chore: Only show breached company links if they are not on our block …

…list
mozilla · Apr 5, 2023 · e930adb · e930adb
1 parent 8944a11
commit e930adb
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 29 deletions.
diff --git a/locales/en/breaches.ftl b/locales/en/breaches.ftl
@@ -71,7 +71,7 @@ breach-checklist-link-mozilla-vpn = { -brand-mozilla-vpn }
 breach-checklist-pw-header-3 =
   {
     $breachedCompanyLink ->
-      [zero] Go to the company’s website to change your password and enable two-factor authentication (2FA).
+      [empty] Go to the company’s website to change your password and enable two-factor authentication (2FA).
      *[other] Go to { $breachedCompanyLink } to change your password and enable two-factor authentication (2FA).
   }
 
@@ -145,7 +145,7 @@ breach-checklist-phone-header-2 = Protect your phone number with a masking servi
 breach-checklist-sq-header-3 =
   {
     $breachedCompanyLink ->
-      [zero] Update your security questions on the company’s website.
+      [empty] Update your security questions on the company’s website.
      *[other] Update your security questions on { $breachedCompanyLink }.
   }
 

diff --git a/src/app-constants.js b/src/app-constants.js
@@ -4,6 +4,12 @@
 
 // TODO: these vars were copy/pasted from the old app-constants.js and should be cleaned up
 import * as dotenv from 'dotenv'
+import { readFileSync } from 'fs'
+import path from 'path'
+import { fileURLToPath } from 'url'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
 
 dotenv.config({ path: '../.env' })
 
@@ -53,7 +59,7 @@ const optionalEnvVars = [
   'SENTRY_DSN_LEGACY'
 ]
 
-const AppConstants = { }
+const AppConstants = {}
 
 if (!process.env.SERVER_URL && process.env.NODE_ENV === 'heroku') {
   process.env.SERVER_URL = `https://${process.env.HEROKU_APP_NAME}.herokuapp.com`
@@ -70,4 +76,24 @@ optionalEnvVars.forEach(key => {
   if (key in process.env) AppConstants[key] = process.env[key]
 })
 
+// Create HIBP breach link blocklist
+const linkStatusList = JSON.parse(readFileSync(path.join(
+  __dirname,
+  './hibp-breach-link-status-list.json'
+)))
+
+const linkBlockList = linkStatusList.links
+  .reduce((blockList, breachLink) => {
+    const { status, statusCode } = breachLink
+
+    if (status !== 'alive' || statusCode !== 200) {
+      blockList.push(breachLink.link)
+    }
+
+    return blockList
+  }, [])
+  .join(',')
+
+AppConstants.HIBP_BREACH_LINK_BLOCKLIST = linkBlockList
+
 export default Object.freeze(AppConstants)
diff --git a/src/utils/breach-links/link-status-list.json → src/hibp-breach-link-status-list.json b/src/utils/breach-links/link-status-list.json → src/hibp-breach-link-status-list.json
diff --git a/src/utils/breach-links/index.js b/src/utils/breach-links/index.js
diff --git a/src/utils/breach-resolution.js b/src/utils/breach-resolution.js
@@ -2,6 +2,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+import AppConstants from '../app-constants.js'
 import { getMessage } from './fluent.js'
 
 /**
@@ -107,26 +108,29 @@ const breachResolutionDataTypes = {
  * @param {Partial<{ countryCode: string }>} options
  * @returns {*} void
  */
-function appendBreachResolutionChecklist (userBreachData, options = {}) {
+async function appendBreachResolutionChecklist (userBreachData, options = {}) {
   const { verifiedEmails } = userBreachData
   for (const { breaches } of verifiedEmails) {
     breaches.forEach(b => {
       const dataClasses = b.DataClasses
-      // TODO: Add condition for hiding breach links
-      const hideBreachLink = false
+      const showLink = b.Domain &&
+        !AppConstants.HIBP_BREACH_LINK_BLOCKLIST.includes(b.Domain)
+
+      console.log(b.Domain, showLink)
+
       const args = {
         companyName: b.Name,
-        breachedCompanyLink: b.Domain
+        breachedCompanyLink: !showLink
           ? `<a href="https://${b.Domain}" target="_blank">${b.Domain}</a>`
-          : '',
+          : 'empty',
         firefoxRelayLink: `<a href="https://relay.firefox.com/?utm_medium=mozilla-websites&utm_source=monitor&utm_campaign=&utm_content=breach-resolution" target="_blank">${getMessage('breach-checklist-link-firefox-relay')}</a>`,
         passwordManagerLink: `<a href="https://www.mozilla.org/firefox/features/password-manager/?utm_medium=mozilla-websites&utm_source=monitor&utm_campaign=&utm_content=breach-resolution" target="_blank">${getMessage('breach-checklist-link-password-manager')}</a>`,
         mozillaVpnLink: `<a href="https://www.mozilla.org/products/vpn/?utm_medium=mozilla-websites&utm_source=monitor&utm_campaign=&utm_content=breach-resolution" target="_blank">${getMessage('breach-checklist-link-mozilla-vpn')}</a>`,
         equifaxLink: '<a href="https://www.equifax.com/personal/credit-report-services/credit-freeze/" target="_blank">Equifax</a>',
         experianLink: '<a href="https://www.experian.com/freeze/center.html" target="_blank">Experian</a>',
         transUnionLink: '<a href="https://www.transunion.com/credit-freeze" target="_blank">TransUnion</a>'
       }
-      b.breachChecklist = getResolutionRecsPerBreach(dataClasses, args, { ...options, hideBreachLink })
+      b.breachChecklist = getResolutionRecsPerBreach(dataClasses, args, options)
     })
   }
 }
@@ -149,8 +153,6 @@ function getResolutionRecsPerBreach (dataTypes, args, options = {}) {
   for (const [key, value] of Object.entries(breachResolutionDataTypes)) {
     if (
       dataTypes.includes(key) &&
-      // Hide the security question or password resolution if we decided to not link to the breached site:
-      !options.hideBreachLink &&
       // Hide resolutions that apply to other countries than the user's:
       (!options.countryCode || !Array.isArray(value.applicableCountryCodes) || value.applicableCountryCodes.includes(options.countryCode.toLowerCase()))
     ) {