wbrawner/thunderbird-android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7693 from thunderbird/disallow_line_breaks_in_ServerSettings

Browse source 
Don't allow username or password to contain line break
This commit is contained in:
cketti 2024-03-06 12:56:43 +01:00 committed by GitHub
commit 6688f5f2d7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 113 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
mail/common/src/main/java/com/fsck/k9/mail/ServerSettings.kt
View file

@ -22,6 +22,8 @@ data class ServerSettings @JvmOverloads constructor(
init {
require(type == type.lowercase()) { "type must be all lower case" }
require(username.contains(LINE_BREAK).not()) { "username must not contain line break" }
require(password?.contains(LINE_BREAK) != true) { "password must not contain line break" }
}
fun newPassword(newPassword: String?): ServerSettings {
@ -31,4 +33,8 @@ data class ServerSettings @JvmOverloads constructor(
fun newAuthenticationType(authType: AuthType): ServerSettings {
return this.copy(authenticationType = authType)
}
companion object {
private val LINE_BREAK = "[\\r\\n]".toRegex()
}
}

107
mail/common/src/test/java/com/fsck/k9/mail/ServerSettingsTest.kt Normal file
View file

@ -0,0 +1,107 @@
package com.fsck.k9.mail
import assertk.assertFailure
import assertk.assertions.hasMessage
import assertk.assertions.isInstanceOf
import kotlin.test.Test
class ServerSettingsTest {
@Test
fun `creating typical ServerSettings should not throw`() {
ServerSettings(
type = "imap",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user",
password = "123456",
clientCertificateAlias = null,
)
}
@Test
fun `type that is not all lower case should throw`() {
assertFailure {
ServerSettings(
type = "IMAP",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user",
password = "123456",
clientCertificateAlias = null,
)
}.isInstanceOf<IllegalArgumentException>()
.hasMessage("type must be all lower case")
}
@Test
fun `username containing LF should throw`() {
assertFailure {
ServerSettings(
type = "imap",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user\nname",
password = "123456",
clientCertificateAlias = null,
)
}.isInstanceOf<IllegalArgumentException>()
.hasMessage("username must not contain line break")
}
@Test
fun `username containing CR should throw`() {
assertFailure {
ServerSettings(
type = "imap",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user\rname",
password = "123456",
clientCertificateAlias = null,
)
}.isInstanceOf<IllegalArgumentException>()
.hasMessage("username must not contain line break")
}
@Test
fun `password containing LF should throw`() {
assertFailure {
ServerSettings(
type = "imap",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user",
password = "123456\n",
clientCertificateAlias = null,
)
}.isInstanceOf<IllegalArgumentException>()
.hasMessage("password must not contain line break")
}
@Test
fun `password containing CR should throw`() {
assertFailure {
ServerSettings(
type = "imap",
host = "imap.domain.example",
port = 993,
connectionSecurity = ConnectionSecurity.SSL_TLS_REQUIRED,
authenticationType = AuthType.PLAIN,
username = "user",
password = "123456\r",
clientCertificateAlias = null,
)
}.isInstanceOf<IllegalArgumentException>()
.hasMessage("password must not contain line break")
}
}