wip

app/scripts/lib/ppom/security-alerts-api.ts

@@ -51,7 +51,7 @@ async function request(endpoint: string, options?: RequestInit) {
     );
   }
 
-  return response.json();
+  return await response.json();
 }
 
 function getUrl(endpoint: string) {

builds.yml

@@ -270,9 +270,9 @@ env:
   # Enables use of test gas fee flow to debug gas fee estimation
   - TEST_GAS_FEE_FLOWS: false
   # Temporary mechanism to enable security alerts API prior to release
-  - SECURITY_ALERTS_API_ENABLED: ''
+  - SECURITY_ALERTS_API_ENABLED: 'true'
   # URL of security alerts API used to validate dApp requests
-  - SECURITY_ALERTS_API_URL: 'http://localhost:3000'
+  - SECURITY_ALERTS_API_URL: 'https://security-alerts.api.cx.metamask.io'
   # API key to authenticate Etherscan requests to avoid rate limiting
   - ETHERSCAN_API_KEY: ''
 

privacy-snapshot.json

@@ -48,6 +48,8 @@
   "raw.githubusercontent.com",
   "registry.npmjs.org",
   "responsive-rpc.test",
+  "security-alerts.api.cx.metamask.io",
+  "security-alerts.dev-api.cx.metamask.io",
   "sentry.io",
   "snaps.metamask.io",
   "sourcify.dev",

test/e2e/helpers.js

@@ -891,7 +891,8 @@ const sendScreenToConfirmScreen = async (
   quantity,
 ) => {
   await openActionMenuAndStartSendFlow(driver);
-  await driver.fill('[data-testid="ens-input"]', recipientAddress);
+  await driver.waitForSelector('[data-testid="ens-input"]');
+  await driver.pasteIntoField('[data-testid="ens-input"]', recipientAddress);
   await driver.fill('.unit-input__input', quantity);
 
   // check if element exists and click it
@@ -910,7 +911,8 @@ const sendTransaction = async (
   isAsyncFlow = false,
 ) => {
   await openActionMenuAndStartSendFlow(driver);
-  await driver.fill('[data-testid="ens-input"]', recipientAddress);
+  await driver.waitForSelector('[data-testid="ens-input"]');
+  await driver.pasteIntoField('[data-testid="ens-input"]', recipientAddress);
   await driver.fill('.unit-input__input', quantity);
 
   await driver.clickElement({

test/e2e/mock-e2e.js

@@ -13,6 +13,7 @@ const {
   SWAPS_API_V2_BASE_URL,
   TOKEN_API_BASE_URL,
 } = require('../../shared/constants/swaps');
+const { SECURITY_ALERTS_PROD_API_BASE_URL } = require('./tests/ppom/constants');
 const {
   DEFAULT_FEATURE_FLAGS_RESPONSE: BRIDGE_DEFAULT_FEATURE_FLAGS_RESPONSE,
 } = require('./tests/bridge/constants');
@@ -169,6 +170,16 @@ async function setupMocking(
       };
     });
 
+  await server
+    .forGet(`${SECURITY_ALERTS_PROD_API_BASE_URL}/supportedChains`)
+    .thenCallback(() => {
+      console.log('>>>>> calling mock');
+      return {
+        statusCode: 200,
+        json: ['0x1'],
+      };
+    });
+
   await server.forPost('https://api.segment.io/v1/batch').thenCallback(() => {
     return {
       statusCode: 200,

test/e2e/tests/ppom/constants.ts

@@ -0,0 +1,5 @@
+export const SECURITY_ALERTS_DEV_API_BASE_URL =
+  'https://security-alerts.dev-api.cx.metamask.io';
+
+export const SECURITY_ALERTS_PROD_API_BASE_URL =
+  'https://security-alerts.api.cx.metamask.io';

test/e2e/tests/ppom/ppom-blockaid-alert-simple-send.spec.js

@@ -7,6 +7,7 @@ const {
   sendScreenToConfirmScreen,
   logInWithBalanceValidation,
 } = require('../../helpers');
+const { SECURITY_ALERTS_PROD_API_BASE_URL } = require('./constants');
 const { mockServerJsonRpc } = require('./mocks/mock-server-json-rpc');
 
 const bannerAlertSelector = '[data-testid="security-provider-banner-alert"]';
@@ -17,6 +18,18 @@ const expectedMaliciousTitle = 'This is a deceptive request';
 const expectedMaliciousDescription =
   'If you approve this request, a third party known for scams will take all your assets.';
 
+const SEND_REQUEST_BASE_MOCK = {
+  method: 'eth_sendTransaction',
+  params: [
+    {
+      from: '0x5cfe73b6021e818b776b421b1c4db2474086a7e1',
+      data: '0x',
+      to: '0x5fbdb2315678afecb367f032d93f642f64180aa3',
+      value: '0xde0b6b3a7640000',
+    },
+  ],
+};
+
 async function mockInfura(mockServer) {
   await mockServerJsonRpc(mockServer, [
     ['eth_blockNumber'],
@@ -31,91 +44,55 @@ async function mockInfura(mockServer) {
   ]);
 }
 
+async function mockRequest(server, request, response) {
+  await server
+    .forPost(`${SECURITY_ALERTS_PROD_API_BASE_URL}/validate/0x1`)
+    .withJsonBodyIncluding(request)
+    .thenJson(201, response);
+}
+
 async function mockInfuraWithBenignResponses(mockServer) {
   await mockInfura(mockServer);
 
-  await mockServer
-    .forPost()
-    .withJsonBodyIncluding({
-      method: 'debug_traceCall',
-    })
-    .thenCallback(async (req) => {
-      return {
-        statusCode: 200,
-        json: {
-          jsonrpc: '2.0',
-          id: (await req.body.getJson()).id,
-          result: {
-            type: 'CALL',
-            from: '0x0000000000000000000000000000000000000000',
-            to: '0xd46e8dd67c5d32be8058bb8eb970870f07244567',
-            value: '0xde0b6b3a7640000',
-            gas: '0x16c696eb7',
-            gasUsed: '0x0',
-            input: '0x',
-            output: '0x',
-          },
-        },
-      };
-    });
+  await mockRequest(mockServer, SEND_REQUEST_BASE_MOCK, {
+    block: 20733513,
+    result_type: 'Benign',
+    reason: '',
+    description: '',
+    features: [],
+  });
 }
 
 async function mockInfuraWithMaliciousResponses(mockServer) {
   await mockInfura(mockServer);
 
-  await mockServer
-    .forPost()
-    .withJsonBodyIncluding({
-      method: 'debug_traceCall',
-      params: [{ accessList: [], data: '0x00000000' }],
-    })
-    .thenCallback(async (req) => {
-      return {
-        statusCode: 200,
-        json: {
-          jsonrpc: '2.0',
-          id: (await req.body.getJson()).id,
-          result: {
-            calls: [
-              {
-                error: 'execution reverted',
-                from: '0x0000000000000000000000000000000000000000',
-                gas: '0x1d55c2cb',
-                gasUsed: '0x39c',
-                input: '0x00000000',
-                to: mockMaliciousAddress,
-                type: 'DELEGATECALL',
-                value: '0x0',
-              },
-            ],
-            error: 'execution reverted',
-            from: '0x0000000000000000000000000000000000000000',
-            gas: '0x1dcd6500',
-            gasUsed: '0x721e',
-            input: '0x00000000',
-            to: mockMaliciousAddress,
-            type: 'CALL',
-            value: '0x0',
-          },
-        },
-      };
-    });
+  await mockRequest(mockServer, SEND_REQUEST_BASE_MOCK, {
+    block: 20733277,
+    result_type: 'Malicious',
+    reason: 'transfer_farming',
+    description: '',
+    features: ['Interaction with a known malicious address'],
+  });
 }
 
 async function mockInfuraWithFailedResponses(mockServer) {
   await mockInfura(mockServer);
 
-  await mockServer
-    .forPost()
-    .withJsonBodyIncluding({
-      method: 'debug_traceCall',
-      params: [{ accessList: [], data: '0x00000000' }],
-    })
-    .thenCallback(() => {
-      return {
-        statusCode: 500,
-      };
-    });
+  await mockRequest(
+    mockServer,
+    {
+      ...SEND_REQUEST_BASE_MOCK,
+      params: [
+        {
+          from: '0x5cfe73b6021e818b776b421b1c4db2474086a7e1',
+          data: '0x',
+          to: '0xb8c77482e45f1f44de1745f52c74426c631bdd52',
+          value: '0xf43fc2c04ee0000',
+        },
+      ],
+    },
+    { statusCode: 500, message: 'Internal server error' },
+  );
 }
 
 /**

test/e2e/tests/request-queuing/dapp1-send-dapp2-signTypedData.spec.js

@@ -137,8 +137,10 @@ describe('Request Queuing Dapp 1, Switch Tx -> Dapp 2 Send Tx', function () {
           text: 'Localhost 7777',
         });
 
+        await driver.waitForSelector({ text: 'Confirm' });
         await driver.clickElement({ text: 'Confirm', tag: 'button' });
 
+        await driver.delay(regularDelayMs);
         await driver.waitUntilXWindowHandles(4);
         await driver.switchToWindowWithTitle(WINDOW_TITLES.Dialog);
 

test/e2e/tests/request-queuing/switchChain-watchAsset.spec.js

@@ -3,9 +3,9 @@ const {
   defaultGanacheOptions,
   logInWithBalanceValidation,
   openDapp,
-  switchToNotificationWindow,
   WINDOW_TITLES,
   withFixtures,
+  regularDelayMs,
 } = require('../../helpers');
 const { SMART_CONTRACTS } = require('../../seeder/smart-contracts');
 const { DAPP_URL } = require('../../constants');
@@ -82,13 +82,10 @@ describe('Request Queue SwitchChain -> WatchAsset', function () {
           tag: 'button',
         });
 
-        await switchToNotificationWindow(driver);
+        await driver.switchToWindowWithTitle(WINDOW_TITLES.Dialog);
 
         // Confirm Switch Network
-        await driver.findClickableElement({
-          text: 'Confirm',
-          tag: 'button',
-        });
+        await driver.delay(regularDelayMs);
         await driver.clickElement({ text: 'Confirm', tag: 'button' });
 
         await driver.waitUntilXWindowHandles(2);