From 282122f68bb0dda042efed9d5f68c9b707b7c0f4 Mon Sep 17 00:00:00 2001
From: salimtb <salim.toubal@outlook.com>
Date: Thu, 5 Dec 2024 22:07:26 +0100
Subject: [PATCH] fix: fix security comment

---
 app/scripts/migrations/135.ts | 19 +++++++++++--
 shared/constants/network.ts   | 51 +++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+), 2 deletions(-)

diff --git a/app/scripts/migrations/135.ts b/app/scripts/migrations/135.ts
index 2ce4ff155ea0..1a1aba6d3cea 100644
--- a/app/scripts/migrations/135.ts
+++ b/app/scripts/migrations/135.ts
@@ -1,6 +1,9 @@
 import { hasProperty, isObject } from '@metamask/utils';
 import { cloneDeep } from 'lodash';
-import { infuraProjectId } from '../../../shared/constants/network';
+import {
+  allowedInfuraHosts,
+  infuraProjectId,
+} from '../../../shared/constants/network';
 import { RpcEndpointType } from '@metamask/network-controller';
 
 export const version = 135;
@@ -53,6 +56,18 @@ function transformState(state: Record<string, unknown>) {
         const defaultRpcEndpoint =
           networkConfig?.rpcEndpoints?.[networkConfig?.defaultRpcEndpointIndex];
 
+        console.log('defaultRpcEndpoint ......', defaultRpcEndpoint);
+
+        console.log(
+          'defaultRpcEndpoint ......',
+          new URL(defaultRpcEndpoint.url).host,
+        );
+
+        console.log(
+          'defaultRpcEndpoint ......',
+          allowedInfuraHosts.includes(new URL(defaultRpcEndpoint.url).host),
+        );
+
         if (
           !isObject(defaultRpcEndpoint) ||
           typeof defaultRpcEndpoint.url !== 'string'
@@ -64,7 +79,7 @@ function transformState(state: Record<string, unknown>) {
           const urlHost = new URL(defaultRpcEndpoint.url).host;
           return (
             defaultRpcEndpoint.type === RpcEndpointType.Infura ||
-            urlHost.endsWith('infura.io')
+            allowedInfuraHosts.includes(urlHost)
           );
         } catch {
           return false;
diff --git a/shared/constants/network.ts b/shared/constants/network.ts
index 5901d8811c5d..841535700e23 100644
--- a/shared/constants/network.ts
+++ b/shared/constants/network.ts
@@ -1077,6 +1077,57 @@ export const FEATURED_RPCS: AddNetworkFields[] = [
   },
 ];
 
+export const allowedInfuraHosts = [
+  // Ethereum
+  'mainnet.infura.io',
+  'holesky.infura.io',
+  'sepolia.infura.io',
+  // Linea
+  'linea-mainnet.infura.io',
+  'linea-sepolia.infura.io',
+  // Polygon
+  'polygon-mainnet.infura.io',
+  'polygon-amoy.infura.io',
+  // Base
+  'base-mainnet.infura.io',
+  'base-sepolia.infura.io',
+  // Blast
+  'blast-mainnet.infura.io',
+  'blast-sepolia.infura.io',
+  // Optimism
+  'optimism-mainnet.infura.io',
+  'optimism-sepolia.infura.io',
+  // Arbitrum
+  'arbitrum-mainnet.infura.io',
+  'arbitrum-sepolia.infura.io',
+  // Palm
+  'palm-mainnet.infura.io',
+  'palm-testnet.infura.io',
+  // Avalanche
+  'avalanche-mainnet.infura.io',
+  'avalanche-fuji.infura.io',
+  // Celo
+  'celo-mainnet.infura.io',
+  'celo-alfajores.infura.io',
+  // ZKSync
+  'zksync-mainnet.infura.io',
+  'zksync-sepolia.infura.io',
+  // BSC
+  'bsc-mainnet.infura.io',
+  'bsc-testnet.infura.io',
+  // Mantle
+  'mantle-mainnet.infura.io',
+  'mantle-sepolia.infura.io',
+  // OPBNB
+  'opbnb-mainnet.infura.io',
+  'opbnb-testnet.infura.io',
+  // Scroll
+  'scroll-mainnet.infura.io',
+  'scroll-sepolia.infura.io',
+  // Unichain
+  'unichain-sepolia.infura.io',
+];
+
 /**
  * Represents the availability state of the currently selected network.
  */