safety: fix safeify_url() exception on python 3.11

sopel-irc · Nov 21, 2024 · d3b0cf4 · d3b0cf4
1 parent e7d8648
commit d3b0cf4
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 6 deletions.
diff --git a/sopel/builtins/safety.py b/sopel/builtins/safety.py
@@ -126,11 +126,16 @@ def setup(bot: Sopel) -> None:
 
 def safeify_url(url: str) -> str:
     """Replace bits of a URL to make it hard to browse to."""
-    parts = urlparse(url)
-    scheme = "hxx" + parts.scheme[3:]  # hxxp
-    netloc = parts.netloc.replace(".", "[.]")  # google[.]com and IPv4
-    netloc = netloc.replace(":", "[:]")  # IPv6 addresses (bad lazy method)
-    return urlunparse((scheme, netloc) + parts[2:])
+    try:
+        parts = urlparse(url)
+        scheme = parts.scheme.replace("t", "x")  # hxxp
+        netloc = parts.netloc.replace(".", "[.]")  # google[.]com and IPv4
+        netloc = netloc.replace(":", "[:]")  # IPv6 addresses (bad lazy method)
+        return urlunparse((scheme, netloc) + parts[2:])
+    except Exception:
+        pass
+    # Still try to defang URLs that fail parsing
+    return url.replace(":", "[:]").replace(".", "[.]")
 
 
 def download_domain_list(bot: Sopel, path: str) -> bool:
@@ -224,7 +229,6 @@ def url_handler(bot: SopelWrapper, trigger: Trigger) -> None:
     strict = "strict" in mode
 
     for url in tools.web.search_urls(trigger):
-        safe_url = safeify_url(url)
 
         positives = 0  # Number of engines saying it's malicious
         total = 0  # Number of total engines
@@ -249,6 +253,7 @@ def url_handler(bot: SopelWrapper, trigger: Trigger) -> None:
 
         if positives >= 1:
             # Possibly malicious URL detected!
+            safe_url = safeify_url(url)
             LOGGER.info(
                 "Possibly malicious link (%s/%s) posted in %s by %s: %r",
                 positives,

diff --git a/test/builtins/test_builtins_safety.py b/test/builtins/test_builtins_safety.py
@@ -0,0 +1,35 @@
+"""Tests for Sopel's ``safety`` plugin"""
+
+from __future__ import annotations
+
+import pytest
+
+from sopel.builtins.safety import safeify_url
+
+URL_TESTS = (
+    # Valid URLs
+    ("http://example.com", "hxxp://example[.]com"),
+    ("http://1.2.3.4/", "hxxp://1[.]2[.]3[.]4/"),
+    ("http://[fd00:1234::4321]/", "hxxp://[fd00[:]1234[:][:]4321]/"),
+    ("ftp://1.2.3.4/", "fxp://1[.]2[.]3[.]4/"),
+    # Invalid, but parsed anyway
+    ("http://<Target-IP>/", "hxxp://<Target-IP>/"),
+    ("http://1.2.3.4.5/", "hxxp://1[.]2[.]3[.]4[.]5/"),
+    ("http://555.555.555.555/", "hxxp://555[.]555[.]555[.]555/"),
+    # Fallback path
+    ("http://[fd00:::]/", "http[:]//[fd00[:][:][:]]/"),
+)
+
+
+@pytest.mark.parametrize("original, safed", URL_TESTS)
+def test_safeify_url(original, safed):
+    assert safeify_url(original) == safed
+
+
+def test_safeify_maybe_parsefail():
+    # Parse succeeds in python <=3.10 but fails in 3.11
+    original = "http://[Target-IP]/account_mgr.cgi"
+    parseok = "hxxp://[Target-IP]/account_mgr.cgi"
+    parsefail = "http[:]//[Target-IP]/account_mgr[.]cgi"
+
+    assert safeify_url(original) in (parseok, parsefail)