[PATCH] Don't passthrough 'Content-Type: multipart/signed' header
Stephen Finucane
stephen at that.guru
Mon Nov 5 01:27:04 AEDT 2018
We don't GPG signatures, therefore this header is incorrect. Stop
passing it through.
Test for the other dropped header are also included.
Signed-off-by: Stephen Finucane <stephen at that.guru>
Cc: Veronika Kabatova <vkabatov at redhat.com>
Closes: #221
---
patchwork/tests/test_mboxviews.py | 15 +++++++++++++++
patchwork/views/utils.py | 6 ++++++
2 files changed, 21 insertions(+)
diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py
index 50444d65..87c75eca 100644
--- a/patchwork/tests/test_mboxviews.py
+++ b/patchwork/tests/test_mboxviews.py
@@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase):
header = 'List-Id: Patchwork development <patchwork.lists.ozlabs.org>'
self._test_header_passthrough(header)
+ def _test_header_dropped(self, header):
+ patch = create_patch(headers=header + '\n')
+ response = self.client.get(reverse('patch-mbox', args=[patch.id]))
+ self.assertNotContains(response, header)
+
+ def test_header_dropped_content_transfer_encoding(self):
+ """Validate dropping of 'Content-Transfer-Encoding' header."""
+ header = 'Content-Transfer-Encoding: quoted-printable'
+ self._test_header_dropped(header)
+
+ def test_header_dropped_content_type_multipart_signed(self):
+ """Validate dropping of 'Content-Type=multipart/signed' header."""
+ header = 'Content-Type: multipart/signed'
+ self._test_header_dropped(header)
+
def test_patchwork_id_header(self):
"""Validate inclusion of generated 'X-Patchwork-Id' header."""
patch = create_patch()
diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py
index 3c5d2982..1da1aaab 100644
--- a/patchwork/views/utils.py
+++ b/patchwork/views/utils.py
@@ -84,8 +84,14 @@ def _submission_to_mbox(submission):
orig_headers = HeaderParser().parsestr(str(submission.headers))
for key, val in orig_headers.items():
+ # we set this ourselves
if key == 'Content-Transfer-Encoding':
continue
+ # we don't save GPG signatures described in RFC1847 [1] so this
+ # Content-Type value is invalid
+ # [1] https://tools.ietf.org/html/rfc1847
+ if key == 'Content-Type' and val == 'multipart/signed':
+ continue
mail[key] = val
if 'Date' not in mail:
--
2.19.1
More information about the Patchwork
mailing list