From 3d8ebf2265d167923f3b913bac3b9cc4d37fa052 Mon Sep 17 00:00:00 2001
From: Dan Finlay <dan@danfinlay.com>
Date: Wed, 26 Jul 2017 12:10:42 -0700
Subject: [PATCH 1/4] Begin implementing live-updating blacklist, not working
 yet

---
 app/scripts/background.js         | 27 +++++++++++++++++++++++++++
 app/scripts/blacklister.js        | 19 +++++++++++--------
 app/scripts/controllers/infura.js | 14 ++++++++++++++
 3 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/app/scripts/background.js b/app/scripts/background.js
index e8987394f..c9505b237 100644
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@@ -90,6 +90,10 @@ function setupController (initState) {
 
   extension.runtime.onConnect.addListener(connectRemote)
   function connectRemote (remotePort) {
+    if (remotePort.name === 'blacklister') {
+      return setupBlacklist(connectRemote)
+    }
+
     var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
     var portStream = new PortStream(remotePort)
     if (isMetaMaskInternalProcess) {
@@ -135,6 +139,29 @@ function setupController (initState) {
   return Promise.resolve()
 }
 
+// Listen for new pages and return if blacklisted:
+function setupBlacklist (port) {
+  console.log('Blacklist connection established')
+  const handler = handleNewPageLoad.bind(port)
+  port.onMessage.addListener(handler)
+  setTimeout(() => {
+    port.onMessage.removeListener(handler)
+  }, 30000)
+}
+
+function handleNewPageLoad (message) {
+  const { pageLoaded } = message
+  console.log('blaclist message received', message.pageLoaded)
+  if (!pageLoaded || !global.metamaskController) return
+
+  const state = global.metamaskController.getState()
+  const { blacklist } = state.metamask
+
+  if (blacklist && blacklist.includes(pageLoaded)) {
+    this.postMessage({ 'blacklist': pageLoaded })
+  }
+}
+
 //
 // Etc...
 //
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
index a45265a75..f5572c11a 100644
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@@ -1,13 +1,16 @@
-const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const extension = require('extensionizer')
+console.log('blacklister content script loaded.')
 
-function detectBlacklistedDomain() {
-  var strCurrentTab = window.location.hostname
-  if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
+const port = extension.runtime.connect({ name: 'blacklister' })
+port.postMessage({ 'pageLoaded': window.location.hostname })
+port.onMessage.addListener(redirectIfBlacklisted)
+
+function redirectIfBlacklisted (response) {
+  const { blacklist } = response
+  console.log('blacklister contentscript received blacklist response')
+  const host = window.location.hostname
+  if (blacklist && blacklist === host) {
     window.location.href = 'https://metamask.io/phishing.html'
   }
 }
 
-window.addEventListener('load', function() {
-  detectBlacklistedDomain()
-})
-
diff --git a/app/scripts/controllers/infura.js b/app/scripts/controllers/infura.js
index b34b0bc03..97b2ab7e3 100644
--- a/app/scripts/controllers/infura.js
+++ b/app/scripts/controllers/infura.js
@@ -1,5 +1,6 @@
 const ObservableStore = require('obs-store')
 const extend = require('xtend')
+const recentBlacklist = require('etheraddresslookup/blacklists/domains.json')
 
 // every ten minutes
 const POLLING_INTERVAL = 300000
@@ -9,6 +10,7 @@ class InfuraController {
   constructor (opts = {}) {
     const initState = extend({
       infuraNetworkStatus: {},
+      blacklist: recentBlacklist,
     }, opts.initState)
     this.store = new ObservableStore(initState)
   }
@@ -30,12 +32,24 @@ class InfuraController {
       })
   }
 
+  updateLocalBlacklist () {
+    return fetch('https://api.infura.io/v1/blacklist')
+      .then(response => response.json())
+      .then((parsedResponse) => {
+        this.store.updateState({
+          blacklist: parsedResponse,
+        })
+        return parsedResponse
+      })
+  }
+
   scheduleInfuraNetworkCheck () {
     if (this.conversionInterval) {
       clearInterval(this.conversionInterval)
     }
     this.conversionInterval = setInterval(() => {
       this.checkInfuraNetworkStatus()
+      this.updateLocalBlacklist()
     }, POLLING_INTERVAL)
   }
 }

From 8b1726cc550d4a5b142a2a525ce6b94713dc04e0 Mon Sep 17 00:00:00 2001
From: Dan Finlay <dan@danfinlay.com>
Date: Wed, 26 Jul 2017 16:30:54 -0700
Subject: [PATCH 2/4] Live update blacklist from Infura

---
 CHANGELOG.md               |  2 ++
 app/manifest.json          |  9 +++++++--
 app/scripts/background.js  | 14 ++++++--------
 app/scripts/blacklister.js |  4 +---
 app/scripts/inpage.js      |  1 +
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5f727586..ba8bdd16c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Current Master
 
+- Continuously update blacklist for known phishing sites in background.
+
 ## 3.9.2 2017-7-26
 
 - Fix bugs that could sometimes result in failed transactions after switching networks.
diff --git a/app/manifest.json b/app/manifest.json
index 55e1eb5b1..edc4d7162 100644
--- a/app/manifest.json
+++ b/app/manifest.json
@@ -55,8 +55,13 @@
     },
     {
       "run_at": "document_start",
-      "matches": ["http://*/*", "https://*/*"],
-      "js": ["scripts/blacklister.js"]
+      "matches": [
+        "file://*/*",
+        "http://*/*",
+        "https://*/*"
+      ],
+      "js": ["scripts/blacklister.js"],
+      "all_frames": true
     }
   ],
   "permissions": [
diff --git a/app/scripts/background.js b/app/scripts/background.js
index c9505b237..01bb39186 100644
--- a/app/scripts/background.js
+++ b/app/scripts/background.js
@@ -91,7 +91,7 @@ function setupController (initState) {
   extension.runtime.onConnect.addListener(connectRemote)
   function connectRemote (remotePort) {
     if (remotePort.name === 'blacklister') {
-      return setupBlacklist(connectRemote)
+      return checkBlacklist(remotePort)
     }
 
     var isMetaMaskInternalProcess = remotePort.name === 'popup' || remotePort.name === 'notification'
@@ -140,25 +140,23 @@ function setupController (initState) {
 }
 
 // Listen for new pages and return if blacklisted:
-function setupBlacklist (port) {
-  console.log('Blacklist connection established')
-  const handler = handleNewPageLoad.bind(port)
+function checkBlacklist (port) {
+  const handler = handleNewPageLoad.bind(null, port)
   port.onMessage.addListener(handler)
   setTimeout(() => {
     port.onMessage.removeListener(handler)
   }, 30000)
 }
 
-function handleNewPageLoad (message) {
+function handleNewPageLoad (port, message) {
   const { pageLoaded } = message
-  console.log('blaclist message received', message.pageLoaded)
   if (!pageLoaded || !global.metamaskController) return
 
   const state = global.metamaskController.getState()
-  const { blacklist } = state.metamask
+  const { blacklist } = state
 
   if (blacklist && blacklist.includes(pageLoaded)) {
-    this.postMessage({ 'blacklist': pageLoaded })
+    port.postMessage({ 'blacklist': pageLoaded })
   }
 }
 
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js
index f5572c11a..37751b595 100644
--- a/app/scripts/blacklister.js
+++ b/app/scripts/blacklister.js
@@ -1,13 +1,11 @@
 const extension = require('extensionizer')
-console.log('blacklister content script loaded.')
 
-const port = extension.runtime.connect({ name: 'blacklister' })
+var port = extension.runtime.connect({name: 'blacklister'})
 port.postMessage({ 'pageLoaded': window.location.hostname })
 port.onMessage.addListener(redirectIfBlacklisted)
 
 function redirectIfBlacklisted (response) {
   const { blacklist } = response
-  console.log('blacklister contentscript received blacklist response')
   const host = window.location.hostname
   if (blacklist && blacklist === host) {
     window.location.href = 'https://metamask.io/phishing.html'
diff --git a/app/scripts/inpage.js b/app/scripts/inpage.js
index ec764535e..9e98c044b 100644
--- a/app/scripts/inpage.js
+++ b/app/scripts/inpage.js
@@ -65,3 +65,4 @@ function restoreContextAfterImports () {
     console.warn('MetaMask - global.define could not be overwritten.')
   }
 }
+

From eb92d65c4dc764f3a0ad1055fef2ed7cabc04a6f Mon Sep 17 00:00:00 2001
From: Dan Finlay <dan@danfinlay.com>
Date: Wed, 26 Jul 2017 16:57:58 -0700
Subject: [PATCH 3/4] Add Levenshtein item to changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 823b131be..66c95a0c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Current Master
 
 - Continuously update blacklist for known phishing sites in background.
+- Automatically detect suspicious URLs too similar to common phishing targets, and blacklist them.
 
 ## 3.9.2 2017-7-26
 

From 7c71ee1babcaad19dbe7db6c5abfefe2f9654781 Mon Sep 17 00:00:00 2001
From: Dan Finlay <dan@danfinlay.com>
Date: Thu, 27 Jul 2017 15:16:42 -0700
Subject: [PATCH 4/4] Do not blacklist files

---
 app/manifest.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/manifest.json b/app/manifest.json
index edc4d7162..591a07d0d 100644
--- a/app/manifest.json
+++ b/app/manifest.json
@@ -56,7 +56,6 @@
     {
       "run_at": "document_start",
       "matches": [
-        "file://*/*",
         "http://*/*",
         "https://*/*"
       ],