Cherry pick e5de779 to 7.32.0 (#11516)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

CP into 7.32.0

## **Related issues**

Fixes:

## **Manual testing steps**

1. Go to this page...
2.
3.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

---------

Co-authored-by: Cal-L <cleun007@gmail.com>

app/components/Views/AccountConnect/AccountConnect.tsx

@@ -177,31 +177,28 @@ const AccountConnect = (props: AccountConnectProps) => {
     ? prefixUrlWithProtocol(hostname)
     : domainTitle;
 
-  const isAllowedUrl = useCallback((url: string) => {
+  const isAllowedOrigin = useCallback((origin: string) => {
     const { PhishingController } = Engine.context;
 
     // Update phishing configuration if it is out-of-date
     // This is async but we are not `await`-ing it here intentionally, so that we don't slow
     // down network requests. The configuration is updated for the next request.
     PhishingController.maybeUpdateState();
 
-    const phishingControllerTestResult = PhishingController.test(url);
+    const phishingControllerTestResult = PhishingController.test(origin);
 
     return !phishingControllerTestResult.result;
   }, []);
 
   useEffect(() => {
     const url = dappUrl || channelIdOrHostname || '';
-
-    const cleanUrl = url.replace(/^https?:\/\//, '');
-
-    const isAllowed = isAllowedUrl(cleanUrl);
+    const isAllowed = isAllowedOrigin(url);
 
     if (!isAllowed) {
       setBlockedUrl(dappUrl);
       setShowPhishingModal(true);
     }
-  }, [isAllowedUrl, dappUrl, channelIdOrHostname]);
+  }, [isAllowedOrigin, dappUrl, channelIdOrHostname]);
 
   const faviconSource = useFavicon(
     inappBrowserOrigin || (!isChannelId ? channelIdOrHostname : ''),

app/components/Views/BrowserTab/index.js

@@ -433,24 +433,24 @@ export const BrowserTab = (props) => {
   };
 
   /**
-   * Check if a hostname is allowed
+   * Check if an origin is allowed
    */
-  const isAllowedUrl = useCallback((hostname) => {
+  const isAllowedOrigin = useCallback((origin) => {
     const { PhishingController } = Engine.context;
 
     // Update phishing configuration if it is out-of-date
     // This is async but we are not `await`-ing it here intentionally, so that we don't slow
     // down network requests. The configuration is updated for the next request.
     PhishingController.maybeUpdateState();
 
-    const phishingControllerTestResult = PhishingController.test(hostname);
+    const phishingControllerTestResult = PhishingController.test(origin);
 
     // Only assign the if the hostname is on the block list
     if (phishingControllerTestResult.result)
       blockListType.current = phishingControllerTestResult.name;
 
     return (
-      (allowList.current && allowList.current.includes(hostname)) ||
+      (allowList.current && allowList.current.includes(origin)) ||
       !phishingControllerTestResult.result
     );
   }, []);
@@ -570,7 +570,7 @@ export const BrowserTab = (props) => {
     async (url, initialCall) => {
       setIsResolvedIpfsUrl(false);
       const prefixedUrl = prefixUrlWithProtocol(url);
-      const { hostname, query, pathname } = new URL(prefixedUrl);
+      const { hostname, query, pathname, origin } = new URL(prefixedUrl);
       let urlToGo = prefixedUrl;
       const isEnsUrl = isENSUrl(url);
       const { current } = webviewRef;
@@ -592,7 +592,7 @@ export const BrowserTab = (props) => {
         }
       }
 
-      if (isAllowedUrl(hostname)) {
+      if (isAllowedOrigin(origin)) {
         if (initialCall || !firstUrlLoaded) {
           setInitialUrl(urlToGo);
           setFirstUrlLoaded(true);
@@ -616,7 +616,7 @@ export const BrowserTab = (props) => {
       handleNotAllowedUrl(urlToGo);
       return null;
     },
-    [firstUrlLoaded, handleIpfsContent, isAllowedUrl],
+    [firstUrlLoaded, handleIpfsContent, isAllowedOrigin],
   );
 
   /**
@@ -872,7 +872,7 @@ export const BrowserTab = (props) => {
    *  Return `true` to continue loading the request and `false` to stop loading.
    */
   const onShouldStartLoadWithRequest = ({ url }) => {
-    const { hostname } = new URL(url);
+    const { origin } = new URL(url);
 
     // Stops normal loading when it's ens, instead call go to be properly set up
     if (isENSUrl(url)) {
@@ -881,7 +881,7 @@ export const BrowserTab = (props) => {
     }
 
     // Cancel loading the page if we detect its a phishing page
-    if (!isAllowedUrl(hostname)) {
+    if (!isAllowedOrigin(origin)) {
       handleNotAllowedUrl(url);
       return false;
     }
@@ -1081,19 +1081,14 @@ export const BrowserTab = (props) => {
    */
   const onLoadStart = async ({ nativeEvent }) => {
     // Use URL to produce real url. This should be the actual website that the user is viewing.
-    const {
-      origin,
-      pathname = '',
-      query = '',
-      hostname,
-    } = new URL(nativeEvent.url);
+    const { origin, pathname = '', query = '' } = new URL(nativeEvent.url);
 
     // Reset the previous bridges
     backgroundBridges.current.length &&
       backgroundBridges.current.forEach((bridge) => bridge.onDisconnect());
 
     // Cancel loading the page if we detect its a phishing page
-    if (!isAllowedUrl(hostname)) {
+    if (!isAllowedOrigin(origin)) {
       handleNotAllowedUrl(url);
       return false;
     }

app/core/Engine.ts

@@ -57,6 +57,8 @@ import {
 } from '@metamask/network-controller';
 import {
   PhishingController,
+  PhishingControllerActions,
+  PhishingControllerEvents,
   PhishingControllerState,
 } from '@metamask/phishing-controller';
 import {
@@ -237,18 +239,6 @@ const encryptor = new Encryptor({
 let currentChainId: any;
 
 ///: BEGIN:ONLY_INCLUDE_IF(preinstalled-snaps,external-snaps)
-// TODO remove these custom types when the PhishingController is to version >= 7.0.0
-interface MaybeUpdateState {
-  type: `${PhishingController['name']}:maybeUpdateState`;
-  handler: PhishingController['maybeUpdateState'];
-}
-
-interface TestOrigin {
-  type: `${PhishingController['name']}:testOrigin`;
-  handler: PhishingController['test'];
-}
-
-type PhishingControllerActions = MaybeUpdateState | TestOrigin;
 type AuthenticationControllerActions = AuthenticationController.AllowedActions;
 type UserStorageControllerActions = UserStorageController.AllowedActions;
 type NotificationsServicesControllerActions =
@@ -263,6 +253,7 @@ type SnapsGlobalActions =
 type SnapsGlobalEvents =
   | SnapControllerEvents
   | SubjectMetadataControllerEvents
+  | PhishingControllerEvents
   | SnapsAllowedEvents;
 ///: END:ONLY_INCLUDE_IF
 
@@ -716,7 +707,6 @@ class Engine {
     });
 
     const phishingController = new PhishingController({
-      // @ts-expect-error TODO: Resolve mismatch between base-controller versions.
       messenger: this.controllerMessenger.getRestricted({
         name: 'PhishingController',
         allowedActions: [],

app/util/linkCheck.test.ts

@@ -5,8 +5,8 @@ jest.mock('../core/Engine', () => ({
   context: {
     PhishingController: {
       maybeUpdateState: jest.fn(),
-      test: jest.fn((url: string) => {
-        if (url === 'phishing.com') return { result: true };
+      test: jest.fn((origin: string) => {
+        if (origin === 'http://phishing.com') return { result: true };
         return { result: false };
       }),
     },
@@ -15,6 +15,7 @@ jest.mock('../core/Engine', () => ({
 
 describe('linkCheck', () => {
   it('should correctly check links for safety', () => {
+    expect(isLinkSafe('example.com')).toEqual(false);
     expect(isLinkSafe('htps://ww.example.com/')).toEqual(false);
     expect(isLinkSafe('https://ww.example.com/')).toEqual(true);
     expect(isLinkSafe('http://example com/page?id=123')).toEqual(false);

app/util/linkCheck.ts

@@ -8,12 +8,12 @@ const DENYLISTED_DOMAINS = ['metamask.app.link'];
 const isAllowedProtocol = (protocol: string): boolean =>
   ALLOWED_PROTOCOLS.includes(protocol);
 
-const isAllowedHostname = (hostname: string): boolean => {
+const isAllowedUrl = ({ hostname, origin }: Url<string>): boolean => {
   const { PhishingController } = Engine.context as {
     PhishingController: PhishingControllerClass;
   };
   PhishingController.maybeUpdateState();
-  const phishingControllerTestResult = PhishingController.test(hostname);
+  const phishingControllerTestResult = PhishingController.test(origin);
 
   return !(
     phishingControllerTestResult.result || DENYLISTED_DOMAINS.includes(hostname)
@@ -23,10 +23,8 @@ const isAllowedHostname = (hostname: string): boolean => {
 export const isLinkSafe = (link: string): boolean => {
   try {
     const url = new Url(link);
-    const { protocol, hostname, href } = url;
-    return (
-      isUrl(href) && isAllowedProtocol(protocol) && isAllowedHostname(hostname)
-    );
+    const { protocol, href } = url;
+    return isUrl(href) && isAllowedProtocol(protocol) && isAllowedUrl(url);
   } catch (err) {
     return false;
   }

app/util/test/initial-background-state.json

@@ -67,6 +67,7 @@
     "selectedNetworkClientId": "mainnet"
   },
   "PhishingController": {
+    "c2DomainBlocklistLastFetched": 0,
     "phishingLists": [],
     "whitelist": [],
     "hotlistLastFetched": 0,

package.json

@@ -171,7 +171,7 @@
     "@metamask/network-controller": "^20.1.0",
     "@metamask/notification-services-controller": "^0.2.1",
     "@metamask/permission-controller": "^11.0.0",
-    "@metamask/phishing-controller": "^9.0.0",
+    "@metamask/phishing-controller": "^12.0.3",
     "@metamask/post-message-stream": "^8.0.0",
     "@metamask/ppom-validator": "0.32.0",
     "@metamask/preferences-controller": "^11.0.0",

yarn.lock

@@ -4178,10 +4178,10 @@
     eth-ens-namehash "^2.0.8"
     fast-deep-equal "^3.1.3"
 
-"@metamask/controller-utils@^11.0.0", "@metamask/controller-utils@^11.0.2":
-  version "11.0.2"
-  resolved "https://registry.yarnpkg.com/@metamask/controller-utils/-/controller-utils-11.0.2.tgz#4da5ef150c8bb2d2ccec2f422afa839749aeb5f0"
-  integrity sha512-d9iqDwEIWhlDFJ1So70MfQEG95cWKSQ1MP0NZqo/ho5++/MI+/5k3yyxMY9uVMKBNBxvqlcYX1cvjyUhPDIx/w==
+"@metamask/controller-utils@^11.0.0", "@metamask/controller-utils@^11.0.2", "@metamask/controller-utils@^11.3.0":
+  version "11.3.0"
+  resolved "https://registry.yarnpkg.com/@metamask/controller-utils/-/controller-utils-11.3.0.tgz#530fd22289f717b752b4a7b6e504e1f2911b30a4"
+  integrity sha512-5b+Jg9sKKESzvQcuipHC1D7KSh98MVIi7hXQUk7iX+YVMl4KoKDv94Bl+li8g+jCBshMOV9bRMRh25/hdEvTZQ==
   dependencies:
     "@ethereumjs/util" "^8.1.0"
     "@metamask/eth-query" "^4.0.0"
@@ -4860,7 +4860,21 @@
     fastest-levenshtein "^1.0.16"
     punycode "^2.1.1"
 
-"@metamask/phishing-controller@^9.0.0", "@metamask/phishing-controller@^9.0.1":
+"@metamask/phishing-controller@^12.0.3":
+  version "12.0.3"
+  resolved "https://registry.yarnpkg.com/@metamask/phishing-controller/-/phishing-controller-12.0.3.tgz#f1a5a2046e4c7a04613b4c41bc19771cf8235db7"
+  integrity sha512-CR1qN2FkMJp+MyNSXVTvrZY7MjCdkvsofW/kyv6oshPtLV6BGBWFyueS2UgjMNsmQDW/vMXUJMZfcMS6rs3S4w==
+  dependencies:
+    "@metamask/base-controller" "^7.0.1"
+    "@metamask/controller-utils" "^11.3.0"
+    "@noble/hashes" "^1.4.0"
+    "@types/punycode" "^2.1.0"
+    eth-phishing-detect "^1.2.0"
+    ethereum-cryptography "^2.1.2"
+    fastest-levenshtein "^1.0.16"
+    punycode "^2.1.1"
+
+"@metamask/phishing-controller@^9.0.1":
   version "9.0.2"
   resolved "https://registry.yarnpkg.com/@metamask/phishing-controller/-/phishing-controller-9.0.2.tgz#d140b6a8a05947c59b04bf161a0d9055e6b711b2"
   integrity sha512-eZRbym8o7isHbu741GVztxD2rzKvNQvB+XbmAq6qJD6eMKSSYKC9r/nDaxzaVz9qO93XCE8WnvSUmJx4m8RtaA==