SpamCopURI-0.19 seems (is!) broken

Mariano Absatz el.baby at GMAIL.COM
Tue Jul 27 21:52:36 IST 2004 

On Tue, 27 Jul 2004 16:37:34 -0400, Jeff A. Earickson
<jaearick at colby.edu> wrote:
> Gang,
>     I spent all day tearing down and rebuilding my perl setup for
> MailScanner today -- I am now running a non-threaded version of
> perl 5.8.5 plus all of the zillions of other perl modules needed
> for SA 2.63, razor, SpamcopURI, etc, etc.  I never succeeded in
> getting SpamCopURI-0.19 to work -- I couldn't get rid of the
> "eval:" complaints from "spamassassin -D --lint".  So I reinstalled
> SpamCopURI-0.18 and my old /etc/mail/spamassassin directory and
> everything works great again.  The only change there is that I
> got rid of BigEvil.cf, since it now claims to be part of ws.surbl.org.
>
> The only joy I got out of all of this is that I got rid of
> a plethora of old perl version directories in perl/lib and
> perl/lib/site_perl.  The only insight that I got from 0.19 is
> that removing the colon after the eval will shut up the lint complaints,
> but things still won't work.
>
> What a puzzler...

Funny thing... the changes seem really minimal, most of it having to
do with the tests (for 'make test')...

>From an operational pov, the only thing is that it removes ':NN' from
the end of the hostname if it is there...

Here's a complete diff between both versions:

diff -ru Mail-SpamAssassin-SpamCopURI-0.18/Changes
Mail-SpamAssassin-SpamCopURI-0.19/Changes
--- Mail-SpamAssassin-SpamCopURI-0.18/Changes   Wed May 26 17:41:13 2004
+++ Mail-SpamAssassin-SpamCopURI-0.19/Changes   Wed Jul 21 12:56:48 2004
@@ -1,3 +1,7 @@
+0.19 Wed Jul 21 08:56:57 PDT 2004
+   - fix for hex-encoded urls that have a port
+   - skipping open_redirect tests until reliable open_redirector is found
+
 0.18 Wed May 26 13:41:14 PDT 2004
    - fixed pack template for de-base 10 to use network byte
      order.  This release is only needed by users
diff -ru Mail-SpamAssassin-SpamCopURI-0.18/lib/Mail/SpamAssassin/SpamCopURI.pm
Mail-SpamAssassin-SpamCopURI-0.19/lib/Mail/SpamAssassin/SpamCopURI.pm
--- Mail-SpamAssassin-SpamCopURI-0.18/lib/Mail/SpamAssassin/SpamCopURI.pm
      Wed May 26 17:41:48 2004
+++ Mail-SpamAssassin-SpamCopURI-0.19/lib/Mail/SpamAssassin/SpamCopURI.pm
      Thu Jun  3 11:57:33 2004
@@ -10,7 +10,7 @@
 $MAX_RESOLVE_COUNT = 4; # XXX could make both of these config options
 $LWP_TIMEOUT = 5;

-$VERSION = 0.18;
+$VERSION = 0.19;

 my $IP_RE= qr/^[0-9]+(\.[0-9]+){3}$/;
 my $HEX_IP_RE= qr/^(0x[a-f0-9]{2}|[0-9]+)(\.0x[a-f0-9]{2}|\.[0-9]+){3}$/i;
@@ -271,6 +271,10 @@
   # convert IPs like 1110325108 to 66.46.55.116
   $url{host} = _debase10_host($url{host});

+  # URI doesn't always put the port in the right place
+  # so we strip it off here
+  $url{host} =~ s/:[0-9]+$// if $url{host};
+
   if ($url{host} && $url{host} !~ $IP_RE) {

     # RFC 1034 Section 3.1 says there should only be letters, digits and
diff -ru Mail-SpamAssassin-SpamCopURI-0.18/t/open_redirect.t
Mail-SpamAssassin-SpamCopURI-0.19/t/open_redirect.t
--- Mail-SpamAssassin-SpamCopURI-0.18/t/open_redirect.t Sat May 15 04:58:23 2004
+++ Mail-SpamAssassin-SpamCopURI-0.19/t/open_redirect.t Wed Jul 21 12:57:23 2004
@@ -26,9 +26,18 @@


 SKIP: {
-  eval { require LWP::UserAgent };
+  #eval { require LWP::UserAgent;
+  #      my $ua = LWP::UserAgent->new;
+  #      $ua->timeout(10);
+  #      $ua->env_proxy;
+  #      my $response = $ua->get('http://www.surbl.org/');
+  #      $response->is_success or die "request failed: " .
$response->as_string;
+  #};
+  #skip "LWP::UserAgent not installed or can't fetch", 5 if $@;
+
+  skip "Need reliable open redirect to test against - rd.yahoo.com is
closed", 5 if 1;
+

-  skip "LWP::UserAgent not installed", 5 if $@;

   my $sc = Mail::SpamAssassin::SpamCopURI->new($msg);

diff -ru Mail-SpamAssassin-SpamCopURI-0.18/t/spamcopuri.t
Mail-SpamAssassin-SpamCopURI-0.19/t/spamcopuri.t
--- Mail-SpamAssassin-SpamCopURI-0.18/t/spamcopuri.t    Wed May 26 17:40:42 2004
+++ Mail-SpamAssassin-SpamCopURI-0.19/t/spamcopuri.t    Thu Jun  3 11:56:59 2004
@@ -1,6 +1,6 @@
 #!perl -w

-use Test::More tests => 12;
+use Test::More tests => 13;
 use Mail::SpamAssassin::SpamCopURI;
 use Mail::SpamAssassin::PerMsgStatus;

@@ -63,3 +63,10 @@
 $sc_url = $sc->_spamcop_uri('http://1110325108/bigtitpatrol/index.html');

 ok($sc_url->{host} eq '66.46.55.116', 'host was de-base10');
+
+$sc_url = $sc->_spamcop_uri('http://%38%31%2E%32%30%38%2E%33%31%2E%31%37%33:%34%39%30%33/%63%69%74/%69%6E%64%65%78%2E%68%74%6D');
+
+# port was tacked on to the host as: 81.208.31.173:4903
+ok($sc_url->{host} eq '81.208.31.173', 'host was de-hexed properly
and port stripped off');
+
+


--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list