[PATCH] Don't passthrough 'Content-Type: multipart/signed' header

Veronika Kabatova vkabatov at redhat.com
Mon Nov 12 23:33:04 AEDT 2018



----- Original Message -----
> From: "Stephen Finucane" <stephen at that.guru>
> To: patchwork at lists.ozlabs.org
> Cc: "Stephen Finucane" <stephen at that.guru>, "Veronika Kabatova" <vkabatov at redhat.com>
> Sent: Sunday, November 4, 2018 3:27:04 PM
> Subject: [PATCH] Don't passthrough 'Content-Type: multipart/signed' header
> 
> We don't GPG signatures, therefore this header is incorrect. Stop
> passing it through.
> 
> Test for the other dropped header are also included.
> 
> Signed-off-by: Stephen Finucane <stephen at that.guru>
> Cc: Veronika Kabatova <vkabatov at redhat.com>
> Closes: #221
> ---
>  patchwork/tests/test_mboxviews.py | 15 +++++++++++++++
>  patchwork/views/utils.py          |  6 ++++++
>  2 files changed, 21 insertions(+)
> 
> diff --git a/patchwork/tests/test_mboxviews.py
> b/patchwork/tests/test_mboxviews.py
> index 50444d65..87c75eca 100644
> --- a/patchwork/tests/test_mboxviews.py
> +++ b/patchwork/tests/test_mboxviews.py
> @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase):
>          header = 'List-Id: Patchwork development
>          <patchwork.lists.ozlabs.org>'
>          self._test_header_passthrough(header)
>  
> +    def _test_header_dropped(self, header):
> +        patch = create_patch(headers=header + '\n')
> +        response = self.client.get(reverse('patch-mbox', args=[patch.id]))
> +        self.assertNotContains(response, header)
> +
> +    def test_header_dropped_content_transfer_encoding(self):
> +        """Validate dropping of 'Content-Transfer-Encoding' header."""
> +        header = 'Content-Transfer-Encoding: quoted-printable'
> +        self._test_header_dropped(header)
> +
> +    def test_header_dropped_content_type_multipart_signed(self):
> +        """Validate dropping of 'Content-Type=multipart/signed' header."""
> +        header = 'Content-Type: multipart/signed'
> +        self._test_header_dropped(header)
> +
>      def test_patchwork_id_header(self):
>          """Validate inclusion of generated 'X-Patchwork-Id' header."""
>          patch = create_patch()
> diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py
> index 3c5d2982..1da1aaab 100644
> --- a/patchwork/views/utils.py
> +++ b/patchwork/views/utils.py
> @@ -84,8 +84,14 @@ def _submission_to_mbox(submission):
>  
>      orig_headers = HeaderParser().parsestr(str(submission.headers))
>      for key, val in orig_headers.items():
> +        # we set this ourselves
>          if key == 'Content-Transfer-Encoding':
>              continue
> +        # we don't save GPG signatures described in RFC1847 [1] so this
> +        # Content-Type value is invalid
> +        # [1] https://tools.ietf.org/html/rfc1847
> +        if key == 'Content-Type' and val == 'multipart/signed':
> +            continue
>          mail[key] = val
>  

Good catch!

Acked-by: Veronika Kabatova <vkabatov at redhat.com>

>      if 'Date' not in mail:
> --
> 2.19.1
> 
> 


More information about the Patchwork mailing list