feat: implement client side malicious network request detection

app/scripts/background.js

@@ -261,18 +261,35 @@ function maybeDetectPhishing(theController) {
       }
 
       theController.phishingController.maybeUpdateState();
-      const phishingTestResponse =
-        theController.phishingController.test(hostname);
-      if (!phishingTestResponse?.result) {
+      const phishingTestResponse = theController.phishingController.test(
+        details.url,
+      );
+
+      const blockedRequestResponse =
+        theController.phishingController.isBlockedRequest(details.url);
+
+      // if the request is not blocked, and the phishing test is not blocked, return and don't show the phishing screen
+      if (!phishingTestResponse?.result && !blockedRequestResponse.result) {
         return {};
       }
 
+      // Determine the block reason based on the type
+      let blockReason;
+      if (phishingTestResponse?.result && blockedRequestResponse.result) {
+        blockReason = `${phishingTestResponse.type} and ${blockedRequestResponse.type}`;
+      } else if (phishingTestResponse?.result) {
+        blockReason = phishingTestResponse.type;
+      } else {
+        blockReason = blockedRequestResponse.type;
+      }
+
       theController.metaMetricsController.trackEvent({
         // should we differentiate between background redirection and content script redirection?
         event: MetaMetricsEventName.PhishingPageDisplayed,
         category: MetaMetricsEventCategory.Phishing,
         properties: {
           url: hostname,
+          reason: blockReason,
         },
       });
       const querystring = new URLSearchParams({ hostname, href });
@@ -297,7 +314,10 @@ function maybeDetectPhishing(theController) {
       redirectTab(details.tabId, redirectHref);
       return {};
     },
-    { types: ['main_frame', 'sub_frame'], urls: ['http://*/*', 'https://*/*'] },
+    {
+      types: ['main_frame', 'sub_frame', 'xmlhttprequest'],
+      urls: ['http://*/*', 'https://*/*'],
+    },
     isManifestV2 ? ['blocking'] : [],
   );
 }

app/scripts/lib/snap-keyring/utils/isBlockedUrl.test.ts

@@ -1,6 +1,6 @@
 import { ListNames, PhishingController } from '@metamask/phishing-controller';
 import { ControllerMessenger } from '@metamask/base-controller';
-import { isBlockedUrl } from './isBlockedUrl';
+import { isBlockedUrl, isC2DomainBlocked } from './isBlockedUrl';
 
 describe('isBlockedUrl', () => {
   const messenger = new ControllerMessenger();
@@ -10,17 +10,26 @@ describe('isBlockedUrl', () => {
     allowedEvents: [],
   });
   const phishingController = new PhishingController({
+    // @ts-expect-error TODO: Resolve/patch mismatch between messenger types
     messenger: phishingControllerMessenger,
     state: {
       phishingLists: [
         {
-          blocklist: ['https://metamask.test'],
+          blocklist: [
+            'metamask.test',
+            'QmYwAPJzv5CZsnAzt8auVTL6aKqgfZY5vHBYdbyz4ySxTm',
+            'ipfs://QmXbVAkGZMz6p8nJ3wXBng4JwvBqZWkFwnDMevL7Tz5w8y',
+            'QmT78zSuBmuS4z925WJg3vNLRiT4Mj6apb5iS4iykKs4n8',
+          ],
           allowlist: [],
           fuzzylist: [],
           tolerance: 0,
           version: 1,
           lastUpdated: 0,
           name: ListNames.MetaMask,
+          c2DomainBlocklist: [
+            'a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947',
+          ],
         },
       ],
     },
@@ -32,6 +41,16 @@ describe('isBlockedUrl', () => {
     ['https://metamask.io', false],
     ['https://metamask.test', true],
     ['sftp://metamask.io', true],
+    ['ipfs://QmYwAPJzv5CZsnAzt8auVTL6aKqgfZY5vHBYdbyz4ySxTm', true],
+    ['ipfs://QmXbVAkGZMz6p8nJ3wXBng4JwvBqZWkFgnDMevL7Tz5w8y', true],
+    [
+      'https://ipfs.io/ipfs/QmT78zSuBmuS4z925WJg3vNLRiT4Mj6apb5iS4iykKs4n8',
+      true,
+    ],
+    [
+      'https://ipfs.io/ipfs/QmT78zSuBmuS4zdsf925WJsadfsdfg3vNLRiT4Mj6apb5iS4iykKs4n8',
+      false,
+    ],
     ['', true],
     ['1', true],
     [undefined, true],
@@ -53,4 +72,23 @@ describe('isBlockedUrl', () => {
     );
     expect(result).toEqual(expected);
   });
+
+  // @ts-expect-error This is missing from the Mocha type definitions
+  it.each([
+    ['https://example.com', true],
+    ['https://metamask.io', false],
+    // TODO: Replace `any` with type
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  ])('"%s" is blocked: %s', async (url: any, expected: boolean) => {
+    const result = await isC2DomainBlocked(
+      url,
+      async () => {
+        return await phishingController.maybeUpdateState();
+      },
+      (origin: string) => {
+        return phishingController.isBlockedRequest(origin);
+      },
+    );
+    expect(result).toEqual(expected);
+  });
 });

app/scripts/lib/snap-keyring/utils/isBlockedUrl.ts

@@ -31,3 +31,31 @@ export const isBlockedUrl = async (
     return false;
   }
 };
+
+/**
+ * Checks weather a given URL is blocked due to making a network request to a
+ * known C2 domain.
+ *
+ * @param url - The URL to check.
+ * @param maybeUpdateState - A function that updates the phishing controller state.
+ * @param testC2Domain - A function that tests if a URL is a known malicious C2 domain.
+ * @returns Returns a promise which resolves to `true` if the URL is blocked
+ * due to making a network request to a known malicious C2 domain. Otherwise,
+ * resolves to `false`.
+ */
+export const isC2DomainBlocked = async (
+  url: string,
+  maybeUpdateState: () => ReturnType<PhishingController['maybeUpdateState']>,
+  testC2Domain: (
+    url: string,
+  ) => ReturnType<PhishingController['isBlockedRequest']>,
+): Promise<boolean> => {
+  try {
+    // check if the url is in the phishing list
+    await maybeUpdateState();
+    return testC2Domain(url).result;
+  } catch (error) {
+    console.error('Invalid URL passed into snap-keyring:', error);
+    return false;
+  }
+};

app/scripts/metamask-controller.actions.test.js

@@ -89,10 +89,6 @@ describe('MetaMaskController', function () {
             blocklist: ['127.0.0.1'],
             name: ListNames.MetaMask,
           },
-          phishfort_hotlist: {
-            blocklist: [],
-            name: ListNames.Phishfort,
-          },
         }),
       )
       .get(METAMASK_HOTLIST_DIFF_FILE)

app/scripts/metamask-controller.js

@@ -2682,7 +2682,7 @@ export default class MetamaskController extends EventEmitter {
               'PhishingController:maybeUpdateState',
             );
           },
-          isOnPhishingList: (origin) => {
+          isOnPhishingList: (sender) => {
             const { usePhishDetect } =
               this.preferencesController.store.getState();
 
@@ -2692,7 +2692,7 @@ export default class MetamaskController extends EventEmitter {
 
             return this.controllerMessenger.call(
               'PhishingController:testOrigin',
-              origin,
+              sender.url,
             ).result;
           },
           createInterface: this.controllerMessenger.call.bind(
@@ -4999,7 +4999,7 @@ export default class MetamaskController extends EventEmitter {
           const { hostname } = new URL(sender.url);
           this.phishingController.maybeUpdateState();
           // Check if new connection is blocked if phishing detection is on
-          const phishingTestResponse = this.phishingController.test(hostname);
+          const phishingTestResponse = this.phishingController.test(sender.url);
           if (phishingTestResponse?.result) {
             this.sendPhishingWarning(connectionStream, hostname);
             this.metaMetricsController.trackEvent({

app/scripts/metamask-controller.test.js

@@ -323,10 +323,6 @@ describe('MetaMaskController', () => {
             blocklist: ['test.metamask-phishing.io'],
             name: ListNames.MetaMask,
           },
-          phishfort_hotlist: {
-            blocklist: [],
-            name: ListNames.Phishfort,
-          },
         }),
       )
       .get(METAMASK_HOTLIST_DIFF_FILE)

lavamoat/browserify/beta/policy.json

@@ -2140,36 +2140,25 @@
     },
     "@metamask/phishing-controller": {
       "globals": {
+        "TextEncoder": true,
+        "URL": true,
         "fetch": true
       },
       "packages": {
-        "@metamask/base-controller": true,
-        "@metamask/phishing-controller>@metamask/controller-utils": true,
-        "@metamask/phishing-warning>eth-phishing-detect": true,
+        "@ethereumjs/tx>ethereum-cryptography": true,
+        "@metamask/controller-utils": true,
+        "@metamask/phishing-controller>@metamask/base-controller": true,
+        "@metamask/phishing-controller>fastest-levenshtein": true,
+        "@noble/hashes": true,
         "punycode": true
       }
     },
-    "@metamask/phishing-controller>@metamask/controller-utils": {
+    "@metamask/phishing-controller>@metamask/base-controller": {
       "globals": {
-        "URL": true,
-        "console.error": true,
-        "fetch": true,
         "setTimeout": true
       },
       "packages": {
-        "@ethereumjs/tx>@ethereumjs/util": true,
-        "@metamask/controller-utils>@spruceid/siwe-parser": true,
-        "@metamask/ethjs>@metamask/ethjs-unit": true,
-        "@metamask/utils": true,
-        "bn.js": true,
-        "browserify>buffer": true,
-        "eslint>fast-deep-equal": true,
-        "eth-ens-namehash": true
-      }
-    },
-    "@metamask/phishing-warning>eth-phishing-detect": {
-      "packages": {
-        "eslint>optionator>fast-levenshtein": true
+        "immer": true
       }
     },
     "@metamask/post-message-stream": {
@@ -4292,16 +4281,6 @@
         "koa>is-generator-function>has-tostringtag": true
       }
     },
-    "eslint>optionator>fast-levenshtein": {
-      "globals": {
-        "Intl": true,
-        "Levenshtein": "write",
-        "console.log": true,
-        "define": true,
-        "importScripts": true,
-        "postMessage": true
-      }
-    },
     "eth-ens-namehash": {
       "globals": {
         "name": "write"

lavamoat/browserify/flask/policy.json

@@ -2140,36 +2140,25 @@
     },
     "@metamask/phishing-controller": {
       "globals": {
+        "TextEncoder": true,
+        "URL": true,
         "fetch": true
       },
       "packages": {
-        "@metamask/base-controller": true,
-        "@metamask/phishing-controller>@metamask/controller-utils": true,
-        "@metamask/phishing-warning>eth-phishing-detect": true,
+        "@ethereumjs/tx>ethereum-cryptography": true,
+        "@metamask/controller-utils": true,
+        "@metamask/phishing-controller>@metamask/base-controller": true,
+        "@metamask/phishing-controller>fastest-levenshtein": true,
+        "@noble/hashes": true,
         "punycode": true
       }
     },
-    "@metamask/phishing-controller>@metamask/controller-utils": {
+    "@metamask/phishing-controller>@metamask/base-controller": {
       "globals": {
-        "URL": true,
-        "console.error": true,
-        "fetch": true,
         "setTimeout": true
       },
       "packages": {
-        "@ethereumjs/tx>@ethereumjs/util": true,
-        "@metamask/controller-utils>@spruceid/siwe-parser": true,
-        "@metamask/ethjs>@metamask/ethjs-unit": true,
-        "@metamask/utils": true,
-        "bn.js": true,
-        "browserify>buffer": true,
-        "eslint>fast-deep-equal": true,
-        "eth-ens-namehash": true
-      }
-    },
-    "@metamask/phishing-warning>eth-phishing-detect": {
-      "packages": {
-        "eslint>optionator>fast-levenshtein": true
+        "immer": true
       }
     },
     "@metamask/post-message-stream": {
@@ -4292,16 +4281,6 @@
         "koa>is-generator-function>has-tostringtag": true
       }
     },
-    "eslint>optionator>fast-levenshtein": {
-      "globals": {
-        "Intl": true,
-        "Levenshtein": "write",
-        "console.log": true,
-        "define": true,
-        "importScripts": true,
-        "postMessage": true
-      }
-    },
     "eth-ens-namehash": {
       "globals": {
         "name": "write"

lavamoat/browserify/main/policy.json

@@ -2140,36 +2140,25 @@
     },
     "@metamask/phishing-controller": {
       "globals": {
+        "TextEncoder": true,
+        "URL": true,
         "fetch": true
       },
       "packages": {
-        "@metamask/base-controller": true,
-        "@metamask/phishing-controller>@metamask/controller-utils": true,
-        "@metamask/phishing-warning>eth-phishing-detect": true,
+        "@ethereumjs/tx>ethereum-cryptography": true,
+        "@metamask/controller-utils": true,
+        "@metamask/phishing-controller>@metamask/base-controller": true,
+        "@metamask/phishing-controller>fastest-levenshtein": true,
+        "@noble/hashes": true,
         "punycode": true
       }
     },
-    "@metamask/phishing-controller>@metamask/controller-utils": {
+    "@metamask/phishing-controller>@metamask/base-controller": {
       "globals": {
-        "URL": true,
-        "console.error": true,
-        "fetch": true,
         "setTimeout": true
       },
       "packages": {
-        "@ethereumjs/tx>@ethereumjs/util": true,
-        "@metamask/controller-utils>@spruceid/siwe-parser": true,
-        "@metamask/ethjs>@metamask/ethjs-unit": true,
-        "@metamask/utils": true,
-        "bn.js": true,
-        "browserify>buffer": true,
-        "eslint>fast-deep-equal": true,
-        "eth-ens-namehash": true
-      }
-    },
-    "@metamask/phishing-warning>eth-phishing-detect": {
-      "packages": {
-        "eslint>optionator>fast-levenshtein": true
+        "immer": true
       }
     },
     "@metamask/post-message-stream": {
@@ -4292,16 +4281,6 @@
         "koa>is-generator-function>has-tostringtag": true
       }
     },
-    "eslint>optionator>fast-levenshtein": {
-      "globals": {
-        "Intl": true,
-        "Levenshtein": "write",
-        "console.log": true,
-        "define": true,
-        "importScripts": true,
-        "postMessage": true
-      }
-    },
     "eth-ens-namehash": {
       "globals": {
         "name": "write"