From ecaa235b5e3331defab75dad72593951fdf37790 Mon Sep 17 00:00:00 2001 From: kumavis Date: Wed, 2 Aug 2017 14:26:10 -0700 Subject: phishing detection - move phishing detection into contentscript and metamask controller --- app/scripts/metamask-controller.js | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) (limited to 'app/scripts/metamask-controller.js') diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 11dcde2c1..28c35a13d 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -23,6 +23,7 @@ const ConfigManager = require('./lib/config-manager') const nodeify = require('./lib/nodeify') const accountImporter = require('./account-import-strategies') const getBuyEthUrl = require('./lib/buy-eth-url') +const checkForPhishing = require('./lib/is-phish') const debounce = require('debounce') const version = require('../manifest.json').version @@ -326,8 +327,15 @@ module.exports = class MetamaskController extends EventEmitter { } setupUntrustedCommunication (connectionStream, originDomain) { + // Check if new connection is blacklisted + if (this.isHostBlacklisted(originDomain)) { + console.log('MetaMask - sending phishing warning for', originDomain) + this.sendPhishingWarning(connectionStream, originDomain) + return + } + // setup multiplexing - var mx = setupMultiplex(connectionStream) + const mx = setupMultiplex(connectionStream) // connect features this.setupProviderConnection(mx.createStream('provider'), originDomain) this.setupPublicConfig(mx.createStream('publicConfig')) @@ -335,12 +343,26 @@ module.exports = class MetamaskController extends EventEmitter { setupTrustedCommunication (connectionStream, originDomain) { // setup multiplexing - var mx = setupMultiplex(connectionStream) + const mx = setupMultiplex(connectionStream) // connect features this.setupControllerConnection(mx.createStream('controller')) this.setupProviderConnection(mx.createStream('provider'), originDomain) } + // Check if a domain is on our blacklist + isHostBlacklisted (hostname) { + if (!hostname) return false + const { blacklist } = this.getState().blacklist + return checkForPhishing({ blacklist, hostname }) + } + + sendPhishingWarning (connectionStream, hostname) { + const mx = setupMultiplex(connectionStream) + const phishingStream = mx.createStream('phishing') + // phishingStream.write(true) + phishingStream.write({ hostname }) + } + setupControllerConnection (outStream) { const api = this.getApi() const dnode = Dnode(api) -- cgit v1.2.3 From 8c6f01b91094564df59d6d95b6f43b811e711824 Mon Sep 17 00:00:00 2001 From: kumavis Date: Wed, 2 Aug 2017 15:54:59 -0700 Subject: blacklist controller - breakout from metamask and infura controllers --- app/scripts/metamask-controller.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'app/scripts/metamask-controller.js') diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 28c35a13d..6d6cb85ab 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller') const ShapeShiftController = require('./controllers/shapeshift') const AddressBookController = require('./controllers/address-book') const InfuraController = require('./controllers/infura') +const BlacklistController = require('./controllers/blacklist') const MessageManager = require('./lib/message-manager') const PersonalMessageManager = require('./lib/personal-message-manager') const TransactionController = require('./controllers/transactions') @@ -23,7 +24,6 @@ const ConfigManager = require('./lib/config-manager') const nodeify = require('./lib/nodeify') const accountImporter = require('./account-import-strategies') const getBuyEthUrl = require('./lib/buy-eth-url') -const checkForPhishing = require('./lib/is-phish') const debounce = require('debounce') const version = require('../manifest.json').version @@ -70,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter { }) this.infuraController.scheduleInfuraNetworkCheck() + this.blacklistController = new BlacklistController({ + initState: initState.BlacklistController, + }) + this.blacklistController.scheduleUpdates() // rpc provider this.provider = this.initializeProvider() @@ -152,6 +156,9 @@ module.exports = class MetamaskController extends EventEmitter { this.networkController.store.subscribe((state) => { this.store.updateState({ NetworkController: state }) }) + this.blacklistController.store.subscribe((state) => { + this.store.updateState({ BlacklistController: state }) + }) this.infuraController.store.subscribe((state) => { this.store.updateState({ InfuraController: state }) }) @@ -328,7 +335,7 @@ module.exports = class MetamaskController extends EventEmitter { setupUntrustedCommunication (connectionStream, originDomain) { // Check if new connection is blacklisted - if (this.isHostBlacklisted(originDomain)) { + if (this.blacklistController.checkForPhishing(originDomain)) { console.log('MetaMask - sending phishing warning for', originDomain) this.sendPhishingWarning(connectionStream, originDomain) return @@ -349,17 +356,9 @@ module.exports = class MetamaskController extends EventEmitter { this.setupProviderConnection(mx.createStream('provider'), originDomain) } - // Check if a domain is on our blacklist - isHostBlacklisted (hostname) { - if (!hostname) return false - const { blacklist } = this.getState().blacklist - return checkForPhishing({ blacklist, hostname }) - } - sendPhishingWarning (connectionStream, hostname) { const mx = setupMultiplex(connectionStream) const phishingStream = mx.createStream('phishing') - // phishingStream.write(true) phishingStream.write({ hostname }) } -- cgit v1.2.3