-
Notifications
You must be signed in to change notification settings - Fork 570
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Pass URLs to
PhishingController
(#2835)
Following MetaMask/metamask-extension#25839 full URLs are required as the argument for `PhishingController:testOrigin`. This PR makes sure that our calls to `isOnPhishingList` pass strictly full URLs.
- Loading branch information
1 parent
4be3dd3
commit b78d274
Showing
4 changed files
with
39 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
{ | ||
"branches": 99.74, | ||
"functions": 98.92, | ||
"lines": 99.45, | ||
"statements": 96.31 | ||
"lines": 99.46, | ||
"statements": 96.32 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -550,38 +550,41 @@ describe('validateLink', () => { | |
expect(() => validateLink('mailto:[email protected]', fn, fn)).not.toThrow(); | ||
|
||
expect(fn).toHaveBeenCalledTimes(2); | ||
expect(fn).toHaveBeenCalledWith('foo.bar'); | ||
expect(fn).toHaveBeenCalledWith('bar.com'); | ||
expect(fn).toHaveBeenCalledWith('https://foo.bar/'); | ||
expect(fn).toHaveBeenCalledWith('https://bar.com'); | ||
}); | ||
|
||
it('passes for a valid list of emails', () => { | ||
const fn = jest.fn().mockReturnValue(false); | ||
const getSnap = jest.fn(); | ||
|
||
expect(() => | ||
validateLink('mailto:[email protected],[email protected],[email protected]', fn), | ||
validateLink('mailto:[email protected],[email protected],[email protected]', fn, getSnap), | ||
).not.toThrow(); | ||
|
||
expect(fn).toHaveBeenCalledTimes(3); | ||
expect(fn).toHaveBeenCalledWith('bar.com'); | ||
expect(fn).toHaveBeenCalledWith('baz.com'); | ||
expect(fn).toHaveBeenCalledWith('qux.com'); | ||
expect(fn).toHaveBeenCalledWith('https://bar.com'); | ||
expect(fn).toHaveBeenCalledWith('https://baz.com'); | ||
expect(fn).toHaveBeenCalledWith('https://qux.com'); | ||
}); | ||
|
||
it('passes for a valid email with a parameter', () => { | ||
const fn = jest.fn().mockReturnValue(false); | ||
const getSnap = jest.fn(); | ||
|
||
expect(() => | ||
validateLink('mailto:[email protected]?subject=Subject', fn), | ||
validateLink('mailto:[email protected]?subject=Subject', fn, getSnap), | ||
).not.toThrow(); | ||
|
||
expect(fn).toHaveBeenCalledTimes(1); | ||
expect(fn).toHaveBeenCalledWith('bar.com'); | ||
expect(fn).toHaveBeenCalledWith('https://bar.com'); | ||
}); | ||
|
||
it('throws an error for an invalid protocol', () => { | ||
const fn = jest.fn().mockReturnValue(false); | ||
const getSnap = jest.fn(); | ||
|
||
expect(() => validateLink('http://foo.bar', fn, fn)).toThrow( | ||
expect(() => validateLink('http://foo.bar', fn, getSnap)).toThrow( | ||
'Invalid URL: Protocol must be one of: https:, mailto:, metamask:.', | ||
); | ||
|
||
|
@@ -620,7 +623,7 @@ describe('validateLink', () => { | |
).toThrow('Invalid URL: The specified URL is not allowed.'); | ||
|
||
expect(fn).toHaveBeenCalledTimes(1); | ||
expect(fn).toHaveBeenCalledWith('test.metamask-phishing.io'); | ||
expect(fn).toHaveBeenCalledWith('https://test.metamask-phishing.io/'); | ||
}); | ||
|
||
it('throws an error for a phishing email', () => { | ||
|
@@ -631,45 +634,52 @@ describe('validateLink', () => { | |
).toThrow('Invalid URL: The specified URL is not allowed.'); | ||
|
||
expect(fn).toHaveBeenCalledTimes(1); | ||
expect(fn).toHaveBeenCalledWith('test.metamask-phishing.io'); | ||
expect(fn).toHaveBeenCalledWith('https://test.metamask-phishing.io'); | ||
}); | ||
|
||
it('throws an error for a phishing email when using multiple emails', () => { | ||
const fn = jest.fn().mockImplementation((email) => { | ||
if (email === 'test.metamask-phishing.io') { | ||
if (email === 'https://test.metamask-phishing.io') { | ||
return true; | ||
} | ||
|
||
return false; | ||
}); | ||
const getSnap = jest.fn(); | ||
|
||
expect(() => | ||
validateLink('mailto:[email protected],[email protected]', fn), | ||
validateLink( | ||
'mailto:[email protected],[email protected]', | ||
fn, | ||
getSnap, | ||
), | ||
).toThrow('Invalid URL: The specified URL is not allowed.'); | ||
|
||
expect(fn).toHaveBeenCalledTimes(1); | ||
expect(fn).toHaveBeenCalledWith('test.metamask-phishing.io'); | ||
expect(fn).toHaveBeenCalledWith('https://test.metamask-phishing.io'); | ||
}); | ||
|
||
it('throws an error for a phishing email when using parameters', () => { | ||
const fn = jest.fn().mockImplementation((email) => { | ||
if (email === 'test.metamask-phishing.io') { | ||
if (email === 'https://test.metamask-phishing.io') { | ||
return true; | ||
} | ||
|
||
return false; | ||
}); | ||
const getSnap = jest.fn(); | ||
|
||
expect(() => | ||
validateLink( | ||
'mailto:[email protected],[email protected]?subject=Subject', | ||
fn, | ||
getSnap, | ||
), | ||
).toThrow('Invalid URL: The specified URL is not allowed.'); | ||
|
||
expect(fn).toHaveBeenCalledTimes(2); | ||
expect(fn).toHaveBeenCalledWith('bar.com'); | ||
expect(fn).toHaveBeenCalledWith('test.metamask-phishing.io'); | ||
expect(fn).toHaveBeenCalledWith('https://bar.com'); | ||
expect(fn).toHaveBeenCalledWith('https://test.metamask-phishing.io'); | ||
}); | ||
}); | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters