diff --git a/app/scripts/background.js b/app/scripts/background.js index e314086a6..6eedeeea4 100644 --- a/app/scripts/background.js +++ b/app/scripts/background.js @@ -319,7 +319,7 @@ function setupController (initState, initLangCode) { [ENVIRONMENT_TYPE_FULLSCREEN]: true, } - const metamaskBlacklistedPorts = [ + const metamaskBlockedPorts = [ 'trezor-connect', ] @@ -343,7 +343,7 @@ function setupController (initState, initLangCode) { const processName = remotePort.name const isMetaMaskInternalProcess = metamaskInternalProcessHash[processName] - if (metamaskBlacklistedPorts.includes(remotePort.name)) { + if (metamaskBlockedPorts.includes(remotePort.name)) { return false } diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index 2a8307c10..17eeabf89 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -127,7 +127,7 @@ function logStreamDisconnectWarning (remoteLabel, err) { */ function shouldInjectProvider () { return doctypeCheck() && suffixCheck() && - documentElementCheck() && !blacklistedDomainCheck() + documentElementCheck() && !blockedDomainCheck() } /** @@ -181,12 +181,12 @@ function documentElementCheck () { } /** - * Checks if the current domain is blacklisted + * Checks if the current domain is blocked * - * @returns {boolean} {@code true} - if the current domain is blacklisted + * @returns {boolean} {@code true} - if the current domain is blocked */ -function blacklistedDomainCheck () { - const blacklistedDomains = [ +function blockedDomainCheck () { + const blockedDomains = [ 'uscourts.gov', 'dropbox.com', 'webbyawards.com', @@ -200,9 +200,9 @@ function blacklistedDomainCheck () { ] const currentUrl = window.location.href let currentRegex - for (let i = 0; i < blacklistedDomains.length; i++) { - const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.') - currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`) + for (let i = 0; i < blockedDomains.length; i++) { + const blockedDomain = blockedDomains[i].replace('.', '\\.') + currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blockedDomain}).)*$`) if (!currentRegex.test(currentUrl)) { return true } diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js index 73589392b..43e13b77a 100644 --- a/app/scripts/controllers/transactions/index.js +++ b/app/scripts/controllers/transactions/index.js @@ -25,7 +25,7 @@ import NonceTracker from 'nonce-tracker' import * as txUtils from './lib/util' import cleanErrorStack from '../../lib/cleanErrorStack' import log from 'loglevel' -import { throwIfAccountIsBlacklisted } from './lib/recipient-blacklist-checker' +import { throwIfAccountIsBlocked } from './lib/recipient-blocklist-checker' import { TRANSACTION_TYPE_CANCEL, @@ -241,7 +241,7 @@ export default class TransactionController extends EventEmitter { this.emit('newUnapprovedTx', txMeta) try { - throwIfAccountIsBlacklisted(txMeta.metamaskNetworkId, normalizedTxParams.to) + throwIfAccountIsBlocked(txMeta.metamaskNetworkId, normalizedTxParams.to) txMeta = await this.addTxGasDefaults(txMeta, getCodeResponse) } catch (error) { log.warn(error) diff --git a/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js b/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js deleted file mode 100644 index 8d048c58f..000000000 --- a/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js +++ /dev/null @@ -1,19 +0,0 @@ -import blacklist from './recipient-blacklist' - -/** - * Checks if a specified account on a specified network is blacklisted - * @param {number} networkId - * @param {string} account - * @throws {Error} if the account is blacklisted on mainnet - */ -export function throwIfAccountIsBlacklisted (networkId, account) { - const mainnetId = 1 - if (networkId !== mainnetId) { - return - } - - const accountToCheck = account.toLowerCase() - if (blacklist.includes(accountToCheck)) { - throw new Error('Recipient is a public account') - } -} diff --git a/app/scripts/controllers/transactions/lib/recipient-blocklist-checker.js b/app/scripts/controllers/transactions/lib/recipient-blocklist-checker.js new file mode 100644 index 000000000..15a1e777c --- /dev/null +++ b/app/scripts/controllers/transactions/lib/recipient-blocklist-checker.js @@ -0,0 +1,19 @@ +import blocklist from './recipient-blocklist' + +/** + * Checks if a specified account on a specified network is blocked + * @param {number} networkId + * @param {string} account + * @throws {Error} if the account is blocked on mainnet + */ +export function throwIfAccountIsBlocked (networkId, account) { + const mainnetId = 1 + if (networkId !== mainnetId) { + return + } + + const accountToCheck = account.toLowerCase() + if (blocklist.includes(accountToCheck)) { + throw new Error('Recipient is a public account') + } +} diff --git a/app/scripts/controllers/transactions/lib/recipient-blacklist.js b/app/scripts/controllers/transactions/lib/recipient-blocklist.js similarity index 92% rename from app/scripts/controllers/transactions/lib/recipient-blacklist.js rename to app/scripts/controllers/transactions/lib/recipient-blocklist.js index a0f16303e..fc7e49126 100644 --- a/app/scripts/controllers/transactions/lib/recipient-blacklist.js +++ b/app/scripts/controllers/transactions/lib/recipient-blocklist.js @@ -1,4 +1,4 @@ -const blacklist = [ +const blocklist = [ // IDEX phisher '0x9bcb0A9d99d815Bb87ee3191b1399b1Bcc46dc77', // Ganache default seed phrases @@ -14,4 +14,4 @@ const blacklist = [ '0x5aeda56215b167893e80b4fe645ba6d5bab767de', ] -export default blacklist +export default blocklist diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 7787601a5..e6f973e59 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -457,6 +457,9 @@ export default class MetamaskController extends EventEmitter { markPasswordForgotten: this.markPasswordForgotten.bind(this), unMarkPasswordForgotten: this.unMarkPasswordForgotten.bind(this), buyEth: this.buyEth.bind(this), + safelistPhishingDomain: this.safelistPhishingDomain.bind(this), + getRequestAccountTabIds: (cb) => cb(null, this.getRequestAccountTabIds()), + getOpenMetamaskTabsIds: (cb) => cb(null, this.getOpenMetamaskTabsIds()), // primary HD keyring management addNewAccount: nodeify(this.addNewAccount, this), @@ -494,9 +497,6 @@ export default class MetamaskController extends EventEmitter { completeOnboarding: nodeify(preferencesController.completeOnboarding, preferencesController), addKnownMethodData: nodeify(preferencesController.addKnownMethodData, preferencesController), - // BlacklistController - whitelistPhishingDomain: this.whitelistPhishingDomain.bind(this), - // AddressController setAddressBook: nodeify(this.addressBookController.set, this.addressBookController), removeFromAddressBook: this.addressBookController.delete.bind(this.addressBookController), @@ -572,9 +572,6 @@ export default class MetamaskController extends EventEmitter { addPermittedAccount: nodeify(permissionsController.addPermittedAccount, permissionsController), removePermittedAccount: nodeify(permissionsController.removePermittedAccount, permissionsController), requestAccountsPermission: nodeify(permissionsController.requestAccountsPermission, permissionsController), - - getRequestAccountTabIds: (cb) => cb(null, this.getRequestAccountTabIds()), - getOpenMetamaskTabsIds: (cb) => cb(null, this.getOpenMetamaskTabsIds()), } } @@ -1446,7 +1443,7 @@ export default class MetamaskController extends EventEmitter { setupUntrustedCommunication (connectionStream, sender) { const { usePhishDetect } = this.preferencesController.store.getState() const hostname = (new URL(sender.url)).hostname - // Check if new connection is blacklisted if phishing detection is on + // Check if new connection is blocked if phishing detection is on if (usePhishDetect && this.phishingController.test(hostname)) { log.debug('MetaMask - sending phishing warning for', hostname) this.sendPhishingWarning(connectionStream, hostname) @@ -2043,10 +2040,10 @@ export default class MetamaskController extends EventEmitter { */ /** - * Adds a domain to the PhishingController whitelist - * @param {string} hostname - the domain to whitelist + * Adds a domain to the PhishingController safelist + * @param {string} hostname - the domain to safelist */ - whitelistPhishingDomain (hostname) { + safelistPhishingDomain (hostname) { return this.phishingController.bypass(hostname) } diff --git a/app/scripts/phishing-detect.js b/app/scripts/phishing-detect.js index 8f5960ee0..f0ab55d00 100644 --- a/app/scripts/phishing-detect.js +++ b/app/scripts/phishing-detect.js @@ -27,7 +27,7 @@ function start () { const continueLink = document.getElementById('unsafe-continue') continueLink.addEventListener('click', () => { - metaMaskController.whitelistPhishingDomain(suspect.hostname) + metaMaskController.safelistPhishingDomain(suspect.hostname) window.location.href = suspect.href }) }) diff --git a/test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js b/test/unit/app/controllers/transactions/recipient-blocklist-checker-test.js similarity index 73% rename from test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js rename to test/unit/app/controllers/transactions/recipient-blocklist-checker-test.js index baab1ca00..47a3fefe3 100644 --- a/test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js +++ b/test/unit/app/controllers/transactions/recipient-blocklist-checker-test.js @@ -1,9 +1,9 @@ import { strict as assert } from 'assert' -import { throwIfAccountIsBlacklisted } from '../../../../../app/scripts/controllers/transactions/lib/recipient-blacklist-checker' +import { throwIfAccountIsBlocked } from '../../../../../app/scripts/controllers/transactions/lib/recipient-blocklist-checker' import { ROPSTEN_NETWORK_ID, RINKEBY_NETWORK_ID, KOVAN_NETWORK_ID, GOERLI_NETWORK_ID } from '../../../../../app/scripts/controllers/network/enums' -describe('Recipient Blacklist Checker', function () { - describe('#throwIfAccountIsBlacklisted', function () { +describe('Recipient Blocklist Checker', function () { + describe('#throwIfAccountIsBlocked', function () { // Accounts from Ganache's original default seed phrase const publicAccounts = [ '0x627306090abab3a6e1400e9345bc60c78a8bef57', @@ -22,7 +22,7 @@ describe('Recipient Blacklist Checker', function () { const networks = [ROPSTEN_NETWORK_ID, RINKEBY_NETWORK_ID, KOVAN_NETWORK_ID, GOERLI_NETWORK_ID] for (const networkId of networks) { for (const account of publicAccounts) { - assert.doesNotThrow(() => throwIfAccountIsBlacklisted(networkId, account)) + assert.doesNotThrow(() => throwIfAccountIsBlocked(networkId, account)) } } }) @@ -30,7 +30,7 @@ describe('Recipient Blacklist Checker', function () { it('fails on mainnet', function () { for (const account of publicAccounts) { assert.throws( - () => throwIfAccountIsBlacklisted(1, account), + () => throwIfAccountIsBlocked(1, account), { message: 'Recipient is a public account' }, ) } @@ -38,14 +38,14 @@ describe('Recipient Blacklist Checker', function () { it('fails for public account - uppercase', function () { assert.throws( - () => throwIfAccountIsBlacklisted(1, '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'), + () => throwIfAccountIsBlocked(1, '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'), { message: 'Recipient is a public account' }, ) }) it('fails for public account - lowercase', function () { assert.throws( - () => throwIfAccountIsBlacklisted(1, '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'), + () => throwIfAccountIsBlocked(1, '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'), { message: 'Recipient is a public account' }, ) })