github-public-mirror/ExOTA-Milter
1
0
Fork 0
mirror of https://github.com/chillout2k/ExOTA-Milter.git synced 2025-12-14 18:30:19 +00:00
Code Issues Releases Wiki Activity

Policy check: expect valid UUIDs

Browse Source
This commit is contained in:
Dominik Chilla 2020-12-04 09:14:29 +01:00
parent 8e16abdd17
commit 2cc2d0b47e
4 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -131,12 +131,12 @@ Prerequisites: `docker-compose` installed
* Create the policy file `data/policy.json` with following content: * Create the policy file `data/policy.json` with following content:
``` ```
{ {
"lalalulu.onmicrosoft.com": { "yad.onmicrosoft.com": {
"tenant_id": "1234abcd-18c5-45e8-88de-123456789abc", "tenant_id": "1234abcd-18c5-45e8-88de-123456789abc",
"dkim_enabled": true "dkim_enabled": true
}, },
"asdf2.onmicrosoft.com": { "example.com": {
"tenant_id": "asdftasdfa", "tenant_id": "abcd1234-18c5-45e8-88de-987654321cba",
"dkim_enabled": false "dkim_enabled": false
} }
} }

15
app/policy.py
View File

@ -1,6 +1,7 @@
import json import json
import traceback import traceback
import re import re
from uuid import UUID
class ExOTAPolicyException(Exception): class ExOTAPolicyException(Exception):
def __init__(self, message): def __init__(self, message):
@ -30,14 +31,16 @@ class ExOTAPolicy():
"Policy must have a 'tenant_id' attribute!" "Policy must have a 'tenant_id' attribute!"
) )
else: else:
if policy_dict['tenant_id'] == '': try:
UUID(policy_dict['tenant_id'])
except ValueError as e:
raise ExOTAPolicyInvalidException( raise ExOTAPolicyInvalidException(
"'tenant_id' must not be empty!" "Invalid 'tenant_id': {0}".format(str(e))
) ) from e
if re.match(r'^.*\s+.*$', policy_dict['tenant_id']): except Exception as e:
raise ExOTAPolicyInvalidException( raise ExOTAPolicyInvalidException(
"'tenant_id' must not contain whitespace characters!" "Invalid 'tenant_id': {0}".format(traceback.format_exc())
) ) from e
if 'dkim_enabled' not in policy_dict: if 'dkim_enabled' not in policy_dict:
raise ExOTAPolicyInvalidException( raise ExOTAPolicyInvalidException(
"Policy must have a 'dkim_enabled' attribute!" "Policy must have a 'dkim_enabled' attribute!"

10
tests/miltertest.lua
View File

@ -27,7 +27,7 @@ if mt.getreply(conn) ~= SMFIR_CONTINUE then
end end
-- HEADER -- HEADER
if mt.header(conn, "From", '"Blah Blubb" <O365ConnectorValidation@lalalulu.onmicrosoft.com>') ~= nil then if mt.header(conn, "From", '"Blah Blubb" <O365ConnectorValidation@yad.onmicrosoft.com>') ~= nil then
error "mt.header(From) failed" error "mt.header(From) failed"
end end
if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "1234abcd-18c5-45e8-88de-123456789abc") ~= nil then
@ -36,16 +36,16 @@ end
--if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "4321abcd-18c5-45e8-88de-blahblubb") ~= nil then --if mt.header(conn, "X-MS-Exchange-CrossTenant-Id", "4321abcd-18c5-45e8-88de-blahblubb") ~= nil then
-- error "mt.header(Subject) failed" -- error "mt.header(Subject) failed"
--end --end
if mt.header(conn, "Authentication-Results", "another-wrong-auth-serv-id;\n dkim=fail header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then if mt.header(conn, "Authentication-Results", "another-wrong-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed" error "mt.header(Subject) failed"
end end
if mt.header(conn, "Authentication-Results", "wrong-auth-serv-id;\n dkim=pass header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then if mt.header(conn, "Authentication-Results", "wrong-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed" error "mt.header(Subject) failed"
end end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=pass header.d=lalalulu.onmicrosoft.com header.s=selector1-lalalulu-onmicrosoft-com header.b=mmmjFpv8") ~= nil then if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=pass header.d=yad.onmicrosoft.com header.s=selector1-yad-onmicrosoft-com header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed" error "mt.header(Subject) failed"
end end
if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=lalalulu.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then if mt.header(conn, "Authentication-Results", "my-auth-serv-id;\n dkim=fail header.d=yad.onmicrosoft.com header.s=selector2-asdf header.b=mmmjFpv8") ~= nil then
error "mt.header(Subject) failed" error "mt.header(Subject) failed"
end end
if mt.header(conn, "Authentication-Results", "some-validating-host;\n dkim=pass header.d=paypal.de header.s=pp-dkim1 header.b=PmTtUzer;\n dmarc=pass (policy=reject) header.from=paypal.de;\n spf=pass (some-validating-host: domain of service@paypal.de designates 173.0.84.226 as permitted sender) smtp.mailfrom=service@paypal.de") ~= nil then if mt.header(conn, "Authentication-Results", "some-validating-host;\n dkim=pass header.d=paypal.de header.s=pp-dkim1 header.b=PmTtUzer;\n dmarc=pass (policy=reject) header.from=paypal.de;\n spf=pass (some-validating-host: domain of service@paypal.de designates 173.0.84.226 as permitted sender) smtp.mailfrom=service@paypal.de") ~= nil then

8
tests/policy.json
View File

@ -1,10 +1,10 @@
{ {
"lalalulu.onmicrosoft.com": { "yad.onmicrosoft.com": {
"tenant_id": "1234abcd-18c5-45e8-88de-123456789abc", "tenant_id": "1234abcd-18c5-45e8-88de-123456789abc",
"dkim_enabled": true "dkim_enabled": true
}, },
"asdf2.onmicrosoft.com": { "example.com": {
"tenant_id": "asdftasdfa", "tenant_id": "abcd1234-18c5-45e8-88de-987654321cba",
"dkim_enabled": true "dkim_enabled": false
} }
} }