Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: enable security alerts api #28040

Open
wants to merge 12 commits into
base: develop
Choose a base branch
from
Open

feat: enable security alerts api #28040

wants to merge 12 commits into from

Conversation

vinistevam
Copy link
Contributor

@vinistevam vinistevam commented Oct 23, 2024

Description

This PR aims to enable the Security Alerts API. The environment variable SECURITY_ALERTS_API_ENABLED will be maintained and removed in a separate PR in a future release.
There is a fallback mechanism that uses the local PPOM to validate the request in the case of an issue with the API. This safeguard is designed to prevent any disruption or impact on the user experience.

Open in GitHub Codespaces

Related issues

Fixes: https://github.com/MetaMask/MetaMask-planning/issues/2516

Manual testing steps

  • Go to test dapp and trigger one of the malicious signatures
  • To verify in Chrome go to dev tools > network. Search for security-alerts and find the call to the API service.

Screenshots/Recordings

test-security-alerts-api.webm

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@github-actions github-actions bot added the team-confirmations Push issues to confirmations team label Oct 23, 2024
@vinistevam vinistevam marked this pull request as ready for review October 23, 2024 13:04
@vinistevam vinistevam requested review from a team as code owners October 23, 2024 13:04
matthewwalsh0
matthewwalsh0 previously approved these changes Oct 23, 2024
jpuri
jpuri previously approved these changes Oct 23, 2024
@sleepytanya
Copy link
Contributor

PPOM on Ethereum works as expected.
BNB - Malicious Transfer (USDC) is not flagged
Avalanche - Malicious Set Approval for All and Sign Permit are not flagged
zkSync - Malicious Permit, Malicious Seaport, Sign Permit, Malicous Permit with Padded ChainID - are not flagged (some of them could be ignored as they are not supported on zkSync yet?)

Screenshot 2024-10-23 at 22 35 54 Screenshot 2024-10-23 at 22 34 24 Screenshot 2024-10-23 at 22 48 11 Screenshot 2024-10-23 at 22 48 00

@metamaskbot
Copy link
Collaborator

Builds ready [93bfff7]
Page Load Metrics (2120 ± 230 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint35731821781712342
domContentLoaded161028962076443213
load162132052120480230
domInteractive20146493316
backgroundConnect8309416431
firstReactRender483711348340
getState567222211
initialActions01000
loadScripts118621991560363174
setupStore10162403818
uiStartup181738262451617296
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 730 Bytes (0.02%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@vinistevam vinistevam force-pushed the feat/vs-2516 branch 3 times, most recently from 6c6a8f4 to 92ae04c Compare October 25, 2024 16:11
@metamaskbot
Copy link
Collaborator

Builds ready [fff2fcc]
Page Load Metrics (1976 ± 57 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint18062228197711756
domContentLoaded17412157194111153
load17542175197611857
domInteractive148751178
backgroundConnect1099302713
firstReactRender6111597147
getState561252211
initialActions00000
loadScripts1254161314319948
setupStore1264322110
uiStartup19722434219113364
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 25 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@metamaskbot
Copy link
Collaborator

Builds ready [121b8fe]
Page Load Metrics (2039 ± 111 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint38625211969430206
domContentLoaded177624852003229110
load179324942039231111
domInteractive19111492612
backgroundConnect1085392512
firstReactRender532211024120
getState564252311
initialActions01000
loadScripts12981883148919292
setupStore1173282110
uiStartup199027932281273131
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 25 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@metamaskbot
Copy link
Collaborator

Builds ready [5400b8a]
Page Load Metrics (1979 ± 127 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint25022451638623299
domContentLoaded166229071938260125
load167129161979263127
domInteractive16106552512
backgroundConnect8138453617
firstReactRender4811289199
getState565292311
initialActions01000
loadScripts119023001411229110
setupStore117922157
uiStartup182131172190282135
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 25 Bytes (0.00%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
team-confirmations Push issues to confirmations team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants