@metamask-previews/phishing-controller 11.0.0-preview-02e7ff99 → 12.0.1-preview-473880a1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -7,6 +7,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [12.0.1]
11
+
12
+ ### Added
13
+
14
+ - Add `getHostnameFromUrl` utility function to standardize hostname extraction from URLs ([#4645](https://github.com/MetaMask/core/pull/4645))
15
+
16
+ ### Fixed
17
+
18
+ - Update `test`, `isBlockedRequest`, and `bypass` methods to use the hostname for allowlist checks instead of the full origin ([#4645](https://github.com/MetaMask/core/pull/4645))
19
+ - The previous approach of using the full origin had limitations in dealing with subdomains or variations in the URL structure, which could lead to inconsistent results or false negatives.
20
+
21
+ ## [12.0.0]
22
+
23
+ ### Added
24
+
25
+ - Add allowlist functionality to the C2 domain detection system ([#4464](https://github.com/MetaMask/core/pull/4644))
26
+ - Add `PhishingController` functionality for blocking client-side C2 requests by managing a hashed C2 request blocklist ([#4526](https://github.com/MetaMask/core/pull/4526))
27
+ - Add `requestBlocklist` type to `ListTypes`.
28
+ - Add `isBlockedRequest` method to `PhishingController`.
29
+ - Add `isMaliciousRequestDomain` method to `PhishingDetector`.
30
+ - Add handling of `requestBlocklist` in `PhishingDetector` configuration.
31
+ - Add logic to update and check `requestBlocklist` when updating a stale list.
32
+ - Add `sha256Hash` function to generate SHA-256 hash of a domain.
33
+ - Define and export new types: `PhishingControllerGetStateAction`, `PhishingControllerStateChangeEvent`, `PhishingControllerEvents` ([#4633](https://github.com/MetaMask/core/pull/4633))
34
+
35
+ ### Changed
36
+
37
+ - **BREAKING:** Add `@noble/hashes` `^1.4.0` as dependency ([#4526](https://github.com/MetaMask/core/pull/4526))
38
+ - **BREAKING:**: Add `ethereum-cryptography` `^2.1.2` as dependency ([#4526](https://github.com/MetaMask/core/pull/4526))
39
+ - **BREAKING:** `PhishingControllerMessenger` must allow internal events defined in the `PhishingControllerEvents` type ([#4633](https://github.com/MetaMask/core/pull/4633))
40
+ - Widen `PhishingControllerActions` to include the `PhishingController:getState` action ([#4633](https://github.com/MetaMask/core/pull/4633))
41
+ - Bump `@metamask/base-controller` from `^6.0.2` to `^6.0.3` ([#4625](https://github.com/MetaMask/core/pull/4625))
42
+ - Bump `@metamask/controller-utils` from `^11.0.2` to `^11.1.0` ([#4639](https://github.com/MetaMask/core/pull/4639))
43
+
10
44
  ## [11.0.0]
11
45
 
12
46
  ### Changed
@@ -64,7 +98,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
64
98
  - Changed Stalelist and hotlist update intervals ([#4202](https://github.com/MetaMask/core/pull/4202))
65
99
  - Updated the Stalelist update interval to 30 days and the hotlist update interval to 5 mins
66
100
  - Bump `@metamask/controller-utils` version to `~9.1.0` ([#4153](https://github.com/MetaMask/core/pull/4153))
67
- - Bump TypeScript version to `~4.9.5` ([#4084](https://github.com/MetaMask/core.git/pull/4084))
101
+ - Bump TypeScript version to `~4.9.5` ([#4084](https://github.com/MetaMask/core/pull/4084))
68
102
  - Bump `@metamask/base-controller` to `^5.0.2`
69
103
 
70
104
  ## [9.0.1]
@@ -228,7 +262,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
228
262
 
229
263
  All changes listed after this point were applied to this package following the monorepo conversion.
230
264
 
231
- [Unreleased]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@11.0.0...HEAD
265
+ [Unreleased]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@12.0.1...HEAD
266
+ [12.0.1]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@12.0.0...@metamask/phishing-controller@12.0.1
267
+ [12.0.0]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@11.0.0...@metamask/phishing-controller@12.0.0
232
268
  [11.0.0]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@10.1.1...@metamask/phishing-controller@11.0.0
233
269
  [10.1.1]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@10.1.0...@metamask/phishing-controller@10.1.1
234
270
  [10.1.0]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@10.0.0...@metamask/phishing-controller@10.1.0
@@ -11,7 +11,12 @@
11
11
 
12
12
 
13
13
 
14
- var _chunkDPHXQJ4Ejs = require('./chunk-DPHXQJ4E.js');
14
+
15
+
16
+
17
+
18
+ var _chunkZAOBCAQTjs = require('./chunk-ZAOBCAQT.js');
19
+ require('./chunk-5NDIXQG5.js');
15
20
  require('./chunk-Z4BLTVTB.js');
16
21
 
17
22
 
@@ -26,5 +31,9 @@ require('./chunk-Z4BLTVTB.js');
26
31
 
27
32
 
28
33
 
29
- exports.HOTLIST_REFRESH_INTERVAL = _chunkDPHXQJ4Ejs.HOTLIST_REFRESH_INTERVAL; exports.ListKeys = _chunkDPHXQJ4Ejs.ListKeys; exports.ListNames = _chunkDPHXQJ4Ejs.ListNames; exports.METAMASK_HOTLIST_DIFF_FILE = _chunkDPHXQJ4Ejs.METAMASK_HOTLIST_DIFF_FILE; exports.METAMASK_HOTLIST_DIFF_URL = _chunkDPHXQJ4Ejs.METAMASK_HOTLIST_DIFF_URL; exports.METAMASK_STALELIST_FILE = _chunkDPHXQJ4Ejs.METAMASK_STALELIST_FILE; exports.METAMASK_STALELIST_URL = _chunkDPHXQJ4Ejs.METAMASK_STALELIST_URL; exports.PHISHING_CONFIG_BASE_URL = _chunkDPHXQJ4Ejs.PHISHING_CONFIG_BASE_URL; exports.PhishingController = _chunkDPHXQJ4Ejs.PhishingController; exports.STALELIST_REFRESH_INTERVAL = _chunkDPHXQJ4Ejs.STALELIST_REFRESH_INTERVAL; exports.default = _chunkDPHXQJ4Ejs.PhishingController_default; exports.phishingListKeyNameMap = _chunkDPHXQJ4Ejs.phishingListKeyNameMap;
34
+
35
+
36
+
37
+
38
+ exports.C2_DOMAIN_BLOCKLIST_ENDPOINT = _chunkZAOBCAQTjs.C2_DOMAIN_BLOCKLIST_ENDPOINT; exports.C2_DOMAIN_BLOCKLIST_REFRESH_INTERVAL = _chunkZAOBCAQTjs.C2_DOMAIN_BLOCKLIST_REFRESH_INTERVAL; exports.C2_DOMAIN_BLOCKLIST_URL = _chunkZAOBCAQTjs.C2_DOMAIN_BLOCKLIST_URL; exports.CLIENT_SIDE_DETECION_BASE_URL = _chunkZAOBCAQTjs.CLIENT_SIDE_DETECION_BASE_URL; exports.HOTLIST_REFRESH_INTERVAL = _chunkZAOBCAQTjs.HOTLIST_REFRESH_INTERVAL; exports.ListKeys = _chunkZAOBCAQTjs.ListKeys; exports.ListNames = _chunkZAOBCAQTjs.ListNames; exports.METAMASK_HOTLIST_DIFF_FILE = _chunkZAOBCAQTjs.METAMASK_HOTLIST_DIFF_FILE; exports.METAMASK_HOTLIST_DIFF_URL = _chunkZAOBCAQTjs.METAMASK_HOTLIST_DIFF_URL; exports.METAMASK_STALELIST_FILE = _chunkZAOBCAQTjs.METAMASK_STALELIST_FILE; exports.METAMASK_STALELIST_URL = _chunkZAOBCAQTjs.METAMASK_STALELIST_URL; exports.PHISHING_CONFIG_BASE_URL = _chunkZAOBCAQTjs.PHISHING_CONFIG_BASE_URL; exports.PhishingController = _chunkZAOBCAQTjs.PhishingController; exports.STALELIST_REFRESH_INTERVAL = _chunkZAOBCAQTjs.STALELIST_REFRESH_INTERVAL; exports.default = _chunkZAOBCAQTjs.PhishingController_default; exports.phishingListKeyNameMap = _chunkZAOBCAQTjs.phishingListKeyNameMap;
30
39
  //# sourceMappingURL=PhishingController.js.map
@@ -1,4 +1,8 @@
1
1
  import {
2
+ C2_DOMAIN_BLOCKLIST_ENDPOINT,
3
+ C2_DOMAIN_BLOCKLIST_REFRESH_INTERVAL,
4
+ C2_DOMAIN_BLOCKLIST_URL,
5
+ CLIENT_SIDE_DETECION_BASE_URL,
2
6
  HOTLIST_REFRESH_INTERVAL,
3
7
  ListKeys,
4
8
  ListNames,
@@ -11,9 +15,14 @@ import {
11
15
  PhishingController_default,
12
16
  STALELIST_REFRESH_INTERVAL,
13
17
  phishingListKeyNameMap
14
- } from "./chunk-Q42CM6EP.mjs";
18
+ } from "./chunk-I3U4U3MW.mjs";
19
+ import "./chunk-G2RL74NS.mjs";
15
20
  import "./chunk-XUI43LEZ.mjs";
16
21
  export {
22
+ C2_DOMAIN_BLOCKLIST_ENDPOINT,
23
+ C2_DOMAIN_BLOCKLIST_REFRESH_INTERVAL,
24
+ C2_DOMAIN_BLOCKLIST_URL,
25
+ CLIENT_SIDE_DETECION_BASE_URL,
17
26
  HOTLIST_REFRESH_INTERVAL,
18
27
  ListKeys,
19
28
  ListNames,
@@ -1,8 +1,9 @@
1
1
  "use strict";Object.defineProperty(exports, "__esModule", {value: true});
2
2
 
3
- var _chunkDPHXQJ4Ejs = require('./chunk-DPHXQJ4E.js');
3
+ var _chunkZAOBCAQTjs = require('./chunk-ZAOBCAQT.js');
4
+ require('./chunk-5NDIXQG5.js');
4
5
  require('./chunk-Z4BLTVTB.js');
5
6
 
6
7
 
7
- exports.PhishingDetector = _chunkDPHXQJ4Ejs.PhishingDetector;
8
+ exports.PhishingDetector = _chunkZAOBCAQTjs.PhishingDetector;
8
9
  //# sourceMappingURL=PhishingDetector.js.map
@@ -1,6 +1,7 @@
1
1
  import {
2
2
  PhishingDetector
3
- } from "./chunk-Q42CM6EP.mjs";
3
+ } from "./chunk-I3U4U3MW.mjs";
4
+ import "./chunk-G2RL74NS.mjs";
4
5
  import "./chunk-XUI43LEZ.mjs";
5
6
  export {
6
7
  PhishingDetector
@@ -0,0 +1,16 @@
1
+ "use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/types.ts
2
+ var PhishingDetectorResultType = /* @__PURE__ */ ((PhishingDetectorResultType2) => {
3
+ PhishingDetectorResultType2["All"] = "all";
4
+ PhishingDetectorResultType2["Fuzzy"] = "fuzzy";
5
+ PhishingDetectorResultType2["Blocklist"] = "blocklist";
6
+ PhishingDetectorResultType2["Allowlist"] = "allowlist";
7
+ PhishingDetectorResultType2["Blacklist"] = "blacklist";
8
+ PhishingDetectorResultType2["Whitelist"] = "whitelist";
9
+ PhishingDetectorResultType2["C2DomainBlocklist"] = "c2DomainBlocklist";
10
+ return PhishingDetectorResultType2;
11
+ })(PhishingDetectorResultType || {});
12
+
13
+
14
+
15
+ exports.PhishingDetectorResultType = PhishingDetectorResultType;
16
+ //# sourceMappingURL=chunk-5NDIXQG5.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/types.ts"],"names":["PhishingDetectorResultType"],"mappings":";AAyCO,IAAK,6BAAL,kBAAKA,gCAAL;AAIL,EAAAA,4BAAA,SAAM;AAIN,EAAAA,4BAAA,WAAQ;AAIR,EAAAA,4BAAA,eAAY;AAIZ,EAAAA,4BAAA,eAAY;AAKZ,EAAAA,4BAAA,eAAY;AAKZ,EAAAA,4BAAA,eAAY;AAIZ,EAAAA,4BAAA,uBAAoB;AA9BV,SAAAA;AAAA,GAAA","sourcesContent":["/**\n * Represents the result of checking a domain.\n */\nexport type PhishingDetectorResult = {\n /**\n * The name of the configuration object in which the domain was found within\n * an allowlist, blocklist, or fuzzylist.\n */\n name?: string;\n /**\n * The version associated with the configuration object in which the domain\n * was found within an allowlist, blocklist, or fuzzylist.\n */\n version?: string;\n /**\n * Whether the domain is regarded as allowed (true) or not (false).\n */\n result: boolean;\n /**\n * A normalized version of the domain, which is only constructed if the domain\n * is found within a list.\n */\n match?: string;\n /**\n * Which type of list in which the domain was found.\n *\n * - \"allowlist\" means that the domain was found in the allowlist.\n * - \"blocklist\" means that the domain was found in the blocklist.\n * - \"fuzzy\" means that the domain was found in the fuzzylist.\n * - \"blacklist\" means that the domain was found in a blacklist of a legacy\n * configuration object.\n * - \"whitelist\" means that the domain was found in a whitelist of a legacy\n * configuration object.\n * - \"all\" means that the domain was not found in any list.\n */\n type: PhishingDetectorResultType;\n};\n\n/**\n * The type of list in which the domain was found.\n */\nexport enum PhishingDetectorResultType {\n /*\n * \"all\" means that the domain was not found in any list.\n */\n All = 'all',\n /*\n * \"fuzzy\" means that the domain was found in the fuzzylist.\n */\n Fuzzy = 'fuzzy',\n /*\n * \"blocklist\" means that the domain was found in the blocklist.\n */\n Blocklist = 'blocklist',\n /*\n * \"allowlist\" means that the domain was found in the allowlist.\n */\n Allowlist = 'allowlist',\n /*\n * \"blacklist\" means that the domain was found in a blacklist of a legacy\n * configuration object.\n */\n Blacklist = 'blacklist',\n /*\n * \"whitelist\" means that the domain was found in a whitelist of a legacy\n * configuration object.\n */\n Whitelist = 'whitelist',\n /*\n * \"c2DomainBlocklist\" means that the domain was found in the C2 domain blocklist.\n */\n C2DomainBlocklist = 'c2DomainBlocklist',\n}\n"]}
@@ -0,0 +1,16 @@
1
+ // src/types.ts
2
+ var PhishingDetectorResultType = /* @__PURE__ */ ((PhishingDetectorResultType2) => {
3
+ PhishingDetectorResultType2["All"] = "all";
4
+ PhishingDetectorResultType2["Fuzzy"] = "fuzzy";
5
+ PhishingDetectorResultType2["Blocklist"] = "blocklist";
6
+ PhishingDetectorResultType2["Allowlist"] = "allowlist";
7
+ PhishingDetectorResultType2["Blacklist"] = "blacklist";
8
+ PhishingDetectorResultType2["Whitelist"] = "whitelist";
9
+ PhishingDetectorResultType2["C2DomainBlocklist"] = "c2DomainBlocklist";
10
+ return PhishingDetectorResultType2;
11
+ })(PhishingDetectorResultType || {});
12
+
13
+ export {
14
+ PhishingDetectorResultType
15
+ };
16
+ //# sourceMappingURL=chunk-G2RL74NS.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/types.ts"],"sourcesContent":["/**\n * Represents the result of checking a domain.\n */\nexport type PhishingDetectorResult = {\n /**\n * The name of the configuration object in which the domain was found within\n * an allowlist, blocklist, or fuzzylist.\n */\n name?: string;\n /**\n * The version associated with the configuration object in which the domain\n * was found within an allowlist, blocklist, or fuzzylist.\n */\n version?: string;\n /**\n * Whether the domain is regarded as allowed (true) or not (false).\n */\n result: boolean;\n /**\n * A normalized version of the domain, which is only constructed if the domain\n * is found within a list.\n */\n match?: string;\n /**\n * Which type of list in which the domain was found.\n *\n * - \"allowlist\" means that the domain was found in the allowlist.\n * - \"blocklist\" means that the domain was found in the blocklist.\n * - \"fuzzy\" means that the domain was found in the fuzzylist.\n * - \"blacklist\" means that the domain was found in a blacklist of a legacy\n * configuration object.\n * - \"whitelist\" means that the domain was found in a whitelist of a legacy\n * configuration object.\n * - \"all\" means that the domain was not found in any list.\n */\n type: PhishingDetectorResultType;\n};\n\n/**\n * The type of list in which the domain was found.\n */\nexport enum PhishingDetectorResultType {\n /*\n * \"all\" means that the domain was not found in any list.\n */\n All = 'all',\n /*\n * \"fuzzy\" means that the domain was found in the fuzzylist.\n */\n Fuzzy = 'fuzzy',\n /*\n * \"blocklist\" means that the domain was found in the blocklist.\n */\n Blocklist = 'blocklist',\n /*\n * \"allowlist\" means that the domain was found in the allowlist.\n */\n Allowlist = 'allowlist',\n /*\n * \"blacklist\" means that the domain was found in a blacklist of a legacy\n * configuration object.\n */\n Blacklist = 'blacklist',\n /*\n * \"whitelist\" means that the domain was found in a whitelist of a legacy\n * configuration object.\n */\n Whitelist = 'whitelist',\n /*\n * \"c2DomainBlocklist\" means that the domain was found in the C2 domain blocklist.\n */\n C2DomainBlocklist = 'c2DomainBlocklist',\n}\n"],"mappings":";AAyCO,IAAK,6BAAL,kBAAKA,gCAAL;AAIL,EAAAA,4BAAA,SAAM;AAIN,EAAAA,4BAAA,WAAQ;AAIR,EAAAA,4BAAA,eAAY;AAIZ,EAAAA,4BAAA,eAAY;AAKZ,EAAAA,4BAAA,eAAY;AAKZ,EAAAA,4BAAA,eAAY;AAIZ,EAAAA,4BAAA,uBAAoB;AA9BV,SAAAA;AAAA,GAAA;","names":["PhishingDetectorResultType"]}