-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support security alerts API #25544
base: develop
Are you sure you want to change the base?
Conversation
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #25544 +/- ##
===========================================
+ Coverage 69.69% 69.70% +0.02%
===========================================
Files 1350 1351 +1
Lines 47865 47890 +25
Branches 13199 13203 +4
===========================================
+ Hits 33355 33380 +25
Misses 14510 14510 ☔ View full report in Codecov by Sentry. |
Builds ready [0fbd0e9]
Page Load Metrics (140 ± 174 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
...ppomResponse, | ||
securityAlertId, | ||
}; | ||
} catch (error: unknown) { | ||
return handlePPOMError(error, 'Error validateRequestWithPPOM#usePPOM: '); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we change the message here for clarity, or add separate try catch
blocks in each validate method?
@@ -260,6 +260,10 @@ env: | |||
- TEST_GAS_FEE_FLOWS: false | |||
# Determines if feature flagged network ui new design | |||
- ENABLE_NETWORK_UI_REDESIGN: '' | |||
# Determines if uses the security alerts API to validate confirmations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we match mobile and use:
Temporary mechanism to enable security alerts API prior to release
|
||
import { SecurityAlertResponse } from '../../../../../../app/scripts/lib/ppom/types'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally, we want to avoid referencing background types in the frontend.
Could we instead update the shared type?
|
||
return { | ||
...response, | ||
source: SecurityAlertSource.Local, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're adding this to the response, but do we also have to update getBlockaidMetricsProps
in ui/helpers/utils/metrics.js
to add it to the event?
Description
This PR enables the use of the Security Alerts API to validate dApp requests, with a fallback to local PPOM validation if the API request fails.
Environment Variables
Add the following variables to
.metamaskrc
:Additional Changes
Introduces the security_alert_source property to transaction and signature events, indicating api or local as the source.
Related Repository
Refer to the Security Alerts API repository for more details.
Related issues
Fixes: https://github.com/MetaMask/MetaMask-planning/issues/2514 https://github.com/MetaMask/MetaMask-planning/issues/2515
Manual testing steps
Test blockaid regression
add the envs
security-alerts
and find the call to the API service.Existing PPOM logic should function as before, even with the above environment variables added, due to the fallback to the controller in the event of an error.
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist