@metamask-previews/assets-controllers 65.0.0-preview-88a682b → 65.0.0-preview-4f323233

package/CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add phishing protection for NFT metadata URLs in `NftController` ([#5598](https://github.com/MetaMask/core/pull/5598))
+  - NFT metadata URLs are now scanned for malicious content using the `PhishingController`
+  - Malicious URLs in NFT metadata fields (image, externalLink, etc.) are automatically sanitized
+
+### Changed
+
+- **BREAKING:** Add peer dependency on `@metamask/phishing-controller` ^12.5.0 ([#5598](https://github.com/MetaMask/core/pull/5598))
+
 ## [65.0.0]
 
 ### Added

package/dist/AccountTrackerController.d.cts

@@ -62,8 +62,8 @@ type AccountTrackerPollingInput = {
     networkClientIds: NetworkClientId[];
 };
 declare const AccountTrackerController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: AccountTrackerPollingInput): void;

package/dist/AccountTrackerController.d.mts

@@ -62,8 +62,8 @@ type AccountTrackerPollingInput = {
     networkClientIds: NetworkClientId[];
 };
 declare const AccountTrackerController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: AccountTrackerPollingInput): void;

package/dist/CurrencyRateController.d.cts

@@ -29,8 +29,8 @@ type CurrencyRatePollingInput = {
     nativeCurrencies: string[];
 };
 declare const CurrencyRateController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: CurrencyRatePollingInput): void;

package/dist/CurrencyRateController.d.mts

@@ -29,8 +29,8 @@ type CurrencyRatePollingInput = {
     nativeCurrencies: string[];
 };
 declare const CurrencyRateController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: CurrencyRatePollingInput): void;

package/dist/DeFiPositionsController/DeFiPositionsController.d.cts

@@ -36,8 +36,8 @@ export type AllowedEvents = KeyringControllerUnlockEvent | KeyringControllerLock
  */
 export type DeFiPositionsControllerMessenger = RestrictedMessenger<typeof controllerName, DeFiPositionsControllerActions | AllowedActions, DeFiPositionsControllerEvents | AllowedEvents, AllowedActions['type'], AllowedEvents['type']>;
 declare const DeFiPositionsController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: import("@metamask/utils").Json): void;

package/dist/DeFiPositionsController/DeFiPositionsController.d.mts

@@ -36,8 +36,8 @@ export type AllowedEvents = KeyringControllerUnlockEvent | KeyringControllerLock
  */
 export type DeFiPositionsControllerMessenger = RestrictedMessenger<typeof controllerName, DeFiPositionsControllerActions | AllowedActions, DeFiPositionsControllerEvents | AllowedEvents, AllowedActions['type'], AllowedEvents['type']>;
 declare const DeFiPositionsController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: import("@metamask/utils").Json): void;

package/dist/MultichainAssetsRatesController/MultichainAssetsRatesController.d.cts

@@ -74,8 +74,8 @@ export type MultichainAssetsRatesPollingInput = {
     accountId: string;
 };
 declare const MultichainAssetsRatesController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: MultichainAssetsRatesPollingInput): void;

package/dist/MultichainAssetsRatesController/MultichainAssetsRatesController.d.mts

@@ -74,8 +74,8 @@ export type MultichainAssetsRatesPollingInput = {
     accountId: string;
 };
 declare const MultichainAssetsRatesController_base: (abstract new (...args: any[]) => {
-    readonly "__#13@#intervalIds": Record<string, NodeJS.Timeout>;
-    "__#13@#intervalLength": number | undefined;
+    readonly "__#14@#intervalIds": Record<string, NodeJS.Timeout>;
+    "__#14@#intervalLength": number | undefined;
     setIntervalLength(intervalLength: number): void;
     getIntervalLength(): number | undefined;
     _startPolling(input: MultichainAssetsRatesPollingInput): void;

package/dist/NftController.cjs

@@ -13,12 +13,13 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
-var _NftController_instances, _NftController_mutex, _NftController_selectedAccountId, _NftController_chainId, _NftController_ipfsGateway, _NftController_openSeaEnabled, _NftController_useIpfsSubdomains, _NftController_isIpfsGatewayEnabled, _NftController_onNftAdded, _NftController_onNetworkControllerNetworkDidChange, _NftController_onPreferencesControllerStateChange, _NftController_onSelectedAccountChange, _NftController_updateNestedNftState, _NftController_getNftCollectionApi, _NftController_getNftInformationFromApi, _NftController_getNftInformationFromTokenURI, _NftController_getNftURIAndStandard, _NftController_getNftInformation, _NftController_getNftContractInformationFromContract, _NftController_getNftContractInformation, _NftController_addIndividualNft, _NftController_addNftContract, _NftController_removeAndIgnoreIndividualNft, _NftController_removeIndividualNft, _NftController_removeNftContract, _NftController_validateWatchNft, _NftController_getCorrectChainId, _NftController_getAddressOrSelectedAddress, _NftController_updateNftUpdateForAccount;
+var _NftController_instances, _NftController_mutex, _NftController_selectedAccountId, _NftController_chainId, _NftController_ipfsGateway, _NftController_openSeaEnabled, _NftController_useIpfsSubdomains, _NftController_isIpfsGatewayEnabled, _NftController_onNftAdded, _NftController_onNetworkControllerNetworkDidChange, _NftController_onPreferencesControllerStateChange, _NftController_onSelectedAccountChange, _NftController_updateNestedNftState, _NftController_getNftCollectionApi, _NftController_getNftInformationFromApi, _NftController_getNftInformationFromTokenURI, _NftController_getNftURIAndStandard, _NftController_getNftInformation, _NftController_getNftContractInformationFromContract, _NftController_getNftContractInformation, _NftController_addIndividualNft, _NftController_addNftContract, _NftController_removeAndIgnoreIndividualNft, _NftController_removeIndividualNft, _NftController_removeNftContract, _NftController_validateWatchNft, _NftController_getCorrectChainId, _NftController_getAddressOrSelectedAddress, _NftController_updateNftUpdateForAccount, _NftController_bulkSanitizeNftMetadata, _NftController_sanitizeNftMetadata;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NftController = exports.getDefaultNftControllerState = void 0;
 const address_1 = require("@ethersproject/address");
 const base_controller_1 = require("@metamask/base-controller");
 const controller_utils_1 = require("@metamask/controller-utils");
+const phishing_controller_1 = require("@metamask/phishing-controller");
 const rpc_errors_1 = require("@metamask/rpc-errors");
 const utils_1 = require("@metamask/utils");
 const async_mutex_1 = require("async-mutex");
@@ -124,11 +125,13 @@ class NftController extends base_controller_1.BaseController {
         }
         await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_validateWatchNft).call(this, asset, type, addressToSearch);
         const nftMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getNftInformation).call(this, asset.address, asset.tokenId, networkClientId);
-        if (nftMetadata.standard && nftMetadata.standard !== type) {
-            throw rpc_errors_1.rpcErrors.invalidInput(`Suggested NFT of type ${nftMetadata.standard} does not match received type ${type}`);
+        // Sanitize metadata
+        const sanitizedMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_sanitizeNftMetadata).call(this, nftMetadata);
+        if (sanitizedMetadata.standard && sanitizedMetadata.standard !== type) {
+            throw rpc_errors_1.rpcErrors.invalidInput(`Suggested NFT of type ${sanitizedMetadata.standard} does not match received type ${type}`);
         }
         const suggestedNftMeta = {
-            asset: { ...asset, ...nftMetadata },
+            asset: { ...asset, ...sanitizedMetadata },
             type,
             id: (0, uuid_1.v4)(),
             time: Date.now(),
@@ -137,7 +140,7 @@ class NftController extends base_controller_1.BaseController {
         };
         await this._requestApproval(suggestedNftMeta);
         const { address, tokenId } = asset;
-        const { name, standard, description, image } = nftMetadata;
+        const { name, standard, description, image } = sanitizedMetadata;
         await this.addNft(address, tokenId, {
             nftMetadata: {
                 name: name ?? null,
@@ -234,9 +237,15 @@ class NftController extends base_controller_1.BaseController {
         const checksumHexAddress = (0, controller_utils_1.toChecksumHexAddress)(tokenAddress);
         // TODO: revisit this with Solana support and instead of passing chainId, make sure chainId is read from nftMetadata
         const chainIdToAddTo = chainId || __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getCorrectChainId).call(this, { networkClientId });
-        nftMetadata =
-            nftMetadata ||
-                (await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getNftInformation).call(this, checksumHexAddress, tokenId, networkClientId));
+        if (!nftMetadata) {
+            const fetchedMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getNftInformation).call(this, checksumHexAddress, tokenId, networkClientId);
+            // Sanitize metadata
+            nftMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_sanitizeNftMetadata).call(this, fetchedMetadata);
+        }
+        else {
+            // Sanitize provided metadata
+            nftMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_sanitizeNftMetadata).call(this, nftMetadata);
+        }
         const newNftContracts = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_addNftContract).call(this, {
             tokenAddress: checksumHexAddress,
             userAddress: addressToSearch,
@@ -275,13 +284,23 @@ class NftController extends base_controller_1.BaseController {
                     address: (0, controller_utils_1.toChecksumHexAddress)(nft.address),
                 };
             });
-            const nftMetadataResults = await Promise.all(nftsWithChecksumAdr.map(async (nft) => {
+            // Get all unsanitized nft metadata
+            const unsanitizedResults = await Promise.all(nftsWithChecksumAdr.map(async (nft) => {
                 const resMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getNftInformation).call(this, nft.address, nft.tokenId, networkClientId);
                 return {
                     nft,
                     newMetadata: resMetadata,
                 };
             }));
+            // Extract metadata
+            const unsanitizedMetadata = unsanitizedResults.map((result) => result.newMetadata);
+            // Sanitize all metadata
+            const sanitizedMetadata = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_bulkSanitizeNftMetadata).call(this, unsanitizedMetadata);
+            // Reassemble the results with sanitized metadata
+            const nftMetadataResults = unsanitizedResults.map((result, index) => ({
+                nft: result.nft,
+                newMetadata: sanitizedMetadata[index],
+            }));
             // We want to avoid updating the state if the state and fetched nft info are the same
             const nftsWithDifferentMetadata = [];
             const { allNfts } = this.state;
@@ -857,7 +876,7 @@ async function _NftController_getNftInformation(contractAddress, tokenId, networ
             ? (0, controller_utils_1.safelyExecute)(() => __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_getNftInformationFromApi).call(this, contractAddress, tokenId))
             : undefined,
     ]);
-    return {
+    const metadata = {
         ...nftApiMetadata,
         name: blockchainMetadata?.name ?? nftApiMetadata?.name ?? null,
         description: blockchainMetadata?.description ?? nftApiMetadata?.description ?? null,
@@ -865,6 +884,8 @@ async function _NftController_getNftInformation(contractAddress, tokenId, networ
         standard: blockchainMetadata?.standard ?? nftApiMetadata?.standard ?? null,
         tokenURI: blockchainMetadata?.tokenURI ?? null,
     };
+    // Sanitize the metadata by checking external links against phishing protection
+    return await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_sanitizeNftMetadata).call(this, metadata);
 }, _NftController_getNftContractInformationFromContract = 
 /**
  * Request NFT contract information from the contract itself.
@@ -1176,6 +1197,101 @@ async function _NftController_addNftContract({ tokenAddress, userAddress, networ
             userAddress: account.address,
         });
     }
+}, _NftController_bulkSanitizeNftMetadata = 
+/**
+ * Sanitizes multiple NFT metadata objects by checking external links against PhishingController in a single bulk request
+ *
+ * @param metadataList - Array of NFT metadata objects to sanitize
+ * @returns Array of sanitized NFT metadata objects
+ */
+async function _NftController_bulkSanitizeNftMetadata(metadataList) {
+    // Create a copy of the metadata list to avoid mutating the input
+    const sanitizedMetadataList = metadataList.map((metadata) => ({
+        ...metadata,
+    }));
+    // Maps URL to a list of {metadataIndex, fieldName} to track where each URL is used
+    const urlMap = {};
+    const fieldsToCheck = [
+        'externalLink',
+        'image',
+        'imagePreview',
+        'imageThumbnail',
+        'imageOriginal',
+        'animation',
+        'animationOriginal',
+    ];
+    // Collect all URLs from all metadata objects
+    sanitizedMetadataList.forEach((metadata, metadataIndex) => {
+        // Check regular fields
+        for (const field of fieldsToCheck) {
+            const url = metadata[field];
+            if (typeof url === 'string' && url && url.startsWith('http')) {
+                if (!urlMap[url]) {
+                    urlMap[url] = [];
+                }
+                urlMap[url].push({ metadataIndex, fieldName: field });
+            }
+        }
+        // Check collection links if they exist
+        if (metadata.collection) {
+            const { collection } = metadata;
+            if ('externalLink' in collection &&
+                typeof collection.externalLink === 'string') {
+                const url = collection.externalLink;
+                if (!urlMap[url]) {
+                    urlMap[url] = [];
+                }
+                urlMap[url].push({
+                    metadataIndex,
+                    fieldName: 'collection.externalLink',
+                });
+            }
+        }
+    });
+    const urlsToCheck = Object.keys(urlMap);
+    if (urlsToCheck.length === 0) {
+        return sanitizedMetadataList;
+    }
+    try {
+        // Use bulkScanUrls to check all URLs at once
+        const bulkScanResponse = await this.messagingSystem.call('PhishingController:bulkScanUrls', urlsToCheck);
+        // Apply scan results to all metadata objects
+        Object.entries(bulkScanResponse.results).forEach(([url, result]) => {
+            if (result.recommendedAction === phishing_controller_1.RecommendedAction.Block) {
+                // Remove this URL from all metadata objects where it appears
+                urlMap[url].forEach(({ metadataIndex, fieldName }) => {
+                    if (fieldName === 'collection.externalLink' &&
+                        sanitizedMetadataList[metadataIndex].collection // Check if collection exists
+                    ) {
+                        const { collection } = sanitizedMetadataList[metadataIndex];
+                        // Ensure collection is not undefined again just to be safe before using 'in'
+                        if (collection && 'externalLink' in collection) {
+                            delete collection.externalLink;
+                        }
+                    }
+                    else {
+                        delete sanitizedMetadataList[metadataIndex][fieldName];
+                    }
+                });
+            }
+        });
+    }
+    catch (error) {
+        console.error('Error during bulk URL scanning:', error);
+        // If bulk scan fails, we fall back to keeping all URLs
+    }
+    return sanitizedMetadataList;
+}, _NftController_sanitizeNftMetadata = 
+/**
+ * Sanitizes NFT metadata by checking external links against PhishingController
+ *
+ * @param metadata - The NFT metadata to sanitize
+ * @returns Sanitized NFT metadata with potentially dangerous links removed
+ */
+async function _NftController_sanitizeNftMetadata(metadata) {
+    // Use the bulk sanitize function with just a single metadata object
+    const sanitized = await __classPrivateFieldGet(this, _NftController_instances, "m", _NftController_bulkSanitizeNftMetadata).call(this, [metadata]);
+    return sanitized[0];
 };
 exports.default = NftController;
 //# sourceMappingURL=NftController.cjs.map