694 – False positive in URL detection triggers HTTP_ESCAPED_HOST

Bug 694 - False positive in URL detection triggers HTTP_ESCAPED_HOST

Summary: False positive in URL detection triggers HTTP_ESCAPED_HOST

Status:	CLOSED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (show other bugs)
Version:	2.31
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-08-13 09:47 UTC by Pavel Roskin
Modified:	2002-08-13 08:25 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Roskin 2002-08-13 09:47:58 UTC

The following line triggers HTTP_ESCAPED_HOST:
inet6 fe80::206:25ff:fe08:f572%wi0 prefixlen 64 scopeid 0x1

The rule is:
uri HTTP_ESCAPED_HOST       /^https?\:\/\/[^\/]*%/
describe HTTP_ESCAPED_HOST      Uses %-escapes inside a URL's hostname

"http://" is added in function do_body_uri_tests. I think we can expect at least
one dot in a hostname.  The hostname cannot begin after ":" without having an
explicit protocol name, or it will be too confusing for most recipients.  Also,
% should be followed by numbers to be an escape.

I know, spammers are stupid and will send something broken, but this rule
together with paranoid URL detection go too far.

Comment 1 Justin Mason 2002-08-13 09:58:00 UTC

could you try with CVS? I think this is already fixed.
(we should not be adding the http:// bit).

if not, just attach a message which triggers it and we'll
test that: if it fires, bug valid, if not, bug already 
fixed ;)

cheers!

Comment 2 Pavel Roskin 2002-08-13 16:23:42 UTC

Yes, the CVS version works correctly.
Please close the bug.

Comment 3 Pavel Roskin 2002-08-13 16:25:05 UTC

Closing the bug, fixed in CVS.