fix: extension performance issues (#4853)

## Explanation

<!--
Thanks for your contribution! Take a moment to answer these questions so
that reviewers have the information they need to properly understand
your changes:

* What is the current state of things and why does it need to change?
* What is the solution your changes offer and how does it work?
* Are there any changes whose purpose might not obvious to those
unfamiliar with the domain?
* If your primary goal was to update one package but you found you had
to update another one along the way, why did you do so?
* If you had to upgrade a dependency, why did you do so?
-->

Fixes General extension perfomance issues

## References

<!--
Are there any issues that this pull request is tied to?
Are there other links that reviewers should consult to understand these
changes better?
Are there client or consumer pull requests to adopt any breaking
changes?

For example:

* Fixes #12345
* Related to #67890
-->

## Changelog

<!--
If you're making any consumer-facing changes, list those changes here as
if you were updating a changelog, using the template below as a guide.

(CATEGORY is one of BREAKING, ADDED, CHANGED, DEPRECATED, REMOVED, or
FIXED. For security-related issues, follow the Security Advisory
process.)

Please take care to name the exact pieces of the API you've added or
changed (e.g. types, interfaces, functions, or methods).

If there are any breaking changes, make sure to offer a solution for
consumers to follow once they upgrade to the changes.

Finally, if you're only making changes to development scripts or tests,
you may replace the template below with "None".
-->

### `@metamask/package-a`

- **<CATEGORY>**: Your change here
- **<CATEGORY>**: Your change here

### `@metamask/package-b`

- **<CATEGORY>**: Your change here
- **<CATEGORY>**: Your change here

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [x] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes

Author: AugmentedMode

packages/phishing-controller/src/PhishingDetector.test.ts

@@ -4,6 +4,7 @@ import {
 } from './PhishingDetector';
 import { formatHostnameToUrl } from './tests/utils';
 import { PhishingDetectorResultType } from './types';
+import { sha256Hash } from './utils';
 
 describe('PhishingDetector', () => {
   describe('constructor', () => {
@@ -1298,6 +1299,33 @@ describe('PhishingDetector', () => {
       );
     });
 
+    it('check the hash against c2DomainBlocklist, returning the correct result without a version with sub domains', async () => {
+      await withPhishingDetector(
+        [
+          {
+            blocklist: [],
+            fuzzylist: [],
+            c2DomainBlocklist: [
+              'a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947', // example.com
+            ],
+            name: 'test-config',
+            tolerance: 2,
+          },
+        ],
+        async ({ detector }) => {
+          const result = detector.isMaliciousC2Domain(
+            'https://sub.sub.evil.example.com',
+          );
+          expect(result).toStrictEqual({
+            name: 'test-config',
+            result: true,
+            type: PhishingDetectorResultType.C2DomainBlocklist,
+            version: undefined,
+          });
+        },
+      );
+    });
+
     it('should return false if URL is invalid', async () => {
       await withPhishingDetector(
         [
@@ -1538,6 +1566,222 @@ describe('PhishingDetector', () => {
       );
     });
   });
+
+  it('should block a specific subdomain but not the parent domain', async () => {
+    const blockedSubdomain = '123.pages.dev';
+    const blockedSubdomainHash = sha256Hash(blockedSubdomain.toLowerCase());
+
+    await withPhishingDetector(
+      [
+        {
+          blocklist: [],
+          fuzzylist: [],
+          c2DomainBlocklist: [blockedSubdomainHash],
+          name: 'subdomain-only-config',
+          version: 1,
+          tolerance: 2,
+        },
+      ],
+      async ({ detector }) => {
+        const blockedUrl = 'https://123.pages.dev';
+        const unblockedUrl = 'https://pages.dev';
+
+        // Expect the specific subdomain to be blocked
+        const blockedResult = detector.isMaliciousC2Domain(blockedUrl);
+        expect(blockedResult).toStrictEqual({
+          name: 'subdomain-only-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+
+        // Expect the parent domain to not be blocked
+        const unblockedResult = detector.isMaliciousC2Domain(unblockedUrl);
+        expect(unblockedResult).toStrictEqual({
+          result: false,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+        });
+      },
+    );
+  });
+
+  it('should block the parent domain and its subdomains', async () => {
+    const blockedDomain = 'malicious.xyz';
+    const blockedDomainHash = sha256Hash(blockedDomain.toLowerCase());
+
+    await withPhishingDetector(
+      [
+        {
+          blocklist: [],
+          fuzzylist: [],
+          c2DomainBlocklist: [blockedDomainHash],
+          name: 'parent-domain-config',
+          version: 1,
+          tolerance: 2,
+        },
+      ],
+      async ({ detector }) => {
+        const blockedParentUrl = 'https://malicious.xyz';
+        const blockedSubdomainUrl = 'https://123.malicious.xyz';
+
+        // Expect the parent domain to be blocked
+        const blockedParentResult =
+          detector.isMaliciousC2Domain(blockedParentUrl);
+        expect(blockedParentResult).toStrictEqual({
+          name: 'parent-domain-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+
+        // Expect the subdomain to also be blocked because the parent domain is blocked
+        const blockedSubdomainResult =
+          detector.isMaliciousC2Domain(blockedSubdomainUrl);
+        expect(blockedSubdomainResult).toStrictEqual({
+          name: 'parent-domain-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+      },
+    );
+  });
+
+  it('should not block unrelated subdomains if parent domain is not blocked', async () => {
+    const blockedSubdomain = '123.pages.dev';
+    const blockedSubdomainHash = sha256Hash(blockedSubdomain.toLowerCase());
+
+    await withPhishingDetector(
+      [
+        {
+          blocklist: [],
+          fuzzylist: [],
+          c2DomainBlocklist: [blockedSubdomainHash],
+          name: 'unrelated-subdomain-config',
+          version: 1,
+          tolerance: 2,
+        },
+      ],
+      async ({ detector }) => {
+        const blockedUrl = 'https://123.pages.dev';
+        const unrelatedSubdomainUrl = 'https://456.pages.dev';
+        const parentDomainUrl = 'https://pages.dev';
+
+        // Expect the specific subdomain to be blocked
+        const blockedResult = detector.isMaliciousC2Domain(blockedUrl);
+        expect(blockedResult).toStrictEqual({
+          name: 'unrelated-subdomain-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+
+        // Expect unrelated subdomain to not be blocked
+        const unrelatedResult = detector.isMaliciousC2Domain(
+          unrelatedSubdomainUrl,
+        );
+        expect(unrelatedResult).toStrictEqual({
+          result: false,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+        });
+
+        // Expect the parent domain to not be blocked
+        const parentResult = detector.isMaliciousC2Domain(parentDomainUrl);
+        expect(parentResult).toStrictEqual({
+          result: false,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+        });
+      },
+    );
+  });
+
+  it('should prioritize allowlist over blocklist even if subdomain is blocked', async () => {
+    const blockedSubdomain = 'blocked.example.com';
+    const blockedSubdomainHash = sha256Hash(blockedSubdomain.toLowerCase());
+
+    await withPhishingDetector(
+      [
+        {
+          allowlist: ['example.com'],
+          blocklist: [],
+          fuzzylist: [],
+          c2DomainBlocklist: [blockedSubdomainHash],
+          name: 'allowlist-over-blocklist-config',
+          version: 1,
+          tolerance: 2,
+        },
+      ],
+      async ({ detector }) => {
+        const blockedSubdomainUrl = 'https://blocked.example.com';
+        const allowlistedUrl = 'https://example.com';
+
+        // Expect the subdomain to be allowed because the parent domain is in the allowlist
+        const subdomainResult =
+          detector.isMaliciousC2Domain(blockedSubdomainUrl);
+        expect(subdomainResult).toStrictEqual({
+          match: 'example.com',
+          name: 'allowlist-over-blocklist-config',
+          result: false,
+          type: PhishingDetectorResultType.Allowlist,
+          version: '1',
+        });
+
+        // Ensure the parent domain is also allowed
+        const allowlistedResult = detector.isMaliciousC2Domain(allowlistedUrl);
+        expect(allowlistedResult).toStrictEqual({
+          match: 'example.com',
+          name: 'allowlist-over-blocklist-config',
+          result: false,
+          type: PhishingDetectorResultType.Allowlist,
+          version: '1',
+        });
+      },
+    );
+  });
+
+  it('should handle URLs with multiple subdomains correctly', async () => {
+    const hostname = 'a.b.c.example.com';
+    const domainName = 'example.com';
+    const hostnameHash = sha256Hash(hostname.toLowerCase());
+    const domainNameHash = sha256Hash(domainName.toLowerCase());
+
+    await withPhishingDetector(
+      [
+        {
+          blocklist: [],
+          fuzzylist: [],
+          c2DomainBlocklist: [hostnameHash, domainNameHash],
+          name: 'multi-subdomain-config',
+          version: 1,
+          tolerance: 2,
+        },
+      ],
+      async ({ detector }) => {
+        const deepSubdomainUrl = 'https://a.b.c.example.com';
+        const parentDomainUrl = 'https://example.com';
+
+        // Expect the subdomain to be blocked because its specific hostname is on the blocklist
+        const deepSubdomainResult =
+          detector.isMaliciousC2Domain(deepSubdomainUrl);
+        expect(deepSubdomainResult).toStrictEqual({
+          name: 'multi-subdomain-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+
+        // Expect the parent domain to be blocked because it's on the blocklist
+        const parentDomainResult =
+          detector.isMaliciousC2Domain(parentDomainUrl);
+        expect(parentDomainResult).toStrictEqual({
+          name: 'multi-subdomain-config',
+          result: true,
+          type: PhishingDetectorResultType.C2DomainBlocklist,
+          version: '1',
+        });
+      },
+    );
+  });
 });
 
 type WithPhishingDetectorCallback<ReturnValue> = ({

packages/phishing-controller/src/PhishingDetector.ts

@@ -8,7 +8,9 @@ import {
   domainPartsToDomain,
   domainPartsToFuzzyForm,
   domainToParts,
+  generateParentDomains,
   getDefaultPhishingDetectorConfig,
+  getHostnameFromUrl,
   matchPartsAgainstList,
   processConfigs,
   sha256Hash,
@@ -223,23 +225,20 @@ export class PhishingDetector {
    * @returns An object indicating if the URL is blocked and relevant metadata.
    */
   isMaliciousC2Domain(urlString: string): PhishingDetectorResult {
-    let hostname;
-    try {
-      hostname = new URL(urlString).hostname;
-    } catch (error) {
+    const hostname = getHostnameFromUrl(urlString);
+    if (!hostname) {
       return {
         result: false,
         type: PhishingDetectorResultType.C2DomainBlocklist,
       };
     }
 
     const fqdn = hostname.endsWith('.') ? hostname.slice(0, -1) : hostname;
-
-    const source = domainToParts(fqdn);
+    const sourceParts = domainToParts(fqdn);
 
     for (const { allowlist, name, version } of this.#configs) {
       // if source matches allowlist hostname (or subdomain thereof), PASS
-      const allowlistMatch = matchPartsAgainstList(source, allowlist);
+      const allowlistMatch = matchPartsAgainstList(sourceParts, allowlist);
       if (allowlistMatch) {
         const match = domainPartsToDomain(allowlistMatch);
         return {
@@ -252,18 +251,34 @@ export class PhishingDetector {
       }
     }
 
+    const hostnameHash = sha256Hash(hostname.toLowerCase());
+    const domainsToCheck = generateParentDomains(sourceParts.reverse(), 5);
+
     for (const { c2DomainBlocklist, name, version } of this.#configs) {
-      const hash = sha256Hash(hostname.toLowerCase());
-      const blocked = c2DomainBlocklist?.includes(hash) ?? false;
+      if (!c2DomainBlocklist || c2DomainBlocklist.length === 0) {
+        continue;
+      }
 
-      if (blocked) {
+      if (c2DomainBlocklist.includes(hostnameHash)) {
         return {
           name,
           result: true,
           type: PhishingDetectorResultType.C2DomainBlocklist,
           version: version === undefined ? version : String(version),
         };
       }
+
+      for (const domain of domainsToCheck) {
+        const domainHash = sha256Hash(domain);
+        if (c2DomainBlocklist.includes(domainHash)) {
+          return {
+            name,
+            result: true,
+            type: PhishingDetectorResultType.C2DomainBlocklist,
+            version: version === undefined ? version : String(version),
+          };
+        }
+      }
     }
     // did not match, PASS
     return {