From 3ac304d1f1f98a4666b80efb62c7c54b45cee41c Mon Sep 17 00:00:00 2001 From: Nisha Poyarekar Date: Wed, 26 Apr 2023 14:23:24 -0400 Subject: [PATCH] Validate email address in from_header Resolves #512 Signed-off-by: Nisha Poyarekar --- patchwork/parser.py | 10 ++++++++-- patchwork/tests/test_parser.py | 7 +++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/patchwork/parser.py b/patchwork/parser.py index e9104ca8..2c863a51 100644 --- a/patchwork/parser.py +++ b/patchwork/parser.py @@ -338,8 +338,6 @@ def split_from_header(from_header): # tuple of (regex, fn) # - where fn returns a (name, email) tuple from the match groups resulting # from re.match().groups() - # TODO(stephenfin): Perhaps we should check for "real" email addresses - # instead of anything ('.*?') from_res = [ # for "Firstname Lastname" style addresses (re.compile(r'"?(.*?)"?\s*<([^>]+)>'), (lambda g: (g[0], g[1]))), @@ -360,6 +358,14 @@ def split_from_header(from_header): (name, email) = fn(match.groups()) break + # Checking for real email address. + email_pattern = ( + r'^[\w!#$%&"*+/=?^`{|}~-]+(?:\.[\w!#$%&"*+/=?^`{|}~-]+)*' + r'@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+' + r'[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$' + ) + if not re.match(email_pattern, email): + email = None return (name, email) diff --git a/patchwork/tests/test_parser.py b/patchwork/tests/test_parser.py index 8001a9bb..1eaecab1 100644 --- a/patchwork/tests/test_parser.py +++ b/patchwork/tests/test_parser.py @@ -270,6 +270,13 @@ class SenderEncodingTest(TestCase): with self.assertRaises(ValueError): get_or_create_author(email) + def test_invalid_email(self): + # Broken email clients garble email addresses -- #512 + from_header = 'testH=?UTF-8?B?w6E=?=user=?UTF-8?B?w6E=?=' + email = self._create_email(from_header) + with self.assertRaises(ValueError): + get_or_create_author(email) + def test_ascii_encoding(self): from_header = 'example user ' sender_name = 'example user' -- 2.47.3