def validate_confusables_email(value): """ Validator which disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. """ # we need a single @ in the email at_symbols = re.findall(r'@', value) if len(at_symbols) != 1: return False local_part, domain = value.split('@') if confusables.is_dangerous(local_part) or confusables.is_dangerous( domain): return False if local_part in DEFAULT_RESERVED_NAMES: return False return True
def validate_confusables_email(*, local_part: str, domain: str, exception_class: Callable) -> None: """Disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. Args: local_part: the local part of the email addres, before @. domain: the domain part of the email addres, after @. exception_class: Callable Exception class Examples: >>> from teached.users import validators >>> validators.validate_confusables_email(local_part="ΑlaskaJazz", domain="ΑlaskaJazz", exception_class=ValueError) # noqa: B950 Traceback (most recent call last): ... ValueError: This email address cannot be registered. Please supply a different email address. >>> validators.validate_confusables_email(local_part="123", domain="123", exception_class=ValueError) None Raises: exception_class: call the exception class if the value is dangerous. """ if confusables.is_dangerous(local_part) or confusables.is_dangerous( domain): raise exception_class(CONFUSABLE_EMAIL)
def validate_confusables_email(value): """ Validator which disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. """ # Email addresses are extremely difficult. # # The current RFC governing syntax of email addresses is RFC 5322 # which, as the HTML5 specification succinctly states, "defines a # syntax for e-mail addresses that is simultaneously too strict # ... too vague ... and too lax ... to be of practical use". # # In order to be useful, this validator must consider only the # addr-spec portion of an email address, and must examine the # local-part and the domain of that addr-spec # separately. Unfortunately, there are no good general-purpose # Python libraries currently available (that the author of # django-registration is aware of), supported on all versions of # Python django-registration supports, which can reliably provide # an RFC-complient parse of either a full address or an addr-spec # which allows the local-part and domain to be treated separately. # # To work around this shortcoming, RegistrationForm applies the # HTML5 email validation rule, which HTML5 admits (in section # 4.10.5.1.5) is a "willful violation" of RFC 5322, to the # submitted email address. This will reject many technically-valid # but problematic email addresses, including those which make use # of comments, or which embed otherwise-illegal characters via # quoted-string. # # That in turn allows this validator to take a much simpler # approach: it considers any value containing exactly one '@' # (U+0040) to be an addr-spec, and consders everything prior to # the '@' to be the local-part and everything after to be the # domain, and performs validation on them. Any value not # containing exactly one '@' is assumed not to be an addr-spec, # and is thus "accepted" by not being validated at all. if value.count("@") != 1: return local_part, domain = value.split("@") if confusables.is_dangerous(local_part) or confusables.is_dangerous( domain): raise ValidationError(CONFUSABLE_EMAIL, code="invalid")
def validate_confusables(value): """ Validator which disallows 'dangerous' usernames likely to represent homograph attacks. A username is 'dangerous' if it is mixed-script (as defined by Unicode 'Script' property) and contains one or more characters appearing in the Unicode Visually Confusable Characters file. """ if not isinstance(value, six.text_type): return if confusables.is_dangerous(value) or \ confusables.is_dangerous(value.lower()): raise ValidationError(CONFUSABLE, code='confusable_value')
def validate_confusables_email(value): """ Validator which disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. """ if '@' not in value: return local_part, domain = value.split('@') if confusables.is_dangerous(local_part) or \ confusables.is_dangerous(domain): raise ValidationError(CONFUSABLE_EMAIL, code='invalid')
def validate_confusables_email(*, local_part: str, domain: str, exception_class) -> None: """ Validator which disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. """ if confusables.is_dangerous(local_part) or confusables.is_dangerous( domain): raise exception_class(CONFUSABLE_EMAIL, code=_("invalid"))
def validate_confusables(*, value: str, exception_class: Callable) -> None: """Disallows 'dangerous' usernames likely to represent homograph attacks. A username is 'dangerous' if it is mixed-script (as defined by Unicode 'Script' property) and contains one or more characters appearing in the Unicode Visually Confusable Characters file. Args: value: string. exception_class: Callable Exception class Examples: >>> from teached.users import validators >>> validators.validate_confusables(value="ΑlaskaJazz", exception_class=ValueError) # noqa: B950 Traceback (most recent call last): ... ValueError: This name cannot be registered.Please choose a different name. >>> validators.validate_confusables(value="123", exception_class=ValueError) None Raises: exception_class: call the exception class if the value is dangerous. """ if confusables.is_dangerous(value): raise exception_class(CONFUSABLE)
def validate_confusables(value: str): """ This validates if the value is not a confusable homoglyph. """ return confusables.is_dangerous(value)
def validate_confusables_email(value): """ Validator which disallows 'dangerous' email addresses likely to represent homograph attacks. An email address is 'dangerous' if either the local-part or the domain, considered on their own, are mixed-script and contain one or more characters appearing in the Unicode Visually Confusable Characters file. """ if '@' not in value: return local_part, domain = value.split('@') if confusables.is_dangerous(local_part) or \ confusables.is_dangerous(domain): raise ValidationError(CONFUSABLE_EMAIL, code='invalid')
def validate_confusables_email(value): """For emails, avoid mixed-script characters in the Unicode Visually Confusable Characters file. """ # The HTML5 specification states the RFC 5322 (governing email addresses) "defines # a syntax for e-mail addresses that is simultaneously too strict ... too vague # ... and too lax ... to be of practical use". Meanwhile, the HTML5 email validation # rule is self-admittedly (in section # 4.10.5.1.5) is a "willful violation" of # RFC 5322, to the submitted email address. # # We want to separately consider the local and domain parts of the email address. # We are simplifying this task by assuming that there must be exactly one '@' (U+0040), # and this separates the local and domain parts of the email address. if value.count("@") != 1: return local_part, domain = value.split("@") if confusables.is_dangerous(local_part) or confusables.is_dangerous( domain): raise ValidationError(CONFUSABLE_EMAIL, code="invalid")
def validate_confusables(self, value): """ Validator which disallows 'dangerous' usernames likely to represent homograph attacks. A username is 'dangerous' if it is mixed-script (as defined by Unicode 'Script' property) and contains one or more characters appearing in the Unicode Visually Confusable Characters file. """ if confusables.is_dangerous(value): raise Exception(CONFUSABLE)
def validate_confusables(value): ''' This validates if the value is not a confusable homoglyph. ''' if confusables.is_dangerous(value): return False else: return True
def validate_confusables(value): """ Validator which disallows 'dangerous' usernames likely to represent homograph attacks. A username is 'dangerous' if it is mixed-script (as defined by Unicode 'Script' property) and contains one or more characters appearing in the Unicode Visually Confusable Characters file. """ if not isinstance(value, six.text_type): return if confusables.is_dangerous(value): raise ValidationError(CONFUSABLE, code='invalid')
def validate_confusables(value): """ Validator which disallows 'dangerous' usernames likely to represent homograph attacks. A username is 'dangerous' if it is mixed-script (as defined by Unicode 'Script' property) and contains one or more characters appearing in the Unicode Visually Confusable Characters file. """ if not isinstance(value, six.text_type): return if confusables.is_dangerous(value): raise ValidationError( 'Це ім\'я користувача заборонено використовувати')
def check_homograph(domain): """Check if domain contain homograph character Args: none Return: none """ homograph_domain = bool(confusables.is_dangerous(domain)) if homograph_domain: return True else: return False
def validate_confusables(value): """Avoid mixed-script containing one or more characters in Unicode Visually Confusable Characters file. """ if not isinstance(value, str): return if confusables.is_dangerous(value): raise ValidationError(CONFUSABLE, code="invalid")
def test_dangerous(self): self.assertTrue(confusables.is_dangerous(looks_good)) self.assertTrue(confusables.is_dangerous(u' ρττ a')) self.assertTrue(confusables.is_dangerous(u'ρττ a')) self.assertTrue(confusables.is_dangerous(u'Alloτ')) self.assertTrue(confusables.is_dangerous(u'www.microsоft.com')) self.assertTrue(confusables.is_dangerous(u'www.Αpple.com')) self.assertTrue(confusables.is_dangerous(u'www.faϲebook.com')) self.assertFalse( confusables.is_dangerous(u'AlloΓ', preferred_aliases=['latin'])) self.assertFalse(confusables.is_dangerous(is_good)) self.assertFalse(confusables.is_dangerous(u' ρτ.τ')) self.assertFalse(confusables.is_dangerous(u'ρτ.τ'))
def validate_confusable_user_names(value): if not isinstance(value, six.text_type): return if confusables.is_dangerous(value): raise ValidationError("", code='invalid')