test(mock-e2e): add private domains logic for the privacy report

MetaMask · Oct 14, 2024 · d8a8c33 · d8a8c33
1 parent d9d6fab
commit d8a8c33
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/test/e2e/mock-e2e.js b/test/e2e/mock-e2e.js
@@ -66,6 +66,14 @@ const emptyHtmlPage = () => `<!DOCTYPE html>
 const browserAPIRequestDomains =
   /^.*\.(googleapis\.com|google\.com|mozilla\.net|mozilla\.com|mozilla\.org|gvt1\.com)$/iu;
 
+/**
+ * Some third-party providers might use random URLs that we don't want to track
+ * in the privacy report "in clear". We use a pattern to match those URLs and
+ * adds a generic `host` to the report so that we still keep track of those URLs
+ * in a generic way.
+ */
+const privateDomains = [];
+
 /**
  * @typedef {import('mockttp').Mockttp} Mockttp
  * @typedef {import('mockttp').MockedEndpoint} MockedEndpoint
@@ -714,6 +722,25 @@ async function setupMocking(
   const portfolioRequestsMatcher = (request) =>
     request.headers.referer === 'https://portfolio.metamask.io/';
 
+  /**
+   * Tests a request against private domains and returns a set of generic hostnames that
+   * match.
+   *
+   * @param request
+   * @returns A set of matched results.
+   */
+  const matchPrivateHosts = (request) => {
+    const privateHosts = new Set();
+
+    for (const { pattern, host: privateHost } of privateDomains) {
+      if (request.headers.host.match(pattern)) {
+        privateHosts.add(privateHost);
+      }
+    }
+
+    return privateHosts;
+  };
+
   /**
    * Listen for requests and add the hostname to the privacy report if it did
    * not previously exist. This is used to track which hosts are requested
@@ -723,6 +750,16 @@ async function setupMocking(
    * operation. See the browserAPIRequestDomains regex above.
    */
   server.on('request-initiated', (request) => {
+    const privateHosts = matchPrivateHosts(request);
+    if (privateHosts.size) {
+      for (const privateHost of privateHosts) {
+        privacyReport.add(privateHost);
+      }
+      // At this point, we know the request at least one private doamin, so we just stops here to avoid
+      // using the request any further.
+      return;
+    }
+
     if (
       request.headers.host.match(browserAPIRequestDomains) === null &&
       !portfolioRequestsMatcher(request)