You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by si...@apache.org on 2023/01/08 21:19:13 UTC
svn commit: r1906472 - in /spamassassin/trunk: lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm t/data/spam/decodeshorturl/doubleslash.eml t/decodeshorturl.t
Author: sidney
Date: Sun Jan 8 21:19:13 2023
New Revision: 1906472
URL: http://svn.apache.org/viewvc?rev=1906472&view=rev
Log:
Bug 8101 - Fix handling of malformed URLs that are resolved by server using redirect to relative URI
Added:
spamassassin/trunk/t/data/spam/decodeshorturl/doubleslash.eml
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm
spamassassin/trunk/t/decodeshorturl.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm?rev=1906472&r1=1906471&r2=1906472&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm Sun Jan 8 21:19:13 2023
@@ -850,21 +850,19 @@ sub recursive_lookup {
# redirect back to the same host as chaining incorrectly.
$pms->{short_url_chained} = 1 if $count;
- # Check if we are being redirected to a local page
- # Don't recurse in this case...
+ # Check if it is a redirection to a relative URI
+ # Make it an absolute URI and chain to it in that case
if ($location !~ m{^[a-z]+://}i) {
my $orig_location = $location;
my $orig_short_url = $short_url;
# Strip to..
if (index($location, '/') == 0) {
- $short_url =~ s{^([a-z]+://.*?)[/?#].*}{$1}; # ..absolute path
+ $short_url =~ s{^([a-z]+://.*?)[/?#].*}{$1}; # ..absolute path base is http://example.com
} else {
- $short_url =~ s{^([a-z]+://.*)/}{$1}; # ..relative path
+ $short_url =~ s{^([a-z]+://.*/)}{$1}; # ..relative path base is http://example.com/a/b/
}
- $location = "$short_url/$location";
- dbg("looks like a local redirection: $orig_short_url => $location ($orig_location)");
- $pms->add_uri_detail_list($location) if !$pms->{uri_detail_list}->{$location};
- return;
+ $location = "$short_url$location";
+ dbg("looks like a redirection to a relative URI: $orig_short_url => $location ($orig_location)");
}
if (exists $been_here{$location}) {
Added: spamassassin/trunk/t/data/spam/decodeshorturl/doubleslash.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/decodeshorturl/doubleslash.eml?rev=1906472&view=auto
==============================================================================
--- spamassassin/trunk/t/data/spam/decodeshorturl/doubleslash.eml (added)
+++ spamassassin/trunk/t/data/spam/decodeshorturl/doubleslash.eml Sun Jan 8 21:19:13 2023
@@ -0,0 +1,51 @@
+To: Entity <en...@example.com>
+From: Example <ex...@example.com>
+Subject: This is a test email for a shortened URL
+Message-ID: <ea...@example.com>
+Date: Tue, 10 Nov 2020 13:33:08 -0500
+
+Greetings,
+
+http://bit.ly//3qDCt8z
+
+which should link to:
+
+https://tinyurl.com/jf8wv76t
+
+which should conclude at:
+
+https://spamassassin.apache.org/
+To: Entity <en...@example.com>
+From: Example <ex...@example.com>
+Subject: This is a test email for a shortened URL
+Message-ID: <ea...@example.com>
+Date: Tue, 10 Nov 2020 13:33:08 -0500
+
+Greetings,
+
+http://bit.ly//3qDCt8z
+
+which should link to:
+
+https://tinyurl.com/jf8wv76t
+
+which should conclude at:
+
+https://spamassassin.apache.org/
+To: Entity <en...@example.com>
+From: Example <ex...@example.com>
+Subject: This is a test email for a shortened URL
+Message-ID: <ea...@example.com>
+Date: Tue, 10 Nov 2020 13:33:08 -0500
+
+Greetings,
+
+http://bit.ly//3qDCt8z
+
+which should link to:
+
+https://tinyurl.com/jf8wv76t
+
+which should conclude at:
+
+https://spamassassin.apache.org/
Modified: spamassassin/trunk/t/decodeshorturl.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/decodeshorturl.t?rev=1906472&r1=1906471&r2=1906472&view=diff
==============================================================================
--- spamassassin/trunk/t/decodeshorturl.t (original)
+++ spamassassin/trunk/t/decodeshorturl.t Sun Jan 8 21:19:13 2023
@@ -11,7 +11,7 @@ use constant HAS_DBD_SQLITE => eval { re
use constant SQLITE => (HAS_DBI && HAS_DBD_SQLITE);
plan skip_all => "Net tests disabled" unless conf_bool('run_net_tests');
-my $tests = 8;
+my $tests = 9;
$tests += 4 if (SQLITE);
plan tests => $tests;
@@ -58,6 +58,9 @@ ok_all_patterns();
sarun ("-t < data/spam/decodeshorturl/chain.eml", \&patterns_run_cb);
ok_all_patterns();
+sarun ("-t < data/spam/decodeshorturl/doubleslash.eml", \&patterns_run_cb);
+ok_all_patterns();
+
###
### short_url() should hit even without network enabled