Merge branch 'jb-privacy-mode' of github.com:MetaMask/metamask-extens…

…ion into jb-privacy-mode
MetaMask · Oct 28, 2024 · 72198f0 · 72198f0
2 parents 9240d83 + 53d60cf
commit 72198f0
Show file tree

Hide file tree

Showing 21 changed files with 490 additions and 282 deletions.
diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json
@@ -1979,6 +1979,7 @@
       "globals": {
         "TextEncoder": true,
         "URL": true,
+        "console.error": true,
         "fetch": true
       },
       "packages": {

diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json
@@ -1979,6 +1979,7 @@
       "globals": {
         "TextEncoder": true,
         "URL": true,
+        "console.error": true,
         "fetch": true
       },
       "packages": {

diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json
@@ -1979,6 +1979,7 @@
       "globals": {
         "TextEncoder": true,
         "URL": true,
+        "console.error": true,
         "fetch": true
       },
       "packages": {

diff --git a/lavamoat/browserify/mmi/policy.json b/lavamoat/browserify/mmi/policy.json
@@ -2071,6 +2071,7 @@
       "globals": {
         "TextEncoder": true,
         "URL": true,
+        "console.error": true,
         "fetch": true
       },
       "packages": {

diff --git a/package.json b/package.json
@@ -326,7 +326,7 @@
     "@metamask/obs-store": "^9.0.0",
     "@metamask/permission-controller": "^10.0.0",
     "@metamask/permission-log-controller": "^2.0.1",
-    "@metamask/phishing-controller": "^12.0.1",
+    "@metamask/phishing-controller": "^12.3.0",
     "@metamask/post-message-stream": "^8.0.0",
     "@metamask/ppom-validator": "0.35.1",
     "@metamask/preinstalled-example-snap": "^0.2.0",

diff --git a/test/e2e/constants.ts b/test/e2e/constants.ts
@@ -41,6 +41,7 @@ export const DEFAULT_GANACHE_ETH_BALANCE_DEC = '25';
 
 /* Dapp host addresses and URL*/
 export const DAPP_HOST_ADDRESS = '127.0.0.1:8080';
+export const DAPP_URL_LOCALHOST = 'http://localhost:8080';
 export const DAPP_URL = `http://${DAPP_HOST_ADDRESS}`;
 export const DAPP_ONE_URL = 'http://127.0.0.1:8081';
 

diff --git a/test/e2e/fixture-builder.js b/test/e2e/fixture-builder.js
@@ -13,6 +13,7 @@ const { CHAIN_IDS } = require('../../shared/constants/network');
 const { SMART_CONTRACTS } = require('./seeder/smart-contracts');
 const {
   DAPP_URL,
+  DAPP_URL_LOCALHOST,
   DAPP_ONE_URL,
   DEFAULT_FIXTURE_ACCOUNT,
   ERC_4337_ACCOUNT,
@@ -448,12 +449,13 @@ class FixtureBuilder {
   withPermissionControllerConnectedToTestDapp({
     restrictReturnedAccounts = true,
     account = '',
+    useLocalhostHostname = false,
   } = {}) {
     const selectedAccount = account || DEFAULT_FIXTURE_ACCOUNT;
     return this.withPermissionController({
       subjects: {
-        [DAPP_URL]: {
-          origin: DAPP_URL,
+        [useLocalhostHostname ? DAPP_URL_LOCALHOST : DAPP_URL]: {
+          origin: useLocalhostHostname ? DAPP_URL_LOCALHOST : DAPP_URL,
           permissions: {
             eth_accounts: {
               id: 'ZaqPEWxyhNCJYACFw93jE',

diff --git a/test/e2e/mock-cdn/cdn-config-res-headers.json b/test/e2e/mock-cdn/cdn-config-res-headers.json
@@ -1,3 +1,4 @@
 {
-  "Etag": "bb28e40153ff052671b8ad835d368d89"
+  "Content-Type": "text/plain",
+  "Etag": "\"db8ccd7f11424082a7cea67466129aed\""
 }
diff --git a/test/e2e/mock-cdn/cdn-config.txt b/test/e2e/mock-cdn/cdn-config.txt
diff --git a/test/e2e/mock-cdn/cdn-stale-diff-res-headers.json b/test/e2e/mock-cdn/cdn-stale-diff-res-headers.json
@@ -1,3 +1,4 @@
 {
-  "Etag": "W/\"ece7f5f533b8978063633ea5b1f8a0fc\""
+  "Content-Type": "text/plain",
+  "Etag": "W/\"5ae8a43f84ccd89e8ddc79b1dfed0035\""
 }
diff --git a/test/e2e/mock-cdn/cdn-stale-diff.txt b/test/e2e/mock-cdn/cdn-stale-diff.txt
diff --git a/test/e2e/mock-cdn/cdn-stale-res-headers.json b/test/e2e/mock-cdn/cdn-stale-res-headers.json
@@ -1,3 +1,4 @@
 {
-  "Etag": "W/\"b89ab99b0801b5d64acb27893a2b31ca\""
+  "Content-Type": "text/plain",
+  "Etag": "W/\"ab6bc9d599f83e04ae71f6ea957414f0\""
 }
diff --git a/test/e2e/mock-cdn/cdn-stale.txt b/test/e2e/mock-cdn/cdn-stale.txt
diff --git a/test/e2e/mock-cdn/ppom-version-headers.json b/test/e2e/mock-cdn/ppom-version-headers.json
@@ -1,3 +1,3 @@
 {
-  "Etag": "W/\"9f5df4118b061a89ac013422f809de72\""
+  "Etag": "W/\"7aa74f7c18a5cb2601e4fc6afcadc9cc\""
 }
diff --git a/test/e2e/mock-cdn/ppom-version.json b/test/e2e/mock-cdn/ppom-version.json
diff --git a/test/e2e/mock-cdn/update-mock-cdn-files.js b/test/e2e/mock-cdn/update-mock-cdn-files.js
@@ -65,6 +65,11 @@ async function updateMockCdnFiles() {
   const { mainnetConfigVersion, mainnetStaleVersion, mainnetStaleDiffVersion } =
     await getFileVersions();
 
+  // Function to create header object with Etag and Content-Type
+  const createHeaderObject = (etag) => ({
+    Etag: etag,
+    'Content-Type': 'text/plain',
+  });
   // updating cdn-config-res-headers.json file
   const configResponse = await fetch(
     `${PPOM_CONFIG_URL}${mainnetConfigVersion}`,
@@ -76,7 +81,7 @@ async function updateMockCdnFiles() {
   const configHeaders = configResponse.headers;
 
   const etagConfig = configHeaders.get('etag');
-  const etagConfigObject = { Etag: etagConfig };
+  const etagConfigObject = createHeaderObject(etagConfig);
 
   writeFileSync(
     `${MOCK_CDN_FOLDER_URL}cdn-config-res-headers.json`,
@@ -91,7 +96,7 @@ async function updateMockCdnFiles() {
   const staleHeaders = staleResponse.headers;
 
   const etagStale = staleHeaders.get('etag');
-  const etagStaleObject = { Etag: etagStale };
+  const etagStaleObject = createHeaderObject(etagStale);
 
   writeFileSync(
     `${MOCK_CDN_FOLDER_URL}cdn-stale-res-headers.json`,
@@ -109,7 +114,7 @@ async function updateMockCdnFiles() {
   const staleDiffHeaders = staleDiffResponse.headers;
 
   const etagStaleDiff = staleDiffHeaders.get('etag');
-  const etagStaleDiffObject = { Etag: etagStaleDiff };
+  const etagStaleDiffObject = createHeaderObject(etagStaleDiff);
 
   writeFileSync(
     `${MOCK_CDN_FOLDER_URL}cdn-stale-diff-res-headers.json`,

diff --git a/test/e2e/tests/ppom/ppom-blockaid-alert-erc20-transfer.spec.js b/test/e2e/tests/ppom/ppom-blockaid-alert-erc20-transfer.spec.js
@@ -1,17 +1,13 @@
-const { strict: assert } = require('assert');
 const FixtureBuilder = require('../../fixture-builder');
 
 const {
   WINDOW_TITLES,
   defaultGanacheOptions,
-  openDapp,
   unlockWallet,
   withFixtures,
 } = require('../../helpers');
 const { mockServerJsonRpc } = require('./mocks/mock-server-json-rpc');
 
-const bannerAlertSelector = '[data-testid="security-provider-banner-alert"]';
-
 const selectedAddress = '0x5cfe73b6021e818b776b421b1c4db2474086a7e1';
 const selectedAddressWithoutPrefix = '5cfe73b6021e818b776b421b1c4db2474086a7e1';
 
@@ -161,14 +157,17 @@ async function mockInfura(mockServer) {
 }
 
 describe('PPOM Blockaid Alert - Malicious ERC20 Transfer @no-mmi', function () {
-  // eslint-disable-next-line mocha/no-skipped-tests
-  it.skip('should show banner alert', async function () {
+  it('should show banner alert', async function () {
+    // we need to use localhost instead of the ip
+    // see issue: https://github.com/MetaMask/MetaMask-planning/issues/3560
     await withFixtures(
       {
         dapp: true,
         fixtures: new FixtureBuilder()
           .withNetworkControllerOnMainnet()
-          .withPermissionControllerConnectedToTestDapp()
+          .withPermissionControllerConnectedToTestDapp({
+            useLocalhostHostname: true,
+          })
           .withPreferencesController({
             securityAlertsEnabled: true,
           })
@@ -181,10 +180,10 @@ describe('PPOM Blockaid Alert - Malicious ERC20 Transfer @no-mmi', function () {
       async ({ driver }) => {
         const expectedTitle = 'This is a deceptive request';
         const expectedDescription =
-          'If you approve this request, you might lose your assets.';
+          'If you approve this request, a third party known for scams will take all your assets.';
 
         await unlockWallet(driver);
-        await openDapp(driver);
+        await driver.openNewPage('http://localhost:8080');
 
         // Click TestDapp button to send JSON-RPC request
         await driver.clickElement('#maliciousERC20TransferButton');
@@ -195,20 +194,15 @@ describe('PPOM Blockaid Alert - Malicious ERC20 Transfer @no-mmi', function () {
 
         await driver.assertElementNotPresent('.loading-indicator');
 
-        const bannerAlertFoundByTitle = await driver.findElement({
-          css: bannerAlertSelector,
+        await driver.waitForSelector({
+          css: '.mm-text--body-lg-medium',
           text: expectedTitle,
         });
-        const bannerAlertText = await bannerAlertFoundByTitle.getText();
 
-        assert(
-          bannerAlertFoundByTitle,
-          `Banner alert not found. Expected Title: ${expectedTitle} \nExpected reason: transfer_farming\n`,
-        );
-        assert(
-          bannerAlertText.includes(expectedDescription),
-          `Unexpected banner alert description. Expected: ${expectedDescription} \nExpected reason: transfer_farming\n`,
-        );
+        await driver.waitForSelector({
+          css: '.mm-text--body-md',
+          text: expectedDescription,
+        });
       },
     );
   });

diff --git a/test/e2e/tests/ppom/ppom-blockaid-alert-simple-send.spec.js b/test/e2e/tests/ppom/ppom-blockaid-alert-simple-send.spec.js
@@ -3,9 +3,10 @@ const FixtureBuilder = require('../../fixture-builder');
 
 const {
   defaultGanacheOptions,
-  withFixtures,
-  sendScreenToConfirmScreen,
   logInWithBalanceValidation,
+  sendScreenToConfirmScreen,
+  WINDOW_TITLES,
+  withFixtures,
 } = require('../../helpers');
 const { mockServerJsonRpc } = require('./mocks/mock-server-json-rpc');
 
@@ -106,11 +107,9 @@ async function mockInfuraWithFailedResponses(mockServer) {
   await mockInfura(mockServer);
 
   await mockServer
-    .forPost()
-    .withJsonBodyIncluding({
-      method: 'debug_traceCall',
-      params: [{ accessList: [], data: '0x00000000' }],
-    })
+    .forGet(
+      'https://static.cx.metamask.io/api/v1/confirmations/ppom/ppom_version.json',
+    )
     .thenCallback(() => {
       return {
         statusCode: 500,
@@ -159,10 +158,15 @@ describe('Simple Send Security Alert - Blockaid @no-mmi', function () {
    */
   it('should show security alerts for malicious requests', async function () {
     await withFixtures(
+      // we need to use localhost instead of the ip
+      // see issue: https://github.com/MetaMask/MetaMask-planning/issues/3560
       {
         dapp: true,
         fixtures: new FixtureBuilder()
           .withNetworkControllerOnMainnet()
+          .withPermissionControllerConnectedToTestDapp({
+            useLocalhostHostname: true,
+          })
           .withPreferencesController({
             securityAlertsEnabled: true,
           })
@@ -175,29 +179,25 @@ describe('Simple Send Security Alert - Blockaid @no-mmi', function () {
       async ({ driver }) => {
         await logInWithBalanceValidation(driver);
 
-        await sendScreenToConfirmScreen(driver, mockMaliciousAddress, '1');
+        await driver.openNewPage('http://localhost:8080');
 
-        // Find element by title
-        const bannerAlertFoundByTitle = await driver.findElement({
-          css: bannerAlertSelector,
+        await driver.clickElement('#maliciousRawEthButton');
+        await driver.switchToWindowWithTitle(WINDOW_TITLES.Dialog);
+
+        await driver.waitForSelector({
+          css: '.mm-text--body-lg-medium',
           text: expectedMaliciousTitle,
         });
-        const bannerAlertText = await bannerAlertFoundByTitle.getText();
 
-        assert(
-          bannerAlertFoundByTitle,
-          `Banner alert not found. Expected Title: ${expectedMaliciousTitle}`,
-        );
-        assert(
-          bannerAlertText.includes(expectedMaliciousDescription),
-          `Unexpected banner alert description. Expected: ${expectedMaliciousDescription}`,
-        );
+        await driver.waitForSelector({
+          css: '.mm-text--body-md',
+          text: expectedMaliciousDescription,
+        });
       },
     );
   });
 
-  // eslint-disable-next-line mocha/no-skipped-tests
-  it.skip('should show "Request may not be safe" if the PPOM request fails to check transaction', async function () {
+  it('should show "Be careful" if the PPOM request fails to check transaction', async function () {
     await withFixtures(
       {
         dapp: true,
@@ -220,8 +220,7 @@ describe('Simple Send Security Alert - Blockaid @no-mmi', function () {
           '0xB8c77482e45F1F44dE1745F52C74426C631bDD52',
           '1.1',
         );
-        // await driver.delay(100000)
-        const expectedTitle = 'Request may not be safe';
+        const expectedTitle = 'Be careful';
 
         const bannerAlert = await driver.findElement({
           css: bannerAlertSelector,

diff --git a/test/e2e/tests/ppom/ppom-blockaid-alert-trade-order-farming.spec.js b/test/e2e/tests/ppom/ppom-blockaid-alert-trade-order-farming.spec.js
@@ -1,17 +1,13 @@
-const { strict: assert } = require('assert');
 const FixtureBuilder = require('../../fixture-builder');
 
 const {
   WINDOW_TITLES,
   defaultGanacheOptions,
-  openDapp,
   unlockWallet,
   withFixtures,
 } = require('../../helpers');
 const { mockServerJsonRpc } = require('./mocks/mock-server-json-rpc');
 
-const bannerAlertSelector = '[data-testid="security-provider-banner-alert"]';
-
 const CONTRACT_ADDRESS = {
   WrappedEther: 'c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2',
   OffchainOracle: '0x52cbe0f49ccdd4dc6e9c13bab024eabd2842045b',
@@ -90,14 +86,17 @@ async function mockInfura(mockServer) {
 }
 
 describe('PPOM Blockaid Alert - Set Trade farming order @no-mmi', function () {
-  // eslint-disable-next-line mocha/no-skipped-tests
-  it.skip('should show banner alert', async function () {
+  it('should show banner alert', async function () {
+    // we need to use localhost instead of the ip
+    // see issue: https://github.com/MetaMask/MetaMask-planning/issues/3560
     await withFixtures(
       {
         dapp: true,
         fixtures: new FixtureBuilder()
           .withNetworkControllerOnMainnet()
-          .withPermissionControllerConnectedToTestDapp()
+          .withPermissionControllerConnectedToTestDapp({
+            useLocalhostHostname: true,
+          })
           .withPreferencesController({
             securityAlertsEnabled: true,
           })
@@ -109,35 +108,27 @@ describe('PPOM Blockaid Alert - Set Trade farming order @no-mmi', function () {
 
       async ({ driver }) => {
         await unlockWallet(driver);
-        await openDapp(driver);
+        await driver.openNewPage('http://localhost:8080');
 
         const expectedTitle = 'This is a deceptive request';
         const expectedDescription =
           'If you approve this request, you might lose your assets.';
 
         // Click TestDapp button to send JSON-RPC request
         await driver.clickElement('#maliciousTradeOrder');
-
-        // Wait for confirmation pop-up
-        await driver.waitUntilXWindowHandles(3);
         await driver.switchToWindowWithTitle(WINDOW_TITLES.Dialog);
 
         await driver.assertElementNotPresent('.loading-indicator');
 
-        const bannerAlertFoundByTitle = await driver.findElement({
-          css: bannerAlertSelector,
+        await driver.waitForSelector({
+          css: '.mm-text--body-lg-medium',
           text: expectedTitle,
         });
-        const bannerAlertText = await bannerAlertFoundByTitle.getText();
 
-        assert(
-          bannerAlertFoundByTitle,
-          `Banner alert not found. Expected Title: ${expectedTitle} \nExpected reason: approval_farming\n`,
-        );
-        assert(
-          bannerAlertText.includes(expectedDescription),
-          `Unexpected banner alert description. Expected: ${expectedDescription} \nExpected reason: approval_farming\n`,
-        );
+        await driver.waitForSelector({
+          css: '.mm-text--body-md',
+          text: expectedDescription,
+        });
       },
     );
   });