Adding deceptive link detection

rocketbot/cogs/urlspamcog.py

@@ -5,6 +5,7 @@ import re
 from datetime import timedelta
 from discord import Member, Message, utils as discordutils
 from discord.ext import commands
+from discord.utils import escape_markdown
 
 from config import CONFIG
 from rocketbot.cogs.basecog import BaseCog, BotMessage, BotMessageReaction, CogSetting
@@ -43,12 +44,19 @@ class URLSpamCog(BaseCog, name='URL Spam'):
 				'disables URL spam detection.',
 			usage='<seconds:int>',
 			min_value=0)
+	SETTING_DECEPTIVE_ACTION = CogSetting('deceptiveaction', str,
+			brief='action to take on deceptive link markdown',
+			description='The action to take on chat messages with links ' + \
+				'where the text looks like a different URL than the actual link.',
+			enum_values=set(['nothing', 'modwarn', 'modwarndelete', \
+				'chatwarn', 'chatwarndelete', 'delete', 'kick', 'ban']))
 
 	def __init__(self, bot):
 		super().__init__(bot)
 		self.add_setting(URLSpamCog.SETTING_ENABLED)
 		self.add_setting(URLSpamCog.SETTING_ACTION)
 		self.add_setting(URLSpamCog.SETTING_JOIN_AGE)
+		self.add_setting(URLSpamCog.SETTING_DECEPTIVE_ACTION)
 
 	@commands.group(
 		brief='Manages URL spam detection',
@@ -71,7 +79,11 @@ class URLSpamCog(BaseCog, name='URL Spam'):
 			return
 		if not self.get_guild_setting(message.guild, self.SETTING_ENABLED):
 			return
+		await self.check_message_recency(message);
+		await self.check_deceptive_links(message);
 
+	async def check_message_recency(self, message: Message):
+		'Checks if the message was sent too recently by a new user'
 		action = self.get_guild_setting(message.guild, self.SETTING_ACTION)
 		join_seconds = self.get_guild_setting(message.guild, self.SETTING_JOIN_AGE)
 		min_join_age = timedelta(seconds=join_seconds)
@@ -129,6 +141,101 @@ class URLSpamCog(BaseCog, name='URL Spam'):
 			if needs_attention:
 				self.record_warning(message.author)
 
+	async def check_deceptive_links(self, message: Message):
+		"""
+		Checks if the message contains deceptive URL markdown, e.g.
+		`[nicewebsite.com](https://evilwebsite.com)'`
+		"""
+		action = self.get_guild_setting(message.guild, self.SETTING_DECEPTIVE_ACTION)
+		if action == None or action == 'nothing':
+			return
+
+		if not self.contains_deceptive_links(message.content):
+			return
+		mod_text = f'User {message.author.name} ({message.author.id}) posted a deceptive link.'
+		quoted = '> ' + escape_markdown(message.content).replace('\n', '\n> ')
+		mod_text += f'\n\n{quoted}'
+		self.log(message.guild, f'{message.author.name} posted deceptive link - action: {action}')
+		if 'modwarn' in action:
+			if 'delete' in action:
+				mod_text += '\n\nMessage deleted'
+			else:
+				mod_text += f'\n\n{message.jump_url}'
+			bm = BotMessage(message.guild, mod_text, BotMessage.TYPE_MOD_WARNING, suppress_embeds=True)
+			await self.post_message(bm)
+			if 'delete' in action:
+				await message.delete()
+		elif 'chatwarn' in action:
+			if 'delete' in action:
+				response = f':warning: Links with deceptive labels are prohibited :warning:'
+			else:
+				response = f':warning: Message contains a deceptively labeled link! Click carefully. :warning:'
+			await message.reply(response, mention_author=False)
+			if 'delete' in action:
+				await message.delete()
+		elif action == 'delete':
+			mod_text += f'\n\nDeleting message'
+			bm = BotMessage(message.guild, mod_text, BotMessage.TYPE_INFO, suppress_embeds=True)
+			await self.post_message(bm)
+			await message.delete()
+		elif action == 'kick':
+			mod_text += f'\n\nUser kicked'
+			bm = BotMessage(message.guild, mod_text, BotMessage.TYPE_MOD_WARNING, suppress_embeds=True)
+			await self.post_message(bm)
+			await message.delete()
+			await message.author.kick(
+				reason=f'Rocketbot: User posted a deceptive link')
+		elif action == 'ban':
+			mod_text += f'\n\nUser banned'
+			bm = BotMessage(message.guild, mod_text, BotMessage.TYPE_MOD_WARNING, suppress_embeds=True)
+			await self.post_message(bm)
+			await message.author.ban(
+				reason=f'Rocketbot: User posted a deceptive link',
+				delete_message_days=1)
+
+	def contains_deceptive_links(self, content: str) -> bool:
+		# Strip markdown that can safely contain URL sequences
+		content = re.sub(r'`[^`]+`', '', content)  # `inline code`
+		content = re.sub(r'```.+?```', '', content, re.DOTALL)  # ``` code block ```
+		matches = re.findall(r'\[([^\]]+)\]\(([^\)]+)\)', content)
+		for match in matches:
+			original_label: str = match[0].strip()
+			original_link: str = match[1].strip()
+			label: str = original_label
+			link: str = original_link
+			if link.startswith('<') and link.endswith('>'):
+				link = link[1:-1]
+			if self.is_url(label):
+				if label != link:
+					return True
+			elif self.is_casual_url(label):
+				# Trim www. for easier comparisons.
+				if link.startswith('https://www.'):
+					link = 'https://' + link[12:]
+				if link.startswith('http://www.'):
+					link = 'http://' + link[11:]
+				if link.endswith('/'):
+					link = link[:-1]
+				if label.startswith('www.'):
+					label = label[4:]
+				if label.endswith('/'):
+					label = label[:-1]
+				if link.startswith('https://') and 'https://' + label != link:
+					return True
+				elif link.startswith('http://') and 'http://' + label != link:
+					return True
+		return False
+
+	def is_url(self, s: str):
+		'Tests if a string is strictly a URL'
+		pattern = r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
+		return re.match(pattern, s, re.IGNORECASE) != None
+
+	def is_casual_url(self, s: str):
+		'Tests if a string is a "casual URL" with no scheme included'
+		pattern = r'(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
+		return re.match(pattern, s, re.IGNORECASE) != None
+
 	async def on_mod_react(self,
 			bot_message: BotMessage,
 			reaction: BotMessageReaction,