master 598038643f: Mark whole-script confusables as suspicious domains

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

master 598038643f: Mark whole-script confusables as suspicious domains

From:	Lars Ingebrigtsen
Subject:	master 598038643f: Mark whole-script confusables as suspicious domains
Date:	Wed, 19 Jan 2022 09:52:34 -0500 (EST)

branch: master
commit 598038643f483eabe788d4910bea5d1518ee0015
Author: Lars Ingebrigtsen <larsi@gnus.org>
Commit: Lars Ingebrigtsen <larsi@gnus.org>

    Mark whole-script confusables as suspicious domains
    
    * lisp/international/textsec.el (textsec-domain-suspicious-p):
    Consider domain names that are whole-script confusables with ASCII
    to be suspicious.  (I think this is what the Unicode standard is
    recommending, but I'm not 100% sure.)
---
 lisp/international/textsec.el            | 8 +++++++-
 test/lisp/international/textsec-tests.el | 5 ++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/lisp/international/textsec.el b/lisp/international/textsec.el
index d861685f0b..63860d2250 100644
--- a/lisp/international/textsec.el
+++ b/lisp/international/textsec.el
@@ -245,8 +245,14 @@ or use certain other unusual mixtures of characters."
          (throw 'found (format "Disallowed character: `%s' (#x%x)"
                                (string char) char))))
      domain)
+    ;; Does IDNA allow it?
     (unless (puny-highly-restrictive-domain-p domain)
-      (throw 'found (format "%s is not highly-restrictive" domain)))
+      (throw 'found (format "`%s' is not highly-restrictive" domain)))
+    ;; Check whether any segment of the domain name is confusable with
+    ;; an ASCII-only segment.
+    (dolist (elem (split-string domain "\\."))
+      (when (textsec-ascii-confusable-p elem)
+        (throw 'found (format "`%s' is confusable with ASCII" elem))))
     nil))
 
 (defun textsec-local-address-suspicious-p (local)
diff --git a/test/lisp/international/textsec-tests.el 
b/test/lisp/international/textsec-tests.el
index b68bce1dc7..8385c116f4 100644
--- a/test/lisp/international/textsec-tests.el
+++ b/test/lisp/international/textsec-tests.el
@@ -113,7 +113,10 @@
 (ert-deftest test-suspiction-domain ()
   (should (textsec-domain-suspicious-p "foo/bar.org"))
   (should-not (textsec-domain-suspicious-p "foo.org"))
-  (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org")))
+  (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org"))
+
+  (should (textsec-domain-suspicious-p "Сгсе.ru"))
+  (should-not (textsec-domain-suspicious-p "фСгсе.ru")))
 
 (ert-deftest test-suspicious-local ()
   (should-not (textsec-local-address-suspicious-p "larsi"))

[Prev in Thread]

Current Thread

[Next in Thread]

master 598038643f: Mark whole-script confusables as suspicious domains, Lars Ingebrigtsen <=

Prev by Date: master 124c4ad1e5: Split textsec-email-address-suspicious-p into two functions
Next by Date: master 00a6946283: Add new file textsec-check.el
Previous by thread: master 124c4ad1e5: Split textsec-email-address-suspicious-p into two functions
Next by thread: master 00a6946283: Add new file textsec-check.el
Index(es):
- Date
- Thread