[geary/wip/491-email-spoofing-case-3-32: 1/3] Add API docs to Geary.RFC822.MailboxAddress to clarify escaping
- From: Michael Gratton <mjog src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/491-email-spoofing-case-3-32: 1/3] Add API docs to Geary.RFC822.MailboxAddress to clarify escaping
- Date: Wed, 17 Jul 2019 09:10:45 +0000 (UTC)
commit 3503572ba395e1b1431b69384c40bd2066e0b74e
Author: Michael Gratton <mike vee net>
Date: Sat Jul 6 14:38:05 2019 +1000
Add API docs to Geary.RFC822.MailboxAddress to clarify escaping
Make RFC833.MailboxAddress.has_distinct_name() consider substrings
rather than straight-up string comparison.
See #491
src/engine/rfc822/rfc822-mailbox-address.vala | 19 ++++++++++++-------
test/engine/rfc822-mailbox-address-test.vala | 27 ++++++++++++++++-----------
2 files changed, 28 insertions(+), 18 deletions(-)
---
diff --git a/src/engine/rfc822/rfc822-mailbox-address.vala b/src/engine/rfc822/rfc822-mailbox-address.vala
index 5ead3307..07560000 100644
--- a/src/engine/rfc822/rfc822-mailbox-address.vala
+++ b/src/engine/rfc822/rfc822-mailbox-address.vala
@@ -408,15 +408,20 @@ public class Geary.RFC822.MailboxAddress :
/**
* Determines if the name part is different to the address part.
*
- * @return //true// if {@link name} is not empty, and the cleaned
- * versions of the name part and {@link address} are not equal.
+ * @return //true// if {@link name} is not empty, and the
+ * normalised {@link address} part is not contained within the
+ * name part when performing a case-insensitive comparison.
*/
public bool has_distinct_name() {
- string clean_name = Geary.String.reduce_whitespace(this.name);
- return (
- !Geary.String.is_empty(clean_name) &&
- clean_name != Geary.String.reduce_whitespace(this.address)
- );
+ string name = Geary.String.reduce_whitespace(this.name);
+ bool ret = false;
+ if (!Geary.String.is_empty(name)) {
+ string address = Geary.String.reduce_whitespace(
+ this.address.normalize()
+ );
+ ret = !(address.normalize().casefold() in name.casefold());
+ }
+ return ret;
}
/**
diff --git a/test/engine/rfc822-mailbox-address-test.vala b/test/engine/rfc822-mailbox-address-test.vala
index 9aa2b9e7..ceb32381 100644
--- a/test/engine/rfc822-mailbox-address-test.vala
+++ b/test/engine/rfc822-mailbox-address-test.vala
@@ -12,8 +12,9 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
add_test("is_valid_address", is_valid_address);
add_test("unescaped_constructor", unescaped_constructor);
add_test("from_rfc822_string_encoded", from_rfc822_string_encoded);
- add_test("is_spoofed", is_spoofed);
+ // latter depends on the former, so test that first
add_test("has_distinct_name", has_distinct_name);
+ add_test("is_spoofed", is_spoofed);
add_test("to_full_display", to_full_display);
add_test("to_short_display", to_short_display);
// latter depends on the former, so test that first
@@ -151,6 +152,17 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
}
}
+ public void has_distinct_name() throws Error {
+ assert(new MailboxAddress("example", "example example com").has_distinct_name() == true);
+
+ assert(new MailboxAddress("", "example example com").has_distinct_name() == false);
+ assert(new MailboxAddress(" ", "example example com").has_distinct_name() == false);
+ assert(new MailboxAddress("example example com", "example example com").has_distinct_name() ==
false);
+ assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
+ assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
+ assert(new MailboxAddress("'example example com'", "example example com").has_distinct_name() ==
false);
+ }
+
public void is_spoofed() throws Error {
assert(new MailboxAddress(null, "example example com").is_spoofed() == false);
assert(new MailboxAddress("", "example example com").is_spoofed() == false);
@@ -160,6 +172,8 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
assert(new MailboxAddress("test test", "example example com").is_spoofed() == false);
assert(new MailboxAddress("test?", "example example com").is_spoofed() == false);
assert(new MailboxAddress("test example com", "test example com").is_spoofed() == false);
+ assert(new MailboxAddress("test EXAMPLE com", "test example com").is_spoofed() == false);
+ assert(new MailboxAddress("'example example com'", "example example com").is_spoofed() == false);
assert(new MailboxAddress("test example com", "example example com").is_spoofed() == true);
assert(new MailboxAddress("test @ example . com", "example example com").is_spoofed() == true);
@@ -168,6 +182,7 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
assert(new MailboxAddress("test", "example@\nexample example com").is_spoofed() == true);
assert(new MailboxAddress("test", "example@example example com").is_spoofed() == true);
+
try {
assert(new
MailboxAddress.from_rfc822_string("\"=?utf-8?b?dGVzdCIgPHBvdHVzQHdoaXRlaG91c2UuZ292Pg==?==?utf-8?Q?=00=0A?=\"
<demo mailsploit com>")
.is_spoofed() == true);
@@ -176,16 +191,6 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
}
}
- public void has_distinct_name() throws Error {
- assert(new MailboxAddress("example", "example example com").has_distinct_name() == true);
-
- assert(new MailboxAddress("", "example example com").has_distinct_name() == false);
- assert(new MailboxAddress(" ", "example example com").has_distinct_name() == false);
- assert(new MailboxAddress("example example com", "example example com").has_distinct_name() ==
false);
- assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
- assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
- }
-
public void to_full_display() throws Error {
assert(new MailboxAddress("", "example example com").to_full_display() ==
"example example com");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
