feat: parse barracuda & sophos link protection

2025-04-04 08:43:54 +00:00 · 2025-04-04 08:43:54 +00:00 · 8f95fd3182
parent 78ad0c74c2
commit 8f95fd3182
1 changed files with 32 additions and 7 deletions
--- a/src/clean_url.js
+++ b/src/clean_url.js
@ -22,6 +22,37 @@ const caretPath = (pathname) => {
  return `${path}?${search}`
 }

+const safeLinks = [
+  'safelinks\\.protection\\.outlook\\.com',
+  '\\.protection\\.sophos\\.com',
+  'linkprotect\\.cudasvc\\.com'
+]
+
+const deSafelink = (urlStr) => {
+  let url = new URL(urlStr)
+
+  // O365 Safelinks
+  if (url.hostname.endsWith('safelinks.protection.outlook.com')) {
+    url = new URL(url.searchParams.get('url'))
+  }
+
+  // Sophos
+  if (url.hostname.endsWith('.protection.sophos.com')) {
+    url = new URL(`http://${url.searchParams.get('d')}`)
+  }
+
+  // Barracuda
+  if (url.hostname.endsWith('linkprotect.cudasvc.com')) {
+    url = new URL(url.searchParams.get('a'))
+  }
+
+  if (url.hostname.match(new RegExp(safeLinks.join('|')))) {
+    return deSafelink(url.href)
+  }
+
+  return url.href
+}
+
 for await (const line of createInterface({ input: process.stdin, terminal: false })) {
  // parse hostname from url
  if (process.argv[2] === 'hostname') {
@ -47,13 +78,7 @@ for await (const line of createInterface({ input: process.stdin, terminal: false
    if (line.split('/')[2].includes('??')) continue

    if (URL.canParse(line)) {
-      let url = new URL(cleanHost(line))
-
-      // Decode O365 Safelinks
-      // https://support.microsoft.com/en-us/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2
-      if (url.hostname.endsWith('safelinks.protection.outlook.com')) {
-        url = new URL(url.searchParams.get('url'))
-      }
+      const url = new URL(deSafelink(cleanHost(line)))

      url.host = cleanHost(url.host)