mirror of
https://github.com/roundcube/roundcubemail.git
synced 2026-03-23 16:26:59 +01:00
a8707ae220
* Assert CS using CI * fix "single_blank_line_at_eof" * fix "statement_indentation" * fix "switch_case_semicolon_to_colon" * fix "control_structure_braces" * fix "statement_indentation" * fix "no_whitespace_in_blank_line" * fix "no_trailing_whitespace_in_comment" * fix "no_trailing_whitespace" * fix "single_space_around_construct" * fix "spaces_inside_parentheses" * fix "ternary_operator_spaces" * fix "trim_array_spaces" * fix "whitespace_after_comma_in_array" * fix "cast_spaces" * fix "unary_operator_spaces" * fix "no_trailing_comma_in_singleline" * fix "ordered_imports" * fix "no_unused_imports" * Check composer.json format * fix CI job name * file header comments are not phpdoc * fix "phpdoc_indent" * fix "braces_position" * fix "phpdoc_types" * fix "no_blank_lines_after_class_opening" * fix "no_multiple_statements_per_line" * fix "multiline_comment_opening_closing" * fix "single_line_empty_body" * fix "non_printable_character" * fix "phpdoc_trim_consecutive_blank_line_separation" * fix "include" * fix "no_mixed_echo_print" --------- Co-authored-by: Aleksander Machniak <alec@alec.pl>
74 lines
2.7 KiB
PHP
74 lines
2.7 KiB
PHP
<?php
|
|
|
|
/*
|
|
+-----------------------------------------------------------------------+
|
|
| This file is part of the Roundcube Webmail client |
|
|
| |
|
|
| Copyright (C) The Roundcube Dev Team |
|
|
| Copyright (C) Kolab Systems AG |
|
|
| |
|
|
| Licensed under the GNU General Public License version 3 or |
|
|
| any later version with exceptions for skins & plugins. |
|
|
| See the README file for a full license statement. |
|
|
| |
|
|
| PURPOSE: |
|
|
| E-mail/Domain name spoofing detection |
|
|
+-----------------------------------------------------------------------+
|
|
| Author: Aleksander Machniak <machniak@kolabsys.com> |
|
|
+-----------------------------------------------------------------------+
|
|
*/
|
|
|
|
/**
|
|
* Helper class for spoofing detection.
|
|
*
|
|
* @package Framework
|
|
* @subpackage Utils
|
|
*/
|
|
class rcube_spoofchecker
|
|
{
|
|
/** @var array In-memory cache of checked domains */
|
|
protected static $results = [];
|
|
|
|
/**
|
|
* Detects (potential) spoofing in an e-mail address or a domain.
|
|
*
|
|
* @param string $domain Email address or domain (UTF8 not punycode)
|
|
*
|
|
* @return bool True if spoofed/suspicious, False otherwise
|
|
*/
|
|
public static function check($domain)
|
|
{
|
|
if (($pos = strrpos($domain, '@')) !== false) {
|
|
$domain = substr($domain, $pos + 1);
|
|
}
|
|
|
|
if (isset(self::$results[$domain])) {
|
|
return self::$results[$domain];
|
|
}
|
|
|
|
// Spoofchecker is part of ext-intl (requires ICU >= 4.2)
|
|
try {
|
|
$checker = new Spoofchecker();
|
|
|
|
// Note: The constant (and method?) added in PHP 7.3.0
|
|
if (defined('Spoofchecker::HIGHLY_RESTRICTIVE')) {
|
|
$checker->setRestrictionLevel(Spoofchecker::HIGHLY_RESTRICTIVE);
|
|
}
|
|
else {
|
|
$checker->setChecks(Spoofchecker::SINGLE_SCRIPT | Spoofchecker::INVISIBLE);
|
|
}
|
|
|
|
$result = $checker->isSuspicious($domain);
|
|
}
|
|
catch (Throwable $e) {
|
|
rcube::raise_error($e, true);
|
|
$result = false;
|
|
}
|
|
|
|
// TODO: Use areConfusable() to detect ascii-spoofing of some domains, e.g. paypa1.com?
|
|
// TODO: Domains with non-printable characters should be considered spoofed
|
|
|
|
return self::$results[$domain] = $result;
|
|
}
|
|
}
|