Mailspring/app/internal_packages/phishing-detection/lib/main.jsx

import {
  React,
  // The ComponentRegistry manages all React components in N1.
  ComponentRegistry,
  // A `Store` is a Flux component which contains all business logic and data
  // models to be consumed by React components to render markup.
  MessageStore,
} from 'mailspring-exports';

const tld = require('tld');

// Notice that this file is `main.cjsx` rather than `main.coffee`. We use the
// `.cjsx` filetype because we use the CJSX DSL to describe markup for React to
// render. Without the CJSX, we could just name this file `main.coffee` instead.
class PhishingIndicator extends React.Component {
  // Adding a displayName to a React component helps for debugging.
  static displayName = 'PhishingIndicator';

  constructor() {
    super();
    this.state = {
      message: MessageStore.items()[0],
    };
  }
  componentDidMount() {
    this._unlisten = MessageStore.listen(this._onMessagesChanged);
  }

  componentWillUnmount() {
    if (this._unlisten) {
      this._unlisten();
    }
  }

  _onMessagesChanged = () => {
    this.setState({
      message: MessageStore.items()[0],
    });
  };

  // A React component's `render` method returns a virtual DOM element described
  // in CJSX. `render` is deterministic: with the same input, it will always
  // render the same output. Here, the input is provided by @isPhishingAttempt.
  // `@state` and `@props` are popular inputs as well.
  render() {
    const { message } = this.state;
    if (!message) {
      return <span />;
    }

    const { replyTo, from } = message;
    if (!replyTo || !replyTo.length || !from || !from.length) {
      return <span />;
    }

    // This package's strategy to ascertain whether or not the email is a
    // phishing attempt boils down to checking the `replyTo` attributes on
    // `Message` models from `MessageStore`.
    const fromEmail = from[0].email.toLowerCase();
    const replyToEmail = replyTo[0].email.toLowerCase();
    if (!fromEmail || !replyToEmail) {
      return <span />;
    }

    const fromDomain = tld.registered(fromEmail.split('@')[1] || '');
    const replyToDomain = tld.registered(replyToEmail.split('@')[1] || '');
    if (replyToDomain !== fromDomain) {
      return (
        <div className="phishingIndicator">
          <b>This message looks suspicious!</b>
          <div className="description">{`It originates from ${fromEmail} but replies will go to ${replyToEmail}.`}</div>
        </div>
      );
    }

    return <span />;
  }
}

export function activate() {
  ComponentRegistry.register(PhishingIndicator, {
    role: 'MessageListHeaders',
  });
}

export function serialize() {}

export function deactivate() {
  ComponentRegistry.unregister(PhishingIndicator);
}
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00			`import {`
			`React,`
			`// The ComponentRegistry manages all React components in N1.`
			`ComponentRegistry,`
			// A `Store` is a Flux component which contains all business logic and data
			`// models to be consumed by React components to render markup.`
			`MessageStore,`
Rename nylas-component-kit, nylas-exports, nylas-store, nylas-observables 2017-09-27 02:42:18 +08:00			`} from 'mailspring-exports';`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00
removes phishing warning for different subdomains (#2420) This commit improves on nylas/N1#2343 (which allowed From and Reply-To to be different aliases @ the same domain) by allowing the address to differ by a subdomain. For example, the pairs: From: foo@bar.com Reply-To: foo@sub.bar.com From: foo@bar.co.uk Reply-To: foo@other.bar.co.uk From: foo@bar.com Reply-To: foobar@bar.com are each now allowed without warning. 2016-07-09 02:20:19 +08:00			`const tld = require('tld');`

es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00			// Notice that this file is `main.cjsx` rather than `main.coffee`. We use the
			// `.cjsx` filetype because we use the CJSX DSL to describe markup for React to
			// render. Without the CJSX, we could just name this file `main.coffee` instead.
			`class PhishingIndicator extends React.Component {`
			`// Adding a displayName to a React component helps for debugging.`
			`static displayName = 'PhishingIndicator';`

fix(phishing): Tie to MessageStore so it works when msgs aren't ready 2016-03-04 06:39:15 +08:00			`constructor() {`
			`super();`
			`this.state = {`
			`message: MessageStore.items()[0],`
			`};`
			`}`
			`componentDidMount() {`
			`this._unlisten = MessageStore.listen(this._onMessagesChanged);`
			`}`

			`componentWillUnmount() {`
			`if (this._unlisten) {`
			`this._unlisten();`
			`}`
			`}`

			`_onMessagesChanged = () => {`
			`this.setState({`
			`message: MessageStore.items()[0],`
			`});`
Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`};`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00
			// A React component's `render` method returns a virtual DOM element described
			// in CJSX. `render` is deterministic: with the same input, it will always
			`// render the same output. Here, the input is provided by @isPhishingAttempt.`
			// `@state` and `@props` are popular inputs as well.
			`render() {`
Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`const { message } = this.state;`
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`if (!message) {`
Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`return <span />;`
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`}`

Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`const { replyTo, from } = message;`
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`if (!replyTo \|\| !replyTo.length \|\| !from \|\| !from.length) {`
Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`return <span />;`
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`}`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00
			`// This package's strategy to ascertain whether or not the email is a`
			// phishing attempt boils down to checking the `replyTo` attributes on
			// `Message` models from `MessageStore`.
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`const fromEmail = from[0].email.toLowerCase();`
			`const replyToEmail = replyTo[0].email.toLowerCase();`
			`if (!fromEmail \|\| !replyToEmail) {`
Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`return <span />;`
fix(phising): Handle scenarios where input is malformed (Sentry 51642) https://sentry.nylas.com/sentry/edgehill/group/51642/ 2016-10-05 04:35:07 +08:00			`}`

			`const fromDomain = tld.registered(fromEmail.split('@')[1] \|\| '');`
			`const replyToDomain = tld.registered(replyToEmail.split('@')[1] \|\| '');`
			`if (replyToDomain !== fromDomain) {`
			`return (`
			`<div className="phishingIndicator">`
			`<b>This message looks suspicious!</b>`
			<div className="description">{`It originates from ${fromEmail} but replies will go to ${replyToEmail}.`}</div>
			`</div>`
			`);`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00			`}`

Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`return <span />;`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00			`}`
			`}`

			`export function activate() {`
			`ComponentRegistry.register(PhishingIndicator, {`
			`role: 'MessageListHeaders',`
			`});`
			`}`

Adopt ✨ prettier ✨, upgrade ESLint 2017-09-27 02:33:08 +08:00			`export function serialize() {}`
es6(*): convert 20+ source files used in example packages to ES2016 There could be a few lurking bugs. Please test! 2016-03-01 10:47:22 +08:00
			`export function deactivate() {`
			`ComponentRegistry.unregister(PhishingIndicator);`
			`}`