diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-11-25 15:33:48 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-11-25 15:33:48 +0000 |
| commit | 22e79c1d13c295d9bb1e9f6936d496a682e706f5 (patch) | |
| tree | eeb169eef341c3efb6df779bb7097aa69ac93b29 /src/plugins/lua | |
| parent | 0e346700be79db8ec20bca8eb7706998d63b662d (diff) | |
| download | rspamd-22e79c1d13c295d9bb1e9f6936d496a682e706f5.tar.gz rspamd-22e79c1d13c295d9bb1e9f6936d496a682e706f5.zip | |
[Fix] Phishing: Fix finding domains in the phishing map
Diffstat (limited to 'src/plugins/lua')
| -rw-r--r-- | src/plugins/lua/phishing.lua | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/plugins/lua/phishing.lua b/src/plugins/lua/phishing.lua index e7c9a98a7..0af9f738b 100644 --- a/src/plugins/lua/phishing.lua +++ b/src/plugins/lua/phishing.lua @@ -230,10 +230,11 @@ local function phishing_cb(task) local b,_ = string.find(tld, '%.[^%.]+$') local b1,_ = string.find(ptld, '%.[^%.]+$') + local stripped_tld,stripped_ptld = tld, ptld if b1 and b then if string.sub(tld, b) == string.sub(ptld, b1) then - ptld = string.gsub(ptld, '%.[^%.]+$', '') - tld = string.gsub(tld, '%.[^%.]+$', '') + stripped_ptld = string.gsub(ptld, '%.[^%.]+$', '') + stripped_tld = string.gsub(tld, '%.[^%.]+$', '') end if #ptld == 0 or #tld == 0 then @@ -247,8 +248,8 @@ local function phishing_cb(task) lua_util.debugm(N, task, "confusable: %1 -> %2: %3", tld, ptld, why) weight = 1.0 else - local dist = util.levenshtein_distance(tld, ptld, 2) - dist = 2 * dist / (#tld + #ptld) + local dist = util.levenshtein_distance(stripped_tld, stripped_ptld, 2) + dist = 2 * dist / (#stripped_tld + #stripped_ptld) if dist > 0.3 and dist <= 1.0 then -- Use distance to penalize the total weight @@ -274,16 +275,24 @@ local function phishing_cb(task) lua_util.debugm(N, task, "distance: %1 -> %2: %3", tld, ptld, dist) end + local function is_url_in_map(map, furl) + for _,dn in ipairs({furl:get_tld(), furl:get_host()}) do + if map:get_key(dn) then + return true,dn + end + end + + return false + end local function found_in_map(map, furl, sweight) if not furl then furl = url end if not sweight then sweight = weight end if #map > 0 then for _,rule in ipairs(map) do - for _,dn in ipairs({furl:get_tld(), furl:get_host()}) do - if rule['map']:get_key(dn) then - task:insert_result(rule['symbol'], sweight, ptld .. '->' .. dn) - return true - end + local found,dn = is_url_in_map(rule.map, furl) + if found then + task:insert_result(rule.symbol, sweight, ptld .. '->' .. dn) + return true end end end @@ -292,7 +301,7 @@ local function phishing_cb(task) if not found_in_map(exceptions_maps) then if not found_in_map(strict_domains, purl, 1.0) then if domains then - if domains:get_key(ptld) then + if is_url_in_map(domains, purl) then task:insert_result(symbol, weight, ptld .. '->' .. tld) end else |