Skip to content

Commit

Permalink
Merge branch 'en-whitelist_fix'
Browse files Browse the repository at this point in the history
* en-whitelist_fix:
  Blacklists are now updated every 5 mins
  Added logic to do mycrypto edit distance after myetherwallet
  Added tip box to ESL
  Increased version number
  Removed dirty hotfix that isn't needed anymore since the last 2 commits
  Re-arranged logic to fix the whitelist domains _sometimes_ being blocked
  Added enpoint to get blacklist domains and whitelist domains. Converted getWhitelistedDomainsFromSource() to async w/ promise
  Added link to ESL
  • Loading branch information
409H committed Feb 9, 2018
2 parents 026b588 + f862a27 commit 29353ef
Show file tree
Hide file tree
Showing 5 changed files with 112 additions and 90 deletions.
10 changes: 10 additions & 0 deletions css/app.css
Original file line number Diff line number Diff line change
Expand Up @@ -166,4 +166,14 @@
right: 5%;
display: none;
z-index: 1;
}

#ext-etheraddresslookup-tip_box {
background: #00c2c1;
padding: 1px;
color: #fff;
}
#ext-etheraddresslookup-tip_box a {
color: #fff;
text-decoration: underline;
}
130 changes: 64 additions & 66 deletions js/DomainBlacklist.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,87 +11,85 @@
});

//Detects if the current tab is in the blacklisted domains file
function blacklistedDomainCheck()
{
function blacklistedDomainCheck() {
let objBrowser = chrome ? chrome : browser;
var arrBlacklistedDomains = [];
var arrWhitelistedDomains = ["www.myetherwallet.com", "myetherwallet.com"];
objBrowser.runtime.sendMessage({func: "blacklist_domain_list"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
arrBlacklistedDomains = objResponse.resp;
objBrowser.runtime.sendMessage({func: "whitelist_domain_list"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
arrWhitelistedDomains = objResponse.resp;
return doBlacklistCheck();
}
}.bind(arrWhitelistedDomains));
}
}.bind(arrBlacklistedDomains));

function doBlacklistCheck() {
var strCurrentTab = window.location.hostname;
var strCurrentTab = strCurrentTab.replace(/www\./g,'');

//Domain is whitelisted, don't check the blacklist.
if(arrWhitelistedDomains.indexOf(strCurrentTab) >= 0 || strCurrentTab === "myetherwallet.com") {
console.log("Domain "+ strCurrentTab +" is whitelisted on EAL!");
return false;
objBrowser.runtime.sendMessage({func: "blacklist_whitelist_domain_list"}, function (objResponse) {
if (objResponse && objResponse.hasOwnProperty("resp")) {
var objDomainLists = JSON.parse(objResponse.resp);
var arrWhitelistedDomains = objDomainLists.whitelist;
var arrBlacklistedDomains = objDomainLists.blacklist;
return doBlacklistCheck(arrWhitelistedDomains, arrBlacklistedDomains);
}
});
}

if(arrBlacklistedDomains.length > 0) {

var objBlacklistedDomains = JSON.parse(arrBlacklistedDomains);
arrBlacklistedDomains = objBlacklistedDomains.domains;
function doBlacklistCheck(arrWhitelistedDomains, arrBlacklistedDomains)
{
var strCurrentTab = window.location.hostname;
strCurrentTab = strCurrentTab.replace(/www\./g,'');

var isBlacklisted = arrBlacklistedDomains.indexOf(strCurrentTab) >= 0 ? true : false;
//Domain is whitelisted, don't check the blacklist.
if(arrWhitelistedDomains.indexOf(strCurrentTab) >= 0) {
console.log("Domain "+ strCurrentTab +" is whitelisted on EAL!");
return false;
}

//Only do Levenshtein if it's not blacklisted
//Levenshtein - @sogoiii
var blHolisticStatus = false;
if(isBlacklisted === false && arrWhitelistedDomains.indexOf(strCurrentTab) < 0) {
var strCurrentTab = punycode.toUnicode(strCurrentTab);
var source = strCurrentTab.replace(/\./g, '');
var intHolisticMetric = levenshtein(source, 'myetherwallet');
var intHolisticLimit = 7 // How different can the word be?
if(arrBlacklistedDomains.length > 0) {
var isBlacklisted = arrBlacklistedDomains.indexOf(strCurrentTab) >= 0 ? true : false;

//Only do Levenshtein if it's not blacklisted
//Levenshtein - @sogoiii
var blHolisticStatus = false;
if(isBlacklisted === false && arrWhitelistedDomains.indexOf(strCurrentTab) < 0) {
var strCurrentTab = punycode.toUnicode(strCurrentTab);
var source = strCurrentTab.replace(/\./g, '');
var intHolisticMetric = levenshtein(source, 'myetherwallet');
var intHolisticLimit = 7 // How different can the word be?
blHolisticStatus = (intHolisticMetric > 0 && intHolisticMetric < intHolisticLimit) ? true : false;
if(blHolisticStatus === false) {
//Do edit distance against mycrypto
var intHolisticMetric = levenshtein(source, 'mycrypto');
blHolisticStatus = (intHolisticMetric > 0 && intHolisticMetric < intHolisticLimit) ? true : false;
}
}

//If it's not in the whitelist and it is blacklisted or levenshtien wants to blacklist it.
if ( arrWhitelistedDomains.indexOf(strCurrentTab) < 0 && (isBlacklisted || blHolisticStatus)) {
console.warn(window.location.href + " is blacklisted by EAL - "+ (isBlacklisted ? "Blacklisted" : "Levenshtein Logic"));
window.location.href = "https://harrydenley.com/EtherAddressLookup/phishing.html#"+ (window.location.href);
return false;
}
//If it's not in the whitelist and it is blacklisted or levenshtien wants to blacklist it.
if ( arrWhitelistedDomains.indexOf(strCurrentTab) < 0 && (isBlacklisted === true || blHolisticStatus === true)) {
console.warn(window.location.href + " is blacklisted by EAL - "+ (isBlacklisted ? "Blacklisted" : "Levenshtein Logic"));
window.location.href = "https://harrydenley.com/EtherAddressLookup/phishing.html#"+ (window.location.href);
return false;
}
}

//Now do the 3rd party domain list check if they have that option enabled.
objBrowser.runtime.sendMessage({func: "3rd_party_blacklist_domains"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
if(objResponse.resp == 1) {
objBrowser.runtime.sendMessage({func: "3p_blacklist_domain_list"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
var obj3rdPartyLists = JSON.parse(objResponse.resp);
var strCurrentTab = window.location.hostname;
var strCurrentTab = strCurrentTab.replace(/www\./g,'');

//Now do the 3rd party domain list check if they have that option enabled.
objBrowser.runtime.sendMessage({func: "3rd_party_blacklist_domains"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
if(objResponse.resp == 1) {
objBrowser.runtime.sendMessage({func: "3p_blacklist_domain_list"}, function(objResponse) {
if(objResponse && objResponse.hasOwnProperty("resp")) {
var obj3rdPartyLists = JSON.parse(objResponse.resp);
var strCurrentTab = window.location.hostname;
var strCurrentTab = strCurrentTab.replace(/www\./g,'');

for(var str3rdPartyIdentifier in obj3rdPartyLists) {

if(obj3rdPartyLists[str3rdPartyIdentifier].format == "sha256") {
strCurrentTab = sha256(strCurrentTab);
}

if(obj3rdPartyLists[str3rdPartyIdentifier].domains.indexOf(strCurrentTab) >= 0) {
console.warn(window.location.href + " is blacklisted by "+ str3rdPartyIdentifier);
window.location.href = "https://harrydenley.com/EtherAddressLookup/phishing-"+ str3rdPartyIdentifier +".html#"+ (window.location.href);
return false;
}
for(var str3rdPartyIdentifier in obj3rdPartyLists) {

if(obj3rdPartyLists[str3rdPartyIdentifier].format == "sha256") {
strCurrentTab = sha256(strCurrentTab);
}

if(obj3rdPartyLists[str3rdPartyIdentifier].domains.indexOf(strCurrentTab) >= 0) {
console.warn(window.location.href + " is blacklisted by "+ str3rdPartyIdentifier);
window.location.href = "https://harrydenley.com/EtherAddressLookup/phishing-"+ str3rdPartyIdentifier +".html#"+ (window.location.href);
return false;
}
}
});
}
}
});
}
});
}
}
});
}

function levenshtein(a, b) {
Expand Down
52 changes: 32 additions & 20 deletions js/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,13 @@ objBrowser.runtime.onMessage.addListener(
strResponse = localStorage.getItem("ext-etheraddresslookup-perform_address_lookups");
}
break;
case 'blacklist_whitelist_domain_list' :
var objDomainLists = {"blacklist": "", "whitelist": ""};
var objBlacklist = JSON.parse(getBlacklistedDomains("eal"));
objDomainLists.blacklist = objBlacklist.domains;
objDomainLists.whitelist = getWhitelistedDomains();
strResponse = JSON.stringify(objDomainLists);
break;
default:
strResponse = "unsupported";
break;
Expand Down Expand Up @@ -164,7 +171,7 @@ function getBlacklistedDomains(strType)
//Check to see if the cache is older than 5 minutes, if so re-cache it.
objBlacklistedDomains = JSON.parse(objBlacklistedDomains);
console.log("Domains last fetched: " + (Math.floor(Date.now() / 1000) - objBlacklistedDomains.timestamp) + " seconds ago");
if (objBlacklistedDomains.timestamp == 0 || (Math.floor(Date.now() / 1000) - objBlacklistedDomains.timestamp) > 180) {
if (objBlacklistedDomains.timestamp == 0 || (Math.floor(Date.now() / 1000) - objBlacklistedDomains.timestamp) > 300) {
updateAllBlacklists(objEalBlacklistedDomains);
}
}
Expand Down Expand Up @@ -212,15 +219,27 @@ function getWhitelistedDomains()
var objWhitelistedDomains = {"timestamp":0,"domains":[]};
//See if we need to get the blacklisted domains - ie: do we have them cached?
if(localStorage.getItem("ext-etheraddresslookup-whitelist_domains_list") === null) {
objWhitelistedDomains = getWhitelistedDomainsFromSource();
getWhitelistedDomainsFromSource().then(function (arrDomains) {
objWhitelistedDomains.timestamp = Math.floor(Date.now() / 1000);
objWhitelistedDomains.domains = arrDomains;

localStorage.setItem("ext-etheraddresslookup-whitelist_domains_list", JSON.stringify(objWhitelistedDomains));
return objWhitelistedDomains.domains;
});
} else {
var objWhitelistedDomains = localStorage.getItem("ext-etheraddresslookup-whitelist_domains_list");
//Check to see if the cache is older than 5 minutes, if so re-cache it.
objWhitelistedDomains = JSON.parse(objWhitelistedDomains);
console.log("Whitelisted domains last fetched: " + (Math.floor(Date.now() / 1000) - objWhitelistedDomains.timestamp) + " seconds ago");
if ((Math.floor(Date.now() / 1000) - objWhitelistedDomains.timestamp) > 180) {
console.log("Caching blacklisted domains again.");
objWhitelistedDomains = getWhitelistedDomainsFromSource();
if ((Math.floor(Date.now() / 1000) - objWhitelistedDomains.timestamp) > 300) {
console.log("Caching whitelisted domains again.");
getWhitelistedDomainsFromSource().then(function (arrDomains) {
objWhitelistedDomains.timestamp = Math.floor(Date.now() / 1000);
objWhitelistedDomains.domains = arrDomains;

localStorage.setItem("ext-etheraddresslookup-whitelist_domains_list", JSON.stringify(objWhitelistedDomains));
return objWhitelistedDomains.domains;
});
}
}

Expand All @@ -239,21 +258,14 @@ async function getBlacklistedDomainsFromSource(objBlacklist)
}
}

function getWhitelistedDomainsFromSource()
async function getWhitelistedDomainsFromSource()
{
console.log("Getting whitelist from GitHub now");
var objAjax = new XMLHttpRequest();
objAjax.open("GET", "https://raw.githubusercontent.com/409H/EtherAddressLookup/master/whitelists/domains.json", true);
objAjax.send();
objAjax.onreadystatechange = function () {
if (objAjax.readyState === 4) {
var arrWhitelistedDomains = JSON.parse(objAjax.responseText);
var objWhitelist = {};
objWhitelist.timestamp = Math.floor(Date.now() / 1000);
objWhitelist.domains = arrWhitelistedDomains;
localStorage.setItem("ext-etheraddresslookup-whitelist_domains_list", JSON.stringify(objWhitelist));
return objWhitelist;
}
try {
console.log("Getting whitelist from GitHub now: https://raw.githubusercontent.com/409H/EtherAddressLookup/master/whitelists/domains.json");
let objResponse = await fetch("https://raw.githubusercontent.com/409H/EtherAddressLookup/master/whitelists/domains.json");
return objResponse.json();
}
catch(objError) {
console.log("Failed to get whitelist for https://raw.githubusercontent.com/409H/EtherAddressLookup/master/whitelists/domains.json", objError);
}
return {"timestamp":0,"domains":[]};
}
2 changes: 1 addition & 1 deletion manifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"name": "EtherAddressLookup",
"short_name": "EtherAddressLookup",
"description": "Adds links to strings that look like Ethereum addresses to your favorite blockchain explorer.",
"version": "1.14.1",
"version": "1.14.2",

"browser_action": {
"default_icon": "images/icon.png",
Expand Down
8 changes: 5 additions & 3 deletions options.html
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@ <h4 class="text-center">EtherAddressLookup</h4>
</small>
</div>

<br/>

<label>Preferred Blockchain Explorer</label>
<select class="form-control" name="ext-etheraddresslookup-choose_blockchain"
id="ext-etheraddresslookup-choose_blockchain">
Expand Down Expand Up @@ -75,11 +73,15 @@ <h4 class="text-center">EtherAddressLookup</h4>
<a href="https://github.com/409H/EtherAddressLookup" target="_blank">GitHub</a>
</div>

<hr />
<br />

<a href="https://harrydenley.com/ethaddresslookup-chrome-extension-release/" target="_blank">Read Author Blog</a> &mdash;
<a href="https://twitter.com/EthAddrLookup" target="_blank">@EthAddrLookup</a>
<br/>
<span id="ext-etheraddresslookup-tip_box">
<strong>Tip:</strong> Install our other extension: <a href="https://harrydenley.com/ethsecuritylookup-chrome-extension-release/" target="_blank">EtherSecurityLookup</a>.
</span>
<br />
<strong>Version:</strong> <span id="ext-manifest_version"></span> &mdash; BETA
</div>
</div>
Expand Down

0 comments on commit 29353ef

Please sign in to comment.