aboutsummaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorDan Finlay <flyswatter@users.noreply.github.com>2017-07-27 07:25:30 +0800
committerGitHub <noreply@github.com>2017-07-27 07:25:30 +0800
commite3b5bb2052d59afbf9c2761af883de719261062e (patch)
treecd68712a2429f9cbd1b78f3cd43744ae581a4cdb /app
parent520cda0058849778461cf6b9682980068149c120 (diff)
parentaa282b4e3a55d090f27e37cacf850aa5298cfe27 (diff)
downloadtangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar.gz
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar.bz2
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar.lz
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar.xz
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.tar.zst
tangerine-wallet-browser-e3b5bb2052d59afbf9c2761af883de719261062e.zip
Merge pull request #1837 from MetaMask/i1833-levencheck
Levenshtein Checking Logic Added To Blacklist
Diffstat (limited to 'app')
-rw-r--r--app/scripts/blacklister.js44
1 files changed, 36 insertions, 8 deletions
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
index a45265a75..9337599cc 100644
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@@ -1,13 +1,41 @@
-const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const levenshtein = require('fast-levenshtein')
+const blacklistedMetaMaskDomains = ['metamask.com']
+const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
+const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
+const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
+const LEVENSHTEIN_TOLERANCE = 4
+const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-function detectBlacklistedDomain() {
- var strCurrentTab = window.location.hostname
- if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
- window.location.href = 'https://metamask.io/phishing.html'
- }
+
+// credit to @sogoiii and @409H for their help!
+// Return a boolean on whether or not a phish is detected.
+function isPhish(hostname) {
+ var strCurrentTab = hostname
+
+ // check if the domain is part of the whitelist.
+ if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
+
+ // check if the domain is part of the blacklist.
+ var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+
+ // check for similar values.
+ var levenshteinMatched = false
+ var levenshteinForm = strCurrentTab.replace(/\./g, '')
+ LEVENSHTEIN_CHECKS.forEach((element) => {
+ if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
+ levenshteinMatched = true
+ }
+ })
+
+ return isBlacklisted || levenshteinMatched
}
-window.addEventListener('load', function() {
- detectBlacklistedDomain()
+window.addEventListener('load', function () {
+ var hostnameToCheck = window.location.hostname
+ if (isPhish(hostnameToCheck)) {
+ // redirect to our phishing warning page.
+ window.location.href = 'https://metamask.io/phishing.html'
+ }
})
+module.exports = isPhish