Merge branch 'main' into main

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.0.2]
+### Fixed
+- change to hostname for Github issues ([#127](https://github.com/MetaMask/phishing-warning/pull/127))
+
 ## [3.0.1]
 ### Changed
 - Using href url param only for suspect site ([#124](https://github.com/MetaMask/phishing-warning/pull/124))
@@ -77,7 +81,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Initial implementation of the phishing warning page
   - This should behave identically to the phishing warning page built into the MetaMask extension.
 
-[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v3.0.1...HEAD
+[Unreleased]: https://github.com/MetaMask/phishing-warning/compare/v3.0.2...HEAD
+[3.0.2]: https://github.com/MetaMask/phishing-warning/compare/v3.0.1...v3.0.2
 [3.0.1]: https://github.com/MetaMask/phishing-warning/compare/v3.0.0...v3.0.1
 [3.0.0]: https://github.com/MetaMask/phishing-warning/compare/v2.1.1...v3.0.0
 [2.1.1]: https://github.com/MetaMask/phishing-warning/compare/v2.1.0...v2.1.1

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/phishing-warning",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "A page to warn users about a suspected phishing site.",
   "repository": {
     "type": "git",
@@ -28,7 +28,7 @@
     "@metamask/post-message-stream": "^7.0.0",
     "eth-phishing-detect": "^1.2.0",
     "globalthis": "1.0.1",
-    "punycode": "^2.3.0",
+    "punycode": "^2.3.1",
     "readable-stream": "^3.6.2",
     "ses": "^0.18.8"
   },

src/index.ts

@@ -1,4 +1,4 @@
-import { toASCII } from 'punycode/';
+import { toASCII, toUnicode } from 'punycode/';
 import { pipeline } from 'readable-stream';
 import PhishingDetector from 'eth-phishing-detect/src/detector';
 import { WindowPostMessageStream } from '@metamask/post-message-stream';
@@ -146,15 +146,19 @@ async function isBlockedByMetamask(href: string) {
  */
 function getSuspect(href = ''): {
   suspectHostname: string;
+  suspectHostnameUnicode: string;
   suspectHref: string;
-  suspectHrefPlain: string;
+  suspectHrefUnicode: string;
 } {
   try {
     const url = new URL(href);
+    const unicodeHostname = toUnicode(url.hostname);
+    const unicodeHref = `${url.protocol}//${unicodeHostname}${url.pathname}${url.search}${url.hash}`;
     return {
       suspectHostname: url.hostname,
+      suspectHostnameUnicode: unicodeHostname,
       suspectHref: url.href,
-      suspectHrefPlain: href,
+      suspectHrefUnicode: unicodeHref,
     };
   } catch (error) {
     throw new Error(`Invalid 'href' query parameter`);
@@ -195,9 +199,12 @@ function start() {
   const hashContents = hash.slice(1); // drop leading '#' from hash
   const hashQueryString = new URLSearchParams(hashContents);
 
-  const { suspectHostname, suspectHref, suspectHrefPlain } = getSuspect(
-    hashQueryString.get('href'),
-  );
+  const {
+    suspectHostname,
+    suspectHref,
+    suspectHostnameUnicode,
+    suspectHrefUnicode,
+  } = getSuspect(hashQueryString.get('href'));
 
   const suspectLink = document.getElementById('suspect-link');
   if (!suspectLink) {
@@ -211,8 +218,8 @@ function start() {
   }
 
   const newIssueParams = `?title=[Legitimate%20Site%20Blocked]%20${encodeURIComponent(
-    suspectHrefPlain,
-  )}&body=${encodeURIComponent(suspectHrefPlain)}`;
+    suspectHostnameUnicode,
+  )}&body=${encodeURIComponent(toUnicode(suspectHrefUnicode))}`;
 
   newIssueLink.addEventListener('click', async () => {
     const listName = (await isBlockedByMetamask(suspectHref))

tests/failed-lookup.spec.ts

@@ -16,6 +16,6 @@ test('directs users to eth-phishing-detect to dispute a block, including issue t
   await page.waitForLoadState('networkidle');
 
   await expect(page).toHaveURL(
-    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20https%3A%2F%2Ftest.com&body=https%3A%2F%2Ftest.com',
+    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20test.com&body=https%3A%2F%2Ftest.com%2F',
   );
 });

tests/metamask-block.spec.ts

@@ -22,7 +22,7 @@ test('directs users to eth-phishing-detect to dispute a block, including issue t
   await page.waitForLoadState('networkidle');
 
   await expect(page).toHaveURL(
-    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20https%3A%2F%2Ftest.com&body=https%3A%2F%2Ftest.com',
+    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20test.com&body=https%3A%2F%2Ftest.com%2F',
   );
 });
 
@@ -38,14 +38,41 @@ test('correctly matches unicode domains', async ({ context, page }) => {
     hostname: url,
     href: url,
   });
-  const encoded = encodeURIComponent(url);
+
+  await page.goto(`/#${querystring}`);
+
+  await page.getByRole('link', { name: 'report a detection problem' }).click();
+  // Wait for dynamic configuration check
+  await page.waitForLoadState('networkidle');
+
+  await expect(page).toHaveURL(
+    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20metam%E1%BA%A1sk.io&body=https%3A%2F%2Fmetam%E1%BA%A1sk.io%2F',
+  );
+});
+
+test('correctly matches unicode domains with path', async ({
+  context,
+  page,
+}) => {
+  await setupDefaultMocks(context, {
+    phishingConfig: {
+      ...defaultPhishingConfig,
+      blacklist: ['xn--metamsk-en4c.io'],
+    },
+  });
+  const url = 'https://metamạsk.io/somepath?query=string';
+  const querystring = new URLSearchParams({
+    hostname: url,
+    href: url,
+  });
+
   await page.goto(`/#${querystring}`);
 
   await page.getByRole('link', { name: 'report a detection problem' }).click();
   // Wait for dynamic configuration check
   await page.waitForLoadState('networkidle');
 
   await expect(page).toHaveURL(
-    `https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20${encoded}&body=${encoded}`,
+    'https://github.com/MetaMask/eth-phishing-detect/issues/new?title=[Legitimate%20Site%20Blocked]%20metam%E1%BA%A1sk.io&body=https%3A%2F%2Fmetam%E1%BA%A1sk.io%2Fsomepath%3Fquery%3Dstring',
   );
 });

tests/phishfort-block.spec.ts

@@ -18,6 +18,6 @@ test('directs users to PhishFort to dispute a block, including issue template pa
   await page.waitForLoadState('networkidle');
 
   await expect(page).toHaveURL(
-    'https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20https%3A%2F%2Ftest.com&body=https%3A%2F%2Ftest.com',
+    'https://github.com/phishfort/phishfort-lists/issues/new?title=[Legitimate%20Site%20Blocked]%20test.com&body=https%3A%2F%2Ftest.com%2F',
   );
 });

yarn.lock

@@ -1683,7 +1683,7 @@ __metadata:
     playwright: ~1.33.0
     prettier: ^2.6.2
     prettier-plugin-packagejson: ^2.2.17
-    punycode: ^2.3.0
+    punycode: ^2.3.1
     readable-stream: ^3.6.2
     ses: ^0.18.8
     ts-node: ^10.7.0
@@ -6004,13 +6004,20 @@ __metadata:
   languageName: node
   linkType: hard
 
-"punycode@npm:^2.1.0, punycode@npm:^2.3.0":
+"punycode@npm:^2.1.0":
   version: 2.3.0
   resolution: "punycode@npm:2.3.0"
   checksum: 39f760e09a2a3bbfe8f5287cf733ecdad69d6af2fe6f97ca95f24b8921858b91e9ea3c9eeec6e08cede96181b3bb33f95c6ffd8c77e63986508aa2e8159fa200
   languageName: node
   linkType: hard
 
+"punycode@npm:^2.3.1":
+  version: 2.3.1
+  resolution: "punycode@npm:2.3.1"
+  checksum: bb0a0ceedca4c3c57a9b981b90601579058903c62be23c5e8e843d2c2d4148a3ecf029d5133486fb0e1822b098ba8bba09e89d6b21742d02fa26bda6441a6fb2
+  languageName: node
+  linkType: hard
+
 "qs@npm:^6.4.0":
   version: 6.11.0
   resolution: "qs@npm:6.11.0"