homograph-detector 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 10545494e61081a9576bb41c589aa5f42e1d1a1a4f82a781dac6a767148ae7b9
4
+ data.tar.gz: 8a37ed8c147b53ad556289ac964f206535ec90533817968693a3b297d95164e3
5
+ SHA512:
6
+ metadata.gz: 47a62701d09ee8f70e53196834308a3b818a5f31ae4c139412a887392ed6bc02d9e74e2ae3d9ea3846baf8a9de9ac2704bb82288abee6ad1633544c53c60f419
7
+ data.tar.gz: a04d0c9f13f7f001af6a288f1e0988a5f1875c6ecd6fea8d3b8e75c680fa7092291774efef9ea2ef28ce59d2448fe7a9981eb8d9b510d23f3727e6e8c80b24ff
@@ -0,0 +1,16 @@
1
+ version: 2
2
+ jobs:
3
+ build:
4
+ working_directory: ~/ruby-homograph-detector
5
+ docker:
6
+ - image: circleci/ruby:2.5-node
7
+ environment:
8
+ RAILS_ENV: test
9
+ steps:
10
+ - checkout
11
+ - run:
12
+ name: Bundle Install
13
+ command: bundle check || bundle install
14
+ - run:
15
+ name: Run tests
16
+ command: bundle exec rake test
data/.gitignore ADDED
@@ -0,0 +1,3 @@
1
+ /.ruby-version
2
+ /coverage/
3
+ /Gemfile.lock
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at security@kickstarter.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in homograph-detector.gemspec
6
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,201 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "[]"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright 2018 Kickstarter, PBC.
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/NOTICE.md ADDED
@@ -0,0 +1,13 @@
1
+ # Dependencies
2
+
3
+ ## addressable
4
+
5
+ The addressable Ruby gem is licensed under the [Apache License 2.0](https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt).
6
+
7
+ ## unicode-confusable
8
+
9
+ The unicode-confusable gem is licensed under the [MIT License](https://github.com/janlelis/unicode-confusable/blob/master/MIT-LICENSE.txt).
10
+
11
+ ## unicode-scripts
12
+
13
+ The unicode-scripts gem is licensed under the [MIT License](https://github.com/janlelis/unicode-scripts/blob/master/MIT-LICENSE.txt).
data/README.md ADDED
@@ -0,0 +1,63 @@
1
+ # ruby-homograph-detector
2
+
3
+ Ruby gem for determining whether a given URL is considered an [IDN homograph attack]. The underlying algorithm used in this gem is loosely based on [Google Chrome’s IDN display algorithm]. To learn more about why and how you defend against homograph attacks, see [this blog post].
4
+
5
+ [IDN homograph attack]: https://en.wikipedia.org/wiki/IDN_homograph_attack
6
+ [Google Chrome’s IDN display algorithm]: https://www.chromium.org/developers/design-documents/idn-in-google-chrome
7
+ [this blog post]: https://dev.to/loganmeetsworld/homographs-attack--5a1p
8
+
9
+ ## Installation
10
+
11
+ Install the `homograph-detector` gem, or add it to your Gemfile with bundler:
12
+
13
+ ```ruby
14
+ # In your Gemfile
15
+ gem 'homograph-detector'
16
+ ```
17
+
18
+ ## Usage
19
+
20
+ The `homograph-detector` gem provides a single function `homograph_attack?` which takes a URL string and determines if the URL is considered a homograph attack:
21
+
22
+ ```ruby
23
+ HomographDetector.homograph_attack?('<your URL here>')
24
+ ```
25
+
26
+ ## Examples
27
+
28
+ URL with Latin characters:
29
+
30
+
31
+ ```ruby
32
+ HomographDetector.homograph_attack?('https://paypal.com') # false
33
+ ```
34
+
35
+ URL with [confusable] Cyrillic characters:
36
+
37
+ ```ruby
38
+ HomographDetector.homograph_attack?('https://раураӏ.com') # true
39
+ ```
40
+
41
+ URL with non-confusable Cyrillic characters:
42
+
43
+ ```ruby
44
+ HomographDetector.homograph_attack?('http://яндекс.рф') # false
45
+ ```
46
+
47
+ URL with multiple scripts:
48
+
49
+ ```ruby
50
+ # Greek and Latin
51
+ HomographDetector.homograph_attack?('wikiρedia.org') # true
52
+
53
+ # Japanese and Latin
54
+ HomographDetector.homograph_attack?('hello你好.com') # false
55
+ ```
56
+
57
+ [confusable]: http://www.unicode.org/reports/tr39/#Confusable_Detection
58
+
59
+ ## License
60
+
61
+ Licensed under Apache License, Version 2.0 ([LICENSE.txt](LICENSE.txt) or http://www.apache.org/licenses/LICENSE-2.0).
62
+
63
+ For a summary of the licenses used by ruby-homograph-detector’s dependencies, see [NOTICE.md](NOTICE.md).
data/Rakefile ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rake/testtask'
4
+
5
+ Rake::TestTask.new do |t|
6
+ t.pattern = 'test/**/*_test.rb'
7
+ end
@@ -0,0 +1,20 @@
1
+ Gem::Specification.new do |spec|
2
+ spec.name = 'homograph-detector'
3
+ spec.version = '0.1.0'
4
+ spec.authors = 'Kickstarter Engineering'
5
+ spec.email = 'eng@kickstarter.com'
6
+ spec.summary = %q{Ruby Gem used for homograph detection}
7
+ spec.homepage = 'https://github.com/kickstarter/ruby-homograph-detector'
8
+ spec.license = 'Apache-2.0'
9
+ spec.files = `git ls-files`.split("\n")
10
+
11
+ spec.add_dependency 'addressable', '~> 2.5'
12
+ spec.add_dependency 'unicode-confusable', '~> 1.4'
13
+ spec.add_dependency 'unicode-scripts', '~> 1.3'
14
+
15
+ spec.add_development_dependency 'bundler', '~> 1.16'
16
+ spec.add_development_dependency 'minitest', '~> 5.10'
17
+ spec.add_development_dependency 'rake', '~> 10.0'
18
+ spec.add_development_dependency 'shoulda-context', '~> 1.2'
19
+ spec.add_development_dependency 'simplecov', '~> 0.16.1'
20
+ end
@@ -0,0 +1,121 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'addressable/uri'
4
+ require 'unicode/confusable'
5
+ require 'unicode/scripts'
6
+
7
+ class HomographDetector
8
+ # Unicode Script names returned by the 'unicode-scripts' gem
9
+ SCRIPT_BOPOMOFO = 'Bopomofo'
10
+ SCRIPT_COMMON = 'Common'
11
+ SCRIPT_CYRILLIC = 'Cyrillic'
12
+ SCRIPT_GREEK = 'Greek'
13
+ SCRIPT_HAN = 'Han'
14
+ SCRIPT_HANGUL = 'Hangul'
15
+ SCRIPT_HIRAGANA = 'Hiragana'
16
+ SCRIPT_INHERITED = 'Inherited'
17
+ SCRIPT_KATAKANA = 'Katakana'
18
+ SCRIPT_LATIN = 'Latin'
19
+
20
+ # Groups of Unicode Scripts
21
+ SPECIAL_SCRIPTS = Set[SCRIPT_COMMON, SCRIPT_INHERITED].freeze
22
+ JAPANESE_SCRIPTS = Set[SCRIPT_HAN, SCRIPT_HIRAGANA, SCRIPT_KATAKANA].freeze
23
+ CHINESE_SCRIPTS = Set[SCRIPT_BOPOMOFO, SCRIPT_HAN].freeze
24
+ KOREAN_SCRIPTS = Set[SCRIPT_HAN, SCRIPT_HANGUL].freeze
25
+
26
+ # Certain combinations of Unicode Scripts are okay
27
+ APPROVED_SCRIPT_COMBINATIONS = [
28
+ Set[*JAPANESE_SCRIPTS, SCRIPT_LATIN].freeze,
29
+ Set[*CHINESE_SCRIPTS, SCRIPT_LATIN].freeze,
30
+ Set[*KOREAN_SCRIPTS, SCRIPT_LATIN].freeze
31
+ ].freeze
32
+
33
+ attr_reader :address
34
+
35
+ def initialize(address)
36
+ @address = address
37
+ end
38
+
39
+ def self.homograph_attack?(address)
40
+ new(address).homograph_attack?
41
+ end
42
+
43
+ def homograph_attack?
44
+ # If we can't determine the Unicode Scripts for the domain, return false
45
+ return false if domain_scripts.nil?
46
+
47
+ # If the combination of Unicode Scripts used in the domain are ones we have
48
+ # whitelisted, return false
49
+ return false if domain_has_approved_combination_of_scripts?
50
+
51
+ # If the combination of Unicode Scripts in the domain are problematic,
52
+ # return true
53
+ return true if domain_has_sketchy_combination_of_scripts?
54
+
55
+ # If the domain is entirely composed of Cyrillic characters and each
56
+ # character can be confusable with a Latin character, return true
57
+ return true if domain_has_confusable_cyrillic_chars?
58
+
59
+ false
60
+ end
61
+
62
+ # Returns true if one of the following is satisfied:
63
+ #
64
+ # - Two Unicode Scripts are used in the domain, neither are 'Latin'
65
+ # - More than two Unicode Scripts are used in the domain
66
+ # - Two Unicode Scripts are used in the domain, one is 'Latin' and the other
67
+ # is either 'Cyrillic' or 'Greek'
68
+ private def domain_has_sketchy_combination_of_scripts?
69
+ (
70
+ domain_scripts.length == 2 && !domain_scripts.include?(SCRIPT_LATIN) ||
71
+ domain_scripts.length > 2 ||
72
+ (
73
+ domain_scripts.length == 2 &&
74
+ (domain_scripts.include?(SCRIPT_CYRILLIC) ||
75
+ domain_scripts.include?(SCRIPT_GREEK))
76
+ )
77
+ )
78
+ end
79
+
80
+ private def domain_has_confusable_cyrillic_chars?
81
+ domain_without_tld.chars.all? do |char|
82
+ Unicode::Scripts.scripts(char).include?(SCRIPT_CYRILLIC) &&
83
+ Unicode::Confusable.skeleton(char) != char
84
+ end
85
+ end
86
+
87
+ private def domain_has_approved_combination_of_scripts?
88
+ APPROVED_SCRIPT_COMBINATIONS.any? do |approved_script_combination|
89
+ domain_scripts.subset?(approved_script_combination)
90
+ end
91
+ end
92
+
93
+ # Retrieve the set of Unicode Scripts used in the domain name. If the domain
94
+ # name can't be parsed, return nil
95
+ private def domain_scripts
96
+ if domain_without_tld.nil?
97
+ nil
98
+ else
99
+ @domain_scripts ||=
100
+ Set[*Unicode::Scripts.scripts(domain_without_tld)] - SPECIAL_SCRIPTS
101
+ end
102
+ end
103
+
104
+ # Retrieve the domain without the TLD. If there's a parsing error, return nil
105
+ private def domain_without_tld
106
+ @domain_without_tld ||=
107
+ begin
108
+ tld = addressable_uri.tld
109
+ rescue Addressable::URI::InvalidURIError, PublicSuffix::Error
110
+ # The `tld` can raise a couple different errors when called if the URI
111
+ # is invalid.
112
+ nil
113
+ else
114
+ addressable_uri.domain.chomp(tld).chomp('.')
115
+ end
116
+ end
117
+
118
+ private def addressable_uri
119
+ @addressable_uri ||= Addressable::URI.parse(address)
120
+ end
121
+ end
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative './test_helper'
4
+ require_relative '../lib/homograph_detector'
5
+
6
+ class HomographDetectorTest < Minitest::Test
7
+ context '#homograph_attack?' do
8
+ should 'return true if detected to be an attack' do
9
+ assert HomographDetector.homograph_attack?('http://αaβbγcχxψyωz.com/')
10
+ assert HomographDetector.homograph_attack?('http://аaбbгcдdеeжf.com/')
11
+ assert HomographDetector.homograph_attack?('http://αаβбγгχдψеωж.com/')
12
+ assert HomographDetector.homograph_attack?('http://ㄈㄉㄊおかが.com/')
13
+ assert HomographDetector.homograph_attack?('http://ㄈㄉㄊᄊᄋᄌ.com/')
14
+ assert HomographDetector.homograph_attack?('http://おかがᄊᄋᄌ.com/')
15
+ assert HomographDetector.homograph_attack?('http://abꓚꓛᎪᎫ.com/')
16
+ assert HomographDetector.homograph_attack?('http://ꓚꓛꓜᎪᎫᎬ.com/')
17
+ assert HomographDetector.homograph_attack?('http://раураӏ.com')
18
+ end
19
+
20
+ should 'return false if not detected to be an attack' do
21
+ assert !HomographDetector.homograph_attack?('http://Aabcdef.com/')
22
+ assert !HomographDetector.homograph_attack?('http://αβγχψω.com/')
23
+ assert !HomographDetector.homograph_attack?('http://абгдеж.com/')
24
+ assert !HomographDetector.homograph_attack?('http://おかがキギク.com/')
25
+ assert !HomographDetector.homograph_attack?('http://おaかbがcキdギeクf.com/')
26
+ assert !HomographDetector.homograph_attack?('http://ㄈㄉㄊ⻕⻒夕.com/')
27
+ assert !HomographDetector.homograph_attack?('http://ㄈaㄉbㄊc⻕d⻒e夕f.com/')
28
+ assert !HomographDetector.homograph_attack?('http://ᄊᄋᄌᄍᄎᄏ.com/')
29
+ assert !HomographDetector.homograph_attack?('http://ᄊaᄋbᄌcᄍdᄎeᄏf.com/')
30
+ assert !HomographDetector.homograph_attack?('http://abc𐒊𐒋𐒌.com/')
31
+ end
32
+
33
+ should 'return false for an invalid address' do
34
+ assert !HomographDetector.homograph_attack?('http://.google.com')
35
+ assert !HomographDetector.homograph_attack?('Twitter http://twitter.com/')
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'simplecov'
4
+
5
+ SimpleCov.start
6
+
7
+ require 'minitest/autorun'
8
+ require 'shoulda/context'
metadata ADDED
@@ -0,0 +1,168 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: homograph-detector
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Kickstarter Engineering
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-06-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: addressable
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.5'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.5'
27
+ - !ruby/object:Gem::Dependency
28
+ name: unicode-confusable
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.4'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.4'
41
+ - !ruby/object:Gem::Dependency
42
+ name: unicode-scripts
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.3'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.16'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '1.16'
69
+ - !ruby/object:Gem::Dependency
70
+ name: minitest
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '5.10'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '5.10'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rake
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '10.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '10.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: shoulda-context
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1.2'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.2'
111
+ - !ruby/object:Gem::Dependency
112
+ name: simplecov
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: 0.16.1
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 0.16.1
125
+ description:
126
+ email: eng@kickstarter.com
127
+ executables: []
128
+ extensions: []
129
+ extra_rdoc_files: []
130
+ files:
131
+ - ".circleci/config.yml"
132
+ - ".gitignore"
133
+ - ".ruby-version"
134
+ - CODE_OF_CONDUCT.md
135
+ - Gemfile
136
+ - LICENSE.txt
137
+ - NOTICE.md
138
+ - README.md
139
+ - Rakefile
140
+ - homograph-detector.gemspec
141
+ - lib/homograph_detector.rb
142
+ - test/homograph_detector_test.rb
143
+ - test/test_helper.rb
144
+ homepage: https://github.com/kickstarter/ruby-homograph-detector
145
+ licenses:
146
+ - Apache-2.0
147
+ metadata: {}
148
+ post_install_message:
149
+ rdoc_options: []
150
+ require_paths:
151
+ - lib
152
+ required_ruby_version: !ruby/object:Gem::Requirement
153
+ requirements:
154
+ - - ">="
155
+ - !ruby/object:Gem::Version
156
+ version: '0'
157
+ required_rubygems_version: !ruby/object:Gem::Requirement
158
+ requirements:
159
+ - - ">="
160
+ - !ruby/object:Gem::Version
161
+ version: '0'
162
+ requirements: []
163
+ rubyforge_project:
164
+ rubygems_version: 2.7.7
165
+ signing_key:
166
+ specification_version: 4
167
+ summary: Ruby Gem used for homograph detection
168
+ test_files: []