Account for missing and invalid address headers #134
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Python began strict email address format verification [by default](python/cpython@4a153a1) in Python 3.13 and backported the changes for [security reasons](GHSA-5mwm-wccq-xqcp). As a result, when an address header is not used or malformed, `mail-parser` will return `[('','')]` (issues SpamScope#132 and SpamScope#133) To fix these issues while maintaining the security of the default `strict=True` option in `email.utils.parseaddr` and `email.utils.getaddresses`, the following changes were made to `mail-parser`: - The existing constant `ADDRESSES_HEADERS` list now only includes headers that can contain multiple addresses - `bcc` - `cc` - `reply-to` - `to` - A new constant `ADDRESS_HEADERS` list includes headers that can only contain one address - `delivered-to` - `from` - `sender` - Header parsing is only attempted if the header exists and has a value (Closes SpamScope#133) - Headers in the `ADDRESS_HEADERS` list are parsed using `email.utils.parseaddr` instead of `email.utils.getaddresses`, returning a tuple instead of a list of tuples - For headers in either list, if an invalid address header is detected, a string stating `Invalid {} header` is added to the `defects` list, where `{}` is the name of the header, and `has_defects` is set to `True` - Invalid headers in the `ADDRESS_HEADERS` are parsed manually if `email.utils.parseaddr` considers the address invalid, in order to show the intent of the defect on mail clients (Closes SpamScope#132) ## Demo email 1 ```enail From: [email protected] <[email protected]> To: [email protected] Subject: Example Email Hello world! ``` ## Demo 1 JSON output before the changes ```json { "from": [ [ "", "" ] ], "delivered-to": [ [ "", "" ] ], "cc": [ [ "", "" ] ], "body": "Hello world!", "to_domains": [ "", "example.com" ], "reply-to": [ [ "", "" ] ], "subject": "Example Email", "bcc": [ [ "", "" ] ], "to": [ [ "", "[email protected]" ] ], "has_defects": false } ``` ## Demo 1 JSON output after the changes ```json { "to": [ [ "", "[email protected]" ] ], "body": "Hello world!", "from": [ "[email protected]", "[email protected]" ], "subject": "Example Email", "to_domains": [ "example.com" ], "has_defects": true, "defects": [ "Invalid from header" ], "defects_categories": [] } ``` ## Demo email 2 ```enail From: [email protected] To: [email protected] Subject: Example Email Hello world! ``` ## Demo 2 JSON output before the changes ```json { "from": [ [ "", "" ] ], "delivered-to": [ [ "", "" ] ], "cc": [ [ "", "" ] ], "body": "Hello world!", "to_domains": [ "", "example.com" ], "reply-to": [ [ "", "" ] ], "subject": "Example Email", "bcc": [ [ "", "" ] ], "to": [ [ "", "[email protected]" ] ], "has_defects": false } ``` ## Demo 2 JSON output after the changes ```json { "to": [ [ "", "[email protected]" ] ], "body": "Hello world!", "from": [ "", "[email protected]" ], "subject": "Example Email", "to_domains": [ "example.com" ], "has_defects": false, "defects": [], "defects_categories": [] } ```
|
Switched this to a draft because some attributes aren't working correctly. I'll look into this tomorrow. |
|
Fixed |
seanthegeek
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Python began strict email address format verification by default in Python 3.13 and backported the changes for security reasons.
As a result, when an address header is not used or malformed,
mail-parserwill return[('','')](issues #132 and #133)To fix these issues while maintaining the security of the default
strict=Trueoption inemail.utils.parseaddrandemail.utils.getaddresses, the following changes were made tomail-parser:ADDRESSES_HEADERSlist now only includes headers that can contain multiple addressesbccccreply-totoADDRESS_HEADERSlist includes headers that can only contain one addressdelivered-tofromsenderADDRESS_HEADERSlist are parsed usingemail.utils.parseaddrinstead ofemail.utils.getaddresses, returning a tuple instead of a list of tuplesInvalid {} headeris added to thedefectslist, where{}is the name of the header, andhas_defectsis set toTrueADDRESS_HEADERSare parsed manually ifemail.utils.parseaddrconsiders the address invalid, in order to show the intent of the defect on mail clients (Closes An email address will not be parsed if the Real Name is also an email address #132)Demo email 1
Demo 1 JSON output before the changes
{ "from": [ [ "", "" ] ], "delivered-to": [ [ "", "" ] ], "cc": [ [ "", "" ] ], "body": "Hello world!", "to_domains": [ "", "example.com" ], "reply-to": [ [ "", "" ] ], "subject": "Example Email", "bcc": [ [ "", "" ] ], "to": [ [ "", "[email protected]" ] ], "has_defects": false }Demo 1 JSON output after the changes
{ "to": [ [ "", "[email protected]" ] ], "body": "Hello world!", "from": [ "[email protected]", "[email protected]" ], "subject": "Example Email", "to_domains": [ "example.com" ], "has_defects": true, "defects": [ "Invalid from header" ], "defects_categories": [] }Demo email 2
Demo 2 JSON output before the changes
{ "from": [ [ "", "" ] ], "delivered-to": [ [ "", "" ] ], "cc": [ [ "", "" ] ], "body": "Hello world!", "to_domains": [ "", "example.com" ], "reply-to": [ [ "", "" ] ], "subject": "Example Email", "bcc": [ [ "", "" ] ], "to": [ [ "", "[email protected]" ] ], "has_defects": false }Demo 2 JSON output after the changes
{ "to": [ [ "", "[email protected]" ] ], "body": "Hello world!", "from": [ "", "[email protected]" ], "subject": "Example Email", "to_domains": [ "example.com" ], "has_defects": false, "defects": [], "defects_categories": [] }