homographic_spoofing 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.md +117 -0
  4. data/lib/homographic_spoofing/detector/base.rb +41 -0
  5. data/lib/homographic_spoofing/detector/detection.rb +2 -0
  6. data/lib/homographic_spoofing/detector/email_address.rb +40 -0
  7. data/lib/homographic_spoofing/detector/idn.rb +78 -0
  8. data/lib/homographic_spoofing/detector/local.rb +14 -0
  9. data/lib/homographic_spoofing/detector/quoted_string.rb +13 -0
  10. data/lib/homographic_spoofing/detector/rule/base.rb +15 -0
  11. data/lib/homographic_spoofing/detector/rule/context.rb +19 -0
  12. data/lib/homographic_spoofing/detector/rule/data/allowed_idn_characters.txt +1 -0
  13. data/lib/homographic_spoofing/detector/rule/data/digits.csv +680 -0
  14. data/lib/homographic_spoofing/detector/rule/disallowed_characters.rb +140 -0
  15. data/lib/homographic_spoofing/detector/rule/idn/base.rb +3 -0
  16. data/lib/homographic_spoofing/detector/rule/idn/context.rb +8 -0
  17. data/lib/homographic_spoofing/detector/rule/idn/dangerous_pattern.rb +73 -0
  18. data/lib/homographic_spoofing/detector/rule/idn/deviation_characters.rb +10 -0
  19. data/lib/homographic_spoofing/detector/rule/idn/digits.rb +25 -0
  20. data/lib/homographic_spoofing/detector/rule/idn/invisible_characters.rb +14 -0
  21. data/lib/homographic_spoofing/detector/rule/idn/script_confusable.rb +59 -0
  22. data/lib/homographic_spoofing/detector/rule/idn/script_specific.rb +31 -0
  23. data/lib/homographic_spoofing/detector/rule/idn/unsafe_middle_dot.rb +12 -0
  24. data/lib/homographic_spoofing/detector/rule/local/dot_atom_text.rb +49 -0
  25. data/lib/homographic_spoofing/detector/rule/local/nfkc.rb +6 -0
  26. data/lib/homographic_spoofing/detector/rule/mixed_digits.rb +30 -0
  27. data/lib/homographic_spoofing/detector/rule/mixed_scripts.rb +30 -0
  28. data/lib/homographic_spoofing/detector/rule/quoted_string/bidi_control.rb +10 -0
  29. data/lib/homographic_spoofing/detector/rule/quoted_string/data/nonspacing_marks.txt +1 -0
  30. data/lib/homographic_spoofing/detector/rule/quoted_string/nfc.rb +6 -0
  31. data/lib/homographic_spoofing/detector/rule/quoted_string/nonspacing_marks.rb +21 -0
  32. data/lib/homographic_spoofing/railtie.rb +5 -0
  33. data/lib/homographic_spoofing/sanitizer/base.rb +39 -0
  34. data/lib/homographic_spoofing/sanitizer/email_address.rb +10 -0
  35. data/lib/homographic_spoofing/sanitizer/idn.rb +10 -0
  36. data/lib/homographic_spoofing/sanitizer/quoted_string.rb +10 -0
  37. data/lib/homographic_spoofing/version.rb +3 -0
  38. data/lib/homographic_spoofing.rb +47 -0
  39. metadata +166 -0
@@ -0,0 +1,47 @@
1
+ require "zeitwerk"
2
+ require "unicode/scripts"
3
+ require "dnsruby"
4
+ require "public_suffix"
5
+ require "mail"
6
+ require "csv"
7
+ require "active_support"
8
+ require "active_support/core_ext"
9
+
10
+ loader = Zeitwerk::Loader.for_gem
11
+ loader.setup
12
+
13
+ module HomographicSpoofing
14
+ mattr_accessor :logger, instance_accessor: false
15
+
16
+ class << self
17
+ def email_address_spoof?(email_address)
18
+ HomographicSpoofing::Detector::EmailAddress.detected?(email_address)
19
+ end
20
+
21
+ def email_name_spoof?(email_address)
22
+ HomographicSpoofing::Detector::QuotedString.detected?(email_address)
23
+ end
24
+
25
+ def email_local_spoof?(email_address)
26
+ HomographicSpoofing::Detector::Local.detected?(email_address)
27
+ end
28
+
29
+ def idn_spoof?(idn)
30
+ HomographicSpoofing::Detector::Idn.detected?(idn)
31
+ end
32
+
33
+ def sanitize_email_address(email_address)
34
+ HomographicSpoofing::Sanitizer::EmailAddress.sanitize(email_address)
35
+ end
36
+
37
+ def sanitize_email_name(email_address)
38
+ HomographicSpoofing::Sanitizer::QuotedString.sanitize(email_address)
39
+ end
40
+
41
+ def sanitize_idn(idn)
42
+ HomographicSpoofing::Sanitizer::Idn.sanitize(idn)
43
+ end
44
+ end
45
+ end
46
+
47
+ require_relative "homographic_spoofing/railtie" if defined?(Rails::Railtie)
metadata ADDED
@@ -0,0 +1,166 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: homographic_spoofing
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Jacopo Beschi
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2024-06-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: zeitwerk
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.5'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.5'
27
+ - !ruby/object:Gem::Dependency
28
+ name: unicode-scripts
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: dnsruby
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: public_suffix
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: mail
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: activesupport
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ description:
98
+ email:
99
+ - jacopo@37signals.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - MIT-LICENSE
105
+ - README.md
106
+ - lib/homographic_spoofing.rb
107
+ - lib/homographic_spoofing/detector/base.rb
108
+ - lib/homographic_spoofing/detector/detection.rb
109
+ - lib/homographic_spoofing/detector/email_address.rb
110
+ - lib/homographic_spoofing/detector/idn.rb
111
+ - lib/homographic_spoofing/detector/local.rb
112
+ - lib/homographic_spoofing/detector/quoted_string.rb
113
+ - lib/homographic_spoofing/detector/rule/base.rb
114
+ - lib/homographic_spoofing/detector/rule/context.rb
115
+ - lib/homographic_spoofing/detector/rule/data/allowed_idn_characters.txt
116
+ - lib/homographic_spoofing/detector/rule/data/digits.csv
117
+ - lib/homographic_spoofing/detector/rule/disallowed_characters.rb
118
+ - lib/homographic_spoofing/detector/rule/idn/base.rb
119
+ - lib/homographic_spoofing/detector/rule/idn/context.rb
120
+ - lib/homographic_spoofing/detector/rule/idn/dangerous_pattern.rb
121
+ - lib/homographic_spoofing/detector/rule/idn/deviation_characters.rb
122
+ - lib/homographic_spoofing/detector/rule/idn/digits.rb
123
+ - lib/homographic_spoofing/detector/rule/idn/invisible_characters.rb
124
+ - lib/homographic_spoofing/detector/rule/idn/script_confusable.rb
125
+ - lib/homographic_spoofing/detector/rule/idn/script_specific.rb
126
+ - lib/homographic_spoofing/detector/rule/idn/unsafe_middle_dot.rb
127
+ - lib/homographic_spoofing/detector/rule/local/dot_atom_text.rb
128
+ - lib/homographic_spoofing/detector/rule/local/nfkc.rb
129
+ - lib/homographic_spoofing/detector/rule/mixed_digits.rb
130
+ - lib/homographic_spoofing/detector/rule/mixed_scripts.rb
131
+ - lib/homographic_spoofing/detector/rule/quoted_string/bidi_control.rb
132
+ - lib/homographic_spoofing/detector/rule/quoted_string/data/nonspacing_marks.txt
133
+ - lib/homographic_spoofing/detector/rule/quoted_string/nfc.rb
134
+ - lib/homographic_spoofing/detector/rule/quoted_string/nonspacing_marks.rb
135
+ - lib/homographic_spoofing/railtie.rb
136
+ - lib/homographic_spoofing/sanitizer/base.rb
137
+ - lib/homographic_spoofing/sanitizer/email_address.rb
138
+ - lib/homographic_spoofing/sanitizer/idn.rb
139
+ - lib/homographic_spoofing/sanitizer/quoted_string.rb
140
+ - lib/homographic_spoofing/version.rb
141
+ homepage: https://github.com/basecamp/homographic_spoofing
142
+ licenses:
143
+ - MIT
144
+ metadata:
145
+ allowed_push_host: https://rubygems.org
146
+ post_install_message:
147
+ rdoc_options: []
148
+ require_paths:
149
+ - lib
150
+ required_ruby_version: !ruby/object:Gem::Requirement
151
+ requirements:
152
+ - - ">="
153
+ - !ruby/object:Gem::Version
154
+ version: 3.1.0
155
+ required_rubygems_version: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: '0'
160
+ requirements: []
161
+ rubygems_version: 3.5.3
162
+ signing_key:
163
+ specification_version: 4
164
+ summary: A toolkit to both detect and sanitize homographic spoofing attacks in URLs
165
+ and Email addresses
166
+ test_files: []