Bug #279191 --> Initial Thunderbird support for our phishing detector.

2005-01-21 07:50:50 +00:00 · 2005-01-21 07:50:50 +00:00 · 2cf05a25e2
--- a/mail/app/profile/all-thunderbird.js
+++ b/mail/app/profile/all-thunderbird.js
@ -108,6 +108,8 @@ pref("update.severity", 0);

 pref("xpinstall.whitelist.add", "update.mozilla.org,addons.mozilla.org");

+pref("mail.phishing.detection.enabled", true); // enable / disable phishing detection for link clicks
+
 /////////////////////////////////////////////////////////////////
 // Overrides of the seamonkey suite mailnews.js prefs
 ///////////////////////////////////////////////////////////////// 
--- a/mail/base/content/contentAreaClick.js
+++ b/mail/base/content/contentAreaClick.js
@ -45,31 +45,13 @@
 *    - gatherTextUnder
 */

-  var pref = null;
-  pref = Components.classes["@mozilla.org/preferences-service;1"]
-                   .getService(Components.interfaces.nsIPrefBranch);
+  var pref = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);

-  // Prefill a single text field
-  function prefillTextBox(target) {
-
-    // obtain values to be used for prefilling
-    var walletService = Components.classes["@mozilla.org/wallet/wallet-service;1"].getService(Components.interfaces.nsIWalletService);
-    var value = walletService.WALLET_PrefillOneElement(window._content, target);
-    if (value) {
-
-      // result is a linear sequence of values, each preceded by a separator character
-      // convert linear sequence of values into an array of values
-      var separator = value[0];
-      var valueList = value.substring(1, value.length).split(separator);
-
-      target.value = valueList[0];
-    }
-  }
-  
-  function hrefForClickEvent(event)
+  function linkNodeForClickEvent(event)
  {
    var target = event.target;
    var linkNode;
+    var linkNodeText;

    var local_name = target.localName;

@ -87,13 +69,6 @@
          linkNode = target;
        break;
      case "input":
-        if ((event.target.type == "text") // text field
-            && !isKeyPress       // not a key event
-            && event.detail == 2 // double click
-            && event.button == 0 // left mouse button
-            && event.target.value.length == 0) { // no text has been entered
-          prefillTextBox(target); // prefill the empty text field if possible
-        }
        break;
      default:
        linkNode = findParentNode(event.originalTarget, "a");
@ -103,24 +78,8 @@
          linkNode = null;
        break;
    }
-    var href;
-    if (linkNode) {
-      href = linkNode.href;
-    } else {
-      // Try simple XLink
-      linkNode = target;
-      while (linkNode) {
-        if (linkNode.nodeType == Node.ELEMENT_NODE) {
-          href = linkNode.getAttributeNS("http://www.w3.org/1999/xlink", "href");
-          break;
-        }
-        linkNode = linkNode.parentNode;
-      }
-      if (href && href != "") {
-        href = makeURLAbsolute(target.baseURI,href);
-      }
-    }
-    return href;
+
+    return linkNode;
  }

  // Called whenever the user clicks in the content area,
@ -128,10 +87,13 @@
  // should always return true for click to go through
  function contentAreaClick(event) 
  {
-    var href = hrefForClickEvent(event);
-    if (href) {
-      handleLinkClick(event, href, null);
-      return true;
+    var linkNode = linkNodeForClickEvent(event);
+    if (linkNode && linkNode.href) 
+    {
+      handleLinkClick(event, linkNode.href, null);
+      // block the link click if we determine that this URL
+      // is phishy (i.e. a potential email scam)
+      return isPhishingURL(linkNode, false); 
    }

    return true;
@ -140,7 +102,6 @@
  function openNewTabOrWindow(event, href, sendReferrer)
  {
    // always return false for stand alone mail (MOZ_THUNDERBIRD)
-
    // let someone else deal with it
    return false;
  }
--- a/mail/base/content/messageWindow.xul
+++ b/mail/base/content/messageWindow.xul
@ -62,6 +62,7 @@
  <script type="application/x-javascript" src="chrome://communicator/content/contentAreaUtils.js"/>
  <script type="application/x-javascript" src="chrome://communicator/content/nsContextMenu.js"/>
  <script type="application/x-javascript" src="chrome://messenger/content/mailContextMenus.js"/>
+  <script type="application/x-javascript" src="chrome://messenger/content/phishingDetector.js"/>
  <script type="application/x-javascript" src="chrome://communicator/content/contentAreaClick.js"/>
  <script type="application/x-javascript" src="chrome://communicator/content/contentAreaUtils.js"/>
  <script type="application/x-javascript" src="chrome://global/content/nsTransferable.js"/>
--- a/mail/base/content/messenger.xul
+++ b/mail/base/content/messenger.xul
@ -66,6 +66,7 @@
 <script type="application/x-javascript" src="chrome://messenger/content/accountUtils.js"/>
 <script type="application/x-javascript" src="chrome://messenger/content/msgAccountCentral.js"/>
 <script type="application/x-javascript" src="chrome://messenger/content/searchBar.js"/>
+<script type="application/x-javascript" src="chrome://messenger/content/phishingDetector.js"/>
 <script type="application/x-javascript" src="chrome://communicator/content/contentAreaClick.js"/>
 <script type="application/x-javascript" src="chrome://global/content/nsTransferable.js"/>
 <script type="application/x-javascript" src="chrome://global/content/nsDragAndDrop.js"/>
@ -374,7 +375,7 @@
          <browser id="messagepane" context="messagePaneContext" autofind="false"
                   minheight="1" flex="1" name="messagepane"
                  disablehistory="true" type="content-primary" src="about:blank"
-                   disablesecurity="true" onclick="contentAreaClick(event);"/>
+                   disablesecurity="true" onclick="return contentAreaClick(event);"/>
          <hbox id="attachmentView"/>
        </vbox>  
      </box>
--- a/mail/base/content/phishingDetector.js
+++ b/mail/base/content/phishingDetector.js
@ -0,0 +1,125 @@
+# -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is Thunderbird Phishing Dectector
+#
+#
+# Contributor(s):
+#  Scott MacGregor <mscott@mozilla.org>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK ******
+
+// Dependencies: 
+// gPrefBranch, gBrandBundle, gMessengerBundle should already be defined
+// gatherTextUnder from utilityOverlay.js
+
+const kPhishingNotSuspicious = 0;
+const kPhishingWithIPAddress = 1;
+const kPhishingWithMismatchedHosts = 2;
+
+//////////////////////////////////////////////////////////////////////////////
+// isPhishingURL --> examines the passed in linkNode and returns true if we think
+//                   the URL is an email scam.
+// aLinkNode: the link node to examine
+// aSilentMode: don't prompt the user to confirm
+//////////////////////////////////////////////////////////////////////////////
+
+function isPhishingURL(aLinkNode, aSilentMode)
+{
+  if (!gPrefBranch.getBoolPref("mail.phishing.detection.enabled"))
+    return true;
+
+  var phishingType = kPhishingNotSuspicious;
+  var href = aLinkNode.href;
+  var linkTextURL = {};
+  var hrefURL = Components.classes["@mozilla.org/network/standard-url;1"].
+                createInstance(Components.interfaces.nsIURI); 
+  
+  hrefURL.spec = href;
+  
+  // (1) if the host name is an IP address then block the url...
+  // TODO: add support for IPv6
+  var ipv4HostRegExp = new RegExp(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/);  // IPv4
+  if (ipv4HostRegExp.test(hrefURL.host))
+    phishingType = kPhishingWithIPAddress;
+  else if (misMatchedHostWithLinkText(aLinkNode, hrefURL, linkTextURL))
+    phishingType = kPhishingWithMismatchedHosts;
+
+  var isPhishingURL = phishingType != kPhishingNotSuspicious;
+
+  if (!aSilentMode) // allow the user to over ride the decision
+    isPhishingURL = confirmSuspiciousURL(phishingType, hrefURL, linkTextURL.value);
+
+  return isPhishingURL;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+// helper methods in support of isPhishingURL
+//////////////////////////////////////////////////////////////////////////////
+
+function misMatchedHostWithLinkText(aLinkNode, aHrefURL, aLinkTextURL)
+{
+  var linkNodeText = gatherTextUnder(aLinkNode);    
+  // only worry about http and https urls
+  if (linkNodeText && (aHrefURL.schemeIs('http') || aHrefURL.schemeIs('https')))
+  {
+    // does the link text look like a http url?
+     if (linkNodeText.search(/(^http:|^https:)/) != -1)
+     {
+       var linkTextURL = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI); 
+       linkTextURL.spec = linkNodeText;
+       aLinkTextURL.value = linkTextURL;
+       return aHrefURL.host != linkTextURL.host;
+     }
+  }
+
+  return false;
+}
+
+// returns true if the user confirms the URL is a scam
+function confirmSuspiciousURL(phishingType, hrefURL, linkNodeURL)
+{
+  var brandShortName = gBrandBundle.getString("brandRealShortName");
+  var titleMsg = gMessengerBundle.getString("confirmPhishingTitle");
+  var dialogMsg;
+
+  switch (phishingType)
+  {
+    case kPhishingWithIPAddress:
+      dialogMsg = gMessengerBundle.getFormattedString("confirmPhishingUrl" + phishingType, [brandShortName, hrefURL.host], 2);
+      break;
+    case kPhishingWithMismatchedHosts:
+      dialogMsg = gMessengerBundle.getFormattedString("confirmPhishingUrl" + phishingType, [brandShortName, hrefURL.host, linkNodeURL.host], 3);
+      break;
+    default:
+      return false;
+  }
+
+  const nsIPS = Components.interfaces.nsIPromptService;
+  var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(nsIPS);
+  var buttons = nsIPS.STD_YES_NO_BUTTONS + nsIPS.BUTTON_POS_1_DEFAULT;
+  return !promptService.confirmEx(window, titleMsg, dialogMsg, buttons, "", "", "", "", {}); /* the yes button is in position 0 */
+}
--- a/mail/base/jar.mn
+++ b/mail/base/jar.mn
@ -33,6 +33,7 @@ messenger.jar:
 *+  content/messenger/msgSelectOffline.xul          (content/msgSelectOffline.xul)
 *+  content/messenger/msgPrintEngine.xul            (content/msgPrintEngine.xul)
 *+  content/messenger/searchBar.js                  (content/searchBar.js)
+*   content/messenger/phishingDetector.js           (content/phishingDetector.js)
 *+  content/messenger-views/contents.rdf            (content/messenger-views.rdf)
    content/messenger/about-thunderbird.png         (content/about-thunderbird.png)
    content/messenger/about-credits.png             (content/about-credits.png)