From b91b81f5c9967a2b09116ff3e340e17d2e6c4feb Mon Sep 17 00:00:00 2001 From: Pasha8914 Date: Tue, 7 Jun 2022 00:26:00 +1000 Subject: [PATCH] fix: audit --- components/Footer.vue | 16 ++++----- components/Job.vue | 7 +++- components/MetamaskNavbarIcon.vue | 4 ++- components/Navbar.vue | 7 +++- components/Notices.vue | 9 +++-- components/Tx.vue | 7 +++- components/governance/Proposal.vue | 2 +- .../governance/manage/tabs/DelegateTab.vue | 4 ++- .../governance/manage/tabs/UndelegateTab.vue | 4 ++- components/withdraw/Withdraw.vue | 4 +-- langs/en.json | 6 +++- layouts/default.vue | 4 +++ middleware/provider.js | 6 ++++ nuxt.config.js | 21 ++++++++++++ pages/compliance.vue | 4 +++ pages/index.vue | 33 ++++++++++++++----- plugins/detectIPFS.js | 17 ++++------ plugins/localStorage.js | 27 +++++++++------ store/metamask.js | 2 ++ store/relayer.js | 6 ++-- store/settings.js | 3 +- 21 files changed, 140 insertions(+), 53 deletions(-) diff --git a/components/Footer.vue b/components/Footer.vue index 1072fb7..e232c50 100644 --- a/components/Footer.vue +++ b/components/Footer.vue @@ -12,7 +12,7 @@ class="footer-address__value" target="_blank" :href="addressExplorerUrl(donationsAddress)" - rel="noreferrer" + rel="noopener noreferrer" >{{ donationsAddress }} @@ -31,7 +31,7 @@ type="is-icon" :href="duneLink" target="_blank" - rel="noreferrer" + rel="noopener noreferrer" icon-right="stats" >
diff --git a/components/Job.vue b/components/Job.vue index 3641553..d77466b 100644 --- a/components/Job.vue +++ b/components/Job.vue @@ -14,7 +14,12 @@

- + {{ job.txHash }}

diff --git a/components/MetamaskNavbarIcon.vue b/components/MetamaskNavbarIcon.vue index 74dbb2f..64e66e6 100644 --- a/components/MetamaskNavbarIcon.vue +++ b/components/MetamaskNavbarIcon.vue @@ -3,7 +3,9 @@ @@ -82,21 +98,20 @@ export default { }, created() { this.$store.dispatch('application/setNativeCurrency', { netId: this.netId }) - }, - mounted() { - if (this.$route.query.note) { - this.activeTab = 1 - } + this.checkIsTrustedUrl() }, methods: { ...mapActions('settings', ['disableNotification']), + checkIsTrustedUrl() { + const isIpfs = this.$isLoadedFromIPFS() + if (!isIpfs) { + this.disableNotification({ key: 'third' }) + } + }, onGetKey(fn) { this.getKeys = fn }, async tabChanged(tabIndex) { - if (!this.$route.query.note) { - this.$root.$emit('resetWithdraw') - } if (tabIndex === 1) { this.$store.dispatch('relayer/pickRandomRelayer', { type: 'tornado' }) diff --git a/plugins/detectIPFS.js b/plugins/detectIPFS.js index ecee982..0308a31 100644 --- a/plugins/detectIPFS.js +++ b/plugins/detectIPFS.js @@ -3,20 +3,17 @@ export default ({ store, isHMR, app }, inject) => { inject('isLoadedFromIPFS', main) } function main() { - const domainWhiteList = [ - 'tornado.cash', - 'localhost:3000', - 'stage.tornado.cash', - 'tornadocash.eth', + const whiteListedDomains = [ + // 'localhost:3000', 'tornadocash.eth.link', - 'tornadocash.eth.limo', - 'app.tornado.cash', - 'donotshare.tornado.cash' + 'tornadocash.eth.limo' ] - if (window.location.host.includes('tornadocash.netlify.app')) { + const NETLIFY_REGEXP = /https:\/\/deploy-preview-(\d+)--tornadocash\.netlify\.app/ + + if (NETLIFY_REGEXP.test(window.location.host)) { return false - } else if (!domainWhiteList.includes(window.location.host)) { + } else if (!whiteListedDomains.includes(window.location.host)) { console.warn('The page has been loaded from ipfs.io. LocalStorage is disabled') return true } diff --git a/plugins/localStorage.js b/plugins/localStorage.js index 47aeb41..1a5b2ca 100644 --- a/plugins/localStorage.js +++ b/plugins/localStorage.js @@ -21,16 +21,23 @@ export default ({ store, isHMR }) => { return } - const paths = ['metamask.netId', 'application.selectedStatistic', 'application.selectedInstance'] - if (!store.$isLoadedFromIPFS()) { - paths.push('txHashKeeper', 'settings', 'account', 'relayer.jobs', 'encryptedNote.ui') + const paths = [ + 'metamask.netId', + 'application.selectedStatistic', + 'application.selectedInstance', + 'txHashKeeper', + 'settings', + 'account', + 'relayer.jobs', + 'encryptedNote.ui' + ] + + migrate() + + createPersistedState({ + key: STORE_NAME, + paths + })(store) } - - migrate() - - createPersistedState({ - key: STORE_NAME, - paths - })(store) } diff --git a/store/metamask.js b/store/metamask.js index c03b1e8..c260e6a 100644 --- a/store/metamask.js +++ b/store/metamask.js @@ -82,6 +82,8 @@ const mutations = { }, SET_NET_ID(state, netId) { netId = parseInt(netId, 10) + window.localStorage.setItem('netId', netId) + state.netId = netId }, SET_RECONNECTING(state, bool) { diff --git a/store/relayer.js b/store/relayer.js index 7683834..7f1048f 100644 --- a/store/relayer.js +++ b/store/relayer.js @@ -337,13 +337,15 @@ export const actions = { async getCustomRelayerData({ rootState, state, getters, rootGetters, dispatch }, { url, name }) { const provider = getters.ethProvider.eth - if (!url.startsWith('https:') && !url.startsWith('http:')) { - if (url.includes('.onion')) { + const PROTOCOL_REGEXP = /^(http(s?))/ + if (!PROTOCOL_REGEXP.test(url)) { + if (url.endsWith('.onion')) { url = `http://${url}` } else { url = `https://${url}` } } + const urlParser = new URL(url) urlParser.href = url let ensName = name diff --git a/store/settings.js b/store/settings.js index 07bd48b..94ebe80 100644 --- a/store/settings.js +++ b/store/settings.js @@ -20,7 +20,8 @@ export const state = () => { ...rpcData, isActiveNotification: { first: true, - second: true + second: true, + third: true } } }