Branch Coverage

File:	blib/lib/Email/Abuse/Investigator.pm
Coverage:	72.1%

line	%	coverage		branch
619	50	T	F	if ($HAS_CHI and not $_cache)
751	50	T	F	if ref $text eq "SCALAR"
755	50	T	F	if defined $text
771	100	T	F	if defined $text and $text =~ /\S/
1095	50	T	F	if $dom and not $seen{$dom}++
1101	100	T	F	if $dom and not $seen{$dom}++
1178	50	T	F	unless ($dom)
1182	50	T	F	if $dom
1188	50	T	F	if $u->{'abuse'} and $u->{'abuse'} ne "(unknown)"
1196	50	T	F	if $covered{$bare}
1197	50	T	F	if $seen{"url:$bare"}++
1209	100	T	F	if $source =~ /^(?:From:\|Return-Path:\|Sender:) header$/
1210	50	T	F	if $covered{lc $dom}
1211	50	T	F	if $seen{"dom:$dom"}++
1454	100	T	F	if $self->{'_risk'}
1468	100	T	F	if ($orig)
1470	100	T	F	if ($orig->{'rdns'} and $orig->{'rdns'} =~ / \d+[-_.]\d+[-_.]\d+[-_.]\d+ # dotted-quad in rDNS \| (?:dsl\|adsl\|cable\|broad\|dial\|dynamic\|dhcp\|ppp\| residential\|cust\|home\|pool\|client\|user\| static\d\|host\d) /xi)
1481	100	T	F	if (not $orig->{'rdns'} or $orig->{'rdns'} eq "(no reverse DNS)")
1487	100	T	F	if ($orig->{'confidence'} eq "low")
1493	100	T	F	if ($orig->{'country'} and $orig->{'country'} =~ /^(?:CN\|RU\|NG\|VN\|IN\|PK\|BD)$/)
1502	100	T	F	if (defined $auth->{'spf'})
1503	100	T	F	if ($auth->{'spf'} =~ /^fail/i) { }
	100	T	F	elsif ($auth->{'spf'} =~ /^softfail/i) { }
	50	T	F	elsif (not $auth->{'spf'} =~ /^pass/i) { }
1514	100	T	F	if (defined $auth->{'dkim'} and not $auth->{'dkim'} =~ /^pass/i)
1518	100	T	F	if (defined $auth->{'dmarc'} and not $auth->{'dmarc'} =~ /^pass/i)
1523	100	T	F	if ($auth->{'dkim_domain'})
1525	50	T	F	if ($from_domain)
1528	100	T	F	if ($reg_dkim ne $reg_from)
1530	100	T	F	if ($auth->{'dkim'} and $auth->{'dkim'} =~ /^pass/i) { }
1546	100	T	F	if (not $date_raw && $date_raw =~ /\S/) { }
1551	50	T	F	if ($date_raw =~ /([+-])(\d{2})(\d{2})\s*$/)
1557	100	T	F	if ($implausible)
1566	50	T	F	if (defined $date_epoch)
1568	100	T	F	if ($delta > $DATE_SKEW_DAYS * $SECS_PER_DAY) { }
	100	T	F	elsif ($delta < -($DATE_SKEW_DAYS * $SECS_PER_DAY)) { }
1583	100	T	F	if ($from_decoded =~ /^"?([^"<]+?)"?\s*<([^>]+)>/)
1591	50	T	F	if ($reg_disp and $reg_addr and $reg_disp ne $reg_addr)
1599	100	T	F	if ($from_raw =~ /\@(gmail\|yahoo\|hotmail\|outlook\|live\|aol\|protonmail\|yandex)\./i or $from_raw =~ /\@mail\.ru(?:[\s>]\|$)/i)
1607	100	T	F	if ($reply_to)
1610	100	T	F	if ($from_addr and $reply_addr and lc $from_addr ne lc $reply_addr)
1618	100	T	F	if ($to =~ /undisclosed\|:;/ or $to eq "")
1625	100	T	F	if ($subj_raw =~ /=\?[^?]+\?[BQ]\?/i)
1637	50	T	F	if $self->{'trusted_domains'}{$bare}
1638	100	T	F	if $TRUSTED_DOMAINS{$bare}
1641	100	T	F	if ($URL_SHORTENERS{$bare} \|\| $self->{'url_shorteners'}{$bare} and not $shortener_seen{$bare}++)
1646	100	T	F	if ($u->{'url'} =~ m[^http://]i and not $url_host_seen{$u->{'host'}}++)
1655	100	T	F	if ($d->{'recently_registered'})
1661	100	T	F	if ($d->{'expires'})
1662	50	T	F	if (my $exp = $self->_parse_date_to_epoch($d->{'expires'}))
1665	100	T	F	if ($remaining > 0 and $remaining < $EXPIRY_WARN_DAYS * $SECS_PER_DAY) { }
	100	T	F	elsif ($remaining <= 0) { }
1679	100	T	F	if ($d->{'domain'} =~ /\Q$brand\E/i and not $d->{'domain'} =~ /^\Q$brand\E\.(?:com\|co\.uk\|net\|org)$/)
1689	100	T	F	$score >= $SCORE_LOW ? :
	100	T	F	$score >= $SCORE_MEDIUM ? :
	100	T	F	$score >= $SCORE_HIGH ? :
1773	100	T	F	if (@{$risk->{'flags'};})
1783	100	T	F	if ($orig)
1791	100	T	F	if (@contacts)
1798	50	T	F	if (my(@form_cs) = $self->form_contacts)
1804	0	T	F	if $c->{'form_domain'}
1805	0	T	F	if $c->{'form_paste'}
1806	0	T	F	if $c->{'form_upload'}
1906	100	T	F	unless $addr and $addr =~ /\@/
1909	50	T	F	if ($addr =~ /\@([\w.-]+)$/)
1912	100	T	F	if $pa and $pa->{'form'} and not $pa->{'email'}
1915	100	T	F	if (exists $seen_idx{$addr})
1923	100	T	F	unless $role_counts{$r}++
1926	100	T	F	$role_counts{$_} > 1 ? :
1931	100	T	F	if (length $joined > $ROLE_MAX_LEN)
1951	100	T	F	if ($orig)
1953	100	T	F	if ($pa)
1961	100	T	F	if ($orig->{'abuse'} and $orig->{'abuse'} ne "(unknown)")
1974	100	T	F	if $url_host_seen{$u->{'host'}}++
1978	50	T	F	if $self->{'trusted_domains'}{$bare_host}
1979	100	T	F	if $TRUSTED_DOMAINS{$bare_host}
1981	100	T	F	if ($pa)
1989	100	T	F	if ($u->{'abuse'} and $u->{'abuse'} ne "(unknown)")
2004	100	T	F	if ($d->{'web_abuse'})
2006	50	T	F	if ($pa)
2022	100	T	F	if ($d->{'mx_abuse'})
2035	100	T	F	if ($d->{'ns_abuse'})
2048	100	T	F	if ($d->{'registrar_abuse'})
2055	100	T	F	unless ($spoofable_only)
2071	100	T	F	$val =~ /<([^>])>\s$/ ? :
2073	50	T	F	unless $addr_domain
2076	100	T	F	if $addr_spec =~ /\+SRS[0-9]?=/i
2079	100	T	F	if ($pa)
2080	50	T	F	$addr_spec =~ /\@/ ? :
2093	100	T	F	if ($auth->{'dkim_domain'})
2095	100	T	F	if ($pa)
2107	50	T	F	if ($unsub)
2118	0	T	F	if ($pa)
2133	50	T	F	if $body_addr_seen{$addr_dom}++
2135	100	T	F	unless $pa and $pa->{'email'}
2230	50	T	F	unless $form
2231	100	T	F	if $seen{$form}++
2237	100	T	F	if ($orig)
2239	50	T	F	if ($pa and $pa->{'form'})
2254	100	T	F	if $url_host_seen{$u->{'host'}}++
2256	50	T	F	if ($pa and $pa->{'form'})
2273	0	T	F	if ($pa and $pa->{'form'})
2286	100	T	F	if ($d->{'registrar_abuse'} and $d->{'registrar_abuse'} =~ /\@([\w.-]+)/)
2289	100	T	F	if ($rpa and $rpa->{'form'})
2306	100	T	F	$val =~ /<([^>])>\s$/ ? :
2308	50	T	F	unless $addr_domain
2310	50	T	F	if $addr_spec =~ /\+SRS[0-9]?=/i
2312	50	T	F	if ($pa and $pa->{'form'})
2313	0	T	F	$addr_spec =~ /@/ ? :
2328	100	T	F	if ($auth->{'dkim_domain'})
2330	0	T	F	if ($pa and $pa->{'form'})
2344	50	T	F	if ($unsub)
2351	0	T	F	if ($pa and $pa->{'form'})
2443	100	T	F	unless defined $v
2446	100	T	F	$decoded ne $v ? :
2454	100	T	F	if (@{$risk->{'flags'};}) { }
2466	100	T	F	if ($orig) { }
2468	50	T	F	if $orig->{'rdns'}
2469	100	T	F	if $orig->{'country'}
2470	50	T	F	if $orig->{'org'}
2471	50	T	F	if $orig->{'abuse'}
2473	100	T	F	if $orig->{'note'}
2481	50	T	F	if (@sw)
2491	50	T	F	unless defined $_->{'id'}
2493	50	T	F	if (@trail)
2499	0	T	F	if $hop->{'for'}
2500	0	T	F	if $hop->{'id'}
2508	100	T	F	if (@urls) { }
2513	100	T	F	unless (exists $host_order{$h})
2530	100	T	F	$URL_SHORTENERS{$bare} \|\| $self->{'url_shorteners'}{$bare} ? :
2532	50	T	F	if $m->{'ip'}
2533	100	T	F	if $m->{'country'}
2534	50	T	F	if $m->{'org'}
2535	50	T	F	if $m->{'abuse'}
2537	100	T	F	if (@paths == 1) { }
2553	100	T	F	if (@mdoms) { }
2557	100	T	F	if ($d->{'recently_registered'})
2560	100	T	F	if $d->{'registered'}
2561	100	T	F	if $d->{'expires'}
2562	100	T	F	if $d->{'registrar'}
2563	100	T	F	if $d->{'registrar_abuse'}
2564	100	T	F	if ($d->{'web_ip'}) { }
2566	100	T	F	if $d->{'web_org'}
2567	100	T	F	if $d->{'web_abuse'}
2571	100	T	F	if ($d->{'mx_host'}) { }
2573	50	T	F	if $d->{'mx_ip'}
2574	50	T	F	if $d->{'mx_org'}
2575	50	T	F	if $d->{'mx_abuse'}
2579	100	T	F	if ($d->{'ns_host'})
2581	50	T	F	if $d->{'ns_ip'}
2582	50	T	F	if $d->{'ns_org'}
2583	50	T	F	if $d->{'ns_abuse'}
2595	100	T	F	if (@contacts) { }
2599	50	T	F	if $c->{'note'}
2610	100	T	F	if (@form_cs)
2618	50	T	F	if $c->{'form_domain'}
2619	50	T	F	if $c->{'note'}
2620	50	T	F	if ($c->{'form_paste'})
2626	100	T	F	if (defined $line and length "$line $w" > $ROLE_WRAP_LEN) { }
2630	100	T	F	defined $line ? :
2633	50	T	F	if defined $line
2634	50	T	F	if @lines
2637	50	T	F	if $c->{'form_upload'}
2671	100	T	F	unless defined $str
2712	50	T	F	unless defined $header_block and $header_block =~ /\S/
2721	100	T	F	if ($line =~ /^([\w-]+)\s:\s(.*)/)
2736	100	T	F	defined $ct_h ? :
2737	100	T	F	defined $cte_h ? :
2740	100	T	F	if ($ct =~ /multipart/i) { }
2743	50	T	F	if $boundary
2746	100	T	F	if ($ct =~ /html/i) { }
2766	100	T	F	unless $h
2781	50	T	F	unless defined $ip or defined $for_addr or defined $srv_id
2820	100	T	F	if ($depth >= $MAX_MULTIPART_DEPTH)
2831	100	T	F	unless $part =~ /\S/
2837	100	T	F	unless defined $pbody
2845	50	T	F	if $line =~ /^([\w-]+)\s:\s(.*)/
2853	100	T	F	if ($pct =~ /multipart/i)
2855	50	T	F	if ($inner_boundary)
2865	100	T	F	if ($pct =~ m[text/html]i) { }
	100	T	F	elsif ($pct =~ /text/i or not $pct) { }
2890	100	T	F	if $cte =~ /quoted-printable/i
2891	100	T	F	if $cte =~ /base64/i
2930	100	T	F	if $self->_is_private($ip)
2931	100	T	F	if $self->_is_trusted($ip)
2936	100	T	F	unless (@candidates)
2938	100	T	F	if ($xoip)
2940	100	T	F	unless $self->_is_private($xoip)
2948	100	T	F	@candidates > 1 ? :
2975	100	T	F	if ($hdr =~ /$re/)
2979	100	T	F	if $ip =~ /:/
2982	100	T	F	unless $ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
2983	100	T	F	if grep {$_ > 255;} split(/\./, $ip, 0)
3009	100	T	F	unless defined $ip and $ip ne ""
3010	100	T	F	if $ip =~ /$re/
3030	100	T	F	if $self->_ip_in_cidr($ip, $cidr)
3069	50	T	F	if $host
3073	50	T	F	if ($HAS_ANYEVENT_DNS and scalar keys %hostname_needed > 1)
3080	50	T	F	unless $host
3083	100	T	F	unless (exists $host_cache{$host})
3085	50	T	F	$_cache ? :
3086	50	T	F	if ($cached) { }
3090	100	T	F	$ip ne '(unresolved)' ? :
3095	100	T	F	unless ($whois->{'abuse'})
3098	100	T	F	if $dw->{'abuse'}
3110	50	T	F	if $_cache
3140	50	T	F	unless $HAS_ANYEVENT_DNS
3152	0	T	F	if (@answers)
3157	0	T	F	if --$pending <= 0
3184	50	T	F	if ($HAS_HTML_LINKEXTOR)
3189	100	T	F	if ($val =~ m[^https?://]i) { }
	100	T	F	elsif ($val =~ m[^//[\w.-]]) { }
3255	50	T	F	unless $hop->{'for'} and $hop->{'for'} =~ /\@([\w.-]+)/
3267	50	T	F	if $self->{'trusted_domains'}{$dom}
3268	100	T	F	if $TRUSTED_DOMAINS{$dom}
3269	100	T	F	if $recipient_domains{$dom}
3270	50	T	F	if $recipient_domains{_registrable($dom) // $dom}
3272	100	T	F	unless $dom =~ /\.[a-zA-Z]{2,}$/
3273	100	T	F	if $dom =~ /\.(?:local\|internal\|lan\|localdomain\|arpa)$/i
3274	100	T	F	if $seen{$dom}++
3293	100	T	F	if ($mid and $mid =~ /\@([\w.-]+)/)
3297	50	T	F	unless $TRUSTED_DOMAINS{$mid_dom} or $TRUSTED_DOMAINS{$mid_reg} or $self->{'trusted_domains'}{$mid_dom} or $self->{'trusted_domains'}{$mid_reg}
3308	50	T	F	if ($unsub)
3350	100	T	F	unless $seen{$dom}++
3356	100	T	F	unless $seen{$dom}++
3393	100	T	F	if $self->{'_domain_info'}{$domain}
3396	50	T	F	if ($_cache)
3398	0	T	F	if ($cached)
3409	100	T	F	if ($web_ip)
3412	100	T	F	if $w->{'org'}
3413	100	T	F	if $w->{'abuse'}
3417	50	T	F	if ($HAS_NET_DNS)
3425	0	T	F	if ($mxq)
3428	0	T	F	if ($best)
3432	0	T	F	if ($mx_ip)
3435	0	T	F	if $mw->{'org'}
3436	0	T	F	if $mw->{'abuse'}
3443	0	T	F	if ($nsq)
3445	0	T	F	if ($first)
3449	0	T	F	if ($ns_ip)
3452	0	T	F	if $nw->{'org'}
3453	0	T	F	if $nw->{'abuse'}
3461	100	T	F	if ($domain_whois)
3466	100	T	F	if ($domain_whois =~ /Registrar:\s*(.+)/i)
3476	100	T	F	if (not $info{'registrar_abuse'} and $domain_whois =~ /$pat/)
3488	100	T	F	if (not $info{'registered'} and $domain_whois =~ /$pat/)
3499	100	T	F	if (not $info{'expires'} and $domain_whois =~ /$pat/)
3505	100	T	F	if ($info{'registered'})
3507	100	T	F	if $epoch and time - $epoch < $RECENT_REG_DAYS * $SECS_PER_DAY
3514	50	T	F	if $_cache
3542	100	T	F	if $host =~ /^\d{1,3}(?:\.\d{1,3}){3}$/
3545	50	T	F	if ($_cache)
3547	0	T	F	if defined $cached_ip
3552	50	T	F	if ($HAS_NET_DNS) { }
3561	0	T	F	if ($query)
3563	0	T	F	if ($rr->type eq 'A') { }
	0	T	F	elsif ($rr->type eq 'AAAA') { }
3572	0	T	F	if defined $ip
3577	50	T	F	$packed ? :
3581	50	T	F	if ($_cache)
3602	50	T	F	unless $ip
3604	50	T	F	if ($HAS_NET_DNS)
3607	0	T	F	if ($query)
3609	0	T	F	if $rr->type eq "PTR"
3640	50	T	F	if ($_cache)
3642	0	T	F	if $cached
3645	50	T	F	$HAS_LWP ? :
3648	50	T	F	unless ($result->{'org'})
3650	100	T	F	if ($raw)
3652	100	T	F	$ref ? :
3653	50	T	F	if $detail
3658	50	T	F	if $_cache and $result
3679	100	T	F	unless $server
3700	50	T	F	if ($raw =~ /Registrar:\s*(.+)/i)
3709	100	T	F	if (not $info{'abuse'} and $raw =~ /$pat/)
3731	0	T	F	unless $HAS_LWP
3734	0	T	F	unless (defined $ua)
3740	0	T	F	if ($HAS_CONN_CACHE)
3753	0	T	F	unless $res and $res->is_success
3759	0	T	F	if $j =~ /"name"\s:\s"([^"]+)"/
3760	0	T	F	if $j =~ /"handle"\s:\s"([^"]+)"/
3763	0	T	F	if ($j =~ /"abuse".?"email"\s:\s*"([^"]+)"/s) { }
	0	T	F	elsif ($j =~ /"email"\s:\s"([^\@"]+\@[^"]+)"/) { }
3770	0	T	F	if $j =~ /"country"\s:\s"([A-Z]{2})"/
3804	50	T	F	$HAS_IO_SOCKET_IP ? :
3815	50	T	F	unless $sock
3818	50	T	F	unless ($sock->print("$query\r\n"))
3830	100	T	F	if ($@ or not defined $n or $n <= 0)
3831	50	T	F	if $@
3834	50	T	F	unless defined $n and $n > 0
3856	100	T	F	unless $text
3864	100	T	F	if (not $info{'org'} and $text =~ /$pat/)
3874	100	T	F	if (not $info{'abuse'} and $text =~ /$pat/)
3880	100	T	F	if $text =~ /(abuse\@[\w.-]+)/i
3883	100	T	F	if ($text =~ /^country:\s([A-Za-z]{2})\s$/m)
3909	100	T	F	if $self->{'_auth_results'}
3921	100	T	F	if $raw =~ /\bspf=(\S+)/i
3922	100	T	F	if $raw =~ /\bdkim=(\S+)/i
3923	100	T	F	if $raw =~ /\bdmarc=(\S+)/i
3924	100	T	F	if $raw =~ /\barc=(\S+)/i
3928	100	T	F	if defined $auth{$k}
3935	50	T	F	if ($h->{'value'} =~ /\bd=([^;,\s]+)/)
3940	100	T	F	if (@dkim_domains)
3944	100	T	F	if ($self->_provider_abuse_for_host($d))
3978	50	T	F	if $self->{'provider_abuse'}{$host}
3979	100	T	F	if $PROVIDER_ABUSE{$host}
4000	100	T	F	if $rdns
4028	100	T	F	unless $host and $host =~ /\./
4031	50	T	F	if ($HAS_PUBLIC_SUFFIX)
4034	0	T	F	if $root
4039	100	T	F	if @labels <= 2
4042	100	T	F	if ($labels[-1] =~ /^[a-z]{2}$/ and $labels[-2] =~ /^(?:co\|com\|net\|org\|gov\|edu\|ac\|me)$/)
4098	100	T	F	if $h->{'name'} eq lc $name
4118	100	T	F	unless $cidr =~ m[/]
4120	100	T	F	unless defined $prefix and $prefix =~ /^\d+$/ and $prefix <= 32
4143	100	T	F	unless defined $str
4161	100	T	F	if (uc $enc eq 'B') { }
4185	100	T	F	unless $str
4191	100	T	F	if ($str =~ /^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})(?:\.\d+)?Z$/)
4205	50	T	F	if defined $epoch
4209	100	T	F	if ($str =~ /^(\d{4})-(\d{2})-(\d{2})/) { }
	100	T	F	elsif ($str =~ /^(\d{2})-([A-Za-z]{3})-(\d{4})/) { }
	100	T	F	elsif ($str =~ m[^(\d{2})/(\d{2})/(\d{4})]) { }
4213	100	T	F	unless $y and $m and $d
4215	50	T	F	if (eval { do { require Time::Local; 1 } })
4238	50	T	F	unless $str
4241	50	T	F	if ($str =~ /(\d{1,2})\s+([A-Za-z]{3})\s+(\d{4})\s+(\d{2}):(\d{2}):(\d{2})/)
4244	50	T	F	unless $m
4245	50	T	F	if (eval { do { require Time::Local; 1 } })
4289	100	T	F	if ($self->{'verbose'})
4290	50	T	F	if (my $logger = $self->{'logger'}) { }