Commit Graph

256 Commits

Author SHA1 Message Date
Abhilash Raj 719a062bcb Fix IndexError when parsing unexpectedly ending quoted-string. (GH-14813)
This exception was caused because the input ended unexpectedly with only one
single quote instead of a pair with some value inside it.
2019-07-17 09:48:52 -07:00
Abhilash Raj a4a994bd3e bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794)
* bpo-37461: Fix infinite loop in parsing of specially crafted email headers.

Some crafted email header would cause the get_parameter method to run in an
infinite loop causing a DoS attack surface when parsing those headers. This
patch fixes that by making sure the DQUOTE character is handled to prevent
going into an infinite loop.
2019-07-17 09:44:27 -07:00
Paul Ganssle f69d5c6198 Fix infinite loop in email folding logic (GH-12732)
As far as I can tell, this infinite loop would be triggered if:

1. The value being folded contains a single word (no spaces) longer than
   max_line_length
2. The max_line_length is shorter than the encoding's name + 9
   characters.

bpo-36564: https://bugs.python.org/issue36564
2019-07-16 10:50:01 -07:00
Victor Stinner 8f4ef3b019
Remove unused imports in tests (GH-14518) 2019-07-01 18:28:25 +02:00
Abhilash Raj 7213df7bbf bpo-29412: Fix indexError when parsing a header value ending unexpectedly (GH-14387)
* patched string index out of range error in get_word function of _header_value_parser.py and created tests in test__header_value_parser.py for CFWS.
* Raise HeaderParseError instead of continuing when parsing a word.
2019-06-26 13:13:02 -07:00
Abhilash Raj 02257012f6 bpo-33972: Fix EmailMessage.iter_attachments raising AttributeError. (GH-14119)
* bpo-33972: Fix EmailMessage.iter_attachments raising AttributeError.

When certain malformed messages have content-type set to 'mulitpart/*' but
still have a single part body, iter_attachments can raise AttributeError. This
patch fixes it by returning a None value instead when the body is single part.
2019-06-25 10:03:19 -07:00
websurfer5 f6713e84af bpo-36520: Email header folded incorrectly (#13608)
* bpo-36520: reset the encoded word offset when starting a new
line during an email header folding operation

* 📜🤖 Added by blurb_it.

* bpo-36520: add an additional test case, and provide descriptive
comments for the test_folding_with_utf8_encoding_* tests

* bpo-36520: fix whitespace issue

* bpo-36520: changes per reviewer request -- remove extraneous
backslashes; add whitespace between terminating quotes and
line-continuation backslashes; use "bpo-" instead of
"issue #" in comments
2019-06-06 12:53:27 -07:00
Abhilash Raj 66c4f3f38b bpo-21315: Fix parsing of encoded words with missing leading ws. (#13425)
* bpo-21315: Fix parsing of encoded words with missing leading ws.

Because of missing leading whitespace, encoded word would get parsed as
unstructured token. This patch fixes that by looking for encoded words when
splitting tokens with whitespace.

Missing trailing whitespace around encoded word now register a defect
instead.

Original patch suggestion by David R. Murray on bpo-21315.
2019-06-05 09:56:33 -07:00
Abhilash Raj aa79707262 bpo-30835: email: Fix AttributeError when parsing invalid CTE (GH-13598)
* bpo-30835: email: Fix AttributeError when parsing invalid Content-Transfer-Encoding

Parsing an email containing a multipart Content-Type, along with a
Content-Transfer-Encoding containing an invalid (non-ASCII-decodable) byte
will fail. email.feedparser.FeedParser._parsegen() gets the header and
attempts to convert it to lowercase before comparing it with the accepted
encodings, but as the header contains an invalid byte, it's returned as a
Header object rather than a str.

Cast the Content-Transfer-Encoding header to a str to avoid this.

Found using the AFL fuzzer.

Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <andrew@donnellan.id.au>

* Add email and NEWS entry for the bugfix.
2019-06-04 11:00:47 -07:00
Abhilash Raj 46d88a1131 bpo-35805: Add parser for Message-ID email header. (GH-13397)
* bpo-35805: Add parser for Message-ID header.

This parser is based on the definition of Identification Fields from RFC 5322
Sec 3.6.4.

This should also prevent folding of Message-ID header using RFC 2047 encoded
words and hence fix bpo-35805.

* Prevent folding of non-ascii message-id headers.
* Add fold method to MsgID token to prevent folding.
2019-06-04 10:41:34 -07:00
Batuhan Taşkaya ef5bb25e2d bpo-27737: Allow whitespace only headers encoding (#13478) 2019-05-22 21:13:16 -04:00
Abhilash Raj feac6cd775 bpo-33524: Fix the folding of email header when max_line_length is 0 or None (#13391)
and there are non-ascii characters in the header.
2019-05-17 15:28:44 -04:00
Krzysztof Wojcik c1f5667be1 bpo-33529, email: Fix infinite loop in email header encoding (GH-12020) 2019-05-14 18:55:23 +02:00
Jens Troeger 45b2f8893c bpo-34424: Handle different policy.linesep lengths correctly. (#8803) 2019-05-13 21:07:39 -04:00
Victor Stinner cfaafda8e3
bpo-35317: Fix mktime() error in test_email (GH-10721)
Fix mktime() overflow error in test_email: run
test_localtime_daylight_true_dst_true() and
test_localtime_daylight_false_dst_true() with a specific timezone.
2018-11-27 12:40:50 +01:00
Dong-hee Na 8fe9eed937 bpo-33476: Fix _header_value_parser when address group is missing final ';' (GH-7484) 2018-07-28 13:55:11 +01:00
Tal Einat c3f55be7dd
bpo-27397: Make email module properly handle invalid-length base64 strings (#7583)
When attempting to base64-decode a payload of invalid length (1 mod 4),
properly recognize and handle it.  The given data will be returned as-is,
i.e. not decoded, along with a new defect, InvalidBase64LengthDefect.
2018-06-12 15:46:22 +03:00
jayyyin aa218d1649 bpo-27931: Fix email address header parsing error (#5329)
Correctly handle addresses whose username is an empty quoted string.
2018-01-29 13:07:44 -05:00
R. David Murray 85d5c18c9d
bpo-27240 Rewrite the email header folding algorithm. (#3488)
The original algorithm tried to delegate the folding to the tokens so
that those tokens whose folding rules differed could specify the
differences.  However, this resulted in a lot of duplicated code because
most of the rules were the same.

The new algorithm moves all folding logic into a set of functions
external to the token classes, but puts the information about which
tokens can be folded in which ways on the tokens...with the exception of
mime-parameters, which are a special case (which was not even
implemented in the old folder).

This algorithm can still probably be improved and hopefully simplified
somewhat.

Note that some of the test expectations are changed.  I believe the
changes are toward more desirable and consistent behavior: in general
when (re) folding a line the canonical version of the tokens is
generated, rather than preserving errors or extra whitespace.
2017-12-03 18:51:41 -05:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Joel Hillacre b350c22ebc bpo-30532: Fix whitespace folding in certain cases
Leading whitespace was incorrectly dropped during folding of certain lines in the _header_value_parser's folding algorithm.  This makes the whitespace handling code consistent.
2017-06-26 17:41:35 -04:00
mircea-cosbuc b459f74826 [email] bpo-29478: Fix passing max_line_length=None from Compat32 policy (GH-595)
If max_line_length=None is specified while using the Compat32 policy,
it is no longer ignored.
2017-06-11 23:43:41 -07:00
R David Murray d4f8132278 Merge #28407 Improve test coverage of make_msgid. 2016-12-17 22:04:20 -05:00
R David Murray c69fd86f94 #28407 Improve test coverage of make_msgid.
Patch by Dillon Brock.
2016-12-17 22:03:44 -05:00
R David Murray 29097d5a6a Merge: #19003: Only replace \r and/or \n line endings in email.generator. 2016-09-11 17:23:33 -04:00
R David Murray 0e0cfd7135 #19003: Only replace \r and/or \n line endings in email.generator.
This is a further restoration of backward compatibility, as well as
being correct per the RFCs.
2016-09-11 17:22:56 -04:00
R David Murray b067c8fdd1 #20476: Deal with the message_factory circular import differently.
It turns out we can't depend on email.message getting imported every place
message_factory is needed, so to avoid a circular import we need to special
case Policy.message_factory=None in the parser instead of using monkey
patching.  I had a feeling that was a bad idea when I did it.
2016-09-10 00:22:25 -04:00
R David Murray 06ed218ed0 #20476: add a message_factory policy attribute to email. 2016-09-09 18:39:18 -04:00
R David Murray 94a7927cc6 #28047: Fix calculation of base64 line length.
This is buggy in the old email code as well, but it doesn't affect anything
there because only the default line length is ever used there.
2016-09-09 15:00:09 -04:00
Steve Dower 2a2becc1d1 Merge with 3.5 2016-09-09 12:09:07 -07:00
Berker Peksag 2b2a9be913 Issue #27445: Don't pass str(_charset) to MIMEText.set_payload()
Patch by Claude Paroz.
2016-09-08 19:40:30 +03:00
Martin Panter 0be894b2f6 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-09-07 12:03:06 +00:00
R David Murray dc1650ca06 #22233: Only split headers on \r and/or \n, per email RFCs.
Original patch by Martin Panter, new policy fixes by me.
2016-09-07 17:44:34 -04:00
R David Murray c2e2473bc2 27988: Make sure iter_attachments does not mutate the payload list. 2016-09-07 13:39:36 -04:00
R David Murray 44b548dda8 #27364: fix "incorrect" uses of escape character in the stdlib.
And most of the tools.

Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Berker Peksag d8b7770a0e Issue #27445: Merge from 3.5 2016-09-08 19:42:11 +03:00
R David Murray 29d1bc0842 #24277: The new email API is no longer provisional.
This is a wholesale reorganization and editing of the email documentation to
make the new API the standard one, and the old API the 'legacy' one.  The
default is still the compat32 policy, for backward compatibility.  We will
change that eventually.
2016-09-07 21:15:59 -04:00
R David Murray 1badd28163 Merge: #22233: Only split headers on \r and/or \n, per email RFCs. 2016-09-07 17:46:55 -04:00
R David Murray 56b1f1b4d5 #27331: add policy keyword argument to all MIME subclasses.
Patch by Berker Peksag.
2016-09-07 16:48:35 -04:00
R David Murray 91afe7ec9f Merge: 27988: Make sure iter_attachments does not mutate the payload list. 2016-09-07 13:41:06 -04:00
Raymond Hettinger 15f44ab043 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-08-30 10:47:49 -07:00
Martin Panter 83545f1c76 Merge ISO-8859 fixes from 3.5 2016-08-10 07:00:33 +00:00
Martin Panter 540f0451d2 Correct misspellings of ISO-8859 2016-08-10 05:25:16 +00:00
Martin Panter 0b7d84de6b Issue #27171: Merge typo fixes from 3.5 2016-06-02 10:11:18 +00:00
Martin Panter e26da7c03a Issue #27171: Fix typos in documentation, comments, and test function names 2016-06-02 10:07:09 +00:00
Martin Panter 3e04d5b306 Issue #27076: Merge spelling from 3.5 2016-05-26 06:03:19 +00:00
Martin Panter 46f50726a0 Issue #27076: Doc, comment and tests spelling fixes
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Terry Jan Reedy 234480df1c Merge with 3.5 2016-05-06 17:35:21 -04:00
Terry Jan Reedy f73a48cbb2 Issue 26912: fix broken imports in test_email package. 2016-05-06 17:35:05 -04:00
Serhiy Storchaka e437a10d15 Issue #23277: Remove unused imports in tests. 2016-04-24 21:41:02 +03:00
Serhiy Storchaka 597d15afe4 Issue #23277: Remove unused support.run_unittest import. 2016-04-24 13:45:58 +03:00
Berker Peksag 1e8ee9b380 Issue #23277: Remove unused sys and os imports
Patch by Jon Dufresne.
2016-04-24 07:31:42 +03:00
Serhiy Storchaka c6ce13d910 Issue #6598: Avoid clock wrapping around in test_make_msgid_collisions.
Use time.monotonic instead of time.clock.
2015-11-10 19:51:56 +02:00
Serhiy Storchaka e1dc3d47e0 Issue #6598: Avoid clock wrapping around in test_make_msgid_collisions.
Use time.monotonic or time.time instead of time.clock.
2015-11-10 19:50:14 +02:00
Martin Panter 2eb819f7a8 Issue #25523: Merge "a" to "an" fixes from 3.4 into 3.5 2015-11-02 04:04:57 +00:00
Martin Panter 7462b64911 Issue #25523: Correct "a" article to "an" article
This changes the main documentation, doc strings, source code comments, and a
couple error messages in the test suite. In some cases the word was removed
or edited some other way to fix the grammar.
2015-11-02 03:37:02 +00:00
Victor Stinner 4b363e2701 Merge 3.4 (test_email) 2015-09-18 16:32:51 +02:00
Victor Stinner 53936474aa Issue #24836: Skip FormatDateTests of test_email.test_utils on Mac OS X Snow
Leopard because this OS uses out of date (pre 2011k) timezone files.
2015-09-18 16:32:23 +02:00
Robert Collins 2080dc97a7 Issue #22932: Fix timezones in email.utils.formatdate.
Patch from Dmitry Shachnev.
2015-08-01 08:18:22 +12:00
Robert Collins 19fae1a932 Issue #22932: Fix timezones in email.utils.formatdate.
Patch from Dmitry Shachnev.
2015-08-01 08:19:06 +12:00
Serhiy Storchaka 6baa0a53b0 Issue #6598: Increased time precision and random number range in
email.utils.make_msgid() to strengthen the uniqueness of the message ID.
2015-05-19 10:10:15 +03:00
Serhiy Storchaka ae760c0a2c Issue #6598: Increased time precision and random number range in
email.utils.make_msgid() to strengthen the uniqueness of the message ID.
2015-05-19 10:09:42 +03:00
R David Murray fdb23c2fe5 #20098: add mangle_from_ policy option.
This defaults to True in the compat32 policy for backward compatibility,
but to False for all new policies.

Patch by Milan Oberkirch, with a few tweaks.
2015-05-17 14:24:33 -04:00
R David Murray 224ef3ec3b #24211: Add RFC6532 support to the email library.
This could use more edge case tests, but the basic functionality is tested.
(Note that this changeset does not add tailored support for the RFC 6532
message/global MIME type, but the email package generic facilities will handle
it.)

Reviewed by Maciej Szulik.
2015-05-17 11:29:21 -04:00
R David Murray b744f3a45e #21083: add get_content_disposition method to email.message.
Patch by Abhilash Raj.
2015-05-16 15:41:07 -04:00
Berker Peksag dfa4e045a3 Issue #23943: Fix typos. Patch by Piotr Kasprzyk. 2015-04-14 09:35:51 +03:00
Berker Peksag 4882cacab6 Issue #23943: Fix typos. Patch by Piotr Kasprzyk. 2015-04-14 09:30:01 +03:00
R David Murray c4bb599be0 Merge: #23745: handle duplicate MIME parameter names in new parser. 2015-03-29 21:54:27 -04:00
R David Murray 7d0325d6c8 #23745: handle duplicate MIME parameter names in new parser.
This mimics get_param's error handling for the most part.  It is slightly
better in some regards as get_param can produce some really weird results for
duplicate *0* parts.  It departs from get_param slightly in that if we have a
mix of non-extended and extended pieces for the same parameter name, the new
parser assumes they were all supposed to be extended and concatenates all the
values, whereas get_param always picks the non-extended parameter value.  All
of this error recovery is pretty much arbitrary decisions...
2015-03-29 21:53:05 -04:00
Benjamin Peterson 60a2f49c8c merge 3.4 (#19996) 2015-01-25 23:31:58 -05:00
Benjamin Peterson 155ceaa454 handle headers with no key (closes #19996)
Patch by Cory Benfield.
2015-01-25 23:30:30 -05:00
Serhiy Storchaka 65ee4674e2 Issue #22777: Test pickling with all protocols. 2014-12-15 14:06:02 +02:00
Serhiy Storchaka bad1257c96 Issue #22777: Test pickling with all protocols. 2014-12-15 14:03:42 +02:00
R David Murray d2ff243b38 Merge: #21991: make headerregistry params property MappingProxyType. 2014-10-17 19:32:08 -04:00
R David Murray 685b3495e1 #21991: make headerregistry params property MappingProxyType.
It is unlikely anyone is using the fact that the dictionary returned
by the 'params' attribute was previously writable, but even if someone
is the API is provisional so this kind of change is acceptable (and
needed, to get the API "right" before it becomes official).

Patch by Stéphane Wirtel.
2014-10-17 19:30:13 -04:00
Berker Peksag fe21e4d4d7 Issue #16324: _charset parameter of MIMEText now also accepts email.charset.Charset instances.
Initial patch by Claude Paroz.
2014-09-27 00:57:29 +03:00
R David Murray 7c4093ca95 Merge: #21091: make is_attachment a method. 2014-09-20 18:16:39 -04:00
R David Murray 8a97896a76 #21091: make is_attachment a method.
Since EmailMessage is a provisional API we can fix API bugs in a
maintenance release, but I used a trick suggested by Serhiy to
maintain backward compatibility with 3.4.0/1.
2014-09-20 18:05:28 -04:00
R David Murray 97dfad7856 #21079: is_attachment now looks only at the value, ignoring parameters. 2014-09-20 17:44:53 -04:00
Serhiy Storchaka 4d83192ea0 Decreased memory requirements of new tests added in issue21448. 2014-08-12 20:22:48 +03:00
Serhiy Storchaka 320a1c0ff7 Issue #21448: Fixed FeedParser feed() to avoid O(N**2) behavior when parsing long line.
Original patch by Raymond Hettinger.
2014-08-12 13:59:11 +03:00
Ezio Melotti d577480197 #20977: fix undefined name in the email module. Patch by Rose Ames. 2014-08-04 17:16:49 +03:00
Zachary Ware f012ba42fe Issue #22002: Make full use of test discovery in test sub-packages.
Adds `load_package_tests` function to test.support, uses it in test_asyncio,
test_email, test_json, test_tools, test_importlib and all test_importlib
sub-packages to implement test discovery.
2014-07-23 12:00:29 -05:00
R David Murray c6772c4d59 #21476: Unwrap fp in BytesParser so the file isn't unexpectedly closed.
This makes the behavior match that of Parser.  Patch by Vajrasky Kok.
2014-06-26 13:31:43 -04:00
R David Murray b8bf9951ad #20871: improve email policy test coverage.
More tests of the concrete policy methods would probably be
a good idea, but this is a start, and it brings line coverage
up to 100% for the policy module.

Patch by Milan Oberkirch.
2014-03-09 15:29:24 -04:00
R David Murray 5dda12491e #11558: Better message if attach called on non-multipart.
Original patch by Varun Sharma.
2014-03-06 11:44:17 -05:00
R David Murray 66c3d18af1 Merge: #14983: always add a line end after a MIME boundary marker. 2014-02-08 17:56:17 -05:00
R David Murray e9c31470e1 #14983: always add a line end after a MIME boundary marker.
This is more RFC compliant (see issue) and fixes a problem with
signature verifiers rejecting the part when signed.  There is some
amount of backward compatibility concern here since it changes
the output, but the RFC issue coupled with fixing the problem
with signature verifiers seems worth the small risk of breaking
code that depends on the current incorrect output.
2014-02-08 17:54:56 -05:00
R David Murray 01e46ee7e2 Merge: #16983: Apply postel's law to encoded words inside quoted strings. 2014-02-08 13:13:01 -05:00
R David Murray 0400d33928 #16983: Apply postel's law to encoded words inside quoted strings.
This applies only to the new parser.  The old parser decodes encoded words
inside quoted strings already, although it gets the whitespace wrong
when it does so.

This version of the patch only handles the most common case (a single encoded
word surrounded by quotes), but I haven't seen any other variations of this in
the wild yet, so its good enough for now.
2014-02-08 13:12:00 -05:00
R David Murray ff9616bbf7 Merge #19772: Do not mutate message when downcoding to 7bit. 2014-02-08 11:51:18 -05:00
R David Murray 905c8c3d8d #19772: Do not mutate message when downcoding to 7bit.
This is a bit of an ugly hack because of the way generator pieces together the
output message.  The deepcopys aren't too expensive, though, because we know it
is only called on messages that are not multiparts, and the payload (the thing
that could be large) is an immutable object.

Test and preliminary work on patch by Vajrasky Kok.
2014-02-08 11:48:20 -05:00
R David Murray c489e83432 Merge: #17369: Improve handling of broken RFC2231 values in get_filename. 2014-02-07 15:04:26 -05:00
R David Murray 1e949890f6 #17369: Improve handling of broken RFC2231 values in get_filename.
This fixes a regression relative to python2.
2014-02-07 15:02:19 -05:00
R David Murray 15a693a6f8 #20531: Apply the 3.3 version of the #19063 fix.
So passing unicode to set_payload works again (but still doesn't
do what you want when the message is serialized).
2014-02-07 12:46:17 -05:00
R David Murray 27e9de669b #20531: Revert e20f98a8ed71, the 3.4 version of the #19063 fix. 2014-02-07 12:40:37 -05:00
R David Murray aa21297457 #20476: use EmailMessage as factory if non-compat32 policy is used.
In 3.5 I will fix this right by adding a message_factory attribute
to the policy.
2014-02-07 10:44:16 -05:00
R David Murray 44fcaae90d Merge #20206, #5803: more efficient algorithm that doesn't truncate output.
(No idea why test_tarfile is listed as changed...it isn't.)
2014-01-13 13:30:13 -05:00
R David Murray 2313e15578 #20206, #5803: more efficient algorithm that doesn't truncate output.
This fixes an edge case (20206) where if the input ended in a character
needing encoding but there was no newline on the string, the last byte
of the encoded character would be dropped.  The fix is to use a more
efficient algorithm, provided by Serhiy Storchaka (5803), that does not
have the bug.
2014-01-13 13:19:21 -05:00
Benjamin Peterson eaedaeccf2 update Barry's email (#19563) 2013-12-22 19:45:38 -06:00