https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7985
Bug ID: 7985
Summary: DecodeShortURLs errors when multiple shortened urls in
message
Product: Spamassassin
Version: 4.0.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: sid...@sidney.com
Target Milestone: Undefined
The DecodeShortURLs plugin detects URL shortener links and also detects if a
shortener link links to another shortener link, if it returns a HTTP 200 status
which means it does actually redirect, if it returns a 404 not found, if while
following chained links it loops back on itself, or if it chains to a depth of
10.
All of those six circumstances will trigger the eval:short_url() rule. The last
five also trigger rules eval:short_url_chained(), etc.
The bug is that if a link is processed that links to another shortener link, or
returns HTTP 200 or 404, then if another shortener link is found and processed,
that clears the condition set earlier. As a result the short_url_chained or 200
or 400 rule is not triggered by the message.
To reproduce this, run the t/decodeshorturl.t test, or define rules for the
various eval rules in the plugin and run
spamassassin -t -D DecodeShortURLs < t/data/spam/decodeshorturl/chain.eml
multiple times. Depending on which of the two shortened URLs in the message
finish processing first, the result may or may not hit the short_url_chained
rule.
I have a fix that works when I test it, but I'll put it up here for review
before I commit it, as I have a question about how it might interact with
running under spamd.
--
You are receiving this mail because:
You are the assignee for the bug.
