From 64badd8646b906f7a406757090afaccff4d93297 Mon Sep 17 00:00:00 2001 From: Philip Whitehouse Date: Sun, 21 Jan 2018 19:57:19 +0000 Subject: [PATCH] Fix Mailsploit - show address if personal component is email address --- .../com/fsck/k9/helper/MessageHelper.java | 10 ++++- .../com/fsck/k9/helper/MessageHelperTest.java | 37 ++++++++++++++++--- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/k9mail/src/main/java/com/fsck/k9/helper/MessageHelper.java b/k9mail/src/main/java/com/fsck/k9/helper/MessageHelper.java index 0895255f4..e2d1a2c69 100644 --- a/k9mail/src/main/java/com/fsck/k9/helper/MessageHelper.java +++ b/k9mail/src/main/java/com/fsck/k9/helper/MessageHelper.java @@ -176,6 +176,14 @@ public class MessageHelper { } } - return (!TextUtils.isEmpty(address.getPersonal())) ? address.getPersonal() : address.getAddress(); + if (!TextUtils.isEmpty(address.getPersonal()) && !isSpoofAddress(address.getPersonal())) { + return address.getPersonal(); + } else { + return address.getAddress(); + } + } + + private static boolean isSpoofAddress(String displayName) { + return displayName.contains("@"); } } diff --git a/k9mail/src/test/java/com/fsck/k9/helper/MessageHelperTest.java b/k9mail/src/test/java/com/fsck/k9/helper/MessageHelperTest.java index 2278a3f5e..f306be0df 100644 --- a/k9mail/src/test/java/com/fsck/k9/helper/MessageHelperTest.java +++ b/k9mail/src/test/java/com/fsck/k9/helper/MessageHelperTest.java @@ -21,13 +21,14 @@ import static junit.framework.Assert.assertTrue; @Config(manifest = Config.NONE) public class MessageHelperTest { private Contacts contacts; - private Contacts mockContacts; + private Contacts contactsWithFakeContact; + private Contacts contactsWithFakeSpoofContact; @Before public void setUp() throws Exception { Context context = RuntimeEnvironment.application; contacts = new Contacts(context); - mockContacts = new Contacts(context) { + contactsWithFakeContact = new Contacts(context) { @Override public String getNameForAddress(String address) { if ("test@testor.com".equals(address)) { return "Tim Testor"; @@ -36,6 +37,15 @@ public class MessageHelperTest { } } }; + contactsWithFakeSpoofContact = new Contacts(context) { + @Override public String getNameForAddress(String address) { + if ("test@testor.com".equals(address)) { + return "Tim@Testor"; + } else { + return null; + } + } + }; } @Test @@ -61,13 +71,14 @@ public class MessageHelperTest { @Test public void testToFriendlyWithContactLookup() throws Exception { Address address = new Address("test@testor.com"); - assertEquals("Tim Testor", MessageHelper.toFriendly(address, mockContacts).toString()); + assertEquals("Tim Testor", MessageHelper.toFriendly(address, contactsWithFakeContact).toString()); } @Test public void testToFriendlyWithChangeContactColor() throws Exception { Address address = new Address("test@testor.com"); - CharSequence friendly = MessageHelper.toFriendly(address, mockContacts, true, true, Color.RED); + CharSequence friendly = MessageHelper.toFriendly(address, contactsWithFakeContact, + true, true, Color.RED); assertTrue(friendly instanceof SpannableString); assertEquals("Tim Testor", friendly.toString()); } @@ -75,7 +86,23 @@ public class MessageHelperTest { @Test public void testToFriendlyWithoutCorrespondentNames() throws Exception { Address address = new Address("test@testor.com", "Tim Testor"); - CharSequence friendly = MessageHelper.toFriendly(address, mockContacts, false, false, 0); + CharSequence friendly = MessageHelper.toFriendly(address, contactsWithFakeContact, + false, false, 0); assertEquals("test@testor.com", friendly.toString()); } + + @Test + public void toFriendly_spoofPreventionOverridesPersonal() { + Address address = new Address("test@testor.com", "potus@whitehouse.gov"); + CharSequence friendly = MessageHelper.toFriendly(address, contacts); + assertEquals("test@testor.com", friendly.toString()); + } + + @Test + public void toFriendly_spoofPreventionDoesntOverrideContact() { + Address address = new Address("test@testor.com", "Tim Testor"); + CharSequence friendly = MessageHelper.toFriendly(address, contactsWithFakeSpoofContact, + true, false, 0); + assertEquals("Tim@Testor", friendly.toString()); + } }