TheDude
/
ciphermask
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A Metamask fork with Infura removed and default networks editable
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15513 Commits
2 Branches
1 Tag
200 MiB
Tag: Branch: Tree: develop
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
ciphermask/test/e2e/tests/phishing-detection.spec.js

166 lines
5.6 KiB
Raw Permalink Normal View History Unescape

E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
const { strict: assert } = require('assert');
const { convertToHexValue, withFixtures } = require('../helpers');
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2 years ago
const FixtureBuilder = require('../fixture-builder');
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2 years ago
const PHISHFORT_CDN_URL =
Updating controller dependency (#16033) * Updating controller dependency * fix * fix * fix * fix * fixes * Lavamoat auto * Update URLs for phishing detection testcase * update lavamoat files * call phishingController.test synchronously again * bump @metamask/controllers to v32.0.1 * lint * update policy files * bump controllers version again * modify update phishing list strategy * revert back to use isOutOfDate, but without blocking substream * possible way to fix e2e tests? * enable testing * Remove promise return from setupController in background.js, as it is no longer used * Ensure updatePhishingLists is called in MM contrller constructer, so that phishing lists are updated right away Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: Alex <adonesky@gmail.com> Co-authored-by: Dan Miller <danjm.com@gmail.com>
2 years ago
'https://static.metafi.codefi.network/api/v1/lists/phishfort_hotlist.json';
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2 years ago
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
describe('Phishing Detection', function () {
E2e improve mocking (#13841) * improve mocking * improve mocking * Unnecessary await
3 years ago
async function mockPhishingDetection(mockServer) {
await mockServer
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
.forGet(
Updating controller dependency (#16033) * Updating controller dependency * fix * fix * fix * fix * fixes * Lavamoat auto * Update URLs for phishing detection testcase * update lavamoat files * call phishingController.test synchronously again * bump @metamask/controllers to v32.0.1 * lint * update policy files * bump controllers version again * modify update phishing list strategy * revert back to use isOutOfDate, but without blocking substream * possible way to fix e2e tests? * enable testing * Remove promise return from setupController in background.js, as it is no longer used * Ensure updatePhishingLists is called in MM contrller constructer, so that phishing lists are updated right away Co-authored-by: seaona <mariona@gmx.es> Co-authored-by: Alex <adonesky@gmail.com> Co-authored-by: Dan Miller <danjm.com@gmail.com>
2 years ago
'https://static.metafi.codefi.network/api/v1/lists/eth_phishing_detect_config.json',
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
)
.thenCallback(() => {
return {
statusCode: 200,
json: {
version: 2,
tolerance: 2,
fuzzylist: [],
whitelist: [],
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
blacklist: ['127.0.0.1'],
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
},
};
});
}
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2 years ago
async function mockPhishfortPhishingDetection(mockServer) {
await mockServer.forGet(PHISHFORT_CDN_URL).thenCallback(() => {
return {
statusCode: 200,
json: ['127.0.0.1'],
};
});
}
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
const ganacheOptions = {
accounts: [
{
secretKey:
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC',
balance: convertToHexValue(25000000000000000000),
},
],
};
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
it('should display the MetaMask Phishing Detection page and take the user to the blocked page if they continue', async function () {
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2 years ago
fixtures: new FixtureBuilder().build(),
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
dapp: true,
failOnConsoleError: false,
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
await driver.openNewPage('http://127.0.0.1:8080');
await driver.clickElement({
text: 'continuing at your own risk',
});
const header = await driver.findElement('h1');
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe and take the user to the blocked page if they continue', async function () {
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2 years ago
fixtures: new FixtureBuilder().build(),
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
dapp: true,
dappPaths: ['mock-page-with-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
await driver.navigate();
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://localhost:8080/');
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
Fix e2e tests The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`. The iframe case was updated with a new design, which required test changes. The third test that was meant to ensure the phishing page can't redirect to an extension page has been updated to navigate directly to the phishing warning page and setting the URL manually via query parameters, as that was the only way to test that redirect.
3 years ago
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
await driver.clickElement({
text: 'continuing at your own risk',
});
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
const header = await driver.findElement('h1');
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
assert.equal(await header.getText(), 'E2E Test Dapp');
},
);
});
it('should display the MetaMask Phishing Detection page in an iframe but should NOT take the user to the blocked page if it is not an accessible resource', async function () {
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2 years ago
fixtures: new FixtureBuilder().build(),
Use externally hosted phishing warning page An externally hosted phishing warning page is now used rather than the built-in phishing warning page.The phishing page warning URL is set via configuration file or environment variable. The default URL is either the expected production URL or `http://localhost:9999/` for e2e testing environments. The new external phishing page includes a design change when it is loaded within an iframe. In that case it now shows a condensed message, and prompts the user to open the full warning page in a new tab to see more details or bypass the warning. This is to prevent a clickjacking attack from safelisting a site without user consent. The new external phishing page also includes a simple caching service worker to ensure it continues to work offline (or if our hosting goes offline), as long as the user has successfully loaded the page at least once. We also load the page temporarily during the extension startup process to trigger the service worker installation. The old phishing page and all related lines have been removed. The property `web_accessible_resources` has also been removed from the manifest. The only entry apart from the phishing page was `inpage.js`, and we don't need that to be web accessible anymore because we inject the script inline into each page rather than loading the file directly. New e2e tests have been added to cover more phishing warning page functionality, including the "safelist" action and the "iframe" case.
3 years ago
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishingDetection,
dapp: true,
dappPaths: ['mock-page-with-disallowed-iframe'],
dappOptions: {
numberOfDapps: 2,
},
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage(
`http://localhost:8080?extensionUrl=${driver.extensionUrl}`,
);
const iframe = await driver.findElement('iframe');
await driver.switchToFrame(iframe);
Fix e2e tests The e2e tests have been updated for `@metamask/phishing-warning@1.1.0`. The iframe case was updated with a new design, which required test changes. The third test that was meant to ensure the phishing page can't redirect to an extension page has been updated to navigate directly to the phishing warning page and setting the URL manually via query parameters, as that was the only way to test that redirect.
3 years ago
await driver.clickElement({
text: 'Open this warning in a new tab',
});
await driver.switchToWindowWithTitle('MetaMask Phishing Detection');
await driver.clickElement({
text: 'continuing at your own risk',
});
// Ensure we're not on the wallet home page
await driver.assertElementNotPresent('[data-testid="wallet-balance"]');
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
},
);
});
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2 years ago
it('should display the MetaMask Phishing Detection page with the correct new issue link if the issue was detected from the phishfort list', async function () {
await withFixtures(
{
E2e test fixtures (#16061) * remove state.json files * move file * Update Readme * Create fixture builder * load test fixture * remove redundant method * update snap tests * update stats tests * update extension tests * update extension tests * Update fixture data * snap test dapp connection * Update fixture data * add onboarding fixture * use onboarding fixture * reuse import account vault * remove unnecessary use of class * use fixture builder in new tests * switch to function * update default fixture * update default fixture * update test * update 1559 test fixttures * update 1559 test fixtures * update 1559 test fixtures * dismiss 3box whats new * remove redundant code * move docs * remove unused code * token detection * use default timeout * remove redundant code * Update fixture builder hide `Protect your funds` dialog remove browser environment remove default network details hide dismiss seed backup reminder recursively merges fixture data * add token to tokencontroller * remove network details * add missing identities to preference controller * remove duplicate properties * update bip-32 to use fixturebuilder * alphabetise snap permissions * update get snaps to use fixturebuilder * Update test-snap-bip-32.spec.js wait for window * add popular network state * update test * lint
2 years ago
fixtures: new FixtureBuilder().build(),
Bump controllers v30.0.2 (#14906) * bump @metamask/controllers to v30.0.2 and adapt
2 years ago
ganacheOptions,
title: this.test.title,
testSpecificMock: mockPhishfortPhishingDetection,
dapp: true,
failOnConsoleError: false,
},
async ({ driver }) => {
await driver.navigate();
await driver.fill('#password', 'correct horse battery staple');
await driver.press('#password', driver.Key.ENTER);
await driver.openNewPage('http://127.0.0.1:8080');
const newIssueLink = await driver.findElements(
"a[href='https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F']",
);
assert.equal(newIssueLink.length, 1);
},
);
});
E2e phishing detection (#13704) * phishing detection test * remove unused arg
3 years ago
});