Skip to content

Commit

Permalink
remove email address detection in string literals (#876)
Browse files Browse the repository at this point in the history
Signed-off-by: Max Fisher <[email protected]>
  • Loading branch information
maxfisher-g authored Sep 12, 2023
1 parent 5d37dfb commit 92541c7
Show file tree
Hide file tree
Showing 6 changed files with 0 additions and 37 deletions.
1 change: 0 additions & 1 deletion internal/staticanalysis/analyze_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ func makeDesiredResult(files ...testFile) *Result {
SuspiciousIdentifiers: []signals.SuspiciousIdentifier{},
EscapedStrings: []signals.EscapedString{},
Base64Strings: []string{},
EmailAddresses: []string{},
HexStrings: []string{},
IPAddresses: []string{},
URLs: []string{},
Expand Down
2 changes: 0 additions & 2 deletions internal/staticanalysis/signals/analyze.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ func AnalyzeSingle(parseData parsing.SingleResult) FileSignals {
SuspiciousIdentifiers: []SuspiciousIdentifier{},
URLs: []string{},
IPAddresses: []string{},
EmailAddresses: []string{},
}

for _, name := range identifierNames {
Expand All @@ -57,7 +56,6 @@ func AnalyzeSingle(parseData parsing.SingleResult) FileSignals {
signals.HexStrings = append(signals.HexStrings, detections.FindHexSubstrings(sl.Value)...)
signals.URLs = append(signals.URLs, detections.FindURLs(sl.Value)...)
signals.IPAddresses = append(signals.IPAddresses, detections.FindIPAddresses(sl.Value)...)
signals.EmailAddresses = append(signals.EmailAddresses, detections.FindEmailAddresses(sl.Value)...)
if detections.IsHighlyEscaped(sl, 8, 0.25) {
escapedString := EscapedString{
Value: sl.Value,
Expand Down
7 changes: 0 additions & 7 deletions internal/staticanalysis/signals/detections/addresses.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,6 @@ var urlPathAndQuery = regexp.MustCompile(`(?:/(?:[^.]\S*)?)?(?:\?\S*)?`)
// urlRegex is a fairly permissive url regex. Parts: scheme, subdomains, TLD, port, url query
var urlRegexp = regexp.MustCompile(fmt.Sprintf(`%s:(?://%s)%s`, urlSchemes, urlAuthority, urlPathAndQuery))

var emailUsername = regexp.MustCompile(`[^\s@]{1,64}`)
var emailRegexp = regexp.MustCompile(fmt.Sprintf(`(?:mailto)?%s@[^\s@]{1,255}`, emailUsername))

var ipv4URLRegexp = regexp.MustCompile(fmt.Sprintf(`%s://(?:%s)%s?%s`, urlSchemes, ipv4Regexp, port, urlPathAndQuery))
var ipv6URLRegexp = regexp.MustCompile(fmt.Sprintf(`%s://\[(?:%s)]%s?%s`, urlSchemes, ipv6Regexp, port, urlPathAndQuery))

Expand All @@ -75,10 +72,6 @@ func FindURLs(s string) []string {
return urls
}

func FindEmailAddresses(s string) []string {
return emailRegexp.FindAllString(s, -1)
}

func findIPv4Addresses(s string) []string {
return ipv4Regexp.FindAllString(s, -1)
}
Expand Down
18 changes: 0 additions & 18 deletions internal/staticanalysis/signals/detections/addresses_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -285,21 +285,3 @@ func TestIPv6Regexp(t *testing.T) {
}
}
}

// TestEmailRegexp tests exact matching on single email addresses
// The regexp is fairly lenient so some technically invalid email addresses
// may get picked up as valid.
func TestEmailRegexp(t *testing.T) {
for _, addr := range validEmailAddresses {
result := FindEmailAddresses(addr)
if !(len(result) == 1 && addr == result[0]) {
t.Errorf("expected to detect valid email address %s, got %v", addr, result)
}
}
for _, addr := range invalidEmailAddresses {
result := FindEmailAddresses(addr)
if len(result) == 1 && addr == result[0] {
t.Errorf("expected not to detect invalid email address %s, got %v", addr, result)
}
}
}
4 changes: 0 additions & 4 deletions internal/staticanalysis/signals/file_signals.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ type FileSignals struct {
// length in order to reduce the number of false positives.
Base64Strings []string `json:"base64_strings"`

// EmailAddresses contains any email addresses found in string literals
EmailAddresses []string `json:"email_addresses"`

// HexStrings holds a list of (substrings of) string literals found in the
// file that contain long (>8 digits) hexadecimal digit sequences.
HexStrings []string `json:"hex_strings"`
Expand All @@ -53,7 +50,6 @@ func (s FileSignals) String() string {
fmt.Sprintf("escaped strings: %v", s.EscapedStrings),
fmt.Sprintf("potential base64 strings: %v", s.Base64Strings),
fmt.Sprintf("hex strings: %v", s.HexStrings),
fmt.Sprintf("email addresses: %v", s.EmailAddresses),
fmt.Sprintf("hex strings: %v", s.HexStrings),
fmt.Sprintf("IP addresses: %v", s.IPAddresses),
fmt.Sprintf("URLs: %v", s.URLs),
Expand Down
5 changes: 0 additions & 5 deletions internal/staticanalysis/signals/file_signals_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ var fileSignalsTestCases = []fileSignalsTestCase{
SuspiciousIdentifiers: []SuspiciousIdentifier{},
EscapedStrings: []EscapedString{},
Base64Strings: []string{},
EmailAddresses: []string{},
HexStrings: []string{},
IPAddresses: []string{},
URLs: []string{},
Expand All @@ -49,7 +48,6 @@ var fileSignalsTestCases = []fileSignalsTestCase{
SuspiciousIdentifiers: []SuspiciousIdentifier{{Name: "a", Rule: "single"}},
EscapedStrings: []EscapedString{},
Base64Strings: []string{},
EmailAddresses: []string{},
HexStrings: []string{},
IPAddresses: []string{},
URLs: []string{},
Expand Down Expand Up @@ -85,7 +83,6 @@ var fileSignalsTestCases = []fileSignalsTestCase{
},
EscapedStrings: []EscapedString{},
Base64Strings: []string{},
EmailAddresses: []string{},
HexStrings: []string{},
IPAddresses: []string{},
URLs: []string{},
Expand Down Expand Up @@ -120,7 +117,6 @@ var fileSignalsTestCases = []fileSignalsTestCase{
},
EscapedStrings: []EscapedString{},
Base64Strings: []string{"aGVsbG8gd29ybGQK"},
EmailAddresses: []string{"[email protected]"},
HexStrings: []string{"21323492394"},
IPAddresses: []string{"8.8.8.8", "e3fc:234a:2341::abcd"},
URLs: []string{"https://this.is.a.website.com"},
Expand All @@ -141,7 +137,6 @@ var fileSignalsTestCases = []fileSignalsTestCase{
IdentifierLengths: valuecounts.New(),
SuspiciousIdentifiers: []SuspiciousIdentifier{},
Base64Strings: []string{},
EmailAddresses: []string{},
HexStrings: []string{},
IPAddresses: []string{},
URLs: []string{},
Expand Down

0 comments on commit 92541c7

Please sign in to comment.