def validate_confusables_email(value):
"""
Validator which disallows 'dangerous' email addresses likely to
represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
"""
# we need a single @ in the email
at_symbols = re.findall(r'@', value)
if len(at_symbols) != 1:
return False
local_part, domain = value.split('@')
if confusables.is_dangerous(local_part) or confusables.is_dangerous(
domain):
return False
if local_part in DEFAULT_RESERVED_NAMES:
return False
return True
def validate_confusables_email(*, local_part: str, domain: str,
exception_class: Callable) -> None:
"""Disallows 'dangerous' email addresses likely to represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
Args:
local_part: the local part of the email addres, before @.
domain: the domain part of the email addres, after @.
exception_class: Callable Exception class
Examples:
>>> from teached.users import validators
>>> validators.validate_confusables_email(local_part="ΑlaskaJazz", domain="ΑlaskaJazz", exception_class=ValueError) # noqa: B950
Traceback (most recent call last):
...
ValueError: This email address cannot be registered. Please supply a different email address.
>>> validators.validate_confusables_email(local_part="123", domain="123", exception_class=ValueError)
None
Raises:
exception_class: call the exception class if the value is dangerous.
"""
if confusables.is_dangerous(local_part) or confusables.is_dangerous(
domain):
raise exception_class(CONFUSABLE_EMAIL)
def validate_confusables_email(value):
"""
Validator which disallows 'dangerous' email addresses likely to
represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
"""
# Email addresses are extremely difficult.
#
# The current RFC governing syntax of email addresses is RFC 5322
# which, as the HTML5 specification succinctly states, "defines a
# syntax for e-mail addresses that is simultaneously too strict
# ... too vague ... and too lax ... to be of practical use".
#
# In order to be useful, this validator must consider only the
# addr-spec portion of an email address, and must examine the
# local-part and the domain of that addr-spec
# separately. Unfortunately, there are no good general-purpose
# Python libraries currently available (that the author of
# django-registration is aware of), supported on all versions of
# Python django-registration supports, which can reliably provide
# an RFC-complient parse of either a full address or an addr-spec
# which allows the local-part and domain to be treated separately.
#
# To work around this shortcoming, RegistrationForm applies the
# HTML5 email validation rule, which HTML5 admits (in section
# 4.10.5.1.5) is a "willful violation" of RFC 5322, to the
# submitted email address. This will reject many technically-valid
# but problematic email addresses, including those which make use
# of comments, or which embed otherwise-illegal characters via
# quoted-string.
#
# That in turn allows this validator to take a much simpler
# approach: it considers any value containing exactly one '@'
# (U+0040) to be an addr-spec, and consders everything prior to
# the '@' to be the local-part and everything after to be the
# domain, and performs validation on them. Any value not
# containing exactly one '@' is assumed not to be an addr-spec,
# and is thus "accepted" by not being validated at all.
if value.count("@") != 1:
return
local_part, domain = value.split("@")
if confusables.is_dangerous(local_part) or confusables.is_dangerous(
domain):
raise ValidationError(CONFUSABLE_EMAIL, code="invalid")
def validate_confusables(value):
"""
Validator which disallows 'dangerous' usernames likely to
represent homograph attacks.
A username is 'dangerous' if it is mixed-script (as defined by
Unicode 'Script' property) and contains one or more characters
appearing in the Unicode Visually Confusable Characters file.
"""
if not isinstance(value, six.text_type):
return
if confusables.is_dangerous(value) or \
confusables.is_dangerous(value.lower()):
raise ValidationError(CONFUSABLE, code='confusable_value')
def validate_confusables_email(value):
"""
Validator which disallows 'dangerous' email addresses likely to
represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
"""
if '@' not in value:
return
local_part, domain = value.split('@')
if confusables.is_dangerous(local_part) or \
confusables.is_dangerous(domain):
raise ValidationError(CONFUSABLE_EMAIL, code='invalid')
def validate_confusables_email(*, local_part: str, domain: str,
exception_class) -> None:
"""
Validator which disallows 'dangerous' email addresses likely to
represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
"""
if confusables.is_dangerous(local_part) or confusables.is_dangerous(
domain):
raise exception_class(CONFUSABLE_EMAIL, code=_("invalid"))
def validate_confusables(*, value: str, exception_class: Callable) -> None:
"""Disallows 'dangerous' usernames likely to represent homograph attacks.
A username is 'dangerous' if it is mixed-script (as defined by
Unicode 'Script' property) and contains one or more characters
appearing in the Unicode Visually Confusable Characters file.
Args:
value: string.
exception_class: Callable Exception class
Examples:
>>> from teached.users import validators
>>> validators.validate_confusables(value="ΑlaskaJazz", exception_class=ValueError) # noqa: B950
Traceback (most recent call last):
...
ValueError: This name cannot be registered.Please choose a different name.
>>> validators.validate_confusables(value="123", exception_class=ValueError)
None
Raises:
exception_class: call the exception class if the value is dangerous.
"""
if confusables.is_dangerous(value):
raise exception_class(CONFUSABLE)
def validate_confusables(value: str):
"""
This validates if the value is not a confusable homoglyph.
"""
return confusables.is_dangerous(value)
def validate_confusables_email(value):
"""
Validator which disallows 'dangerous' email addresses likely to
represent homograph attacks.
An email address is 'dangerous' if either the local-part or the
domain, considered on their own, are mixed-script and contain one
or more characters appearing in the Unicode Visually Confusable
Characters file.
"""
if '@' not in value:
return
local_part, domain = value.split('@')
if confusables.is_dangerous(local_part) or \
confusables.is_dangerous(domain):
raise ValidationError(CONFUSABLE_EMAIL, code='invalid')
def validate_confusables_email(value):
"""For emails, avoid mixed-script characters in the Unicode Visually Confusable Characters file. """
# The HTML5 specification states the RFC 5322 (governing email addresses) "defines
# a syntax for e-mail addresses that is simultaneously too strict ... too vague
# ... and too lax ... to be of practical use". Meanwhile, the HTML5 email validation
# rule is self-admittedly (in section # 4.10.5.1.5) is a "willful violation" of
# RFC 5322, to the submitted email address.
#
# We want to separately consider the local and domain parts of the email address.
# We are simplifying this task by assuming that there must be exactly one '@' (U+0040),
# and this separates the local and domain parts of the email address.
if value.count("@") != 1:
return
local_part, domain = value.split("@")
if confusables.is_dangerous(local_part) or confusables.is_dangerous(
domain):
raise ValidationError(CONFUSABLE_EMAIL, code="invalid")
def validate_confusables(self, value):
"""
Validator which disallows 'dangerous' usernames likely to
represent homograph attacks.
A username is 'dangerous' if it is mixed-script (as defined by
Unicode 'Script' property) and contains one or more characters
appearing in the Unicode Visually Confusable Characters file.
"""
if confusables.is_dangerous(value):
raise Exception(CONFUSABLE)
def validate_confusables(value):
'''
This validates if the value is not a confusable homoglyph.
'''
if confusables.is_dangerous(value):
return False
else:
return True
def validate_confusables(value):
"""
Validator which disallows 'dangerous' usernames likely to
represent homograph attacks.
A username is 'dangerous' if it is mixed-script (as defined by
Unicode 'Script' property) and contains one or more characters
appearing in the Unicode Visually Confusable Characters file.
"""
if not isinstance(value, six.text_type):
return
if confusables.is_dangerous(value):
raise ValidationError(CONFUSABLE, code='invalid')
def validate_confusables(value):
"""
Validator which disallows 'dangerous' usernames likely to
represent homograph attacks.
A username is 'dangerous' if it is mixed-script (as defined by
Unicode 'Script' property) and contains one or more characters
appearing in the Unicode Visually Confusable Characters file.
"""
if not isinstance(value, six.text_type):
return
if confusables.is_dangerous(value):
raise ValidationError(
'Це ім\'я користувача заборонено використовувати')
def check_homograph(domain):
"""Check if domain contain homograph character
Args:
none
Return:
none
"""
homograph_domain = bool(confusables.is_dangerous(domain))
if homograph_domain:
return True
else:
return False
def validate_confusables(value):
"""Avoid mixed-script containing one or more characters in Unicode Visually Confusable Characters file. """
if not isinstance(value, str):
return
if confusables.is_dangerous(value):
raise ValidationError(CONFUSABLE, code="invalid")
def test_dangerous(self):
self.assertTrue(confusables.is_dangerous(looks_good))
self.assertTrue(confusables.is_dangerous(u' ρττ a'))
self.assertTrue(confusables.is_dangerous(u'ρττ a'))
self.assertTrue(confusables.is_dangerous(u'Alloτ'))
self.assertTrue(confusables.is_dangerous(u'www.microsоft.com'))
self.assertTrue(confusables.is_dangerous(u'www.Αpple.com'))
self.assertTrue(confusables.is_dangerous(u'www.faϲebook.com'))
self.assertFalse(
confusables.is_dangerous(u'AlloΓ', preferred_aliases=['latin']))
self.assertFalse(confusables.is_dangerous(is_good))
self.assertFalse(confusables.is_dangerous(u' ρτ.τ'))
self.assertFalse(confusables.is_dangerous(u'ρτ.τ'))
def validate_confusable_user_names(value):
if not isinstance(value, six.text_type):
return
if confusables.is_dangerous(value):
raise ValidationError("", code='invalid')
