fix: fixed IDN check on urls

spamscanner · Feb 19, 2021 · a72745c · a72745c
1 parent d882196
commit a72745c
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/index.js b/index.js
@@ -1278,14 +1278,16 @@ class SpamScanner {
       }
     }
 
-    for (const link of links) {
-      const urlHostname = this.getHostname(link);
-      if (urlHostname) {
-        const toASCII = punycode.toASCII(urlHostname);
-        if (toASCII.startsWith('xn--'))
-          messages.push(
-            `Possible IDN homograph attack from link of "${link}" with punycode converted hostname of "${toASCII}".`
-          );
+    if (this.config.checkIDNHomographAttack) {
+      for (const link of links) {
+        const urlHostname = this.getHostname(link);
+        if (urlHostname) {
+          const toASCII = punycode.toASCII(urlHostname);
+          if (toASCII.startsWith('xn--'))
+            messages.push(
+              `Possible IDN homograph attack from link of "${link}" with punycode converted hostname of "${toASCII}".`
+            );
+        }
       }
     }
 

diff --git a/test/test.js b/test/test.js
@@ -50,6 +50,8 @@ test('should detect not phishing with different org domains (temporary)', async
 });
 
 test('should detect idn masquerading', async (t) => {
+  const client = new Redis();
+  const scanner = new SpamScanner({ client, checkIDNHomographAttack: true });
   const scan = await scanner.scan(fixtures('idn.eml'));
   t.true(scan.is_spam);
   t.true(scan.results.phishing.length > 0);