From ce64d3435a00f6b58921d66294eccc4a73992cb0 Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Fri, 14 Mar 2025 11:39:29 -0400 Subject: [PATCH 1/7] Add phishing detection content script. --- apps/browser/src/manifest.v3.json | 6 +++ ...ger-phishing-detection-script-injection.ts | 20 ++++++++ .../services/phishing-detection.service.ts | 48 ++++++++++++++++++- apps/browser/webpack.config.js | 2 + 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json index 1e2ac1812ca..af4f271427e 100644 --- a/apps/browser/src/manifest.v3.json +++ b/apps/browser/src/manifest.v3.json @@ -30,6 +30,12 @@ "matches": ["*://*/*", "file:///*"], "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], "run_at": "document_start" + }, + { + "js": ["content/trigger-phishing-detection-script-injection.js"], + "matches": ["*://*/*", "file:///*"], + "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], + "run_at": "document_start" } ], "background": { diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts new file mode 100644 index 00000000000..81248e7668a --- /dev/null +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -0,0 +1,20 @@ +// eslint-disable-next-line no-restricted-imports +import { PhishingDetectionService } from "src/platform/services/phishing-detection.service"; + +if (document.readyState === "loading") { + document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); +} else { + void loadPhishingDetectionContent(); +} + +async function loadPhishingDetectionContent() { + const activeUrl = await PhishingDetectionService.getActiveUrl(); + + const isPhishingDomain = PhishingDetectionService.checkUrl(activeUrl); + + if (isPhishingDomain) { + PhishingDetectionService.notifyUser(activeUrl); + } +} + +console.log("Phishing Detection Service loaded."); diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index 01bcb2d874a..184fb0627ec 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -29,7 +29,53 @@ export class PhishingDetectionService { } // @TODO: WIP. We can have a pop-up or send a notification to other services. - static notifyUser(url: string) {} + static notifyUser(url: string) { + const phishingDivId = "phishing-notification-bar"; + const message = `${url} is a known phishing site`; + + const wrapper = document.createElement("div"); + wrapper.id = phishingDivId; + wrapper.classList.add("inner-wrapper"); + wrapper.style.position = "fixed"; + wrapper.style.top = "20px"; + wrapper.style.right = "20px"; + wrapper.style.zIndex = "10000"; + wrapper.style.backgroundColor = "#fff"; + wrapper.style.padding = "15px"; + wrapper.style.border = "1px solid #ccc"; + wrapper.style.borderRadius = "5px"; + wrapper.style.boxShadow = "0 2px 10px rgba(0,0,0,0.2)"; + + const messageElement = document.createElement("div"); + messageElement.id = "change-text"; + messageElement.classList.add("notification-body"); + messageElement.textContent = message; + + const exitButton = document.createElement("button"); + exitButton.type = "button"; + exitButton.id = "change-exit"; + exitButton.classList.add("primary"); + exitButton.textContent = "Exit the page"; + + exitButton.onclick = () => { + const barEl = document.getElementById(phishingDivId); + if (barEl != null) { + barEl.parentElement.removeChild(barEl); + } + }; + + wrapper.appendChild(messageElement); + wrapper.appendChild(exitButton); + + document.body.appendChild(wrapper); + + setTimeout(() => { + console.log("Jimmy inject 7"); + if (document.body.contains(wrapper)) { + document.body.removeChild(wrapper); + } + }, 10000); + } /* This listener will check the URL when the tab has finished loading. diff --git a/apps/browser/webpack.config.js b/apps/browser/webpack.config.js index ff5331ae459..7b99984117c 100644 --- a/apps/browser/webpack.config.js +++ b/apps/browser/webpack.config.js @@ -191,6 +191,8 @@ const mainConfig = { "popup/main": "./src/popup/main.ts", "content/trigger-autofill-script-injection": "./src/autofill/content/trigger-autofill-script-injection.ts", + "content/trigger-phishing-detection-script-injection": + "./src/phishing-detection/trigger-phishing-detection-script-injection.ts", "content/bootstrap-autofill": "./src/autofill/content/bootstrap-autofill.ts", "content/bootstrap-autofill-overlay": "./src/autofill/content/bootstrap-autofill-overlay.ts", "content/bootstrap-autofill-overlay-menu": From ed13bf3bbb3ab09ac526d3b70263c1479305809a Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Fri, 14 Mar 2025 11:48:05 -0400 Subject: [PATCH 2/7] Revert "Add phishing detection content script." This reverts commit ce64d3435a00f6b58921d66294eccc4a73992cb0. --- apps/browser/src/manifest.v3.json | 6 --- ...ger-phishing-detection-script-injection.ts | 20 -------- .../services/phishing-detection.service.ts | 48 +------------------ apps/browser/webpack.config.js | 2 - 4 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json index af4f271427e..1e2ac1812ca 100644 --- a/apps/browser/src/manifest.v3.json +++ b/apps/browser/src/manifest.v3.json @@ -30,12 +30,6 @@ "matches": ["*://*/*", "file:///*"], "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], "run_at": "document_start" - }, - { - "js": ["content/trigger-phishing-detection-script-injection.js"], - "matches": ["*://*/*", "file:///*"], - "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], - "run_at": "document_start" } ], "background": { diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts deleted file mode 100644 index 81248e7668a..00000000000 --- a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts +++ /dev/null @@ -1,20 +0,0 @@ -// eslint-disable-next-line no-restricted-imports -import { PhishingDetectionService } from "src/platform/services/phishing-detection.service"; - -if (document.readyState === "loading") { - document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); -} else { - void loadPhishingDetectionContent(); -} - -async function loadPhishingDetectionContent() { - const activeUrl = await PhishingDetectionService.getActiveUrl(); - - const isPhishingDomain = PhishingDetectionService.checkUrl(activeUrl); - - if (isPhishingDomain) { - PhishingDetectionService.notifyUser(activeUrl); - } -} - -console.log("Phishing Detection Service loaded."); diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index 184fb0627ec..01bcb2d874a 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -29,53 +29,7 @@ export class PhishingDetectionService { } // @TODO: WIP. We can have a pop-up or send a notification to other services. - static notifyUser(url: string) { - const phishingDivId = "phishing-notification-bar"; - const message = `${url} is a known phishing site`; - - const wrapper = document.createElement("div"); - wrapper.id = phishingDivId; - wrapper.classList.add("inner-wrapper"); - wrapper.style.position = "fixed"; - wrapper.style.top = "20px"; - wrapper.style.right = "20px"; - wrapper.style.zIndex = "10000"; - wrapper.style.backgroundColor = "#fff"; - wrapper.style.padding = "15px"; - wrapper.style.border = "1px solid #ccc"; - wrapper.style.borderRadius = "5px"; - wrapper.style.boxShadow = "0 2px 10px rgba(0,0,0,0.2)"; - - const messageElement = document.createElement("div"); - messageElement.id = "change-text"; - messageElement.classList.add("notification-body"); - messageElement.textContent = message; - - const exitButton = document.createElement("button"); - exitButton.type = "button"; - exitButton.id = "change-exit"; - exitButton.classList.add("primary"); - exitButton.textContent = "Exit the page"; - - exitButton.onclick = () => { - const barEl = document.getElementById(phishingDivId); - if (barEl != null) { - barEl.parentElement.removeChild(barEl); - } - }; - - wrapper.appendChild(messageElement); - wrapper.appendChild(exitButton); - - document.body.appendChild(wrapper); - - setTimeout(() => { - console.log("Jimmy inject 7"); - if (document.body.contains(wrapper)) { - document.body.removeChild(wrapper); - } - }, 10000); - } + static notifyUser(url: string) {} /* This listener will check the URL when the tab has finished loading. diff --git a/apps/browser/webpack.config.js b/apps/browser/webpack.config.js index 7b99984117c..ff5331ae459 100644 --- a/apps/browser/webpack.config.js +++ b/apps/browser/webpack.config.js @@ -191,8 +191,6 @@ const mainConfig = { "popup/main": "./src/popup/main.ts", "content/trigger-autofill-script-injection": "./src/autofill/content/trigger-autofill-script-injection.ts", - "content/trigger-phishing-detection-script-injection": - "./src/phishing-detection/trigger-phishing-detection-script-injection.ts", "content/bootstrap-autofill": "./src/autofill/content/bootstrap-autofill.ts", "content/bootstrap-autofill-overlay": "./src/autofill/content/bootstrap-autofill-overlay.ts", "content/bootstrap-autofill-overlay-menu": From 62c1702315037a2307afd97173765df4d80318a1 Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Fri, 14 Mar 2025 12:10:10 -0400 Subject: [PATCH 3/7] Fix conflicts --- ...ger-phishing-detection-script-injection.ts | 21 +++++++++++++++++++ .../services/phishing-detection.service.ts | 1 + 2 files changed, 22 insertions(+) create mode 100644 apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts new file mode 100644 index 00000000000..4312b3f304a --- /dev/null +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -0,0 +1,21 @@ +/* eslint-disable @typescript-eslint/no-unused-vars */ +/* eslint-disable no-console */ +// eslint-disable-next-line no-restricted-imports +import { PhishingDetectionService } from "src/platform/services/phishing-detection.service"; + +if (document.readyState === "loading") { + document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); +} else { + void loadPhishingDetectionContent(); +} + +async function loadPhishingDetectionContent() { + // Found an issue with the internal PhishingDetectionService not being able to initialize properly. + // const activeUrl = await PhishingDetectionService.getActiveUrl(); + // const isPhishingDomain = PhishingDetectionService.checkUrl(activeUrl); + // if (isPhishingDomain) { + // PhishingDetectionService.notifyUser(activeUrl); + // } +} + +console.log("Phishing Detection Service loaded."); diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index 01bcb2d874a..d4f7ade0fbe 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -1,3 +1,4 @@ +/* eslint-disable no-console */ import { Utils } from "@bitwarden/common/platform/misc/utils"; import { BrowserApi } from "../browser/browser-api"; From 7052d5d4086ddaa3c542050e6db2abe46683dc59 Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Fri, 14 Mar 2025 12:13:53 -0400 Subject: [PATCH 4/7] Add build configs. --- apps/browser/src/manifest.v3.json | 6 ++++++ apps/browser/webpack.config.js | 2 ++ 2 files changed, 8 insertions(+) diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json index 1e2ac1812ca..af4f271427e 100644 --- a/apps/browser/src/manifest.v3.json +++ b/apps/browser/src/manifest.v3.json @@ -30,6 +30,12 @@ "matches": ["*://*/*", "file:///*"], "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], "run_at": "document_start" + }, + { + "js": ["content/trigger-phishing-detection-script-injection.js"], + "matches": ["*://*/*", "file:///*"], + "exclude_matches": ["*://*/*.xml*", "file:///*.xml*"], + "run_at": "document_start" } ], "background": { diff --git a/apps/browser/webpack.config.js b/apps/browser/webpack.config.js index ff5331ae459..77fab0090aa 100644 --- a/apps/browser/webpack.config.js +++ b/apps/browser/webpack.config.js @@ -199,6 +199,8 @@ const mainConfig = { "./src/autofill/content/bootstrap-autofill-overlay-notifications.ts", "content/bootstrap-legacy-autofill-overlay": "./src/autofill/deprecated/content/bootstrap-legacy-autofill-overlay.ts", + "content/trigger-phishing-detection-script-injection": + "./src/phishing-detection/trigger-phishing-detection-script-injection.ts", "content/autofiller": "./src/autofill/content/autofiller.ts", "content/auto-submit-login": "./src/autofill/content/auto-submit-login.ts", "content/notificationBar": "./src/autofill/content/notification-bar.ts", From 275fc1bc7e5fdc322f08cfb156eda14d58d0231c Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Fri, 14 Mar 2025 15:13:26 -0400 Subject: [PATCH 5/7] Decouple the phishing detection content script logic from the rest of the app. --- .../phishing-detection-browser.service.ts | 66 +++++++++++++++++++ ...ger-phishing-detection-script-injection.ts | 15 ++--- 2 files changed, 72 insertions(+), 9 deletions(-) create mode 100644 apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts diff --git a/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts new file mode 100644 index 00000000000..9f4f9374a62 --- /dev/null +++ b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts @@ -0,0 +1,66 @@ +import { Utils } from "@bitwarden/common/platform/misc/utils"; + +export class PhishingDetectionBrowserService { + private static knownPhishingDomains = new Set(); + + static checkUrl(url: string): boolean { + const domain = Utils.getDomain(url); + return PhishingDetectionBrowserService.knownPhishingDomains.has(domain); + } + + static notifyUser(url: string) { + const phishingDivId = "phishing-notification-bar"; + const message = `${url} is a known phishing site`; + + const wrapper = document.createElement("div"); + wrapper.id = phishingDivId; + wrapper.classList.add("inner-wrapper"); + + wrapper.style.position = "fixed"; + wrapper.style.top = "20px"; + wrapper.style.right = "20px"; + wrapper.style.zIndex = "10000"; + wrapper.style.backgroundColor = "#fff"; + wrapper.style.padding = "15px"; + wrapper.style.border = "1px solid #ccc"; + wrapper.style.borderRadius = "5px"; + wrapper.style.boxShadow = "0 2px 10px rgba(0,0,0,0.2)"; + + const messageElement = document.createElement("div"); + messageElement.id = "change-text"; + messageElement.classList.add("notification-body"); + messageElement.textContent = message; + + const exitButton = document.createElement("button"); + exitButton.type = "button"; + exitButton.id = "change-exit"; + exitButton.classList.add("primary"); + exitButton.textContent = "Exit the page"; + + wrapper.appendChild(messageElement); + wrapper.appendChild(exitButton); + + document.body.appendChild(wrapper); + + setTimeout(() => { + if (document.body.contains(wrapper)) { + document.body.removeChild(wrapper); + } + }, 10000); + } + + static getActiveUrl() { + return window?.location?.href; + } + + // @TODO: This can be remove once we implement the real code. + static loadMockedData() { + PhishingDetectionBrowserService.knownPhishingDomains.add("google.com"); + PhishingDetectionBrowserService.knownPhishingDomains.add("atlassian.net"); + PhishingDetectionBrowserService.knownPhishingDomains.add("example.com"); + PhishingDetectionBrowserService.knownPhishingDomains.add("w3schools.com"); + } +} + +// Initializing the data for local development +PhishingDetectionBrowserService.loadMockedData(); diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts index 4312b3f304a..37ea922c880 100644 --- a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -1,7 +1,5 @@ -/* eslint-disable @typescript-eslint/no-unused-vars */ /* eslint-disable no-console */ -// eslint-disable-next-line no-restricted-imports -import { PhishingDetectionService } from "src/platform/services/phishing-detection.service"; +import { PhishingDetectionBrowserService } from "./content/phishing-detection-browser.service"; if (document.readyState === "loading") { document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); @@ -10,12 +8,11 @@ if (document.readyState === "loading") { } async function loadPhishingDetectionContent() { - // Found an issue with the internal PhishingDetectionService not being able to initialize properly. - // const activeUrl = await PhishingDetectionService.getActiveUrl(); - // const isPhishingDomain = PhishingDetectionService.checkUrl(activeUrl); - // if (isPhishingDomain) { - // PhishingDetectionService.notifyUser(activeUrl); - // } + const activeUrl = PhishingDetectionBrowserService.getActiveUrl(); + const isPhishingDomain = PhishingDetectionBrowserService.checkUrl(activeUrl); + if (isPhishingDomain) { + PhishingDetectionBrowserService.notifyUser(activeUrl); + } } console.log("Phishing Detection Service loaded."); From 92b562ca0ee0cb2040f78b99944a34bea6fc2c17 Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Mon, 17 Mar 2025 15:42:19 -0400 Subject: [PATCH 6/7] Add communication between the content script and background service. --- .../browser/src/background/main.background.ts | 3 ++ .../phishing-detection-browser.service.ts | 18 --------- .../phishing-detection.enum.ts | 3 ++ ...ger-phishing-detection-script-injection.ts | 16 ++++++-- .../services/phishing-detection.service.ts | 39 ++++++------------- 5 files changed, 31 insertions(+), 48 deletions(-) create mode 100644 apps/browser/src/phishing-detection/phishing-detection.enum.ts diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index cd65220936e..a3758953134 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -272,6 +272,7 @@ import BrowserMemoryStorageService from "../platform/services/browser-memory-sto import { BrowserScriptInjectorService } from "../platform/services/browser-script-injector.service"; import I18nService from "../platform/services/i18n.service"; import { LocalBackedSessionStorageService } from "../platform/services/local-backed-session-storage.service"; +import { PhishingDetectionService } from "../platform/services/phishing-detection.service"; import { BackgroundPlatformUtilsService } from "../platform/services/platform-utils/background-platform-utils.service"; import { BrowserPlatformUtilsService } from "../platform/services/platform-utils/browser-platform-utils.service"; import { PopupViewCacheBackgroundService } from "../platform/services/popup-view-cache-background.service"; @@ -431,6 +432,8 @@ export default class MainBackground { } }; + PhishingDetectionService.setupCheckUrlListener(); + const logoutCallback = async (logoutReason: LogoutReason, userId?: UserId) => await this.logout(logoutReason, userId); diff --git a/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts index 9f4f9374a62..11822c5f33f 100644 --- a/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts +++ b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts @@ -1,13 +1,6 @@ -import { Utils } from "@bitwarden/common/platform/misc/utils"; - export class PhishingDetectionBrowserService { private static knownPhishingDomains = new Set(); - static checkUrl(url: string): boolean { - const domain = Utils.getDomain(url); - return PhishingDetectionBrowserService.knownPhishingDomains.has(domain); - } - static notifyUser(url: string) { const phishingDivId = "phishing-notification-bar"; const message = `${url} is a known phishing site`; @@ -52,15 +45,4 @@ export class PhishingDetectionBrowserService { static getActiveUrl() { return window?.location?.href; } - - // @TODO: This can be remove once we implement the real code. - static loadMockedData() { - PhishingDetectionBrowserService.knownPhishingDomains.add("google.com"); - PhishingDetectionBrowserService.knownPhishingDomains.add("atlassian.net"); - PhishingDetectionBrowserService.knownPhishingDomains.add("example.com"); - PhishingDetectionBrowserService.knownPhishingDomains.add("w3schools.com"); - } } - -// Initializing the data for local development -PhishingDetectionBrowserService.loadMockedData(); diff --git a/apps/browser/src/phishing-detection/phishing-detection.enum.ts b/apps/browser/src/phishing-detection/phishing-detection.enum.ts new file mode 100644 index 00000000000..0bea27af8b9 --- /dev/null +++ b/apps/browser/src/phishing-detection/phishing-detection.enum.ts @@ -0,0 +1,3 @@ +export enum PhishingDetectionCommands { + CheckUrl = "CheckUrl", +} diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts index 37ea922c880..e585657297a 100644 --- a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -1,5 +1,8 @@ -/* eslint-disable no-console */ + +import { Utils } from "@bitwarden/common/platform/misc/utils"; + import { PhishingDetectionBrowserService } from "./content/phishing-detection-browser.service"; +import { PhishingDetectionCommands } from "./phishing-detection.enum"; if (document.readyState === "loading") { document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); @@ -9,9 +12,16 @@ if (document.readyState === "loading") { async function loadPhishingDetectionContent() { const activeUrl = PhishingDetectionBrowserService.getActiveUrl(); - const isPhishingDomain = PhishingDetectionBrowserService.checkUrl(activeUrl); + + const { isPhishingDomain } = await chrome.runtime.sendMessage({ + command: PhishingDetectionCommands.CheckUrl, + activeUrl, + }); + if (isPhishingDomain) { - PhishingDetectionBrowserService.notifyUser(activeUrl); + const domain = Utils.getDomain(activeUrl); + + PhishingDetectionBrowserService.notifyUser(domain); } } diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index d4f7ade0fbe..b7de8c8125b 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -1,6 +1,7 @@ -/* eslint-disable no-console */ + import { Utils } from "@bitwarden/common/platform/misc/utils"; +import { PhishingDetectionCommands } from "../../phishing-detection/phishing-detection.enum"; import { BrowserApi } from "../browser/browser-api"; export class PhishingDetectionService { @@ -19,35 +20,19 @@ export class PhishingDetectionService { static loadMockedData() { PhishingDetectionService.knownPhishingDomains.add("google.com"); PhishingDetectionService.knownPhishingDomains.add("atlassian.net"); + PhishingDetectionService.knownPhishingDomains.add("example.com"); + PhishingDetectionService.knownPhishingDomains.add("w3schools.com"); } - static async getActiveUrl(): Promise { - const win = await BrowserApi.getCurrentWindow(); - const currentWindow = await BrowserApi.tabsQuery({ windowId: win.id, active: true }); + static setupCheckUrlListener(): void { + BrowserApi.addListener(chrome.runtime.onMessage, async (message, sender, sendResponse) => { + console.log("Jimmy addListener ", { message }); + if (message.command === PhishingDetectionCommands.CheckUrl) { + const { activeUrl } = message; - // @TODO: Account for cases with no active windows. - return currentWindow[0].url; - } - - // @TODO: WIP. We can have a pop-up or send a notification to other services. - static notifyUser(url: string) {} - - /* - This listener will check the URL when the tab has finished loading. - */ - setupTabEventListeners(): void { - BrowserApi.addListener(chrome.tabs.onUpdated, async (tabId, changeInfo, tab) => { - if (changeInfo.status === "complete") { - const activeUrl = await PhishingDetectionService.getActiveUrl(); - - // Debugging - console.log("Tab changed:", { tab, changeInfo, tabId }); - - const isPhishingDomain = PhishingDetectionService.checkUrl(activeUrl); - - if (isPhishingDomain) { - PhishingDetectionService.notifyUser(activeUrl); - } + const result = { isPhishingDomain: PhishingDetectionService.checkUrl(activeUrl) }; + console.log("Jimmy", result); + sendResponse(result); } }); } From 7ad7f638d780a385185899f505ddfae2691b3cf4 Mon Sep 17 00:00:00 2001 From: Jimmy Vo Date: Mon, 17 Mar 2025 16:08:28 -0400 Subject: [PATCH 7/7] Update code to use Log service. --- apps/browser/src/background/main.background.ts | 4 ++-- .../phishing-detection-browser.service.ts | 2 -- ...gger-phishing-detection-script-injection.ts | 7 +++++-- .../services/phishing-detection.service.ts | 18 ++++++++++++------ 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index a3758953134..11653395784 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -432,8 +432,6 @@ export default class MainBackground { } }; - PhishingDetectionService.setupCheckUrlListener(); - const logoutCallback = async (logoutReason: LogoutReason, userId?: UserId) => await this.logout(logoutReason, userId); @@ -454,6 +452,8 @@ export default class MainBackground { this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService); this.storageService = new BrowserLocalStorageService(this.logService); + PhishingDetectionService.Initialize(this.logService); + this.intraprocessMessagingSubject = new Subject>>(); this.messagingService = MessageSender.combine( diff --git a/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts index 11822c5f33f..714f3e3f9b2 100644 --- a/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts +++ b/apps/browser/src/phishing-detection/content/phishing-detection-browser.service.ts @@ -1,6 +1,4 @@ export class PhishingDetectionBrowserService { - private static knownPhishingDomains = new Set(); - static notifyUser(url: string) { const phishingDivId = "phishing-notification-bar"; const message = `${url} is a known phishing site`; diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts index e585657297a..319c7e50be8 100644 --- a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -1,9 +1,12 @@ - import { Utils } from "@bitwarden/common/platform/misc/utils"; +import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service"; import { PhishingDetectionBrowserService } from "./content/phishing-detection-browser.service"; import { PhishingDetectionCommands } from "./phishing-detection.enum"; +const isDev = process.env.ENV === "development"; +const logService = new ConsoleLogService(isDev); + if (document.readyState === "loading") { document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent); } else { @@ -25,4 +28,4 @@ async function loadPhishingDetectionContent() { } } -console.log("Phishing Detection Service loaded."); +logService.info("Phishing Detection Service loaded."); diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index b7de8c8125b..f389aad8234 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -1,4 +1,4 @@ - +import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { Utils } from "@bitwarden/common/platform/misc/utils"; import { PhishingDetectionCommands } from "../../phishing-detection/phishing-detection.enum"; @@ -6,6 +6,15 @@ import { BrowserApi } from "../browser/browser-api"; export class PhishingDetectionService { private static knownPhishingDomains = new Set(); + static logService: LogService; + + static Initialize(logService: LogService) { + PhishingDetectionService.logService = logService; + PhishingDetectionService.setupCheckUrlListener(); + + // Initializing the data for local development + PhishingDetectionService.loadMockedData(); + } static checkUrl(url: string): boolean { const domain = Utils.getDomain(url); @@ -26,17 +35,14 @@ export class PhishingDetectionService { static setupCheckUrlListener(): void { BrowserApi.addListener(chrome.runtime.onMessage, async (message, sender, sendResponse) => { - console.log("Jimmy addListener ", { message }); if (message.command === PhishingDetectionCommands.CheckUrl) { const { activeUrl } = message; const result = { isPhishingDomain: PhishingDetectionService.checkUrl(activeUrl) }; - console.log("Jimmy", result); + + PhishingDetectionService.logService.debug("CheckUrl handler", { result, message }); sendResponse(result); } }); } } - -// Initializing the data for local development -PhishingDetectionService.loadMockedData();