blacklist controller - breakout from metamask and infura controllers

7 years ago · 8c6f01b910
parent ecaa235b5e
commit 8c6f01b910
6 changed files with 108 additions and 83 deletions
--- a/app/scripts/controllers/blacklist.js
+++ b/app/scripts/controllers/blacklist.js
@ -0,0 +1,50 @@
+const ObservableStore = require('obs-store')
+const extend = require('xtend')
+const communityBlacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const communityWhitelistedDomains = require('etheraddresslookup/whitelists/domains.json')
+const checkForPhishing = require('../lib/is-phish')
+
+// compute phishing lists
+const PHISHING_BLACKLIST = communityBlacklistedDomains.concat(['metamask.com'])
+const PHISHING_WHITELIST = communityWhitelistedDomains.concat(['metamask.io', 'www.metamask.io'])
+const PHISHING_FUZZYLIST = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
+// every ten minutes
+const POLLING_INTERVAL = 10 * 60 * 1000
+
+class BlacklistController {
+
+  constructor (opts = {}) {
+    const initState = extend({
+      phishing: PHISHING_BLACKLIST,
+    }, opts.initState)
+    this.store = new ObservableStore(initState)
+    // polling references
+    this._phishingUpdateIntervalRef = null
+  }
+
+  //
+  // PUBLIC METHODS
+  //
+
+  checkForPhishing (hostname) {
+    if (!hostname) return false
+    const { blacklist } = this.store.getState()
+    return checkForPhishing({ hostname, blacklist, whitelist: PHISHING_WHITELIST, fuzzylist: PHISHING_FUZZYLIST })
+  }
+
+  async updatePhishingList () {
+    const response = await fetch('https://api.infura.io/v1/blacklist')
+    const phishing = await response.json()
+    this.store.updateState({ phishing })
+    return phishing
+  }
+
+  scheduleUpdates () {
+    if (this._phishingUpdateIntervalRef) return
+    this._phishingUpdateIntervalRef = setInterval(() => {
+      this.updatePhishingList()
+    }, POLLING_INTERVAL)
+  }
+}
+
+module.exports = BlacklistController
--- a/app/scripts/controllers/infura.js
+++ b/app/scripts/controllers/infura.js
@ -1,16 +1,14 @@
 const ObservableStore = require('obs-store')
 const extend = require('xtend')
-const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')

 // every ten minutes
-const POLLING_INTERVAL = 300000
+const POLLING_INTERVAL = 10 * 60 * 1000

 class InfuraController {

  constructor (opts = {}) {
    const initState = extend({
      infuraNetworkStatus: {},
-      blacklist: recentBlacklist,
    }, opts.initState)
    this.store = new ObservableStore(initState)
  }
@ -32,24 +30,12 @@ class InfuraController {
      })
  }

-  updateLocalBlacklist () {
-    return fetch('https://api.infura.io/v1/blacklist')
-      .then(response => response.json())
-      .then((parsedResponse) => {
-        this.store.updateState({
-          blacklist: parsedResponse,
-        })
-        return parsedResponse
-      })
-  }
-
  scheduleInfuraNetworkCheck () {
    if (this.conversionInterval) {
      clearInterval(this.conversionInterval)
    }
    this.conversionInterval = setInterval(() => {
      this.checkInfuraNetworkStatus()
-      this.updateLocalBlacklist()
    }, POLLING_INTERVAL)
  }
 }
--- a/app/scripts/lib/is-phish.js
+++ b/app/scripts/lib/is-phish.js
@ -1,38 +1,23 @@
 const levenshtein = require('fast-levenshtein')
-const blacklistedMetaMaskDomains = ['metamask.com']
-let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
-const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
-const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
 const LEVENSHTEIN_TOLERANCE = 4
-const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-

 // credit to @sogoiii and @409H for their help!
 // Return a boolean on whether or not a phish is detected.
-function isPhish({ hostname, blacklist }) {
-  var strCurrentTab = hostname
+function isPhish({ hostname, blacklist, whitelist, fuzzylist }) {

  // check if the domain is part of the whitelist.
-  if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
-
-  // Allow updating of blacklist:
-  if (blacklist) {
-    blacklistedDomains = blacklistedDomains.concat(blacklist)
-  }
+  if (whitelist && whitelist.includes(hostname)) return false

  // check if the domain is part of the blacklist.
-  const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+  if (blacklist && blacklist.includes(hostname)) return true

  // check for similar values.
-  let levenshteinMatched = false
-  var levenshteinForm = strCurrentTab.replace(/\./g, '')
-  LEVENSHTEIN_CHECKS.forEach((element) => {
-    if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
-      levenshteinMatched = true
-    }
+  const levenshteinForm = hostname.replace(/\./g, '')
+  const levenshteinMatched = fuzzylist.some((element) => {
+    return levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE
  })

-  return isBlacklisted || levenshteinMatched
+  return levenshteinMatched
 }

 module.exports = isPhish
--- a/app/scripts/metamask-controller.js
+++ b/app/scripts/metamask-controller.js
@ -16,6 +16,7 @@ const NoticeController = require('./notice-controller')
 const ShapeShiftController = require('./controllers/shapeshift')
 const AddressBookController = require('./controllers/address-book')
 const InfuraController = require('./controllers/infura')
+const BlacklistController = require('./controllers/blacklist')
 const MessageManager = require('./lib/message-manager')
 const PersonalMessageManager = require('./lib/personal-message-manager')
 const TransactionController = require('./controllers/transactions')
@ -23,7 +24,6 @@ const ConfigManager = require('./lib/config-manager')
 const nodeify = require('./lib/nodeify')
 const accountImporter = require('./account-import-strategies')
 const getBuyEthUrl = require('./lib/buy-eth-url')
-const checkForPhishing = require('./lib/is-phish')
 const debounce = require('debounce')

 const version = require('../manifest.json').version
@ -70,6 +70,10 @@ module.exports = class MetamaskController extends EventEmitter {
    })
    this.infuraController.scheduleInfuraNetworkCheck()

+    this.blacklistController = new BlacklistController({
+      initState: initState.BlacklistController,
+    })
+    this.blacklistController.scheduleUpdates()

    // rpc provider
    this.provider = this.initializeProvider()
@ -152,6 +156,9 @@ module.exports = class MetamaskController extends EventEmitter {
    this.networkController.store.subscribe((state) => {
      this.store.updateState({ NetworkController: state })
    })
+    this.blacklistController.store.subscribe((state) => {
+      this.store.updateState({ BlacklistController: state })
+    })
    this.infuraController.store.subscribe((state) => {
      this.store.updateState({ InfuraController: state })
    })
@ -328,7 +335,7 @@ module.exports = class MetamaskController extends EventEmitter {

  setupUntrustedCommunication (connectionStream, originDomain) {
    // Check if new connection is blacklisted
-    if (this.isHostBlacklisted(originDomain)) {
+    if (this.blacklistController.checkForPhishing(originDomain)) {
      console.log('MetaMask - sending phishing warning for', originDomain)
      this.sendPhishingWarning(connectionStream, originDomain)
      return
@ -349,17 +356,9 @@ module.exports = class MetamaskController extends EventEmitter {
    this.setupProviderConnection(mx.createStream('provider'), originDomain)
  }

-  // Check if a domain is on our blacklist
-  isHostBlacklisted (hostname) {
-    if (!hostname) return false
-    const { blacklist } = this.getState().blacklist
-    return checkForPhishing({ blacklist, hostname })
-  }
-
  sendPhishingWarning (connectionStream, hostname) {
    const mx = setupMultiplex(connectionStream)
    const phishingStream = mx.createStream('phishing')
-    // phishingStream.write(true)
    phishingStream.write({ hostname })
  }

--- a/test/unit/blacklist-controller-test.js
+++ b/test/unit/blacklist-controller-test.js
@ -0,0 +1,41 @@
+const assert = require('assert')
+const BlacklistController = require('../../app/scripts/controllers/blacklist')
+
+describe('blacklist controller', function () {
+  let blacklistController
+
+  before(() => {
+    blacklistController = new BlacklistController()
+  })
+
+  describe('checkForPhishing', function () {
+    it('should not flag whitelisted values', function () {
+      const result = blacklistController.checkForPhishing('www.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should flag explicit values', function () {
+      const result = blacklistController.checkForPhishing('metamask.com')
+      assert.equal(result, true)
+    })
+    it('should flag levenshtein values', function () {
+      const result = blacklistController.checkForPhishing('metmask.io')
+      assert.equal(result, true)
+    })
+    it('should not flag not-even-close values', function () {
+      const result = blacklistController.checkForPhishing('example.com')
+      assert.equal(result, false)
+    })
+    it('should not flag the ropsten faucet domains', function () {
+      const result = blacklistController.checkForPhishing('faucet.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should not flag the mascara domain', function () {
+      const result = blacklistController.checkForPhishing('zero.metamask.io')
+      assert.equal(result, false)
+    })
+    it('should not flag the mascara-faucet domain', function () {
+      const result = blacklistController.checkForPhishing('zero-faucet.metamask.io')
+      assert.equal(result, false)
+    })
+  })
+})
--- a/test/unit/phishing-detection-test.js
+++ b/test/unit/phishing-detection-test.js
@ -1,36 +0,0 @@
-const assert = require('assert')
-const isPhish = require('../../app/scripts/lib/is-phish')
-
-describe('phishing detection test', function () {
-  describe('#isPhish', function () {
-    it('should not flag whitelisted values', function () {
-      var result = isPhish({ hostname: 'www.metamask.io' })
-      assert.equal(result, false)
-    })
-    it('should flag explicit values', function () {
-      var result = isPhish({ hostname: 'metamask.com' })
-      assert.equal(result, true)
-    })
-    it('should flag levenshtein values', function () {
-      var result = isPhish({ hostname: 'metmask.io' })
-      assert.equal(result, true)
-    })
-    it('should not flag not-even-close values', function () {
-      var result = isPhish({ hostname: 'example.com' })
-      assert.equal(result, false)
-    })
-    it('should not flag the ropsten faucet domains', function () {
-      var result = isPhish({ hostname: 'faucet.metamask.io' })
-      assert.equal(result, false)
-    })
-    it('should not flag the mascara domain', function () {
-      var result = isPhish({ hostname: 'zero.metamask.io' })
-      assert.equal(result, false)
-    })
-    it('should not flag the mascara-faucet domain', function () {
-      var result = isPhish({ hostname: 'zero-faucet.metamask.io' })
-      assert.equal(result, false)
-    })
-  })
-})
-