Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation rule based on Spoofchecker::isSuspicious() #49268

Closed
nicolas-grekas opened this issue Feb 6, 2023 · 4 comments · Fixed by #49300
Closed

Add validation rule based on Spoofchecker::isSuspicious() #49268

nicolas-grekas opened this issue Feb 6, 2023 · 4 comments · Fixed by #49300
Labels
Help wanted Issues and PRs which are looking for volunteers to complete them.

Comments

@nicolas-grekas
Copy link
Member

nicolas-grekas commented Feb 6, 2023
edited

See https://php.net/spoofchecker.issuspicious

We could then add the annotation automatically in maker-bundle when the intl extension is available.
@nicolas-grekas nicolas-grekas added the Help wanted Issues and PRs which are looking for volunteers to complete them. label Feb 6, 2023
@nicolas-grekas nicolas-grekas changed the title Validation rule based on Spoofchecker::isSuspicious()? Add validation rule based on Spoofchecker::isSuspicious() Feb 6, 2023
@nicolas-grekas nicolas-grekas mentioned this issue Feb 6, 2023
Open
@MatTheCat
Copy link
Contributor

MatTheCat commented Feb 8, 2023
edited

I did a little digging and PHP’s Spoofchecker is in a sorry state:

  • its name is wrong (should be SpoofChecker).
  • isSuspicious’s second argument &$errorCode seems to always be null (I guess it should match ICU’s checkResult).
  • setRestrictionLevel is not documented (but works).
  • setAllowedLocales requires comma-separated locales in a single string.
  • no way to set allowed characters sets (ICU provides a setAllowedChars method).
  • setChecks documentation is wrong (some checks concern confusability, not spoof detection).
  • SINGLE_SCRIPT check should be replaced by SINGLE_SCRIPT_RESTRICTIVE level since ICU 51.
  • ANY_CASE check modifier does not serve any purpose since ICU 58.
  • MIXED_NUMBERS check constant is missing (you can use its value 128 though).
  • HIDDEN_OVERLAY check constant is missing (you can use its value 256 though).
  • constants are not documented.

@MatTheCat MatTheCat mentioned this issue Feb 8, 2023
Merged
@nicolas-grekas
Copy link
Member Author

Thanks for digging. This could be worth a bug report on php-src, WDYT?

@MatTheCat
Copy link
Contributor

Yes, I think both php-src and php-doc-en need a little dusting on that matter!

@nicolas-grekas
Copy link
Member Author

(please don't forget to open an issue on php-src)

nicolas-grekas added a commit that referenced this issue Feb 21, 2023
@nicolas-grekas
feature #49300 [Validator] Add a NoSuspiciousCharacters constraint …
8fb797c 
…to validate a string is not suspicious (MatTheCat)

This PR was merged into the 6.3 branch.

Discussion
----------

[Validator] Add a `NoSuspiciousCharacters` constraint to validate a string is not suspicious

| Q             | A
| ------------- | ---
| Branch?       | 6.3
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | Fix #49268
| License       | MIT
| Doc PR        | symfony/symfony-docs#17897

Leverage `Spoofchecker::isSuspicious` in a new constraint.

Commits
-------

12f901f [Validator] Add a `NoSuspiciousCharacters` constraint to validate a string is not a spoof attempt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help wanted Issues and PRs which are looking for volunteers to complete them.
Projects
None yet
Milestone
No milestone
2 participants
@nicolas-grekas @MatTheCat