feat: add trust signals to permission picker (#275)

* Add dappscanning to wallet_requestExecutionPermissions requests

- trigger request to dapp scanning api when processing a permission request
- show the result if it is WARN or BLOCK

* Refactor trustSignal in permissionHandlerContent.tsx
Fix tests

* feat: add i18n support for malicious website labels (#276)

Add translation keys for malicious and potentially malicious website labels:
- maliciousWebsiteLabel: 'Malicious website' (English)
- potentiallyMaliciousWebsiteLabel: 'Potentially malicious website' (English)

Updated all locale files with these keys. Non-English translations are
left empty for future translation work.

Refs #275

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jeffsmale90 <jeffsmale90@users.noreply.github.com>

* TrustSignalsClient only resolves a recommended action if 'isComplete'. Defaults to 'NONE' if no legitimate result is found.

* Calls to updateConfirmation should queue and wait for previous calls to finish to avoid overwriting data

* Rename 'trust signals api' to 'dapp scanning api'

* Add security scanning api

* Also show alerts for scanned "from" address

* Refactor and simplify
- fields with warnings
- permissionRequestLifecycleOrchestrator's updateConfirmation function
- fix tests

* Ensure that address scanning results with label as empty string coalesce to the standard label

* Pass new environment variables to GH actions

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jeffsmale90 <jeffsmale90@users.noreply.github.com>

Author: jeffsmale90

.github/workflows/build-lint-test.yml

@@ -12,6 +12,8 @@ env:
   TOKENS_API_BASE_URL: ${{ vars.TOKENS_API_BASE_URL }}
   GATOR_PERMISSIONS_PROVIDER_SNAP_ID: ${{ vars.GATOR_PERMISSIONS_PROVIDER_SNAP_ID }}
   KERNEL_SNAP_ID: ${{ vars.KERNEL_SNAP_ID }}
+  DAPP_SCANNING_BASE_URL: ${{ vars.DAPP_SCANNING_BASE_URL }}
+  SECURITY_ALERTS_BASE_URL: ${{ vars.SECURITY_ALERTS_BASE_URL }}
 
 jobs:
   prepare:

.github/workflows/publish-release.yml

@@ -16,6 +16,8 @@ env:
   TOKENS_API_BASE_URL: ${{ vars.TOKENS_API_BASE_URL }}
   GATOR_PERMISSIONS_PROVIDER_SNAP_ID: ${{ vars.GATOR_PERMISSIONS_PROVIDER_SNAP_ID }}
   KERNEL_SNAP_ID: ${{ vars.KERNEL_SNAP_ID }}
+  DAPP_SCANNING_BASE_URL: ${{ vars.DAPP_SCANNING_BASE_URL }}
+  SECURITY_ALERTS_BASE_URL: ${{ vars.SECURITY_ALERTS_BASE_URL }}
 
 jobs:
   publish-release:

packages/gator-permissions-snap/.env.example

@@ -6,6 +6,12 @@ SNAP_ENV=local
 # The base URL for the price API used to fetch realtime token spot prices.
 PRICE_API_BASE_URL=https://price.dev-api.cx.metamask.io
 
+# The base URL for the dapp scanning API (e.g. domain reputation / phishing scan).
+DAPP_SCANNING_BASE_URL=https://dapp-scanning.example.com
+
+# The base URL for the security alerts API (address scan).
+SECURITY_ALERTS_BASE_URL=https://security-alerts.api.cx.metamask.io
+
 # Set `STORE_PERMISSIONS_ENABLED=true` to enable profile sync storage features. This is needed when testing something related to storage otherwise leave `STORE_PERMISSIONS_ENABLED=false`
 STORE_PERMISSIONS_ENABLED=false
 

packages/gator-permissions-snap/locales/de.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": "Verstanden"
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }

packages/gator-permissions-snap/locales/el.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": ""
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }

packages/gator-permissions-snap/locales/en.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": "Got it"
+    },
+    "maliciousWebsiteLabel": {
+      "message": "Malicious website"
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": "Potentially malicious website"
+    },
+    "maliciousAddressLabel": {
+      "message": "Malicious address"
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": "Potentially malicious address"
     }
   }
 }

packages/gator-permissions-snap/locales/es_419.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": "Entendido"
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }

packages/gator-permissions-snap/locales/fr.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": ""
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }

packages/gator-permissions-snap/locales/hi.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": ""
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }

packages/gator-permissions-snap/locales/id.json

@@ -228,6 +228,18 @@
     },
     "introGotItButton": {
       "message": ""
+    },
+    "maliciousWebsiteLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousWebsiteLabel": {
+      "message": ""
+    },
+    "maliciousAddressLabel": {
+      "message": ""
+    },
+    "potentiallyMaliciousAddressLabel": {
+      "message": ""
     }
   }
 }