Bug 240 - HTTP_ESCAPED_HOST can catch non-URLs
Summary: HTTP_ESCAPED_HOST can catch non-URLs
Status: RESOLVED WORKSFORME
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: 2.30CVS
Hardware: All All
: P2 normal
Target Milestone: ---
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-04-21 11:56 UTC by Theo Van Dinter
Modified: 2002-06-15 03:58 UTC (History)
0 users


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Theo Van Dinter 2002-04-21 11:56:15 UTC 
I received a message which triggered HTTP_ESCAPED_HOST due to the signature in the 
message:

%   Moderator: rec.arts.sf.tv.babylon5.moderated, soc.personals  %
%                
http://www.grumpywitch.org                      %
% Arizona Polyamory Info 
http://www.grumpywitch.org/azpoly.html  %

The problem is that the 
regexp:

/^https?\:\/\/[^\/]*%/

doesn't look for non-host characters in the URL, 
specifically : and whitespace.  The fix is to replace the regexp 
with:

/https?\:\/\/[^\/\s:]*%/
Comment 1 Theo Van Dinter 2002-04-21 12:04:22 UTC 
Oops.  that regexp should be:

/^https?\:\/\/[^\/\s:]*%/
Comment 2 Matt Sergeant 2002-04-22 02:16:04 UTC 
Subject: Re: [SAdev]  HTTP_ESCAPED_HOST can catch non-URLs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 21 Apr 2002 8:04 pm, bugzilla-daemon@hughes-family.org wrote:
> http://www.hughes-family.org/bugzilla/show_bug.cgi?id=240
>
>
>
>
>
> ------- Additional Comments From felicity@kluge.net  2002-04-21 12:04
> ------- Oops.  that regexp should be:
>
> /^https?\:\/\/[^\/\s:]*%/

What version did you see this bug with? It shouldn't happen since the change 
to use uri tests.

- -- 
Matt.
<:->get a SMart net</:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8w9SO5tFry5Ir+lARAlb6AJsEEc32LWJJldRsji8tw1jyqD54DwCeOtEu
yRXo3ySo2C5bvshZx6lp2wY=
=6eZ/
-----END PGP SIGNATURE-----
Comment 3 Matt Sergeant 2002-04-22 02:17:10 UTC 
Subject: Re: [SAdev]  HTTP_ESCAPED_HOST can catch non-URLs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 21 Apr 2002 8:04 pm, bugzilla-daemon@hughes-family.org wrote:
> http://www.hughes-family.org/bugzilla/show_bug.cgi?id=240
>
>
>
>
>
> ------- Additional Comments From felicity@kluge.net  2002-04-21 12:04
> ------- Oops.  that regexp should be:
>
> /^https?\:\/\/[^\/\s:]*%/

What version did you see this bug with? It shouldn't happen since the change 
to use uri tests.

- -- 
Matt.
<:->get a SMart net</:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8w9SO5tFry5Ir+lARAlb6AJsEEc32LWJJldRsji8tw1jyqD54DwCeOtEu
yRXo3ySo2C5bvshZx6lp2wY=
=6eZ/
-----END PGP SIGNATURE-----


_______________________________________________
Spamassassin-devel mailing list
Spamassassin-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/spamassassin-devel
Comment 4 Theo Van Dinter 2002-04-22 07:42:29 UTC 
Subject: Re:  HTTP_ESCAPED_HOST can catch non-URLs

On Mon, Apr 22, 2002 at 02:17:10AM -0700, bugzilla-daemon@hughes-family.org wrote:
> > /^https?\:\/\/[^\/\s:]*%/
> 
> What version did you see this bug with? It shouldn't happen since the change 
> to use uri tests.

This was with 2.11.  I wasn't aware that 2.20 changed how URLs are parsed
out of the message since this one is done using a rawbody check.

Oh well, as long as it works. :)

(I did find another bug while checking out 2.20, so I'll go file that one.)
Comment 5 Duncan Findlay 2002-06-01 19:28:58 UTC 
Looks like this one is fixed in 2.20