Foundry376/Mailspring
1
1
Fork 0
mirror of https://github.com/Foundry376/Mailspring.git synced 2025-02-03 05:51:07 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix(phising): Handle scenarios where input is malformed (Sentry 51642)

Browse source 
https://sentry.nylas.com/sentry/edgehill/group/51642/
This commit is contained in:
Ben Gotow 2016-10-04 13:35:07 -07:00
parent de9e627924
commit 4160757c9e
1 changed files with 24 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
internal_packages/phishing-detection/lib/main.jsx
View file

@ -45,26 +45,36 @@ class PhishingIndicator extends React.Component {
// `@state` and `@props` are popular inputs as well.
render() {
const {message} = this.state;
if (!message) {
return (<span />);
}
const {replyTo, from} = message;
if (!replyTo || !replyTo.length || !from || !from.length) {
return (<span />);
}
// This package's strategy to ascertain whether or not the email is a
// phishing attempt boils down to checking the `replyTo` attributes on
// `Message` models from `MessageStore`.
if (message && message.replyTo && message.replyTo.length !== 0) {
const from = message.from[0].email.toLowerCase();
const fromDomain = tld.registered(from.split('@')[1]);
const replyTo = message.replyTo[0].email.toLowerCase();
const replyToDomain = tld.registered(replyTo.split('@')[1]);
if (replyToDomain !== fromDomain) {
return (
<div className="phishingIndicator">
<b>This message looks suspicious!</b>
<div className="description">{`It originates from ${from} but replies will go to ${replyTo}.`}</div>
</div>
);
}
const fromEmail = from[0].email.toLowerCase();
const replyToEmail = replyTo[0].email.toLowerCase();
if (!fromEmail || !replyToEmail) {
return (<span />);
}
return null;
const fromDomain = tld.registered(fromEmail.split('@')[1] || '');
const replyToDomain = tld.registered(replyToEmail.split('@')[1] || '');
if (replyToDomain !== fromDomain) {
return (
<div className="phishingIndicator">
<b>This message looks suspicious!</b>
<div className="description">{`It originates from ${fromEmail} but replies will go to ${replyToEmail}.`}</div>
</div>
);
}
return (<span />);
}
}