Skip to content

Add ability to send email as a step #1287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CTY-git merged 3 commits into from
Feb 10, 2025
Merged

Add ability to send email as a step #1287

CTY-git merged 3 commits into from
Feb 10, 2025

Conversation

@CTY-git
Copy link
Contributor

@CTY-git CTY-git commented Feb 10, 2025

PR Checklist

  • The commit message follows our guidelines: Code of conduct
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Does this PR introduce a breaking change?
  • Include PR in release notes?

PR Type

  • Bugfix
  • Feature
  • Refactoring
  • Build /CI
  • Documentation
  • Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

@CTY-git CTY-git requested a review from whoisarpit February 10, 2025 08:28
@patched-admin
Copy link
Contributor

patched-admin commented Feb 10, 2025

File Changed: patchwork/steps/CallSQL/CallSQL.py

Rule 1: Do not ignore potential bugs in the code

Details: Potential bug introduced. The code changes connect_args from None to an empty dictionary dict() before the conditional check. If db_driver_args is None, the empty dictionary will be used instead of being overwritten, which could cause unexpected behavior when passed to a database connection.

Affected Code Snippet:

connect_args = dict()
if inputs.get("db_driver_args") is not None:
    connect_args = parse_to_dict(inputs.get("db_driver_args"))

Start Line: 36
End Line: 38

File Changed: patchwork/steps/SendEmail/SendEmail.py

Rule 1: Do not ignore potential bugs in the code

Details: The code could potentially raise KeyError exceptions when accessing required inputs. The inputs["sender_email"], inputs["recipient_email"], and inputs["sender_email_password"] are accessed directly without validation or error handling.

Affected Code Snippet:

self.sender_email = inputs["sender_email"]
self.recipient_email = inputs["recipient_email"]
self.password = inputs["sender_email_password"]

Start Line: 17
End Line: 19

Details: Type conversion of smtp_port could raise ValueError if a non-numeric value is provided

Affected Code Snippet:

self.smtp_port = int(inputs.get("smtp_port", 465))

Start Line: 20
End Line: 20

Rule 2: Do not overlook possible security vulnerabilities

Details: The code stores sensitive email password in plain text as an instance variable. This could lead to security issues if the object is logged or serialized.

Affected Code Snippet:

self.password = inputs["sender_email_password"]

Start Line: 19
End Line: 19

Details: The code uses hardcoded SSL configuration without allowing for configuration of SSL verification options, which could lead to potential security vulnerabilities.

Affected Code Snippet:

with smtplib.SMTP_SSL(self.smtp_host, self.smtp_port) as smtp_server:
    smtp_server.login(self.sender_email, self.password)
    smtp_server.sendmail(self.sender_email, self.recipient_email, msg.as_string())

Start Line: 29
End Line: 31

File Changed: patchwork/steps/SendEmail/typed.py

Rule 1: Do not ignore potential bugs in the code

Details: The code defines optional parameters for email template, subject, and body without any validation logic. This could lead to runtime errors if none of these fields are provided, as an email typically requires either a body or a template.

Affected Code Snippet:

class SendEmailInputs(__SendEmailRequiredInputs, total=False):
    email_template_value: dict[str, Any]
    subject: str
    body: str
    smtp_host: str
    smtp_port: int

Start Line: 11
End Line: 16

Rule 2: Do not overlook possible security vulnerabilities

Details: Several security concerns are present:

  1. Storing plain text email password in the TypedDict
  2. No validation for SMTP port range (should be between 0-65535)
  3. No type validation for email_template_value which accepts Any type
  4. No SSL/TLS configuration parameter for SMTP connection

Affected Code Snippet:

class __SendEmailRequiredInputs(TypedDict):
    sender_email: str
    recipient_email: str
    sender_email_password: str

Start Line: 6
End Line: 9

File Changed: patchwork/steps/__init__.py

Rule 2: Do not overlook possible security vulnerabilities

A SendEmail module is being introduced which could potentially have security implications depending on its implementation. However, just adding the import and the module name to __all__ doesn't introduce direct security vulnerabilities.

Details: While email functionality often requires security considerations, the diff only shows the module being made available, not its implementation or usage. No immediate security violation is present.

Affected Code Snippet:

from patchwork.steps.SendEmail.SendEmail import SendEmail

Start Line: 50

End Line: 50

@CTY-git CTY-git merged commit 29771da into main Feb 10, 2025
5 checks passed
@CTY-git CTY-git deleted the add-send-email-step branch February 10, 2025 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whoisarpit whoisarpit whoisarpit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CTY-git @patched-admin @whoisarpit