summaryrefslogtreecommitdiff
path: root/lib/gitlab/email/hook/validate_addresses_interceptor.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/email/hook/validate_addresses_interceptor.rb')
-rw-r--r--lib/gitlab/email/hook/validate_addresses_interceptor.rb32
1 files changed, 0 insertions, 32 deletions
diff --git a/lib/gitlab/email/hook/validate_addresses_interceptor.rb b/lib/gitlab/email/hook/validate_addresses_interceptor.rb
deleted file mode 100644
index e63f047e63d..00000000000
--- a/lib/gitlab/email/hook/validate_addresses_interceptor.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
- module Email
- module Hook
- # Check for unsafe characters in the envelope-from and -to addresses.
- # These are passed directly as arguments to sendmail and are liable to shell injection attacks:
- # https://github.com/mikel/mail/blob/2.7.1/lib/mail/network/delivery_methods/sendmail.rb#L53-L58
- class ValidateAddressesInterceptor
- UNSAFE_CHARACTERS = /(\\|[^[:print:]])/.freeze
-
- def self.delivering_email(message)
- addresses = Array(message.smtp_envelope_from) + Array(message.smtp_envelope_to)
-
- addresses.each do |address|
- next unless address.match?(UNSAFE_CHARACTERS)
-
- Gitlab::AuthLogger.info(
- message: 'Skipping email with unsafe characters in address',
- address: address,
- subject: message.subject
- )
-
- message.perform_deliveries = false
-
- break
- end
- end
- end
- end
- end
-end
View Lorry Controller Status