Class: HomographicSpoofing::Detector::Idn

Inherits:
Object
  • Object
show all
Defined in:
lib/homographic_spoofing/detector/idn.rb

Overview

Detects IDN Spoofing homographic attacks (See en.wikipedia.org/wiki/IDN_homograph_attack).

The implementation follows Google Chrome IDN policy (See chromium.googlesource.com/chromium/src.git/+/master/docs/idn.md#google-chrome_s-idn-policy) but with some limitations:

- It doesn't rely on ICU4C uspoof.h (https://unicode-org.github.io/icu-docs/apidoc/released/icu4c/uspoof_8h.html)
  hence the script confusable detection is not as precise.
- It doesn't implement 13. of Google IDN policy.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(domain) ⇒ Idn

Returns a new instance of Idn.



18
19
20
 
# File 'lib/homographic_spoofing/detector/idn.rb', line 18

def initialize(domain)
  @domain = domain.downcase
end

Class Method Details

.detected?(domain) ⇒ Boolean

Returns:

  • (Boolean) 


10
11
12
 
# File 'lib/homographic_spoofing/detector/idn.rb', line 10

def self.detected?(domain)
  new(domain).detected?
end

.detections(domain) ⇒ Object 



14
15
16
 
# File 'lib/homographic_spoofing/detector/idn.rb', line 14

def self.detections(domain)
  new(domain).detections
end

Instance Method Details

#detected?Boolean

Returns:

  • (Boolean) 


22
23
24
 
# File 'lib/homographic_spoofing/detector/idn.rb', line 22

def detected?
  detections.any?
end

#detectionsObject 



26
27
28
29
30
31
32
33
 
# File 'lib/homographic_spoofing/detector/idn.rb', line 26

def detections
  rules.select(&:attack_detected?).map do |rule|
    HomographicSpoofing::Detector::Detection.new(rule.reason, rule.label)
  end
rescue PublicSuffix::Error
  # Invalid IDN is a spoof.
  [ HomographicSpoofing::Detector::Detection.new("invalid_domain", domain) ]
end