You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2013/10/02 14:19:08 UTC
[Bug 6977] New: HTTPSMismatch does not detect HTTP(S) URL mismatch
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6977
Bug ID: 6977
Summary: HTTPSMismatch does not detect HTTP(S) URL mismatch
Product: Spamassassin
Version: 3.3.2
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
Assignee: dev@spamassassin.apache.org
Reporter: fkrska@redhat.com
Created attachment 5171
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5171&action=edit
HTTPSMismatch.pm patch - avoid using array of cleaned uris
Description of problem:
SpamAssassin does not always detect HTTP(S) URL mismatches.
Two compressed spam samples attached.
One is proper detected, the other is not.
Version-Release number of selected component (if applicable):
spamassassin-3.3.1
spamassassin-3.3.2
How reproducible:
Always
Steps to reproduce:
xzcat sample1.eml.xz | spamassassin
xzcat sample2.eml.xz | spamassassin
Actual results:
Only sample1.eml.xz results in HTTPS_HTTP_MISMATCH, sample2.eml.xz does not
match.
Expected results:
Both sample files should match/result in HTTPS_HTTP_MISMATCH.
Additional info:
Originally reported as Red Hat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=906804
I've reproduced the reported behaviour with following lines added to
/etc/mail/spamassassin/local.cf:
body HTTPS_HTTP_MISMATCH eval:check_https_http_mismatch('1','10')
describe HTTPS_HTTP_MISMATCH HTTPSMismatch
score HTTPS_HTTP_MISMATCH 2.0
Current HTTPSMismatch.pm uses array (seems random sorted and contains uri-like
substrings) of cleaned uris in uri_detail.
Mail::SpamAssassin::Plugin::URIDetail(3) says:
"cleaned" is a list including the raw URI and various cleaned versions
of the raw URI (http://spamassassin.apache%2Eorg/,
http://spamassassin.apache.org/).
In our case sample2.eml.xz leads to following uri_detail:
'http://www.xx21z.cn/images/?http://us.battle.net/login/en/?ref=http%3A%2F%2Fdwthtylus.battle.net%2Fd3%2Fen%2Findex&app=com-d3'
=> {
'anchor_text' => [
'https://us.battle.net/login/en/?ref=http%3A%2F%2Fus.battle.net%2Fd3%2Fen%2Findex&app=com-d3'
],
'domains' => {
'xx21z.cn' => 1,
'battle.net' => 1
},
'types' => {
'a' => 1
},
'cleaned' => [
'http://dwthtylus.battle.net/d3/en/index&app=com-d3',
'http://us.battle.net/login/en/?ref=http://dwthtylus.battle.net/d3/en/index&app=com-d3',
'http://www.xx21z.cn/images/?http://us.battle.net/login/en/?ref=http://dwthtylus.battle.net/d3/en/index&app=com-d3',
'http://www.xx21z.cn/images/?http://us.battle.net/login/en/?ref=http%3A%2F%2Fdwthtylus.battle.net%2Fd3%2Fen%2Findex&app=com-d3'
]
},
and first 'cleaned' uri has equal domain (battle.net) to the one in anchor
text, so it is wrongly treated as OK, although original uri has domain
xx21z.cn.
IMHO check_https_http_mismatch should use $permsgstatus->{html}->{uri_detail}
keys instead of arrays of 'cleaned' values.
I've proposed a patch, it needs thorough review, testing. (Perhaps it is a bug
in code generating 'cleaned' array which may not be supposed to contain such
substrings, then it should be fixed there)
BR
Filip
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6977] HTTPSMismatch does not detect HTTP(S) URL mismatch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6977
Filip Krška <fk...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fkrska@redhat.com
--- Comment #1 from Filip Krška <fk...@redhat.com> ---
Created attachment 5172
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5172&action=edit
sample1.eml.xz
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6977] HTTPSMismatch does not detect HTTP(S) URL mismatch
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6977
--- Comment #2 from Filip Krška <fk...@redhat.com> ---
Created attachment 5173
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5173&action=edit
sample2.eml.xz
--
You are receiving this mail because:
You are the assignee for the bug.