bpo-39073: validate Address parts to disallow CRLF (#19007)
Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
This commit is contained in:
Ashwin Ramaswami
GitHub
parent
0003c2dc1d
commit
614f17211c
|
|
@ -31,6 +31,11 @@ class Address:
|
|||
without any Content Transfer Encoding.
|
||||
|
||||
"""
|
||||
|
||||
inputs = ''.join(filter(None, (display_name, username, domain, addr_spec)))
|
||||
if '\r' in inputs or '\n' in inputs:
|
||||
raise ValueError("invalid arguments; address parts cannot contain CR or LF")
|
||||
|
||||
# This clause with its potential 'raise' may only happen when an
|
||||
# application program creates an Address object using an addr_spec
|
||||
# keyword. The email library code itself must always supply username
|
||||
|
|
|
|||
|
|
@ -1437,6 +1437,25 @@ class TestAddressAndGroup(TestEmailBase):
|
|||
# with self.assertRaises(ValueError):
|
||||
# Address('foo', 'wők', 'example.com')
|
||||
|
||||
def test_crlf_in_constructor_args_raises(self):
|
||||
cases = (
|
||||
dict(display_name='foo\r'),
|
||||
dict(display_name='foo\n'),
|
||||
dict(display_name='foo\r\n'),
|
||||
dict(domain='example.com\r'),
|
||||
dict(domain='example.com\n'),
|
||||
dict(domain='example.com\r\n'),
|
||||
dict(username='wok\r'),
|
||||
dict(username='wok\n'),
|
||||
dict(username='wok\r\n'),
|
||||
dict(addr_spec='wok@example.com\r'),
|
||||
dict(addr_spec='wok@example.com\n'),
|
||||
dict(addr_spec='wok@example.com\r\n')
|
||||
)
|
||||
for kwargs in cases:
|
||||
with self.subTest(kwargs=kwargs), self.assertRaisesRegex(ValueError, "invalid arguments"):
|
||||
Address(**kwargs)
|
||||
|
||||
def test_non_ascii_username_in_addr_spec_raises(self):
|
||||
with self.assertRaises(ValueError):
|
||||
Address('foo', addr_spec='wők@example.com')
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
|
||||
Loading…
Reference in New Issue