diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-31 03:53:49 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-31 03:53:49 +0000 |
commit | 616d6dc767ba33148a11768f3d73504368897ee9 (patch) | |
tree | d629c921f8362af41533d8b6ca464cb4290824e7 /lib/gitlab/email/hook/validate_addresses_interceptor.rb | |
parent | f4653343ad8475d1d72a55de4face443cc7f66c2 (diff) | |
download | gitlab-ce-616d6dc767ba33148a11768f3d73504368897ee9.tar.gz |
Add latest changes from gitlab-org/gitlab@15-10-stable-ee
Diffstat (limited to 'lib/gitlab/email/hook/validate_addresses_interceptor.rb')
-rw-r--r-- | lib/gitlab/email/hook/validate_addresses_interceptor.rb | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/lib/gitlab/email/hook/validate_addresses_interceptor.rb b/lib/gitlab/email/hook/validate_addresses_interceptor.rb deleted file mode 100644 index e63f047e63d..00000000000 --- a/lib/gitlab/email/hook/validate_addresses_interceptor.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module Email - module Hook - # Check for unsafe characters in the envelope-from and -to addresses. - # These are passed directly as arguments to sendmail and are liable to shell injection attacks: - # https://github.com/mikel/mail/blob/2.7.1/lib/mail/network/delivery_methods/sendmail.rb#L53-L58 - class ValidateAddressesInterceptor - UNSAFE_CHARACTERS = /(\\|[^[:print:]])/.freeze - - def self.delivering_email(message) - addresses = Array(message.smtp_envelope_from) + Array(message.smtp_envelope_to) - - addresses.each do |address| - next unless address.match?(UNSAFE_CHARACTERS) - - Gitlab::AuthLogger.info( - message: 'Skipping email with unsafe characters in address', - address: address, - subject: message.subject - ) - - message.perform_deliveries = false - - break - end - end - end - end - end -end |