commit 4a0586767f08a3b4ee83b7805fd3cfcf531c245d Author: Philipp Winter phw@nymity.ch Date: Mon Aug 19 17:05:52 2019 -0700
Don't interpret quoted text as commands.
BridgeDB gets confused when users reply to a "get help" email. The issue is that BridgeDB interprets commands anywhere in the email body, even if it's in quoted text.
To fix this issue, we are ignoring commands whose email body line starts with a '>' character, which is typically used for email quotes.
This fixes https://bugs.torproject.org/17626. --- CHANGELOG | 9 +++++++++ bridgedb/distributors/email/request.py | 21 +++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG index aba6d19..c3073ef 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,12 @@ +Changes in version 0.8.1 - + + * FIXES https://bugs.torproject.org/17626 + BridgeDB gets confused when users reply to a "get help" email. The + issue is that BridgeDB interprets commands anywhere in the email body, + even if it's in quoted text. To fix this issue, we are ignoring + commands whose email body line starts with a '>' character, which is + typically used for email quotes. + Changes in version 0.8.0 - 2019-08-20
* FIXES https://bugs.torproject.org/9316 diff --git a/bridgedb/distributors/email/request.py b/bridgedb/distributors/email/request.py index a490e56..83c203d 100644 --- a/bridgedb/distributors/email/request.py +++ b/bridgedb/distributors/email/request.py @@ -58,6 +58,15 @@ TRANSPORT_PATTERN = re.compile(TRANSPORT_REGEXP) UNBLOCKED_REGEXP = ".*unblocked ([a-z]{2,4})" UNBLOCKED_PATTERN = re.compile(UNBLOCKED_REGEXP)
+#: Regular expressions that we use to match for email commands. Any command is +#: valid as long as it wasn't quoted, i.e., the line didn't start with a '>' +#: character. +HELP_LINE = re.compile("([^>].*)?h[ae]lp") +GET_LINE = re.compile("([^>].*)?get") +KEY_LINE = re.compile("([^>].*)?key") +IPV6_LINE = re.compile("([^>].*)?ipv6") +TRANSPORT_LINE = re.compile("([^>].*)?transport") +UNBLOCKED_LINE = re.compile("([^>].*)?unblocked")
def determineBridgeRequestOptions(lines): """Figure out which :mod:`~bridgedb.filters` to apply, or offer help. @@ -83,20 +92,20 @@ def determineBridgeRequestOptions(lines): if not line: skippedHeaders = True if not skippedHeaders: continue
- if ("help" in line) or ("halp" in line): + if HELP_LINE.match(line) is not None: raise EmailRequestedHelp("Client requested help.")
- if "get" in line: + if GET_LINE.match(line) is not None: request.isValid(True) logging.debug("Email request was valid.") - if "key" in line: + if KEY_LINE.match(line) is not None: request.wantsKey(True) raise EmailRequestedKey("Email requested a copy of our GnuPG key.") - if "ipv6" in line: + if IPV6_LINE.match(line) is not None: request.withIPv6() - if "transport" in line: + if TRANSPORT_LINE.match(line) is not None: request.withPluggableTransportType(line) - if "unblocked" in line: + if UNBLOCKED_LINE.match(line) is not None: request.withoutBlockInCountry(line)
logging.debug("Generating hashring filters for request.")