feat: add error for new security challenge (#2630)

gakonst · Oct 9, 2023 · 1d4a112 · 1d4a112
1 parent 66dd13c
commit 1d4a112
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 2 deletions.
diff --git a/ethers-etherscan/src/errors.rs b/ethers-etherscan/src/errors.rs
@@ -45,7 +45,9 @@ pub enum EtherscanError {
     InvalidApiKey,
     #[error("Sorry, you have been blocked by Cloudflare, See also https://community.cloudflare.com/t/sorry-you-have-been-blocked/110790")]
     BlockedByCloudflare,
-    #[error("The Requested prompted a cloudflare captcha security challenge to review the security of your connection before proceeding.")]
+    #[error("It appears that the request prompted a (browser based) security challenge, you're possibly rate limited or your ip is scrutinized by the api endpoint: {0:?}")]
+    SecurityChallenge(reqwest::Url),
+    #[error("The request prompted a cloudflare captcha security challenge to review the security of your connection before proceeding.")]
     CloudFlareSecurityChallenge,
     #[error("Received `Page not found` response. API server is likely down")]
     PageNotFound,
@@ -65,6 +67,11 @@ pub(crate) fn is_cloudflare_security_challenge(txt: &str) -> bool {
         txt.to_lowercase().contains("checking if the site connection is secure")
 }
 
+/// Some endpoints prompt a security challenge, which is most likely a captcha that requires javascript: <https://github.com/foundry-rs/foundry/issues/4865#issuecomment-1752876830>
+pub(crate) fn is_security_challenge_prompt(txt: &str) -> bool {
+    txt.contains("challenge-error-title")
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -75,6 +82,38 @@ mod tests {
         assert!(is_cloudflare_security_challenge(res));
     }
 
+    #[test]
+    fn test_is_security_challenge_prompt() {
+        let res = r#"<!DOCTYPE html>
+<html lang="\&quot;en-US\&quot;">
+<head>
+<title>Just a moment...</title>
+<meta http-equiv="\&quot;Content-Type\&quot;" content="\&quot;text/html;" charset="UTF-8\&quot;" />
+<meta http-equiv="\&quot;X-UA-Compatible\&quot;" content="\&quot;IE=Edge\&quot;" />
+<meta name="\&quot;robots\&quot;" content="\&quot;noindex,nofollow\&quot;" />
+<meta name="\&quot;viewport\&quot;" content="\&quot;width=device-width,initial-scale=1\&quot;" />
+<link href="\&quot;/cdn-cgi/styles/challenges.css\&quot;" rel="\&quot;stylesheet\&quot;" />
+</head>
+<body class="\&quot;no-js\&quot;">
+<div class="\&quot;main-wrapper\&quot;" role="\&quot;main\&quot;">
+<div class="\&quot;main-content\&quot;">
+    <noscript>
+    <div id="\&quot;challenge-error-title\&quot;">
+    <div class="\&quot;h2\&quot;">
+    <span class="\&quot;icon-wrapper\&quot;">
+        <div class="\&quot;heading-icon" warning-icon\"=""></div></span>
+    <span id="\&quot;challenge-error-text\&quot;">Enable JavaScript and cookies to continue</span>
+    </div>
+    </div>
+    </noscript>
+</div>
+</div>
+<script>(function(){window._cf_chl_opt={cvId: '2',cZone: \"api-goerli.etherscan.io\",cType: 'interactive',cNounce: '5086',cRay: '813529177d3bc09b',cHash: 'c548661e7180c05',cUPMDTk: \"\\/api\\/?apikey=CQWS36SV2WKNHU1RH7XY6QSWQK9MKJ54CY&module=contract&action=getabi&address=0x9c05899ed01e57dad8beca7e3137ad04bbf5f2b2&__cf_chl_tk=moDC8fLFgM9LR9i6AXJTnSiiNVrTWmrcW.qiQdQ05x0-1696839166-0-gaNycGzNCtA\",cFPWv: 'g',cTTimeMs: '1000',cMTimeMs: '0',cTplV: 5,cTplB: 'cf',cK: \"visitor-time\",fa: \"\\/api\\/?apikey=CQWS36SV2WKNHU1RH7XY6QSWQK9MKJ54CY&module=contract&action=getabi&address=0x9c05899ed01e57dad8beca7e3137ad04bbf5f2b2&__cf_chl_f_tk=moDC8fLFgM9LR9i6AXJTnSiiNVrTWmrcW.qiQdQ05x0-1696839166-0-gaNycGzNCtA\",md: \"bo20uCQgmDtvj7Ns.nEadYkobArkRYlH3Jof77jKKfs-1696839166-0-AUrlrDvdVzpROmpOcrQEir1Ts4Unha7FoPLyVc1n3V74R9MBSZmc3lE12vohpP2zcVU6y4Oi9Dp7DDkscd3oEoyOduA_s5zBFdfWKg2_Mk6EOzKmW2I1RRW50kbPnWoBFiJFNZaCoJh5jVI_zAjvPwbxz_TfggbKUHDYmSQ7E4ndzQvVNqYtWrnnoVDi48Q2DG9UjwHK3XOXEm8ZL0fL4BfI-9SJKCHcjXcTMgKWiHnej9VdIun73L-2rqCrdhPZMVletlWc8QP6mgfa-vz7KO9YcXzh3a-Pf8oGAHTepk8mS02Qz4hulrMsM1vpjkec3Fmt2TsUpV3oY4cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=813529177d3bc09b';window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, \"\\/api\\/?apikey=CQWS36SV2WKNHU1RH7XY6QSWQK9MKJ54CY&module=contract&action=getabi&address=0x9c05899ed01e57dad8beca7e3137ad04bbf5f2b2&__cf_chl_rt_tk=moDC8fLFgM9LR9i6AXJTnSiiNVrTWmrcW.qiQdQ05x0-1696839166-0-gaNycGzNCtA\" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script>
+</body>
+</html>"#;
+        assert!(is_security_challenge_prompt(res));
+    }
+
     #[test]
     fn test_cloudflare_response() {
         let resp = "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]>    <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Attention Required! | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/cf.errors.css\" />\n<!--[if lt IE 9]><link rel=\"stylesheet\" id='cf_styles-ie-css' href=\"/cdn-cgi/styles/cf.errors.ie.css\" /><![endif]-->\n<style>body{margin:0;padding:0}</style>\n\n\n<!--[if gte IE 10]><!-->\n<script>\n  if (!navigator.cookieEnabled) {\n    window.addEventListener('DOMContentLoaded', function () {\n      var cookieEl = document.getElementById('cookie-alert');\n      cookieEl.style.display = 'block';\n    })\n  }\n</script>\n<!--<![endif]-->\n\n\n</head>\n<body>\n  <div id=\"cf-wrapper\">\n    <div class=\"cf-alert cf-alert-error cf-cookie-error\" id=\"cookie-alert\" data-translate=\"enable_cookies\">Please enable cookies.</div>\n    <div id=\"cf-error-details\" class=\"cf-error-details-wrapper\">\n      <div class=\"cf-wrapper cf-header cf-error-overview\">\n        <h1 data-translate=\"block_headline\">Sorry, you have been blocked</h1>\n        <h2 class=\"cf-subheadline\"><span data-translate=\"unable_to_access\">You are unable to access</span> polygonscan.com</h2>\n      </div><!-- /.header -->\n\n      <div class=\"cf-section cf-highlight\">\n        <div class=\"cf-wrapper\">\n          <div class=\"cf-screenshot-container cf-screenshot-full\">\n            \n              <span class=\"cf-no-screenshot error\"></span>\n            \n          </div>\n        </div>\n      </div><!-- /.captcha-container -->\n\n      <div class=\"cf-section cf-wrapper\">\n        <div class=\"cf-columns two\">\n          <div class=\"cf-column\">\n            <h2 data-translate=\"blocked_why_headline\">Why have I been blocked?</h2>\n\n            <p data-translate=\"blocked_why_detail\">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>\n          </div>\n\n          <div class=\"cf-column\">\n            <h2 data-translate=\"blocked_resolve_headline\">What can I do to resolve this?</h2>\n\n            <p data-translate=\"blocked_resolve_detail\">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>\n          </div>\n        </div>\n      </div><!-- /.section -->\n\n      <div class=\"cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300\">\n  <p class=\"text-13\">\n    <span class=\"cf-footer-item sm:block sm:mb-1\">Cloudflare Ray ID: <strong class=\"font-semibold\">74d2aa5ed9e27367</strong></span>\n    <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n    <span id=\"cf-footer-item-ip\" class=\"cf-footer-item hidden sm:block sm:mb-1\">\n      Your IP:\n      <button type=\"button\" id=\"cf-footer-ip-reveal\" class=\"cf-footer-ip-reveal-btn\">Click to reveal</button>\n      <span class=\"hidden\" id=\"cf-footer-ip\">62.96.232.178</span>\n      <span class=\"cf-footer-separator sm:hidden\">&bull;</span>\n    </span>\n    <span class=\"cf-footer-item sm:block sm:mb-1\"><span>Performance &amp; security by</span> <a rel=\"noopener noreferrer\" href=\"https://www.cloudflare.com/5xx-error-landing\" id=\"brand_link\" target=\"_blank\">Cloudflare</a></span>\n    \n  </p>\n  <script>(function(){function d(){var b=a.getElementById(\"cf-footer-item-ip\"),c=a.getElementById(\"cf-footer-ip-reveal\");b&&\"classList\"in b&&(b.classList.remove(\"hidden\"),c.addEventListener(\"click\",function(){c.classList.add(\"hidden\");a.getElementById(\"cf-footer-ip\").classList.remove(\"hidden\")}))}var a=document;document.addEventListener&&a.addEventListener(\"DOMContentLoaded\",d)})();</script>\n</div><!-- /.error-footer -->\n\n\n    </div><!-- /#cf-error-details -->\n  </div><!-- /#cf-wrapper -->\n\n  <script>\n  window._cf_translation = {};\n  \n  \n</script>\n\n</body>\n</html>\n";

diff --git a/ethers-etherscan/src/lib.rs b/ethers-etherscan/src/lib.rs
@@ -2,7 +2,10 @@
 #![deny(unsafe_code, rustdoc::broken_intra_doc_links)]
 #![cfg_attr(docsrs, feature(doc_cfg))]
 
-use crate::errors::{is_blocked_by_cloudflare_response, is_cloudflare_security_challenge};
+use crate::errors::{
+    is_blocked_by_cloudflare_response, is_cloudflare_security_challenge,
+    is_security_challenge_prompt,
+};
 use contract::ContractMetadata;
 use errors::EtherscanError;
 use ethers_core::{
@@ -210,6 +213,8 @@ impl Client {
                 EtherscanError::BlockedByCloudflare
             } else if is_cloudflare_security_challenge(res) {
                 EtherscanError::CloudFlareSecurityChallenge
+            } else if is_security_challenge_prompt(res) {
+                EtherscanError::SecurityChallenge(self.etherscan_api_url.clone())
             } else {
                 EtherscanError::Serde(err)
             }