From patchwork Sun Nov 4 14:27:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Finucane X-Patchwork-Id: 992746 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42nyqn2vtNzB6Mb for ; Mon, 5 Nov 2018 01:29:25 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="cW4CWKng"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 42nyqn1HzczDrhR for ; Mon, 5 Nov 2018 01:29:25 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: lists.ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="cW4CWKng"; dkim-atps=neutral X-Original-To: patchwork@lists.ozlabs.org Delivered-To: patchwork@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (mailfrom) smtp.mailfrom=that.guru (client-ip=185.234.75.20; helo=relay020.mxrelay.co; envelope-from=stephen@that.guru; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=that.guru Authentication-Results: lists.ozlabs.org; dkim=fail reason="key not found in DNS" (0-bit key; unprotected) header.d=that.guru header.i=@that.guru header.b="cW4CWKng"; dkim-atps=neutral Received: from relay020.mxrelay.co (relay020.mxrelay.co [185.234.75.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 42nyqg0wbZzDrYf for ; Mon, 5 Nov 2018 01:29:18 +1100 (AEDT) Received: from filter002.mxroute.com (unknown [185.133.192.179]) by relay020.mxrelay.co (Postfix) with ESMTP id 605A94018F; Sun, 4 Nov 2018 14:28:45 +0000 (UTC) Received: from one.mxroute.com (one.mxroute.com [195.201.59.211]) by filter002.mxroute.com (Postfix) with ESMTPS id 40AFD3F05A; Sun, 4 Nov 2018 14:28:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=that.guru; s=default; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=kaJaWi/kddrVyXyfff9R6ogQFgQWOW65vWYFVo8f1e0=; b=cW4CWKngUhqspln2dfccQaE173 kdVzQWAnK99zwv8E5RKecBJOD3UcwDuSSPbDl+oEYc67dDNRRFbMsTYX213pNTBLRZkTVYParXACc 9fCDSw0p3gVglWvgd82WXxSdOE4O+BxLEKPoChfug7Au+SIAZH7IHjIpiVkNgLq094/UYFgOpMqMP Cw5Ih/DV+tkqqoA2rlGsUtmzZHuvSOGh6W67WC1MLLMRk15F7mBmPldRsXBf58GRrBThEakf9M+Xq eTcFaDntHO1mid+OmWyiqWFcTwcsbX8MKUtTfjBz9BHh1LH8Q/YPmzQPoNJhqV6TYkrBRuWF337OJ OcE0t9Jw==; From: Stephen Finucane To: patchwork@lists.ozlabs.org Subject: [PATCH] Don't passthrough 'Content-Type: multipart/signed' header Date: Sun, 4 Nov 2018 14:27:04 +0000 Message-Id: <20181104142704.31105-1-stephen@that.guru> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 X-AuthUser: stephen@that.guru X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Patchwork" We don't GPG signatures, therefore this header is incorrect. Stop passing it through. Test for the other dropped header are also included. Signed-off-by: Stephen Finucane Cc: Veronika Kabatova Closes: #221 Acked-by: Veronika Kabatova --- patchwork/tests/test_mboxviews.py | 15 +++++++++++++++ patchwork/views/utils.py | 6 ++++++ 2 files changed, 21 insertions(+) diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py index 50444d65..87c75eca 100644 --- a/patchwork/tests/test_mboxviews.py +++ b/patchwork/tests/test_mboxviews.py @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase): header = 'List-Id: Patchwork development ' self._test_header_passthrough(header) + def _test_header_dropped(self, header): + patch = create_patch(headers=header + '\n') + response = self.client.get(reverse('patch-mbox', args=[patch.id])) + self.assertNotContains(response, header) + + def test_header_dropped_content_transfer_encoding(self): + """Validate dropping of 'Content-Transfer-Encoding' header.""" + header = 'Content-Transfer-Encoding: quoted-printable' + self._test_header_dropped(header) + + def test_header_dropped_content_type_multipart_signed(self): + """Validate dropping of 'Content-Type=multipart/signed' header.""" + header = 'Content-Type: multipart/signed' + self._test_header_dropped(header) + def test_patchwork_id_header(self): """Validate inclusion of generated 'X-Patchwork-Id' header.""" patch = create_patch() diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py index 3c5d2982..1da1aaab 100644 --- a/patchwork/views/utils.py +++ b/patchwork/views/utils.py @@ -84,8 +84,14 @@ def _submission_to_mbox(submission): orig_headers = HeaderParser().parsestr(str(submission.headers)) for key, val in orig_headers.items(): + # we set this ourselves if key == 'Content-Transfer-Encoding': continue + # we don't save GPG signatures described in RFC1847 [1] so this + # Content-Type value is invalid + # [1] https://tools.ietf.org/html/rfc1847 + if key == 'Content-Type' and val == 'multipart/signed': + continue mail[key] = val if 'Date' not in mail: