Don't rely on MIME type to detect PGP BLOCKs

2017-10-22 11:29:24 +02:00 · 2017-10-22 11:29:24 +02:00 · 23e00436b2
commit 23e00436b2
parent 1d7241e3e3
1 changed files with 13 additions and 6 deletions
--- a/envelope.py
+++ b/envelope.py
@ -52,7 +52,9 @@ def check(msg, GNUPG_DIRECTORY, beta=False):

    # First, looking for public key
    for part in msg.walk():
-        if part.get_content_type() == "application/pgp-keys":
+        if part.get_content_type() == "application/pgp-keys" and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+            if part.get_content_type() != "application/pgp-keys":
+                yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
            yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
            return

@ -71,7 +73,11 @@ def check(msg, GNUPG_DIRECTORY, beta=False):
        # Looking for signed content
        for part in msg.walk():
            payload = part.get_payload()
-            if part.get_content_type() == "application/pgp-signature":
+            if part.get_content_type() == "application/pgp-signature" or part.get_content_type() == "application/octet-stream" or (
+                    payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP SIGNATURE-----") >= 0
+            ):
+                if part.get_content_type() != "application/pgp-signature":
+                    yield MailTest("Standalone PGP signature file discovered, but content-type mismatched: got %s instead of application/pgp-signature." % part.get_content_type(), 2)
                p = [x for x in msg.walk()]
                for s in range(len(p) - 1, -1, -1):
                    spart = p[s]
@ -79,10 +85,11 @@ def check(msg, GNUPG_DIRECTORY, beta=False):
                        yield MailTest("Separate signature found. Trying it with part %d (%s) ..." % (s, spart.get_content_type()), -1)
                        yield (spart.get_payload(decode=True), part.get_payload(decode=True))

-            elif beta and part.get_content_type() == "application/octet-stream":
-                yield MailTest("Entering BETA feature of walking through mail part, looking for a submission.", 2)
-                print(_guess_mime(part.get_payload(decode=True)))
-                yield from check_binary(part.as_bytes() if part.is_multipart() else part.get_payload(decode=True))
+            elif payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+                if part.get_content_type() != "application/pgp-keys":
+                    yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
+                yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
+                return

            elif payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP SIGNED MESSAGE-----") >= 0:
                res = re.match(".*(-----BEGIN PGP SIGNED MESSAGE-----(.*)-----BEGIN PGP SIGNATURE-----(.*)-----END PGP SIGNATURE-----).*", payload, re.DOTALL)