Message ID | 20181104142704.31105-1-stephen@that.guru |
---|---|
State | Accepted |
Headers | show |
Series | Don't passthrough 'Content-Type: multipart/signed' header | expand |
----- Original Message ----- > From: "Stephen Finucane" <stephen@that.guru> > To: patchwork@lists.ozlabs.org > Cc: "Stephen Finucane" <stephen@that.guru>, "Veronika Kabatova" <vkabatov@redhat.com> > Sent: Sunday, November 4, 2018 3:27:04 PM > Subject: [PATCH] Don't passthrough 'Content-Type: multipart/signed' header > > We don't GPG signatures, therefore this header is incorrect. Stop > passing it through. > > Test for the other dropped header are also included. > > Signed-off-by: Stephen Finucane <stephen@that.guru> > Cc: Veronika Kabatova <vkabatov@redhat.com> > Closes: #221 > --- > patchwork/tests/test_mboxviews.py | 15 +++++++++++++++ > patchwork/views/utils.py | 6 ++++++ > 2 files changed, 21 insertions(+) > > diff --git a/patchwork/tests/test_mboxviews.py > b/patchwork/tests/test_mboxviews.py > index 50444d65..87c75eca 100644 > --- a/patchwork/tests/test_mboxviews.py > +++ b/patchwork/tests/test_mboxviews.py > @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase): > header = 'List-Id: Patchwork development > <patchwork.lists.ozlabs.org>' > self._test_header_passthrough(header) > > + def _test_header_dropped(self, header): > + patch = create_patch(headers=header + '\n') > + response = self.client.get(reverse('patch-mbox', args=[patch.id])) > + self.assertNotContains(response, header) > + > + def test_header_dropped_content_transfer_encoding(self): > + """Validate dropping of 'Content-Transfer-Encoding' header.""" > + header = 'Content-Transfer-Encoding: quoted-printable' > + self._test_header_dropped(header) > + > + def test_header_dropped_content_type_multipart_signed(self): > + """Validate dropping of 'Content-Type=multipart/signed' header.""" > + header = 'Content-Type: multipart/signed' > + self._test_header_dropped(header) > + > def test_patchwork_id_header(self): > """Validate inclusion of generated 'X-Patchwork-Id' header.""" > patch = create_patch() > diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py > index 3c5d2982..1da1aaab 100644 > --- a/patchwork/views/utils.py > +++ b/patchwork/views/utils.py > @@ -84,8 +84,14 @@ def _submission_to_mbox(submission): > > orig_headers = HeaderParser().parsestr(str(submission.headers)) > for key, val in orig_headers.items(): > + # we set this ourselves > if key == 'Content-Transfer-Encoding': > continue > + # we don't save GPG signatures described in RFC1847 [1] so this > + # Content-Type value is invalid > + # [1] https://tools.ietf.org/html/rfc1847 > + if key == 'Content-Type' and val == 'multipart/signed': > + continue > mail[key] = val > Good catch! Acked-by: Veronika Kabatova <vkabatov@redhat.com> > if 'Date' not in mail: > -- > 2.19.1 > >
diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py index 50444d65..87c75eca 100644 --- a/patchwork/tests/test_mboxviews.py +++ b/patchwork/tests/test_mboxviews.py @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase): header = 'List-Id: Patchwork development <patchwork.lists.ozlabs.org>' self._test_header_passthrough(header) + def _test_header_dropped(self, header): + patch = create_patch(headers=header + '\n') + response = self.client.get(reverse('patch-mbox', args=[patch.id])) + self.assertNotContains(response, header) + + def test_header_dropped_content_transfer_encoding(self): + """Validate dropping of 'Content-Transfer-Encoding' header.""" + header = 'Content-Transfer-Encoding: quoted-printable' + self._test_header_dropped(header) + + def test_header_dropped_content_type_multipart_signed(self): + """Validate dropping of 'Content-Type=multipart/signed' header.""" + header = 'Content-Type: multipart/signed' + self._test_header_dropped(header) + def test_patchwork_id_header(self): """Validate inclusion of generated 'X-Patchwork-Id' header.""" patch = create_patch() diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py index 3c5d2982..1da1aaab 100644 --- a/patchwork/views/utils.py +++ b/patchwork/views/utils.py @@ -84,8 +84,14 @@ def _submission_to_mbox(submission): orig_headers = HeaderParser().parsestr(str(submission.headers)) for key, val in orig_headers.items(): + # we set this ourselves if key == 'Content-Transfer-Encoding': continue + # we don't save GPG signatures described in RFC1847 [1] so this + # Content-Type value is invalid + # [1] https://tools.ietf.org/html/rfc1847 + if key == 'Content-Type' and val == 'multipart/signed': + continue mail[key] = val if 'Date' not in mail:
We don't GPG signatures, therefore this header is incorrect. Stop passing it through. Test for the other dropped header are also included. Signed-off-by: Stephen Finucane <stephen@that.guru> Cc: Veronika Kabatova <vkabatov@redhat.com> Closes: #221 --- patchwork/tests/test_mboxviews.py | 15 +++++++++++++++ patchwork/views/utils.py | 6 ++++++ 2 files changed, 21 insertions(+)