-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support security alerts API #25544
Conversation
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #25544 +/- ##
===========================================
+ Coverage 69.78% 69.79% +0.02%
===========================================
Files 1376 1377 +1
Lines 48409 48435 +26
Branches 13350 13354 +4
===========================================
+ Hits 33779 33805 +26
Misses 14630 14630 ☔ View full report in Codecov by Sentry. |
Builds ready [0fbd0e9]
Page Load Metrics (140 ± 174 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
...firmations/components/confirm/blockaid-loading-indicator/blockaid-loading-indicator.test.tsx
Outdated
Show resolved
Hide resolved
Builds ready [8fa55b3]
Page Load Metrics (184 ± 187 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
ui/helpers/utils/metrics.test.js
Outdated
security_alert_reason: BlockaidReason.setApprovalForAll, | ||
security_alert_response: BlockaidResultType.Malicious, | ||
security_alert_source: SecurityAlertSource.Local, | ||
ui_customizations: ['flagged_as_malicious'], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nit] is it worth saving this string as a constant to prevent typos?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great point, I changed to use the enum MetaMetricsEventUiCustomization
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM @vinistevam, I just left one comment
security_alert_response: BlockaidResultType.Malicious, | ||
ui_customizations: ['flagged_as_malicious'], | ||
}); | ||
expect(result).toStrictEqual(expectedMetricsPropsBase); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good 👍
Builds ready [ba81efe]
Page Load Metrics (222 ± 211 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Quality Gate passedIssues Measures |
Builds ready [1d534ff]
Page Load Metrics (137 ± 148 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Description
This PR enables the use of the Security Alerts API to validate dApp requests, with a fallback to local PPOM validation if the API request fails.
Environment Variables
Add the following variables to
.metamaskrc
:Additional Changes
Introduces the security_alert_source property to transaction and signature events, indicating api or local as the source.
Related Repository
Refer to the Security Alerts API repository for more details.
Related issues
Fixes: https://github.com/MetaMask/MetaMask-planning/issues/2514 https://github.com/MetaMask/MetaMask-planning/issues/2515
Manual testing steps
Test blockaid regression
add the envs
security-alerts
and find the call to the API service.Existing PPOM logic should function as before, even with the above environment variables added, due to the fallback to the controller in the event of an error.
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist