[PATCH] Don't passthrough 'Content-Type: multipart/signed' header
Veronika Kabatova
vkabatov at redhat.com
Mon Nov 12 23:33:04 AEDT 2018
----- Original Message -----
> From: "Stephen Finucane" <stephen at that.guru>
> To: patchwork at lists.ozlabs.org
> Cc: "Stephen Finucane" <stephen at that.guru>, "Veronika Kabatova" <vkabatov at redhat.com>
> Sent: Sunday, November 4, 2018 3:27:04 PM
> Subject: [PATCH] Don't passthrough 'Content-Type: multipart/signed' header
>
> We don't GPG signatures, therefore this header is incorrect. Stop
> passing it through.
>
> Test for the other dropped header are also included.
>
> Signed-off-by: Stephen Finucane <stephen at that.guru>
> Cc: Veronika Kabatova <vkabatov at redhat.com>
> Closes: #221
> ---
> patchwork/tests/test_mboxviews.py | 15 +++++++++++++++
> patchwork/views/utils.py | 6 ++++++
> 2 files changed, 21 insertions(+)
>
> diff --git a/patchwork/tests/test_mboxviews.py
> b/patchwork/tests/test_mboxviews.py
> index 50444d65..87c75eca 100644
> --- a/patchwork/tests/test_mboxviews.py
> +++ b/patchwork/tests/test_mboxviews.py
> @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase):
> header = 'List-Id: Patchwork development
> <patchwork.lists.ozlabs.org>'
> self._test_header_passthrough(header)
>
> + def _test_header_dropped(self, header):
> + patch = create_patch(headers=header + '\n')
> + response = self.client.get(reverse('patch-mbox', args=[patch.id]))
> + self.assertNotContains(response, header)
> +
> + def test_header_dropped_content_transfer_encoding(self):
> + """Validate dropping of 'Content-Transfer-Encoding' header."""
> + header = 'Content-Transfer-Encoding: quoted-printable'
> + self._test_header_dropped(header)
> +
> + def test_header_dropped_content_type_multipart_signed(self):
> + """Validate dropping of 'Content-Type=multipart/signed' header."""
> + header = 'Content-Type: multipart/signed'
> + self._test_header_dropped(header)
> +
> def test_patchwork_id_header(self):
> """Validate inclusion of generated 'X-Patchwork-Id' header."""
> patch = create_patch()
> diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py
> index 3c5d2982..1da1aaab 100644
> --- a/patchwork/views/utils.py
> +++ b/patchwork/views/utils.py
> @@ -84,8 +84,14 @@ def _submission_to_mbox(submission):
>
> orig_headers = HeaderParser().parsestr(str(submission.headers))
> for key, val in orig_headers.items():
> + # we set this ourselves
> if key == 'Content-Transfer-Encoding':
> continue
> + # we don't save GPG signatures described in RFC1847 [1] so this
> + # Content-Type value is invalid
> + # [1] https://tools.ietf.org/html/rfc1847
> + if key == 'Content-Type' and val == 'multipart/signed':
> + continue
> mail[key] = val
>
Good catch!
Acked-by: Veronika Kabatova <vkabatov at redhat.com>
> if 'Date' not in mail:
> --
> 2.19.1
>
>
More information about the Patchwork
mailing list