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js deleted file mode 100644 index 37751b595..000000000 --- a/app/scripts/blacklister.js +++ /dev/null @@ -1,14 +0,0 @@ -const extension = require('extensionizer')
-
-var port = extension.runtime.connect({name: 'blacklister'})
-port.postMessage({ 'pageLoaded': window.location.hostname })
-port.onMessage.addListener(redirectIfBlacklisted)
-
-function redirectIfBlacklisted (response) {
- const { blacklist } = response
- const host = window.location.hostname
- if (blacklist && blacklist === host) {
- window.location.href = 'https://metamask.io/phishing.html'
- }
-}
-
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index 291b922e8..6fde0edcd 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -37,28 +37,33 @@ function setupInjection () { function setupStreams () { // setup communication to page and plugin - var pageStream = new LocalMessageDuplexStream({ + const pageStream = new LocalMessageDuplexStream({ name: 'contentscript', target: 'inpage', }) pageStream.on('error', console.error) - var pluginPort = extension.runtime.connect({name: 'contentscript'}) - var pluginStream = new PortStream(pluginPort) + const pluginPort = extension.runtime.connect({ name: 'contentscript' }) + const pluginStream = new PortStream(pluginPort) pluginStream.on('error', console.error) // forward communication plugin->inpage pageStream.pipe(pluginStream).pipe(pageStream) // setup local multistream channels - var mx = ObjectMultiplex() + const mx = ObjectMultiplex() mx.on('error', console.error) mx.pipe(pageStream).pipe(mx) + mx.pipe(pluginStream).pipe(mx) // connect ping stream - var pongStream = new PongStream({ objectMode: true }) + const pongStream = new PongStream({ objectMode: true }) pongStream.pipe(mx.createStream('pingpong')).pipe(pongStream) - // ignore unused channels (handled by background) + // connect phishing warning stream + const phishingStream = mx.createStream('phishing') + phishingStream.once('data', redirectToPhishingWarning) + + // ignore unused channels (handled by background, inpage) mx.ignoreStream('provider') mx.ignoreStream('publicConfig') } @@ -88,3 +93,8 @@ function suffixCheck () { } return true } + +function redirectToPhishingWarning () { + console.log('MetaMask - redirecting to phishing warning') + window.location.href = 'https://metamask.io/phishing.html' +} diff --git a/app/scripts/controllers/blacklist.js b/app/scripts/controllers/blacklist.js new file mode 100644 index 000000000..7e01fa386 --- /dev/null +++ b/app/scripts/controllers/blacklist.js @@ -0,0 +1,58 @@ +const ObservableStore = require('obs-store') +const extend = require('xtend') +const PhishingDetector = require('eth-phishing-detect/src/detector') + +// compute phishing lists +const PHISHING_DETECTION_CONFIG = require('eth-phishing-detect/src/config.json') +// every ten minutes +const POLLING_INTERVAL = 10 * 60 * 1000 + +class BlacklistController { + + constructor (opts = {}) { + const initState = extend({ + phishing: PHISHING_DETECTION_CONFIG, + }, opts.initState) + this.store = new ObservableStore(initState) + // phishing detector + this._phishingDetector = null + this._setupPhishingDetector(initState.phishing) + // polling references + this._phishingUpdateIntervalRef = null + } + + // + // PUBLIC METHODS + // + + checkForPhishing (hostname) { + if (!hostname) return false + const { result } = this._phishingDetector.check(hostname) + return result + } + + async updatePhishingList () { + const response = await fetch('https://api.infura.io/v2/blacklist') + const phishing = await response.json() + this.store.updateState({ phishing }) + this._setupPhishingDetector(phishing) + return phishing + } + + scheduleUpdates () { + if (this._phishingUpdateIntervalRef) return + this._phishingUpdateIntervalRef = setInterval(() => { + this.updatePhishingList() + }, POLLING_INTERVAL) + } + + // + // PRIVATE METHODS + // + + _setupPhishingDetector (config) { + this._phishingDetector = new PhishingDetector(config) + } +} + +module.exports = BlacklistController diff --git a/app/scripts/controllers/infura.js b/app/scripts/controllers/infura.js index 97b2ab7e3..10adb1004 100644 --- a/app/scripts/controllers/infura.js +++ b/app/scripts/controllers/infura.js @@ -1,16 +1,14 @@ const ObservableStore = require('obs-store') const extend = require('xtend') -const recentBlacklist = require('etheraddresslookup/blacklists/domains.json') // every ten minutes -const POLLING_INTERVAL = 300000 +const POLLING_INTERVAL = 10 * 60 * 1000 class InfuraController { constructor (opts = {}) { const initState = extend({ infuraNetworkStatus: {}, - blacklist: recentBlacklist, }, opts.initState) this.store = new ObservableStore(initState) } @@ -32,24 +30,12 @@ class InfuraController { }) } - updateLocalBlacklist () { - return fetch('https://api.infura.io/v1/blacklist') - .then(response => response.json()) - .then((parsedResponse) => { - this.store.updateState({ - blacklist: parsedResponse, - }) - return parsedResponse - }) - } - scheduleInfuraNetworkCheck () { if (this.conversionInterval) { clearInterval(this.conversionInterval) } this.conversionInterval = setInterval(() => { this.checkInfuraNetworkStatus() - this.updateLocalBlacklist() }, POLLING_INTERVAL) } } diff --git a/app/scripts/controllers/transactions.js b/app/scripts/controllers/transactions.js index a652c3278..498cac9af 100644 --- a/app/scripts/controllers/transactions.js +++ b/app/scripts/controllers/transactions.js @@ -6,7 +6,6 @@ const ethUtil = require('ethereumjs-util') const EthQuery = require('ethjs-query') const TxProviderUtil = require('../lib/tx-utils') const PendingTransactionUtils = require('../lib/pending-tx-watchers') -const getStack = require('../lib/util').getStack const createId = require('../lib/random-id') const NonceTracker = require('../lib/nonce-tracker') @@ -125,8 +124,6 @@ module.exports = class TransactionController extends EventEmitter { const txMetaForHistory = clone(txMeta) // dont include previous history in this snapshot delete txMetaForHistory.history - // add stack to help understand why tx was updated - txMetaForHistory.stack = getStack() // add snapshot to tx history if (!txMeta.history) txMeta.history = [] txMeta.history.push(txMetaForHistory) diff --git a/app/scripts/lib/inpage-provider.js b/app/scripts/lib/inpage-provider.js index 8b8623974..fd032a673 100644 --- a/app/scripts/lib/inpage-provider.js +++ b/app/scripts/lib/inpage-provider.js @@ -26,6 +26,9 @@ function MetamaskInpageProvider (connectionStream) { (err) => logStreamDisconnectWarning('MetaMask PublicConfigStore', err) ) + // ignore phishing warning message (handled elsewhere) + multiStream.ignoreStream('phishing') + // connect to async provider const asyncProvider = self.asyncProvider = new StreamProvider() pipe( diff --git a/app/scripts/lib/is-phish.js b/app/scripts/lib/is-phish.js deleted file mode 100644 index 68c09e4ac..000000000 --- a/app/scripts/lib/is-phish.js +++ /dev/null @@ -1,38 +0,0 @@ -const levenshtein = require('fast-levenshtein') -const blacklistedMetaMaskDomains = ['metamask.com'] -let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains) -const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io'] -const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains) -const LEVENSHTEIN_TOLERANCE = 4 -const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask'] - - -// credit to @sogoiii and @409H for their help! -// Return a boolean on whether or not a phish is detected. -function isPhish({ hostname, updatedBlacklist = null }) { - var strCurrentTab = hostname - - // check if the domain is part of the whitelist. - if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false } - - // Allow updating of blacklist: - if (updatedBlacklist) { - blacklistedDomains = blacklistedDomains.concat(updatedBlacklist) - } - - // check if the domain is part of the blacklist. - const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab) - - // check for similar values. - let levenshteinMatched = false - var levenshteinForm = strCurrentTab.replace(/\./g, '') - LEVENSHTEIN_CHECKS.forEach((element) => { - if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) { - levenshteinMatched = true - } - }) - - return isBlacklisted || levenshteinMatched -} - -module.exports = isPhish diff --git a/app/scripts/lib/nodeify.js b/app/scripts/lib/nodeify.js index 299bfe624..832d6c6d3 100644 --- a/app/scripts/lib/nodeify.js +++ b/app/scripts/lib/nodeify.js @@ -1,9 +1,10 @@ const promiseToCallback = require('promise-to-callback') -module.exports = function(fn, context) { +module.exports = function nodeify (fn, context) { return function(){ const args = [].slice.call(arguments) const callback = args.pop() + if (typeof callback !== 'function') throw new Error('callback is not a function') promiseToCallback(fn.apply(context, args))(callback) } } diff --git a/app/scripts/lib/obj-multiplex.js b/app/scripts/lib/obj-multiplex.js index bd114c394..0034febe0 100644 --- a/app/scripts/lib/obj-multiplex.js +++ b/app/scripts/lib/obj-multiplex.js @@ -5,12 +5,16 @@ module.exports = ObjectMultiplex function ObjectMultiplex (opts) { opts = opts || {} // create multiplexer - var mx = through.obj(function (chunk, enc, cb) { - var name = chunk.name - var data = chunk.data - var substream = mx.streams[name] + const mx = through.obj(function (chunk, enc, cb) { + const name = chunk.name + const data = chunk.data + if (!name) { + console.warn(`ObjectMultiplex - Malformed chunk without name "${chunk}"`) + return cb() + } + const substream = mx.streams[name] if (!substream) { - console.warn(`orphaned data for stream "${name}"`) + console.warn(`ObjectMultiplex - orphaned data for stream "${name}"`) } else { if (substream.push) substream.push(data) } @@ -19,7 +23,7 @@ function ObjectMultiplex (opts) { mx.streams = {} // create substreams mx.createStream = function (name) { - var substream = mx.streams[name] = through.obj(function (chunk, enc, cb) { + const substream = mx.streams[name] = through.obj(function (chunk, enc, cb) { mx.push({ name: name, data: chunk, diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 794ca1a9b..a007d6fc5 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller') const ShapeShiftController = require('./controllers/shapeshift') const AddressBookController = require('./controllers/address-book') const InfuraController = require('./controllers/infura') +const BlacklistController = require('./controllers/blacklist') const MessageManager = require('./lib/message-manager') const PersonalMessageManager = require('./lib/personal-message-manager') const TransactionController = require('./controllers/transactions') @@ -69,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter { }) this.infuraController.scheduleInfuraNetworkCheck() + this.blacklistController = new BlacklistController({ + initState: initState.BlacklistController, + }) + this.blacklistController.scheduleUpdates() // rpc provider this.provider = this.initializeProvider() @@ -152,6 +157,9 @@ module.exports = class MetamaskController extends EventEmitter { this.networkController.store.subscribe((state) => { this.store.updateState({ NetworkController: state }) }) + this.blacklistController.store.subscribe((state) => { + this.store.updateState({ BlacklistController: state }) + }) this.infuraController.store.subscribe((state) => { this.store.updateState({ InfuraController: state }) }) @@ -327,8 +335,15 @@ module.exports = class MetamaskController extends EventEmitter { } setupUntrustedCommunication (connectionStream, originDomain) { + // Check if new connection is blacklisted + if (this.blacklistController.checkForPhishing(originDomain)) { + console.log('MetaMask - sending phishing warning for', originDomain) + this.sendPhishingWarning(connectionStream, originDomain) + return + } + // setup multiplexing - var mx = setupMultiplex(connectionStream) + const mx = setupMultiplex(connectionStream) // connect features this.setupProviderConnection(mx.createStream('provider'), originDomain) this.setupPublicConfig(mx.createStream('publicConfig')) @@ -336,12 +351,18 @@ module.exports = class MetamaskController extends EventEmitter { setupTrustedCommunication (connectionStream, originDomain) { // setup multiplexing - var mx = setupMultiplex(connectionStream) + const mx = setupMultiplex(connectionStream) // connect features this.setupControllerConnection(mx.createStream('controller')) this.setupProviderConnection(mx.createStream('provider'), originDomain) } + sendPhishingWarning (connectionStream, hostname) { + const mx = setupMultiplex(connectionStream) + const phishingStream = mx.createStream('phishing') + phishingStream.write({ hostname }) + } + setupControllerConnection (outStream) { const api = this.getApi() const dnode = Dnode(api) |