Author: jm
Date: Mon Jul 11 18:05:50 2005
New Revision: 215903
URL: http://svn.apache.org/viewcvs?rev=215903&view=rev
Log:
bug 4460: fix USERPASS false positives, by ensuring that email addresses are not picked up as HTTP links
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
spamassassin/trunk/t/uri_text.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm Mon Jul 11 18:05:50 2005
@@ -2040,18 +2040,23 @@
# open, without a protocol, and not inside of an HTML tag,
# the we should add the proper protocol in front, rather
# than using the base URI.
- if ($uri =~ /^www\d*\./i) {
- # some spammers are using unschemed URIs to escape filters
+ if ($uri =~ /^ftp\./i) {
push (@uris, $uri);
- $uri = "http://$uri";
+ $uri = "ftp://$uri";
}
- elsif ($uri =~ /^ftp\./i) {
+ if ($uri =~ /\@/) {
push (@uris, $uri);
- $uri = "ftp://$uri";
+ $uri = "mailto:$uri";
+ }
+ else # if ($uri =~ /^www\d*\./i)
+ {
+ # some spammers are using unschemed URIs to escape filters
+ push (@uris, $uri);
+ $uri = "http://$uri";
}
}
- #warn("uri: got URI: $uri\n");
+ # warn("uri: got URI: $uri\n");
push @uris, $uri;
}
while (/($Addr_spec_re)/igo) {
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Mon Jul 11 18:05:50 2005
@@ -931,8 +931,9 @@
# make sure we catch bad encoding tricks
my @nuris = ();
for my $uri (@uris) {
- # we're interested in http:// and so on, skip mailto:
- next if $uri =~ /^mailto:/i;
+ # we're interested in http:// and so on, skip mailto: and
+ # email addresses with no protocol
+ next if $uri =~ /^mailto:/i || $uri =~ /^[^:]*\@/;
# sometimes we catch URLs on multiple lines
$uri =~ s/\n//g;
Modified: spamassassin/trunk/t/uri_text.t
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/t/uri_text.t?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/t/uri_text.t (original)
+++ spamassassin/trunk/t/uri_text.t Mon Jul 11 18:05:50 2005
@@ -24,7 +24,7 @@
use vars qw(%patterns %anti_patterns);
# settings
-plan tests => 2;
+plan tests => 101;
# initialize SpamAssassin
my $sa = create_saobj({'dont_copy_prefs' => 1});
@@ -44,21 +44,22 @@
# run patterns and anti-patterns
my $failures = 0;
for my $pattern (keys %patterns) {
- if ($uris !~ /${pattern}/m) {
- print "did not find $pattern\n";
+ if (!ok($uris =~ /${pattern}/m)) {
+ warn "failure: did not find /$pattern/\n";
$failures++;
}
}
-ok(!$failures);
-$failures = 0;
for my $anti_pattern (keys %anti_patterns) {
- if ($uris =~ /${anti_pattern}/m) {
- print "did find $anti_pattern\n";
+ if (!ok($uris !~ /${anti_pattern}/m)) {
+ warn "failure: did find /$anti_pattern/\n";
$failures++;
}
}
-ok(!$failures);
+
+if ($failures) {
+ print "URIs found:\n$uris";
+}
# function to write test email
sub write_mail {
@@ -77,6 +78,7 @@
while (<DATA>) {
chomp;
next if /^#/;
+ next if /^\s*$/;
if (/^(.*?)\t+(.*?)\s*$/) {
my $string = $1;
my @patterns = split(' ', $2);
@@ -92,6 +94,9 @@
}
}
}
+ else {
+ warn "unparseable line: $_";
+ }
}
return $message;
@@ -251,3 +256,7 @@
#ldap://www.luzoop5k.com ldap://www.luzoop5k.com
#im://www.luzoop5k.com im://www.luzoop5k.com
#snmp://www.luzoop5k.com snmp://www.luzoop5k.com
+
+<sentto-4934-foo=addr.com@verper.com> !^http://.*addr.com@verper.com
+<sentto-4934-foo=addr.com@verper.com> mailto:sentto-4934-foo=addr.com@verper.com
+
Date: Mon Jul 11 18:05:50 2005
New Revision: 215903
URL: http://svn.apache.org/viewcvs?rev=215903&view=rev
Log:
bug 4460: fix USERPASS false positives, by ensuring that email addresses are not picked up as HTTP links
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
spamassassin/trunk/t/uri_text.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm Mon Jul 11 18:05:50 2005
@@ -2040,18 +2040,23 @@
# open, without a protocol, and not inside of an HTML tag,
# the we should add the proper protocol in front, rather
# than using the base URI.
- if ($uri =~ /^www\d*\./i) {
- # some spammers are using unschemed URIs to escape filters
+ if ($uri =~ /^ftp\./i) {
push (@uris, $uri);
- $uri = "http://$uri";
+ $uri = "ftp://$uri";
}
- elsif ($uri =~ /^ftp\./i) {
+ if ($uri =~ /\@/) {
push (@uris, $uri);
- $uri = "ftp://$uri";
+ $uri = "mailto:$uri";
+ }
+ else # if ($uri =~ /^www\d*\./i)
+ {
+ # some spammers are using unschemed URIs to escape filters
+ push (@uris, $uri);
+ $uri = "http://$uri";
}
}
- #warn("uri: got URI: $uri\n");
+ # warn("uri: got URI: $uri\n");
push @uris, $uri;
}
while (/($Addr_spec_re)/igo) {
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Mon Jul 11 18:05:50 2005
@@ -931,8 +931,9 @@
# make sure we catch bad encoding tricks
my @nuris = ();
for my $uri (@uris) {
- # we're interested in http:// and so on, skip mailto:
- next if $uri =~ /^mailto:/i;
+ # we're interested in http:// and so on, skip mailto: and
+ # email addresses with no protocol
+ next if $uri =~ /^mailto:/i || $uri =~ /^[^:]*\@/;
# sometimes we catch URLs on multiple lines
$uri =~ s/\n//g;
Modified: spamassassin/trunk/t/uri_text.t
URL: http://svn.apache.org/viewcvs/spamassassin/trunk/t/uri_text.t?rev=215903&r1=215902&r2=215903&view=diff
==============================================================================
--- spamassassin/trunk/t/uri_text.t (original)
+++ spamassassin/trunk/t/uri_text.t Mon Jul 11 18:05:50 2005
@@ -24,7 +24,7 @@
use vars qw(%patterns %anti_patterns);
# settings
-plan tests => 2;
+plan tests => 101;
# initialize SpamAssassin
my $sa = create_saobj({'dont_copy_prefs' => 1});
@@ -44,21 +44,22 @@
# run patterns and anti-patterns
my $failures = 0;
for my $pattern (keys %patterns) {
- if ($uris !~ /${pattern}/m) {
- print "did not find $pattern\n";
+ if (!ok($uris =~ /${pattern}/m)) {
+ warn "failure: did not find /$pattern/\n";
$failures++;
}
}
-ok(!$failures);
-$failures = 0;
for my $anti_pattern (keys %anti_patterns) {
- if ($uris =~ /${anti_pattern}/m) {
- print "did find $anti_pattern\n";
+ if (!ok($uris !~ /${anti_pattern}/m)) {
+ warn "failure: did find /$anti_pattern/\n";
$failures++;
}
}
-ok(!$failures);
+
+if ($failures) {
+ print "URIs found:\n$uris";
+}
# function to write test email
sub write_mail {
@@ -77,6 +78,7 @@
while (<DATA>) {
chomp;
next if /^#/;
+ next if /^\s*$/;
if (/^(.*?)\t+(.*?)\s*$/) {
my $string = $1;
my @patterns = split(' ', $2);
@@ -92,6 +94,9 @@
}
}
}
+ else {
+ warn "unparseable line: $_";
+ }
}
return $message;
@@ -251,3 +256,7 @@
#ldap://www.luzoop5k.com ldap://www.luzoop5k.com
#im://www.luzoop5k.com im://www.luzoop5k.com
#snmp://www.luzoop5k.com snmp://www.luzoop5k.com
+
+<sentto-4934-foo=addr.com@verper.com> !^http://.*addr.com@verper.com
+<sentto-4934-foo=addr.com@verper.com> mailto:sentto-4934-foo=addr.com@verper.com
+