[Rt-commit] rt branch, 3.8/encrypted-attachs-special-case, created. rt-3.8.10-35-g46a2879
Ruslan Zakirov
ruz at bestpractical.com
Thu Aug 18 10:00:57 EDT 2011
The branch, 3.8/encrypted-attachs-special-case has been created
at 46a287994c49f69bc0d87114ca24c99f0b468ce5 (commit)
- Log -----------------------------------------------------------------
commit ae984654211e9e2797b3b6f2015a2cfb9f91f7ea
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Sat Aug 13 00:56:52 2011 +0400
decrypt .asc as well as .pgp
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 314e6cc..2a52a65 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -351,6 +351,8 @@ my %supported_opt = map { $_ => 1 } qw(
verbose
);
+our $RE_FILE_EXTENSIONS = qr/pgp|asc/i;
+
# DEV WARNING: always pass all STD* handles to GnuPG interface even if we don't
# need them, just pass 'new IO::Handle' and then close it after safe_run_child.
# we don't want to leak anything into FCGI/Apache/MP handles, this break things.
@@ -1000,7 +1002,7 @@ sub FindProtectedParts {
# attachments with inline encryption
my @encrypted_indices =
- grep {($entity->parts($_)->head->recommended_filename || '') =~ /\.pgp$/}
+ grep {($entity->parts($_)->head->recommended_filename || '') =~ /\.${RE_FILE_EXTENSIONS}$/}
0 .. $entity->parts - 1;
foreach my $i ( @encrypted_indices ) {
@@ -1472,9 +1474,10 @@ sub DecryptAttachment {
$args{'Data'}->bodyhandle( new MIME::Body::File $res_fn );
$args{'Data'}->{'__store_tmp_handle_to_avoid_early_cleanup'} = $res_fh;
- my $filename = $args{'Data'}->head->recommended_filename;
- $filename =~ s/\.pgp$//i;
- $args{'Data'}->head->mime_attr( $_ => $filename )
+ my $head = $args{'Data'}->head;
+ my $filename = $head->recommended_filename;
+ $filename =~ s/\.${RE_FILE_EXTENSIONS}$//i;
+ $head->mime_attr( $_ => $filename )
foreach (qw(Content-Type.name Content-Disposition.filename));
return %res;
commit f6bc4bd23c767a5db3187ae6956bdf0f8b4a0432
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Sat Aug 13 00:58:45 2011 +0400
don't trust encrypted attachments' content type
problem is that attachments with file names may
have conflicting content type. RFC has no such
problem as it preserves internal MIME structure.
"free form" (more common) format can be very
informal regarding content type.
For example:
* file can be encrypted with --armor and attached
with .asc extension which in some systems means
text/plain and it's actually text/plain, but not
decrypted content
* .asc file can be marked as text/plain even if
it's not text, encrypted file without --armor.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 2a52a65..57e962f 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1475,6 +1475,12 @@ sub DecryptAttachment {
$args{'Data'}->{'__store_tmp_handle_to_avoid_early_cleanup'} = $res_fh;
my $head = $args{'Data'}->head;
+
+ # we can not trust original content type
+ # TODO: and don't have way to detect, so we just use octet-stream
+ # some clients may send .asc files (encryped) as text/plain
+ $head->mime_attr( "Content-Type" => 'application/octet-stream' );
+
my $filename = $head->recommended_filename;
$filename =~ s/\.${RE_FILE_EXTENSIONS}$//i;
$head->mime_attr( $_ => $filename )
commit 2d97931d2f9157cbedbc282f52f0cd6a4da3dc48
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Sat Aug 13 01:07:53 2011 +0400
treat part as Attachment if it's named and encrypted
If file is named then it's very possible that it's
a binary attachment. By marking it as an attachment
we can better handle content type and avoid data
corruptions.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 57e962f..bb8b2db 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -893,6 +893,8 @@ sub FindProtectedParts {
# inline PGP block, only in singlepart
unless ( $entity->is_multipart ) {
+ my $file = ($entity->head->recommended_filename||'') =~ /\.${RE_FILE_EXTENSIONS}$/;
+
my $io = $entity->open('r');
unless ( $io ) {
$RT::Logger->warning( "Entity of type ". $entity->effective_type ." has no body" );
@@ -904,8 +906,8 @@ sub FindProtectedParts {
$RT::Logger->debug("Found $type inline part");
return {
Type => $type,
- Format => 'Inline',
- Data => $entity,
+ Format => !$file || $type eq 'signed'? 'Inline' : 'Attachment',
+ Data => $entity,
};
}
$io->close;
commit bb1efa5fa5dfc4aa4bdb86dad30d6296530b88e8
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Sat Aug 13 01:16:53 2011 +0400
data files for special gnupg cases
diff --git a/t/data/gnupg/emails/special/binary-asc-attach-marked-plain-text.txt b/t/data/gnupg/emails/special/binary-asc-attach-marked-plain-text.txt
new file mode 100644
index 0000000..db904ae
--- /dev/null
+++ b/t/data/gnupg/emails/special/binary-asc-attach-marked-plain-text.txt
@@ -0,0 +1,60 @@
+Message-ID: <46BCDCF2.3080704 at mit.edu>
+Date: Fri, 10 Aug 2007 17:47:30 -0400
+From: Christian Ternus <ternus at mit.edu>
+User-Agent: Thunderbird 1.5.0.12 (X11/20070604)
+MIME-Version: 1.0
+To: rt-recipient at example.com
+Subject: Test Email ID:12
+X-Enigmail-Version: 0.94.2.0
+Content-Type: multipart/mixed;
+ boundary="------------090206040704060905090502"
+
+This is a multi-part message in MIME format.
+--------------090206040704060905090502
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+
+Attached file has .asc extension
+and content type is text/plain.
+
+ASC in some clients stands for ascii, so it's
+attached as text/plain.
+
+--------------090206040704060905090502
+Content-Type: text/plain;
+ name="favicon.png.asc"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment;
+ filename="favicon.png.asc"
+
+hQIOA076g5OuwfIOEAf+P0Qp/k1B0WDRr9bNcEANStTaiefYoLrUrtMJv+aFtkiSqKfft0A9
+okrYkVUKs6kxfgxueuqNMFQh58nl8+d7Z2qGIgVEXxC8rRxexEQ8mXu5LXzzBbc6Dq8Jsa7B
+bXzwGty51culYcKeMEjpEY8Qx76qoNQDNCuvth1JJxJ6xQix/pVyZZbJRu/nLrv1i3Z4KRFY
+qafnJlcsUTVj2o9dLfeU13z8nd0uBPY+hiCgYJHSPDLr+mkA+c6YK0m4a88r/wjLmsVHMkn2
+N5nCjuqP4tzT8SCjhoICGTbu+fFdks9NhQjvsW7MHBi9HFFzm6SoEvquFHThzwMl3hAhTLpi
+Jwf/a6unMP/swAxoFTJ2GRXBmQOH4sJHR/M31rEVkLZGJixhU94Tpx8ptgLXqme5VCXgl+M3
+Oh0GHRXqFYjR/HGUTZokRKR/BgCEpOGlH5FcabHiu/Gy8UBezPbuC+BNvxuCbuwODMp9R5DE
+F8RSCAQ1hrRoJjeHT2wyE7HdCvN/xx7NyenA3GdJa5Z6W7Y0gshr2fAOFL39jKXw4WwCh/Yq
+XnyG8uOyPgFrnHI3WpO24VpQHp3MBKebWNhQ/Opy/cABunCSwWQpDB9Ar4GeS3R1WGtMNC4r
+ph4afmTHJcQQkoa0VfvHL0hEzycwysYD46O9QhZfhxtKKShgX356oCeMEIUCDgOxaIPydPr+
+7xAH+gMnbi5OLPf5xMeZydvNWdHE/wJTub2rrWFtzvj0Aa5Ne/KFhcDDqSjaL3MXP1WfIJr1
+/ANe1eWcM2hlYVDpEn6YOh0bz6BASE4kbHA5nGMyUrgH0hWfcOgkMUloRZdf1q32j80mchCJ
+rF4YsQ6EndnUYzAiXKHGJRUy/6IA2qBH2n/fRiyC2FmmQPtWO4c6t15Vgh4fB3QXSTri8J5r
+577yIiHRE+dq6gg1BfyqCtw0DW56lSFQ7dxyMXeLyTGyjTGPlUDc+FbP23CRK7zDIVujARmm
+mX3bP2lMfCK326FwBZf2Q4Zl/ac1BN8Mcb4wwcnKvRzfEw8d1Y6pkphe7KYH/0MDDqtmuEw2
+D/xdw4FHB16/HW32bcPaMVvFuseczEfrwPGCrCiPHPm++edAoY0rWoBtzHVpgN+s5bset5OR
+snhjuWceuCb+Ga0QV0s/xmIPIQ8VYaXyD5hob6nHEIeskS68Vbni0BpY3nejDPoV3dNHY2Tp
+2fjYNHCpsdTz8yyavQVixoQjZQH9hUb48zZDHCt0Af9Rfq6Et5/Qr8iJqAyEU8JzZtrkpO4O
+HgLU7JTPLxOGzYtOj8JkLmLguVA5kOafAuU4OTEU43utQfS3KYbdEWT2jJ1QaJVS8CjFJrqH
+V99FUsDvgKWSTy5hA9gkQAQE1QdwkoQKpkCWm18KZqTSwNkBfrsEuvHC3Cz4Sy+cJmhr4Hvx
+dyZY8DuuWExUcVCjkeuASLgjLEgahnCbMkyKATazswwTEdfzjcOowjLTdaWFEN/Cg22nF/px
+9MXMtzBkrTkjYPhfywETKoMVH/Nw7rRNZhkOSb5WJV5ynF1BlbzXI7Z8rA/KrIn8aydzwJUU
+qFr8Dw1C7kbE76+SFVWX8fqpwGmQhDAO+kos6ivgN9HDHtuXmwfGeROi2U0WcmFGbAyLo5fT
+LCcNPOMflU27WDXm8m+tjq9naUynqvwg5zBBz/xY67L1R8uOwfZplvRi35iZAJjzMHGirkiB
+W3ZDXbDqEfKl4aCXqU+XhQZsku2z3OtKZOBVVI5p8nGVEfavg6QECRUNUS7qbtMxlj5IwCGl
+babK3W5YVuERjklrrLUYZjqFIZ2yLK3Z2VmSn7yKAb/eRvdEeha+9PKcN11pXPkS/M3t+Vpr
+G+4TqNgqwLVWMvbENp08dS3OAPpZLDnqG9CJV0qacDMjv69X26V3Xp6vuZoKqAPxMG9QKAfX
+E9LInR1Kd0cpRUkb
+--------------090206040704060905090502--
+
+
diff --git a/t/data/gnupg/emails/special/inline-binary-attachment-with-wrap.txt b/t/data/gnupg/emails/special/inline-binary-attachment-with-wrap.txt
new file mode 100644
index 0000000..6c84b53
--- /dev/null
+++ b/t/data/gnupg/emails/special/inline-binary-attachment-with-wrap.txt
@@ -0,0 +1,54 @@
+Message-ID: <46BCDCF2.3080704 at mit.edu>
+Date: Fri, 10 Aug 2007 17:47:30 -0400
+From: Christian Ternus <ternus at mit.edu>
+User-Agent: Thunderbird 1.5.0.12 (X11/20070604)
+MIME-Version: 1.0
+To: rt-recipient at example.com
+Subject: Test Email ID:12
+X-Enigmail-Version: 0.94.2.0
+Content-Type: multipart/mixed;
+ boundary="------------090206040704060905090502"
+
+This is a multi-part message in MIME format.
+--------------090206040704060905090502
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+
+A binary file encrypted with PGP MESSAGE wrapping then attached
+to a mail. As it's .asc some clients attach it as content type is
+text/plain.
+
+--------------090206040704060905090502
+Content-Type: text/plain;
+ name="favicon.png.asc"
+Content-Disposition: attachment;
+ filename="favicon.png.asc"
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.4.11 (Darwin)
+
+hQIOA076g5OuwfIOEAf/Qxa6rk76JTSjlyb27k1kZwpsvtXocnALZEd1tbJ4HwwH
+o0CQb5Ew6apUzAcfSFdVcZ+IbFXYmjJ7bH1mpG5kjfSz8mEYO0muX+ZrgVeL+Q3J
+/lR+A+THD7LNxnsZe11OfDi1aX8Uz71R03vmK+0o1ZIge3zzdm1BoUT9cmy1QPMi
+aJSdBAJn01EJ++ETfrBqspFj8n6yR/q0BukAcoefaMA0qzrJNQeluMsrqSEjbcuq
+nwXDEv8fhqF6efrWW+wtyMnY/JpIEwmlNbcCI0NZQFM92vkp89nusRPwbP0+z87m
+Qsr1vyLHMX79kqwcRKadf1EW/3eWVqlbrOC+yhvKKAf+MAcixgFDIUDup+NuWpjp
+YUbS357E4yqh2LXogpTZDsvjSL+Z4hKEurKq8TYju8T4exGHkas3VbcWnoPBKiMU
+3RjyVNCQzS3XeOtQv9g8WclENq6Pg8eQVNKd5tbpQ6Sios0J1FYFVXHSr/dQOaET
+Y1jSVKV/6GxVwERpR7DN+yTIVIr//pYnMIb6agNapSKbosvTKNEcGPSjjSB8ixpo
+C9yiZuIhml5lQUXV9ouDDMtHOFtguDUSSm7Ta84wRJ2VcVQUIv/ADg3jBC5Lmp5Q
+CGqwq5Hx7q5AKKZDnGNqHepWzeCiEs5Dg9J9onBYx4zrNMrGVP5uvF+RwK4J0pf0
+XtLAzgFryuv7cswKKxP9vJaEjLDI4Tizdui+la0vA2tJ6gVQ1CPVtREt0s3s+LM0
+oUzgVMvnb1X9KgyazcGp/a+bGHAZwy9/CscxoDYyDrQuUbypNK+f0xefpOURiQ0z
+N86G/DeaRwLkePoGWZySWk5Ktat6594lRP5h1/B/VYXhvBeh98Rm6E7S8gpjJlMr
+6wit2Bd3oPVeqv1fxru9BR1CEl4N+/4ODVwphqMhYM9MplIzGrrCC9bTudKC7g34
+UZ+IQV4GLlCK/1BckJQgkWEHTS5fDxAdwG4F7TWfpGzsp43IlDUr073aL7Z3TfkY
+iyAYGVdnq1EpzVAOPAc2IUMlybUGjoYTmolI1/XIEAxZG9cSFuSMXlrJ2On2kvFO
+/rla7j5euFpucFWumcNDbZ1HIgDUQ0AMxpzIqwVtd8ZGE0OhSqbT6lgP7jZUwiSA
+H4g6/4w+aM5XIy26jifvHOlHzsCraG/xGbzXgYkocXbmSuBhtFdoR4KFzOyFaI7H
+uFoUez7HUuEjl80w77pBeU2v
+=j0Yd
+-----END PGP MESSAGE-----
+--------------090206040704060905090502--
+
+
commit 46a287994c49f69bc0d87114ca24c99f0b468ce5
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Sat Aug 13 01:17:24 2011 +0400
additional gnupg tests
armored and not armored .asc files attached as text/plain
diff --git a/t/mail/gnupg-special.t b/t/mail/gnupg-special.t
index 7e50819..6a31ef1 100644
--- a/t/mail/gnupg-special.t
+++ b/t/mail/gnupg-special.t
@@ -2,13 +2,15 @@
use strict;
use warnings;
-use RT::Test tests => 11;
+use RT::Test tests => 23;
plan skip_all => 'GnuPG required.'
unless eval 'use GnuPG::Interface; 1';
plan skip_all => 'gpg executable is required.'
unless RT::Test->find_executable('gpg');
+use Digest::MD5 qw(md5_hex);
+
use File::Temp qw(tempdir);
my $homedir = tempdir( CLEANUP => 1 );
@@ -21,6 +23,7 @@ RT->Config->Set( 'GnuPG',
RT->Config->Set( 'GnuPGOptions',
homedir => $homedir,
+ 'passphrase' => 'rt-test',
'no-permission-warning' => undef);
RT->Config->Set( 'MailPlugins' => 'Auth::MailFrom', 'Auth::GnuPG' );
@@ -71,6 +74,46 @@ RT::Test->set_rights(
is(scalar @mail, 1, "autoreply only");
}
+{
+ my $id = send_via_mailgate('binary-asc-attach-marked-plain-text.txt');
+
+ my $tick = RT::Ticket->new( $RT::SystemUser );
+ $tick->Load( $id );
+ ok ($tick->id, "loaded ticket #$id");
+
+ my $txn = $tick->Transactions->First;
+ my ($msg, @attachs) = @{$txn->Attachments->ItemsArrayRef};
+
+ is (scalar @attachs, 3, 'text, attachment and original');
+ my $bin = $attachs[1];
+ is(
+ (split /;/, $bin->GetHeader('Content-Type'))[0],
+ 'application/octet-stream',
+ 'binary attachment'
+ );
+ is(md5_hex($bin->Content), '1e35f1aa90c98ca2bab85c26ae3e1ba7', "correct png");
+}
+
+{
+ my $id = send_via_mailgate('inline-binary-attachment-with-wrap.txt');
+
+ my $tick = RT::Ticket->new( $RT::SystemUser );
+ $tick->Load( $id );
+ ok ($tick->id, "loaded ticket #$id");
+
+ my $txn = $tick->Transactions->First;
+ my ($msg, @attachs) = @{$txn->Attachments->ItemsArrayRef};
+
+ is (scalar @attachs, 3, 'text, attachment and original');
+ my $bin = $attachs[1];
+ is(
+ (split /;/, $bin->GetHeader('Content-Type'))[0],
+ 'application/octet-stream',
+ 'binary attachment'
+ );
+ is(md5_hex($bin->Content), '1e35f1aa90c98ca2bab85c26ae3e1ba7', "correct png");
+}
+
sub send_via_mailgate {
my $fname = shift;
my $emaildatadir = RT::Test::get_relocatable_dir(File::Spec->updir(),
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list