Validate recipient emails in send before asking for their public keys

2020-05-19 18:33:32 +02:00
parent c6c6cfc7d7
commit 4e2ab9b389
3 changed files with 23 additions and 0 deletions
--- a/internal/smtp/user.go
+++ b/internal/smtp/user.go
@ -209,6 +209,10 @@ func (su *smtpUser) Send(from string, to []string, messageReader io.Reader) (err
 	containsUnencryptedRecipients := false

 	for _, email := range to {
+		if !looksLikeEmail(email) {
+			return errors.New(`"` + email + `" is not a valid recipient.`)
+		}
+
 		// PMEL 1.
 		contactEmails, err := su.client.GetContactEmailByEmail(email, 0, 1000)
 		if err != nil {
--- a/internal/smtp/utils.go
+++ b/internal/smtp/utils.go
@ -19,11 +19,23 @@ package smtp

 import (
 	"encoding/base64"
+	"regexp"

 	pmcrypto "github.com/ProtonMail/gopenpgp/crypto"
 	"github.com/ProtonMail/proton-bridge/pkg/pmapi"
 )

+//nolint:gochecknoglobals // Used like a constant
+var mailFormat = regexp.MustCompile(`.+@.+\..+`)
+
+// looksLikeEmail validates whether the string resembles an email.
+//
+// Notice that it does this naively by simply checking for the existence
+// of a DOT and an AT sign.
+func looksLikeEmail(e string) bool {
+	return mailFormat.MatchString(e)
+}
+
 func createPackets(
 	pubkey *pmcrypto.KeyRing,
 	bodyKey *pmcrypto.SymmetricKey,