diff options
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | app/manifest.json | 2 | ||||
-rw-r--r-- | app/scripts/controllers/blacklist.js | 28 | ||||
-rw-r--r-- | app/scripts/controllers/transactions.js | 3 | ||||
-rw-r--r-- | app/scripts/lib/is-phish.js | 23 | ||||
-rw-r--r-- | package.json | 4 |
6 files changed, 24 insertions, 39 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 66c95a0c3..7a607c19a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## Current Master +## 3.9.3 2017-8-03 + +- Add support for EGO uport token - Continuously update blacklist for known phishing sites in background. - Automatically detect suspicious URLs too similar to common phishing targets, and blacklist them. diff --git a/app/manifest.json b/app/manifest.json index 1eaf6f26a..6c02120c1 100644 --- a/app/manifest.json +++ b/app/manifest.json @@ -1,7 +1,7 @@ { "name": "MetaMask", "short_name": "Metamask", - "version": "3.9.2", + "version": "3.9.3", "manifest_version": 2, "author": "https://metamask.io", "description": "Ethereum Browser Extension", diff --git a/app/scripts/controllers/blacklist.js b/app/scripts/controllers/blacklist.js index 11e26d5b2..7e01fa386 100644 --- a/app/scripts/controllers/blacklist.js +++ b/app/scripts/controllers/blacklist.js @@ -1,13 +1,9 @@ const ObservableStore = require('obs-store') const extend = require('xtend') -const communityBlacklistedDomains = require('etheraddresslookup/blacklists/domains.json') -const communityWhitelistedDomains = require('etheraddresslookup/whitelists/domains.json') -const checkForPhishing = require('../lib/is-phish') +const PhishingDetector = require('eth-phishing-detect/src/detector') // compute phishing lists -const PHISHING_BLACKLIST = communityBlacklistedDomains.concat(['metamask.com']) -const PHISHING_WHITELIST = communityWhitelistedDomains.concat(['metamask.io', 'www.metamask.io']) -const PHISHING_FUZZYLIST = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask'] +const PHISHING_DETECTION_CONFIG = require('eth-phishing-detect/src/config.json') // every ten minutes const POLLING_INTERVAL = 10 * 60 * 1000 @@ -15,9 +11,12 @@ class BlacklistController { constructor (opts = {}) { const initState = extend({ - phishing: PHISHING_BLACKLIST, + phishing: PHISHING_DETECTION_CONFIG, }, opts.initState) this.store = new ObservableStore(initState) + // phishing detector + this._phishingDetector = null + this._setupPhishingDetector(initState.phishing) // polling references this._phishingUpdateIntervalRef = null } @@ -28,14 +27,15 @@ class BlacklistController { checkForPhishing (hostname) { if (!hostname) return false - const { blacklist } = this.store.getState() - return checkForPhishing({ hostname, blacklist, whitelist: PHISHING_WHITELIST, fuzzylist: PHISHING_FUZZYLIST }) + const { result } = this._phishingDetector.check(hostname) + return result } async updatePhishingList () { - const response = await fetch('https://api.infura.io/v1/blacklist') + const response = await fetch('https://api.infura.io/v2/blacklist') const phishing = await response.json() this.store.updateState({ phishing }) + this._setupPhishingDetector(phishing) return phishing } @@ -45,6 +45,14 @@ class BlacklistController { this.updatePhishingList() }, POLLING_INTERVAL) } + + // + // PRIVATE METHODS + // + + _setupPhishingDetector (config) { + this._phishingDetector = new PhishingDetector(config) + } } module.exports = BlacklistController diff --git a/app/scripts/controllers/transactions.js b/app/scripts/controllers/transactions.js index 720323e41..308d43cb0 100644 --- a/app/scripts/controllers/transactions.js +++ b/app/scripts/controllers/transactions.js @@ -5,7 +5,6 @@ const ObservableStore = require('obs-store') const ethUtil = require('ethereumjs-util') const EthQuery = require('ethjs-query') const TxProviderUtil = require('../lib/tx-utils') -const getStack = require('../lib/util').getStack const createId = require('../lib/random-id') const NonceTracker = require('../lib/nonce-tracker') @@ -105,8 +104,6 @@ module.exports = class TransactionController extends EventEmitter { const txMetaForHistory = clone(txMeta) // dont include previous history in this snapshot delete txMetaForHistory.history - // add stack to help understand why tx was updated - txMetaForHistory.stack = getStack() // add snapshot to tx history if (!txMeta.history) txMeta.history = [] txMeta.history.push(txMetaForHistory) diff --git a/app/scripts/lib/is-phish.js b/app/scripts/lib/is-phish.js deleted file mode 100644 index ce51c353d..000000000 --- a/app/scripts/lib/is-phish.js +++ /dev/null @@ -1,23 +0,0 @@ -const levenshtein = require('fast-levenshtein') -const LEVENSHTEIN_TOLERANCE = 4 - -// credit to @sogoiii and @409H for their help! -// Return a boolean on whether or not a phish is detected. -function isPhish({ hostname, blacklist, whitelist, fuzzylist }) { - - // check if the domain is part of the whitelist. - if (whitelist && whitelist.includes(hostname)) return false - - // check if the domain is part of the blacklist. - if (blacklist && blacklist.includes(hostname)) return true - - // check for similar values. - const levenshteinForm = hostname.replace(/\./g, '') - const levenshteinMatched = fuzzylist.some((element) => { - return levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE - }) - - return levenshteinMatched -} - -module.exports = isPhish diff --git a/package.json b/package.json index a086af29d..4f702e048 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "start": "npm run dev", "dev": "gulp dev --debug", "disc": "gulp disc --debug", - "clear": "rm -rf node_modules/eth-contract-metadata && rm -rf node_modules/etheraddresslookup", + "clear": "rm -rf node_modules/eth-contract-metadata && rm -rf node_modules/eth-phishing-detect", "dist": "npm run clear && npm install && gulp dist", "test": "npm run lint && npm run test-unit && npm run test-integration", "test-unit": "METAMASK_ENV=test mocha --require test/helper.js --recursive \"test/unit/**/*.js\"", @@ -68,11 +68,11 @@ "eth-bin-to-ops": "^1.0.1", "eth-contract-metadata": "^1.1.4", "eth-hd-keyring": "^1.1.1", + "eth-phishing-detect": "^1.1.0", "eth-query": "^2.1.2", "eth-sig-util": "^1.2.2", "eth-simple-keyring": "^1.1.1", "eth-token-tracker": "^1.1.2", - "etheraddresslookup": "github:409H/EtherAddressLookup", "ethereumjs-tx": "^1.3.0", "ethereumjs-util": "ethereumjs/ethereumjs-util#ac5d0908536b447083ea422b435da27f26615de9", "ethereumjs-wallet": "^0.6.0", |