This project is read-only.
2
Vote

Critical bug causes all calls to CheckLinks() in GoogleSafeBrowsing to be considered Safe

description

In Synchronizer.cs CheckLinks() needs to compare the MD5 of the link to the Keys list. Currently compares URL string to MD5 hashes.

Incorrect Code:
        foreach (string link in linksToCheck)
        {
            MD5 md5 = MD5.Create();

            if (phishingKeys.Contains(link))
                phishingResult++;
            else if (malwareKeys.Contains(link))
                malwareResult++;
        }
Corrected Code:
        foreach (string link in linksToCheck)
        {
            MD5 md5 = MD5.Create();

            if (phishingKeys.Contains(GetMd5Hash(link)))
                phishingResult++;
            else if (malwareKeys.Contains(GetMd5Hash(link)))
                malwareResult++;
        }

comments

Keyvan wrote May 18, 2011 at 2:21 PM

Thanks for the comment. I will correct this in the new version.

cmenet wrote Oct 4, 2011 at 9:15 AM

In this case, you can also remove the following line inside the foreach:
MD5 md5 = MD5.Create();
It's useless :)