New option to skip public key discovery in attachments

5 years ago · 64be054961
parent 9f3c814469
commit 64be054961
2 changed files with 17 additions and 13 deletions
--- a/check.py
+++ b/check.py
@ -33,14 +33,14 @@ def relatesTo(data, submissions_dir):
    yield data


-def gen_checks(submissions_dir, check_content=False, check_submission_hash=None):
+def gen_checks(submissions_dir, check_content=False, check_submission_hash=None, skip_public_key=True):
    if check_content:
        yield (relatesTo, [submissions_dir])
        if HARD_MAX_SUBMISSION is not None:
            yield (late.check, [HARD_MAX_SUBMISSION, SOFT_MAX_SUBMISSION])
    else:
        yield signcheck
-    yield (envelope.check, [GNUPG_DIRECTORY, BETA])
+    yield (envelope.check, [GNUPG_DIRECTORY, not skip_public_key, BETA])
    yield (signature.check, [GNUPG_DIRECTORY])
    yield (login.check, ["/home/nemunaire/workspace/check_mail/SRS2017.csv"])
    if check_content:
@ -137,14 +137,14 @@ def readmail(fp):
    return cnt, frm, subject, ref, to


-def check_mail(cnt, submissions_dir, check_content=False, check_submission_hash=None):
+def check_mail(cnt, submissions_dir, check_content=False, check_submission_hash=None, skip_public_key=True):
    results = []

    # sentinel
    results.append([(None, [cnt])])

    lvl = 0
-    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content, check_submission_hash=check_submission_hash):
+    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content, check_submission_hash=check_submission_hash, skip_public_key=skip_public_key):
        lvl += 1
        curr = []
        curc = []
@ -231,6 +231,9 @@ if __name__ == '__main__':
    parser.add_argument('--review-before-send', action="store_true",
                        help="Review the e-mail to be sent before sending it")

+    parser.add_argument('--skip-public-key', action="store_true",
+                        help="enable if you want to skip public key discovery through attachments")
+
    parser.add_argument('--beta', action="store_true",
                        help="enable beta features")

@ -252,4 +255,4 @@ if __name__ == '__main__':
    BETA = args.beta

    cnt, frm, subject, ref, to = readmail(sys.stdin.buffer)
-    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign, check_submission_hash=args.expected_submission_hash)], to)
+    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign, check_submission_hash=args.expected_submission_hash, skip_public_key=args.skip_public_key)], to)
--- a/envelope.py
+++ b/envelope.py
@ -47,16 +47,17 @@ def assume_oldstyle(payload):



-def check(msg, GNUPG_DIRECTORY, beta=False):
+def check(msg, GNUPG_DIRECTORY, accept_public_key=True, beta=False):
    ct = msg.get_content_type()

    # First, looking for public key
-    for part in msg.walk():
-        if part.get_content_type() == "application/pgp-keys" and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
-            if part.get_content_type() != "application/pgp-keys":
-                yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
-            yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
-            return
+    if accept_public_key:
+        for part in msg.walk():
+            if part.get_content_type() == "application/pgp-keys" and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+                if part.get_content_type() != "application/pgp-keys":
+                    yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
+                yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
+                return

    if ct == "multipart/signed" and msg.is_multipart():
        yield from assume_rfc3156(msg)
@ -85,7 +86,7 @@ def check(msg, GNUPG_DIRECTORY, beta=False):
                        yield MailTest("Separate signature found. Trying it with part %d (%s) ..." % (s, spart.get_content_type()), -1)
                        yield (spart.get_payload(decode=True), part.get_payload(decode=True))

-            elif payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+            elif accept_public_key and payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
                if part.get_content_type() != "application/pgp-keys":
                    yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
                yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)