commit
f8cadbcb32
@ -1,13 +1,41 @@ |
||||
const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json') |
||||
const levenshtein = require('fast-levenshtein') |
||||
const blacklistedMetaMaskDomains = ['metamask.com'] |
||||
const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains) |
||||
const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io'] |
||||
const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains) |
||||
const LEVENSHTEIN_TOLERANCE = 4 |
||||
const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask'] |
||||
|
||||
function detectBlacklistedDomain() { |
||||
var strCurrentTab = window.location.hostname |
||||
if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) { |
||||
window.location.href = 'https://metamask.io/phishing.html' |
||||
|
||||
// credit to @sogoiii and @409H for their help!
|
||||
// Return a boolean on whether or not a phish is detected.
|
||||
function isPhish(hostname) { |
||||
var strCurrentTab = hostname |
||||
|
||||
// check if the domain is part of the whitelist.
|
||||
if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false } |
||||
|
||||
// check if the domain is part of the blacklist.
|
||||
var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab) |
||||
|
||||
// check for similar values.
|
||||
var levenshteinMatched = false |
||||
var levenshteinForm = strCurrentTab.replace(/\./g, '') |
||||
LEVENSHTEIN_CHECKS.forEach((element) => { |
||||
if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) { |
||||
levenshteinMatched = true |
||||
} |
||||
}) |
||||
|
||||
return isBlacklisted || levenshteinMatched |
||||
} |
||||
|
||||
window.addEventListener('load', function() { |
||||
detectBlacklistedDomain() |
||||
window.addEventListener('load', function () { |
||||
var hostnameToCheck = window.location.hostname |
||||
if (isPhish(hostnameToCheck)) { |
||||
// redirect to our phishing warning page.
|
||||
window.location.href = 'https://metamask.io/phishing.html' |
||||
} |
||||
}) |
||||
|
||||
module.exports = isPhish |
||||
|
@ -0,0 +1,8 @@ |
||||
module.exports = { |
||||
getStack, |
||||
} |
||||
|
||||
function getStack () { |
||||
const stack = new Error('Stack trace generator - not an error').stack |
||||
return stack |
||||
} |
@ -0,0 +1,24 @@ |
||||
const assert = require('assert') |
||||
const Blacklister = require('../../app/scripts/blacklister') |
||||
|
||||
|
||||
describe('blacklister', function () { |
||||
describe('#isPhish', function () { |
||||
it('should not flag whitelisted values', function () { |
||||
var result = Blacklister('www.metamask.io') |
||||
assert(!result) |
||||
}) |
||||
it('should flag explicit values', function () { |
||||
var result = Blacklister('metamask.com') |
||||
assert(result) |
||||
}) |
||||
it('should flag levenshtein values', function () { |
||||
var result = Blacklister('metmask.io') |
||||
assert(result) |
||||
}) |
||||
it('should not flag not-even-close values', function () { |
||||
var result = Blacklister('example.com') |
||||
assert(!result) |
||||
}) |
||||
}) |
||||
}) |
Loading…
Reference in new issue