mirror of
https://github.com/moparisthebest/mail
synced 2024-11-21 16:35:04 -05:00
Merge pull request #338 from whiteout-io/audit/WO-03-025
[WO-03-025] Unescape dashes in signed cleartext
This commit is contained in:
commit
4e0388b349
@ -1598,7 +1598,7 @@ Email.prototype._extractBody = function(message) {
|
||||
// PGP/INLINE signed
|
||||
message.signed = true;
|
||||
message.clearSignedMessage = clearSignedMatch[0];
|
||||
body = clearSignedMatch[1];
|
||||
body = (clearSignedMatch[1] || '').replace(/^- /gm, ''); // remove dash escaping https://tools.ietf.org/html/rfc4880#section-7.1
|
||||
}
|
||||
|
||||
if (!message.signed) {
|
||||
|
@ -953,6 +953,44 @@ describe('Email DAO unit tests', function() {
|
||||
expect(message.loadingBody).to.be.true;
|
||||
});
|
||||
|
||||
it('should unescape dashes from signed pgp/inline', function(done) {
|
||||
var expected = 'normal line\ndashed line 1\ndashed line 2';
|
||||
var pt = '-----BEGIN PGP SIGNED MESSAGE-----\nHash: WTFHASH\n\nnormal line\n- dashed line 1\n- dashed line 2\n-----BEGIN PGP SIGNATURE----------END PGP SIGNATURE-----';
|
||||
var message = {
|
||||
uid: uid,
|
||||
from: [{
|
||||
address: 'asdasdasd'
|
||||
}]
|
||||
};
|
||||
|
||||
localListStub.returns(resolves([{
|
||||
uid: uid,
|
||||
bodyParts: [{
|
||||
type: 'text',
|
||||
content: pt
|
||||
}]
|
||||
}]));
|
||||
keychainStub.getReceiverPublicKey.withArgs(message.from[0].address).returns(resolves(mockKeyPair.publicKey));
|
||||
pgpStub.verifyClearSignedMessage.withArgs(pt, mockKeyPair.publicKey.publicKey).returns(resolves(true));
|
||||
|
||||
dao.getBody({
|
||||
messages: [message],
|
||||
folder: inboxFolder
|
||||
}).then(function() {
|
||||
expect(message.body).to.equal(expected);
|
||||
expect(message.signed).to.be.true;
|
||||
expect(message.signaturesValid).to.be.true;
|
||||
expect(message.loadingBody).to.be.false;
|
||||
|
||||
expect(localListStub.calledOnce).to.be.true;
|
||||
expect(pgpStub.verifyClearSignedMessage.calledOnce).to.be.true;
|
||||
expect(keychainStub.getReceiverPublicKey.calledOnce).to.be.true;
|
||||
|
||||
done();
|
||||
});
|
||||
expect(message.loadingBody).to.be.true;
|
||||
});
|
||||
|
||||
it('should stream from imap and set body', function(done) {
|
||||
var body = 'bender is great! bender is great!';
|
||||
var uid = 1234;
|
||||
|
Loading…
Reference in New Issue
Block a user