Skip to content

Commit

Permalink
PhishingDetect to support IPFS CID blocking (#4465)
Browse files Browse the repository at this point in the history 
This allows us to push IPFS cIDs to the blocklist and have them blocked
by the eth-phishing-detect service. We only need to note the CIDs and
not block the gateways.

---------

Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
  • Loading branch information
@409H @mcmire
409H and mcmire authored Jul 16, 2024
1 parent 8768a17 commit 4511d58
Show file tree
Hide file tree
Showing 5 changed files with 264 additions and 62 deletions.
75 changes: 47 additions & 28 deletions packages/phishing-controller/src/PhishingController.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import {
type PhishingControllerActions,
type PhishingControllerOptions,
} from './PhishingController';
import { formatHostnameToUrl } from './tests/utils';

const controllerName = 'PhishingController';

Expand Down Expand Up @@ -218,14 +219,18 @@ describe('PhishingController', () => {
expect(controller.isStalelistOutOfDate()).toBe(false);
await controller.maybeUpdateState();
expect(
controller.test('this-should-not-be-in-default-blocklist.com'),
controller.test(
formatHostnameToUrl('this-should-not-be-in-default-blocklist.com'),
),
).toMatchObject({
result: false,
type: 'all',
});

expect(
controller.test('this-should-not-be-in-default-allowlist.com'),
controller.test(
formatHostnameToUrl('this-should-not-be-in-default-allowlist.com'),
),
).toMatchObject({
result: false,
type: 'all',
Expand All @@ -235,14 +240,18 @@ describe('PhishingController', () => {
await controller.maybeUpdateState();

expect(
controller.test('this-should-not-be-in-default-blocklist.com'),
controller.test(
formatHostnameToUrl('this-should-not-be-in-default-blocklist.com'),
),
).toMatchObject({
result: true,
type: 'blocklist',
});

expect(
controller.test('this-should-not-be-in-default-allowlist.com'),
controller.test(
formatHostnameToUrl('this-should-not-be-in-default-allowlist.com'),
),
).toMatchObject({
result: false,
type: 'allowlist',
Expand Down Expand Up @@ -479,7 +488,7 @@ describe('PhishingController', () => {
.reply(200, { data: [] });
const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('metamask.io')).toMatchObject({
expect(controller.test(formatHostnameToUrl('metamask.io'))).toMatchObject({
result: false,
type: 'allowlist',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -513,7 +522,7 @@ describe('PhishingController', () => {

const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('i❤.ws')).toMatchObject({
expect(controller.test(formatHostnameToUrl('i❤.ws'))).toMatchObject({
result: false,
type: 'all',
});
Expand Down Expand Up @@ -546,7 +555,7 @@ describe('PhishingController', () => {

const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('xn--i-7iq.ws')).toMatchObject({
expect(controller.test(formatHostnameToUrl('xn--i-7iq.ws'))).toMatchObject({
result: false,
type: 'all',
});
Expand Down Expand Up @@ -579,7 +588,7 @@ describe('PhishingController', () => {

const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('etnerscan.io')).toMatchObject({
expect(controller.test(formatHostnameToUrl('etnerscan.io'))).toMatchObject({
result: true,
type: 'blocklist',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -612,7 +621,9 @@ describe('PhishingController', () => {
.reply(200, { data: [] });
const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('myetherẉalletṭ.com')).toMatchObject({
expect(
controller.test(formatHostnameToUrl('myetherẉalletṭ.com')),
).toMatchObject({
result: true,
type: 'blocklist',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -646,7 +657,9 @@ describe('PhishingController', () => {

const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('xn--myetherallet-4k5fwn.com')).toMatchObject({
expect(
controller.test(formatHostnameToUrl('xn--myetherallet-4k5fwn.com')),
).toMatchObject({
result: true,
type: 'blocklist',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -689,7 +702,9 @@ describe('PhishingController', () => {
const controller = getPhishingController();
await controller.updateStalelist();
expect(
controller.test('e4d600ab9141b7a9859511c77e63b9b3.com'),
controller.test(
formatHostnameToUrl('e4d600ab9141b7a9859511c77e63b9b3.com'),
),
).toMatchObject({
result: true,
type: 'blocklist',
Expand Down Expand Up @@ -725,7 +740,9 @@ describe('PhishingController', () => {
const controller = getPhishingController();
await controller.updateStalelist();
expect(
controller.test('e4d600ab9141b7a9859511c77e63b9b3.com'),
controller.test(
formatHostnameToUrl('e4d600ab9141b7a9859511c77e63b9b3.com'),
),
).toMatchObject({
result: false,
type: 'all',
Expand Down Expand Up @@ -758,7 +775,7 @@ describe('PhishingController', () => {
.reply(200, { data: [] });
const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('opensea.io')).toMatchObject({
expect(controller.test(formatHostnameToUrl('opensea.io'))).toMatchObject({
result: false,
type: 'allowlist',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -791,7 +808,7 @@ describe('PhishingController', () => {
.reply(200, { data: [] });
const controller = getPhishingController();
await controller.updateStalelist();
expect(controller.test('ohpensea.io')).toMatchObject({
expect(controller.test(formatHostnameToUrl('ohpensea.io'))).toMatchObject({
result: true,
type: 'fuzzy',
name: ListNames.MetaMask,
Expand Down Expand Up @@ -825,7 +842,9 @@ describe('PhishingController', () => {
const controller = getPhishingController();
await controller.updateStalelist();
expect(
controller.test('this-is-the-official-website-of-opensea.io'),
controller.test(
formatHostnameToUrl('this-is-the-official-website-of-opensea.io'),
),
).toMatchObject({
result: false,
type: 'all',
Expand Down Expand Up @@ -860,12 +879,12 @@ describe('PhishingController', () => {
await controller.updateStalelist();
const unsafeDomain = 'electrum.mx';
assert.equal(
controller.test(unsafeDomain).result,
controller.test(formatHostnameToUrl(unsafeDomain)).result,
true,
'Example unsafe domain seems to be safe',
);
controller.bypass(unsafeDomain);
expect(controller.test(unsafeDomain)).toMatchObject({
controller.bypass(formatHostnameToUrl(unsafeDomain));
expect(controller.test(formatHostnameToUrl(unsafeDomain))).toMatchObject({
result: false,
type: 'all',
});
Expand Down Expand Up @@ -899,13 +918,13 @@ describe('PhishingController', () => {
await controller.updateStalelist();
const unsafeDomain = 'electrum.mx';
assert.equal(
controller.test(unsafeDomain).result,
controller.test(formatHostnameToUrl(unsafeDomain)).result,
true,
'Example unsafe domain seems to be safe',
);
controller.bypass(unsafeDomain);
controller.bypass(unsafeDomain);
expect(controller.test(unsafeDomain)).toMatchObject({
controller.bypass(formatHostnameToUrl(unsafeDomain));
controller.bypass(formatHostnameToUrl(unsafeDomain));
expect(controller.test(formatHostnameToUrl(unsafeDomain))).toMatchObject({
result: false,
type: 'all',
});
Expand Down Expand Up @@ -939,12 +958,12 @@ describe('PhishingController', () => {
await controller.updateStalelist();
const unsafeDomain = 'myetherẉalletṭ.com';
assert.equal(
controller.test(unsafeDomain).result,
controller.test(formatHostnameToUrl(unsafeDomain)).result,
true,
'Example unsafe domain seems to be safe',
);
controller.bypass(unsafeDomain);
expect(controller.test(unsafeDomain)).toMatchObject({
controller.bypass(formatHostnameToUrl(unsafeDomain));
expect(controller.test(formatHostnameToUrl(unsafeDomain))).toMatchObject({
result: false,
type: 'all',
});
Expand Down Expand Up @@ -978,12 +997,12 @@ describe('PhishingController', () => {
await controller.updateStalelist();
const unsafeDomain = 'xn--myetherallet-4k5fwn.com';
assert.equal(
controller.test(unsafeDomain).result,
controller.test(formatHostnameToUrl(unsafeDomain)).result,
true,
'Example unsafe domain seems to be safe',
);
controller.bypass(unsafeDomain);
expect(controller.test(unsafeDomain)).toMatchObject({
controller.bypass(formatHostnameToUrl(unsafeDomain));
expect(controller.test(formatHostnameToUrl(unsafeDomain))).toMatchObject({
result: false,
type: 'all',
});
Expand Down
Loading

0 comments on commit 4511d58

Please sign in to comment.