bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-09 13:10:17 +00:00
Code Issues Releases Wiki Activity

[PM-19814] Move phishing detection check from content script to webRequest.onCompleted listener.

Browse Source
This commit is contained in:
Jimmy Vo
2025-04-16 15:07:33 -04:00
parent 2a9fdd957e
commit 537eec25b0
4 changed files with 24 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/browser/src/manifest.v3.json
View File

@@ -30,12 +30,6 @@
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
},
{
"js": ["content/trigger-phishing-detection-script-injection.js"],
"matches": ["*://*/*", "file:///*"],
"exclude_matches": ["*://*/*.xml*", "file:///*.xml*"],
"run_at": "document_start"
}
],
"background": {

90
apps/browser/src/phishing-detection/background/phishing-detection.service.ts
View File

@@ -8,19 +8,6 @@ import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/
import { ScheduledTaskNames } from "@bitwarden/common/platform/scheduling";
import { TaskSchedulerService } from "@bitwarden/common/platform/scheduling/task-scheduler.service";
import { PhishingDetectionCommands } from "../../phishing-detection/phishing-detection.enum";
import { BrowserApi } from "../../platform/browser/browser-api";
export type RedirectMessage = {
command: string;
phishingHost: string;
};
export type CheckUrlMessage = {
command: string;
activeUrl: string;
};
export class PhishingDetectionService {
private static knownPhishingDomains = new Set<string>();
private static lastUpdateTime: number = 0;
@@ -238,59 +225,30 @@ export class PhishingDetectionService {
this.retryCount = 0;
}
static setupCheckUrlListener(): void {
BrowserApi.addListener(
chrome.runtime.onMessage,
(
message: CheckUrlMessage,
_: chrome.runtime.MessageSender,
sendResponse: (response?: unknown) => void,
): void => {
if (message.command === PhishingDetectionCommands.CheckUrl) {
const { activeUrl } = message;
const result = { isPhishingDomain: PhishingDetectionService.checkUrl(activeUrl) };
PhishingDetectionService.logService.debug("CheckUrl handler", { result, message });
sendResponse(result);
}
},
);
}
static setupRedirectToWarningPageListener(): void {
BrowserApi.addListener(
chrome.runtime.onMessage,
(message: RedirectMessage, sender: chrome.runtime.MessageSender): void => {
if (message.command === PhishingDetectionCommands.RedirectToWarningPage) {
const phishingWarningPage = chrome.runtime.getURL(
"popup/index.html#/security/phishing-warning",
);
const pageWithViewData = `${phishingWarningPage}?phishingHost=${message.phishingHost}`;
PhishingDetectionService.logService.debug("RedirectToWarningPage handler", {
message,
phishingWarning: pageWithViewData,
});
if (sender.tab !== undefined || sender.tab !== null) {
// To satisfy strict TypeScript
const tabId = Number(sender.tab?.id);
void browser.tabs.update(tabId, { url: pageWithViewData });
} else {
PhishingDetectionService.logService.debug("Sender tab id is invalid", {
message,
phishingWarning: pageWithViewData,
});
}
}
},
);
}
static setupListeners(): void {
this.setupCheckUrlListener();
this.setupRedirectToWarningPageListener();
chrome.webRequest.onCompleted.addListener(
(details: chrome.webRequest.WebRequestDetails): void => {
const url = new URL(details.url);
if (PhishingDetectionService.knownPhishingDomains.has(url.hostname)) {
PhishingDetectionService.RedirectToWarningPage(url.hostname, details.tabId);
}
},
{ urls: ["<all_urls>"], types: ["main_frame"] },
);
}
static RedirectToWarningPage(hostname: string, tabId: number) {
const phishingWarningPage = chrome.runtime.getURL(
"popup/index.html#/security/phishing-warning",
);
const pageWithViewData = `${phishingWarningPage}?phishingHost=${hostname}`;
chrome.tabs
.update(tabId, { url: pageWithViewData })
.catch((error) =>
this.logService.error("Failed to redirect away from the phishing site.", { error }),
);
}
}

40
apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts
View File

@@ -1,40 +0,0 @@
import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
import { PhishingDetectionBrowserService } from "./content/phishing-detection-browser.service";
import { PhishingDetectionCommands } from "./phishing-detection.enum";
const isDev = process.env.ENV === "development";
const logService = new ConsoleLogService(isDev);
if (document.readyState === "loading") {
document.addEventListener("DOMContentLoaded", loadPhishingDetectionContent);
} else {
void loadPhishingDetectionContent();
}
async function loadPhishingDetectionContent() {
const activeUrl = PhishingDetectionBrowserService.getActiveUrl();
const response = await chrome.runtime.sendMessage({
command: PhishingDetectionCommands.CheckUrl,
activeUrl,
});
if (!response) {
return;
}
const { isPhishingDomain } = response;
if (!isPhishingDomain) {
return;
}
const url = new URL(activeUrl);
await chrome.runtime.sendMessage({
command: PhishingDetectionCommands.RedirectToWarningPage,
phishingHost: url.hostname,
});
}
logService.info("Phishing Detection Service loaded.");

2
apps/browser/webpack.config.js
View File

@@ -199,8 +199,6 @@ const mainConfig = {
"./src/autofill/content/bootstrap-autofill-overlay-notifications.ts",
"content/bootstrap-legacy-autofill-overlay":
"./src/autofill/deprecated/content/bootstrap-legacy-autofill-overlay.ts",
"content/trigger-phishing-detection-script-injection":
"./src/phishing-detection/trigger-phishing-detection-script-injection.ts",
"content/autofiller": "./src/autofill/content/autofiller.ts",
"content/auto-submit-login": "./src/autofill/content/auto-submit-login.ts",
"content/contextMenuHandler": "./src/autofill/content/context-menu-handler.ts",