[Feature request] Regex based domains match list with visual hightlighting in AUR build files.
Because AUR packages are maintained from people all over the world, maintainer account has a chance to be compromised and AUR build file may be compromised after that. While most build scripts are pretty easy to verify most of the time, they have a pain point: 'sources' domains which may be phished. Surely, the user can go each time to the link and check domain validity (which I do every time). However, It's okay when there are 2-3 packages but may be a pain if there are too much AUR packages installed on the system.
Examples of such attacks may be found at https://en.wikipedia.org/wiki/IDN_homograph_attack
Another case - malware repository on popular systems, half of my AUR packages are built from github and I can't remember all git URLs. If AUR package is compromised user could see that github domain is valid but fail to recognize malware phishing git repo. The fastest way to check for now is to "star" repo and follow the link from sources and verify that repo is starred from your account.
Approached solution:
- add setting to enable URLs trust lists for AUR packages;
- add local domains hashmap store;
- add the ability to add trusted domains from settings or by right-button context menu;
- match URLs in AUR build files;
- highlight matched entities with some soft colour.
It could be opt-in feature and won't affect current working use flows.