For some emails, the message list shows "This message may be a scam" and shows details saying that it had concluded to be so because the link target was different from the link being displayed. The problem is that this was a plain-text email and the links were generated by KMail. Therefore, the issue is that the display and target are not what's in the plain text source.
This email contains a link which reads as 'https://codereview.qt-project.org/q/topic:%22api-change-review-6.2%22+(status:open OR status:abandoned' in the text, but actually points to 'https://codereview.qt-project.org/q/topic:'. This is often the case in scam emails to mislead the recipient
STEPS TO REPRODUCE
1. Open the following email body in an KMail
Scam warning appears
Scam warning should not appear
KDE Plasma Version: 5.22.4
KDE Frameworks Version: 5.84.0
Qt Version: 5.15.2 + KDE patches
The email in question was even received in base64 encoding, so it can't have been improperly decoded. Do note it may have been mangled by the mailing list manager, which appended a footer, but other than that the plain text shouldn't have changed.
The offending line is:
Content-Type: text/plain; charset="utf-8"
Thanks for bug report.
I will investigate it
I can file this as a separate bug report but here's another link. You'll probably get a notification from KMail that the bugzilla email is a scam too.
The details window will say that link points to
'https://www.google.com/search?q=/', which is incorrect. It does not. Neither the status bar nor the actual link when opened in the browser suffered the backslash-to-forwardslash transformation. You're incorrectly passing the full, decoded URL through some path clean routine (QDir::cleanPath?). There are at least two mistakes there.
For the first bug it's not a scam bug it's a problem how we extract url.
I need to fix it.
For second one I have a patch. I need to clean it first.
Git commit ee84101b36b1ea130c39a5bc9c9b3c471bb4edfb by Laurent Montel.
Committed on 12/08/2021 at 17:45.
Pushed by mlaurent into branch 'release/21.08'.
Fix false positive for url "https://www.google.com/search?q=%5C"
M +5 -2 messageviewer/src/scamdetection/autotests/scamdetectionwebenginetest.cpp
M +5 -2 messageviewer/src/scamdetection/scamdetectionwebengine.cpp
Sorry, that can't can't be right. If you have to put the backslashes back, something went wrong before and there may be more.
What were was the value of href and normalizedHref before the toDisplayString call?
(In reply to Thiago Macieira from comment #5)
> Sorry, that can't can't be right. If you have to put the backslashes back,
> something went wrong before and there may be more.
> What were was the value of href and normalizedHref before the
> toDisplayString call?
"QDEBUG : ScamDetectionWebEngineTest::scamtest(scam5C) 21:01:51.884 scamdetectionwebenginetest(16715) ?[32mMessageViewer::ScamDetectionWebEngine::handleScanPage?[0m text "https://www.google.com/search?q=%5C" href "https://www.google.com/search?q=%5C" normalizedHref "https://www.google.com/search?q=%5C""
It was a bug created from a specific url found long time ago:
=> I fixed it and now all autotest works.
> It was a bug created from a specific url found long time ago:
> "<a "
> => I fixed it and now all autotest works.
This one should have triggered the warning, because it isn't the same URL. You may want to do the backslash replacement only on the path component instead of the whole URL, if this case is still important.
(In reply to Thiago Macieira from comment #7)
> > It was a bug created from a specific url found long time ago:
> > "<a "
> > "href=\"http://g-ecx.images-amazon.com/images/G/01/barcodes/blank003.
> > jpg%5CnUse\">http://g-ecx.images-amazon.com/images/G/01/barcodes/blank003.
> > jpg/nUse</a>"
> > => I fixed it and now all autotest works.
> This one should have triggered the warning, because it isn't the same URL.
> You may want to do the backslash replacement only on the path component
> instead of the whole URL, if this case is still important.
yep it warns and it's ok in my patch.
Perhaps I need to replace only in path component indeed.