Commit 0ff0c06
authored
feat: path-based scanning of urls (MetaMask#8662)
## Explanation
Why: Dapp scanning now supports path-level dapp scanning. Without this
client-side change, the API never receives paths and the path-scanning
capability goes unused.
<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:
* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->
## References
<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?
For example:
* Fixes #12345
* Related to #67890
-->
Fixes:
https://consensyssoftware.atlassian.net/jira/software/c/projects/PSAFE/boards/1950?selectedIssue=PSAFE-419
Extension PR: MetaMask/metamask-extension#42311
## Screenshots
I've ran MetaMask Extension locally with these changes. Paths are now
included in the API request.
<img width="483" height="119" alt="image"
src="https://github.com/user-attachments/assets/ce278da6-fa90-4e7c-9ac2-90e4ecfd671f"
/>
## Checklist
- [ ] I've updated the test suite for new or updated code as appropriate
- [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [ ] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [ ] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> Modifies `scanUrl` request/caching semantics to sometimes key on
`hostname+pathname`, which can change phishing detection outcomes and
cache behavior for gateway domains and could affect API load if
misclassified.
>
> **Overview**
> **Adds path-aware phishing URL scanning for shared gateway hosts.**
`PhishingController.scanUrl` now sends `hostname+pathname` (instead of
hostname-only) for a curated set of gateway root domains and subdomains,
and caches results by this scan parameter.
>
> Introduces new utilities/constants
(`PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`,
`isPhishingDetectionPathBasedHostname`,
`getPhishingDetectionScanUrlParam`), exports them from `index.ts`, and
updates tests/changelog to cover the new request format and per-path
caching behavior.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
74ef4dc. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->1 parent 4d2e89f commit 0ff0c06
7 files changed
Lines changed: 178 additions & 10 deletions
File tree
- packages/phishing-controller
- src
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
10 | 14 | | |
11 | 15 | | |
12 | 16 | | |
| |||
Lines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
59 | 59 | | |
60 | 60 | | |
61 | 61 | | |
62 | | - | |
63 | | - | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
64 | 65 | | |
65 | 66 | | |
66 | 67 | | |
| |||
Lines changed: 51 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2813 | 2813 | | |
2814 | 2814 | | |
2815 | 2815 | | |
2816 | | - | |
| 2816 | + | |
2817 | 2817 | | |
2818 | 2818 | | |
2819 | 2819 | | |
| |||
2935 | 2935 | | |
2936 | 2936 | | |
2937 | 2937 | | |
| 2938 | + | |
| 2939 | + | |
| 2940 | + | |
| 2941 | + | |
| 2942 | + | |
| 2943 | + | |
| 2944 | + | |
| 2945 | + | |
| 2946 | + | |
| 2947 | + | |
| 2948 | + | |
| 2949 | + | |
| 2950 | + | |
| 2951 | + | |
| 2952 | + | |
| 2953 | + | |
| 2954 | + | |
| 2955 | + | |
| 2956 | + | |
| 2957 | + | |
| 2958 | + | |
| 2959 | + | |
| 2960 | + | |
| 2961 | + | |
| 2962 | + | |
| 2963 | + | |
| 2964 | + | |
| 2965 | + | |
| 2966 | + | |
| 2967 | + | |
| 2968 | + | |
| 2969 | + | |
| 2970 | + | |
| 2971 | + | |
| 2972 | + | |
| 2973 | + | |
| 2974 | + | |
| 2975 | + | |
| 2976 | + | |
| 2977 | + | |
| 2978 | + | |
| 2979 | + | |
| 2980 | + | |
| 2981 | + | |
| 2982 | + | |
| 2983 | + | |
| 2984 | + | |
| 2985 | + | |
| 2986 | + | |
| 2987 | + | |
2938 | 2988 | | |
2939 | 2989 | | |
2940 | 2990 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
| 51 | + | |
51 | 52 | | |
52 | 53 | | |
53 | 54 | | |
| |||
910 | 911 | | |
911 | 912 | | |
912 | 913 | | |
913 | | - | |
914 | | - | |
| 914 | + | |
| 915 | + | |
| 916 | + | |
915 | 917 | | |
916 | 918 | | |
917 | 919 | | |
918 | 920 | | |
919 | 921 | | |
920 | | - | |
921 | | - | |
| 922 | + | |
| 923 | + | |
922 | 924 | | |
923 | 925 | | |
924 | 926 | | |
925 | 927 | | |
926 | 928 | | |
927 | 929 | | |
928 | 930 | | |
929 | | - | |
| 931 | + | |
| 932 | + | |
| 933 | + | |
930 | 934 | | |
931 | 935 | | |
932 | 936 | | |
933 | 937 | | |
934 | 938 | | |
935 | 939 | | |
936 | 940 | | |
937 | | - | |
| 941 | + | |
938 | 942 | | |
939 | 943 | | |
940 | 944 | | |
| |||
974 | 978 | | |
975 | 979 | | |
976 | 980 | | |
977 | | - | |
| 981 | + | |
978 | 982 | | |
979 | 983 | | |
980 | 984 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
32 | 37 | | |
33 | 38 | | |
34 | 39 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
| 14 | + | |
13 | 15 | | |
14 | 16 | | |
15 | 17 | | |
| |||
981 | 983 | | |
982 | 984 | | |
983 | 985 | | |
| 986 | + | |
| 987 | + | |
| 988 | + | |
| 989 | + | |
| 990 | + | |
| 991 | + | |
| 992 | + | |
| 993 | + | |
| 994 | + | |
| 995 | + | |
| 996 | + | |
| 997 | + | |
| 998 | + | |
| 999 | + | |
| 1000 | + | |
| 1001 | + | |
| 1002 | + | |
| 1003 | + | |
| 1004 | + | |
| 1005 | + | |
| 1006 | + | |
| 1007 | + | |
| 1008 | + | |
| 1009 | + | |
| 1010 | + | |
| 1011 | + | |
| 1012 | + | |
| 1013 | + | |
| 1014 | + | |
| 1015 | + | |
| 1016 | + | |
| 1017 | + | |
| 1018 | + | |
| 1019 | + | |
| 1020 | + | |
| 1021 | + | |
| 1022 | + | |
| 1023 | + | |
| 1024 | + | |
| 1025 | + | |
| 1026 | + | |
| 1027 | + | |
| 1028 | + | |
| 1029 | + | |
| 1030 | + | |
| 1031 | + | |
| 1032 | + | |
| 1033 | + | |
984 | 1034 | | |
985 | 1035 | | |
986 | 1036 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
365 | 365 | | |
366 | 366 | | |
367 | 367 | | |
| 368 | + | |
| 369 | + | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
| 373 | + | |
| 374 | + | |
| 375 | + | |
| 376 | + | |
| 377 | + | |
| 378 | + | |
| 379 | + | |
| 380 | + | |
| 381 | + | |
| 382 | + | |
| 383 | + | |
| 384 | + | |
| 385 | + | |
| 386 | + | |
| 387 | + | |
| 388 | + | |
| 389 | + | |
| 390 | + | |
| 391 | + | |
| 392 | + | |
| 393 | + | |
| 394 | + | |
| 395 | + | |
| 396 | + | |
| 397 | + | |
| 398 | + | |
| 399 | + | |
| 400 | + | |
| 401 | + | |
| 402 | + | |
| 403 | + | |
| 404 | + | |
| 405 | + | |
| 406 | + | |
| 407 | + | |
| 408 | + | |
| 409 | + | |
| 410 | + | |
| 411 | + | |
| 412 | + | |
| 413 | + | |
| 414 | + | |
| 415 | + | |
| 416 | + | |
| 417 | + | |
| 418 | + | |
| 419 | + | |
| 420 | + | |
| 421 | + | |
368 | 422 | | |
369 | 423 | | |
370 | 424 | | |
| |||
0 commit comments