Merge pull request #1838 from MetaMask/i1805-LiveBlacklistUpdating

Live blacklist updating
feature/default_network_editable
Kevin Serrano 7 years ago committed by GitHub
commit d15e402ed8
  1. 3
      CHANGELOG.md
  2. 8
      app/manifest.json
  3. 26
      app/scripts/background.js
  4. 45
      app/scripts/blacklister.js
  5. 14
      app/scripts/controllers/infura.js
  6. 1
      app/scripts/inpage.js
  7. 38
      app/scripts/lib/is-phish.js
  8. 12
      test/unit/blacklister-test.js

@ -2,6 +2,9 @@
## Current Master ## Current Master
- Continuously update blacklist for known phishing sites in background.
- Automatically detect suspicious URLs too similar to common phishing targets, and blacklist them.
## 3.9.2 2017-7-26 ## 3.9.2 2017-7-26
- Fix bugs that could sometimes result in failed transactions after switching networks. - Fix bugs that could sometimes result in failed transactions after switching networks.

@ -55,8 +55,12 @@
}, },
{ {
"run_at": "document_start", "run_at": "document_start",
"matches": ["http://*/*", "https://*/*"], "matches": [
"js": ["scripts/blacklister.js"] "http://*/*",
"https://*/*"
],
"js": ["scripts/blacklister.js"],
"all_frames": true
} }
], ],
"permissions": [ "permissions": [

@ -11,6 +11,7 @@ const NotificationManager = require('./lib/notification-manager.js')
const MetamaskController = require('./metamask-controller') const MetamaskController = require('./metamask-controller')
const extension = require('extensionizer') const extension = require('extensionizer')
const firstTimeState = require('./first-time-state') const firstTimeState = require('./first-time-state')
const isPhish = require('./lib/is-phish')
const STORAGE_KEY = 'metamask-config' const STORAGE_KEY = 'metamask-config'
const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG' const METAMASK_DEBUG = 'GULP_METAMASK_DEBUG'
@ -90,6 +91,10 @@ function setupController (initState) {
extension.runtime.onConnect.addListener(connectRemote) extension.runtime.onConnect.addListener(connectRemote)
function connectRemote (remotePort) { function connectRemote (remotePort) {
if (remotePort.name === 'blacklister') {
return checkBlacklist(remotePort)
}
var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification' var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
var portStream = new PortStream(remotePort) var portStream = new PortStream(remotePort)
if (isMetaMaskInternalProcess) { if (isMetaMaskInternalProcess) {
@ -135,6 +140,27 @@ function setupController (initState) {
return Promise.resolve() return Promise.resolve()
} }
// Listen for new pages and return if blacklisted:
function checkBlacklist (port) {
const handler = handleNewPageLoad.bind(null, port)
port.onMessage.addListener(handler)
setTimeout(() => {
port.onMessage.removeListener(handler)
}, 30000)
}
function handleNewPageLoad (port, message) {
const { pageLoaded } = message
if (!pageLoaded || !global.metamaskController) return
const state = global.metamaskController.getState()
const updatedBlacklist = state.blacklist
if (isPhish({ updatedBlacklist, hostname: pageLoaded })) {
port.postMessage({ 'blacklist': pageLoaded })
}
}
// //
// Etc... // Etc...
// //

@ -1,41 +1,14 @@
const levenshtein = require('fast-levenshtein') const extension = require('extensionizer')
const blacklistedMetaMaskDomains = ['metamask.com']
const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
const LEVENSHTEIN_TOLERANCE = 4
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
var port = extension.runtime.connect({name: 'blacklister'})
port.postMessage({ 'pageLoaded': window.location.hostname })
port.onMessage.addListener(redirectIfBlacklisted)
// credit to @sogoiii and @409H for their help! function redirectIfBlacklisted (response) {
// Return a boolean on whether or not a phish is detected. const { blacklist } = response
function isPhish(hostname) { const host = window.location.hostname
var strCurrentTab = hostname if (blacklist && blacklist === host) {
// check if the domain is part of the whitelist.
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
// check if the domain is part of the blacklist.
var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
// check for similar values.
var levenshteinMatched = false
var levenshteinForm = strCurrentTab.replace(/\./g, '')
LEVENSHTEIN_CHECKS.forEach((element) => {
if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
levenshteinMatched = true
}
})
return isBlacklisted || levenshteinMatched
}
window.addEventListener('load', function () {
var hostnameToCheck = window.location.hostname
if (isPhish(hostnameToCheck)) {
// redirect to our phishing warning page.
window.location.href = 'https://metamask.io/phishing.html' window.location.href = 'https://metamask.io/phishing.html'
} }
}) }
module.exports = isPhish

@ -1,5 +1,6 @@
const ObservableStore = require('obs-store') const ObservableStore = require('obs-store')
const extend = require('xtend') const extend = require('xtend')
const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')
// every ten minutes // every ten minutes
const POLLING_INTERVAL = 300000 const POLLING_INTERVAL = 300000
@ -9,6 +10,7 @@ class InfuraController {
constructor (opts = {}) { constructor (opts = {}) {
const initState = extend({ const initState = extend({
infuraNetworkStatus: {}, infuraNetworkStatus: {},
blacklist: recentBlacklist,
}, opts.initState) }, opts.initState)
this.store = new ObservableStore(initState) this.store = new ObservableStore(initState)
} }
@ -30,12 +32,24 @@ class InfuraController {
}) })
} }
updateLocalBlacklist () {
return fetch('https://api.infura.io/v1/blacklist')
.then(response => response.json())
.then((parsedResponse) => {
this.store.updateState({
blacklist: parsedResponse,
})
return parsedResponse
})
}
scheduleInfuraNetworkCheck () { scheduleInfuraNetworkCheck () {
if (this.conversionInterval) { if (this.conversionInterval) {
clearInterval(this.conversionInterval) clearInterval(this.conversionInterval)
} }
this.conversionInterval = setInterval(() => { this.conversionInterval = setInterval(() => {
this.checkInfuraNetworkStatus() this.checkInfuraNetworkStatus()
this.updateLocalBlacklist()
}, POLLING_INTERVAL) }, POLLING_INTERVAL)
} }
} }

@ -65,3 +65,4 @@ function restoreContextAfterImports () {
console.warn('MetaMask - global.define could not be overwritten.') console.warn('MetaMask - global.define could not be overwritten.')
} }
} }

@ -0,0 +1,38 @@
const levenshtein = require('fast-levenshtein')
const blacklistedMetaMaskDomains = ['metamask.com']
let blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
const LEVENSHTEIN_TOLERANCE = 4
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
// credit to @sogoiii and @409H for their help!
// Return a boolean on whether or not a phish is detected.
function isPhish({ hostname, updatedBlacklist = null }) {
var strCurrentTab = hostname
// check if the domain is part of the whitelist.
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
// Allow updating of blacklist:
if (updatedBlacklist) {
blacklistedDomains = blacklistedDomains.concat(updatedBlacklist)
}
// check if the domain is part of the blacklist.
const isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
// check for similar values.
let levenshteinMatched = false
var levenshteinForm = strCurrentTab.replace(/\./g, '')
LEVENSHTEIN_CHECKS.forEach((element) => {
if (levenshtein.get(element, levenshteinForm) <= LEVENSHTEIN_TOLERANCE) {
levenshteinMatched = true
}
})
return isBlacklisted || levenshteinMatched
}
module.exports = isPhish

@ -1,24 +1,24 @@
const assert = require('assert') const assert = require('assert')
const Blacklister = require('../../app/scripts/blacklister') const isPhish = require('../../app/scripts/lib/is-phish')
describe('blacklister', function () { describe('blacklister', function () {
describe('#isPhish', function () { describe('#isPhish', function () {
it('should not flag whitelisted values', function () { it('should not flag whitelisted values', function () {
var result = Blacklister('www.metamask.io') var result = isPhish({ hostname: 'www.metamask.io' })
assert(!result) assert(!result)
}) })
it('should flag explicit values', function () { it('should flag explicit values', function () {
var result = Blacklister('metamask.com') var result = isPhish({ hostname: 'metamask.com' })
assert(result) assert(result)
}) })
it('should flag levenshtein values', function () { it('should flag levenshtein values', function () {
var result = Blacklister('metmask.io') var result = isPhish({ hostname: 'metmask.com' })
assert(result) assert(result)
}) })
it('should not flag not-even-close values', function () { it('should not flag not-even-close values', function () {
var result = Blacklister('example.com') var result = isPhish({ hostname: 'example.com' })
assert(!result) assert(!result)
}) })
}) })
}) })

Loading…
Cancel
Save