fixup! feat: mf-6109 detect scam addresses and links in post

Author: swkatmask

packages/icons/icon-generated-as-jsx.js

@@ -17,4 +17,4 @@ async function resolver(u: string): Promise<string | null> {
     return url ?? null
 }
 /** Resolve a https://t.co/ link to it's real address. */
-export const resolveTCOLink = memoizePromise(memoize, resolver, (x) => x)
+export const resolveTCOLink: (u: string) => Promise<string | null> = memoizePromise(memoize, resolver, (x) => x)

packages/icons/icon-generated-as-url.js

@@ -8,24 +8,42 @@ function resolveLangNode(node: HTMLElement) {
         )
 }
 
-export function injectPostReplacerAtTwitter(signal: AbortSignal, current: PostInfo) {
+// There are different from what ScamWarning uses, they are not global
+const EVM_ADDRESS = /(^|\s)(0x[\dA-Fa-f]{40})/
+const SOLANA_ADDRESS = /(^|\s)([1-9A-HJ-NP-Za-km-z]{32,44})/
+const TORN_ADDRESS = /(^|\s)(T[1-9A-Za-z]{33})/
+
+function detectPotentialScam(postInfo: PostInfo) {
+    const textContent = postInfo.rootNode?.textContent?.trim()
+    if (!textContent) return false
+    const hasAddresses =
+        EVM_ADDRESS.test(textContent) || SOLANA_ADDRESS.test(textContent) || TORN_ADDRESS.test(textContent)
+    const hasLinks = postInfo.mentionedLinks.getCurrentValue().length > 0
+    return hasAddresses || hasLinks
+}
+
+export async function injectPostReplacerAtTwitter(signal: AbortSignal, current: PostInfo) {
     const rootNode = current.rootNode
+    const hasPotentialScam = detectPotentialScam(current)
     if (!rootNode) return
     const isPromotionPost = !!rootNode.querySelector('svg path[d$="996V8h7v7z"]')
-    const isCollapsedPost = !!rootNode.querySelector('[data-testid="tweet-text-show-more-link"]')
-    if (isPromotionPost || isCollapsedPost) return
+    if (isPromotionPost) return
+    if (!hasPotentialScam) {
+        const isCollapsedPost = !!rootNode.querySelector('[data-testid="tweet-text-show-more-link"]')
+        if (isCollapsedPost) return
 
-    const hasVideo = !!rootNode.closest('[data-testid="tweet"]')?.querySelector('video')
-    if (hasVideo) return
-    const hasEmbedImage = !!rootNode.querySelector('[data-testid="tweetText"] [data-testid="tweetPhoto"]')
-    if (hasEmbedImage) return
+        const hasVideo = !!rootNode.closest('[data-testid="tweet"]')?.querySelector('video')
+        if (hasVideo) return
+        const hasEmbedImage = !!rootNode.querySelector('[data-testid="tweetText"] [data-testid="tweetPhoto"]')
+        if (hasEmbedImage) return
 
-    const tags = Array.from(
-        rootNode.querySelectorAll<HTMLAnchorElement>(
-            ['a[role="link"][href*="cashtag_click"]', 'a[role="link"][href*="hashtag_click"]'].join(','),
-        ) ?? [],
-    )
-    if (!tags.map((x) => x.textContent).some((x) => x && /^[#$]\w+$/i.test(x) && x.length <= 9)) return
+        const tags = Array.from(
+            rootNode.querySelectorAll<HTMLAnchorElement>(
+                ['a[role="link"][href*="cashtag_click"]', 'a[role="link"][href*="hashtag_click"]'].join(','),
+            ) ?? [],
+        )
+        if (!tags.map((x) => x.textContent).some((x) => x && /^[#$]\w+$/i.test(x) && x.length <= 9)) return
+    }
 
     return injectPostReplacer({
         zipPost(node) {

packages/icons/plugins/GoPlus.svg

@@ -49,5 +49,6 @@ export function setupUIContext() {
         hasHostPermission: Services.Helper.hasHostPermission,
         requestHostPermission: (origins: readonly string[]) =>
             Services.Helper.requestExtensionPermissionFromContentScript({ origins: [...origins] }),
+        resolveTCOLink: Services.Helper.resolveTCOLink,
     })
 }

packages/mask/background/services/helper/short-link-resolver.ts

@@ -55,6 +55,7 @@ export interface __UIContext__ {
     setPluginMinimalModeEnabled: ((id: string, enabled: boolean) => Promise<void>) | undefined
     hasHostPermission: ((origins: readonly string[]) => Promise<boolean>) | undefined
     requestHostPermission: ((origins: readonly string[]) => Promise<boolean>) | undefined
+    resolveTCOLink: (url: string) => Promise<string | null>
 }
 export let allPersonas: __UIContext__['allPersonas']
 export let currentPersona: __UIContext__['currentPersona']
@@ -72,6 +73,7 @@ export let attachProfile: __UIContext__['attachProfile']
 export let setPluginMinimalModeEnabled: __UIContext__['setPluginMinimalModeEnabled']
 export let hasHostPermission: __UIContext__['hasHostPermission']
 export let requestHostPermission: __UIContext__['requestHostPermission']
+export let resolveTCOLink: __UIContext__['resolveTCOLink']
 
 export function __setUIContext__(value: __UIContext__) {
     ;({
@@ -91,5 +93,6 @@ export function __setUIContext__(value: __UIContext__) {
         setPluginMinimalModeEnabled,
         hasHostPermission,
         requestHostPermission,
+        resolveTCOLink,
     } = value)
 }

packages/mask/content-script/site-adaptors/twitter.com/injection/PostReplacer.tsx

@@ -1,11 +1,15 @@
 import { Icons } from '@masknet/icons'
 import type { Plugin } from '@masknet/plugin-infra'
+import { resolveTCOLink } from '@masknet/plugin-infra/dom/context'
 import { makeStyles, ShadowRootPopper } from '@masknet/theme'
 import { Link } from '@mui/material'
 import { useQuery } from '@tanstack/react-query'
 import { memo } from 'react'
+import { PluginScamRPC } from '../../messages.js'
 import { usePopoverControl } from './usePopoverControl.js'
 import { WarningCard } from './WarningCard.js'
+import { SecurityProvider } from '../../constants.js'
+import { GoPlusLabs } from '@masknet/web3-providers'
 
 const useStyles = makeStyles()({
     link: {
@@ -24,21 +28,38 @@ const useStyles = makeStyles()({
     },
 })
 
+function isTCO(url: string | null) {
+    if (!url) return false
+    return url.startsWith('https://t.co/')
+}
+
 export const LinkModifier = memo<PropsOf<Plugin.SiteAdaptor.Definition['LinkModifier']>>(function ModifyLink({
     fallback,
     ...props
 }) {
     const { classes } = useStyles()
-    const { data: isScam = true } = useQuery({
+    const { data } = useQuery({
         queryKey: ['scam-warning', 'check-link', props.href],
-        queryFn: () => {
-            // return PluginScamRPC.checkUrl(props.href) || true
-            return true
+        queryFn: async () => {
+            const resolvedLink = isTCO(props.href) ? await resolveTCOLink(props.href) : props.href
+            if (!resolvedLink) return { isScam: false }
+            const result = await GoPlusLabs.checkIsPhishingSite(resolvedLink)
+            if (result)
+                return {
+                    isScam: result,
+                    provider: SecurityProvider.GoPlus,
+                    resolvedLink,
+                }
+            return {
+                isScam: await PluginScamRPC.checkUrl(resolvedLink),
+                provider: SecurityProvider.ScamSniffer,
+                resolvedLink,
+            }
         },
     })
     const { open, anchorEl, iconRef, onMouseEnter, onMouseLeave } = usePopoverControl()
 
-    if (!isScam) return fallback
+    if (!data?.isScam) return fallback
 
     return (
         <span className={classes.link}>
@@ -51,7 +72,8 @@ export const LinkModifier = memo<PropsOf<Plugin.SiteAdaptor.Definition['LinkModi
             />
             <ShadowRootPopper open={open} anchorEl={anchorEl}>
                 <WarningCard
-                    link={props.href}
+                    link={data.resolvedLink || props.href}
+                    securityProvider={data.provider!}
                     onMouseEnter={onMouseEnter}
                     onMouseLeave={onMouseLeave}
                     onClick={(e) => e.stopPropagation()}

packages/mask/shared-ui/initUIContext.ts

@@ -1,12 +1,14 @@
 import { Icons } from '@masknet/icons'
 import type { Plugin } from '@masknet/plugin-infra'
 import { makeStyles, ShadowRootPopper } from '@masknet/theme'
+import { GoPlusLabs } from '@masknet/web3-providers'
 import { isValidAddress } from '@masknet/web3-shared-evm'
 import { isValidAddress as isSolAddress } from '@masknet/web3-shared-solana'
 import { useQuery } from '@tanstack/react-query'
 import { Fragment, memo, useMemo } from 'react'
-import { EVM_ADDRESS, SOLANA_ADDRESS } from '../../constants.js'
+import { EVM_ADDRESS, SecurityProvider, SOLANA_ADDRESS, TRON_ADDRESS } from '../../constants.js'
 import { PluginScamRPC } from '../../messages.js'
+import { isTronAddress } from '../../utils.js'
 import { usePopoverControl } from './usePopoverControl.js'
 import { WarningCard } from './WarningCard.js'
 
@@ -37,15 +39,26 @@ interface AddressTagProps {
 const AddressTag = memo<AddressTagProps>(function AddressTag({ address, text }) {
     const { classes } = useStyles()
     const { open, anchorEl, iconRef, onMouseEnter, onMouseLeave } = usePopoverControl()
-    const { data: isScam } = useQuery({
+    const { data } = useQuery({
         queryKey: ['detect-address', address],
-        queryFn: () => {
-            if (isValidAddress(address)) return PluginScamRPC.checkAddress(address)
-            if (isSolAddress(address)) return false
-            return false
+        queryFn: async () => {
+            if (isValidAddress(address)) {
+                return { isScam: await PluginScamRPC.checkAddress(address), provider: SecurityProvider.ScamSniffer }
+            }
+            if (isSolAddress(address))
+                return {
+                    isScam: await GoPlusLabs.checkIfAddressIsScam('solana', address),
+                    provider: SecurityProvider.GoPlus,
+                }
+            if (isTronAddress(address))
+                return {
+                    isScam: GoPlusLabs.checkIfAddressIsScam('tron', address),
+                    provider: SecurityProvider.GoPlus,
+                }
+            return { isScam: false, provider: null }
         },
     })
-    if (!isScam) return text
+    if (!data?.isScam) return text
     return (
         <span className={classes.text}>
             <Icons.Danger
@@ -59,6 +72,7 @@ const AddressTag = memo<AddressTagProps>(function AddressTag({ address, text })
             <ShadowRootPopper open={open} anchorEl={anchorEl}>
                 <WarningCard
                     address={address}
+                    securityProvider={data.provider!}
                     onMouseEnter={onMouseEnter}
                     onMouseLeave={onMouseLeave}
                     onClick={(e) => e.stopPropagation()}
@@ -77,7 +91,8 @@ export const TextModifier = memo<TextModifierProps>(function TextModifier({ fall
     const addresses = useMemo(() => {
         const evmAddresses = fullText.match(EVM_ADDRESS) || []
         const solAddresses = fullText.match(SOLANA_ADDRESS) || []
-        return [...evmAddresses, ...solAddresses]
+        const tronAddresses = fullText.match(TRON_ADDRESS) || []
+        return [...evmAddresses, ...solAddresses, ...tronAddresses]
     }, [fullText])
 
     const segments = useMemo(() => {

packages/plugin-infra/src/dom/context.ts

@@ -4,6 +4,7 @@ import { Icons } from '@masknet/icons'
 import { LoadingBase, makeStyles } from '@masknet/theme'
 import { Button, Typography } from '@mui/material'
 import { memo, useState, type HTMLProps } from 'react'
+import { SecurityProvider } from '../../constants.js'
 
 const useStyles = makeStyles()((theme) => ({
     card: {
@@ -88,15 +89,17 @@ const useStyles = makeStyles()((theme) => ({
         fontWeight: 700,
         lineHeight: '16px',
         backgroundColor: theme.palette.maskColor.danger,
+        color: theme.palette.maskColor.white,
     },
 }))
 
 interface Props extends HTMLProps<HTMLDivElement> {
     link?: string
     address?: string
+    securityProvider: SecurityProvider
 }
 
-export const WarningCard = memo(function WarningCard({ link, address, ...rest }: Props) {
+export const WarningCard = memo(function WarningCard({ link, address, securityProvider, ...rest }: Props) {
     const { classes, cx } = useStyles()
     const [isReporting] = useState(false)
     return (
@@ -106,14 +109,24 @@ export const WarningCard = memo(function WarningCard({ link, address, ...rest }:
                     <Icons.Danger className={classes.icon} size={24} />
                     <Typography className={classes.name}>{t`Scam Warning`}</Typography>
                 </div>
-                <div className={classes.provider}>
-                    <Typography>
-                        <Trans>
-                            Powered by <span className={classes.providerName}>Scamsniffer</span>
-                        </Trans>
-                    </Typography>
-                    <Icons.ScamSniffer size={24} />
-                </div>
+                {securityProvider === SecurityProvider.GoPlus ?
+                    <div className={classes.provider}>
+                        <Typography>
+                            <Trans>
+                                Powered by <span className={classes.providerName}>Go+</span>
+                            </Trans>
+                        </Typography>
+                        <Icons.GoPlus size={24} />
+                    </div>
+                :   <div className={classes.provider}>
+                        <Typography>
+                            <Trans>
+                                Powered by <span className={classes.providerName}>Scamsniffer</span>
+                            </Trans>
+                        </Typography>
+                        <Icons.ScamSniffer size={24} />
+                    </div>
+                }
             </div>
             <div className={classes.content}>
                 {link ?

packages/plugins/ScamWarning/src/SiteAdaptor/components/LinkModifier.tsx

@@ -49,5 +49,6 @@ export async function checkUrl(url: string) {
 
 export async function checkAddress(address: string) {
     const detector = getDetector()
-    return true // detector.checkAddressInBlacklist(address)
+    const result = await detector.checkAddressInBlacklist(address)
+    return !!result
 }

packages/plugins/ScamWarning/src/SiteAdaptor/components/TextModifier.tsx

@@ -6,3 +6,9 @@ export const PLUGIN_NAME = 'ScamWarning'
 
 export const EVM_ADDRESS = /(^|\s)(0x[a-fA-F0-9]{40})/gu
 export const SOLANA_ADDRESS = /(^|\s)([1-9A-HJ-NP-Za-km-z]{32,44})/gu
+export const TRON_ADDRESS = /(^|\s)(T[A-Za-z1-9]{33})/gu
+
+export enum SecurityProvider {
+    ScamSniffer = 'ScamSniffer',
+    GoPlus = 'GoPlus',
+}

packages/plugins/ScamWarning/src/SiteAdaptor/components/WarningCard.tsx

@@ -0,0 +1 @@
+export { EVM_ADDRESS, SOLANA_ADDRESS } from './constants.js'

packages/plugins/ScamWarning/src/Worker/rpc.ts

@@ -0,0 +1,3 @@
+export function isTronAddress(address: string) {
+    return !!address.match(address)
+}