const { strict : assert } = require ( 'assert' ) ;
const { convertToHexValue , withFixtures } = require ( '../helpers' ) ;
const PHISHFORT _CDN _URL =
'https://cdn.jsdelivr.net/gh/phishfort/phishfort-lists@master/blacklists/hotlist.json' ;
describe ( 'Phishing Detection' , function ( ) {
async function mockPhishingDetection ( mockServer ) {
await mockServer
. forGet (
'https://cdn.jsdelivr.net/gh/MetaMask/eth-phishing-detect@master/src/config.json' ,
)
. thenCallback ( ( ) => {
return {
statusCode : 200 ,
json : {
version : 2 ,
tolerance : 2 ,
fuzzylist : [ ] ,
whitelist : [ ] ,
blacklist : [ '127.0.0.1' ] ,
} ,
} ;
} ) ;
}
async function mockPhishfortPhishingDetection ( mockServer ) {
await mockServer . forGet ( PHISHFORT _CDN _URL ) . thenCallback ( ( ) => {
return {
statusCode : 200 ,
json : [ '127.0.0.1' ] ,
} ;
} ) ;
}
const ganacheOptions = {
accounts : [
{
secretKey :
'0x7C9529A67102755B7E6102D6D950AC5D5863C98713805CEC576B945B15B71EAC' ,
balance : convertToHexValue ( 25000000000000000000 ) ,
} ,
] ,
} ;
it ( 'should display the MetaMask Phishing Detection page and take the user to the blocked page if they continue' , async function ( ) {
await withFixtures (
{
fixtures : 'imported-account' ,
ganacheOptions ,
title : this . test . title ,
testSpecificMock : mockPhishingDetection ,
dapp : true ,
failOnConsoleError : false ,
} ,
async ( { driver } ) => {
await driver . navigate ( ) ;
await driver . fill ( '#password' , 'correct horse battery staple' ) ;
await driver . press ( '#password' , driver . Key . ENTER ) ;
await driver . openNewPage ( 'http://127.0.0.1:8080' ) ;
await driver . clickElement ( {
text : 'continuing at your own risk' ,
} ) ;
const header = await driver . findElement ( 'h1' ) ;
assert . equal ( await header . getText ( ) , 'E2E Test Dapp' ) ;
} ,
) ;
} ) ;
it ( 'should display the MetaMask Phishing Detection page in an iframe and take the user to the blocked page if they continue' , async function ( ) {
await withFixtures (
{
fixtures : 'imported-account' ,
ganacheOptions ,
title : this . test . title ,
testSpecificMock : mockPhishingDetection ,
dapp : true ,
dappPaths : [ 'mock-page-with-iframe' ] ,
dappOptions : {
numberOfDapps : 2 ,
} ,
failOnConsoleError : false ,
} ,
async ( { driver } ) => {
await driver . navigate ( ) ;
await driver . fill ( '#password' , 'correct horse battery staple' ) ;
await driver . press ( '#password' , driver . Key . ENTER ) ;
await driver . openNewPage ( 'http://localhost:8080/' ) ;
const iframe = await driver . findElement ( 'iframe' ) ;
await driver . switchToFrame ( iframe ) ;
await driver . clickElement ( {
text : 'Open this warning in a new tab' ,
} ) ;
await driver . switchToWindowWithTitle ( 'MetaMask Phishing Detection' ) ;
await driver . clickElement ( {
text : 'continuing at your own risk' ,
} ) ;
const header = await driver . findElement ( 'h1' ) ;
assert . equal ( await header . getText ( ) , 'E2E Test Dapp' ) ;
} ,
) ;
} ) ;
it ( 'should display the MetaMask Phishing Detection page in an iframe but should NOT take the user to the blocked page if it is not an accessible resource' , async function ( ) {
await withFixtures (
{
fixtures : 'imported-account' ,
ganacheOptions ,
title : this . test . title ,
testSpecificMock : mockPhishingDetection ,
dapp : true ,
dappPaths : [ 'mock-page-with-disallowed-iframe' ] ,
dappOptions : {
numberOfDapps : 2 ,
} ,
failOnConsoleError : false ,
} ,
async ( { driver } ) => {
await driver . navigate ( ) ;
await driver . fill ( '#password' , 'correct horse battery staple' ) ;
await driver . press ( '#password' , driver . Key . ENTER ) ;
await driver . openNewPage (
` http://localhost:8080?extensionUrl= ${ driver . extensionUrl } ` ,
) ;
const iframe = await driver . findElement ( 'iframe' ) ;
await driver . switchToFrame ( iframe ) ;
await driver . clickElement ( {
text : 'Open this warning in a new tab' ,
} ) ;
await driver . switchToWindowWithTitle ( 'MetaMask Phishing Detection' ) ;
await driver . clickElement ( {
text : 'continuing at your own risk' ,
} ) ;
// Ensure we're not on the wallet home page
await driver . assertElementNotPresent ( '[data-testid="wallet-balance"]' ) ;
} ,
) ;
} ) ;
it ( 'should display the MetaMask Phishing Detection page with the correct new issue link if the issue was detected from the phishfort list' , async function ( ) {
await withFixtures (
{
fixtures : 'imported-account' ,
ganacheOptions ,
title : this . test . title ,
testSpecificMock : mockPhishfortPhishingDetection ,
dapp : true ,
failOnConsoleError : false ,
} ,
async ( { driver } ) => {
await driver . navigate ( ) ;
await driver . fill ( '#password' , 'correct horse battery staple' ) ;
await driver . press ( '#password' , driver . Key . ENTER ) ;
await driver . openNewPage ( 'http://127.0.0.1:8080' ) ;
const newIssueLink = await driver . findElements (
"a[href='https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20127.0.0.1&body=http%3A%2F%2F127.0.0.1%3A8080%2F']" ,
) ;
assert . equal ( newIssueLink . length , 1 ) ;
} ,
) ;
} ) ;
} ) ;