diff options
| author | Mattias EngdegÄrd | 2022-04-11 16:22:38 +0200 |
|---|---|---|
| committer | Mattias EngdegÄrd | 2022-04-11 16:29:24 +0200 |
| commit | 26db1ca80e459a640cc6648fb7f94c873def3ddd (patch) | |
| tree | a369bdcd5d121dd2740b7d9764be2390332e5f58 | |
| parent | a715f2fbe70bb4cbb961e82af95e2965030b4513 (diff) | |
| download | emacs-26db1ca80e459a640cc6648fb7f94c873def3ddd.tar.gz emacs-26db1ca80e459a640cc6648fb7f94c873def3ddd.zip | |
Recognise hybrid IPv6/IPv4 addresses in textsec (bug#54624)
* lisp/international/textsec.el (textsec--ipvx-address-p):
Recognise hybrid addresses like "::ffff:129.55.2.201".
Combine to a single regexp and translate to rx.
Remove some regexp ambiguity (relint complaint).
* test/lisp/international/textsec-tests.el (test-suspiction-domain):
Add test cases.
| -rw-r--r-- | lisp/international/textsec.el | 18 | ||||
| -rw-r--r-- | test/lisp/international/textsec-tests.el | 5 |
2 files changed, 16 insertions, 7 deletions
diff --git a/lisp/international/textsec.el b/lisp/international/textsec.el index cca49986fc4..3e787909384 100644 --- a/lisp/international/textsec.el +++ b/lisp/international/textsec.el | |||
| @@ -233,12 +233,18 @@ The scripts are as defined by the Unicode Standard Annex 24 (UAX#24)." | |||
| 233 | 233 | ||
| 234 | (defun textsec--ipvx-address-p (domain) | 234 | (defun textsec--ipvx-address-p (domain) |
| 235 | "Return non-nil if DOMAIN is an ipv4 or ipv6 address." | 235 | "Return non-nil if DOMAIN is an ipv4 or ipv6 address." |
| 236 | (or (string-match-p "\\`\\([0-9]\\{1,3\\}\\.?\\)\\{1,4\\}\\'" domain) | 236 | ;; This is a very relaxed pattern for IPv4 or IPv6 addresses. The |
| 237 | (let ((ipv6 "\\([0-9a-f]\\{0,4\\}:?\\)\\{1,8\\}")) | 237 | ;; assumption is that any malformed address accepted by this rule |
| 238 | ;; With brackets. | 238 | ;; will be rejected by the actual address parser eventually. |
| 239 | (or (string-match-p (format "\\`\\[%s\\]\\'" ipv6) domain) | 239 | (rx-let ((ipv4 (** 1 4 |
| 240 | ;; Without. | 240 | (** 1 3 (in "0-9")) |
| 241 | (string-match-p (format "\\`%s\\'" ipv6) domain))))) | 241 | (? "."))) |
| 242 | (ipv6 (: (** 1 7 | ||
| 243 | (** 0 4 (in "0-9a-f")) | ||
| 244 | ":") | ||
| 245 | (** 0 4 (in "0-9a-f")) | ||
| 246 | (? ":" ipv4)))) | ||
| 247 | (string-match-p (rx bos (or ipv4 ipv6 (: "[" ipv6 "]")) eos) domain))) | ||
| 242 | 248 | ||
| 243 | (defun textsec-domain-suspicious-p (domain) | 249 | (defun textsec-domain-suspicious-p (domain) |
| 244 | "Say whether DOMAIN's name looks suspicious. | 250 | "Say whether DOMAIN's name looks suspicious. |
diff --git a/test/lisp/international/textsec-tests.el b/test/lisp/international/textsec-tests.el index 9216d334f87..6b0773dc407 100644 --- a/test/lisp/international/textsec-tests.el +++ b/test/lisp/international/textsec-tests.el | |||
| @@ -126,7 +126,10 @@ | |||
| 126 | (should-not (textsec-domain-suspicious-p | 126 | (should-not (textsec-domain-suspicious-p |
| 127 | "[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8]")) | 127 | "[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8]")) |
| 128 | (should (textsec-domain-suspicious-p | 128 | (should (textsec-domain-suspicious-p |
| 129 | "[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8"))) | 129 | "[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8")) |
| 130 | (should-not (textsec-domain-suspicious-p "138.25.106.12")) | ||
| 131 | (should-not (textsec-domain-suspicious-p "2001:db8::ff00:42:8329")) | ||
| 132 | (should-not (textsec-domain-suspicious-p "::ffff:129.55.2.201"))) | ||
| 130 | 133 | ||
| 131 | (ert-deftest test-suspicious-local () | 134 | (ert-deftest test-suspicious-local () |
| 132 | (should-not (textsec-local-address-suspicious-p "larsi")) | 135 | (should-not (textsec-local-address-suspicious-p "larsi")) |