Skip to content

Commit

Permalink
fix: Update phishingSafelistStream to send origin as a parameter for …
Browse files Browse the repository at this point in the history
…safelistPhishingDomain (#165)

* fix: safelistPhishingDomain send origin as param instead of hostname

* fix: update changelog

* fix: add missing column

* fix: CHANGELOG typo

* fix: CHANGELOG linting

* fix: protocol typo in tests
cryptodev-2s authored Aug 29, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent d4b5abb commit 218da62
Showing 3 changed files with 8 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]
### Changed
- **BREAKING**: Update `phishingSafelistStream` to send `origin` instead of `hostname` as a parameter for `safelistPhishingDomain` method ([#165](https://github.com/MetaMask/phishing-warning/pull/165))

## [3.0.4]
### Changed
8 changes: 4 additions & 4 deletions src/index.ts
Original file line number Diff line number Diff line change
@@ -145,20 +145,20 @@ async function isBlockedByMetamask(href: string) {
* @param href - The href value to check.
*/
function getSuspect(href = ''): {
suspectHostname: string;
suspectHostnameUnicode: string;
suspectHref: string;
suspectHrefUnicode: string;
suspectOrigin: string;
} {
try {
const url = new URL(href);
const unicodeHostname = toUnicode(url.hostname);
const unicodeHref = `${url.protocol}//${unicodeHostname}${url.pathname}${url.search}${url.hash}`;
return {
suspectHostname: url.hostname,
suspectHostnameUnicode: unicodeHostname,
suspectHref: url.href,
suspectHrefUnicode: unicodeHref,
suspectOrigin: url.origin,
};
} catch (error) {
throw new Error(`Invalid 'href' query parameter`);
@@ -200,10 +200,10 @@ function start() {
const hashQueryString = new URLSearchParams(hashContents);

const {
suspectHostname,
suspectHref,
suspectHostnameUnicode,
suspectHrefUnicode,
suspectOrigin,
} = getSuspect(hashQueryString.get('href'));

const suspectLink = document.getElementById('suspect-link');
@@ -242,7 +242,7 @@ function start() {
phishingSafelistStream.write({
jsonrpc: '2.0',
method: 'safelistPhishingDomain',
params: [suspectHostname],
params: [suspectOrigin],
id: createRandomId(),
});

4 changes: 2 additions & 2 deletions tests/bypass.spec.ts
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ test.beforeEach(async ({ context }) => {
await setupDefaultMocks(context);
});

test('allows the user to bypass the warning and add the site to the allowlist', async ({
test('allows the user to bypass the warning and add the site origin to the allowlist', async ({
page,
}) => {
const postMessageLogs = await setupStreamInitialization(page);
@@ -24,7 +24,7 @@ test('allows the user to bypass the warning and add the site to the allowlist',
id: expect.any(Number),
jsonrpc: '2.0',
method: 'safelistPhishingDomain',
params: ['test.com'],
params: ['https://test.com'],
},
name: 'metamask-phishing-safelist',
});

0 comments on commit 218da62

Please sign in to comment.