From 1caa61c94a1a07de890d4de007f005132e894b0e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 29 Oct 2020 10:36:38 +0000
Subject: [PATCH] Additional block check on short domain

---
 blocking.py | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/blocking.py b/blocking.py
index e24933957..395faf234 100644
--- a/blocking.py
+++ b/blocking.py
@@ -149,20 +149,37 @@ def getDomainBlocklist(baseDir: str) -> str:
     globalBlockingFilename = baseDir + '/accounts/blocking.txt'
     if not os.path.isfile(globalBlockingFilename):
         return blockedStr
-    with open(globalBlockingFilename, 'r') as file:
-        blockedStr += file.read()
+    with open(globalBlockingFilename, 'r') as fpBlocked:
+        blockedStr += fpBlocked.read()
     return blockedStr
 
 
 def isBlockedDomain(baseDir: str, domain: str) -> bool:
     """Is the given domain blocked?
     """
+    if '.' not in domain:
+        return False
+
     if isEvil(domain):
         return True
+
+    # by checking a shorter version we can thwart adversaries
+    # who constantly change their subdomain
+    sections = domain.split('.')
+    noOfSections = len(sections)
+    shortDomain = None
+    if noOfSections > 2:
+        shortDomain = domain[noOfSections-2] + '.' + domain[noOfSections-1]
+
     globalBlockingFilename = baseDir + '/accounts/blocking.txt'
     if os.path.isfile(globalBlockingFilename):
-        if '*@' + domain in open(globalBlockingFilename).read():
-            return True
+        with open(globalBlockingFilename, 'r') as fpBlocked:
+            blockedStr = fpBlocked.read()
+            if '*@' + domain in blockedStr:
+                return True
+            if shortDomain:
+                if '*@' + shortDomain in blockedStr:
+                    return True
     return False